======================================================================== * bind-9.11.4-P2/README.md ======================================================================== # BIND 9 ### Contents 1. [Introduction](#intro) 1. [Reporting bugs and getting help](#help) 1. [Contributing to BIND](#contrib) 1. [BIND 9.11 features](#features) 1. [Building BIND](#build) 1. [macOS](#macos) 1. [Compile-time options](#opts) 1. [Automated testing](#testing) 1. [Documentation](#doc) 1. [Change log](#changes) 1. [Acknowledgments](#ack) ### Introduction BIND (Berkeley Internet Name Domain) is a complete, highly portable implementation of the DNS (Domain Name System) protocol. The BIND name server, `named`, is able to serve as an authoritative name server, recursive resolver, DNS forwarder, or all three simultaneously. It implements views for split-horizon DNS, automatic DNSSEC zone signing and key management, catalog zones to facilitate provisioning of zone data throughout a name server constellation, response policy zones (RPZ) to protect clients from malicious data, response rate limiting (RRL) and recursive query limits to reduce distributed denial of service attacks, and many other advanced DNS features. BIND also includes a suite of administrative tools, including the `dig` and `delv` DNS lookup tools, `nsupdate` for dynamic DNS zone updates, `rndc` for remote name server administration, and more. BIND 9 is a complete re-write of the BIND architecture that was used in versions 4 and 8. Internet Systems Consortium ([https://www.isc.org](https://www.isc.org)), a 501(c)(3) public benefit corporation dedicated to providing software and services in support of the Internet infrastructure, developed BIND 9 and is responsible for its ongoing maintenance and improvement. BIND is open source software licenced under the terms of ISC License for all versions up to and including BIND 9.10, and the Mozilla Public License version 2.0 for all subsequent verisons. For a summary of features introduced in past major releases of BIND, see the file [HISTORY](HISTORY.md). For a detailed list of changes made throughout the history of BIND 9, see the file [CHANGES](CHANGES). See [below](#changes) for details on the CHANGES file format. For up-to-date release notes and errata, see [http://www.isc.org/software/bind9/releasenotes](http://www.isc.org/software/bind9/releasenotes) ### Reporting bugs and getting help To report non-security-sensitive bugs or request new features, you may open an Issue in the BIND 9 project on the [ISC GitLab server](https://gitlab.isc.org) at [https://gitlab.isc.org/isc-projects/bind9](https://gitlab.isc.org/isc-projects/bind9). Please note that, unless you explicitly mark the newly created Issue as "confidential", it will be publicly readable. Please do not include any information in bug reports that you consider to be confidential unless the issue has been marked as such. In particular, if submitting the contents of your configuration file in a non-confidential Issue, it is advisable to obscure key secrets: this can be done automatically by using `named-checkconf -px`. If the bug you are reporting is a potential security issue, such as an assertion failure or other crash in `named`, please do *NOT* use GitLab to report it. Instead, please send mail to [security-officer@isc.org](mailto:security-officer@isc.org). Professional support and training for BIND are available from ISC at [https://www.isc.org/support](https://www.isc.org/support). To join the __BIND Users__ mailing list, or view the archives, visit [https://lists.isc.org/mailman/listinfo/bind-users](https://lists.isc.org/mailman/listinfo/bind-users). If you're planning on making changes to the BIND 9 source code, you may also want to join the __BIND Workers__ mailing list, at [https://lists.isc.org/mailman/listinfo/bind-workers](https://lists.isc.org/mailman/listinfo/bind-workers). ### Contributing to BIND ISC maintains a public git repository for BIND; details can be found at [http://www.isc.org/git/](http://www.isc.org/git/). Information for BIND contributors can be found in the following files: - General information: [doc/dev/contrib.md](doc/dev/contrib.md) - BIND 9 code style: [doc/dev/style.md](doc/dev/style.md) - BIND architecture and developer guide: [doc/dev/dev.md](doc/dev/dev.md) Patches for BIND may be submitted as [Merge Requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests) in the [ISC GitLab server](https://gitlab.isc.org) at at [https://gitlab.isc.org/isc-projects/bind9/merge_requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests). By default, external contributors don't have ability to fork BIND in the GitLab server, but if you wish to contribute code to BIND, you may request permission to do so. Thereafter, you can create git branches and directly submit requests that they be reviewed and merged. If you prefer, you may also submit code by opening a [GitLab Issue](https://gitlab.isc.org/isc-projects/bind9/issues) and including your patch as an attachment, preferably generated by `git format-patch`. ### BIND 9.11 features BIND 9.11.0 includes a number of changes from BIND 9.10 and earlier releases. New features include: * Added support for Catalog Zones, a new method for provisioning servers: a list of zones to be served is stored in a DNS zone, along with their configuration parameters. Changes to the catalog zone are propagated to slaves via normal AXFR/IXFR, whereupon the zones that are listed in it are automatically added, deleted or reconfigured. * Added support for "dnstap", a fast and flexible method of capturing and logging DNS traffic. * Added support for "dyndb", a new API for loading zone data from an external database, developed by Red Hat for the FreeIPA project. * "fetchlimit" quotas are now compiled in by default. These are for the use of recursive resolvers that are are under high query load for domains whose authoritative servers are nonresponsive or are experiencing a denial of service attack: * `fetches-per-server` limits the number of simultaneous queries that can be sent to any single authoritative server. The configured value is a starting point; it is automatically adjusted downward if the server is partially or completely non-responsive. The algorithm used to adjust the quota can be configured via the "fetch-quota-params" option. * `fetches-per-zone` limits the number of simultaneous queries that can be sent for names within a single domain. (Note: Unlike `fetches-per-server`, this value is not self-tuning.) * New stats counters have been added to count queries spilled due to these quotas. * Added a new `dnssec-keymgr` key mainenance utility, which can generate or update keys as needed to ensure that a zone's keys match a defined DNSSEC policy. * The experimental "SIT" feature in BIND 9.10 has been renamed "COOKIE" and is no longer optional. EDNS COOKIE is a mechanism enabling clients to detect off-path spoofed responses, and servers to detect spoofed-source queries. Clients that identify themselves using COOKIE options are not subject to response rate limiting (RRL) and can receive larger UDP responses. * SERVFAIL responses can now be cached for a limited time (defaulting to 1 second, with an upper limit of 30). This can reduce the frequency of retries when a query is persistently failing. * Added an `nsip-wait-recurse` switch to RPZ. This causes NSIP rules to be skipped if a name server IP address isn't in the cache yet; the address will be looked up and the rule will be applied on future queries. * Added a Python RNDC module. This allows multiple commands to sent over a persistent RNDC channel, which saves time. * The `controls` block in named.conf can now grant read-only `rndc` access to specified clients or keys. Read-only clients could, for example, check `rndc status` but could not reconfigure or shut down the server. * `rndc` commands can now return arbitrarily large amounts of text to the caller. * The zone serial number of a dynamically updatable zone can now be set via `rndc signing -serial `. This allows inline-signing zones to be set to a specific serial number. * The new `rndc nta` command can be used to set a Negative Trust Anchor (NTA), disabling DNSSEC validation for a specific domain; this can be used when responses from a domain are known to be failing validation due to administrative error rather than because of a spoofing attack. Negative trust anchors are strictly temporary; by default they expire after one hour, but can be configured to last up to one week. * `rndc delzone` can now be used on zones that were not originally created by "rndc addzone". * `rndc modzone` reconfigures a single zone, without requiring the entire server to be reconfigured. * `rndc showzone` displays the current configuration of a zone. * `rndc managed-keys` can be used to check the status of RFC 5001 managed trust anchors, or to force trust anchors to be refreshed. * `max-cache-size` can now be set to a percentage of available memory. The default is 90%. * Update forwarding performance has been improved by allowing a single TCP connection to be shared by multiple updates. * The EDNS Client Subnet (ECS) option is now supported for authoritative servers; if a query contains an ECS option then ACLs containing `geoip` or `ecs` elements can match against the the address encoded in the option. This can be used to select a view for a query, so that different answers can be provided depending on the client network. * The EDNS EXPIRE option has been implemented on the client side, allowing a slave server to set the expiration timer correctly when transferring zone data from another slave server. * The key generation and manipulation tools (`dnssec-keygen`, `dnssec-settime`, `dnssec-importkey`, `dnssec-keyfromlabel`) now take `-Psync` and `-Dsync` options to set the publication and deletion times of CDS and CDNSKEY parent-synchronization records. Both `named` and `dnssec-signzone` can now publish and remove these records at the scheduled times. * A new `minimal-any` option reduces the size of UDP responses for query type ANY by returning a single arbitrarily selected RRset instead of all RRsets. * A new `masterfile-style` zone option controls the formatting of text zone files: When set to `full`, a zone file is dumped in single-line-per-record format. * `serial-update-method` can now be set to `date`. On update, the serial number will be set to the current date in YYYYMMDDNN format. * `dnssec-signzone -N date` sets the serial number to YYYYMMDDNN. * `named -L ` causes named to send log messages to the specified file by default instead of to the system log. * `dig +ttlunits` prints TTL values with time-unit suffixes: w, d, h, m, s for weeks, days, hours, minutes, and seconds. * `dig +unknownformat` prints dig output in RFC 3597 "unknown record" presentation format. * `dig +ednsopt` allows dig to set arbitrary EDNS options on requests. * `dig +ednsflags` allows dig to set yet-to-be-defined EDNS flags on requests. * `mdig` is an alternate version of dig which sends multiple pipelined TCP queries to a server. Instead of waiting for a response after sending a query, it sends all queries immediately and displays responses in the order received. * `serial-query-rate` no longer controls NOTIFY messages. These are separately controlled by `notify-rate` and `startup-notify-rate`. * `nsupdate` now performs `check-names` processing by default on records to be added. This can be disabled with `check-names no`. * The statistics channel now supports DEFLATE compression, reducing the size of the data sent over the network when querying statistics. * New counters have been added to the statistics channel to track the sizes of incoming queries and outgoing responses in histogram buckets, as specified in RSSAC002. * A new NXDOMAIN redirect method (option `nxdomain-redirect`) has been added, allowing redirection to a specified DNS namespace instead of a single redirect zone. * When starting up, named now ensures that no other named process is already running. * Files created by named to store information, including `mkeys` and `nzf` files, are now named after their corresponding views unless the view name contains characters incompatible with use as a filename. Old style filenames (based on the hash of the view name) will still work. #### BIND 9.11.1 BIND 9.11.1 is a maintenance release, and addresses the security flaws disclosed in CVE-2016-6170, CVE-2016-8864, CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2016-9778, CVE-2017-3135, CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138. #### BIND 9.11.2 BIND 9.11.2 is a maintenance release, and addresses the security flaws disclosed in CVE-2017-3140, CVE-2017-3141, CVE-2017-3142 and CVE-2017-3143. It also addresses several bugs related to the use of an LMDB database to store data related to zones added via `rndc addzone` or catalog zones. #### BIND 9.11.3 BIND 9.11.3 is a maintenance release, and addresses the security flaw disclosed in CVE-2017-3145. #### BIND 9.11.4 BIND 9.11.4 is a maintenance release, and addresses the security flaw disclosed in CVE-2018-5738. #### BIND 9.11.4-P1 BIND 9.11.4-P1 addresses the security flaw disclosed in CVE-2018-5740. #### BIND 9.11.4-P2 BIND 9.11.4-P2 fixes several operationally significant bugs with inline-signing zones. ### Building BIND BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX support, and a 64-bit integer type. Successful builds have been observed on many versions of Linux and UNIX, including RedHat, Fedora, Debian, Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS X, Solaris, HP-UX, AIX, SCO OpenServer, and OpenWRT. BIND is also available for Windows XP, 2003, 2008, and higher. See `win32utils/readme1st.txt` for details on building for Windows systems. To build on a UNIX or Linux system, use: $ ./configure $ make If you're planning on making changes to the BIND 9 source, you should run `make depend`. If you're using Emacs, you might find `make tags` helpful. Several environment variables that can be set before running `configure` will affect compilation: |Variable|Description | |--------------------|-----------------------------------------------| |`CC`|The C compiler to use. `configure` tries to figure out the right one for supported systems.| |`CFLAGS`|C compiler flags. Defaults to include -g and/or -O2 as supported by the compiler. Please include '-g' if you need to set `CFLAGS`. | |`STD_CINCLUDES`|System header file directories. Can be used to specify where add-on thread or IPv6 support is, for example. Defaults to empty string.| |`STD_CDEFINES`|Any additional preprocessor symbols you want defined. Defaults to empty string. For a list of possible settings, see the file [OPTIONS](OPTIONS.md).| |`LDFLAGS`|Linker flags. Defaults to empty string.| |`BUILD_CC`|Needed when cross-compiling: the native C compiler to use when building for the target system.| |`BUILD_CFLAGS`|Optional, used for cross-compiling| |`BUILD_CPPFLAGS`|| |`BUILD_LDFLAGS`|| |`BUILD_LIBS`|| #### macOS Building on macOS assumes that the "Command Tools for Xcode" is installed. This can be downloaded from https://developer.apple.com/download/more/ or if you have Xcode already installed you can run "xcode-select --install". This will add /usr/include to the system and install the compiler and other tools so that they can be easily found. #### Compile-time options To see a full list of configuration options, run `configure --help`. On most platforms, BIND 9 is built with multithreading support, allowing it to take advantage of multiple CPUs. You can configure this by specifying `--enable-threads` or `--disable-threads` on the `configure` command line. The default is to enable threads, except on some older operating systems on which threads are known to have had problems in the past. (Note: Prior to BIND 9.10, the default was to disable threads on Linux systems; this has now been reversed. On Linux systems, the threaded build is known to change BIND's behavior with respect to file permissions; it may be necessary to specify a user with the -u option when running `named`.) To build shared libraries, specify `--with-libtool` on the `configure` command line. Certain compiled-in constants and default settings can be increased to values better suited to large servers with abundant memory resources (e.g, 64-bit servers with 12G or more of memory) by specifying `--with-tuning=large` on the `configure` command line. This can improve performance on big servers, but will consume more memory and may degrade performance on smaller systems. For the server to support DNSSEC, you need to build it with crypto support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed. If the OpenSSL library is installed in a nonstandard location, specify the prefix using "--with-openssl=<PREFIX>" on the configure command line. To use a PKCS#11 hardware service module for cryptographic operations, specify the path to the PKCS#11 provider library using "--with-pkcs11=<PREFIX>", and configure BIND with "--enable-native-pkcs11". To support the HTTP statistics channel, the server must be linked with at least one of the following: libxml2 [http://xmlsoft.org](http://xmlsoft.org) or json-c [https://github.com/json-c](https://github.com/json-c). If these are installed at a nonstandard location, specify the prefix using `--with-libxml2=/prefix` or `--with-libjson=/prefix`. To support compression on the HTTP statistics channel, the server must be linked against libzlib. If this is installed in a nonstandard location, specify the prefix using `--with-zlib=/prefix`. To support storing configuration data for runtime-added zones in an LMDB database, the server must be linked with liblmdb. If this is installed in a nonstandard location, specify the prefix using "with-lmdb=/prefix". To support GeoIP location-based ACLs, the server must be linked with libGeoIP. This is not turned on by default; BIND must be configured with "--with-geoip". If the library is installed in a nonstandard location, use specify the prefix using "--with-geoip=/prefix". For DNSTAP packet logging, you must have installed libfstrm [https://github.com/farsightsec/fstrm](https://github.com/farsightsec/fstrm) and libprotobuf-c [https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers), and BIND must be configured with "--enable-dnstap". Portions of BIND that are written in Python, including `dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the system tests, require the 'argparse' and 'ply' modules to be available. 'argparse' is a standard module as of Python 2.7 and Python 3.2. 'ply' is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply). On some platforms it is necessary to explicitly request large file support to handle files bigger than 2GB. This can be done by using `--enable-largefile` on the `configure` command line. Support for the "fixed" rrset-order option can be enabled or disabled by specifying `--enable-fixed-rrset` or `--disable-fixed-rrset` on the configure command line. By default, fixed rrset-order is disabled to reduce memory footprint. If your operating system has integrated support for IPv6, it will be used automatically. If you have installed KAME IPv6 separately, use `--with-kame[=PATH]` to specify its location. `make install` will install `named` and the various BIND 9 libraries. By default, installation is into /usr/local, but this can be changed with the `--prefix` option when running `configure`. You may specify the option `--sysconfdir` to set the directory where configuration files like `named.conf` go by default, and `--localstatedir` to set the default parent directory of `run/named.pid`. For backwards compatibility with BIND 8, `--sysconfdir` defaults to `/etc` and `--localstatedir` defaults to `/var` if no `--prefix` option is given. If there is a `--prefix` option, sysconfdir defaults to `$prefix/etc` and localstatedir defaults to `$prefix/var`. ### Automated testing A system test suite can be run with `make test`. The system tests require you to configure a set of virtual IP addresses on your system (this allows multiple servers to run locally and communicate with one another). These IP addresses can be configured by running the command `bin/tests/system/ifconfig.sh up` as root. Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules, and will be skipped if these are not available. Some tests require Python and the 'dnspython' module and will be skipped if these are not available. See bin/tests/system/README for further details. Unit tests are implemented using Automated Testing Framework (ATF). To run them, use `configure --with-atf`, then run `make test` or `make unit`. ### Documentation The *BIND 9 Administrator Reference Manual* is included with the source distribution, in DocBook XML, HTML and PDF format, in the `doc/arm` directory. Some of the programs in the BIND 9 distribution have man pages in their directories. In particular, the command line options of `named` are documented in `bin/named/named.8`. Frequently (and not-so-frequently) asked questions and their answers can be found in the ISC Knowledge Base at [https://kb.isc.org](https://kb.isc.org). Additional information on various subjects can be found in other `README` files throughout the source tree. ### Change log A detailed list of all changes that have been made throughout the development BIND 9 is included in the file CHANGES, with the most recent changes listed first. Change notes include tags indicating the category of the change that was made; these categories are: |Category |Description | |-------------- |-----------------------------------------------| | [func] | New feature | | [bug] | General bug fix | | [security] | Fix for a significant security flaw | | [experimental] | Used for new features when the syntax or other aspects of the design are still in flux and may change | | [port] | Portability enhancement | | [maint] | Updates to built-in data such as root server addresses and keys | | [tuning] | Changes to built-in configuration defaults and constants to improve performance | | [performance] | Other changes to improve server performance | | [protocol] | Updates to the DNS protocol such as new RR types | | [test] | Changes to the automatic tests, not affecting server functionality | | [cleanup] | Minor corrections and refactoring | | [doc] | Documentation | | [contrib] | Changes to the contributed tools and libraries in the 'contrib' subdirectory | | [placeholder] | Used in the master development branch to reserve change numbers for use in other branches, e.g. when fixing a bug that only exists in older releases | In general, [func] and [experimental] tags will only appear in new-feature releases (i.e., those with version numbers ending in zero). Some new functionality may be backported to older releases on a case-by-case basis. All other change types may be applied to all currently-supported releases. ### Acknowledgments * The original development of BIND 9 was underwritten by the following organizations: Sun Microsystems, Inc. Hewlett Packard Compaq Computer Corporation IBM Process Software Corporation Silicon Graphics, Inc. Network Associates, Inc. U.S. Defense Information Systems Agency USENIX Association Stichting NLnet - NLnet Foundation Nominum, Inc. * This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. [http://www.OpenSSL.org/](http://www.OpenSSL.org/) * This product includes cryptographic software written by Eric Young (eay@cryptsoft.com) * This product includes software written by Tim Hudson (tjh@cryptsoft.com) ======================================================================== * bind-9.11.4-P2/contrib/dnspriv/README.md ======================================================================== ### DNS Privacy in BIND This directory contains sample configuration files to enable BIND, with Nginx as a TLS proxy, to provide DNS over TLS. `named.conf` configures a validating recursive name server to listen on the localhost address at port 8853. `nginx.conf` configures a TLS proxy to listen on port 853 and forward queries and responses to `named`. For more information, please see [https://dnsprivacy.org/wiki/](https://dnsprivacy.org/wiki/) ======================================================================== * bind-9.11.4-P2/contrib/idn/idnkit-1.0-src/wsock/README.txt ======================================================================== idn wrapper - Client Side IDN Conversion Software for Windows Copyright (c) 2000,2001,2002 Japan Network Information Center. All rights reserved. *** NOTICE ****************************************************** If you have installed mDN Wrapper (former version of idn wrapper) on your system, you should unwrap all the programs before installing idn wrapper. ***************************************************************** 1. Introduction For supporting internationalized domain names, each client application should convert domain names (their encodings) to that DNS server accepts. This requires applications to handle internationalized domain names in its core, and it is the vendor's responsibility to make their programs IDN-compatible. Although there are ongoing efforts in IETF to standardize IDN framework (architecture, encoding etc.) and several RFCs are expected to be published soon as the result, not many applications support IDN to this date. So, there are needs for some helper application which makes legacy applications IDN-aware. `runidn' in idnkit is one of such solutions for Unix-like operating systems, and this software, `idn wrapper' is the one for Windows. On windows, name resolving request is passed to WINSOCK DLL. idn wrapper replaces WINSOCK DLL with the one that can handle IDN, which makes legacy windows applications compatible with IDN. 2. Architecture 2.1. Wrapper DLL Wrapper DLL resides between application and original DLL. It intercept application's calls to original DLL, and preforms some additional processing on those calls. +------------+ Call +------------+ Call +------------+ | |------->| |------->| | |Application | |Wrapper DLL | |Original DLL| | |<-------| |<-------| | +------------+ Return +------------+ Return +------------+ additional processing here DLL call from apllication is passed to wrapper DLL. Wrapper DLL then performs some additional processing on that call, and then calls original DLL. Also, result from original DLL will once passed to wrapper DLL and wrapper does additional process on that result, and finally result will passed to the application. idn wrapper provides wrapper DLLs for WINSOCK, WSOCK32.DLL WINSOCK V1.1 WS2_32.DLL WINSOCK V2.0 to resolve multi-lingual domain names. 2.2. Wrapping APIs idn wrapper performs additional processing on name resolving APIs in WINSOCK, listed below. both WINSOCK 1.1, WINSOCK 2.0 gethostbyaddr gethostbyname WSAAsyncGetHostByAddr WSAAsyncGetHostByName only in WINSOCK 2.0 getaddrinfo freeaddrinfo getnameinfo WSALookupServiceBeginA WSALookupServiceNextA WSALookupServiceEnd Some applications do not use these APIs to resolve domain names. `nslookup' is one of those programs. `nslookup' builds and parse DNS messages internally and does not use WINSOCK's name resolver APIs. idn wrapper cannot make those programs IDN-aware. NOTE: WINSOCK 2.0 also contains WIDE-CHARACTER based name resolution APIs, WSALookupServiceBeginW WSALookupServiceNextW idn wrapper does not wrap these APIs. These APIs are used in Microsoft's own internationalization framework. It is dangerous to convert to another internationalization framework. 2.3. Other APIs in WINSOCK For other APIs in WINSOCK, idn wrapper does nothing, only calls original DLL's entries. idn wrapper copies original WINSOCK DLLs with renaming as below, and forward requests to them. wsock32.dll -> wsock32o.dll ws2_32.dll -> ws2_32o.dll Wrappper DLL will be installed with original DLL names. So after installation of idn wrapper, WINSOCK DLLs should be wsock32.dll idn wrapper for WINSOCK V1.1 ws2_32.dll idn wrapper for WINSOCK V2.0 wsock32o.dll Original WINSOCK V1.1 DLL ws2_32o.dll Original WINSOCK V2.0 DLL 2.4. Asynchronous API Domain name conversion take place on request to DNS convert from local encoding to DNS compatible encoding response from DNS convert from DNS encoding to local encoding For synchronous APIs, local to DNS conversion is done before calling original API, and after return from original API, name should be converted from DNS encoding to local encoding. But WINSOCK having some asynchronous APIs, such as WSAAsyncGetHostByAddr WSAAsyncGetHostByName In these APIs, completion is notified with windows message. To perform DNS to local conversion, wrapper should hook target window procedure to capture those completion messages. So, if asynchronous API was called, idn wrapper set hook to target window procedure (passed with API parameter). If hook found notify message (also given with API parameter), then convert resulting name (in DNS encoding) to local encoding. 2.5. Installing Wrapper DLLs WINSOCK DLLs are placed at Windows's system directory. To wrap WINSOCK DLLs, one could do following sequence at system directory. + Rename Original WINSOCK DLLs ren wsock32.dll wsock32o.dll ren ws2_32.dll ws2_32o.dll + Install (copy in) Wrapper DLLs copy somewhere\wsock32.dll wsock32.dll copy somewhere\ws2_32.dll ws2_32.dll copy another DLLs also However, replacing DLLs in Window's system directory is very dangerous: a) If you re-install idn wrapper again, original WINSOCK DLLs may be lost. b) Some application or service pack will replace WINSOCK DLLs. It may corrupt WINSOCK environment. If these happen, at least networking does not work, and worse, Windows never startup again. So, idn wrapper usually does not wrap in the system directory, but wrap in each indivisual application's directory. In Windows, DLL will be searched in the following places: Application's Load Directory %SystemRoot%\System32 %SystemRoot% Directories in PATH and loaded & linked first found one. So if installed wrapper DLLs is found on application's load directory, the application's call to WINSOCK will wrapped. But some applications or DLLs are binded to specific DLL, they do not rely on above DLL's search path. For those applcaitons or DLLs, idn wrapper (in standard installation) cannot wrap them. NOTE: Netscape is one of those program. It cannot be wrapped if installed to applications directory. Also WINSOCK DLLs are also binded to related DLLs in system directory. On the other hand, Internet Explore or Window Media Player relys on standard DLL search path, and well wrapped with idn wrapper. 2.6. At which point conversion applied If windows supporting WINSOCK 2.0, there are DLLs one for 1.1 and another for 2.0, and call to WINSOCK 1.1 will redirected to 2.0 DLL. +------------+ Call +------------+ Call +------------+ | |------->| |------->| | |Application | |WINSOCK 1.1 | |WINSOCK 2.0 | | |<-------| |<-------| | +------------+ Return +------------+ Return +------------+ In this case, calls to 1.1 and 2.0 are both passed to 2.0 DLL. So conversion will done in WINSOCK 2.0 DLL side. If windows only supports WINSOCK 1.1, there's 1.1 DLL only. +------------+ Call +------------+ | |------->| | |Application | |WINSOCK 1.1 | | |<-------| | +------------+ Return +------------+ In this case, conversion must done in 1.1 DLL. If idn wrapper was installed on system directory, DLLs will work as described above. But if wrapper was installed on application's directory, call/return sequence changes. Original WINSOCK 1.1 DLL in windows seems binded to specific WINSOCK 2.0 DLL, placed at window's system diretory. So call from WINSOCK 1.1 to WINSOCK 2.0 will passed to original DLL (in system directory) and never passed to wrapper DLL in application's directory. So in this case, both 1.1 and 2.0 DLLs should coonvert domain name encodings. These DLL binding is not documented. It may be change on OS versions or DLL versions. So, mDn wrapper determines place of conversion on registry value. With this registry value, idn wrappper absolb OS/DLL variations. Registry values for idn wrapper will placed under HKEY_LOCAL_MACHINE\SOFTWARE\JPNIC\IDN HKEY_CURRENT_USER\SOFTWARE\JPNIC\IDN Place of conversion is determined with registry value "Where", Registry Value "Where" REG_DWORD 0 both on WINSOCK 1.1 and WINSOCK 2.0 1 if WINSOCK 2.0 exist, only in WINSOCK 2.0 otherwise, convert on WINSOCK 1.1 2 only in WINSOCK 1.1 3 only in WINSOCK 2.0 If you install idn wrapper into application's directory, use "0". If you install idn wrapper into system directory, use "1". If there are no "Where" value, idn wrapper uses "0" as default, it is suited to installation into application's directory (default installation). 2.7. Converting From/To Wrapper DLL convert resolving domain name encoded with local code to DNS server's encoding. Also, wrapper DLL convert resulting name ( encoded with DNS's encoding) back to local encoding. There are several proposals for DNS encodings to handle multi-lingual domain names. Wrapper DLL should be configured to convert to one of those encodings. This DNS side encoding will specified with registry. When installing idn wrapper, this registry will set to some (yet undefined) DNS encoding. Registry values for idn wrapper will placed under HKEY_LOCAL_MACHINE\SOFTWARE\JPNIC\IDN HKEY_CURRENT_USER\SOFTWARE\JPNIC\IDN DNS encoding name will given with registry value (REG_SZ) of "Encoding", this name must be one of encoding names which 'libmdn' recognize. Registry Value "Encoding" REG_SZ Encoding name of DNS server accepts. Local encodings (Windows Apllication Encodings) is generally acquired from process's code page. 'iconv' library, used for idn wrapper, generally accepts MS's codepage names. Some windows apllication encode domain name with some specific multi- lingual encoding. For example, if you configured IE to use UTF-8, then domain names are encoded with UTF-8. UTF-8 is one of proposed DNS encoding, but DNS server may expect another encoding. For those cases, idn wrapper accept program specific encoding as local encoding. These program specific local encoding should be marked in registry. Program specific registry setting will placed under HKEY_LOCAL_MACHINE\SOFTWARE\JPNIC\IDN\PerProg HKEY_CURRENT_USER\SOFTWARE\JPNIC\IDN\PerProg using program name (executable file name) as key. For example, setting specific to Internet Explore, it executable name is "IEXPLORE", will plcaed at HKEY_LOCAL_MACHINE\SOFTWARE\JPNIC\IDN\PerProg\IEXPLORE Local encoding name will specified with registry value (REG_SZ) of "Encoding". This name must be one of encoding names which ' recognize.libmdn' Registry Value "Encoding" REG_SZ Encoding name of application program encodes, if it is not system's default encoding. 3. Setup and Configuration idn wrapper wraps WINSOCK DLL by placing wrapper (fake) DLLs in the application's directory. For the installation, idn wrapper comes with a setup program and a configuration program. NOTE: You can also install idn wrapper DLLs in the Windows system directory. But this installation is very dangerous and may cause severe problems in your system. You should try it at your own risk. 3.1. Setup Program To install idn wrapper, run "setup.exe". Setup program will do: Installing Files Copy idn wrapper files (DLL, Program EXE, etc) into diretory "\Program Files\JPNIC\idn wrapper" This directory may be changed on setup sequence. Setting registry entries Setup program will create keys and values under registry: "HKEY_LOCAL_MACHINES\Software\JPNIC\IDN" InstallDir REG_SZ "" Pathname of the idn wrapper's installation directory. The installer makes copies of the original WINSOCK DLLs in that directory, which is referenced by the idn wrapper's fake DLLs. ConfFile REG_SZ "\idn.conf" Name of the idnkit's configuration file, which defines various parameter regarding multilingual domain name handling. See the contents of the file for details. This value can be changed with the Configuration Program or the registry editor. LogFile REG_SZ "\idn_wrapper.log" Name of the idn wrapper's log file. This value can be changed with the Configuration Program or the registry editor. LogLevel DWORD -1 Logging level. Default is -1, which indicates no logging is made. This value can be changed with the Configuration Program or the registry editor. PerProg KEY Under this key, idn wrapper set program specific values. idn wrapper uses program's executable name as key, and put values under that key. PerProg\\Where REG_DWORD Encoding Position PerProg\>progname>\Encoding REG_SZ Local Encoding Name Configuration program set local encpoding name. "Where" value is usually not required in standard installation. If you installed idn wrapper in system directory, chanage "Where" values to fit your environment. Creating ICON Setup program will create program icon for idn wrapper's configuration program, and put it into "Start Menu". You can start configuration program with it. 3.2. Configuration Program Configuration program is a tool for wrap specific program, or unwrap programs. If you start "Configuration Program", you'll get window like this. +---+-------------------------------------------------+---+---+---+ | | idn wrapper - Configuration | _ | O | X | +---+-------------------------------------------------+---+---+---+ | idn wrapper Configuration Program version X.X | +-----------------------------------------------------------------+ | Wrapped Program +---------+ | | +---------------------------------------------+---+ | Wrap.. | | | | | A | +---------+ | | | +---+ +---------+ | | | | | | Unwrap..| | | | | | +---------+ | | | | | +---------+ | | | | | |UnwrapAll| | | | | | +---------+ | | | | | +---------+ | | | | | |RewrapAll| | | | | | +---------+ | | | | | +---------+ | | | | | | Log.. | | | | | | +---------+ | | | | | +---------+ | | | +---+ |Advanced.| | | | | V | +---------+ | | +---+-------------------------------------+---+---+ +---------+ | | | < | | > | | Exit | | | +---+-------------------------------------+---+ +---------+ | +-----------------------------------------------------------------+ Listbox contains list of current wrapped programs. Initially it is empty. To wrap a program, press button "wrap". You'll get following dialog. +---+-------------------------------------------------+---+---+---+ | | idn wrapper - Wrap Executable | _ | O | X | +---+-------------------------------------------------+---+---+---+ | +----------------------------------------+ +--------+ | | Program: | | |Browse..| | | +----------------------------------------+ +--------+ | | +----------+ | | Encoding: | | o Default o UTF-8 | | +----------+ | | [] Force local DLL reference | +-----------------------------------------------------------------+ | +--------+ +--------+ | | | Wrap | | Cancel | | | +--------+ +--------+ | +-----------------------------------------------------------------+ First, enter program (executable name with full path) or browse wrapping exectable from file browser. Then set local encoding of that program. Usually use "Default" as local encoding. If target program uses internationalized encoding, then specify "UFT-8". The "Force local DLL reference" button controls the DLL search order of the program to be wrapped (Windows95 does not have this capability, hence this button does not appear). If it is checked, DLLs in the local directory (the directory which the executable file is in) are always preferred, even if the executable specifies otherwise. If you have problem with wrapping, checking this button may solve the problem, but it is also possible that it causes other problem. Finally, put "wrap" button to wrap specified program with given encoding. Wrapped program will be listed in listbox of the first window. When you install a new version of idn wrapper, you have to re-wrap your programs in order to update DLLs used for wrapping. "Rewrap all" button is provided for this purpose. Just press the button, and all the currently wrapped programs will be re-wrapped. To unwrap a program, press button "unwrap". You'll get following confirmating dialog. +---+-------------------------------------------------+---+---+---+ | | idn wrapper - Unwrap Executable | _ | O | X | +---+-------------------------------------------------+---+---+---+ | +---------------------------------------------------+ | | Program: | | | | +---------------------------------------------------+ | +-----------------------------------------------------------------+ | +--------+ +--------+ | | | Unwrap | | Cancel | | | +--------+ +--------+ | +-----------------------------------------------------------------+ If you unwrap a program, the program will be vanished from listbox of the first window. Also "Unwrap all" button is provided to unwrap all the programs that are currently wrapped. To configure logging, press button "log". You'll get the following dialog. +---+-------------------------------------------------+---+---+---+ | | idn wrapper - Log Configuration | _ | O | X | +---+-------------------------------------------------+---+---+---+ | Log Level: o None o Fatal o Error o Warning o Info o Trace | | | | +------------------------------------+ +---------+ | | Log File:| | | Browse..| | | +------------------------------------+ +---------+ | | +------+ +--------+ | |Log Operation: | View | | Delete | | | +------+ +--------+ | +-----------------------------------------------------------------+ | +--------+ +--------+ | | | OK | | Cancel | | | +--------+ +--------+ | +-----------------------------------------------------------------+ Logging level can be selected from the followings. None no logging at all Fatal only records fatal errors Error also records non-fatal errors Warning also records warning mssages Info also records informational messages Trace also records trace information Note that these levels are for log output from IDN library (idnkit.dll). idn wrapper itself supports only off (None) and on (the rest). Pathname of the log file can also be specified with this dialog. You can view the current log file contents by pressing "View" button, or delete it by "Delete" button. Note that log level and log file configuration doesn't affect already running processes. Press "advanced" button to invoke the advanced configuration dialog. This dialog is for advanced users and enables customization for some basic parameters which normal users need not change, since appropriate defaults are provided. +---+-------------------------------------------------+---+---+---+ | | idn wrapper - Advanced Configuration | _ | O | X | +---+-------------------------------------------------+---+---+---+ | IDN Wrapping Mode | | o Wrap both WINSOCK 1.1 and WINSOCK 2.0 | | o Wrap only WINSOCK 1.1 | | o Wrap only WINSOCK 2.0 | | o Wrap only WINSOCK 2.0 if it exists. | | Otherwise wrap only WINSOCK 1.1 | +-----------------------------------------------------------------+ | IDN Configuration | | +--------------------------------+ +----------+ | | Config File: | | | Browse.. | | | +--------------------------------+ +----------+ | | +------+ | | | Edit | | | +------+ | +-----------------------------------------------------------------+ | +--------+ +--------+ | | | OK | | Cancel | | | +--------+ +--------+ | +-----------------------------------------------------------------+ With the dialog users can do the following configuration. Wrapping Mode Customize wrapping mode. Normally the default item should be appropriate. Changing it to other item may help when you have problems. IDN Configuration Set the configuration file for multilingual domain name handling. By pressing "Edit" button, you can edit then contents of the file. 4. Limitations 4.1. DLL Versions Wrapper DLL is tightly coupled with specific DLL version, because it must export all the entries including un-documented ones. If WINSOCK DLL version changed, idn wrapper may not work correctly. Current idn wrapper is tested on Win2000 (WINSOCK 1.1 + 2.0) WinME (WINSOCK 1.1 + 2.0) But there are no assuarance for future versions of Windows. 4.2. DNS, WINS, LMHOSTS There are three name resolving methods in windows, DNS, WINS and LMHOSTS. Using idn wrapper, domain name conversion will performed on all of thoses methods. It may cause some trouble if windows using WINS or LMHOSTS. We recommend use DNS oly if you want to use idn wrapper. 4.3. Converting Names other than Domain Name In WINSOCK 2.0, there are generic name resolution APIs are introduced. WSALookupServiceBeginA WSALookupServiceNextA WSALookupServiceEnd They are use mainly domain name conversion now, but not limited to resolving domain name. idn wrapper hooks this API and convert given name anyway. This causes some trouble if conversion name is not domain name. 4.4. Applications don't use these APIa Some applications don't use these APIs to resolving domain names. For example, 'nslookup' issue DNS request locally. For these applications, idn wrapper does not work. 4.5. Applications bound to specific WINSOCK DLL Some applications are bound to specific DLL, not relying on standard DLL search path. Netscape Communicator seems to be one of such programs. idn wrapper in standard installation cannot wrap such programs. If you want to wrap those programs, you may use installation into system directory. But this installation is very dangerous, for it is possible that your system cannot boot again. 5. Registry Setting - Summary 5.1. Priority of Setting Settings of idn wrapper is placed on registry Software\JPNIC\IDN under HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER. idn wrapper first read HKEY_LOCAL_MACHINE, and if HKEY_CURRENT_USER exist, overwrite with this one. Usually set HKEY_LOCAL_MACHINE only. But if you need per user setting, then set HKEY_CURRENT_USER. Note that the configuration program reads/writes only HKEY_LOCAL_MACHINE. 5.2. Registry Key There's common settings and per program settings. _Common Settings Software\JPNIC\IDN\InstallDir Installation directory Software\JPNIC\IDN\Where Where to convert encoding 0: both WINSOCK 1.1 and WINSOCK 2.0 1: if WINSOCK 2.0 exist, convert at 2.0 DLL if WINSOCK 1.1 only, convert at 1.1 DLL 2: only in WINSOCK1.1 3: only in WINSOCK2.0 Software\JPNIC\IDN\ConfFile idnkit Configuration File Software\JPNIC\IDN\LogFile Log File Software\JPNIC\IDN\LogLevel Log Level _Per Program Settings Converting position and program's local encoding may be set per program bases. Software\JPNIC\IDN\PerProg\\Where Software\JPNIC\IDN\PerProg\\Encoding If not specified, the following values are assumed. Where 0 (both 1.1 DLL and 2.0 DLL) Encoding [process's code page] ======================================================================== * bind-9.11.4-P2/contrib/idn/idnkit-1.0-src/wsock/README_j.txt ======================================================================== idn wrapper - Windows におけるクライアント側での IDN 変換ソフトウェア Copyright (c) 2000,2001,2002 Japan Network Information Center. All rights reserved. *** 注意 ********************************************************** もしもすでに mDN Wrapper (idn wrapper の前身) がインストールされているマシンに idn wrapper をインストールする場合には、インストール前に、ラップされているすべてのプログラムをアンラップしてください。 ******************************************************************* 1. はじめに Windows で国際化ドメイン名を扱えるようにするためには、Windows 上のクライアントアプリケーションにおいて、解決しようとする名前のエンコーディングを、DNS サーバが受付ける形式のものに変換する必要があります。これは、Windows 上のアプリケーションが、きちんと国際化ドメイン名を扱えるようになっていなければならない、ということであり、本来はそれぞれのプログラムの作成者が行なうべきことです。現在 IETF にて国際化ドメイン名のフレームワークを標準化する努力が続けられており、その結果として一連の RFC がもうすぐ発行されることになっていますが、それでも国際化ドメイン名に対応したアプリケーションはまだまだ少ないのが現状です。そこで、既存のアプリケーションを国際化ドメイン名に対応させるためのヘルパーアプリケーションが必要になります。idnkit に含まれる runidn コマンドは Unix 系の OS での一つの解決策ですし、Windows に対する解決策としてはここで説明する idn wrapper があります。 Windows において、多くの場合、ドメイン名解決の要求はWINSOCK DLL に渡されます。そこで、WINSOCK DLL を国際化ドメイン名対応のものに置き換えてやれば、既存のプログラムからでも国際化ドメイン名を使うことができるようになります。 2. 実現方法 2.1. ラッパーDLL ラッパーDLL は、アプリケーションと元のDLL との間に割り込んで、アプリケーションからのDLL の呼び出しを横取りして、本来のDLL とは異なった処理をさせるものです。 +------------+ Call +------------+ Call +------------+ | |------->| |------->| | |Application | |Wrapper DLL | |Original DLL| | |<-------| |<-------| | +------------+ Return +------------+ Return +------------+ additional processing here アプリケーションからのDLL の呼び出しはラッパー DLLに渡されます。ラッパー DLLはそこで、付加的な処理を行なって、元のDLL のエントリを呼び出します。また、元のDLL の処理結果は一旦ラッパー DLLに返され、ここでも付加的な処理を行なって、最終的な結果がアプリケーションに返されることになります。 idn wrapper では、WINSOCK DLLの WSOCK32.DLL WINSOCK V1.1 WS2_32.DLL WINSOCK V2.0 に対するラッパーDLL を提供して、国際化ドメイン名の名前解決ができるようにします。16ビット版のWINSOCK (WINSOCK.DLL) は対象外です。 2.2. 処理対象のAPI idn wrapper はWINSOCK の名前解決に関連したAPI についてのみ付加的な処理を行ないます。処理の対象となるWINSOCK APIは以下のものです。 WINSOCK 1.1, WINSOCK 2.0 の両方にあるもの gethostbyaddr gethostbyname WSAAsyncGetHostByAddr WSAAsyncGetHostByName WINSOCK 2.0 だけにあるもの WSALookupServiceBeginA WSALookupServiceNextA WSALookupServiceEnd アプリケーションによっては、これらのAPI を使わないで独自にドメイン名の解決を行なうものもあります。例えば、nslookupは、これらのAPI を使わないで、内部で独自にDNS リクエストの生成、解釈を行なっています。当然のことながら、これらのアプリケーションについては、idn wrapper では多言語化対応させることはできません。注：WINSOCK 2.0 には、WIDE CHARACTER ベースの名前解決のAPI として WSALookupServiceBeginW WSALookupServiceNextW もありますが、これらについてはラップしません。これらのAPI はマイクロソフト仕様による国際化に対応したものですから、そのフレームワーク上で使うべきものです。これらについては他の多言語化フレームワークに変換してしまうのは危険ではないと判断しました。 2.3. 処理対象外のAPI 上記以外のWINSOCK API については、idn wrapper はなにもしないで、元の WINSOCK API を呼び出します。 idn wrapper では、元のWINSOCK DLL を名前を変えてコピーし、それを呼び出すように作られています。 wsock32.dll -> wsock32o.dll ws2_32.dll -> ws2_32o.dll ラッパーDLL は元のWINSOCK DLL と同じ名前で作成されます。従ってidn wrapper がインストールされた状態では、 wsock32.dll idn wrapper for WINSOCK V1.1 ws2_32.dll idn wrapper for WINSOCK V2.0 wsock32o.dll Original WINSOCK V1.1 DLL ws2_32o.dll Original WINSOCK V2.0 DLL となります。 2.4. 非同期 API ドメイン名の変換は、以下のタイミングで行なわれる必要があります。 DNS へのリクエスト時ローカルエンコーディング -> DNS エンコーディング DNS からの応答受信時 DNS エンコーディング -> ローカルエンコーディング同期API においては、ローカルエンコーディングからDNS エンコーディングへの変換は、元のAPI を呼び出す前に行われ、DNS エンコーディングからローカルエンコーディングへの変換は、元のAPI から復帰してきたところで行なわれます。しかし、WINSOCK の以下のAPI は非同期API で、DNS からの応答受信前に復帰してしまいます。 WSAAsyncGetHostByAddr WSAAsyncGetHostByName これらのAPI においては、名前解決の完了は、Windows へのメッセージによって通知されます。このため、DNS エンコーディングからローカルエンコーディングへの変換を行なうには、ラッパーは通知先のウィンドウプロシジャのメッセージキューをフックして、この完了メッセージを捕獲する必要があります。そこで、非同期API が呼び出された場合には、idn wrapper は、通知先のウィンドウプロシジャ（これはAPI のパラメタで指示されます）にフックを設定します。フックが完了メッセージ（これもAPI のパラメタで指示されます）を検出したなら、フックは結果の格納領域（これもAPI のパラメタで指示されています）のドメイン名を、DNS 側のエンコーディングからローカルエンコーディングに変換するものとします。 2.5. Wrapper DLL のインストール WINSOCK DLL はWindows のシステムディレクトリに置かれています。 WINSOCK を確実にラップするには、システムディレクトリにおいてオリジナルWINSOCK DLL の名前の変更 ren wsock32.dll wsock32o.dll ren ws2_32.dll ws2_32o.dll ラッパーDLL の導入 copy somewhere\wsock32.dll wsock32.dll copy somewhere\ws2_32.dll ws2_32.dll copy another DLLs also を行なう必要があります。しかし、システムディレクトリでこのようなDLL の置き換えを行なうのは大変危険な操作になります。 a) DLL を入れ替えた状態で、もういちど同じ操作を行なうと、オリジナルのWINSOCK DLL が失われてしまうことになります。 b) サービスパックやアプリケーションなどで、WINSOCK DLL を再導入するものがありますが、これによってもWINSOCK が利用不能になることがあります。このような状態になると、ネットワーク機能が全く使えなくなったり、最悪はWindows の起動すら出来なくなる可能性があります。そこで、idn wrapper では、上のようなシステムレベルのラップではなく、アプリケーションに対するラップを基本機能として提供するものとします。 Windows において、DLL は、基本的にはアプリケーションのロードディレクトリ %SystemRoot%\System32 %SystemRoot% PATH で指示されるディレクトリの順序で検索されて、最初に見つかったものがロードされます。ですから、一般的には、DLL をアプリケーションのロードディレクトリにインストールすれば、そのアプリケーションからのWINSOCK の呼び出しをラップすることができます。ただし、いくつかのアプリケーション、DLL では、検索パスを経由せずに特定のDLL をリンクするようになっているものがあります。このような構成のアプリケーション、DLL が使われた場合には idn wrapperでは対処することはできません。注：Netscapeは特定DLL にバインドされているようで、アプリケーションディレクトリへのインストールではラップできません。WINSOCK DLL 自体もシステムディレクトリの関連DLL にバインドされているようです。一方、 Internet ExploreやWindows Media Playerは標準のサーチパスに従っているので、ラップすることができます。 2.6. エンコーディングの変換位置 WINSOCK 2.0 をサポートしているWindows には、WINSOCK の1.1 と2.0 のそれぞれに対応するDLL があり、WINSOCK 1.1 のAPI の呼び出しは2.0 の同じエントリにリダイレクトされるようになっています。 +------------+ Call +------------+ Call +------------+ | |------->| |------->| | |Application | |WINSOCK 1.1 | |WINSOCK 2.0 | | |<-------| |<-------| | +------------+ Return +------------+ Return +------------+ この場合には1.1 に対する呼び出しも2.0 に対する呼び出しも、ともにV2.0 用のDLL に渡されるので、2.0用のラッパーDLL 側だけでエンコーディングの変換を行なうようにするべきでしょう。一方、WINSOCK 1.1 しかサポートしていない場合(Win95)には、1.1 に対応したDLL しかありません。 +------------+ Call +------------+ | |------->| | |Application | |WINSOCK 1.1 | | |<-------| | +------------+ Return +------------+ この場合には必然的に1.1 用のラッパーDLL でエンコーディングを変換しなければなりません。 idn Wrapepr がwindows のシステムディレクトリにインストールされた場合には、上の通りに動作するので、 WINSOCK 2.0 あり 2.0 ラッパーで変換 WINSOCK 1.1 のみ 1.1 ラッパーで変換する必要があります。しかし、アプリケーションディレクトリにインストールされた場合には動作が変わってきます。Windows 付属の WINSOCK 1.1 DLLは、システムディレクトリのWINSOCK 2.0 にバインドされているため、アプリケーションディレクトリ側のWINSOCK 2.0 ラッパーDLL にはリダイレクトされてきません。このため、アプリケーションディレクトリへのインストールにおいては、1.1DLL、 2.0DLLの両方でエンコーディングを変換する必要があります。このようなDLL 間のバインディングはドキュメントされていませんので、環境、バージョンによっては異なった動作をするかも知れません。そこでidn wrapper では、レジストリ値によって、ラッパーDLL のどこで変換を行なうかを決定するようにして、インストール先による差異、あるいはバージョンによる差異を吸収するようにします。 idn wrapper 用のレジストリ設定は HKEY_LOCAL_MACHINE\SOFTWARE\JPNIC\IDN HKEY_CURRENT_USER\SOFTWARE\JPNIC\IDN 以下に配置されます。エンコーディング変換を行なう位置については、この直下のレジストリ値 Where（REG_DWORD）によって決定します。有効な値は、レジストリ Where (REG_DWORD) 0 WINSOCK 1.1、WINSOCK 2.0 の両方で変換する 1 WINSOCK 2.0 があれば、WINSOCK 2.0だけで変換する WINSOCK 1.1 だけの場合には WINSOCK 1.1 で変換する 2 WINSOCK 1.1 だけで変換する 3 WINSOCK 2.0 だけで変換するの４通りです。アプリケーションディレクトリにインストールする場合には「０」を、システムディレクトリにインストールする場合には「１」を設定する必要があります。レジストリ値が存在しない場合には「０」を想定します。これはアプリケーションディレクトリへのインストールを標準としたものです。 2.7. 変換元/先のエンクコーディングラッパーDLL では、解決しようとするドメイン名を、マシンのローカルエンコーディングからDNS サーバのエンコーディングに変換し、また、DNS が返してきたドメイン名(DNS サーバのエンコーディング)をマシンのローカルエンコーディングに戻します。現在、DNS 側の国際化エンコーディングについては、いくつもの方式が提案されています。ラッパーDLL はそれらのDNS 側エンコーディングのどれかひとつに変換するように構成されます。このDNS 側エンコーディングはレジストリで指示されます。このレジストリには、idn wrapper のインストール時に（現時点では未定の）デフォルトエンコーディングが設定されます。当然、このレジストリは、後で他のものに変更することもできます。 idn wrapper 用のレジストリ設定は HKEY_LOCAL_MACHINE\SOFTWARE\JPNIC\IDN HKEY_CURRENT_USER\SOFTWARE\JPNIC\IDN 以下に配置されます。DNS 側のエンコーディングはレジストリ値 Encoding （REG_SZ）で指示されます。このエンコーディング名は、libmdnで認識されるものでなければなりません。レジストリ Encoding (REG_SZ) DNS サーバ側のエンコーディング名を設定します一方、アプリケーションが使用しているローカルエンコーディングは、通常はプロセスのコードページから求めます。ラッパーDLL が使用する 'iconv' ライブラリは、windows のコードページ名をエンコーディング名として受付けることができるので、コードページ名をそのままローカルエンコーディング名として使用します。しかし、アプリケーションによっては、特定の国際化エンコーディングでドメイン名をエンコーディングしてしまうものもあります。例えば、IEではドメイン名をUTF-8 で表記するように指示することができるようになっています。UTF-8 によるエンコーディングは、提案されている国際化方式のひとつですが、国際化されたDNS サーバは他のエンコーディングしか受付けないかも知れません。このような状況に対処するため、idn ラッパーは、ローカルエンコーディングとしてプログラム特有のエンコーディングも受付けることができるようにします。このようなプログラム特有のローカルエンコーディングはレジストリ記載されるものとします。 idn wrapper 用のプログラム特有のレジストリ設定は HKEY_LOCAL_MACHINE\SOFTWARE\JPNIC\IDN\PerProg HKEY_CURRENT_USER\SOFTWARE\JPNIC\IDN\PerProg 以下に、プログラム名（実行モジュールファイル名）をキーとして配置されます。例えば、Internet Explore の場合には、実行モジュール名の IEXPLOREをキーとして HKEY_LOCAL_MACHINE\SOFTWARE\JPNIC\IDN\PerProg\IEXPLORE 以下に置かれます。ローカルエンコーディング名は、レジストリ値 Encoding （REG_SZ）で指示します。これもlibmdnで認識されるものでなければなりません。レジストリ Encoding (REG_SZ) アプリケーションプログラム特有のエンコーディング名（デフォルトのエンコーディング以外を必要とする場合）を指定します。 3.セットアップとコンフィギュレーション idn wrapper は、基本インストレーションとして、アプリケーションディレクトリでWINSOCK をラップします。これに合わせて、セットアッププログラムとコンフィギュレーションプログラムとを提供します。注：システムディレクトリでのラップも可能ですが、これは危険な設定ですので、標準インストレーションとしては提供しません。システムディレクトリへのインストールを行なう場合には、自己責任でやってください。 3.1.セットアッププログラム idn wrapper をインストールするには"setup.exe" を実行します。セットアッププログラムは以下の処理を実行します。ファイルのインストールディレクトリ「\Program Files\JPNIC\idn wrapper」（セットアップ時点で変更可能）以下に、idn wrapper を構成するファイルをコピーします。レジストリの設定 HKEY_LOCAL_MACHINE\Software\JPNIC\IDN 以下に必要なレジストリキー、レジストリ値を作成、設定します。 InstallDir REG_SZ "<インストールディレクトリ>" idn wrapper のインストールディレクトリのパス名です。セットアッププログラムはこのディレクトリにオリジナルのWINSOCK DLL のコピーを作成します。idn wrapper のラッパー DLL は実行時にこの DLL を参照します。 ConfFile REG_SZ "<インストールディレクトリ>\idn.conf" idn wrapper が国際化ドメイン名の変換処理に使用している idnkit のコンフィギュレーションファイルの名前です。このファイルは国際化ドメイン名の処理に必要な各種のパラメータを設定するためのものです。詳しくはファイルの内容をご覧ください。この値は後述するコンフィギュレーションプログラムで変更することができます。 LogFile REG_SZ "<インストールディレクトリ>\idn_wrapper.log" idn wrapper のログファイルの名前です。この値もコンフィギュレーションプログラムで変更することができます。 LogLevel DWORD -1 ログレベルの指定です。デフォルトは -1 で、これは全くログを出力しないという意味です。この値もコンフィギュレーションプログラムで変更することができます。 PerProg キープログラム毎の設定値を格納するためのキーです。この下に、プログラムの実行モジュール名をキーとしてプログラム個別の設定が記録されます。設定される情報は以下の二つです。 PerProg\\Where REG_DWORD 変換位置 PerProg\\Encoding REG_SZ エンコーディング名エンコーディング名は通常コンフィギュレーションプログラムによって設定されます。変換位置は、標準インストールでは不要です。システムディレクトリへのインストールを行なった場合には、レジストリエディタで環境に合わせて設定する必要があります。アイコンの作成コンフィギュレーションプログラムのアイコンを作成し、スタートメニューに登録します。これによってコンフィギュレーションプログラムを起動することができます。アンインストールするには、コントロールパネルの「アプリケーションの追加と削除」で、「idn wrapper」を選択して削除（「追加と削除」ボタン）します。 3.2.コンフィギュレーションプログラムコンフィギュレーションプログラムは、アプリケーションを特定してラップしたり、アプリケーションのラップを解除するためのツールです。起動すると以下のような画面が表示されます。 ┌─┬─────────────────────────┬─┬─┬─┐ │　│idn wrapper - Configuration │＿│□│×│ ├─┴─────────────────────────┴─┴─┴─┤ │ idn wrapper Configuration Program version X.X │ ├─────────────────────────────────┤ │ Wrapped Program ┌─────┐│ │┌──────────────────────┬─┐│ Wrap.. ││ ││ │∧│└─────┘│ ││ ├─┤┌─────┐│ ││ │ ││ Unwrap.. ││ ││ │ │└─────┘│ ││ │ │┌─────┐│ ││ │ ││UnwrapAll.││ ││ │ │└─────┘│ ││ │ │┌─────┐│ ││ │ ││RewrapAll.││ ││ │ │└─────┘│ ││ │ │┌─────┐│ ││ │ ││ Log.. ││ ││ │ │└─────┘│ ││ │ │┌─────┐│ ││ ├─┤│Advanced..││ ││ │∨│└─────┘│ │├─┬──────────────────┬─┼─┘┌─────┐│ ││〈│ │〉│ │ Exit ││ │└─┴──────────────────┴─┘ └─────┘│ └─────────────────────────────────┘ リストボックスには、その時点でラップされているプログラムが表示されます。最初に実行した場合には空になっています。プログラムをラップするには、"wrap"ボタンを押します。"wrap"ボタンを押すと以下のようなダイアログが表示されます。 ┌─┬────────────────────────┬─┬─┬─┐ │　│idn wrapper - Wrap Executable │＿│□│×│ ├─┴────────────────────────┴─┴─┴─┤ │ ┌───────────────────┐┌────┐│ │ Program: │ ││Browse..││ │ └───────────────────┘└────┘│ │ ┌───┐ │ │Encoding: │ │ ○Default ○UTF-8 │ │ └───┘ │ │ □ Force local DLL reference │ ├────────────────────────────────┤ │ ┌────┐┌────┐│ │ │ wrap ││ cancel ││ │ └────┘└────┘│ └────────────────────────────────┘ 最初に、ラップするプログラムの実行ファイル名を設定します。直接入力するか、ブラウズボタンでファイルを探してください。次にそのプログラムのローカルエンコーディングを指定します。通常は「Default」でかまいません。プログラムが国際化エンコーディングに従っている場合にのみ「UTF-8」を指示します。「Force local DLL reference」ボタンにより、ラップするプログラムの DLL の探索順序を変更することができます (ただし Windows95 にはこの機能がないため、このボタンも表示されません)。このボタンをチェックすると、たとえプログラムが別の場所の DLL を指定していても、常に実行ファイルがあるディレクトリの DLL が優先されるようになります。もしプログラムがうまくラップできない場合には、このボタンをチェックするとうまくいくかもしれません。ただし同時に他の問題が発生する可能性もあります。最後に「wrap」ボタンを押せば、プログラムが、指定されたエンコーディングでラップされます。ラップされたプログラムは、最初のウィンドウのリストボックスに反映されます。 idn wrapper をバージョンアップした場合には、ラップ用の DLL をアップデートするために、プログラムを再ラップする必要があります。このために、現在ラップされているプログラムに対して再度ラップを行うための「rewrap all」ボタンが用意されています。プログラムに対するラップを解除するには、リストボックスで解除するプログラムを選択して、「unwrap」ボタンを押します。以下の確認用のダイアログが表示されますので、間違いがなければ「unwrap」ボタンを押してください。 ┌─┬────────────────────────┬─┬─┬─┐ │　│idn wrapper - Unwrap Executable │＿│□│×│ ├─┴────────────────────────┴─┴─┴─┤ │ ┌─────────────────────────┐│ │Program: │ ││ │ └─────────────────────────┘│ ├────────────────────────────────┤ │ ┌────┐┌────┐│ │ │ Unwrap ││ Cancel ││ │ └────┘└────┘│ └────────────────────────────────┘ ラップが解除されると、そのプログラムは最初のウィンドウのリストボックスからも削除されます。プログラムに対して現在設定されているラップをすべて解除するための「unwrap all」ボタンも用意されています。ログの設定を行うには、"log" ボタンを押します。次のようなダイアログが表示されます。 ┌─┬────────────────────────┬─┬─┬─┐ │　│idn wrapper - Log Configuration │＿│□│×│ ├─┴────────────────────────┴─┴─┴─┤ │ Log Level: ○None ○Fatal ○Error ○Warning ○Info ○Trace │ │ ┌─────────────────┐┌────┐│ │ Log File:│ ││Browse..││ │ └─────────────────┘└────┘│ │ ┌───┐ ┌───┐ │ │Log Operation:│ View │ │Delete│ │ │ └───┘ └───┘ │ ├────────────────────────────────┤ │ ┌────┐┌────┐│ │ │ OK ││ Cancel ││ │ └────┘└────┘│ └────────────────────────────────┘ ログレベルは次の中から選択することができます。 None ログを出力しない Fatal 致命的エラーのみ記録する Error 致命的でないエラーも記録する Warning 警告メッセージも記録する Info その他の情報も記録する Trace トレース出力も記録するここにあげたログレベルの設定は、IDN ライブラリ (idnkit.dll) が出力するログに対してのみ有効です。idn wrapper 自身が出力するログは ON/OFF しかできません。None を指定すると OFF に、それ以外のレベルを指定すると ON になります。このダイアログを用いて、ログファイルのパス名を指定することもできます。また、ログファイルの内容を表示させたり、ログファイルを削除することも可能です。ログレベルやログファイルの設定は、設定時にすでに動作しているプロセスには影響を与えないことに気をつけてください。 "advanced" ボタンを押すと「advanced configuration」用のダイアログが表示されます。このダイアログは上級ユーザのためのもので、適切なデフォルトが設定されているために通常ユーザが変更する必要のないような基本的なパラメータを変更することができます。 ┌─┬────────────────────────┬─┬─┬─┐ │　│idn wrapper - Advanced Configuration │＿│□│×│ ├─┴────────────────────────┴─┴─┴─┤ │ IDN Wrapping Mode │ │ ○Wrap both WINSOCK 1.1 and WINSOCK 2.0 │ │ ○Wrap only WINSOCK 1.1 │ │ ○Wrap only WINSOCK 2.0 │ │ ○Wrap only WINSOCK 2.0 if it exists. │ │ Otherwise wrap only WINSOCK 1.1 │ ├────────────────────────────────┤ │ IDN Configuration │ │ ┌─────────────────┐┌────┐│ │ Log File:│ ││Browse..││ │ └─────────────────┘└────┘│ │ ┌───┐ │ │ │ Edit │ │ │ └───┘ │ ├────────────────────────────────┤ │ ┌────┐┌────┐│ │ │ OK ││ Cancel ││ │ └────┘└────┘│ └────────────────────────────────┘ このダイアログを使用して、次の3種類の設定を行うことができます。 Wrapping Mode ラップ方法を設定します。通常はデフォルトで設定されている項目を選択しておけばよいはずですが、問題が起ったときには別の項目にすると動くようになるかもしれません。 IDN Configuration コンフィギュレーションファイル名を指定します。また "Edit" ボタンを押すことにより、ファイルの内容を編集することも可能です。 4. 制限事項 4.1. DLL バージョンラッパーDLL は、元のWINSOCK のDLL のバージョンに強く依存します。これは、非公開のエントリも含めてすべてのエントリを提供する必要があるためです。このためWINSOCK DLL のバージョンが変わると、idn wrapper が動作しなくなる可能性があります。今回作成されたidn wrapper は、 Win2000 (WINSOCK 1.1 + 2.0) WinME (WINSOCK 1.1 + 2.0) で動作を確認しています。ただ、将来にわたって動作する保証はありません。 4.2. DNS, WINS, LMHOSTS Windows では、DNS だけではなく、WINSやLMHOSTS によってもドメイン名、ホスト名の解決が行なわれます。idn wrapper を使った場合には、ドメイン名の変換が、これらの方式へのディスパッチを行なう場所よりも上位層で行なわれるので、これらのすべての方式について、ドメイン名、ホスト名の変換が行なわれることになります。このため、Windows が、WINSやLMHOSTS を使っている場合には、予期しない問題が発生する可能性があります。これについては、idn wrapper を使う場合には、名前解決にDNS だけを使用することをお勧めします。 3.3. ドメイン名以外の名前の解決 WINSOCK 2.0 の名前解決API WSALookupServiceBeginA WSALookupServiceNextA WSALookupServiceEnd は、ドメイン名以外でも使用できる、汎用の名前解決用のAPI として定義されています。現時点では、これらはもっぱらドメイン名の解決で使用されていますが、他の名前(例えばサービス名)の解決にも使用できることになっています。 idn wrapper は、名前の対象の如何にかかわらず、名前のエンコーディングを変換してしまうので、これらのAPI が、ドメイン名以外の解決に使われている場合には、問題を引き起こす可能性があります。 4.4. 名前解決API を使わないプログラムアプリケーションによっては、ドメイン名の解決にこれらのAPI を使用しないものもあります。例えば、'nslookup'は、これらのAPI を使用しないで、直接DNS サーバと通信してしまいます。このようなアプリケーションについては、idn wrapper は役に立ちません。 4.5. 特定WINSOCK DLL にバインドされたアプリケーションアプリケーションによっては、標準のDLL サーチパスに従わないで、特定のパスのDLL にバインドされているものがあります。よく使われるプログラムの中では、Netscape Communicator がそうなっています。このようなプログラムについては、標準のインストール／コンフィギュレーションではラップすることはできません。このようなプログラムについて、どうしてもラップする必要があるなら、システムディレクトリへのインストールを行なうことができます。ただし、このインストールは大変危険で、場合によってはシステムを再起動不能にしてしまう可能性もあります。 5. レジストリ設定 - まとめ 5.1. レジストリの優先順位 idn wrapper の設定情報は、HKEY_LOCAL_MACHINE、HKEY_CURRENT_USERの Software\JPNIC\IDN 以下に格納されます。idn wrapperは最初にHKEY_LOCAL_MACHINEの設定を読み込み、HKEY_CURRENT_USER側にも設定があれば、これで上書きします。通常は、HKEY_LOCAL_MACHINE 側だけを設定します。ユーザ個別に異なった設定を使いたい場合のみ、HKEY_CURRENT_USERを設定するようにしてください。なお、コンフィギュレーションプログラムは HKEY_LOCAL_MACHINE の設定だけを読み書きするようになっています。 4.2. レジストリキー全体の共通の設定と、プログラム個別設定とがあります。＿共通定義 Software\JPNIC\IDN\InstallDir インストールディレクトリ Software\JPNIC\IDN\Where 変換位置 0:WINSOCK1.1 WINSOCK2.0の両方で 1:WINSOCK2.0 があればそちらで 2:WINSOCK1.1 だけで 3:WINSOCK2.0 だけで Software\JPNIC\IDN\ConfFile idnkit の設定ファイル Software\JPNIC\IDN\LogLevel ログレベル Software\JPNIC\IDN\LogFile ログファイル＿プログラム個別設定変換位置、およびプログラム側のエンコーディングはプログラム毎に特定することもできます。これらは、以下のキーハイブの下に、プログラム名をキーとする値で設定します。 Software\JPNIC\IDN\PerProg\\Where Software\JPNIC\IDN\PerProg\\Encoding 指定されていない場合には、 Where 0 1.1、2.0 の両方で変換 Encoding プロセスのコードページとみなします。 ======================================================================== * bind-9.11.4-P2/doc/arm/README-SGML ======================================================================== Copyright (C) Internet Systems Consortium, Inc. ("ISC") See COPYRIGHT in the source root or http://isc.org/copyright.html for terms. The BIND v9 ARM master document is now kept in DocBook 5 XML format. Most of the ARM is in the single file "Bv9ARM-book.xml", with certain other files included into it: - dlz.xml - dnssec.xml - libdns.xml - logging-categories.xml - managed-keys.xml - notes.xml - pkcs11.xml - BIND man pages All of the published ARM formats - HTML, PDF, etc - are generated from this master source. The file "notes.xml" contains the release notes for the current release. In addition to being included in the ARM as an appendix, it is also built into a stand-alone document: "notes.pdf" and "notes.html". Building these these files requires DocBook 5 and dblatex. These are available as packages in many OS distributes; in debian, for example: $ sudo apt-get install docbook5-xml docbook-xml docbook-xsl-ns \ docbook-utils dblatex To build all documentation, run "make doc". When committing changes or submitting patches, it is only necessary to edit the XML source (i.e., the files with ".docbook" or ".xml" suffixes); the files in HTML and man page format are built from the XML source by a cron job. If you are familiar with SGML or HTML, editing the DocBook XML is quite straightforward. You only need to know what the tags are and how to use them. You can find a good resource either for this either online or in printed form: DocBook: The Definitive Guide By Norman Walsh and Leonard Muellner ISBN: 156592-580-7 1st Edition, October 1999 Copyright (C) 1999 by O'Reilly & Associates, Inc. All rights reserved. The book is available online in HTML format: http://docbook.org/ After editing documentation, it is useful to check the correctness of the XML; this can be done using the "xmllint" utility. ======================================================================== * bind-9.11.4-P2/lib/isc/include/pk11/README.site ======================================================================== Copyright (C) Internet Systems Consortium, Inc. ("ISC") See COPYRIGHT in the source root or http://isc.org/copyright.html for terms. How to use site.h for the PKCS#11 provider of your HSM ------------------------------------------------------ First run "pkcs11-tokens" (in bin/pkcs11). This tool is built when BIND9 is configured with the --with-pcks11 flag. It prints the addresses of selected tokens per algorithm: - random number generation - RSA (sign/verify) - DSA (sign/verify) - DH (secret derivation) - digest (hash) - EC (ECDSA, sign/verify) - GOST (Russian hash and sign/verify) - AES (encrypt/decrypt) ...and a summary of PKCS#11 tokens that have been found. Current well-known HSMs are predefined in site.h according to HSM "flavors": - Thales nCipher (default) - OpenDNSSEC SoftHSMv2 ...and with experimental status: - OpenDNSSEC SoftHSMv1 with SHA224 support added - Cryptech - AEP Keyper If BIND9 is configured with native PKCS#11 support (--enable-native-pkcs11), then pkcs11-tokens will raise an error when a mandatory algorithm is not supported. (The usual error is 0x70, or CKR_MECHANISM_INVALID; 0x0 indicates that a required flag is not available.) The following steps may be taken, depending on which algorithms indicate failures: - rand or RSA: nothing can be done; native PKCS#11 is not supported in BIND9 with this HSM. - DSA or DH: run pkcs11-tokens with the -v (verbose) flag. If the parameter generation mechanism is not supported you can make the token selection to ignore the error. Note DSA and DH are not critical algorithms; you can use BIND9 in production without them. - digest: run pkcs11-tokens with the -v (verbose) flag. If the problem is with HMAC mechanisms, use the corresponding REPLACE flags in site.h. If the problem is with MD5, use the corresponding DISABLE flag in site.h. If the problem is with SHA224, contact the implementor of the PKCS#11 provider and ask to have this hash algorithm implemented. For any other problem, nothing can be done; native PKCS#11 is not supported with this HSM. - EC: you may wish to configure BIND9 without ECDSA support by adding --without-ecdsa to the "configure" arguments. - GOST: you SHOULD configure BIND9 without GOST support by adding --without-gost to the "configure" arguments. - AES: you MUST reconfigure bind9 without AES support by adding --without-aes to configure arguments. You can disable some algorithms (e.g. DSA, DH and MD5) using the "disable-algorithms" option in named.conf, and some other algorithms can be disabled at compile time (ECDSA, GOST, AES). Note, however, that disabling algorithms can have unwanted side effects; for instance, disabling DH breaks TKEY support. A final note: the DISABLE flags in site.h work for OpenSSL code too, but this feature is not officially supported yet and should not be relied on. ======================================================================== * bind-9.11.4-P2/win32utils/readme1st.txt ======================================================================== Copyright (C) Internet Systems Consortium, Inc. ("ISC") See COPYRIGHT in the source root or http://isc.org/copyright.html for terms. NOTES ON BIND 9.10 FOR WINDOWS: BIND 9.10 is known to run on Windows XP, Vista, Windows 7, and Windows Server 2003 and higher. KIT INSTALLATION: Unpack the kit into any convenient directory and run the BINDInstall program. This will install the named and associated programs into the correct directories and set up the required registry keys. Usually BINDInstall must be run by/as Administrator or it can fail to operate on the filesystem or the registery or even return messages like 'A referral was returned from the server". The best way to avoid this kind of problems on Windows 7 or newer is: - open a "file explorer" aka finder windows - goes where the distribution was expanded - click right on the BINDInstall application - open "Properties" (last) menu - open "Compatibility" (second) tab - check on the (last) "Run this program as an administrator" Unfortunately this is not saved by zip (or any archiver?) as it is a property saved in the Registry. BINDInstall requires that you install it under an account with restricted privileges. The installer will prompt you for an account name (the default is "named") and a password for that account. It will also check for the existence of that account. If it does not exist is will create it with only the privileges required to run BIND. If the account does exist it will check that it has only the one privilege required: "Log on as a service". If it has too many privileges it will prompt you if you want to continue. With BIND running under an account name, it is necessary for all files and directories that BIND uses to have permissions set up for the named account if the files are on an NTFS disk. BIND requires that the account have read and write access to the directory for the pid file, any files that are maintained either for slave zones or for master zones supporting dynamic updates. The account will also need read access to the named.conf and any other file that it needs to read. "NT AUTHORITY\LocalService" is also an acceptable account (and the only acceptable on some recent versions of Windows). This account is built into Windows and no password is required. Appropriate file permissions will also need to be set for "NT AUTHORITY\LocalService" similar to those that would have been required for the "named" account. It is important that on Windows the directory directive is used in the options section to tell BIND where to find the files used in named.conf (default "%ProgramFiles%\ISC BIND 9\etc\named.conf"). For example: options { directory "C:\Program Files (x86)\ISC BIND 9\etc"; }; for a 32 bit BIND on a 64 bit US Domestic Windows system. Messages are logged to the Application log in the EventViewer. CONTROLLING BIND: Windows uses the same rndc program as is used on Unix systems. The rndc.conf file must be configured for your system in order to work. You will need to generate a key for this. To do this use the rndc-confgen program. The program will be installed in the same directory as named: "%ProgramFiles%\ISC BIND 9\bin". From the DOS prompt, use the command this way: rndc-confgen -a which will create a rndc.key file in the "%ProgramFiles%\ISC BIND 9\etc" directory. This will allow you to run rndc without an explicit rndc.conf file or key and control entry in named.conf file. See section 3.4.1.2 of the ARM for details of this. An rndc.conf can also be generated by running: rndc-confgen > rndc.conf which will create the rndc.conf file in the current directory, but not copy it to the "%ProgramFiles%\ISC BIND 9\etc" directory where it needs to reside. If you create rndc.conf this way you will need to copy the same key statement into named.conf. The additions look like the following: key "rndc-key" { algorithm hmac-sha256; secret "xxxxxxxxx=="; }; controls { inet 127.0.0.1 port 953 allow { localhost; } keys { "rndc-key"; }; }; Note that the value of the secret must come from the key generated above for rndc and must be the same key value for both. Details of this may be found in section 3.4.1.2 of the ARM. If you have rndc on a Unix box you can use it to control BIND on the Windows box as well as using the Windows version of rndc to control a BIND 9 daemon on a Unix box. However you must have key statements valid for the servers you wish to control, specifically the IP address and key in both named.conf and rndc.conf. Again see section 3.4.1.2 of the ARM for details. In order to run rndc from a different system it is important to ensure that the clocks are synchronized. The clocks must be kept within 5 minutes of each other or the rndc commands will fail authentication. Use NTP or other time synchronization software to keep your clocks accurate. NTP can be found at http://www.ntp.org/. In addition BIND is installed as a win32 system service, can be started and stopped in the same way as any other service and automatically starts whenever the system is booted. Signals are not supported and are in fact ignored. Note: Unlike most Windows applications, named does not, change its working directory when started as a service. If you wish to use relative files in named.conf you will need to specify a working directory using the directory directive options. DOCUMENTATION: This kit includes Documentation in HTML format. The documentation is not copied during the installation process so you should move it to any convenient location for later reference. Of particular importance is the BIND 9 Administrator's Reference Manual (Bv9ARM*.html) which provides detailed information on BIND 9. In addition, there are HTML pages for each of the BIND 9 applications. INCLUDED TOOLS: The following tools have been built for Windows: dig, nslookup, host, nsupdate, ddns-confgen, rndc, rndc-confgen, delv, mdig, named-checkconf, named-checkzone, named-compilezone, named-journalprint, named-rrchecker, dnssec-importkey, dnssec-keygen, dnssec-signzone, dnssec-dsfromkey, dnssec-keyfromlabel, dnssec-revoke, dnssec-settime and dnssec-verify. The latter tools are for use with DNSSEC. All tools are installed in the "%ProgramFiles%\ISC BIND 9\bin" directory. IMPORTANT NOTE ON USING THE TOOLS: It is no longer necessary to create a resolv.conf file on Windows as the tools will look in the registry for the required name server information. However, if you do create a resolv.conf file as follows, the tools will use it in preference to the registry name server entries. Place resolv.conf the "%ProgramFiles%\ISC BIND 9\etc" directory. It must contain a list of recursive server addresses. The format of this file is: nameserver 1.2.3.4 nameserver 5.6.7.8 Replace the above IP addresses with the real name server addresses. 127.0.0.1 is a valid address if you are running a recursive name server on the localhost. PROBLEMS: Please report bugs at https://gitlab.isc.org/isc-projects/bind9. Other questions can go to the bind-users@isc.org mailing list. ======================================================================== * bind-9.11.4-P2/COPYRIGHT ======================================================================== Copyright (C) 1996-2018 Internet Systems Consortium, Inc. ("ISC") This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. ----------------------------------------------------------------------------- Portions of this code release fall under one or more of the following Copyright notices. Please see individual source files for details. For binary releases also see: OpenSSL-LICENSE. Copyright (C) 1996-2001 Nominum, Inc. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ----------------------------------------------------------------------------- Copyright (C) 1995-2000 by Network Associates, Inc. Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ----------------------------------------------------------------------------- Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. The development of Dynamically Loadable Zones (DLZ) for Bind 9 was conceived and contributed by Rob Butler. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ----------------------------------------------------------------------------- Copyright (c) 1987, 1990, 1993, 1994 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ----------------------------------------------------------------------------- Copyright (C) The Internet Society 2005. This version of this module is part of RFC 4178; see the RFC itself for full legal notices. (The above copyright notice is per RFC 3978 5.6 (a), q.v.) ----------------------------------------------------------------------------- Copyright (c) 2004 Masarykova universita (Masaryk University, Brno, Czech Republic) All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ----------------------------------------------------------------------------- Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan (Royal Institute of Technology, Stockholm, Sweden). All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the Institute nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ----------------------------------------------------------------------------- Copyright (c) 1998 Doug Rabson All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ----------------------------------------------------------------------------- Copyright ((c)) 2002, Rice University All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of Rice University (RICE) nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. This software is provided by RICE and the contributors on an "as is" basis, without any representations or warranties of any kind, express or implied including, but not limited to, representations or warranties of non-infringement, merchantability or fitness for a particular purpose. In no event shall RICE or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage. ----------------------------------------------------------------------------- Copyright (c) 1993 by Digital Equipment Corporation. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies, and that the name of Digital Equipment Corporation not be used in advertising or publicity pertaining to distribution of the document or software without specific, written prior permission. THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ----------------------------------------------------------------------------- Copyright 2000 Aaron D. Gifford. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the copyright holder nor the names of contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ----------------------------------------------------------------------------- Copyright (c) 1998 Doug Rabson. Copyright (c) 2001 Jake Burkholder. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ----------------------------------------------------------------------------- Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the project nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ----------------------------------------------------------------------------- Copyright (c) 1999-2000 by Nortel Networks Corporation Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND NORTEL NETWORKS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NORTEL NETWORKS BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ----------------------------------------------------------------------------- Copyright (c) 2000-2002 Japan Network Information Center. All rights reserved. By using this file, you agree to the terms and conditions set forth bellow. LICENSE TERMS AND CONDITIONS The following License Terms and Conditions apply, unless a different license is obtained from Japan Network Information Center ("JPNIC"), a Japanese association, Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda, Chiyoda-ku, Tokyo 101-0047, Japan. 1. Use, Modification and Redistribution (including distribution of any modified or derived work) in source and/or binary forms is permitted under this License Terms and Conditions. 2. Redistribution of source code must retain the copyright notices as they appear in each source code file, this License Terms and Conditions. 3. Redistribution in binary form must reproduce the Copyright Notice, this License Terms and Conditions, in the documentation and/or other materials provided with the distribution. For the purposes of binary distribution the "Copyright Notice" refers to the following language: "Copyright (c) 2000-2002 Japan Network Information Center. All rights reserved." 4. The name of JPNIC may not be used to endorse or promote products derived from this Software without specific prior written approval of JPNIC. 5. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY JPNIC "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JPNIC BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. ----------------------------------------------------------------------------- Copyright (C) 2004 Nominet, Ltd. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND NOMINET DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ----------------------------------------------------------------------------- Portions Copyright RSA Security Inc. License to copy and use this software is granted provided that it is identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)" in all material mentioning or referencing this software. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)" in all material mentioning or referencing the derived work. RSA Security Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind. ----------------------------------------------------------------------------- Copyright (c) 1996, David Mazieres Copyright (c) 2008, Damien Miller Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ----------------------------------------------------------------------------- Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact licensing@OpenSSL.org. 5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project. 6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ----------------------------------------------------------------------------- Copyright (c) 1995, 1997, 1998 The NetBSD Foundation, Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ----------------------------------------------------------------------------- Copyright (C) 2008-2011 Red Hat, Inc. Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND Red Hat DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL Red Hat BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ----------------------------------------------------------------------------- Copyright (c) 2013-2014, Farsight Security, Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ----------------------------------------------------------------------------- Copyright (c) 2014 by Farsight Security, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ======================================================================== * bind-9.11.4-P2/LICENSE ======================================================================== Mozilla Public License, version 2.0 1. Definitions 1.1. "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. "Contributor Version" means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor's Contribution. 1.3. "Contribution" means Covered Software of a particular Contributor. 1.4. "Covered Software" means Source Code Form to which the initial Contributor has attached the notice in Exhibit A, the Executable Form of such Source Code Form, and Modifications of such Source Code Form, in each case including portions thereof. 1.5. "Incompatible With Secondary Licenses" means a. that the initial Contributor has attached the notice described in Exhibit B to the Covered Software; or b. that the Covered Software was made available under the terms of version 1.1 or earlier of the License, but not also under the terms of a Secondary License. 1.6. "Executable Form" means any form of the work other than Source Code Form. 1.7. "Larger Work" means a work that combines Covered Software with other material, in a separate file or files, that is not Covered Software. 1.8. "License" means this document. 1.9. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently, any and all of the rights conveyed by this License. 1.10. "Modifications" means any of the following: a. any file in Source Code Form that results from an addition to, deletion from, or modification of the contents of Covered Software; or b. any new file in Source Code Form that contains any Covered Software. 1.11. "Patent Claims" of a Contributor means any patent claim(s), including without limitation, method, process, and apparatus claims, in any patent Licensable by such Contributor that would be infringed, but for the grant of the License, by the making, using, selling, offering for sale, having made, import, or transfer of either its Contributions or its Contributor Version. 1.12. "Secondary License" means either the GNU General Public License, Version 2.0, the GNU Lesser General Public License, Version 2.1, the GNU Affero General Public License, Version 3.0, or any later versions of those licenses. 1.13. "Source Code Form" means the form of the work preferred for making modifications. 1.14. "You" (or "Your") means an individual or a legal entity exercising rights under this License. For legal entities, "You" includes any entity that controls, is controlled by, or is under common control with You. For purposes of this definition, "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. 2. License Grants and Conditions 2.1. Grants Each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license: a. under intellectual property rights (other than patent or trademark) Licensable by such Contributor to use, reproduce, make available, modify, display, perform, distribute, and otherwise exploit its Contributions, either on an unmodified basis, with Modifications, or as part of a Larger Work; and b. under Patent Claims of such Contributor to make, use, sell, offer for sale, have made, import, and otherwise transfer either its Contributions or its Contributor Version. 2.2. Effective Date The licenses granted in Section 2.1 with respect to any Contribution become effective for each Contribution on the date the Contributor first distributes such Contribution. 2.3. Limitations on Grant Scope The licenses granted in this Section 2 are the only rights granted under this License. No additional rights or licenses will be implied from the distribution or licensing of Covered Software under this License. Notwithstanding Section 2.1(b) above, no patent license is granted by a Contributor: a. for any code that a Contributor has removed from Covered Software; or b. for infringements caused by: (i) Your and any other third party's modifications of Covered Software, or (ii) the combination of its Contributions with other software (except as part of its Contributor Version); or c. under Patent Claims infringed by Covered Software in the absence of its Contributions. This License does not grant any rights in the trademarks, service marks, or logos of any Contributor (except as may be necessary to comply with the notice requirements in Section 3.4). 2.4. Subsequent Licenses No Contributor makes additional grants as a result of Your choice to distribute the Covered Software under a subsequent version of this License (see Section 10.2) or under the terms of a Secondary License (if permitted under the terms of Section 3.3). 2.5. Representation Each Contributor represents that the Contributor believes its Contributions are its original creation(s) or it has sufficient rights to grant the rights to its Contributions conveyed by this License. 2.6. Fair Use This License is not intended to limit any rights You have under applicable copyright doctrines of fair use, fair dealing, or other equivalents. 2.7. Conditions Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in Section 2.1. 3. Responsibilities 3.1. Distribution of Source Form All distribution of Covered Software in Source Code Form, including any Modifications that You create or to which You contribute, must be under the terms of this License. You must inform recipients that the Source Code Form of the Covered Software is governed by the terms of this License, and how they can obtain a copy of this License. You may not attempt to alter or restrict the recipients' rights in the Source Code Form. 3.2. Distribution of Executable Form If You distribute Covered Software in Executable Form then: a. such Covered Software must also be made available in Source Code Form, as described in Section 3.1, and You must inform recipients of the Executable Form how they can obtain a copy of such Source Code Form by reasonable means in a timely manner, at a charge no more than the cost of distribution to the recipient; and b. You may distribute such Executable Form under the terms of this License, or sublicense it under different terms, provided that the license for the Executable Form does not attempt to limit or alter the recipients' rights in the Source Code Form under this License. 3.3. Distribution of a Larger Work You may create and distribute a Larger Work under terms of Your choice, provided that You also comply with the requirements of this License for the Covered Software. If the Larger Work is a combination of Covered Software with a work governed by one or more Secondary Licenses, and the Covered Software is not Incompatible With Secondary Licenses, this License permits You to additionally distribute such Covered Software under the terms of such Secondary License(s), so that the recipient of the Larger Work may, at their option, further distribute the Covered Software under the terms of either this License or such Secondary License(s). 3.4. Notices You may not remove or alter the substance of any license notices (including copyright notices, patent notices, disclaimers of warranty, or limitations of liability) contained within the Source Code Form of the Covered Software, except that You may alter any license notices to the extent required to remedy known factual inaccuracies. 3.5. Application of Additional Terms You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Software. However, You may do so only on Your own behalf, and not on behalf of any Contributor. You must make it absolutely clear that any such warranty, support, indemnity, or liability obligation is offered by You alone, and You hereby agree to indemnify every Contributor for any liability incurred by such Contributor as a result of warranty, support, indemnity or liability terms You offer. You may include additional disclaimers of warranty and limitations of liability specific to any jurisdiction. 4. Inability to Comply Due to Statute or Regulation If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Software due to statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be placed in a text file included with all distributions of the Covered Software under this License. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it. 5. Termination 5.1. The rights granted under this License will terminate automatically if You fail to comply with any of its terms. However, if You become compliant, then the rights granted under this License from a particular Contributor are reinstated (a) provisionally, unless and until such Contributor explicitly and finally terminates Your grants, and (b) on an ongoing basis, if such Contributor fails to notify You of the non-compliance by some reasonable means prior to 60 days after You have come back into compliance. Moreover, Your grants from a particular Contributor are reinstated on an ongoing basis if such Contributor notifies You of the non-compliance by some reasonable means, this is the first time You have received notice of non-compliance with this License from such Contributor, and You become compliant prior to 30 days after Your receipt of the notice. 5.2. If You initiate litigation against any entity by asserting a patent infringement claim (excluding declaratory judgment actions, counter-claims, and cross-claims) alleging that a Contributor Version directly or indirectly infringes any patent, then the rights granted to You by any and all Contributors for the Covered Software under Section 2.1 of this License shall terminate. 5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or Your distributors under this License prior to termination shall survive termination. 6. Disclaimer of Warranty Covered Software is provided under this License on an "as is" basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the Covered Software is free of defects, merchantable, fit for a particular purpose or non-infringing. The entire risk as to the quality and performance of the Covered Software is with You. Should any Covered Software prove defective in any respect, You (not any Contributor) assume the cost of any necessary servicing, repair, or correction. This disclaimer of warranty constitutes an essential part of this License. No use of any Covered Software is authorized under this License except under this disclaimer. 7. Limitation of Liability Under no circumstances and under no legal theory, whether tort (including negligence), contract, or otherwise, shall any Contributor, or anyone who distributes Covered Software as permitted above, be liable to You for any direct, indirect, special, incidental, or consequential damages of any character including, without limitation, damages for lost profits, loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses, even if such party shall have been informed of the possibility of such damages. This limitation of liability shall not apply to liability for death or personal injury resulting from such party's negligence to the extent applicable law prohibits such limitation. Some jurisdictions do not allow the exclusion or limitation of incidental or consequential damages, so this exclusion and limitation may not apply to You. 8. Litigation Any litigation relating to this License may be brought only in the courts of a jurisdiction where the defendant maintains its principal place of business and such litigation shall be governed by laws of that jurisdiction, without reference to its conflict-of-law provisions. Nothing in this Section shall prevent a party's ability to bring cross-claims or counter-claims. 9. Miscellaneous This License represents the complete agreement concerning the subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not be used to construe this License against a Contributor. 10. Versions of the License 10.1. New Versions Mozilla Foundation is the license steward. Except as provided in Section 10.3, no one other than the license steward has the right to modify or publish new versions of this License. Each version will be given a distinguishing version number. 10.2. Effect of New Versions You may distribute the Covered Software under the terms of the version of the License under which You originally received the Covered Software, or under the terms of any subsequent version published by the license steward. 10.3. Modified Versions If you create software not governed by this License, and you want to create a new license for such software, you may create and use a modified version of this License if you rename the license and remove any references to the name of the license steward (except to note that such modified license differs from this License). 10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses If You choose to distribute Source Code Form that is Incompatible With Secondary Licenses under the terms of this version of the License, the notice described in Exhibit B of this License must be attached. Exhibit A - Source Code Form License Notice This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. If it is not possible or desirable to put the notice in a particular file, then You may include the notice in a location (such as a LICENSE file in a relevant directory) where a recipient would be likely to look for such a notice. You may add additional accurate notices of copyright ownership. Exhibit B - "Incompatible With Secondary Licenses" Notice This Source Code Form is "Incompatible With Secondary Licenses", as defined by the Mozilla Public License, v. 2.0. ======================================================================== * bind-9.11.4-P2/contrib/idn/idnkit-1.0-src/LICENSE.txt ======================================================================== Copyright (c) 2000-2002 Japan Network Information Center. All rights reserved. By using this file, you agree to the terms and conditions set forth bellow. LICENSE TERMS AND CONDITIONS The following License Terms and Conditions apply, unless a different license is obtained from Japan Network Information Center ("JPNIC"), a Japanese association, Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda, Chiyoda-ku, Tokyo 101-0047, Japan. 1. Use, Modification and Redistribution (including distribution of any modified or derived work) in source and/or binary forms is permitted under this License Terms and Conditions. 2. Redistribution of source code must retain the copyright notices as they appear in each source code file, this License Terms and Conditions. 3. Redistribution in binary form must reproduce the Copyright Notice, this License Terms and Conditions, in the documentation and/or other materials provided with the distribution. For the purposes of binary distribution the "Copyright Notice" refers to the following language: "Copyright (c) 2000-2002 Japan Network Information Center. All rights reserved." 4. The name of JPNIC may not be used to endorse or promote products derived from this Software without specific prior written approval of JPNIC. 5. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY JPNIC "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JPNIC BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. ======================================================================== * bind-9.11.4-P2/doc/xsl/copyright.xsl ========================================================================

This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.

======================================================================== * bind-9.11.4-P2/unit/atf-src/COPYING ======================================================================== Redistribution terms Automated Testing Framework =========================================================================== License ******* Copyright (c) 2007, 2008, 2009, 2010, 2011, 2012 The NetBSD Foundation, Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Copyright 2011, 2012 Google Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of Google Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Relicensed code *************** The following code snippets have been taken from other projects. Even though they were not originally licensed under the terms above, the original authors have agreed to relicense their work so that this project can be distributed under a single license. This section is put here just to clarify this fact. * configure.ac, Makefile.am: The original versions were derived from the ones in the XML Catalog Manager project, version 2.2. Author: Julio Merino * atf-c/ui.c: The format_paragraph and format_text functions were derived form the ones in the Monotone project, revision 3a0982da308228d796df35f98d787c5cff2bb5b6. Author: Julio Merino * atf-c++/detail/io.hpp, atf-c++/detail/io.cpp, atf-c++/detail/io_test.cpp: These files were derived from the file_handle, systembuf, pipe and pistream classes and tests found in the Boost.Process library. Author: Julio Merino * admin/check-style.sh, admin/check-style-common.awk, admin/check-style-cpp.awk, admin/check-style-shell.awk: These files, except the first one, were first implemented in the Buildtool project. They were later adapted to be part of Boost.Process and, during that process, the shell script was created. Author: Julio Merino =========================================================================== vim: filetype=text:textwidth=75:expandtab:shiftwidth=2:softtabstop=2