Skip to content

GitLab

Commit d9cea197 authored by cvs2git's avatar cvs2git
Browse files
Options

This commit was manufactured by cvs2git to create tag 'v9_0_0b4'.

parent c365864a
Hide whitespace changes
Inline Side-by-side
Showing with 0 additions and 1112 deletions
bin/named/aclconf.c deleted 100644 → 0
View file @ c365864a
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#include <config.h>
#include <isc/string.h> /* Required for HP/UX (and others?) */
#include <isc/util.h>
#include <dns/acl.h>
#include <dns/aclconf.h>
#include <dns/fixedname.h>
#include <dns/log.h>
void
dns_aclconfctx_init(dns_aclconfctx_t *ctx) {
ISC_LIST_INIT(ctx->named_acl_cache);
}
void
dns_aclconfctx_destroy(dns_aclconfctx_t *ctx) {
dns_acl_t *dacl, *next;
for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache);
dacl != NULL;
dacl = next)
{
next = ISC_LIST_NEXT(dacl, nextincache);
dacl->name = NULL;
dns_acl_detach(&dacl);
}
}
static isc_result_t
convert_named_acl(char *aclname, dns_c_ctx_t *cctx,
dns_aclconfctx_t *ctx, isc_mem_t *mctx,
dns_acl_t **target)
{
isc_result_t result;
dns_c_acl_t *cacl;
dns_acl_t *dacl;
/* Look for an already-converted version. */
for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache);
dacl != NULL;
dacl = ISC_LIST_NEXT(dacl, nextincache))
{
if (strcmp(aclname, dacl->name) == 0) {
dns_acl_attach(dacl, target);
return ISC_R_SUCCESS;
}
}
/* Not yet converted. Convert now. */
result = dns_c_acltable_getacl(cctx->acls, aclname, &cacl);
if (result != ISC_R_SUCCESS) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_SECURITY,
DNS_LOGMODULE_ACL, ISC_LOG_WARNING,
"undefined ACL '%s'", aclname);
return (result);
}
result = dns_acl_fromconfig(cacl->ipml, cctx, ctx, mctx, &dacl);
if (result != ISC_R_SUCCESS)
return (result);
dacl->name = aclname;
ISC_LIST_APPEND(ctx->named_acl_cache, dacl, nextincache);
dns_acl_attach(dacl, target);
return (ISC_R_SUCCESS);
}
static isc_result_t
convert_keyname(char *txtname, isc_mem_t *mctx, dns_name_t *dnsname) {
isc_result_t result;
isc_buffer_t buf;
dns_fixedname_t fixname;
unsigned int keylen;
keylen = strlen(txtname);
isc_buffer_init(&buf, txtname, keylen);
isc_buffer_add(&buf, keylen);
dns_fixedname_init(&fixname);
result = dns_name_fromtext(dns_fixedname_name(&fixname), &buf,
dns_rootname, ISC_FALSE, NULL);
if (result != ISC_R_SUCCESS) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_SECURITY,
DNS_LOGMODULE_ACL, ISC_LOG_WARNING,
"key name \"%s\" is not a valid domain name",
txtname);
return (result);
}
return (dns_name_dup(dns_fixedname_name(&fixname), mctx, dnsname));
}
isc_result_t
dns_acl_fromconfig(dns_c_ipmatchlist_t *caml,
dns_c_ctx_t *cctx,
dns_aclconfctx_t *ctx,
isc_mem_t *mctx,
dns_acl_t **target)
{
isc_result_t result;
unsigned int count;
dns_acl_t *dacl = NULL;
dns_aclelement_t *de;
dns_c_ipmatchelement_t *ce;
REQUIRE(target != NULL && *target == NULL);
count = 0;
for (ce = ISC_LIST_HEAD(caml->elements);
ce != NULL;
ce = ISC_LIST_NEXT(ce, next))
count++;
result = dns_acl_create(mctx, count, &dacl);
if (result != ISC_R_SUCCESS)
return (result);
de = dacl->elements;
for (ce = ISC_LIST_HEAD(caml->elements);
ce != NULL;
ce = ISC_LIST_NEXT(ce, next))
{
de->negative = dns_c_ipmatchelement_isneg(ce);
switch (ce->type) {
case dns_c_ipmatch_pattern:
de->type = dns_aclelementtype_ipprefix;
isc_netaddr_fromsockaddr(&de->u.ip_prefix.address,
&ce->u.direct.address);
/* XXX "mask" is a misnomer */
de->u.ip_prefix.prefixlen = ce->u.direct.mask;
break;
case dns_c_ipmatch_key:
de->type = dns_aclelementtype_keyname;
dns_name_init(&de->u.keyname, NULL);
result = convert_keyname(ce->u.key, mctx,
&de->u.keyname);
if (result != ISC_R_SUCCESS)
goto cleanup;
break;
case dns_c_ipmatch_indirect:
de->type = dns_aclelementtype_nestedacl;
result = dns_acl_fromconfig(ce->u.indirect.list,
cctx, ctx, mctx,
&de->u.nestedacl);
if (result != ISC_R_SUCCESS)
goto cleanup;
break;
case dns_c_ipmatch_localhost:
de->type = dns_aclelementtype_localhost;
break;
case dns_c_ipmatch_any:
de->type = dns_aclelementtype_any;
break;
case dns_c_ipmatch_localnets:
de->type = dns_aclelementtype_localnets;
break;
case dns_c_ipmatch_acl:
de->type = dns_aclelementtype_nestedacl;
result = convert_named_acl(ce->u.aclname,
cctx, ctx, mctx,
&de->u.nestedacl);
if (result != ISC_R_SUCCESS)
goto cleanup;
break;
default:
isc_log_write(dns_lctx, DNS_LOGCATEGORY_SECURITY,
DNS_LOGMODULE_ACL, ISC_LOG_WARNING,
"address match list contains "
"unsupported element type");
result = ISC_R_FAILURE;
goto cleanup;
}
de++;
dacl->length++;
}
*target = dacl;
return (ISC_R_SUCCESS);
cleanup:
dns_acl_detach(&dacl);
return (result);
}
bin/named/include/named/aclconf.h deleted 100644 → 0
View file @ c365864a
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#ifndef DNS_ACLCONF_H
#define DNS_ACLCONF_H 1
#include <isc/lang.h>
#include <dns/confctx.h>
#include <dns/types.h>
typedef struct dns_aclconfctx {
ISC_LIST(dns_acl_t) named_acl_cache;
} dns_aclconfctx_t;
/***
*** Functions
***/
ISC_LANG_BEGINDECLS
void
dns_aclconfctx_init(dns_aclconfctx_t *ctx);
/*
* Initialize an ACL configuration context.
*/
void
dns_aclconfctx_destroy(dns_aclconfctx_t *ctx);
/*
* Destroy an ACL configuration context.
*/
isc_result_t
dns_acl_fromconfig(dns_c_ipmatchlist_t *caml,
dns_c_ctx_t *cctx,
dns_aclconfctx_t *ctx,
isc_mem_t *mctx,
dns_acl_t **target);
/*
* Construct a new dns_acl_t from configuration data in 'caml' and
* 'cctx'. Memory is allocated through 'mctx'.
*
* Any named ACLs referred to within 'caml' will be be converted
* inte nested dns_acl_t objects. Multiple references to the same
* named ACLs will be converted into shared references to a single
* nested dns_acl_t object when the referring objects were created
* passing the same ACL configuration context 'ctx'.
*
* On success, attach '*target' to the new dns_acl_t object.
*/
ISC_LANG_ENDDECLS
#endif /* DNS_ACLCONF_H */
bin/named/include/named/tkeyconf.h deleted 100644 → 0
View file @ c365864a
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#ifndef DNS_TKEYCONF_H
#define DNS_TKEYCONF_H 1
#include <isc/types.h>
#include <isc/lang.h>
#include <dns/confctx.h>
ISC_LANG_BEGINDECLS
isc_result_t
dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, isc_entropy_t *ectx,
dns_tkeyctx_t **tctxp);
/*
* Create a TKEY context and configure it, including the default DH key
* and default domain, according to 'cfg'.
*
* Requires:
* 'cfg' is a valid configuration context.
* 'mctx' is not NULL
* 'ectx' is not NULL
* 'tctx' is not NULL
* '*tctx' is NULL
*
* Returns:
* ISC_R_SUCCESS
* ISC_R_NOMEMORY
*/
ISC_LANG_ENDDECLS
#endif /* DNS_TKEYCONF_H */
bin/named/include/named/tsigconf.h deleted 100644 → 0
View file @ c365864a
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#ifndef DNS_TSIGCONF_H
#define DNS_TSIGCONF_H 1
#include <isc/types.h>
#include <isc/lang.h>
#include <dns/confctx.h>
ISC_LANG_BEGINDECLS
isc_result_t
dns_tsigkeyring_fromconfig(dns_c_view_t *confview, dns_c_ctx_t *confctx,
isc_mem_t *mctx, dns_tsig_keyring_t **ringp);
/*
* Create a TSIG key ring and configure it according to the 'key'
* statements in 'confview' and 'confctx'.
*
* Requires:
* 'confctx' is a valid configuration context.
* 'mctx' is not NULL
* 'ring' is not NULL, and '*ring' is NULL
*
* Returns:
* ISC_R_SUCCESS
* ISC_R_NOMEMORY
*/
ISC_LANG_ENDDECLS
#endif /* DNS_TSIGCONF_H */
bin/named/include/named/zoneconf.h deleted 100644 → 0
View file @ c365864a
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#ifndef DNS_ZONECONF_H
#define DNS_ZONECONF_H 1
#include <isc/lang.h>
#include <isc/types.h>
#include <dns/aclconf.h>
ISC_LANG_BEGINDECLS
isc_result_t
dns_zone_configure(dns_c_ctx_t *cctx, dns_c_view_t *cview, dns_c_zone_t *czone,
dns_aclconfctx_t *ac, dns_zone_t *zone);
/*
* Configure or reconfigure a zone according to the named.conf
* data in 'cctx' and 'czone'.
*
* The zone origin is not configured, it is assumed to have been set
* at zone creation time.
*
* Require:
* 'lctx' to be initalised or NULL.
* 'cctx' to be initalised or NULL.
* 'ac' to point to an initialized ns_aclconfctx_t.
* 'czone' to be initalised.
* 'zone' to be initalised.
*/
isc_boolean_t
dns_zone_reusable(dns_zone_t *zone, dns_c_zone_t *czone);
/*
* If 'zone' can be safely reconfigured according to the configuration
* data in 'czone', return ISC_TRUE. If the configuration data is so
* different from the current zone state that the zone needs to be destroyed
* and recreated, return ISC_FALSE.
*/
isc_result_t
dns_zonemgr_configure(dns_c_ctx_t *cctx, dns_zonemgr_t *zonemgr);
/*
* Configure the zone manager according to the named.conf data
* in 'cctx'.
*/
ISC_LANG_ENDDECLS
#endif /* DNS_ZONECONF_H */
bin/named/tkeyconf.c deleted 100644 → 0
View file @ c365864a
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#include <config.h>
#include <isc/buffer.h>
#include <isc/string.h> /* Required for HP/UX (and others?) */
#include <isc/mem.h>
#include <dns/keyvalues.h>
#include <dns/name.h>
#include <dns/tkey.h>
#include <dns/tkeyconf.h>
#define RETERR(x) do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
isc_result_t
dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, isc_entropy_t *ectx,
dns_tkeyctx_t **tctxp)
{
isc_result_t result;
dns_tkeyctx_t *tctx = NULL;
char *s;
isc_uint32_t n;
isc_buffer_t b, namebuf;
unsigned char data[1024];
dns_name_t domain, keyname;
result = dns_tkeyctx_create(mctx, ectx, &tctx);
if (result != ISC_R_SUCCESS)
return (result);
s = NULL;
result = dns_c_ctx_gettkeydhkey(cfg, &s, &n);
if (result == ISC_R_NOTFOUND) {
*tctxp = tctx;
return (ISC_R_SUCCESS);
}
isc_buffer_init(&namebuf, data, sizeof(data));
dns_name_init(&keyname, NULL);
isc_buffer_init(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
dns_name_fromtext(&keyname, &b, dns_rootname, ISC_FALSE, &namebuf);
RETERR(dst_key_fromfile(&keyname, n, DNS_KEYALG_DH,
DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
NULL, mctx, &tctx->dhkey));
s = NULL;
RETERR(dns_c_ctx_gettkeydomain(cfg, &s));
dns_name_init(&domain, NULL);
tctx->domain = (dns_name_t *) isc_mem_get(mctx, sizeof(dns_name_t));
if (tctx->domain == NULL) {
result = ISC_R_NOMEMORY;
goto failure;
}
dns_name_init(tctx->domain, NULL);
isc_buffer_init(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
RETERR(dns_name_fromtext(&domain, &b, dns_rootname, ISC_FALSE,
&namebuf));
RETERR(dns_name_dup(&domain, mctx, tctx->domain));
*tctxp = tctx;
return (ISC_R_SUCCESS);
failure:
if (tctx->dhkey != NULL)
dst_key_free(&tctx->dhkey);
if (tctx->domain != NULL) {
dns_name_free(tctx->domain, mctx);
isc_mem_put(mctx, tctx->domain, sizeof(dns_name_t));
tctx->domain = NULL;
}
dns_tkeyctx_destroy(&tctx);
return (result);
}
bin/named/tsigconf.c deleted 100644 → 0
View file @ c365864a
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#include <config.h>
#include <isc/base64.h>
#include <isc/buffer.h>
#include <isc/lex.h>
#include <isc/mem.h>
#include <isc/string.h>
#include <dns/tsig.h>
#include <dns/tsigconf.h>
static isc_result_t
add_initial_keys(dns_c_kdeflist_t *list, dns_tsig_keyring_t *ring,
isc_mem_t *mctx)
{
isc_lex_t *lex = NULL;
dns_c_kdef_t *key;
unsigned char *secret = NULL;
int secretalloc = 0;
int secretlen = 0;
isc_result_t ret;
isc_stdtime_t now;
key = ISC_LIST_HEAD(list->keydefs);
while (key != NULL) {
dns_name_t keyname;
dns_name_t alg;
char keynamedata[1024], algdata[1024];
isc_buffer_t keynamesrc, keynamebuf, algsrc, algbuf;
isc_buffer_t secretsrc, secretbuf;
dns_name_init(&keyname, NULL);
dns_name_init(&alg, NULL);
/*
* Create the key name.
*/
isc_buffer_init(&keynamesrc, key->keyid, strlen(key->keyid));
isc_buffer_add(&keynamesrc, strlen(key->keyid));
isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata));
ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
ISC_TRUE, &keynamebuf);
if (ret != ISC_R_SUCCESS)
goto failure;
/*
* Create the algorithm.
*/
if (strcasecmp(key->algorithm, "hmac-md5") == 0)
alg = *dns_tsig_hmacmd5_name;
else {
isc_buffer_init(&algsrc, key->algorithm,
strlen(key->algorithm));
isc_buffer_add(&algsrc, strlen(key->algorithm));
isc_buffer_init(&algbuf, algdata, sizeof(algdata));
ret = dns_name_fromtext(&alg, &algsrc, dns_rootname,
ISC_TRUE, &algbuf);
if (ret != ISC_R_SUCCESS)
goto failure;
}
if (strlen(key->secret) % 4 != 0) {
ret = ISC_R_BADBASE64;
goto failure;
}
secretalloc = secretlen = strlen(key->secret) * 3 / 4;
secret = isc_mem_get(mctx, secretlen);
if (secret == NULL) {
ret = ISC_R_NOMEMORY;
goto failure;
}
isc_buffer_init(&secretsrc, key->secret, strlen(key->secret));
isc_buffer_add(&secretsrc, strlen(key->secret));
isc_buffer_init(&secretbuf, secret, secretlen);
ret = isc_lex_create(mctx, strlen(key->secret), &lex);
if (ret != ISC_R_SUCCESS)
goto failure;
ret = isc_lex_openbuffer(lex, &secretsrc);
if (ret != ISC_R_SUCCESS)
goto failure;
ret = isc_base64_tobuffer(lex, &secretbuf, -1);
if (ret != ISC_R_SUCCESS)
goto failure;