--- a/components/bind/Solaris/migration.txt Wed Apr 02 07:43:35 2014 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1341 +0,0 @@
-Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-See COPYRIGHT in the source root or http://isc.org/copyright.html for
-terms.
-
- BIND 8 to BIND 9 Migration Notes
- includes BIND 9.2.4 to BIND 9.3.4 changes
-
-
-BIND 9 is designed to be mostly upwards compatible with BIND 8, but
-there is still a number of caveats you should be aware of when
-upgrading an existing BIND 8 installation to use BIND 9.
-
-Introduction
-------------
-
-This document provides information about differences between BIND 8 and
-BIND 9. BIND 9 is upwards compatible with most BIND 8 features. However,
-there are still a number of caveats you should be aware of when upgrading
-an existing BIND 8 installation to use BIND 9. Be sure to read this
-entire document before installing and using BIND 9.
-
-This document contains the following sections:
- * Section A, 1-7 Overview of Differences Between BIND 8 and BIND 9
- * Section 8 BIND 9 name server and the Service Management Facility
- * Appendix I Implementing rndc
- * Appendix II BIND 9 Commands, Options, Files, and Tools
- * Appendix III The named.conf Options
-
-Additional information and documentation about BIND 9, including an
-Administrator Reference Manual (ARM) is available on the ISC web site
-at http://www.isc.org
-
-The words "named", "DNS server", "name server" and "BIND 9 server"
-are used interchangeably to denote the Internet Systems Consortium
-BIND version 9 DNS server throughout this document.
-
-Overview of Differences Between BIND 8 and BIND 9
--------------------------------------------------
-
-Below is a list of changes between BIND 8 and BIND 9, including brief
-descriptions. For more detailed information, see the appropriate
-subsection for each item.
-
-Configuration File Compatibility, Section 1.0
- * unimplemented options warning message 1.1
- * "transfer-format" option changes 1.1
- * configuration file errors 1.2
- * logging categories have changed 1.3
- * configuration file startup errors 1.3
- * "query-source" is deprecated 1.4
- * multiple classes change 1.5
-
-Zone File Compatibility, Section 2.0
- * stricter rules for TTLs in zone file 2.1
- * SOA serial number changes 2.2
- * unbalanced quotes cause errors 2.3
- * line breaks, syntax change 2.4
- * use /$ instead of $$ in domain names 2.5
-
-Interoperability Impact of New Protocol
-Features, Section 3.0
- * EDNS0 new in BIND 9 3.1
- * zone transfers default change 3.2
-
-Unrestricted Character Set, Section 4.0
- * no restrictions on character set 4.0
- * security issue, improper naming 4.0
-
-Server Administration Tools, Section 5.0
- * the rndc program replaces ndc 5.1
- * nsupdate: changes in multiple updates 5.2
-
-No Information Leakage Between Zones, Section 6.0
- * glue NS records handled differently 6.0
-
-Umask Not Modified, Section 7.0
- * possible umask permissions issues 7.0
-
-
-
-1. Configuration File Compatibility
-
-1.1. Unimplemented Options and Changed Defaults
-
-The BIND 9 name server supports most, but not all, of the configuration
-options of the BIND 8 name server. For a complete list of implemented
-options, see Appendix III of this document.
-
-If your named.conf file uses an unimplemented option, the BIND 9 name
-server will log a warning message. A message is also logged about each
-option whose default has changed unless the option is set explicitly
-in named.conf.
-
-The default of the "transfer-format" option has changed from
-"one-answer" to "many-answers". If you have slave servers that do
-not understand the "many-answers" zone transfer format (e.g., BIND
-4.9.5 and older) you need to explicitly specify
-"transfer-format one-answer;" in either the options block or a
-server statement.
-
-1.2. Handling of Configuration File Errors
-
-In BIND 9, named refuses to start if it detects an error in
-named.conf. Earlier versions would start despite errors, causing
-the server to run with a partial configuration. Errors detected
-during subsequent reloads do not cause the server to exit.
-
-Errors in master files do not cause the server to exit, but they
-do cause the zone not to load.
-
-1.3. Logging
-
-The set of logging categories in BIND 9 is different from that
-in BIND 8. If you have customized your logging on a per-category
-basis, you need to modify your logging statement to use the
-new categories.
-
-Another difference is that the "logging" statement only takes effect
-after the entire named.conf file has been read. This means that when
-the server starts up, any messages about errors in the configuration
-file are always logged to the default destination (syslog) when the
-server first starts up, regardless of the contents of the "logging"
-statement. In BIND 8, the new logging configuration took effect
-immediately after the "logging" statement was read.
-
-1.4. Notify Messages and Refresh Queries
-
-The source address and port for these is now controlled by
-"notify-source" and "transfer-source", respectively, rather than
-"query-source" as in BIND 8.
-
-1.5. Multiple Classes
-
-Multiple classes have to be put into explicit views for each class.
-
-
-2. Zone File Compatibility
-
-2.1. Strict RFC1035 Interpretation of TTLs in Zone Files
-
-BIND 9 strictly complies with the RFC1035 and RFC2308 rules regarding
-omitted time-to-live (TTL) entries in zone files. Omitted TTLs are
-replaced by the value specified with the $TTL directive, or by the
-previous explicit TTL if there is no $TTL directive.
-
-If there is no $TTL directive and the first Resource Record (RR) in the
-file does not have an explicit TTL field, the zone file is illegal
-according to RFC1035 since the TTL of the first RR is undefined.
-Unfortunately, BIND 4 and many versions of BIND 8 accept such files
-without warning and use the value of the SOA MINTTL field as a default
-for missing TTL values.
-
-Earlier versions of BIND 9 refused to load such files. However, BIND
-9.2.4 loads the files anyway (provided the SOA is the first record
-in the file), but will issue a TTL warning message.
-
-To avoid problems, we recommend that you use a $TTL directive in each
-zone file.
-
-2.2. Periods in SOA Serial Numbers Deprecated
-
-Some versions of BIND allow SOA serial numbers with an embedded
-period, like "3.002", and convert them into integers in a rather
-unintuitive way. This feature is not supported by BIND 9; serial
-numbers must be integers.
-
-2.3. Handling of Unbalanced Quotes
-
-TXT records with unbalanced quotes, like 'host TXT "foo', were not
-treated as errors in some versions of BIND. If your zone files
-contain such records, you will get potentially confusing error
-messages like "unexpected end of file" because BIND 9 will interpret
-everything up to the next quote character as a literal string.
-
-2.4. Handling of Line Breaks
-
-Some versions of BIND accept RRs containing line breaks that are not
-properly quoted with parentheses, like the following SOA:
-
- @ IN SOA ns.example. hostmaster.example.
- ( 1 3600 1800 1814400 3600 )
-
-This is not legal master file syntax and will be treated as an error
-by BIND 9. The fix is to move the opening parenthesis to the first
-line.
-
-2.5. Unimplemented BIND 8 Extensions
-
-$GENERATE: The "$$" construct for getting a literal $ into a domain
-name is deprecated. Use \$ instead.
-
-2.6. TXT records are no longer automatically split.
-
-Some versions of BIND accepted strings TXT RDATA that contained more
-than 255 characters and silently split them in to multiple RDATA
-records to comply with protocol. This feature has been removed, and
-the following error is produced upon reading these records:
- "dns_rdata_fromtext: local.db:119: ran out of space"
-To address split the string in the zone data file at or before the 255
-character in to two or more TXT records.
-
-3. Interoperability Impact of New Protocol Features
-
-3.1. EDNS0
-
-BIND 9 uses EDNS0 (RFC2671) to advertise its receive buffer size. It
-also sets an EDNS flag bit in queries to indicate that it wishes to
-receive DNSSEC responses; this flag bit usage is not yet standardised,
-but we hope it will be.
-
-Most older servers that do not support EDNS0, including prior versions
-of BIND, will send a FORMERR or NOTIMP response to these queries.
-When this happens, BIND 9 will automatically retry the query without
-EDNS0.
-
-Unfortunately, there exists at least one non-BIND name server
-implementation that silently ignores these queries instead of sending
-an error response. Resolving names in zones where all or most
-authoritative servers use this server will be very slow or fail
-completely. The manufacturer of the name server is working on a
-solution.
-
-When BIND 9 communicates with a server that does support EDNS0, such
-as another BIND 9 server, responses of up to 4096 bytes may be
-transmitted as a single UDP datagram which is subject to fragmentation
-at the IP level. If a firewall incorrectly drops IP fragments, it can
-cause resolution to slow down dramatically or fail.
-
-3.2. Zone Transfers
-
-Outgoing zone transfers now use the "many-answers" format by default.
-This format is not understood by certain old versions of BIND 4.
-You can work around this problem using the option "transfer-format
-one-answer;", but since these old versions all have known security
-problems, the correct fix is to upgrade the slave servers.
-
-Zone transfers to Windows 2000 DNS servers sometimes fail due to a
-bug in the Windows 2000 DNS server where DNS messages larger than
-16K are not handled properly. Obtain the latest service pack for
-Windows 2000 from Microsoft to address this issue. In the meantime,
-the problem can be worked around by setting "transfer-format
-one-answer;".
-http://support.microsoft.com/default.aspx?scid=kb;en-us;297936
-
-4. Unrestricted Character Set
-
-BIND 9 does not restrict the character set of domain names; it is
-fully 8-bit clean in accordance with RFC2181 section 11.
-
-It is strongly recommended that hostnames published in the DNS follow
-the RFC952 rules, but BIND 9.2.4 and above will not enforce this
-restriction.
-
-Historically, some applications have suffered from security flaws
-where data originating from the network, such as names returned by
-gethostbyaddr(), are used with insufficient checking and may cause a
-breach of security when containing unexpected characters; see
-<http://www.cert.org/advisories/CA-96.04.corrupt_info_from_servers.html>
-for details. Some earlier versions of BIND attempt to protect these
-flawed applications from attack by discarding data containing
-characters deemed inappropriate in host names or mail addresses, under
-the control of the "check-names" option in named.conf and/or "options
-no-check-names" in resolv.conf. BIND 9.2.4 provided no such
-protection; advice was that applications with these flaws should be
-upgraded. Subsequently however, BIND 9.3.x implements 'check-names'.
-
-
-5. Server Administration Tools
-
-5.1 ndc Replaced by rndc
-
-The "ndc" program has been replaced by "rndc", which is capable of
-remote operation. Unlike ndc, rndc requires a configuration file.
-The easiest way to generate a configuration file is to run
-"rndc-confgen -a"; see the man pages for rndc(1M), rndc-confgen(1M),
-and rndc.conf(5) for details. While upgrading from previous Solaris
-releases to Solaris 10, the upgrade process will detect if a
-/etc/rndc.key or /etc/rndc.conf file exists. If neither file is
-found, it runs "rndc-confgen -a" and generates /etc/rndc.key
-so that rndc can be run with a local DNS name server without
-further user intervention.
-
-More information about rndc is available in "Implementing rndc",
-later in this document.
-
-
-
-5.2. nsupdate Differences
-
-The BIND 8 implementation of nsupdate had an undocumented feature
-where an update request would be broken down into multiple requests
-based upon the discovered zones that contained the records. This
-behaviour has not been implemented in BIND 9. Each update request
-must pertain to a single zone, but it is still possible to do
-multiple updates in a single invocation of nsupdate by terminating
-each update with an empty line or a "send" command.
-
-
-6. No Information Leakage Between Zones
-
-BIND 9 stores the authoritative data for each zone in a separate data
-structure, as recommended in RFC1035 and as required by DNSSEC and
-IXFR. When a BIND 9 server is authoritative for both a child zone
-and its parent, it will have two distinct sets of NS records at the
-delegation point: the authoritative NS records at the child's apex,
-and a set of glue NS records in the parent.
-
-BIND 8 was unable to properly distinguish between these two sets of
-NS records and would "leak" the child's NS records into the parent,
-effectively causing the parent zone to be silently modified: responses
-and zone transfers from the parent contained the child's NS records
-rather than the glue configured into the parent (if any). In the
-case of children of type "stub", this behaviour was documented as a
-feature, allowing the glue NS records to be omitted from the parent
-configuration.
-
-Sites that were relying on this BIND 8 behaviour need to add any
-omitted glue NS records, and any necessary glue A records, to the
-parent zone.
-
-Although stub zones can no longer be used as a mechanism for
-injecting NS records into their parent zones, they are still useful
-as a way of directing queries for a given domain to a particular
-set of name servers.
-
-
-7. Umask Not Modified
-
-The BIND 8 named unconditionally sets the umask to 022. BIND 9 does
-not; the umask inherited from the parent process remains in effect.
-This may cause files created by named, such as journal files, to be
-created with different file permissions than they did in BIND 8. If
-necessary, the umask should be set explicitly in the script used to
-start the named process.
-
-8. BIND 9 name server and the Service Management Facility
-
-The DNS BIND 9 named(1M) service can be managed by using the Service
-Management Facility (SMF). For more information, see the smf(5) man
-page. The SUNWbindr package provides the BIND 9 service manifest
-and must be installed.
-
-When you use SMF, the following items apply.
-
-- Administrative actions on this service, such as enabling, disabling,
-or restarting, can be performed by using the svcadm(1M) command.
-
-- The default Fault Managed Resource Identifier (FMRI) for the BIND 9
-DNS server is svc:/network/dns/server. The FMRI for the DNS client is
-svc:/network/dns/client.
-
-- You can query the state of the BIND 9 DNS service by using svcs(1).
- For example:
-
- # svcs svc:network/dns/server:default
- STATE STIME FMRI
- online 16:24:04 svc:/network/dns/server:default
-
-The upgrade to Solaris 10 will detect an existing /etc/named.conf file
-and enable the BIND 9 service to startup after the upgrade is completed
-and the system is rebooted.
-
-To start the BIND 9 DNS service on a Solaris 10 system:
-
-a. Create/Copy a valid /etc/named.conf file.
-b. Verify that the SUNWbind and SUNWbindr packages, including any
- required packages are installed correctly.
-c. Enable the default service instance using svcadm(1M). For example:
- # svcadm enable svc:network/dns/server:default
-
-While it is recommended that you use svcadm(1M) to administer the server,
-you can use rndc(1M) as well. SMF is aware of the state change of the BIND
-9 named service, whether administered by using svcadm(1M) or rndc(1M).
-
-NOTE: smf(5) will not be aware of the BIND 9 named(1M) service
-if the service is manually executed from the command line.
-
-NOTE: rndc(1M) is not able to stop the service when used in a chroot(2)
-environment under smf(1M) control.
-
-8.1 Name Server SMF Properties
-
-Relevant named(1M) options for use with smf(1) may be applied using
-service application properties:
-
- - options/configuration_file
-
- Specifies the configuration file to be used instead of
- the default /etc/named.conf. To ensure that reloading
- the configuration file continues to work after the server
- has changed its working directory due to to a possible
- directory option in the configuration file, the
- configuration file should be an absolute pathname. The
- configuration pathname should not include the chroot_dir
- pathname. This property is synonymous to the -c option.
-
- - options/ip_interfaces
-
- specifies which IP transport BIND will transmit on.
- Possible values are 'IPv4' or 'IPv6'. Any other setting
- assumes 'all', the default. This property is synonymous
- to command line option '-4' or '-6'
-
- - options/listen_on_port
-
- Specifies the default UDP and TCP port which will be used
- to listen for DNS requests. This property is synonymous
- to command line option '-p port'.
-
-
- - options/debug_level
-
- Specifies the default debug level. The default is 0; no
- debugging. The Higher the number the more verbose debug
- information becomes. Synonymous to command line option
- '-d debug-level'.
-
- - options/threads
-
- Specifies the number of cpu worker threads to create.
- The default of 0 causes named to try and determine the
- number of CPUs present and create one thread per
- CPU. Synonymous to command line option '-n #cpus'.
-
- - options/chroot_dir
-
- Specifies the directory to be used as the root directory
- after processing SMF properties and the command line
- arguments but before reading the configuration file. Use
- this property when using a chroot(2) environment.
- Synonymous to command line option '-t <pathname>'.
-
- When using chroot(2) named is unable to disable its self
- when receiving rndc(1M) stop or halt commands and you must
- instead use the svcadm(1M) disable command.
-
-- options/server
-
- Specifies an alternative execution path. If unset then the
- default server /usr/sbin/named is assumed.
-
-The following examples show how the application properties may be used:
-
- Example 1: Configuring named(1m) in future to only transmit
- over IPv4 networks:
-
- # svccfg -s svc:network/dns/server:default setprop \
- options/ip_interfaces=IPv4
- # svcadm refresh svc:network/dns/server:default
- # scvadm restart svc:network/dns/server:default
-
- Example 2: List current configuration file and change to
- an alternative file:
-
- # svcprop -p options/configuration_file dns/server:default
- ""
- # svccfg -s dns/server:default setprop \
- options/configuration_file=/var/named/named.conf
- # svcadm refresh dns/server:default
- # svcprop -p options/configuration_file dns/server:default
- /var/named/named.conf
- # scvadm restart svc:network/dns/server:default
-
-The dns/server smf_method(5) script converts the application properties
-to the relevant command line option.
-
-Changing the "start method" property of the BIND 9 service is no longer
-recommended as was stated here previously.
-
-For more information about the Service Management Facility, refer to
-"Managing Services (Overview)" in System Administration Guide: Basic
-Administration, available on http://docs.sun.com. Also refer to smf(5),
-svcs(1), svcadm(1M), svccfg(1M) man pages and the BIND 9 name service
-manifest server.xml in /lib/svc/manifest/network/dns.
-
-
- *************************************
-
-
- APPENDICES I-III
-
-
-Appendix I. Implementing rndc
- -----------------
-
-The BIND 8 ndc(1M) and BIND 9 rndc(1M) name server control tools are
-NOT backward compatible: rndc can't talk to the BIND 8 name server
-and ndc can't talk to the BIND 9 name server. Features, options,
-default modes of operation, and configuration file requirements
-have changed.
-
-
-Ia. The rndc.conf Configuration File
- --------------------------------
-
-The most significant difference between ndc in BIND 8 and rndc in BIND 9
-is that rndc needs its own configuration file, rndc.conf. This file can
-be generated by rndc-confgen(1M) commands. The rndc.conf file specifies
-which server controls and what algorithm the server should use. Note that
-the /etc/rndc.conf and matching /etc/named.conf information is only needed
-when using rndc to manage a remote BIND 9 name server. If rndc is only
-used to manage a local BIND 9 name server, the /etc/rndc.key is sufficient.
-
- Sample rndc.conf File
- ---------------------
-
- options {
- default-server localhost;
- default-key "rndc-key";
- };
-
- key "rndc-key" {
- algorithm hmac-md5;
- secret "qPWZ3Ndl81aBRY9AmJhVtU==";
- };
-
-
- Sample named.conf File Entry for rndc
- -------------------------------------
-
- controls {
- inet * allow { any; } keys { "rndc-key"; };
- };
-
- key "rndc-key" {
- algorithm hmac-md5;
- secret "qPWZ3Ndl81aBRY9AmJhVtU==";
- };
-
-
-
-Ib. Differences in the Control Channels
- -----------------------------------
-
-Both the ndc(1M) and the rndc(1M) utilities use a control channel to
-send commands to and retrieve information from a name server. However,
-there are differences between the utilities.
-
- * In BIND 8, ndc can use AF_UNIX domain sockets (UNIX control
- channel) or TCP/IP sockets (inet control channel). By default, ndc
- does not need any support in /etc/named.conf, because BIND 8
- servers use a UNIX domain socket with a path (/var/run/ndc.d/ndc)
- compiled into in.named.
-
-In BIND 9, rndc uses an authenticated TCP/IP inet control channel,
-by default and is not backward compatible with BIND 8.
-
- * When using rndc, you need to specify a 'key' clause to communicate
- with the name server. It is mandatory that the BIND 9 server and
- the rndc client share the same key. Using the BIND 8 controls
- entry in BIND 9 will result in an error message.
-
- * Some command options have changed from the ndc to the rndc
- implementation. This includes the "-c" option, which has a
- different syntax in BIND 9. Therefore, to specify the control
- channel in BIND 9, use "rndc -s <server> -p <port>".
-
-
-Ic. Commands of BIND 9.3 rndc
- ---------------------------
- reload Reload configuration file and zones.
- reload zone [class [view]] Reload a single zone.
- refresh zone [class [view]] Schedule immediate maintenance
- for a zone.
- retransfer zone [class [view]] Retransfer a single zone without
- checking serial number.
- freeze zone [class [view]]** Suspend updates to a dynamic zone.
- thaw zone [class [view]]** Enable updates to a frozen dynamic
- zone and reload it.
- reconfig Reload configuration file and new
- zones only.
- stats Write server statistics to the
- statistics file.
- querylog Toggle query logging.
- dumpdb [-all|-cache|-zones] [view ...]**
- Dump cache(s) to the dump file
- (named_dump.db).
- stop [-p]** Save pending updates to master files
- and stop the server; report process
- number if -p provided.
- halt [-p]** Stop the server without saving
- pending updates; report process
- number if -p provided
- trace Increment debugging level by one.
- trace level Change the debugging level.
- notrace Set debugging level to 0.
- flush Flushes all of the server's caches.
- flush [view] Flushes the server's cache for a view.
- status Display status of the server.
- recursing** Dump the queries that are currently
- recursing (named.recursing)
- restart* Restart the server.
-
- * = not yet implemented
- ** = New command or option in bind 9.3.
-
-
-Appendix II BIND 9 Commands, Files, Tools, and Options
- ------------------------------------------
-
-IIa. Comparison of BIND 8 and BIND 9 Commands and Files
- --------------------------------------------------
-
-The table below compares BIND 8 and BIND 9 commands and
-configuration files. BIND 9 man pages install in /usr/man.
-
- -------------------------------------------------
- | BIND 8 Command | BIND 9.3 replacement |
- -------------------------------------------------
- | dnskeygen(1M) | dnssec-keygen(1M) |
- | ndc(1M) | rndc(1M) |
- | named-bootconf(1M) | NONE NEEDED |
- | nsupdate(1M) | nsupdate(1M) |
- | nslookup(1M) | nslookup(1M) |
- | named-xfer(1M) | NONE NEEDED |
- | in.named(1M) | named(1M) |
- | named.conf(4) | named.conf* |
- | dig(1M) | dig(1M) |
- -------------------------------------------------
-
-* A detailed named.conf man page was not included with BIND 9 originally.
-Appendix III includes a summary of the named.conf options that are
-supported in BIND 9.3.x at this time.
-
-
- IIb. BIND 9 Tools and Configuration Files
- ------------------------------------
-
-The following BIND 9.3 tools are available in the SUNWbind
-package and installed in /usr/sbin:
-
- named
- nsupdate
- rndc
- dnssec-keygen
- nslookup
- dig
- dnssec-signzone
- named-checkconf
- named-checkzone
- rndc-confgen
- host
-
-The following BIND 9.3 configuration files are supported.
-
- /etc/rndc.conf
-
-
-IIc. Descriptions of Command and Option Changes from 8.x to 9.x
- ----------------------------------------------------------
-
-Listed below are BIND 8 features/interfaces that are not supported in
-the equivalent BIND 9 binary. This is not intended to be an exhaustive
-list of the options, command line options or features for any BIND 9.x
-command.
-
-1. in.named(1M): DNS Name server in.named command line options.
-
- In the BIND 9.3 name server, the "-g group_name", "-q", "-r" and "-w
- directory" options are not supported, and "-c config_file" replaces
- the BIND 8.x "-b config_file". See the named man page for further
- details.
-
-2. dnssec-keygen: dnskeygen(1M) in BIND 8.x and dnssec-keygen from BIND
- 9.2.x and above, have no common options. See the dnssec-keygen man
- page or further details.
-
-3. rndc(1M): See Appendix I in this document.
-
-4. nsupdate(1M): in BIND 9.2.x and above, the syntax of the "-k" option
- changes in nsupdate. Instead of "-k keydir::keyname" the syntax is now
- "-k keyfile". The only other difference is that whereas a blank line was
- used to signal sending the input to the server, an explicit "send"
- sub-command is now used to do the same. See the nsupdate man page for
- further details.
-
-5. nslookup(1M): the following options are unsupported in the
- BIND 9.2.x and above version.
-
- help, host server, set ignoretc, set noignoretc,
- set srch[list]=N1[/N2/.../N6], set ro[ot]=host, root,
- finger [USER], ls [opt] DOMAIN [> FILE].
-
-6. named.conf: several options are unsupported, not implemented or
- have changed defaults. For a list of the option changes and a
- summary of all named.conf options, see Appendix III.
-
-IId. Differences in BIND 9.3 from BIND 9.2
- -------------------------------------
-
-BIND 9.3 provides several changes from BIND 9.2, including but
-not limited to:
-
-1. DNSSEC tools provided by BIND 9.2.4 are not compatible with BIND 9.3.4
- and are replaced where applicable. Specifically, DNSSEC-bis
- functionality removes the need for dnssec-signkey(1M) and
- dnssec-makekeyset(1M); dnssec-keygen(1M) and dnssec-signzone(1M) now
- provide alternative functionality.
-
-2. dig(1M) and nslookup(1M) now report "Not Implemented" as NOTIMP rather
- than NOTIMPL. This will have impact on scripts that are looking for
- NOTIMPL.
-
-3. named(1M): BIND server process includes new command line options to
- overcome certain operating environment issues; CR 6320428. These
- options are:
-
- * '-4' specifies to only send queries on IPv4 interfaces
- * '-6' specifies to only send queries on IPv6 interfaces.
-
- named(1M) by default will reject master zone files where hostnames
- or mail domain names have invalid syntax or characters. The rules
- for legal hostnames / mail domains are derived from RFC 952 and RFC
- 821 as modified by RFC 1123.
-
- * Corrective action should be to change the host names with
- illegal syntax or characters, such as underscore (_)
- characters. Use "named-checkconf -z /etc/named.conf" to check
- validity of the named configuration file and any zone files
- referenced by it.
-
- To aid migration the default functionality may be
- overridden using the check-names option of named.conf. For
- example to allow zones with name failures to load but log
- warning messages (as is the default for slave (secondary)
- zones) modify or add an option statement to named.conf:
-
- options {
- check-names master warn;
- };
-
- named(1M) no longer provides the following functionality:
-
- * Inverse IPv6 queries to the obsolete ip6.int domain. The
- ip6.arpa domain is obsoleted by the ip6.int domain. See RFC
- 3596.
-
- * IPv6 does not forward A6 lookups, deprecated by RFC 3363
-
- * IPv6 "bitstring" not supported, primary will refuse to load zone
- files with binary labels. Deprecated by rfc3363.
-
- * Zones containing MD (Mail Destination) and MF (Mail Forwarder)
- will now be rejected. The MD and MF resource record (RR) types
- were originally introduced in RFC 882 and subsequently obsoleted
- in RFC 1035 by the MX RR.
-
-4. named.conf: Has additional options:
-
- * allow-update-forwarding
- * alt-transfer-source
- * alt-transfer-source-v6
- * avoid-v4-udp-ports
- * avoid-v6-udp-ports
- * check-names: Validate names in zones (from BIND 8).
- * disable-algorithms
- * dnssec-enable
- * dnssec-lookaside
- * dnssec-must-be-secure
- * dual-stack-servers: provides IPv4/IPv6 transition support.
- * edns-udp-size: Set advertised EDNS UDP size.
- * flush-zones-on-shutdown
- * hostname (chaos)'
- * ixfr-from-differences: use IXFR deltas when loading master files.
- * masters: define masters for a zone.
- * max-journal-size: specify the size of a journal
- * multi-master
- * querylog
- * server-id (chaos)
- * Server statement grammar includes:
- * transfer-source
- * transfer-source-v6
- * tcp-listen-queue
- * use-alt-transfer-source
- * zone statement grammar:
- * multi-master
- * key-directory
-
- named.conf removed options:
-
- * allow-v6-synthesis: Obsolete. Caused named to translate ip6.int
- requests to ip6.arpa requests. As the ip6.int domain is now
- obsolete this option has been removed.
-
- * zone-statistics has been removed from the 'view' statement.
-
-5. dig(1M) has new command line options:
- -4: use IPv4 query transport only
- -6: use IPv6 query transport only
- +[no]aaflag: Set AA flag in query (+[no]aaflag)
- +[no]cl: Control display of class in records
- +[no]ttlid: Control display of ttls in records
- +tries=#: Set number of UDP attempts [3]
- +retry=#: Set number of UDP retries [2]
-
-6. named.checkconf(1M) has new options:
- -z: Perform a check load of the master zone files found in named.conf.
- -j: When loading a zonefile read the journal if it exists.
-
-7. named-checkzone(1M) has new options:
- -k mode: Perform "check-name" checks with the specified failure mode.
- -n mode: Check NS records are addresses, mode is warn, fail or ignore.
- -o filename: Write zone output to filename.
- -t directory: chroot to directory, useful for include statements.
- -w directory: chdir to directory, useful for include statements.
- -D: Dump zone file in canonical format.
-
-8. rndc(1M) has several new subcommands including:
- freeze, thaw, flushname and recursing (see above).
- Several subcommands have new options namely stop, halt and dumpdb.
-
-9. nsupdate(1M) generates SIG(0) signed messages.
-
-
-Appendix III The named.conf Options
- ----------------------
-
-IIIa. Changes in the Options Section
- ------------------------------
-
-The following list compares the named.conf options between BIND 8
-and BIND 9. It also provides a brief description of the change.
-"OK" denotes the option works unchanged for the BIND 9 named.
-
- options {
- [ version version_string; ] OK
- [ directory path_name; ] OK
- [ named-xfer path_name; ] Obsolete (*1)
- [ dump-file path_name; ] OK
- [ memstatistics-file path_name; ] Not Implemented
- [ pid-file path_name; ] OK
- [ statistics-file path_name; ] OK
- [ auth-nxdomain yes_or_no; ] OK (*2)
- [ dialup yes_or_no; ] OK
- [ fake-iquery yes_or_no; ] Obsolete
- [ fetch-glue yes_or_no; ] Obsolete
- [ has-old-clients yes_or_no; ] Obsolete
- [ host-statistics yes_or_no; ] Not Implemented
- [ host-statistics-max number; ] Not Implemented
- [ multiple-cnames yes_or_no; ] Obsolete
- [ notify yes_or_no | explicit; ] OK
- [ recursion yes_or_no; ] OK
- [ rfc2308-type1 yes_or_no; ] Not Implemented
- [ use-id-pool yes_or_no; ] Obsolete
- [ treat-cr-as-space yes_or_no; ] Obsolete
- [ also-notify yes_or_no; ] Syntax Changed (*3)
- [ forward ( only | first ); ] OK (*4)
- [ forwarders { in_addr ; \
- [ in_addr ; ... ] }; ] OK (*5)
- [ check-names ( master | slave | \
- response ) ( warn | fail | ignore); ] OK (*8)
- [ allow-query { address_match_list }; ] OK
- [ allow-recursion { address_match_list }; ] OK
- [ allow-transfer { address_match_list }; ] OK
- [ blackhole { address_match_list }; ] OK
- [ listen-on [ port ip_port ] \
- { address_match_list }; ] OK
- [ query-source [ address ( ip_addr | * ) ] \
- [ port ( ip_port | * ) ] ; ] OK
- [ lame-ttl number; ] OK
- [ max-transfer-time-in number; ] OK
- [ max-ncache-ttl number; ] OK
- [ min-roots number; ] Not Implemented
- [ transfer-format ( one-answer | \
- many-answers ); ] OK (*6)
- [ transfers-in number; ] OK
- [ transfers-out number; ] OK
- [ transfers-per-ns number; ] OK
- [ transfer-source ip_addr; ] OK
- [ maintain-ixfr-base yes_or_no; ] Obsolete
- [ max-ixfr-log-size number; ] Obsolete (*7)
- [ coresize size_spec ; ] OK
- [ datasize size_spec ; ] OK
- [ files size_spec ; ] OK
- [ stacksize size_spec ; ] OK
- [ cleaning-interval number; ] OK
- [ heartbeat-interval number; ] OK
- [ interface-interval number; ] OK
- [ statistics-interval number; ] Not Implemented
- [ topology { address_match_list }; ] Not Implemented
- [ sortlist { address_match_list }; ] OK
- [ rrset-order { order_spec ; \
- [ order_spec ; ... ] }; ] Not Implemented
- };
-
-(*1) Obsolete due to architectural differences.
-(*2) Default set to yes in BIND 8, no in BIND 9.
-(*3) Needs an IP address for "yes".
-(*4) Doesn't work if no forwarder specified; Gives an error of "no
- matching 'forwarders' statement" in that case.
-(*5) See [ forward ] clause
-(*6) Default set to one-answer in BIND 8 and many-answers in BIND 9.
-(*7) No need for this option as BIND 9 trims the size of its
- log file automatically.
-(*8) Implemented in BIND 9.3.4
-
-
-IIIb. Statements in BIND 9
- --------------------
-
-The Controls Statement
-----------------------
- Syntax
- controls {
- [ inet ip_addr
- port ip_port
- allow { address_match_list; }; ] OK
- [ unix path_name
- perm number
- owner number
- group number; ] Not Implemented
- };
-
- Note: "unix" is the default for ndc(1M) and all of the arguments
- are compiled in.
-
- "inet" is the only option for rndc and nothing is compiled in.
-
- Logging syntax has changed significantly. See section IIIc for a
- list of named.conf options.
-
-
-The Zone Statement
-------------------
- The syntax for the zone statement in the BIND 8 named.conf man page
- is mostly supported for BIND 9 except for the following:
-
- [ pubkey number number number string; ] Obsolete
-
-
-The ACL Statement
------------------
- Syntax
- acl name {
- address_match_list
- };
-
- Works unchanged in BIND 9.
-
-
-The Key Statement
------------------
- Syntax
- key key_id {
- algorithm algorithm_id;
- secret secret_string;
- };
-
- Works unchanged in BIND 9.
-
-
-The Trusted-Keys Statement
---------------------------
- Syntax
- trusted-keys {
- [ domain_name flags protocol algorithm key; ]
- };
-
- Works unchanged, however the code to use this
- statement has been turned off in BIND 9.2.4.
-
-
-The Server Statement
---------------------
- Syntax
- server ip_addr {
- [ bogus yes_or_no; ]
- [ transfers number; ]
- [ transfer-format ( one-answer | many-answers ); ]
- [ keys { key_id [ key_id ... ] }; ]
- [ edns yes_or_no; ]
- };
-
- "support-ixfr" is obsolete, however all of the above options work
- unchanged in BIND 9. Note the default for transfer-format has changed.
-
-
-The Include Statement
----------------------
- Syntax
- include path_name;
-
- Works unchanged in BIND 9.
-
-
-
-
-IIIc. Summary of the named.conf Options
- ---------------------------------
-
-A detailed named.conf man page was not included with BIND 9 originally.
-Following is a summary of the named.conf options that are
-supported in BIND 9.3.6
-
-acl string { address_match_element; ... };
-
-key domain_name {
- algorithm string;
- secret string;
-};
-
-masters string [ port integer ] {
- ( masters | ipv4_address [port integer] |
- ipv6_address [port integer] ) [ key string ]; ...
-};
-
-server ( ipv4_address | ipv6_address ) {
- bogus boolean;
- edns boolean;
- provide-ixfr boolean;
- request-ixfr boolean;
- keys server_key;
- transfers integer;
- transfer-format ( many-answers | one-answer );
- transfer-source ( ipv4_address | * )
- [ port ( integer | * ) ];
- transfer-source-v6 ( ipv6_address | * )
- [ port ( integer | * ) ];
- support-ixfr boolean; // obsolete
-};
-
-trusted-keys {
- domain_name flags protocol algorithm key; ...
-};
-
-controls {
- inet ( ipv4_address | ipv6_address | * )
- [ port ( integer | * ) ]
- allow { address_match_element; ... }
- [ keys { string; ... } ];
- unix unsupported; // not implemented
-};
-
-logging {
- channel string {
- file log_file;
- syslog optional_facility;
- null;
- stderr;
- severity log_severity;
- print-time boolean;
- print-severity boolean;
- print-category boolean;
- };
- category string { string; ... };
-};
-
-options {
- avoid-v4-udp-ports { port; ... };
- avoid-v6-udp-ports { port; ... };
- blackhole { address_match_element; ... };
- coresize size;
- datasize size;
- directory quoted_string;
- cache-file quoted_string; // test option
- dump-file quoted_string;
- files size;
- heartbeat-interval integer;
- host-statistics boolean; // not implemented
- host-statistics-max number; // not implemented
- hostname ( quoted_string | none );
- interface-interval integer;
- listen-on [ port integer ] { address_match_element; ... };
- listen-on-v6 [ port integer ] { address_match_element; ... };
- match-mapped-addresses boolean;
- memstatistics-file quoted_string;
- pid-file ( quoted_string | none );
- port integer;
- querylog boolean;
- recursing-file quoted_string;
- reserved-sockets integer;
- random-device quoted_string;
- recursive-clients integer;
- serial-query-rate integer;
- server-id ( quoted_string | none );
- stacksize size;
- statistics-file quoted_string;
- statistics-interval integer; // not yet implemented
- tcp-clients integer;
- tcp-listen-queue integer;
- tkey-dhkey quoted_string integer;
- tkey-gssapi-credential quoted_string;
- tkey-domain quoted_string;
- transfers-per-ns integer;
- transfers-in integer;
- transfers-out integer;
- use-ixfr boolean;
- version ( quoted_string | none );
- allow-recursion { address_match_element; ... };
- sortlist { address_match_element; ... };
- topology { address_match_element; ... }; // not implemented
- auth-nxdomain boolean; // default changed
- minimal-responses boolean;
- recursion boolean;
- rrset-order {
- [ class string ] [ type string ]
- [ name quoted_string ] string string; ...
- };
- provide-ixfr boolean;
- request-ixfr boolean;
- rfc2308-type1 boolean; // not yet implemented
- additional-from-auth boolean;
- additional-from-cache boolean;
- query-source [ address ( ipv4_address | * ) ] [ port ( integer | * ) ];
- query-source-v6 [ address ( ipv6_address | * ) ] [ port ( integer | * ) ];
- cleaning-interval integer;
- min-roots integer; // not implemented
- lame-ttl integer;
- max-ncache-ttl integer;
- max-cache-ttl integer;
- transfer-format ( many-answers | one-answer );
- max-cache-size size_no_default;
- check-names ( master | slave | response )
- ( fail | warn | ignore );
- cache-file quoted_string;
- suppress-initial-notify boolean; // not yet implemented
- preferred-glue string;
- dual-stack-servers [ port integer ] {
- ( quoted_string [port integer] |
- ipv4_address [port integer] |
- ipv6_address [port integer] ); ...
- }
- edns-udp-size integer;
- root-delegation-only [ exclude { quoted_string; ... } ];
- disable-algorithms string { string; ... };
- dnssec-enable boolean;
- dnssec-lookaside string trust-anchor string;
- dnssec-must-be-secure string boolean;
- dialup dialuptype;
- ixfr-from-differences ixfrdiff;
- allow-query { address_match_element; ... };
- allow-transfer { address_match_element; ... };
- allow-update-forwarding { address_match_element; ... };
- notify notifytype;
- notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
- notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
- also-notify [ port integer ] { ( ipv4_address | ipv6_address )
- [ port integer ]; ... };
- allow-notify { address_match_element; ... };
- forward ( first | only );
- forwarders [ port integer ] {
- ( ipv4_address | ipv6_address ) [ port integer ]; ...
- };
- max-journal-size size_no_default;
- max-transfer-time-in integer;
- max-transfer-time-out integer;
- max-transfer-idle-in integer;
- max-transfer-idle-out integer;
- max-retry-time integer;
- min-retry-time integer;
- max-refresh-time integer;
- min-refresh-time integer;
- multi-master boolean;
- sig-validity-interval integer;
- transfer-source ( ipv4_address | * )
- [ port ( integer | * ) ];
- transfer-source-v6 ( ipv6_address | * )
- [ port ( integer | * ) ];
- alt-transfer-source ( ipv4_address | * )
- [ port ( integer | * ) ];
- alt-transfer-source-v6 ( ipv6_address | * )
- [ port ( integer | * ) ];
- use-alt-transfer-source boolean;
- zone-statistics boolean;
- key-directory quoted_string;
- allow-v6-synthesis { address_match_element; ... }; // obsolete
- deallocate-on-exit boolean; // obsolete
- fake-iquery boolean; // obsolete
- fetch-glue boolean; // obsolete
- has-old-clients boolean; // obsolete
- maintain-ixfr-base boolean; // obsolete
- max-ixfr-log-size size; // obsolete
- multiple-cnames boolean; // obsolete
- named-xfer quoted_string; // obsolete
- serial-queries integer; // obsolete
- treat-cr-as-space boolean; // obsolete
- use-id-pool boolean; // obsolete
-};
-
-view string optional_class {
- match-clients { address_match_element; ... };
- match-destinations { address_match_element; ... };
- match-recursive-only boolean;
- key string {
- algorithm string;
- secret string;
- };
- zone string optional_class {
- ...
- };
- server ( ipv4_address | ipv6_address ) {
- ...
- };
- trusted-keys {
- string integer integer integer quoted_string; ...
- };
- allow-recursion { address_match_element; ... };
- sortlist { address_match_element; ... };
- topology { address_match_element; ... }; // not implemented
- auth-nxdomain boolean; // default changed
- minimal-responses boolean;
- recursion boolean;
- rrset-order {
- [ class string ] [ type string ]
- [ name quoted_string ] string string; ...
- };
- provide-ixfr boolean;
- request-ixfr boolean;
- rfc2308-type1 boolean; // not yet implemented
- additional-from-auth boolean;
- additional-from-cache boolean;
- query-source [ address ( ipv4_address | * ) ] [ port ( integer | * ) ];
- query-source-v6 [ address ( ipv6_address | * ) ] [ port ( integer | * ) ];
- cleaning-interval integer;
- min-roots integer; // not implemented
- lame-ttl integer;
- max-ncache-ttl integer;
- max-cache-ttl integer;
- transfer-format ( many-answers | one-answer );
- max-cache-size size_no_default;
- check-names ( master | slave | response )
- ( fail | warn | ignore );
- cache-file quoted_string;
- suppress-initial-notify boolean; // not yet implemented
- preferred-glue string;
- dual-stack-servers [ port integer ] {
- ( quoted_string [port integer] |
- ipv4_address [port integer] |
- ipv6_address [port integer] ); ...
- };
- edns-udp-size integer;
- root-delegation-only [ exclude { quoted_string; ... } ];
- disable-algorithms string { string; ... };
- dnssec-enable boolean;
- dnssec-lookaside string trust-anchor string;
- dnssec-must-be-secure string boolean;
- dialup dialuptype;
- ixfr-from-differences ixfrdiff;
- allow-query { address_match_element; ... };
- allow-transfer { address_match_element; ... };
- allow-update-forwarding { address_match_element; ... };
- notify notifytype;
- notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
- notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
- also-notify [ port integer ] { ( ipv4_address | ipv6_address )
- [ port integer ]; ... };
- allow-notify { address_match_element; ... };
- forward ( first | only );
- forwarders [ port integer ] {
- ( ipv4_address | ipv6_address ) [ port integer ]; ...
- };
- max-journal-size size_no_default;
- max-transfer-time-in integer;
- max-transfer-time-out integer;
- max-transfer-idle-in integer;
- max-transfer-idle-out integer;
- max-retry-time integer;
- min-retry-time integer;
- max-refresh-time integer;
- min-refresh-time integer;
- multi-master boolean;
- sig-validity-interval integer;
- transfer-source ( ipv4_address | * )
- [ port ( integer | * ) ];
- transfer-source-v6 ( ipv6_address | * )
- [ port ( integer | * ) ];
- alt-transfer-source ( ipv4_address | * )
- [ port ( integer | * ) ];
- alt-transfer-source-v6 ( ipv6_address | * )
- [ port ( integer | * ) ];
- use-alt-transfer-source boolean;
- zone-statistics boolean;
- key-directory quoted_string;
- allow-v6-synthesis { address_match_element; ... }; // obsolete
- fetch-glue boolean; // obsolete
- maintain-ixfr-base boolean; // obsolete
- max-ixfr-log-size size; // obsolete
-};
-
-zone string optional_class {
- type ( master | slave | stub | hint |
- forward | delegation-only );
- file quoted_string;
- masters [ port integer ] {
- ( masters |
- ipv4_address [port integer] |
- ipv6_address [ port integer ] ) [ key string ]; ...
- };
- database string;
- delegation-only boolean;
- check-names ( fail | warn | ignore );
- dialup dialuptype;
- ixfr-from-differences boolean;
- allow-query { address_match_element; ... };
- allow-transfer { address_match_element; ... };
- allow-update { address_match_element; ... };
- allow-update-forwarding { address_match_element; ... };
- update-policy {
- ( grant | deny ) string
- ( name | subdomain | wildcard | self ) string
- rrtypelist; ...
- };
- notify notifytype;
- notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
- notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
- also-notify [ port integer ] { ( ipv4_address | ipv6_address )
- [ port integer ]; ... };
- allow-notify { address_match_element; ... };
- forward ( first | only );
- forwarders [ port integer ] {
- ( ipv4_address | ipv6_address ) [ port integer ]; ...
- };
- max-journal-size size_no_default;
- max-transfer-time-in integer;
- max-transfer-time-out integer;
- max-transfer-idle-in integer;
- max-transfer-idle-out integer;
- max-retry-time integer;
- min-retry-time integer;
- max-refresh-time integer;
- min-refresh-time integer;
- multi-master boolean;
- sig-validity-interval integer;
- transfer-source ( ipv4_address | * )
- [ port ( integer | * ) ];
- transfer-source-v6 ( ipv6_address | * )
- [ port ( integer | * ) ];
- alt-transfer-source ( ipv4_address | * )
- [ port ( integer | * ) ];
- alt-transfer-source-v6 ( ipv6_address | * )
- [ port ( integer | * ) ];
- use-alt-transfer-source boolean;
- zone-statistics boolean;
- key-directory quoted_string;
- ixfr-base quoted_string; // obsolete
- ixfr-tmp-file quoted_string; // obsolete
- maintain-ixfr-base boolean; // obsolete
- max-ixfr-log-size size; // obsolete
- pubkey integer integer integer quoted_string; // obsolete
-};
--- a/components/bind/bind.license Wed Apr 02 07:43:35 2014 -0700
+++ b/components/bind/bind.license Wed Apr 02 18:06:49 2014 +0100
@@ -1,4 +1,4 @@
-Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 1996-2003 Internet Software Consortium.
Permission to use, copy, modify, and/or distribute this software for any
@@ -13,8 +13,6 @@
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
-$Id$
-
Portions of this code release fall under one or more of the
following Copyright notices. Please see individual source
files for details.
@@ -99,11 +97,7 @@
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
- must display the following acknowledgement:
- This product includes software developed by the University of
- California, Berkeley and its contributors.
-4. Neither the name of the University nor the names of its contributors
+3. Neither the name of the University nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
@@ -516,3 +510,29 @@
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+
+Copyright (c) 1995, 1997, 1998 The NetBSD Foundation, Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+