9.8.2b1

parent a33438d6
--- 9.8.1-P1 released ---
--- 9.8.2b1 released ---
3234. [bug] 'make depend' produced invalid makefiles. [RT #26830]
3231. [bug] named could fail to send a uncompressable zone.
[RT #26796]
3230. [bug] 'dig axfr' failed to properly handle a multi-message
axfr with a serial of 0. [RT #26796]
3229. [bug] Fix local variable to struct var assignment
found by CLANG warning.
3228. [tuning] Dynamically grow symbol table to improve zone
loading performance. [RT #26523]
3227. [bug] Interim fix to make WKS's use of getprotobyname()
and getservbyname() self thread safe. [RT #26232]
3226. [bug] Address minor resource leakages. [RT #26624]
3221. [bug] Fixed a potential coredump on shutdown due to
referencing fetch context after it's been freed.
[RT #26720]
3220. [bug] Change #3186 was incomplete; dns_db_rpz_findips()
could fail to set the database version correctly,
causing an assertion failure. [RT #26180]
3218. [security] Cache lookup could return RRSIG data associated with
nonexistent records, leading to an assertion
failure. [RT #26590]
3217. [cleanup] Fix build problem with --disable-static. [RT #26476]
3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]
3213. [doc] Clarify ixfr-from-differences behavior. [RT #25188]
3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
list prior to adding a reference to it leading a
possible assertion failure. [RT #23219]
3209. [func] Add "dnssec-lookaside 'no'". [RT #24858]
3208. [bug] 'dig -y' handle unknown tsig alorithm better.
[RT #25522]
3207. [contrib] Fixed build error in Berkeley DB DLZ module. [RT #26444]
3206. [cleanup] Add ISC information to log at start time. [RT #25484]
3204. [bug] When a master server that has been marked as
unreachable sends a NOTIFY, mark it reachable
again. [RT #25960]
3203. [bug] Increase log level to 'info' for validation failures
from expired or not-yet-valid RRSIGs. [RT #21796]
3200. [doc] Some rndc functions were undocumented or were
missing from 'rndc -h' output. [RT #25555]
3198. [doc] Clarified that dnssec-settime can alter keyfile
permissions. [RT #24866]
3196. [bug] nsupdate: return nonzero exit code when target zone
doesn't exist. [RT #25783]
3195. [cleanup] Silence "file not found" warnings when loading
managed-keys zone. [RT #26340]
3194. [doc] Updated RFC references in the 'empty-zones-enable'
documentation. [RT #25203]
3193. [cleanup] Changed MAXZONEKEYS to DNS_MAXZONEKEYS, moved to
dnssec.h. [RT #26415]
3192. [bug] A query structure could be used after being freed.
[RT #22208]
3191. [bug] Print NULL records using "unknown" format. [RT #26392]
3190. [bug] Underflow in error handling in isc_mutexblock_init.
[RT #26397]
3189. [test] Added a summary report after system tests. [RT #25517]
3188. [bug] zone.c:zone_refreshkeys() could fail to detach
references correctly when errors occurred, causing
a hang on shutdown. [RT #26372]
3187. [port] win32: support for Visual Studio 2008. [RT #26356]
3186. [bug] Version/db mis-match in rpz code. [RT #26180]
3179. [port] kfreebsd: build issues. [RT #26273]
3175. [bug] Fix how DNSSEC positive wildcard responses from a
NSEC3 signed zone are validated. Stop sending a
unnecessary NSEC3 record when generating such
responses. [RT #26200]
3174. [bug] Always compute to revoked key tag from scratch.
[RT #26186]
3173. [port] Correctly validate root DS responses. [RT #25726]
3171. [bug] Exclusively lock the task when adding a zone using
'rndc addzone'. [RT #25600]
3170. [func] RPZ update:
- fix precedence among competing rules
- improve ARM text including documenting rule precedence
- try to rewrite CNAME chains until first hit
- new "rpz" logging channel
3169. [func] Catch db/version mis-matches when calling dns_db_*().
[RT #26017]
3167. [bug] Negative answers from forwarders were not being
correctly tagged making them appear to not be cached.
[RT #25380]
3162. [test] start.pl: modified to allow for "named.args" in
ns*/ subdirectory to override stock arguments to
named. Largely from RT#26044, but no separate ticket.
3161. [bug] zone.c:del_sigs failed to always reset rdata leading
assertion failures. [RT #25880]
3157. [tuning] Reduce the time spent in "rndc reconfig" by parsing
the config file before pausing the server. [RT #21373]
3155. [bug] Fixed a build failure when using contrib DLZ
drivers (e.g., mysql, postgresql, etc). [RT #25710]
3154. [bug] Attempting to print an empty rdataset could trigger
an assert. [RT #25452]
3152. [cleanup] Some versions of gcc and clang failed due to
incorrect use of __builtin_expect. [RT #25183]
3151. [bug] Queries for type RRSIG or SIG could be handled
incorrectly. [RT #21050]
3148. [bug] Processing of normal queries could be stalled when
forwarding a UPDATE message. [RT #24711]
3146. [test] Fixed gcc4.6.0 errors in ATF. [RT #25598]
3145. [test] Capture output of ATF unit tests in "./atf.out" if
there were any errors while running them. [RT #25527]
3144. [bug] dns_dbiterator_seek() could trigger an assert when
used with a nonexistent database node. [RT #25358]
3143. [bug] Silence clang compiler warnings. [RT #25174]
3139. [test] Added tests from RFC 6234, RFC 2202, and RFC 1321
for the hashing algorithms (md5, sha1 - sha512, and
their hmac counterparts). [RT #25067]
--- 9.8.1 released ---
--- 9.8.1rc1 released ---
......
......@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.58.250.2 2011-02-28 01:19:57 tbox Exp $
# $Id: Makefile.in,v 1.58.250.4 2011-09-06 04:06:11 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
......@@ -64,8 +64,10 @@ tags:
check: test
test:
(cd bin/tests && ${MAKE} ${MAKEDEFS} test)
(test -f unit/unittest.sh && $(SHELL) unit/unittest.sh)
status=0; \
(cd bin/tests && ${MAKE} ${MAKEDEFS} test) || status=1; \
(test -f unit/unittest.sh && $(SHELL) unit/unittest.sh) || status=1; \
exit $$status
FAQ: FAQ.xml
${XSLTPROC} doc/xsl/isc-docbook-text.xsl FAQ.xml | \
......
......@@ -48,6 +48,11 @@ BIND 9
For a detailed list of user-visible changes from
previous releases, see the CHANGES file.
BIND 9.8.2
BIND 9.8.2 includes a number of bug fixes and prevents a security
problem described in CVE-2011-4313
BIND 9.8.1
BIND 9.8.1 includes a number of bug fixes and enhancements from
......@@ -314,6 +319,7 @@ Building
libraries. sh-utils-1.16 provides a "printf" which compiles
on SunOS 4.
Documentation
The BIND 9 Administrator Reference Manual is included with the
......@@ -336,6 +342,48 @@ Documentation
in the other README files.
Change Log
A detailed list of all changes to BIND 9 is included in the
file CHANGES, with the most recent changes listed first.
Change notes include tags indicating the category of the
change that was made; these categories are:
[func] New feature
[bug] General bug fix
[security] Fix for a significant security flaw
[experimental] Used for new features when the syntax
or other aspects of the design are still
in flux and may change
[port] Portability enhancement
[maint] Updates to built-in data such as root
server addresses and keys
[tuning] Changes to built-in configuration defaults
and constants to improve performanceo
[protocol] Updates to the DNS protocol such as new
RR types
[test] Changes to the automatic tests, not
affecting server functionality
[cleanup] Minor corrections and refactoring
[doc] Documentation
In general, [func] and [experimental] tags will only appear
in new-feature releases (i.e., those with version numbers
ending in zero). Some new functionality may be backported to
older releases on a case-by-case basis. All other change
types may be applied to all currently-supported releases.
Bug Reports and Mailing Lists
Bugs reports should be sent to
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dighost.c,v 1.336.22.4 2011-03-11 06:46:58 marka Exp $ */
/* $Id: dighost.c,v 1.336.22.8 2011-12-01 01:00:50 marka Exp $ */
/*! \file
* \note
......@@ -66,6 +66,7 @@
#include <dns/tsig.h>
#include <dst/dst.h>
#include <dst/result.h>
#include <isc/app.h>
#include <isc/base64.h>
......@@ -81,6 +82,7 @@
#include <isc/print.h>
#include <isc/random.h>
#include <isc/result.h>
#include <isc/serial.h>
#include <isc/string.h>
#include <isc/task.h>
#include <isc/timer.h>
......@@ -360,6 +362,8 @@ connect_timeout(isc_task_t *task, isc_event_t *event);
static void
launch_next_query(dig_query_t *query, isc_boolean_t include_question);
static void
send_tcp_connect(dig_query_t *query);
static void *
mem_alloc(void *arg, size_t size) {
......@@ -742,7 +746,7 @@ make_empty_lookup(void) {
looknew->xfr_q = NULL;
looknew->current_query = NULL;
looknew->doing_xfr = ISC_FALSE;
looknew->ixfr_serial = ISC_FALSE;
looknew->ixfr_serial = 0;
looknew->trace = ISC_FALSE;
looknew->trace_root = ISC_FALSE;
looknew->identify = ISC_FALSE;
......@@ -787,6 +791,7 @@ make_empty_lookup(void) {
looknew->new_search = ISC_FALSE;
looknew->done_as_is = ISC_FALSE;
looknew->need_search = ISC_FALSE;
dns_fixedname_init(&looknew->fdomain);
ISC_LINK_INIT(looknew, link);
ISC_LIST_INIT(looknew->q);
ISC_LIST_INIT(looknew->my_server_list);
......@@ -862,6 +867,8 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
looknew->tsigctx = NULL;
looknew->need_search = lookold->need_search;
looknew->done_as_is = lookold->done_as_is;
dns_name_copy(dns_fixedname_name(&lookold->fdomain),
dns_fixedname_name(&looknew->fdomain), NULL);
if (servers)
clone_server_list(lookold->my_server_list,
......@@ -925,6 +932,11 @@ setup_text_key(void) {
secretsize = isc_buffer_usedlength(&secretbuf);
if (hmacname == NULL) {
result = DST_R_UNSUPPORTEDALG;
goto failure;
}
result = dns_name_fromtext(&keyname, namebuf, dns_rootname, 0, namebuf);
if (result != ISC_R_SUCCESS)
goto failure;
......@@ -1783,7 +1795,6 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
lookup->trace_root = ISC_FALSE;
if (lookup->ns_search_only)
lookup->recurse = ISC_FALSE;
dns_fixedname_init(&lookup->fdomain);
domain = dns_fixedname_name(&lookup->fdomain);
dns_name_copy(name, domain, NULL);
}
......@@ -1838,12 +1849,10 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
* Return ISC_TRUE iff there was another searchlist entry.
*/
static isc_boolean_t
next_origin(dns_message_t *msg, dig_query_t *query) {
next_origin(dig_query_t *query) {
dig_lookup_t *lookup;
dig_searchlist_t *search;
UNUSED(msg);
INSIST(!free_now);
debug("next_origin()");
......@@ -2318,7 +2327,7 @@ send_done(isc_task_t *_task, isc_event_t *event) {
query->waiting_senddone = ISC_FALSE;
l = query->lookup;
if (l->ns_search_only && !l->trace_root) {
if (l->ns_search_only && !l->trace_root && !l->tcp_mode) {
debug("sending next, since searching");
next = ISC_LIST_NEXT(query, link);
if (next != NULL)
......@@ -2865,8 +2874,10 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg,
dns_rdataset_t *rdataset = NULL;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdata_soa_t soa;
isc_uint32_t serial;
isc_uint32_t ixfr_serial = query->lookup->ixfr_serial, serial;
isc_result_t result;
isc_boolean_t ixfr = query->lookup->rdtype == dns_rdatatype_ixfr;
isc_boolean_t axfr = query->lookup->rdtype == dns_rdatatype_axfr;
debug("check_for_more_data()");
......@@ -2916,6 +2927,7 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg,
query->second_rr_rcvd = ISC_TRUE;
query->second_rr_serial = 0;
debug("got the second rr as nonsoa");
axfr = ISC_TRUE;
goto next_rdata;
}
......@@ -2925,6 +2937,7 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg,
*/
if (rdata.type != dns_rdatatype_soa)
goto next_rdata;
/* Now we have an SOA. Work with it. */
debug("got an SOA");
result = dns_rdata_tostruct(&rdata, &soa, NULL);
......@@ -2934,15 +2947,17 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg,
if (!query->first_soa_rcvd) {
query->first_soa_rcvd = ISC_TRUE;
query->first_rr_serial = serial;
debug("this is the first %d",
query->lookup->ixfr_serial);
if (query->lookup->ixfr_serial >=
serial)
debug("this is the first serial %u",
serial);
if (ixfr && isc_serial_ge(ixfr_serial,
serial)) {
debug("got up to date "
"response");
goto doexit;
}
goto next_rdata;
}
if (query->lookup->rdtype ==
dns_rdatatype_axfr) {
if (axfr) {
debug("doing axfr, got second SOA");
goto doexit;
}
......@@ -2952,22 +2967,12 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg,
"empty zone");
goto doexit;
}
debug("this is the second %d",
query->lookup->ixfr_serial);
debug("this is the second serial %u",
serial);
query->second_rr_rcvd = ISC_TRUE;
query->second_rr_serial = serial;
goto next_rdata;
}
if (query->second_rr_serial == 0) {
/*
* If the second RR was a non-SOA
* record, and we're getting any
* other SOA, then this is an
* AXFR, and we're done.
*/
debug("done, since axfr");
goto doexit;
}
/*
* If we get to this point, we're doing an
* IXFR and have to start really looking
......@@ -2983,7 +2988,7 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg,
debug("done with ixfr");
goto doexit;
}
debug("meaningless soa %d", serial);
debug("meaningless soa %u", serial);
next_rdata:
result = dns_rdataset_next(rdataset);
} while (result == ISC_R_SUCCESS);
......@@ -3360,7 +3365,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
if (!l->doing_xfr || l->xfr_q == query) {
if (msg->rcode != dns_rcode_noerror &&
(l->origin != NULL || l->need_search)) {
if (!next_origin(msg, query) || showsearch) {
if (!next_origin(query) || showsearch) {
printmessage(query, msg, ISC_TRUE);
received(b->used, &sevent->address, query);
}
......@@ -4208,7 +4213,6 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
return (result);
}
isc_result_t
get_trusted_key(isc_mem_t *mctx)
{
......@@ -4270,6 +4274,7 @@ get_trusted_key(isc_mem_t *mctx)
if (key != NULL)
dst_key_free(&key);
}
fclose(fp);
return (ISC_R_SUCCESS);
}
......
/*
* Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-dsfromkey.c,v 1.19 2010-12-23 04:07:59 marka Exp $ */
/* $Id: dnssec-dsfromkey.c,v 1.19.14.2 2011-09-05 23:45:53 tbox Exp $ */
/*! \file */
......@@ -265,12 +265,10 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside,
fatal("can't print class");
isc_buffer_usedregion(&nameb, &r);
isc_util_fwrite(r.base, 1, r.length, stdout);
putchar(' ');
printf("%.*s ", (int)r.length, r.base);
isc_buffer_usedregion(&classb, &r);
isc_util_fwrite(r.base, 1, r.length, stdout);
printf("%.*s", (int)r.length, r.base);
if (lookaside == NULL)
printf(" DS ");
......@@ -278,8 +276,7 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside,
printf(" DLV ");
isc_buffer_usedregion(&textb, &r);
isc_util_fwrite(r.base, 1, r.length, stdout);
putchar('\n');
printf("%.*s\n", (int)r.length, r.base);
}
ISC_PLATFORM_NORETURN_PRE static void
......
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keyfromlabel.c,v 1.32.14.2 2011-03-12 04:59:14 tbox Exp $ */
/* $Id: dnssec-keyfromlabel.c,v 1.32.14.4 2011-11-30 00:51:38 marka Exp $ */
/*! \file */
......@@ -110,7 +110,8 @@ usage(void) {
int
main(int argc, char **argv) {
char *algname = NULL, *nametype = NULL, *type = NULL;
char *algname = NULL, *freeit = NULL;
char *nametype = NULL, *type = NULL;
const char *directory = NULL;
#ifdef USE_PKCS11
const char *engine = "pkcs11";
......@@ -342,6 +343,9 @@ main(int argc, char **argv) {
algname = strdup(DEFAULT_NSEC3_ALGORITHM);
else
algname = strdup(DEFAULT_ALGORITHM);
if (algname == NULL)
fatal("strdup failed");
freeit = algname;
if (verbose > 0)
fprintf(stderr, "no algorithm specified; "
"defaulting to %s\n", algname);
......@@ -514,8 +518,7 @@ main(int argc, char **argv) {
* is a risk of ID collision due to this key or another key
* being revoked.
*/
if (key_collision(dst_key_id(key), name, directory, alg, mctx, &exact))
{
if (key_collision(key, name, directory, mctx, &exact)) {
isc_buffer_clear(&buf);
ret = dst_key_buildfilename(key, 0, directory, &buf);
if (ret != ISC_R_SUCCESS)
......@@ -560,5 +563,8 @@ main(int argc, char **argv) {
isc_mem_free(mctx, label);
isc_mem_destroy(&mctx);
if (freeit != NULL)
free(freeit);
return (0);
}
......@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keygen.c,v 1.115.14.2 2011-03-12 04:59:14 tbox Exp $ */
/* $Id: dnssec-keygen.c,v 1.115.14.4 2011-11-30 00:51:38 marka Exp $ */
/*! \file */
......@@ -197,7 +197,8 @@ progress(int p)
int
main(int argc, char **argv) {
char *algname = NULL, *nametype = NULL, *type = NULL;
char *algname = NULL, *freeit = NULL;
char *nametype = NULL, *type = NULL;
char *classname = NULL;
char *endp;
dst_key_t *key = NULL;
......@@ -509,6 +510,9 @@ main(int argc, char **argv) {
algname = strdup(DEFAULT_NSEC3_ALGORITHM);
else
algname = strdup(DEFAULT_ALGORITHM);
if (algname == NULL)
fatal("strdup failed");
freeit = algname;
if (verbose > 0)
fprintf(stderr, "no algorithm specified; "
"defaulting to %s\n", algname);
......@@ -965,8 +969,7 @@ main(int argc, char **argv) {
* if there is a risk of ID collision due to this key
* or another key being revoked.
*/
if (key_collision(dst_key_id(key), name, directory,
alg, mctx, NULL)) {
if (key_collision(key, name, directory, mctx, NULL)) {
conflict = ISC_TRUE;
if (null_key) {
dst_key_free(&key);
......@@ -1020,5 +1023,8 @@ main(int argc, char **argv) {
isc_mem_stats(mctx, stdout);
isc_mem_destroy(&mctx);
if (freeit != NULL)
free(freeit);
return (0);
}
.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
......@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-revoke.8,v 1.9 2010-05-19 01:14:14 tbox Exp $
.\" $Id: dnssec-revoke.8,v 1.9.124.1 2011-10-21 01:52:52 tbox Exp $
.\"
.hy 0
.ad l
......@@ -32,7 +32,7 @@
dnssec\-revoke \- Set the REVOKED bit on a DNSSEC key
.SH "SYNOPSIS"
.HP 14
\fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] {keyfile}
\fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] [\fB\-R\fR] {keyfile}
.SH "DESCRIPTION"
.PP
\fBdnssec\-revoke\fR
......@@ -70,6 +70,11 @@ Force overwrite: Causes
\fBdnssec\-revoke\fR
to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key.
.RE
.PP
\-R
.RS 4
Print the key tag of the key with the REVOKE bit set but do not revoke the key.
.RE
.SH "SEE ALSO"
.PP
\fBdnssec\-keygen\fR(8),
......@@ -79,5 +84,5 @@ RFC 5011.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
.br
/*
* Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-revoke.c,v 1.22 2010-05-06 23:50:56 tbox Exp $ */
/* $Id: dnssec-revoke.c,v 1.22.124.2 2011-10-20 23:46:27 tbox Exp $ */
/*! \file */
......@@ -92,6 +92,7 @@ main(int argc, char **argv) {
isc_buffer_t buf;
isc_boolean_t force = ISC_FALSE;
isc_boolean_t remove = ISC_FALSE;
isc_boolean_t id = ISC_FALSE;
if (argc == 1)
usage();
......@@ -104,7 +105,7 @@ main(int argc, char **argv) {
isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv, "E:fK:rhv:")) != -1) {
while ((ch = isc_commandline_parse(argc, argv, "E:fK:rRhv:")) != -1) {
switch (ch) {
case 'E':
engine = isc_commandline_argument;
......@@ -126,6 +127,9 @@ main(int argc, char **argv) {
case 'r':
remove = ISC_TRUE;
break;
case 'R':
id = ISC_TRUE;
break;
case 'v':
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
......@@ -186,6 +190,10 @@ main(int argc, char **argv) {
fatal("Invalid keyfile name %s: %s",
filename, isc_result_totext(result));
if (id) {
fprintf(stdout, "%u\n", dst_key_rid(key));