202 files changed, 28025 insertions, 27506 deletions

diff --git a/contrib/unbound/Makefile.in b/contrib/unbound/Makefile.in
index 463cdac286e1..b28ed34ae77e 100644
--- a/contrib/unbound/Makefile.in
+++ b/contrib/unbound/Makefile.in
@@ -449,9 +449,13 @@ dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h dnstap/dnstap_config.h \
 	$(srcdir)/util/netevent.h $(srcdir)/util/net_help.h \
 	$(srcdir)/util/locks.h
 
-dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h: $(srcdir)/dnstap/dnstap.proto
+# Builds both dnstap/dnstap.pb-c.c and dnstap/dnstap.pb-c.h.
+# To avoid double-building we split one target out.
+dnstap/dnstap.pb-c.c: $(srcdir)/dnstap/dnstap.proto
 	@-if test ! -d dnstap; then $(INSTALL) -d dnstap; fi
 	$(PROTOC_C) --c_out=. --proto_path=$(srcdir) $(srcdir)/dnstap/dnstap.proto
+dnstap/dnstap.pb-c.h: dnstap/dnstap.pb-c.c
+	touch $@
 
 unbound-dnstap-socket$(EXEEXT):	$(DNSTAP_SOCKET_OBJ_LINK)
 	$(LINK) -o $@ $(DNSTAP_SOCKET_OBJ_LINK) $(SSLLIB) $(LIBS)
@@ -722,299 +726,338 @@ unitdoq.lo unitdoq.o: $(srcdir)/testcode/unitdoq.c
 dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
  $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/val_nsec.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/cache/dns.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/cache/dns.h \
  $(srcdir)/util/data/msgreply.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
+ $(srcdir)/util/data/msgparse.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
 infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \
  $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/services/cache/infra.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h \
- $(srcdir)/services/outbound_list.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/util/storage/lookup3.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
 rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/regional.h \
- $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h
 as112.lo as112.o: $(srcdir)/util/as112.c $(srcdir)/util/as112.h
 dname.lo dname.o: $(srcdir)/util/data/dname.c config.h $(srcdir)/util/data/dname.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \
  $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/storage/lookup3.h $(srcdir)/sldns/sbuffer.h
 msgencode.lo msgencode.o: $(srcdir)/util/data/msgencode.c config.h $(srcdir)/util/data/msgencode.h \
  $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/services/view.h
-msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h
+msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/config_file.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/rfc_1982.h $(srcdir)/util/edns.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h
 msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/data/msgreply.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
- $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/module.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
- $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
- $(srcdir)/respip/respip.h
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/msgencode.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/module.h $(srcdir)/util/fptr_wlist.h \
+ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
+ $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
+ $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
 packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h $(srcdir)/util/data/msgparse.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h \
  $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h \
  $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/util/random.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h
 iterator.lo iterator.o: $(srcdir)/iterator/iterator.c config.h $(srcdir)/iterator/iterator.h \
  $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_utils.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/iterator/iter_utils.h \
  $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_donotq.h \
  $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_scrub.h $(srcdir)/iterator/iter_priv.h \
- $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \
- $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
- $(srcdir)/util/random.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h
+ $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h
 iter_delegpt.lo iter_delegpt.o: $(srcdir)/iterator/iter_delegpt.c config.h $(srcdir)/iterator/iter_delegpt.h \
  $(srcdir)/util/log.h $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/sldns/sbuffer.h
 iter_donotq.lo iter_donotq.o: $(srcdir)/iterator/iter_donotq.c config.h $(srcdir)/iterator/iter_donotq.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h
 iter_fwd.lo iter_fwd.o: $(srcdir)/iterator/iter_fwd.c config.h $(srcdir)/iterator/iter_fwd.h \
- $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h
+ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/iterator/iter_delegpt.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/str2wire.h
 iter_hints.lo iter_hints.o: $(srcdir)/iterator/iter_hints.c config.h $(srcdir)/iterator/iter_hints.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/str2wire.h \
  $(srcdir)/sldns/wire2str.h
 iter_priv.lo iter_priv.o: $(srcdir)/iterator/iter_priv.c config.h $(srcdir)/iterator/iter_priv.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h
 iter_resptype.lo iter_resptype.o: $(srcdir)/iterator/iter_resptype.c config.h \
- $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iterator.h $(srcdir)/util/log.h \
- $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/data/dname.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h
+ $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
+ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/data/dname.h
 iter_scrub.lo iter_scrub.o: $(srcdir)/iterator/iter_scrub.c config.h $(srcdir)/iterator/iter_scrub.h \
  $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
  $(srcdir)/iterator/iter_priv.h $(srcdir)/util/rbtree.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/regional.h \
  $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/util/alloc.h $(srcdir)/sldns/sbuffer.h
 iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/iterator/iter_utils.h \
  $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
  $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_hints.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/iterator/iter_hints.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h \
  $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \
  $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outside_network.h \
-  $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \
- $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
- $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
- $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
- $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \
- $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/str2wire.h
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/outside_network.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \
+  $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/config_file.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/validator/val_anchor.h \
+ $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_utils.h \
+ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/str2wire.h
 listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \
  $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
-  $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
- $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h \
- $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/services/outside_network.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \
+  $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
+ $(srcdir)/util/timeval_func.h \
+ 
 localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h \
  $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/as112.h
+ $(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/as112.h
 mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
- $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
- $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
- $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/alloc.h \
- $(srcdir)/util/edns.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/data/dname.h $(srcdir)/services/listen_dnsport.h
-modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \
- $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/tube.h \
- $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \
- $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h
+ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/services/outbound_list.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/edns.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/services/listen_dnsport.h $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/util/timeval_func.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/addrtree.h \
+ $(srcdir)/edns-subnet/edns-subnet.h
+modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \
+ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/dns64/dns64.h \
+ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h \
+ $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_nsec3.h $(PYTHONMOD_HEADER) \
+ $(DYNLIBMOD_HEADER) $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h \
+ $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \
+ $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h
 view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h
 rpz.lo rpz.o: $(srcdir)/services/rpz.c config.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \
  $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h \
- $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/sldns/wire2str.h \
- $(srcdir)/sldns/str2wire.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/respip/respip.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
+ $(srcdir)/iterator/iter_delegpt.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/util/alloc.h \
+ $(srcdir)/dnstap/dnstap.h 
+rfc_1982.lo rfc_1982.o: $(srcdir)/util/rfc_1982.c config.h $(srcdir)/util/rfc_1982.h
 outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \
- $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
-
+ $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/alloc.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ 
 outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \
- $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h   \
- $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/iterator/iterator.h \
- $(srcdir)/services/outbound_list.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
- $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \
- $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
- $(srcdir)/util/edns.h $(srcdir)/dnstap/dnstap.h
+ $(srcdir)/services/outside_network.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h \
+  $(srcdir)/services/listen_dnsport.h $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/rtt.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/msgencode.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \
+ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \
+ $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/respip/respip.h $(srcdir)/util/edns.h $(srcdir)/dnstap/dnstap.h \
+ 
 alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
  $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
- $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
- $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
 config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/util/log.h \
- $(srcdir)/util/configyyrename.h $(srcdir)/util/config_file.h util/configparser.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/util/configyyrename.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h \
+ util/configparser.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h \
  $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
  $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
  $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h \
  $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \
- $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/iana_ports.inc
+ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/edns-subnet/edns-subnet.h \
+ $(srcdir)/util/iana_ports.inc
 configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \
- $(srcdir)/util/config_file.h util/configparser.h
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h util/configparser.h
 configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/str2wire.h \
- $(srcdir)/sldns/rrdef.h
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
+ $(srcdir)/util/random.h $(srcdir)/sldns/str2wire.h util/configparser.h
 shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/util/shm_side/shm_main.h \
  $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
  $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h  \
   $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
  $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/services/mesh.h \
- $(srcdir)/util/rbtree.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \
- $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \
- $(srcdir)/util/rtt.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/util/fptr_wlist.h \
- $(srcdir)/util/tube.h $(srcdir)/util/timeval_func.h
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
+ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
+ $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
+ $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_nsec3.h \
+ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h
 authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/services/authzone.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/data/msgparse.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \
- $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/data/msgencode.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
- $(srcdir)/services/cache/dns.h $(srcdir)/services/outside_network.h  \
- $(srcdir)/services/listen_dnsport.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \
- $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h $(srcdir)/validator/val_nsec3.h \
- $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/val_sigcrypt.h \
- $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_utils.h
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/services/cache/dns.h \
+ $(srcdir)/services/outside_network.h $(srcdir)/util/alloc.h  \
+ $(srcdir)/services/listen_dnsport.h $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_secalgo.h \
+ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_utils.h
 fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
  $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
- $(srcdir)/services/outside_network.h  $(srcdir)/services/cache/infra.h \
- $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \
- $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \
- $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \
- $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \
- $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \
- $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound-event.h \
- $(srcdir)/libunbound/worker.h $(srcdir)/daemon/remote.h
+ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h \
+ $(srcdir)/services/outside_network.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \
+  $(srcdir)/services/listen_dnsport.h $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \
+ $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/validator/validator.h \
+ $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_anchor.h \
+ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \
+ $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \
+ $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h $(srcdir)/daemon/remote.h \
+ $(PYTHONMOD_HEADER) $(DYNLIBMOD_HEADER) $(srcdir)/cachedb/cachedb.h \
+ $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \
+ $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h $(srcdir)/dnstap/dtstream.h
 locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
 log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h
-mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
- $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
- $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
+mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h
 module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h
 netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/ub_event.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \
- $(srcdir)/dnstap/dnstap.h  $(srcdir)/services/listen_dnsport.h $(srcdir)/util/timeval_func.h
-proxy_protocol.lo proxy_protocol.o: $(srcdir)/util/proxy_protocol.c config.h \
- $(srcdir)/util/proxy_protocol.h $(srcdir)/sldns/sbuffer.h
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/tcp_conn_limit.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/fptr_wlist.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
+ $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/proxy_protocol.h \
+ $(srcdir)/util/timeval_func.h $(srcdir)/sldns/str2wire.h $(srcdir)/dnstap/dnstap.h \
+  $(srcdir)/services/listen_dnsport.h $(srcdir)/daemon/acl_list.h \
+ 
 net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \
- $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/util/random.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \
+ 
 random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h
 rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
  $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
@@ -1022,442 +1065,609 @@ rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcd
 regional.lo regional.o: $(srcdir)/util/regional.c config.h $(srcdir)/util/log.h $(srcdir)/util/regional.h
 rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h $(srcdir)/iterator/iterator.h \
  $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h
-siphash.lo siphash.o: $(srcdir)/util/siphash.c
-rfc_1982.lo rfc_1982.o: $(srcdir)/util/rfc_1982.c
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
+siphash.lo siphash.o: $(srcdir)/util/siphash.c config.h $(srcdir)/util/siphash.h
 edns.lo edns.o: $(srcdir)/util/edns.c config.h $(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/regional.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h
+ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/regional.h $(srcdir)/util/rfc_1982.h \
+ $(srcdir)/util/siphash.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/sldns/sbuffer.h
 dnstree.lo dnstree.o: $(srcdir)/util/storage/dnstree.c config.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h $(srcdir)/util/net_help.h
+ $(srcdir)/util/log.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h
 lookup3.lo lookup3.o: $(srcdir)/util/storage/lookup3.c config.h $(srcdir)/util/storage/lookup3.h
 lruhash.lo lruhash.o: $(srcdir)/util/storage/lruhash.c config.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h \
+ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
 slabhash.lo slabhash.o: $(srcdir)/util/storage/slabhash.c config.h $(srcdir)/util/storage/slabhash.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
 tcp_conn_limit.lo tcp_conn_limit.o: $(srcdir)/util/tcp_conn_limit.c config.h $(srcdir)/util/regional.h \
- $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/tcp_conn_limit.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
-timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h $(srcdir)/util/timehist.h $(srcdir)/util/log.h
-tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \
+ $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/locks.h $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
+timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h $(srcdir)/util/timehist.h $(srcdir)/util/log.h \
+ $(srcdir)/util/timeval_func.h
+tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
  $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
  $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/ub_event.h
+proxy_protocol.lo proxy_protocol.o: $(srcdir)/util/proxy_protocol.c $(srcdir)/util/proxy_protocol.h config.h
+timeval_func.lo timeval_func.o: $(srcdir)/util/timeval_func.c config.h $(srcdir)/util/timeval_func.h
 ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h $(srcdir)/daemon/remote.h
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/tube.h $(srcdir)/daemon/remote.h \
+ $(srcdir)/dnstap/dtstream.h
 ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \
  $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
+ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
 winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h
 autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_utils.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/services/mesh.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/services/mesh.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
  $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
  $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
- $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h
+ $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h \
+ 
 val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/validator/autotrust.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/as112.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/validator/autotrust.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/util/as112.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/sldns/str2wire.h
 validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/validator/validator.h \
  $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \
- $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_kcache.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_nsec.h \
- $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_neg.h $(srcdir)/validator/val_sigcrypt.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_utils.h \
+ $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_anchor.h \
+ $(srcdir)/validator/val_kcache.h $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kentry.h \
+ $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h $(srcdir)/validator/val_sigcrypt.h \
  $(srcdir)/validator/autotrust.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
- $(srcdir)/respip/respip.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
+ $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
 val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/validator/val_kcache.h \
  $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/validator/val_kentry.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h
+ $(srcdir)/validator/val_kentry.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
 val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h
-val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h \
+ $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/sldns/keyraw.h \
+ 
+val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \
+ $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
  $(srcdir)/util/config_file.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
- $(srcdir)/services/cache/dns.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h
+ $(srcdir)/services/cache/dns.h $(srcdir)/sldns/sbuffer.h
 val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h $(srcdir)/validator/val_nsec3.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \
- $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kentry.h \
- $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/validator/val_nsec.h $(srcdir)/sldns/sbuffer.h
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_secalgo.h \
+ $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_utils.h \
+ $(srcdir)/validator/val_kentry.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/validator/val_nsec.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h
 val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h $(srcdir)/validator/val_nsec.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h
+ $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h
 val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \
  $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
- $(srcdir)/sldns/sbuffer.h
+ $(srcdir)/sldns/sbuffer.h \
+ 
 val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \
  $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_secalgo.h \
- $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
- $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h \
- $(srcdir)/sldns/wire2str.h
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/validator/val_utils.h \
+ $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/util/data/dname.h $(srcdir)/util/rfc_1982.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \
+ $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h $(srcdir)/services/mesh.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h \
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
+ 
 val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_kentry.h \
- $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h \
- $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/wire2str.h \
- $(srcdir)/sldns/parseutil.h
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/validator/val_nsec3.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_sigcrypt.h \
+ $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h
 dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(srcdir)/util/module.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
  $(srcdir)/util/storage/slabhash.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
  $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
  $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
  $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h
-edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h
-subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h
+ $(srcdir)/util/random.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h
+edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \
+ $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/random.h
+subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \
+ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/outbound_list.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \
+ $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
+ $(srcdir)/sldns/wire2str.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \
+ $(srcdir)/cachedb/cachedb.h
 addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \
  $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h
-subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/edns-subnet/addrtree.h
+subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \
+ $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/random.h \
+ $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h
+cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h $(srcdir)/util/module.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/cachedb/redis.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/respip/respip.h $(srcdir)/validator/val_neg.h $(srcdir)/validator/val_secalgo.h \
+ $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/sldns/parseutil.h \
+ $(srcdir)/sldns/wire2str.h
+redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h $(srcdir)/cachedb/redis.h $(srcdir)/cachedb/cachedb.h \
+ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h \
+ $(srcdir)/util/timeval_func.h $(srcdir)/sldns/sbuffer.h
 respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/view.h \
  $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/services/modstack.h \
- $(srcdir)/services/rpz.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/services/cache/dns.h \
- $(srcdir)/sldns/str2wire.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/regional.h
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h
 checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
  $(srcdir)/testcode/checklocks.h
-ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h
-ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h
+dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c  config.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
+ $(srcdir)/util/random.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \
+ $(srcdir)/dnstap/dnstap.h $(srcdir)/dnstap/dtstream.h dnstap/dnstap.pb-c.h
+dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h
+dnstap_fstrm.lo dnstap_fstrm.o: $(srcdir)/dnstap/dnstap_fstrm.c config.h $(srcdir)/dnstap/dnstap_fstrm.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h
+dtstream.lo dtstream.o: $(srcdir)/dnstap/dtstream.c config.h $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/services/outside_network.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+  $(srcdir)/sldns/sbuffer.h \
+ 
+dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
+ $(srcdir)/util/random.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/lookup3.h
+ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h $(srcdir)/ipsecmod/ipsecmod.h \
+ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/fptr_wlist.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \
+ $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/respip/respip.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h
+ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h \
+ $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h
+ipset.lo ipset.o: $(srcdir)/ipset/ipset.c config.h $(srcdir)/ipset/ipset.h $(srcdir)/util/module.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/sldns/parseutil.h
 unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \
  $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h
 unitdname.lo unitdname.o: $(srcdir)/testcode/unitdname.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \
  $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h
+ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
 unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \
  $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h
-unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
- $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/util/timehist.h $(srcdir)/iterator/iterator.h \
- $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/libunbound/unbound.h $(srcdir)/services/cache/infra.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/random.h $(srcdir)/respip/respip.h \
- $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/services/outside_network.h
+unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/util/log.h \
+ $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/util/timehist.h \
+ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/edns.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/respip/respip.h \
+ $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/str2wire.h
 unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \
  $(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/alloc.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/testcode/readhex.h \
- $(srcdir)/testcode/testpkts.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/util/alloc.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/testcode/readhex.h $(srcdir)/testcode/testpkts.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h \
+ $(srcdir)/sldns/wire2str.h
 unitneg.lo unitneg.o: $(srcdir)/testcode/unitneg.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/data/dname.h $(srcdir)/testcode/unitmain.h $(srcdir)/validator/val_neg.h $(srcdir)/util/rbtree.h \
- $(srcdir)/sldns/rrdef.h
+ $(srcdir)/util/random.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/data/dname.h $(srcdir)/testcode/unitmain.h $(srcdir)/validator/val_neg.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h
 unitregional.lo unitregional.o: $(srcdir)/testcode/unitregional.c config.h $(srcdir)/testcode/unitmain.h \
  $(srcdir)/util/log.h $(srcdir)/util/regional.h
 unitslabhash.lo unitslabhash.o: $(srcdir)/testcode/unitslabhash.c config.h $(srcdir)/testcode/unitmain.h \
  $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h
 unitverify.lo unitverify.o: $(srcdir)/testcode/unitverify.c config.h $(srcdir)/util/log.h \
  $(srcdir)/testcode/unitmain.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
  $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_nsec3.h \
  $(srcdir)/util/rbtree.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \
- $(srcdir)/testcode/testpkts.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/keyraw.h \
- $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/util/data/msgparse.h $(srcdir)/validator/val_utils.h $(srcdir)/testcode/testpkts.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \
+ 
 readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/readhex.h $(srcdir)/util/log.h \
  $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h
 testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/random.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
 unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \
  $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \
  $(srcdir)/sldns/parseutil.h
-unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h
+unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h $(srcdir)/util/module.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \
+ $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/edns-subnet/edns-subnet.h
 unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/services/authzone.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/data/msgparse.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \
- $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/testcode/unitmain.h \
- $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h \
- $(srcdir)/sldns/wire2str.h
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/respip/respip.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
 unitzonemd.lo unitzonemd.o: $(srcdir)/testcode/unitzonemd.c config.h $(srcdir)/util/log.h \
  $(srcdir)/testcode/unitmain.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/authzone.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/data/msgparse.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
- $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h \
- $(srcdir)/validator/val_anchor.h
-unittcpreuse.lo unittcpreuse.o: $(srcdir)/testcode/unittcpreuse.c config.h $(srcdir)/services/outside_network.h \
-$(srcdir)/util/random.h
-unitinfra.lo unitinfra.o: $(srcdir)/testcode/unitinfra.c config.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/iterator/iterator.h
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \
+ $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
+ $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/util/regional.h $(srcdir)/validator/val_anchor.h
+unittcpreuse.lo unittcpreuse.o: $(srcdir)/testcode/unittcpreuse.c config.h $(srcdir)/testcode/unitmain.h \
+ $(srcdir)/util/log.h $(srcdir)/util/random.h $(srcdir)/services/outside_network.h $(srcdir)/util/alloc.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ 
+unitdoq.lo unitdoq.o: $(srcdir)/testcode/unitdoq.c config.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/rbtree.h $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/testcode/unitmain.h
+unitinfra.lo unitinfra.o: $(srcdir)/testcode/unitinfra.c config.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/log.h \
+ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h
 acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
- $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
-cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \
- $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/services/localzone.h $(srcdir)/util/module.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/sldns/str2wire.h
+cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \
+ $(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
  $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h  \
  $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \
  $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \
- $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \
+ $(srcdir)/services/outside_network.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h \
  $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \
  $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
- $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/config_file.h $(srcdir)/services/outside_network.h
-daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h  \
-  $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
- $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
- $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \
- $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \
- $(srcdir)/util/edns.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h \
- $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h \
- $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h \
- $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h
-remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \
+ $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
+daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
+ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
+   $(srcdir)/daemon/worker.h \
  $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/alloc.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
  $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
- $(srcdir)/dnstap/dnstap.h  $(srcdir)/daemon/daemon.h \
+ $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
+ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \
+ $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
+ $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
+ $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/cachedb/cachedb.h
+remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \
+ $(srcdir)/daemon/remote.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h  $(srcdir)/daemon/daemon.h \
  $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
- $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \
- $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \
- $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
- $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_delegpt.h \
- $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \
- $(srcdir)/sldns/wire2str.h $(srcdir)/util/edns.h \
- $(srcdir)/util/locks.h $(srcdir)/util/ub_event.h \
- $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h $(srcdir)/validator/val_neg.h \
- $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_priv.h
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/ub_event.h $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \
+ $(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+ $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
+ $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \
+ $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_neg.h $(srcdir)/iterator/iterator.h \
+ $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
+ $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \
+ $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_priv.h $(srcdir)/services/outside_network.h \
+ $(srcdir)/util/regional.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/util/timeval_func.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h $(srcdir)/cachedb/cachedb.h \
+ $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h
 stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
  $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h  \
  $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
  $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \
- $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/tube.h \
- $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
- $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
- $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h
+ $(srcdir)/services/outside_network.h $(srcdir)/util/regional.h $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/validator/validator.h \
+ $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_nsec3.h $(srcdir)/iterator/iterator.h \
+ $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h \
+ $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \
+ 
 unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \
  $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h  \
-  $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \
- $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
- $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/ub_event.h
+  $(srcdir)/daemon/remote.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \
+ $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
+ $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/ub_event.h
 worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
  $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/timeval_func.h \
- $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
  $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h  $(srcdir)/daemon/daemon.h \
- $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
+ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/listen_dnsport.h \
  $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \
  $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
  $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
  $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \
- $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h \
- $(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \
- $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \
- $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
+ $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/proxy_protocol.h \
+ $(srcdir)/util/edns.h $(srcdir)/util/timeval_func.h $(srcdir)/iterator/iter_fwd.h \
+ $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \
+ $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \
+ $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
 testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \
  $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \
- $(srcdir)/daemon/remote.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/daemon/daemon.h \
- $(srcdir)/util/alloc.h $(srcdir)/util/timeval_func.h $(srcdir)/services/modstack.h  \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
- $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
- $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
- $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h $(srcdir)/daemon/worker.h
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/daemon/remote.h \
+ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/daemon/worker.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
+  $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/daemon/unbound.c $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
+ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/ub_event.h
 testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/random.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
 worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
  $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/timeval_func.h \
- $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
  $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h  $(srcdir)/daemon/daemon.h \
- $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
+ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/listen_dnsport.h \
  $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \
  $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
  $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
  $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \
- $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h \
- $(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \
- $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \
- $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
+ $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/proxy_protocol.h \
+ $(srcdir)/util/edns.h $(srcdir)/util/timeval_func.h $(srcdir)/iterator/iter_fwd.h \
+ $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \
+ $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \
+ $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
 acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
- $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
-daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h  \
-  $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
- $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
- $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \
- $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \
- $(srcdir)/util/edns.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h \
- $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h \
- $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h
+ $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/services/localzone.h $(srcdir)/util/module.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/sldns/str2wire.h
+daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
+ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
+   $(srcdir)/daemon/worker.h \
+ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
+ $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
+ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \
+ $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
+ $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
+ $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/cachedb/cachedb.h
 stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
  $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h  \
  $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
  $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \
- $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/tube.h \
- $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
- $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
- $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h
+ $(srcdir)/services/outside_network.h $(srcdir)/util/regional.h $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/validator/validator.h \
+ $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_nsec3.h $(srcdir)/iterator/iterator.h \
+ $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h \
+ $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \
+ 
 replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h $(srcdir)/util/timeval_func.h \
- $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h
+ $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/replay.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \
+ $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h \
+ $(srcdir)/util/timeval_func.h
 fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/testcode/fake_event.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h \
- $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h $(srcdir)/util/timeval_func.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/services/view.h \
+ $(srcdir)/services/outside_network.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \
   $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
  $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
  $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
- $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
- $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
- $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/daemon/remote.h $(srcdir)/util/storage/slabhash.h $(srcdir)/daemon/daemon.h
+ $(srcdir)/services/localzone.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/sldns/str2wire.h $(srcdir)/daemon/remote.h \
+ $(srcdir)/daemon/daemon.h $(srcdir)/util/timeval_func.h
 lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
+ $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
+ $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
 pktview.lo pktview.o: $(srcdir)/testcode/pktview.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
  $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/testcode/readhex.h $(srcdir)/sldns/sbuffer.h \
@@ -1466,133 +1676,156 @@ readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/r
  $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h
 memstats.lo memstats.o: $(srcdir)/testcode/memstats.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
+ $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
+ $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
 unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c config.h $(srcdir)/util/log.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
- $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \
- $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/localzone.h \
- $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/util/regional.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
+ $(srcdir)/iterator/iter_fwd.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
+ $(srcdir)/validator/val_nsec3.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
+ $(srcdir)/sldns/str2wire.h $(PYTHONMOD_HEADER) $(srcdir)/edns-subnet/subnet-whitelist.h
 worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
  $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
- $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
- $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/respip/respip.h $(srcdir)/dnstap/dtstream.h
 context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbound/context.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
  $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/cache/rrset.h \
  $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
  $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/util/edns.h \
- $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h
+ $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h
 libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \
  $(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \
  $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/libworker.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h \
- $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h $(srcdir)/util/edns.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h $(srcdir)/util/edns.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
  $(srcdir)/sldns/sbuffer.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
- $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/authzone.h \
+ $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/respip/respip.h $(srcdir)/services/listen_dnsport.h $(srcdir)/daemon/acl_list.h \
  $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h
-libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h   \
- $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
- $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
- $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h \
- $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \
- $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/str2wire.h
+libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \
+ $(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \
+ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h \
+ $(srcdir)/util/regional.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h \
+  $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
+ $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \
+ $(srcdir)/util/tube.h $(srcdir)/util/random.h $(srcdir)/util/proxy_protocol.h $(srcdir)/util/storage/lookup3.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/str2wire.h \
+ $(srcdir)/dnstap/dtstream.h
 unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \
+ 
 asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \
  $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
  $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h \
+ 
 streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/proxy_protocol.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/proxy_protocol.h \
+ $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \
+ 
 perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
+ $(srcdir)/util/random.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/sldns/str2wire.h
 delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
- $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
-unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h $(srcdir)/util/log.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h $(srcdir)/util/shm_side/shm_main.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h
+unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \
+ $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/util/timeval_func.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h \
  $(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
- $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/services/modstack.h $(srcdir)/respip/respip.h \
- $(srcdir)/services/listen_dnsport.h
+ $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/modstack.h $(srcdir)/respip/respip.h $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/daemon/acl_list.h \
+ 
 unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h
-petal.lo petal.o: $(srcdir)/testcode/petal.c config.h
+ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \
+ 
+petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \
+ 
 unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnstap-socket.c config.h \
  $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h \
- $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/services/listen_dnsport.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/daemon/worker.h \
- $(srcdir)/libunbound/worker.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h dnstap/dnstap.pb-c.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/util/alloc.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
   $(srcdir)/daemon/remote.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
- $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
- $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
  $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \
  $(srcdir)/libunbound/unbound-event.h
 pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h \
  $(srcdir)/pythonmod/pythonmod_utils.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/net_help.h \
- $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
- $(srcdir)/util/regional.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/services/cache/dns.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \
+ $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \
+ 
 win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \
  $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
    $(srcdir)/daemon/worker.h \
  $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
  $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
- $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h \
- $(srcdir)/util/net_help.h
+ $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h
 w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h
 unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \
  $(srcdir)/winrc/w_inst.h
@@ -1600,12 +1833,14 @@ unbound-service-remove.lo unbound-service-remove.o: $(srcdir)/winrc/unbound-serv
  $(srcdir)/winrc/w_inst.h
 anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \
  $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h
-keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/rrdef.h
+keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/sldns/rrdef.h \
+ 
 sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h
 wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \
  $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/sldns/keyraw.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h
+ $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
 parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \
  $(srcdir)/sldns/sbuffer.h
 parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h
@@ -1616,8 +1851,23 @@ dohclient.lo dohclient.o: $(srcdir)/testcode/dohclient.c config.h $(srcdir)/sldn
  $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \
  $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h
-readzone.lo readzone.o: $(srcdir)/testcode/readzone.c
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ 
+doqclient.lo doqclient.o: $(srcdir)/testcode/doqclient.c config.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/dname.h $(srcdir)/util/ub_event.h \
+ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
+  $(srcdir)/daemon/remote.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
+ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \
+ $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h
+readzone.lo readzone.o: $(srcdir)/testcode/readzone.c config.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/sldns/wire2str.h
 ctime_r.lo ctime_r.o: $(srcdir)/compat/ctime_r.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
 fake-rfc2553.lo fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h
 gmtime_r.lo gmtime_r.o: $(srcdir)/compat/gmtime_r.c config.h
@@ -1632,9 +1882,11 @@ strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h
 strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
 strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h
 getentropy_freebsd.lo getentropy_freebsd.o: $(srcdir)/compat/getentropy_freebsd.c
-getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h
+getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \
+ 
 getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c
-getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h
+getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h \
+ 
 getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
 explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
 arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h
diff --git a/contrib/unbound/aclocal.m4 b/contrib/unbound/aclocal.m4
index bf3c57e2fd9f..792090e178d6 100644
--- a/contrib/unbound/aclocal.m4
+++ b/contrib/unbound/aclocal.m4
@@ -1,6 +1,6 @@
-# generated automatically by aclocal 1.16.2 -*- Autoconf -*-
+# generated automatically by aclocal 1.17 -*- Autoconf -*-
 
-# Copyright (C) 1996-2020 Free Software Foundation, Inc.
+# Copyright (C) 1996-2024 Free Software Foundation, Inc.
 
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,8 @@
 m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
 # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
 #
-#   Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
+#   Copyright (C) 1996-2001, 2003-2019, 2021-2024 Free Software
+#   Foundation, Inc.
 #   Written by Gordon Matzigkeit, 1996
 #
 # This file is free software; the Free Software Foundation gives
@@ -22,13 +23,13 @@ m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun
 # modifications, as long as this notice is preserved.
 
 m4_define([_LT_COPYING], [dnl
-# Copyright (C) 2014 Free Software Foundation, Inc.
+# Copyright (C) 2024 Free Software Foundation, Inc.
 # This is free software; see the source for copying conditions.  There is NO
 # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
 # GNU Libtool is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of of the License, or
+# the Free Software Foundation; either version 2 of the License, or
 # (at your option) any later version.
 #
 # As a special exception to the GNU General Public License, if you
@@ -45,7 +46,7 @@ m4_define([_LT_COPYING], [dnl
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 ])
 
-# serial 58 LT_INIT
+# serial 63 LT_INIT
 
 
 # LT_PREREQ(VERSION)
@@ -73,7 +74,7 @@ esac
 # LT_INIT([OPTIONS])
 # ------------------
 AC_DEFUN([LT_INIT],
-[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK
+[AC_PREREQ([2.64])dnl We use AC_PATH_PROGS_FEATURE_CHECK
 AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
 AC_BEFORE([$0], [LT_LANG])dnl
 AC_BEFORE([$0], [LT_OUTPUT])dnl
@@ -195,6 +196,7 @@ m4_require([_LT_FILEUTILS_DEFAULTS])dnl
 m4_require([_LT_CHECK_SHELL_FEATURES])dnl
 m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl
 m4_require([_LT_CMD_RELOAD])dnl
+m4_require([_LT_DECL_FILECMD])dnl
 m4_require([_LT_CHECK_MAGIC_METHOD])dnl
 m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
 m4_require([_LT_CMD_OLD_ARCHIVE])dnl
@@ -233,8 +235,8 @@ esac
 ofile=libtool
 can_build_shared=yes
 
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
+# All known linkers require a '.a' archive for static linking (except MSVC and
+# ICC, which need '.lib').
 libext=a
 
 with_gnu_ld=$lt_cv_prog_gnu_ld
@@ -622,7 +624,7 @@ m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT
 # LT_OUTPUT
 # ---------
 # This macro allows early generation of the libtool script (before
-# AC_OUTPUT is called), incase it is used in configure for compilation
+# AC_OUTPUT is called), in case it is used in configure for compilation
 # tests.
 AC_DEFUN([LT_OUTPUT],
 [: ${CONFIG_LT=./config.lt}
@@ -657,9 +659,9 @@ m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
 m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
 configured by $[0], generated by m4_PACKAGE_STRING.
 
-Copyright (C) 2011 Free Software Foundation, Inc.
+Copyright (C) 2024 Free Software Foundation, Inc.
 This config.lt script is free software; the Free Software Foundation
-gives unlimited permision to copy, distribute and modify it."
+gives unlimited permission to copy, distribute and modify it."
 
 while test 0 != $[#]
 do
@@ -736,7 +738,6 @@ _LT_CONFIG_SAVE_COMMANDS([
     cat <<_LT_EOF >> "$cfgfile"
 #! $SHELL
 # Generated automatically by $as_me ($PACKAGE) $VERSION
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
 # NOTE: Changes made to this file will be lost: look at ltmain.sh.
 
 # Provide generalized library-building support services.
@@ -786,7 +787,7 @@ _LT_EOF
   # if finds mixed CR/LF and LF-only lines.  Since sed operates in
   # text mode, it properly converts lines to CR/LF.  This bash problem
   # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "$cfgfile" \
+  $SED '$q' "$ltmain" >> "$cfgfile" \
      || (rm -f "$cfgfile"; exit 1)
 
    mv -f "$cfgfile" "$ofile" ||
@@ -979,6 +980,7 @@ _lt_linker_boilerplate=`cat conftest.err`
 $RM -r conftest*
 ])# _LT_LINKER_BOILERPLATE
 
+
 # _LT_REQUIRED_DARWIN_CHECKS
 # -------------------------
 m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
@@ -1029,6 +1031,21 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
 	rm -f conftest.*
       fi])
 
+    # Feature test to disable chained fixups since it is not
+    # compatible with '-undefined dynamic_lookup'
+    AC_CACHE_CHECK([for -no_fixup_chains linker flag],
+      [lt_cv_support_no_fixup_chains],
+      [ save_LDFLAGS=$LDFLAGS
+        LDFLAGS="$LDFLAGS -Wl,-no_fixup_chains"
+        AC_LINK_IFELSE(
+          [AC_LANG_PROGRAM([],[])],
+          lt_cv_support_no_fixup_chains=yes,
+          lt_cv_support_no_fixup_chains=no
+        )
+        LDFLAGS=$save_LDFLAGS
+      ]
+    )
+
     AC_CACHE_CHECK([for -exported_symbols_list linker flag],
       [lt_cv_ld_exported_symbols_list],
       [lt_cv_ld_exported_symbols_list=no
@@ -1048,12 +1065,12 @@ int forced_loaded() { return 2;}
 _LT_EOF
       echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
       $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
-      echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
-      $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
+      echo "$AR $AR_FLAGS libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
+      $AR $AR_FLAGS libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
       echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
       $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
       cat > conftest.c << _LT_EOF
-int main() { return 0;}
+int main(void) { return 0;}
 _LT_EOF
       echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD
       $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
@@ -1073,23 +1090,37 @@ _LT_EOF
       _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
     darwin1.*)
       _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-    darwin*) # darwin 5.x on
-      # if running on 10.5 or later, the deployment target defaults
-      # to the OS version, if on x86, and 10.4, the deployment
-      # target defaults to 10.4. Don't you love it?
-      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
-	10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-	10.[[012]][[,.]]*)
-	  _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-	10.*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
+    darwin*)
+      case $MACOSX_DEPLOYMENT_TARGET,$host in
+        10.[[012]],*|,*powerpc*-darwin[[5-8]]*)
+          _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
+        *)
+          _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup'
+          if test yes = "$lt_cv_support_no_fixup_chains"; then
+            AS_VAR_APPEND([_lt_dar_allow_undefined], [' $wl-no_fixup_chains'])
+          fi
+        ;;
       esac
     ;;
   esac
     if test yes = "$lt_cv_apple_cc_single_mod"; then
       _lt_dar_single_mod='$single_module'
     fi
+    _lt_dar_needs_single_mod=no
+    case $host_os in
+    rhapsody* | darwin1.*)
+      _lt_dar_needs_single_mod=yes ;;
+    darwin*)
+      # When targeting Mac OS X 10.4 (darwin 8) or later,
+      # -single_module is the default and -multi_module is unsupported.
+      # The toolchain on macOS 10.14 (darwin 18) and later cannot
+      # target any OS version that needs -single_module.
+      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
+      10.0,*-darwin[[567]].*|10.[[0-3]],*-darwin[[5-9]].*|10.[[0-3]],*-darwin1[[0-7]].*)
+        _lt_dar_needs_single_mod=yes ;;
+      esac
+    ;;
+    esac
     if test yes = "$lt_cv_ld_exported_symbols_list"; then
       _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
     else
@@ -1132,12 +1163,12 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES],
     output_verbose_link_cmd=func_echo_all
     _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
     _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
-    _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
-    _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
+    _LT_TAGVAR(archive_expsym_cmds, $1)="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
+    _LT_TAGVAR(module_expsym_cmds, $1)="$SED -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
     m4_if([$1], [CXX],
-[   if test yes != "$lt_cv_apple_cc_single_mod"; then
+[   if test yes = "$_lt_dar_needs_single_mod" -a yes != "$lt_cv_apple_cc_single_mod"; then
       _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
-      _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
+      _LT_TAGVAR(archive_expsym_cmds, $1)="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
     fi
 ],[])
   else
@@ -1251,7 +1282,8 @@ _LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
 # _LT_WITH_SYSROOT
 # ----------------
 AC_DEFUN([_LT_WITH_SYSROOT],
-[AC_MSG_CHECKING([for sysroot])
+[m4_require([_LT_DECL_SED])dnl
+AC_MSG_CHECKING([for sysroot])
 AC_ARG_WITH([sysroot],
 [AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
   [Search for dependent libraries within DIR (or the compiler's sysroot
@@ -1264,11 +1296,13 @@ lt_sysroot=
 case $with_sysroot in #(
  yes)
    if test yes = "$GCC"; then
-     lt_sysroot=`$CC --print-sysroot 2>/dev/null`
+     # Trim trailing / since we'll always append absolute paths and we want
+     # to avoid //, if only for less confusing output for the user.
+     lt_sysroot=`$CC --print-sysroot 2>/dev/null | $SED 's:/\+$::'`
    fi
    ;; #(
  /*)
-   lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
+   lt_sysroot=`echo "$with_sysroot" | $SED -e "$sed_quote_subst"`
    ;; #(
  no|'')
    ;; #(
@@ -1298,7 +1332,7 @@ ia64-*-hpux*)
   # options accordingly.
   echo 'int i;' > conftest.$ac_ext
   if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *ELF-32*)
 	HPUX_IA64_MODE=32
 	;;
@@ -1315,7 +1349,7 @@ ia64-*-hpux*)
   echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
   if AC_TRY_EVAL(ac_compile); then
     if test yes = "$lt_cv_prog_gnu_ld"; then
-      case `/usr/bin/file conftest.$ac_objext` in
+      case `$FILECMD conftest.$ac_objext` in
 	*32-bit*)
 	  LD="${LD-ld} -melf32bsmip"
 	  ;;
@@ -1327,7 +1361,7 @@ ia64-*-hpux*)
 	;;
       esac
     else
-      case `/usr/bin/file conftest.$ac_objext` in
+      case `$FILECMD conftest.$ac_objext` in
 	*32-bit*)
 	  LD="${LD-ld} -32"
 	  ;;
@@ -1349,7 +1383,7 @@ mips64*-*linux*)
   echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
   if AC_TRY_EVAL(ac_compile); then
     emul=elf
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *32-bit*)
 	emul="${emul}32"
 	;;
@@ -1357,7 +1391,7 @@ mips64*-*linux*)
 	emul="${emul}64"
 	;;
     esac
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *MSB*)
 	emul="${emul}btsmip"
 	;;
@@ -1365,7 +1399,7 @@ mips64*-*linux*)
 	emul="${emul}ltsmip"
 	;;
     esac
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *N32*)
 	emul="${emul}n32"
 	;;
@@ -1376,7 +1410,7 @@ mips64*-*linux*)
   ;;
 
 x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
+s390*-*linux*|s390*-*tpf*|sparc*-*linux*|x86_64-gnu*)
   # Find out what ABI is being produced by ac_compile, and set linker
   # options accordingly.  Note that the listed cases only cover the
   # situations where additional linker options are needed (such as when
@@ -1385,14 +1419,14 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
   # not appear in the list.
   echo 'int i;' > conftest.$ac_ext
   if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
+    case `$FILECMD conftest.o` in
       *32-bit*)
 	case $host in
 	  x86_64-*kfreebsd*-gnu)
 	    LD="${LD-ld} -m elf_i386_fbsd"
 	    ;;
-	  x86_64-*linux*)
-	    case `/usr/bin/file conftest.o` in
+	  x86_64-*linux*|x86_64-gnu*)
+	    case `$FILECMD conftest.o` in
 	      *x86-64*)
 		LD="${LD-ld} -m elf32_x86_64"
 		;;
@@ -1420,7 +1454,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
 	  x86_64-*kfreebsd*-gnu)
 	    LD="${LD-ld} -m elf_x86_64_fbsd"
 	    ;;
-	  x86_64-*linux*)
+	  x86_64-*linux*|x86_64-gnu*)
 	    LD="${LD-ld} -m elf_x86_64"
 	    ;;
 	  powerpcle-*linux*)
@@ -1460,7 +1494,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
   # options accordingly.
   echo 'int i;' > conftest.$ac_ext
   if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
+    case `$FILECMD conftest.o` in
     *64-bit*)
       case $lt_cv_prog_gnu_ld in
       yes*)
@@ -1499,9 +1533,22 @@ need_locks=$enable_libtool_lock
 m4_defun([_LT_PROG_AR],
 [AC_CHECK_TOOLS(AR, [ar], false)
 : ${AR=ar}
-: ${AR_FLAGS=cru}
 _LT_DECL([], [AR], [1], [The archiver])
-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
+
+# Use ARFLAGS variable as AR's operation code to sync the variable naming with
+# Automake.  If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have
+# higher priority because that's what people were doing historically (setting
+# ARFLAGS for automake and AR_FLAGS for libtool).  FIXME: Make the AR_FLAGS
+# variable obsoleted/removed.
+
+test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr}
+lt_ar_flags=$AR_FLAGS
+_LT_DECL([], [lt_ar_flags], [0], [Flags to create an archive (by configure)])
+
+# Make AR_FLAGS overridable by 'make ARFLAGS='.  Don't try to run-time override
+# by AR_FLAGS because that was never working and AR_FLAGS is about to die.
+_LT_DECL([], [AR_FLAGS], [\@S|@{ARFLAGS-"\@S|@lt_ar_flags"}],
+         [Flags to create an archive])
 
 AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
   [lt_cv_ar_at_file=no
@@ -1540,7 +1587,7 @@ AC_CHECK_TOOL(STRIP, strip, :)
 test -z "$STRIP" && STRIP=:
 _LT_DECL([], [STRIP], [1], [A symbol stripping program])
 
-AC_CHECK_TOOL(RANLIB, ranlib, :)
+AC_REQUIRE([AC_PROG_RANLIB])
 test -z "$RANLIB" && RANLIB=:
 _LT_DECL([], [RANLIB], [1],
     [Commands used to install an old-style archive])
@@ -1551,15 +1598,8 @@ old_postinstall_cmds='chmod 644 $oldlib'
 old_postuninstall_cmds=
 
 if test -n "$RANLIB"; then
-  case $host_os in
-  bitrig* | openbsd*)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
-    ;;
-  *)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
-    ;;
-  esac
   old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
+  old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
 fi
 
 case $host_os in
@@ -1691,14 +1731,14 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
     lt_cv_sys_max_cmd_len=12288;    # 12K is about right
     ;;
 
-  gnu*)
-    # Under GNU Hurd, this test is not required because there is
-    # no limit to the length of command line arguments.
+  gnu* | ironclad*)
+    # Under GNU Hurd and Ironclad, this test is not required because there
+    # is no limit to the length of command line arguments.
     # Libtool will interpret -1 as no limit whatsoever
     lt_cv_sys_max_cmd_len=-1;
     ;;
 
-  cygwin* | mingw* | cegcc*)
+  cygwin* | mingw* | windows* | cegcc*)
     # On Win9x/ME, this test blows up -- it succeeds, but takes
     # about 5 minutes as the teststring grows exponentially.
     # Worse, since 9x/ME are not pre-emptively multitasking,
@@ -1720,7 +1760,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
     lt_cv_sys_max_cmd_len=8192;
     ;;
 
-  bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
+  darwin* | dragonfly* | freebsd* | midnightbsd* | netbsd* | openbsd*)
     # This has been around since 386BSD, at least.  Likely further.
     if test -x /sbin/sysctl; then
       lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
@@ -1763,7 +1803,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
   sysv5* | sco5v6* | sysv4.2uw2*)
     kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
     if test -n "$kargmax"; then
-      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[	 ]]//'`
+      lt_cv_sys_max_cmd_len=`echo $kargmax | $SED 's/.*[[	 ]]//'`
     else
       lt_cv_sys_max_cmd_len=32768
     fi
@@ -1880,11 +1920,11 @@ else
 /* When -fvisibility=hidden is used, assume the code has been annotated
    correspondingly for the symbols needed.  */
 #if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
+int fnord (void) __attribute__((visibility("default")));
 #endif
 
-int fnord () { return 42; }
-int main ()
+int fnord (void) { return 42; }
+int main (void)
 {
   void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
   int status = $lt_dlunknown;
@@ -1941,7 +1981,7 @@ else
     lt_cv_dlopen_self=yes
     ;;
 
-  mingw* | pw32* | cegcc*)
+  mingw* | windows* | pw32* | cegcc*)
     lt_cv_dlopen=LoadLibrary
     lt_cv_dlopen_libs=
     ;;
@@ -2213,26 +2253,35 @@ m4_defun([_LT_CMD_STRIPLIB],
 striplib=
 old_striplib=
 AC_MSG_CHECKING([whether stripping libraries is possible])
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  AC_MSG_RESULT([yes])
+if test -z "$STRIP"; then
+  AC_MSG_RESULT([no])
 else
-# FIXME - insert some real tests, host_os isn't really good enough
-  case $host_os in
-  darwin*)
-    if test -n "$STRIP"; then
+  if $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+    old_striplib="$STRIP --strip-debug"
+    striplib="$STRIP --strip-unneeded"
+    AC_MSG_RESULT([yes])
+  else
+    case $host_os in
+    darwin*)
+      # FIXME - insert some real tests, host_os isn't really good enough
       striplib="$STRIP -x"
       old_striplib="$STRIP -S"
       AC_MSG_RESULT([yes])
-    else
+      ;;
+    freebsd*)
+      if $STRIP -V 2>&1 | $GREP "elftoolchain" >/dev/null; then
+        old_striplib="$STRIP --strip-debug"
+        striplib="$STRIP --strip-unneeded"
+        AC_MSG_RESULT([yes])
+      else
+        AC_MSG_RESULT([no])
+      fi
+      ;;
+    *)
       AC_MSG_RESULT([no])
-    fi
-    ;;
-  *)
-    AC_MSG_RESULT([no])
-    ;;
-  esac
+      ;;
+    esac
+  fi
 fi
 _LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
 _LT_DECL([], [striplib], [1])
@@ -2300,7 +2349,7 @@ if test yes = "$GCC"; then
     *) lt_awk_arg='/^libraries:/' ;;
   esac
   case $host_os in
-    mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;;
+    mingw* | windows* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;;
     *) lt_sed_strip_eq='s|=/|/|g' ;;
   esac
   lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
@@ -2358,7 +2407,7 @@ BEGIN {RS = " "; FS = "/|\n";} {
   # AWK program above erroneously prepends '/' to C:/dos/paths
   # for these hosts.
   case $host_os in
-    mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
+    mingw* | windows* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
       $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;;
   esac
   sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
@@ -2433,7 +2482,7 @@ aix[[4-9]]*)
     # Unfortunately, runtime linking may impact performance, so we do
     # not want this to be the default eventually. Also, we use the
     # versioned .so libs for executables only if there is the -brtl
-    # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
+    # linker flag in LDFLAGS as well, or --enable-aix-soname=svr4 only.
     # To allow for filename-based versioning support, we need to create
     # libNAME.so.V as an archive file, containing:
     # *) an Import File, referring to the versioned filename of the
@@ -2527,7 +2576,7 @@ bsdi[[45]]*)
   # libtool to hard-code these into programs
   ;;
 
-cygwin* | mingw* | pw32* | cegcc*)
+cygwin* | mingw* | windows* | pw32* | cegcc*)
   version_type=windows
   shrext_cmds=.dll
   need_version=no
@@ -2538,15 +2587,29 @@ cygwin* | mingw* | pw32* | cegcc*)
     # gcc
     library_names_spec='$libname.dll.a'
     # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \$file`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname~
-      chmod a+x \$dldir/$dlname~
-      if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
-        eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
-      fi'
+    # If user builds GCC with multilib enabled,
+    # it should just install on $(libdir)
+    # not on $(libdir)/../bin or 32 bits dlls would override 64 bit ones.
+    if test xyes = x"$multilib"; then
+      postinstall_cmds='base_file=`basename \$file`~
+        dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
+        dldir=$destdir/`dirname \$dlpath`~
+        $install_prog $dir/$dlname $destdir/$dlname~
+        chmod a+x $destdir/$dlname~
+        if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+          eval '\''$striplib $destdir/$dlname'\'' || exit \$?;
+        fi'
+    else
+      postinstall_cmds='base_file=`basename \$file`~
+        dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
+        dldir=$destdir/`dirname \$dlpath`~
+        test -d \$dldir || mkdir -p \$dldir~
+        $install_prog $dir/$dlname \$dldir/$dlname~
+        chmod a+x \$dldir/$dlname~
+        if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+          eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+        fi'
+    fi
     postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
       dlpath=$dir/\$dldll~
        $RM \$dlpath'
@@ -2555,30 +2618,30 @@ cygwin* | mingw* | pw32* | cegcc*)
     case $host_os in
     cygwin*)
       # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
+      soname_spec='`echo $libname | $SED -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
 m4_if([$1], [],[
       sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
       ;;
-    mingw* | cegcc*)
+    mingw* | windows* | cegcc*)
       # MinGW DLLs use traditional 'lib' prefix
       soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
       ;;
     pw32*)
       # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
+      library_names_spec='`echo $libname | $SED -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
       ;;
     esac
     dynamic_linker='Win32 ld.exe'
     ;;
 
-  *,cl*)
-    # Native MSVC
+  *,cl* | *,icl*)
+    # Native MSVC or ICC
     libname_spec='$name'
     soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
     library_names_spec='$libname.dll.lib'
 
     case $build_os in
-    mingw*)
+    mingw* | windows*)
       sys_lib_search_path_spec=
       lt_save_ifs=$IFS
       IFS=';'
@@ -2591,7 +2654,7 @@ m4_if([$1], [],[
       done
       IFS=$lt_save_ifs
       # Convert to MSYS style.
-      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
+      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
       ;;
     cygwin*)
       # Convert to unix form, then to dos form, then back to unix form
@@ -2628,7 +2691,7 @@ m4_if([$1], [],[
     ;;
 
   *)
-    # Assume MSVC wrapper
+    # Assume MSVC and ICC wrapper
     library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib'
     dynamic_linker='Win32 ld.exe'
     ;;
@@ -2661,7 +2724,7 @@ dgux*)
   shlibpath_var=LD_LIBRARY_PATH
   ;;
 
-freebsd* | dragonfly*)
+freebsd* | dragonfly* | midnightbsd*)
   # DragonFly does not have aout.  When/if they implement a new
   # versioning mechanism, adjust this.
   if test -x /usr/bin/objformat; then
@@ -2685,7 +2748,21 @@ freebsd* | dragonfly*)
       need_version=yes
       ;;
   esac
-  shlibpath_var=LD_LIBRARY_PATH
+  case $host_cpu in
+    powerpc64)
+      # On FreeBSD bi-arch platforms, a different variable is used for 32-bit
+      # binaries.  See <https://man.freebsd.org/cgi/man.cgi?query=ld.so>.
+      AC_COMPILE_IFELSE(
+        [AC_LANG_SOURCE(
+           [[int test_pointer_size[sizeof (void *) - 5];
+           ]])],
+        [shlibpath_var=LD_LIBRARY_PATH],
+        [shlibpath_var=LD_32_LIBRARY_PATH])
+      ;;
+    *)
+      shlibpath_var=LD_LIBRARY_PATH
+      ;;
+  esac
   case $host_os in
   freebsd2.*)
     shlibpath_overrides_runpath=yes
@@ -2715,8 +2792,9 @@ haiku*)
   soname_spec='$libname$release$shared_ext$major'
   shlibpath_var=LIBRARY_PATH
   shlibpath_overrides_runpath=no
-  sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
-  hardcode_into_libs=yes
+  sys_lib_search_path_spec='/boot/system/non-packaged/develop/lib /boot/system/develop/lib'
+  sys_lib_dlsearch_path_spec='/boot/home/config/non-packaged/lib /boot/home/config/lib /boot/system/non-packaged/lib /boot/system/lib'
+  hardcode_into_libs=no
   ;;
 
 hpux9* | hpux10* | hpux11*)
@@ -2826,7 +2904,7 @@ linux*android*)
   version_type=none # Android doesn't support versioned libraries.
   need_lib_prefix=no
   need_version=no
-  library_names_spec='$libname$release$shared_ext'
+  library_names_spec='$libname$release$shared_ext $libname$shared_ext'
   soname_spec='$libname$release$shared_ext'
   finish_cmds=
   shlibpath_var=LD_LIBRARY_PATH
@@ -2838,8 +2916,9 @@ linux*android*)
   hardcode_into_libs=yes
 
   dynamic_linker='Android linker'
-  # Don't embed -rpath directories since the linker doesn't support them.
-  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+  # -rpath works at least for libraries that are not overridden by
+  # libraries installed in system locations.
+  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
   ;;
 
 # This must be glibc/ELF.
@@ -2876,7 +2955,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
   # Add ABI-specific directories to the system library path.
   sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib"
 
-  # Ideally, we could use ldconfig to report *all* directores which are
+  # Ideally, we could use ldconfig to report *all* directories which are
   # searched for libraries, however this is still not possible.  Aside from not
   # being certain /sbin/ldconfig is available, command
   # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
@@ -2896,6 +2975,18 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
   dynamic_linker='GNU/Linux ld.so'
   ;;
 
+netbsdelf*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='NetBSD ld.elf_so'
+  ;;
+
 netbsd*)
   version_type=sunos
   need_lib_prefix=no
@@ -2914,6 +3005,18 @@ netbsd*)
   hardcode_into_libs=yes
   ;;
 
+*-mlibc)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  dynamic_linker='mlibc ld.so'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
 newsos6)
   version_type=linux # correct to gnu/linux during the next big refactor
   library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
@@ -2933,7 +3036,7 @@ newsos6)
   dynamic_linker='ldqnx.so'
   ;;
 
-openbsd* | bitrig*)
+openbsd*)
   version_type=sunos
   sys_lib_dlsearch_path_spec=/usr/lib
   need_lib_prefix=no
@@ -2993,6 +3096,17 @@ rdos*)
   dynamic_linker=no
   ;;
 
+serenity*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  dynamic_linker='SerenityOS LibELF'
+  ;;
+
 solaris*)
   version_type=linux # correct to gnu/linux during the next big refactor
   need_lib_prefix=no
@@ -3090,6 +3204,21 @@ uts4*)
   shlibpath_var=LD_LIBRARY_PATH
   ;;
 
+emscripten*)
+  version_type=none
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext'
+  soname_spec='$libname$release$shared_ext'
+  finish_cmds=
+  dynamic_linker="Emscripten linker"
+  _LT_COMPILER_PIC($1)='-fPIC'
+  _LT_TAGVAR(archive_cmds, $1)='$CC -sSIDE_MODULE=2 -shared $libobjs $deplibs $compiler_flags -o $lib'
+  _LT_TAGVAR(archive_expsym_cmds, $1)='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -sSIDE_MODULE=2 -shared $libobjs $deplibs $compiler_flags -o $lib -s EXPORTED_FUNCTIONS=@$output_objdir/$soname.expsym'
+  _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+  _LT_TAGVAR(no_undefined_flag, $1)=
+  ;;
+
 *)
   dynamic_linker=no
   ;;
@@ -3265,7 +3394,7 @@ if test yes = "$GCC"; then
   # Check if gcc -print-prog-name=ld gives a path.
   AC_MSG_CHECKING([for ld used by $CC])
   case $host in
-  *-*-mingw*)
+  *-*-mingw* | *-*-windows*)
     # gcc leaves a trailing carriage return, which upsets mingw
     ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
   *)
@@ -3374,7 +3503,7 @@ case $reload_flag in
 esac
 reload_cmds='$LD$reload_flag -o $output$reload_objs'
 case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
+  cygwin* | mingw* | windows* | pw32* | cegcc*)
     if test yes != "$GCC"; then
       reload_cmds=false
     fi
@@ -3446,7 +3575,6 @@ lt_cv_deplibs_check_method='unknown'
 # 'none' -- dependencies not supported.
 # 'unknown' -- same as none, but documents that we really don't know.
 # 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
 # 'file_magic [[regex]]' -- check by looking for files in library path
 # that responds to the $file_magic_cmd with a given extended regex.
 # If you have 'file' or equivalent on your system and you're not sure
@@ -3463,7 +3591,7 @@ beos*)
 
 bsdi[[45]]*)
   lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
+  lt_cv_file_magic_cmd='$FILECMD -L'
   lt_cv_file_magic_test_file=/shlib/libc.so
   ;;
 
@@ -3473,7 +3601,7 @@ cygwin*)
   lt_cv_file_magic_cmd='func_win32_libid'
   ;;
 
-mingw* | pw32*)
+mingw* | windows* | pw32*)
   # Base MSYS/MinGW do not provide the 'file' command needed by
   # func_win32_libid shell function, so use a weaker test based on 'objdump',
   # unless we find 'file', for example because we are cross-compiling.
@@ -3482,7 +3610,7 @@ mingw* | pw32*)
     lt_cv_file_magic_cmd='func_win32_libid'
   else
     # Keep this pattern in sync with the one in func_win32_libid.
-    lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
+    lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64|pe-aarch64)'
     lt_cv_file_magic_cmd='$OBJDUMP -f'
   fi
   ;;
@@ -3497,14 +3625,14 @@ darwin* | rhapsody*)
   lt_cv_deplibs_check_method=pass_all
   ;;
 
-freebsd* | dragonfly*)
+freebsd* | dragonfly* | midnightbsd*)
   if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
     case $host_cpu in
     i*86 )
       # Not sure whether the presence of OpenBSD here was a mistake.
       # Let's accept both of them until this is cleared up.
       lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
+      lt_cv_file_magic_cmd=$FILECMD
       lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
       ;;
     esac
@@ -3518,7 +3646,7 @@ haiku*)
   ;;
 
 hpux10.20* | hpux11*)
-  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_cmd=$FILECMD
   case $host_cpu in
   ia64*)
     lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
@@ -3555,7 +3683,11 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
   lt_cv_deplibs_check_method=pass_all
   ;;
 
-netbsd*)
+*-mlibc)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+netbsd* | netbsdelf*-gnu)
   if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
     lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
   else
@@ -3565,7 +3697,7 @@ netbsd*)
 
 newos6*)
   lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_cmd=$FILECMD
   lt_cv_file_magic_test_file=/usr/lib/libnls.so
   ;;
 
@@ -3573,7 +3705,7 @@ newos6*)
   lt_cv_deplibs_check_method=pass_all
   ;;
 
-openbsd* | bitrig*)
+openbsd*)
   if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
     lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
   else
@@ -3589,6 +3721,10 @@ rdos*)
   lt_cv_deplibs_check_method=pass_all
   ;;
 
+serenity*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
 solaris*)
   lt_cv_deplibs_check_method=pass_all
   ;;
@@ -3637,7 +3773,7 @@ file_magic_glob=
 want_nocaseglob=no
 if test "$build" = "$host"; then
   case $host_os in
-  mingw* | pw32*)
+  mingw* | windows* | pw32*)
     if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
       want_nocaseglob=yes
     else
@@ -3689,16 +3825,16 @@ else
 	# Tru64's nm complains that /dev/null is an invalid object file
 	# MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
 	case $build_os in
-	mingw*) lt_bad_file=conftest.nm/nofile ;;
+	mingw* | windows*) lt_bad_file=conftest.nm/nofile ;;
 	*) lt_bad_file=/dev/null ;;
 	esac
-	case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
+	case `"$tmp_nm" -B $lt_bad_file 2>&1 | $SED '1q'` in
 	*$lt_bad_file* | *'Invalid file or object type'*)
 	  lt_cv_path_NM="$tmp_nm -B"
 	  break 2
 	  ;;
 	*)
-	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+	  case `"$tmp_nm" -p /dev/null 2>&1 | $SED '1q'` in
 	  */dev/null*)
 	    lt_cv_path_NM="$tmp_nm -p"
 	    break 2
@@ -3724,7 +3860,7 @@ else
     # Let the user override the test.
   else
     AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
-    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
+    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | $SED '1q'` in
     *COFF*)
       DUMPBIN="$DUMPBIN -symbols -headers"
       ;;
@@ -3780,7 +3916,7 @@ lt_cv_sharedlib_from_linklib_cmd,
 [lt_cv_sharedlib_from_linklib_cmd='unknown'
 
 case $host_os in
-cygwin* | mingw* | pw32* | cegcc*)
+cygwin* | mingw* | windows* | pw32* | cegcc*)
   # two different shell functions defined in ltmain.sh;
   # decide which one to use based on capabilities of $DLLTOOL
   case `$DLLTOOL --help 2>&1` in
@@ -3812,16 +3948,16 @@ _LT_DECL([], [sharedlib_from_linklib_cmd], [1],
 m4_defun([_LT_PATH_MANIFEST_TOOL],
 [AC_CHECK_TOOL(MANIFEST_TOOL, mt, :)
 test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool],
-  [lt_cv_path_mainfest_tool=no
+AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_manifest_tool],
+  [lt_cv_path_manifest_tool=no
   echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD
   $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
   cat conftest.err >&AS_MESSAGE_LOG_FD
   if $GREP 'Manifest Tool' conftest.out > /dev/null; then
-    lt_cv_path_mainfest_tool=yes
+    lt_cv_path_manifest_tool=yes
   fi
   rm -f conftest*])
-if test yes != "$lt_cv_path_mainfest_tool"; then
+if test yes != "$lt_cv_path_manifest_tool"; then
   MANIFEST_TOOL=:
 fi
 _LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl
@@ -3850,7 +3986,7 @@ AC_DEFUN([LT_LIB_M],
 [AC_REQUIRE([AC_CANONICAL_HOST])dnl
 LIBM=
 case $host in
-*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*)
+*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-mingw* | *-*-pw32* | *-*-darwin*)
   # These system don't have libm, or don't need it
   ;;
 *-ncr-sysv4.3*)
@@ -3925,7 +4061,7 @@ case $host_os in
 aix*)
   symcode='[[BCDT]]'
   ;;
-cygwin* | mingw* | pw32* | cegcc*)
+cygwin* | mingw* | windows* | pw32* | cegcc*)
   symcode='[[ABCDGISTW]]'
   ;;
 hpux*)
@@ -3940,7 +4076,7 @@ osf*)
   symcode='[[BCDEGQRST]]'
   ;;
 solaris*)
-  symcode='[[BDRT]]'
+  symcode='[[BCDRT]]'
   ;;
 sco3.2v5*)
   symcode='[[DT]]'
@@ -3964,7 +4100,7 @@ esac
 
 if test "$lt_cv_nm_interface" = "MS dumpbin"; then
   # Gets list of data symbols to import.
-  lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
+  lt_cv_sys_global_symbol_to_import="$SED -n -e 's/^I .* \(.*\)$/\1/p'"
   # Adjust the below global symbol transforms to fixup imported variables.
   lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
   lt_c_name_hook=" -e 's/^I .* \(.*\)$/  {\"\1\", (void *) 0},/p'"
@@ -3982,20 +4118,20 @@ fi
 # Transform an extracted symbol line into a proper C declaration.
 # Some systems (esp. on ia64) link data and code symbols differently,
 # so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
+lt_cv_sys_global_symbol_to_cdecl="$SED -n"\
 $lt_cdecl_hook\
 " -e 's/^T .* \(.*\)$/extern int \1();/p'"\
 " -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
 
 # Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
+lt_cv_sys_global_symbol_to_c_name_address="$SED -n"\
 $lt_c_name_hook\
 " -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
 " -e 's/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/p'"
 
 # Transform an extracted symbol line into symbol name with lib prefix and
 # symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="$SED -n"\
 $lt_c_name_lib_hook\
 " -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
 " -e 's/^$symcode$symcode* .* \(lib.*\)$/  {\"\1\", (void *) \&\1},/p'"\
@@ -4004,7 +4140,7 @@ $lt_c_name_lib_hook\
 # Handle CRLF in mingw tool chain
 opt_cr=
 case $build_os in
-mingw*)
+mingw* | windows*)
   opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
   ;;
 esac
@@ -4019,7 +4155,7 @@ for ac_symprfx in "" "_"; do
   if test "$lt_cv_nm_interface" = "MS dumpbin"; then
     # Fake it for dumpbin and say T for any non-static function,
     # D for any global variable and I for any imported variable.
-    # Also find C++ and __fastcall symbols from MSVC++,
+    # Also find C++ and __fastcall symbols from MSVC++ or ICC,
     # which start with @ or ?.
     lt_cv_sys_global_symbol_pipe="$AWK ['"\
 "     {last_section=section; section=\$ 3};"\
@@ -4037,9 +4173,9 @@ for ac_symprfx in "" "_"; do
 "     s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
 "     ' prfx=^$ac_symprfx]"
   else
-    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[	 ]]\($symcode$symcode*\)[[	 ]][[	 ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+    lt_cv_sys_global_symbol_pipe="$SED -n -e 's/^.*[[	 ]]\($symcode$symcode*\)[[	 ]][[	 ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
   fi
-  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
+  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | $SED '/ __gnu_lto/d'"
 
   # Check to see that the pipe works correctly.
   pipe_works=no
@@ -4055,13 +4191,14 @@ void nm_test_func(void){}
 #ifdef __cplusplus
 }
 #endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
+int main(void){nm_test_var='a';nm_test_func();return(0);}
 _LT_EOF
 
   if AC_TRY_EVAL(ac_compile); then
     # Now try to grab the symbols.
     nlist=conftest.nm
-    if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then
+    $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&AS_MESSAGE_LOG_FD
+    if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&AS_MESSAGE_LOG_FD && test -s "$nlist"; then
       # Try sorting and uniquifying the output.
       if sort "$nlist" | uniq > "$nlist"T; then
 	mv -f "$nlist"T "$nlist"
@@ -4231,7 +4368,7 @@ m4_if([$1], [CXX], [
     beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
       # PIC is the default for these OSes.
       ;;
-    mingw* | cygwin* | os2* | pw32* | cegcc*)
+    mingw* | windows* | cygwin* | os2* | pw32* | cegcc*)
       # This hack is so that the source file can tell whether it is being
       # built for inclusion in a dll (and should export symbols for example).
       # Although the cygwin gcc ignores -fPIC, still need this for old-style
@@ -4307,7 +4444,7 @@ m4_if([$1], [CXX], [
 	  ;;
 	esac
 	;;
-      mingw* | cygwin* | os2* | pw32* | cegcc*)
+      mingw* | windows* | cygwin* | os2* | pw32* | cegcc*)
 	# This hack is so that the source file can tell whether it is being
 	# built for inclusion in a dll (and should export symbols for example).
 	m4_if([$1], [GCJ], [],
@@ -4326,7 +4463,7 @@ m4_if([$1], [CXX], [
 	    ;;
 	esac
 	;;
-      freebsd* | dragonfly*)
+      freebsd* | dragonfly* | midnightbsd*)
 	# FreeBSD uses GNU C++
 	;;
       hpux9* | hpux10* | hpux11*)
@@ -4409,7 +4546,7 @@ m4_if([$1], [CXX], [
 	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
 	    ;;
 	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
+	    case `$CC -V 2>&1 | $SED 5q` in
 	    *Sun\ C*)
 	      # Sun C++ 5.9
 	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
@@ -4433,7 +4570,9 @@ m4_if([$1], [CXX], [
 	    ;;
 	esac
 	;;
-      netbsd*)
+      netbsd* | netbsdelf*-gnu)
+	;;
+      *-mlibc)
 	;;
       *qnx* | *nto*)
         # QNX uses GNU C++, but need to define -shared option too, otherwise
@@ -4463,6 +4602,8 @@ m4_if([$1], [CXX], [
 	;;
       psos*)
 	;;
+      serenity*)
+        ;;
       solaris*)
 	case $cc_basename in
 	  CC* | sunCC*)
@@ -4555,7 +4696,7 @@ m4_if([$1], [CXX], [
       # PIC is the default for these OSes.
       ;;
 
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
+    mingw* | windows* | cygwin* | pw32* | os2* | cegcc*)
       # This hack is so that the source file can tell whether it is being
       # built for inclusion in a dll (and should export symbols for example).
       # Although the cygwin gcc ignores -fPIC, still need this for old-style
@@ -4659,7 +4800,7 @@ m4_if([$1], [CXX], [
       esac
       ;;
 
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
+    mingw* | windows* | cygwin* | pw32* | os2* | cegcc*)
       # This hack is so that the source file can tell whether it is being
       # built for inclusion in a dll (and should export symbols for example).
       m4_if([$1], [GCJ], [],
@@ -4701,6 +4842,12 @@ m4_if([$1], [CXX], [
 	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
 	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
         ;;
+      *flang* | ftn | f18* | f95*)
+        # Flang compiler.
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+        ;;
       # icc used to be incompatible with GCC.
       # ICC 10 doesn't accept -KPIC any more.
       icc* | ifort*)
@@ -4745,7 +4892,7 @@ m4_if([$1], [CXX], [
 	_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
 	;;
       *)
-	case `$CC -V 2>&1 | sed 5q` in
+	case `$CC -V 2>&1 | $SED 5q` in
 	*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
 	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
 	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
@@ -4783,6 +4930,12 @@ m4_if([$1], [CXX], [
       _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
       ;;
 
+    *-mlibc)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+      ;;
+
     *nto* | *qnx*)
       # QNX uses GNU C++, but need to define -shared option too, otherwise
       # it will coredump.
@@ -4799,6 +4952,9 @@ m4_if([$1], [CXX], [
       _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
       ;;
 
+    serenity*)
+      ;;
+
     solaris*)
       _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
       _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
@@ -4928,15 +5084,15 @@ m4_if([$1], [CXX], [
     if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
       _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
     else
-      _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
+      _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
     fi
     ;;
   pw32*)
     _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds
     ;;
-  cygwin* | mingw* | cegcc*)
+  cygwin* | mingw* | windows* | cegcc*)
     case $cc_basename in
-    cl*)
+    cl* | icl*)
       _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
       ;;
     *)
@@ -4992,21 +5148,18 @@ dnl Note also adjust exclude_expsyms for C++ above.
   extract_expsyms_cmds=
 
   case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
+  cygwin* | mingw* | windows* | pw32* | cegcc*)
+    # FIXME: the MSVC++ and ICC port hasn't been tested in a loooong time
     # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
+    # Microsoft Visual C++ or Intel C++ Compiler.
     if test yes != "$GCC"; then
       with_gnu_ld=no
     fi
     ;;
   interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
+    # we just hope/assume this is gcc and not c89 (= MSVC++ or ICC)
     with_gnu_ld=yes
     ;;
-  openbsd* | bitrig*)
-    with_gnu_ld=no
-    ;;
   esac
 
   _LT_TAGVAR(ld_shlibs, $1)=yes
@@ -5053,7 +5206,7 @@ dnl Note also adjust exclude_expsyms for C++ above.
       _LT_TAGVAR(whole_archive_flag_spec, $1)=
     fi
     supports_anon_versioning=no
-    case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
+    case `$LD -v | $SED -e 's/([[^)]]\+)\s\+//' 2>&1` in
       *GNU\ gold*) supports_anon_versioning=yes ;;
       *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
       *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
@@ -5107,7 +5260,7 @@ _LT_EOF
       fi
       ;;
 
-    cygwin* | mingw* | pw32* | cegcc*)
+    cygwin* | mingw* | windows* | pw32* | cegcc*)
       # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
       # as there is no search path for DLLs.
       _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
@@ -5117,6 +5270,7 @@ _LT_EOF
       _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
       _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
       _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
+      _LT_TAGVAR(file_list_spec, $1)='@'
 
       if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
         _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
@@ -5136,7 +5290,7 @@ _LT_EOF
 
     haiku*)
       _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
+      _LT_TAGVAR(link_all_deplibs, $1)=no
       ;;
 
     os2*)
@@ -5163,8 +5317,9 @@ _LT_EOF
 	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
 	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
 	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+      _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
       _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+      _LT_TAGVAR(file_list_spec, $1)='@'
       ;;
 
     interix[[3-9]]*)
@@ -5179,7 +5334,7 @@ _LT_EOF
       # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
       # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
       _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      _LT_TAGVAR(archive_expsym_cmds, $1)='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
       ;;
 
     gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
@@ -5222,7 +5377,7 @@ _LT_EOF
 	  _LT_TAGVAR(compiler_needs_object, $1)=yes
 	  ;;
 	esac
-	case `$CC -V 2>&1 | sed 5q` in
+	case `$CC -V 2>&1 | $SED 5q` in
 	*Sun\ C*)			# Sun C 5.9
 	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
 	  _LT_TAGVAR(compiler_needs_object, $1)=yes
@@ -5234,13 +5389,14 @@ _LT_EOF
 
         if test yes = "$supports_anon_versioning"; then
           _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-            cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+            cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
             echo "local: *; };" >> $output_objdir/$libname.ver~
             $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
         fi
 
 	case $cc_basename in
 	tcc*)
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
 	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic'
 	  ;;
 	xlf* | bgf* | bgxlf* | mpixlf*)
@@ -5250,7 +5406,7 @@ _LT_EOF
 	  _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
 	  if test yes = "$supports_anon_versioning"; then
 	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-              cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+              cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
               echo "local: *; };" >> $output_objdir/$libname.ver~
               $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
 	  fi
@@ -5261,7 +5417,12 @@ _LT_EOF
       fi
       ;;
 
-    netbsd*)
+    *-mlibc)
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+      ;;
+
+    netbsd* | netbsdelf*-gnu)
       if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
 	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
 	wlarc=
@@ -5382,7 +5543,7 @@ _LT_EOF
 	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
 	  _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
 	else
-	  _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
+	  _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
 	fi
 	aix_use_runtimelinking=no
 
@@ -5563,14 +5724,14 @@ _LT_EOF
       _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
       ;;
 
-    cygwin* | mingw* | pw32* | cegcc*)
+    cygwin* | mingw* | windows* | pw32* | cegcc*)
       # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
+      # Microsoft Visual C++ or Intel C++ Compiler.
       # hardcode_libdir_flag_spec is actually meaningless, as there is
       # no search path for DLLs.
       case $cc_basename in
-      cl*)
-	# Native MSVC
+      cl* | icl*)
+	# Native MSVC or ICC
 	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
 	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
 	_LT_TAGVAR(always_export_symbols, $1)=yes
@@ -5580,14 +5741,14 @@ _LT_EOF
 	# Tell ltmain to make .dll files, not .so files.
 	shrext_cmds=.dll
 	# FIXME: Setting linknames here is a bad hack.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
+	_LT_TAGVAR(archive_cmds, $1)='$CC -Fe$output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
 	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
             cp "$export_symbols" "$output_objdir/$soname.def";
             echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
           else
             $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
           fi~
-          $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
+          $CC -Fe$tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
           linknames='
 	# The linker will not automatically build a static lib if we build a DLL.
 	# _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
@@ -5611,7 +5772,7 @@ _LT_EOF
           fi'
 	;;
       *)
-	# Assume MSVC wrapper
+	# Assume MSVC and ICC wrapper
 	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
 	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
 	# Tell ltmain to make .lib files, not .a files.
@@ -5659,7 +5820,7 @@ _LT_EOF
       ;;
 
     # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | dragonfly*)
+    freebsd* | dragonfly* | midnightbsd*)
       _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
       _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
       _LT_TAGVAR(hardcode_direct, $1)=yes
@@ -5799,11 +5960,15 @@ _LT_EOF
 	# Fabrice Bellard et al's Tiny C Compiler
 	_LT_TAGVAR(ld_shlibs, $1)=yes
 	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
 	;;
       esac
       ;;
 
-    netbsd*)
+    *-mlibc)
+      ;;
+
+    netbsd* | netbsdelf*-gnu)
       if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
 	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
       else
@@ -5825,7 +5990,7 @@ _LT_EOF
     *nto* | *qnx*)
       ;;
 
-    openbsd* | bitrig*)
+    openbsd*)
       if test -f /usr/libexec/ld.so; then
 	_LT_TAGVAR(hardcode_direct, $1)=yes
 	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
@@ -5868,8 +6033,9 @@ _LT_EOF
 	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
 	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
 	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+      _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
       _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+      _LT_TAGVAR(file_list_spec, $1)='@'
       ;;
 
     osf3*)
@@ -5903,6 +6069,9 @@ _LT_EOF
       _LT_TAGVAR(hardcode_libdir_separator, $1)=:
       ;;
 
+    serenity*)
+      ;;
+
     solaris*)
       _LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
       if test yes = "$GCC"; then
@@ -6161,7 +6330,7 @@ _LT_TAGDECL([], [hardcode_direct], [0],
 _LT_TAGDECL([], [hardcode_direct_absolute], [0],
     [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
     DIR into the resulting binary and the resulting library dependency is
-    "absolute", i.e impossible to change by setting $shlibpath_var if the
+    "absolute", i.e. impossible to change by setting $shlibpath_var if the
     library is relocated])
 _LT_TAGDECL([], [hardcode_minus_L], [0],
     [Set to "yes" if using the -LDIR flag during linking hardcodes DIR
@@ -6219,7 +6388,7 @@ _LT_TAGVAR(objext, $1)=$objext
 lt_simple_compile_test_code="int some_variable = 0;"
 
 # Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
+lt_simple_link_test_code='int main(void){return(0);}'
 
 _LT_TAG_COMPILER
 # Save the default compiler, since it gets overwritten when the other
@@ -6404,8 +6573,7 @@ if test yes != "$_lt_caught_CXX_error"; then
         wlarc='$wl'
 
         # ancient GNU ld didn't support --whole-archive et. al.
-        if eval "`$CC -print-prog-name=ld` --help 2>&1" |
-	  $GREP 'no-whole-archive' > /dev/null; then
+        if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
           _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
         else
           _LT_TAGVAR(whole_archive_flag_spec, $1)=
@@ -6425,7 +6593,7 @@ if test yes != "$_lt_caught_CXX_error"; then
       # Commands to make compiler produce verbose output that lists
       # what "hidden" libraries, object files and flags are used when
       # linking a shared library.
-      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " [[-]]L"'
 
     else
       GXX=no
@@ -6634,10 +6802,10 @@ if test yes != "$_lt_caught_CXX_error"; then
         esac
         ;;
 
-      cygwin* | mingw* | pw32* | cegcc*)
+      cygwin* | mingw* | windows* | pw32* | cegcc*)
 	case $GXX,$cc_basename in
-	,cl* | no,cl*)
-	  # Native MSVC
+	,cl* | no,cl* | ,icl* | no,icl*)
+	  # Native MSVC or ICC
 	  # hardcode_libdir_flag_spec is actually meaningless, as there is
 	  # no search path for DLLs.
 	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
@@ -6687,6 +6855,7 @@ if test yes != "$_lt_caught_CXX_error"; then
 	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
 	  _LT_TAGVAR(always_export_symbols, $1)=no
 	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+	  _LT_TAGVAR(file_list_spec, $1)='@'
 
 	  if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
 	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
@@ -6733,8 +6902,9 @@ if test yes != "$_lt_caught_CXX_error"; then
 	  cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
 	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
 	  emximp -o $lib $output_objdir/$libname.def'
-	_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+	_LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
 	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+	_LT_TAGVAR(file_list_spec, $1)='@'
 	;;
 
       dgux*)
@@ -6765,7 +6935,7 @@ if test yes != "$_lt_caught_CXX_error"; then
         _LT_TAGVAR(archive_cmds_need_lc, $1)=no
         ;;
 
-      freebsd* | dragonfly*)
+      freebsd* | dragonfly* | midnightbsd*)
         # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
         # conventions
         _LT_TAGVAR(ld_shlibs, $1)=yes
@@ -6773,7 +6943,7 @@ if test yes != "$_lt_caught_CXX_error"; then
 
       haiku*)
         _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-        _LT_TAGVAR(link_all_deplibs, $1)=yes
+        _LT_TAGVAR(link_all_deplibs, $1)=no
         ;;
 
       hpux9*)
@@ -6800,7 +6970,7 @@ if test yes != "$_lt_caught_CXX_error"; then
             # explicitly linking system object files so we need to strip them
             # from the output so that they don't get included in the library
             # dependencies.
-            output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
+            output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "[[-]]L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
             ;;
           *)
             if test yes = "$GXX"; then
@@ -6865,7 +7035,7 @@ if test yes != "$_lt_caught_CXX_error"; then
 	    # explicitly linking system object files so we need to strip them
 	    # from the output so that they don't get included in the library
 	    # dependencies.
-	    output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
+	    output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP " [[-]]L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
 	    ;;
           *)
 	    if test yes = "$GXX"; then
@@ -6902,7 +7072,7 @@ if test yes != "$_lt_caught_CXX_error"; then
 	# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
 	# time.  Moving up from 0x10000000 also allows more sbrk(2) space.
 	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
 	;;
       irix5* | irix6*)
         case $cc_basename in
@@ -7042,13 +7212,13 @@ if test yes != "$_lt_caught_CXX_error"; then
 	    _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
 	    if test yes = "$supports_anon_versioning"; then
 	      _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-                cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+                cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
                 echo "local: *; };" >> $output_objdir/$libname.ver~
                 $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
 	    fi
 	    ;;
 	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
+	    case `$CC -V 2>&1 | $SED 5q` in
 	    *Sun\ C*)
 	      # Sun C++ 5.9
 	      _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
@@ -7097,6 +7267,10 @@ if test yes != "$_lt_caught_CXX_error"; then
 	esac
 	;;
 
+      *-mlibc)
+        _LT_TAGVAR(ld_shlibs, $1)=yes
+	;;
+
       netbsd*)
         if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
 	  _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable  -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
@@ -7113,7 +7287,7 @@ if test yes != "$_lt_caught_CXX_error"; then
         _LT_TAGVAR(ld_shlibs, $1)=yes
 	;;
 
-      openbsd* | bitrig*)
+      openbsd*)
 	if test -f /usr/libexec/ld.so; then
 	  _LT_TAGVAR(hardcode_direct, $1)=yes
 	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
@@ -7204,7 +7378,7 @@ if test yes != "$_lt_caught_CXX_error"; then
 	      # Commands to make compiler produce verbose output that lists
 	      # what "hidden" libraries, object files and flags are used when
 	      # linking a shared library.
-	      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+	      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " [[-]]L"'
 
 	    else
 	      # FIXME: insert proper C++ library support
@@ -7219,6 +7393,9 @@ if test yes != "$_lt_caught_CXX_error"; then
         _LT_TAGVAR(ld_shlibs, $1)=no
         ;;
 
+      serenity*)
+        ;;
+
       sunos4*)
         case $cc_basename in
           CC*)
@@ -7288,7 +7465,7 @@ if test yes != "$_lt_caught_CXX_error"; then
 	        # Commands to make compiler produce verbose output that lists
 	        # what "hidden" libraries, object files and flags are used when
 	        # linking a shared library.
-	        output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+	        output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " [[-]]L"'
 	      else
 	        # g++ 2.7 appears to require '-G' NOT '-shared' on this
 	        # platform.
@@ -7299,7 +7476,7 @@ if test yes != "$_lt_caught_CXX_error"; then
 	        # Commands to make compiler produce verbose output that lists
 	        # what "hidden" libraries, object files and flags are used when
 	        # linking a shared library.
-	        output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+	        output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " [[-]]L"'
 	      fi
 
 	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
@@ -7537,10 +7714,11 @@ if AC_TRY_EVAL(ac_compile); then
     case $prev$p in
 
     -L* | -R* | -l*)
-       # Some compilers place space between "-{L,R}" and the path.
+       # Some compilers place space between "-{L,R,l}" and the path.
        # Remove the space.
-       if test x-L = "$p" ||
-          test x-R = "$p"; then
+       if test x-L = x"$p" ||
+          test x-R = x"$p" ||
+          test x-l = x"$p"; then
 	 prev=$p
 	 continue
        fi
@@ -8186,6 +8364,14 @@ _LT_DECL([], [DLLTOOL], [1], [DLL creation program])
 AC_SUBST([DLLTOOL])
 ])
 
+# _LT_DECL_FILECMD
+# ----------------
+# Check for a file(cmd) program that can be used to detect file type and magic
+m4_defun([_LT_DECL_FILECMD],
+[AC_CHECK_PROG([FILECMD], [file], [file], [:])
+_LT_DECL([], [FILECMD], [1], [A file(cmd) program that detects file types])
+])# _LD_DECL_FILECMD
+
 # _LT_DECL_SED
 # ------------
 # Check for a fully-functional sed program, that truncates
@@ -8198,71 +8384,6 @@ _LT_DECL([], [SED], [1], [A sed program that does not truncate output])
 _LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"],
     [Sed that helps us avoid accidentally triggering echo(1) options like -n])
 ])# _LT_DECL_SED
-
-m4_ifndef([AC_PROG_SED], [
-# NOTE: This macro has been submitted for inclusion into   #
-#  GNU Autoconf as AC_PROG_SED.  When it is available in   #
-#  a released version of Autoconf we should remove this    #
-#  macro and use it instead.                               #
-
-m4_defun([AC_PROG_SED],
-[AC_MSG_CHECKING([for a sed that does not truncate output])
-AC_CACHE_VAL(lt_cv_path_SED,
-[# Loop through the user's path and test for sed and gsed.
-# Then use that list of sed's as ones to test for truncation.
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for lt_ac_prog in sed gsed; do
-    for ac_exec_ext in '' $ac_executable_extensions; do
-      if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
-        lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
-      fi
-    done
-  done
-done
-IFS=$as_save_IFS
-lt_ac_max=0
-lt_ac_count=0
-# Add /usr/xpg4/bin/sed as it is typically found on Solaris
-# along with /bin/sed that truncates output.
-for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
-  test ! -f "$lt_ac_sed" && continue
-  cat /dev/null > conftest.in
-  lt_ac_count=0
-  echo $ECHO_N "0123456789$ECHO_C" >conftest.in
-  # Check for GNU sed and select it if it is found.
-  if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
-    lt_cv_path_SED=$lt_ac_sed
-    break
-  fi
-  while true; do
-    cat conftest.in conftest.in >conftest.tmp
-    mv conftest.tmp conftest.in
-    cp conftest.in conftest.nl
-    echo >>conftest.nl
-    $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
-    cmp -s conftest.out conftest.nl || break
-    # 10000 chars as input seems more than enough
-    test 10 -lt "$lt_ac_count" && break
-    lt_ac_count=`expr $lt_ac_count + 1`
-    if test "$lt_ac_count" -gt "$lt_ac_max"; then
-      lt_ac_max=$lt_ac_count
-      lt_cv_path_SED=$lt_ac_sed
-    fi
-  done
-done
-])
-SED=$lt_cv_path_SED
-AC_SUBST([SED])
-AC_MSG_RESULT([$SED])
-])#AC_PROG_SED
-])#m4_ifndef
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED])
 dnl aclocal-1.4 backwards compatibility:
 dnl AC_DEFUN([LT_AC_PROG_SED], [])
 
@@ -8309,7 +8430,7 @@ AC_CACHE_VAL(lt_cv_to_host_file_cmd,
 [case $host in
   *-*-mingw* )
     case $build in
-      *-*-mingw* ) # actually msys
+      *-*-mingw* | *-*-windows* ) # actually msys
         lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
         ;;
       *-*-cygwin* )
@@ -8322,7 +8443,7 @@ AC_CACHE_VAL(lt_cv_to_host_file_cmd,
     ;;
   *-*-cygwin* )
     case $build in
-      *-*-mingw* ) # actually msys
+      *-*-mingw* | *-*-windows* ) # actually msys
         lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
         ;;
       *-*-cygwin* )
@@ -8348,9 +8469,9 @@ AC_CACHE_VAL(lt_cv_to_tool_file_cmd,
 [#assume ordinary cross tools, or native build.
 lt_cv_to_tool_file_cmd=func_convert_file_noop
 case $host in
-  *-*-mingw* )
+  *-*-mingw* | *-*-windows* )
     case $build in
-      *-*-mingw* ) # actually msys
+      *-*-mingw* | *-*-windows* ) # actually msys
         lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
         ;;
     esac
@@ -8365,15 +8486,15 @@ _LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd],
 
 # Helper functions for option handling.                    -*- Autoconf -*-
 #
-#   Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
-#   Foundation, Inc.
+#   Copyright (C) 2004-2005, 2007-2009, 2011-2019, 2021-2024 Free
+#   Software Foundation, Inc.
 #   Written by Gary V. Vaughan, 2004
 #
 # This file is free software; the Free Software Foundation gives
 # unlimited permission to copy and/or distribute it, with or without
 # modifications, as long as this notice is preserved.
 
-# serial 8 ltoptions.m4
+# serial 10 ltoptions.m4
 
 # This is to help aclocal find these macros, as it can't see m4_define.
 AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
@@ -8490,7 +8611,7 @@ LT_OPTION_DEFINE([LT_INIT], [win32-dll],
 [enable_win32_dll=yes
 
 case $host in
-*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*)
+*-*-cygwin* | *-*-mingw* | *-*-windows* | *-*-pw32* | *-*-cegcc*)
   AC_CHECK_TOOL(AS, as, false)
   AC_CHECK_TOOL(DLLTOOL, dlltool, false)
   AC_CHECK_TOOL(OBJDUMP, objdump, false)
@@ -8685,29 +8806,39 @@ dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
 
 # _LT_WITH_AIX_SONAME([DEFAULT])
 # ----------------------------------
-# implement the --with-aix-soname flag, and support the `aix-soname=aix'
-# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT
-# is either `aix', `both' or `svr4'.  If omitted, it defaults to `aix'.
+# implement the --enable-aix-soname configure option, and support the
+# `aix-soname=aix' and `aix-soname=both' and `aix-soname=svr4' LT_INIT options.
+# DEFAULT is either `aix', `both', or `svr4'.  If omitted, it defaults to `aix'.
 m4_define([_LT_WITH_AIX_SONAME],
 [m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl
 shared_archive_member_spec=
 case $host,$enable_shared in
 power*-*-aix[[5-9]]*,yes)
   AC_MSG_CHECKING([which variant of shared library versioning to provide])
-  AC_ARG_WITH([aix-soname],
-    [AS_HELP_STRING([--with-aix-soname=aix|svr4|both],
+  AC_ARG_ENABLE([aix-soname],
+    [AS_HELP_STRING([--enable-aix-soname=aix|svr4|both],
       [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])],
-    [case $withval in
-    aix|svr4|both)
-      ;;
-    *)
-      AC_MSG_ERROR([Unknown argument to --with-aix-soname])
-      ;;
-    esac
-    lt_cv_with_aix_soname=$with_aix_soname],
-    [AC_CACHE_VAL([lt_cv_with_aix_soname],
-      [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)
-    with_aix_soname=$lt_cv_with_aix_soname])
+    [case $enableval in
+     aix|svr4|both)
+       ;;
+     *)
+       AC_MSG_ERROR([Unknown argument to --enable-aix-soname])
+       ;;
+     esac
+     lt_cv_with_aix_soname=$enable_aix_soname],
+    [_AC_ENABLE_IF([with], [aix-soname],
+        [case $withval in
+         aix|svr4|both)
+           ;;
+         *)
+           AC_MSG_ERROR([Unknown argument to --with-aix-soname])
+           ;;
+         esac
+         lt_cv_with_aix_soname=$with_aix_soname],
+        [AC_CACHE_VAL([lt_cv_with_aix_soname],
+           [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)])
+     enable_aix_soname=$lt_cv_with_aix_soname])
+  with_aix_soname=$enable_aix_soname
   AC_MSG_RESULT([$with_aix_soname])
   if test aix != "$with_aix_soname"; then
     # For the AIX way of multilib, we name the shared archive member
@@ -8738,30 +8869,50 @@ LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])])
 
 # _LT_WITH_PIC([MODE])
 # --------------------
-# implement the --with-pic flag, and support the 'pic-only' and 'no-pic'
+# implement the --enable-pic flag, and support the 'pic-only' and 'no-pic'
 # LT_INIT options.
 # MODE is either 'yes' or 'no'.  If omitted, it defaults to 'both'.
 m4_define([_LT_WITH_PIC],
-[AC_ARG_WITH([pic],
-    [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
+[AC_ARG_ENABLE([pic],
+    [AS_HELP_STRING([--enable-pic@<:@=PKGS@:>@],
 	[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
     [lt_p=${PACKAGE-default}
-    case $withval in
-    yes|no) pic_mode=$withval ;;
-    *)
-      pic_mode=default
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for lt_pkg in $withval; do
-	IFS=$lt_save_ifs
-	if test "X$lt_pkg" = "X$lt_p"; then
-	  pic_mode=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [pic_mode=m4_default([$1], [default])])
+     case $enableval in
+     yes|no) pic_mode=$enableval ;;
+     *)
+       pic_mode=default
+       # Look at the argument we got.  We use all the common list separators.
+       lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
+       for lt_pkg in $enableval; do
+	 IFS=$lt_save_ifs
+	 if test "X$lt_pkg" = "X$lt_p"; then
+	   pic_mode=yes
+	 fi
+       done
+       IFS=$lt_save_ifs
+       ;;
+     esac],
+    [dnl Continue to support --with-pic and --without-pic, for backward
+     dnl compatibility.
+     _AC_ENABLE_IF([with], [pic],
+	[lt_p=${PACKAGE-default}
+	 case $withval in
+	 yes|no) pic_mode=$withval ;;
+	 *)
+	   pic_mode=default
+	   # Look at the argument we got.  We use all the common list separators.
+	   lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
+	   for lt_pkg in $withval; do
+	     IFS=$lt_save_ifs
+	     if test "X$lt_pkg" = "X$lt_p"; then
+	       pic_mode=yes
+	     fi
+	   done
+	   IFS=$lt_save_ifs
+	   ;;
+	 esac],
+	[pic_mode=m4_default([$1], [default])])]
+    )
 
 _LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
 ])# _LT_WITH_PIC
@@ -8797,7 +8948,7 @@ LT_OPTION_DEFINE([LTDL_INIT], [convenience],
 
 # ltsugar.m4 -- libtool m4 base layer.                         -*-Autoconf-*-
 #
-# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
+# Copyright (C) 2004-2005, 2007-2008, 2011-2019, 2021-2024 Free Software
 # Foundation, Inc.
 # Written by Gary V. Vaughan, 2004
 #
@@ -8922,7 +9073,8 @@ m4_define([lt_dict_filter],
 
 # ltversion.m4 -- version numbers			-*- Autoconf -*-
 #
-#   Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
+#   Copyright (C) 2004, 2011-2019, 2021-2024 Free Software Foundation,
+#   Inc.
 #   Written by Scott James Remnant, 2004
 #
 # This file is free software; the Free Software Foundation gives
@@ -8931,23 +9083,23 @@ m4_define([lt_dict_filter],
 
 # @configure_input@
 
-# serial 4179 ltversion.m4
+# serial 4441 ltversion.m4
 # This file is part of GNU Libtool
 
-m4_define([LT_PACKAGE_VERSION], [2.4.6])
-m4_define([LT_PACKAGE_REVISION], [2.4.6])
+m4_define([LT_PACKAGE_VERSION], [2.5.4])
+m4_define([LT_PACKAGE_REVISION], [2.5.4])
 
 AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4.6'
-macro_revision='2.4.6'
+[macro_version='2.5.4'
+macro_revision='2.5.4'
 _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
 _LT_DECL(, macro_revision, 0)
 ])
 
 # lt~obsolete.m4 -- aclocal satisfying obsolete definitions.    -*-Autoconf-*-
 #
-#   Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
-#   Foundation, Inc.
+#   Copyright (C) 2004-2005, 2007, 2009, 2011-2019, 2021-2024 Free
+#   Software Foundation, Inc.
 #   Written by Scott James Remnant, 2004.
 #
 # This file is free software; the Free Software Foundation gives
@@ -9044,8 +9196,8 @@ m4_ifndef([_LT_PROG_F77],		[AC_DEFUN([_LT_PROG_F77])])
 m4_ifndef([_LT_PROG_FC],		[AC_DEFUN([_LT_PROG_FC])])
 m4_ifndef([_LT_PROG_CXX],		[AC_DEFUN([_LT_PROG_CXX])])
 
-# pkg.m4 - Macros to locate and utilise pkg-config.   -*- Autoconf -*-
-# serial 11 (pkg-config-0.29.1)
+# pkg.m4 - Macros to locate and use pkg-config.   -*- Autoconf -*-
+# serial 12 (pkg-config-0.29.2)
 
 dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
 dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
@@ -9087,13 +9239,13 @@ dnl
 dnl See the "Since" comment for each macro you use to see what version
 dnl of the macros you require.
 m4_defun([PKG_PREREQ],
-[m4_define([PKG_MACROS_VERSION], [0.29.1])
+[m4_define([PKG_MACROS_VERSION], [0.29.2])
 m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
     [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
 ])dnl PKG_PREREQ
 
-dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
-dnl ----------------------------------
+dnl PKG_PROG_PKG_CONFIG([MIN-VERSION], [ACTION-IF-NOT-FOUND])
+dnl ---------------------------------------------------------
 dnl Since: 0.16
 dnl
 dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
@@ -9101,6 +9253,12 @@ dnl first found in the path. Checks that the version of pkg-config found
 dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
 dnl used since that's the first version where most current features of
 dnl pkg-config existed.
+dnl
+dnl If pkg-config is not found or older than specified, it will result
+dnl in an empty PKG_CONFIG variable. To avoid widespread issues with
+dnl scripts not checking it, ACTION-IF-NOT-FOUND defaults to aborting.
+dnl You can specify [PKG_CONFIG=false] as an action instead, which would
+dnl result in pkg-config tests failing, but no bogus error messages.
 AC_DEFUN([PKG_PROG_PKG_CONFIG],
 [m4_pattern_forbid([^_?PKG_[A-Z_]+$])
 m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
@@ -9121,6 +9279,9 @@ if test -n "$PKG_CONFIG"; then
 		AC_MSG_RESULT([no])
 		PKG_CONFIG=""
 	fi
+fi
+if test -z "$PKG_CONFIG"; then
+	m4_default([$2], [AC_MSG_ERROR([pkg-config not found])])
 fi[]dnl
 ])dnl PKG_PROG_PKG_CONFIG
 
@@ -9132,7 +9293,7 @@ dnl Check to see whether a particular set of modules exists. Similar to
 dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
 dnl
 dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-dnl only at the first occurence in configure.ac, so if the first place
+dnl only at the first occurrence in configure.ac, so if the first place
 dnl it's called might be skipped (such as if it is within an "if", you
 dnl have to call PKG_CHECK_EXISTS manually
 AC_DEFUN([PKG_CHECK_EXISTS],
@@ -9188,7 +9349,7 @@ AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
 AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
 
 pkg_failed=no
-AC_MSG_CHECKING([for $1])
+AC_MSG_CHECKING([for $2])
 
 _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
 _PKG_CONFIG([$1][_LIBS], [libs], [$2])
@@ -9198,17 +9359,17 @@ and $1[]_LIBS to avoid the need to call pkg-config.
 See the pkg-config man page for more details.])
 
 if test $pkg_failed = yes; then
-   	AC_MSG_RESULT([no])
+        AC_MSG_RESULT([no])
         _PKG_SHORT_ERRORS_SUPPORTED
         if test $_pkg_short_errors_supported = yes; then
-	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
-        else 
-	        $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
+                $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
+        else
+                $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
         fi
-	# Put the nasty error message in config.log where it belongs
-	echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
+        # Put the nasty error message in config.log where it belongs
+        echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
 
-	m4_default([$4], [AC_MSG_ERROR(
+        m4_default([$4], [AC_MSG_ERROR(
 [Package requirements ($2) were not met:
 
 $$1_PKG_ERRORS
@@ -9219,8 +9380,8 @@ installed software in a non-standard prefix.
 _PKG_TEXT])[]dnl
         ])
 elif test $pkg_failed = untried; then
-     	AC_MSG_RESULT([no])
-	m4_default([$4], [AC_MSG_FAILURE(
+        AC_MSG_RESULT([no])
+        m4_default([$4], [AC_MSG_FAILURE(
 [The pkg-config script could not be found or is too old.  Make sure it
 is in your PATH or set the PKG_CONFIG environment variable to the full
 path to pkg-config.
@@ -9230,10 +9391,10 @@ _PKG_TEXT
 To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
         ])
 else
-	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
-	$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
+        $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
+        $1[]_LIBS=$pkg_cv_[]$1[]_LIBS
         AC_MSG_RESULT([yes])
-	$3
+        $3
 fi[]dnl
 ])dnl PKG_CHECK_MODULES
 
@@ -9390,7 +9551,7 @@ AS_IF([test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"],
 
 # AM_CONDITIONAL                                            -*- Autoconf -*-
 
-# Copyright (C) 1997-2020 Free Software Foundation, Inc.
+# Copyright (C) 1997-2024 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -9421,7 +9582,7 @@ AC_CONFIG_COMMANDS_PRE(
 Usually this means the macro was only invoked conditionally.]])
 fi])])
 
-# Copyright (C) 2006-2020 Free Software Foundation, Inc.
+# Copyright (C) 2006-2024 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
diff --git a/contrib/unbound/cachedb/redis.c b/contrib/unbound/cachedb/redis.c
index 3dfa95859eb8..9383f1c8576c 100644
--- a/contrib/unbound/cachedb/redis.c
+++ b/contrib/unbound/cachedb/redis.c
@@ -46,6 +46,8 @@
 #include "cachedb/cachedb.h"
 #include "util/alloc.h"
 #include "util/config_file.h"
+#include "util/locks.h"
+#include "util/timeval_func.h"
 #include "sldns/sbuffer.h"
 
 #ifdef USE_REDIS
@@ -75,6 +77,18 @@ struct redis_moddata {
 	/* timeout for connection setup */
 	struct timeval connect_timeout;
 	struct timeval replica_connect_timeout;
+	/* the reconnect interval time. */
+	struct timeval reconnect_interval;
+	struct timeval replica_reconnect_interval;
+	/* reconnect attempts, 0 if connected, counts up failed reconnects. */
+	int reconnect_attempts;
+	int replica_reconnect_attempts;
+	/* Lock on reconnect_wait time. */
+	lock_basic_type wait_lock;
+	lock_basic_type replica_wait_lock;
+	/* reconnect wait time, wait until it has passed before reconnect. */
+	struct timeval reconnect_wait;
+	struct timeval replica_reconnect_wait;
 	/* the redis logical database to use */
 	int logical_db;
 	int replica_logical_db;
@@ -82,6 +96,10 @@ struct redis_moddata {
 	int set_with_ex_available;
 };
 
+/** The limit on the number of redis connect attempts. After failure if
+ * the number is exceeded, the reconnects are throttled by the wait time. */
+#define REDIS_RECONNECT_ATTEMPT_LIMIT 3
+
 static redisReply* redis_command(struct module_env*, struct cachedb_env*,
 	const char*, const uint8_t*, size_t, int);
 
@@ -105,6 +123,8 @@ moddata_clean(struct redis_moddata** moddata) {
 		}
 		free((*moddata)->replica_ctxs);
 	}
+	lock_basic_destroy(&(*moddata)->wait_lock);
+	lock_basic_destroy(&(*moddata)->replica_wait_lock);
 	free(*moddata);
 	*moddata = NULL;
 }
@@ -113,10 +133,39 @@ static redisContext*
 redis_connect(const char* host, int port, const char* path,
 	const char* password, int logical_db,
 	const struct timeval connect_timeout,
-	const struct timeval command_timeout)
+	const struct timeval command_timeout,
+	const struct timeval* reconnect_interval,
+	int* reconnect_attempts,
+	struct timeval* reconnect_wait,
+	lock_basic_type* wait_lock,
+	struct timeval* now_tv,
+	const char* infostr)
 {
+	struct timeval now_val;
 	redisContext* ctx;
 
+	/* See if the redis server is down, and reconnect has to wait. */
+	if(*reconnect_attempts > REDIS_RECONNECT_ATTEMPT_LIMIT) {
+		/* Acquire lock to look at timeval, the integer has atomic
+		 * integrity. */
+		struct timeval wait_tv;
+		if(now_tv) {
+			now_val = *now_tv;
+		} else {
+			if(gettimeofday(&now_val, NULL) < 0)
+				log_err("redis: gettimeofday: %s",
+					strerror(errno));
+		}
+		lock_basic_lock(wait_lock);
+		wait_tv = *reconnect_wait;
+		lock_basic_unlock(wait_lock);
+		if(timeval_smaller(&now_val, &wait_tv)) {
+			verbose(VERB_ALGO, "redis %sdown, reconnect wait",
+				infostr);
+			return NULL;
+		}
+	}
+
 	if(path && path[0]!=0) {
 		ctx = redisConnectUnixWithTimeout(path, connect_timeout);
 	} else {
@@ -126,18 +175,18 @@ redis_connect(const char* host, int port, const char* path,
 		const char *errstr = "out of memory";
 		if(ctx)
 			errstr = ctx->errstr;
-		log_err("failed to connect to redis server: %s", errstr);
+		log_err("failed to connect to redis %sserver: %s", infostr, errstr);
 		goto fail;
 	}
 	if(redisSetTimeout(ctx, command_timeout) != REDIS_OK) {
-		log_err("failed to set redis timeout, %s", ctx->errstr);
+		log_err("failed to set redis %stimeout, %s", infostr, ctx->errstr);
 		goto fail;
 	}
 	if(password && password[0]!=0) {
 		redisReply* rep;
 		rep = redisCommand(ctx, "AUTH %s", password);
 		if(!rep || rep->type == REDIS_REPLY_ERROR) {
-			log_err("failed to authenticate with password");
+			log_err("failed to authenticate %swith password", infostr);
 			freeReplyObject(rep);
 			goto fail;
 		}
@@ -147,18 +196,20 @@ redis_connect(const char* host, int port, const char* path,
 		redisReply* rep;
 		rep = redisCommand(ctx, "SELECT %d", logical_db);
 		if(!rep || rep->type == REDIS_REPLY_ERROR) {
-			log_err("failed to set logical database (%d)",
-				logical_db);
+			log_err("failed %sto set logical database (%d)",
+				infostr, logical_db);
 			freeReplyObject(rep);
 			goto fail;
 		}
 		freeReplyObject(rep);
 	}
+	*reconnect_attempts = 0;
 	if(verbosity >= VERB_OPS) {
 		char port_str[6+1];
 		port_str[0] = ' ';
 		(void)snprintf(port_str+1, sizeof(port_str)-1, "%d", port);
-		verbose(VERB_OPS, "Connection to Redis established (%s%s)",
+		verbose(VERB_OPS, "Connection to Redis %sestablished (%s%s)",
+			infostr,
 			path&&path[0]!=0?path:host,
 			path&&path[0]!=0?"":port_str);
 	}
@@ -167,6 +218,25 @@ redis_connect(const char* host, int port, const char* path,
 fail:
 	if(ctx)
 		redisFree(ctx);
+	(*reconnect_attempts)++;
+	if(*reconnect_attempts > REDIS_RECONNECT_ATTEMPT_LIMIT) {
+		/* Wait for the reconnect interval before trying again. */
+		struct timeval tv;
+		if(now_tv) {
+			now_val = *now_tv;
+		} else {
+			if(gettimeofday(&now_val, NULL) < 0)
+				log_err("redis: gettimeofday: %s",
+					strerror(errno));
+		}
+		tv = now_val;
+		timeval_add(&tv, reconnect_interval);
+		lock_basic_lock(wait_lock);
+		*reconnect_wait = tv;
+		lock_basic_unlock(wait_lock);
+		verbose(VERB_ALGO, "redis %sreconnect wait until %d.%6.6d",
+			infostr, (int)tv.tv_sec, (int)tv.tv_usec);
+	}
 	return NULL;
 }
 
@@ -191,6 +261,13 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env)
 		log_err("out of memory");
 		goto fail;
 	}
+	lock_basic_init(&moddata->wait_lock);
+	lock_protect(&moddata->wait_lock, &moddata->reconnect_wait,
+		sizeof(moddata->reconnect_wait));
+	lock_basic_init(&moddata->replica_wait_lock);
+	lock_protect(&moddata->replica_wait_lock,
+		&moddata->replica_reconnect_wait,
+		sizeof(moddata->replica_reconnect_wait));
 	moddata->numctxs = env->cfg->num_threads;
 	/* note: server_host and similar string configuration options are
 	 * shallow references to configured strings; we don't have to free them
@@ -219,6 +296,8 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env)
 	set_timeout(&moddata->replica_connect_timeout,
 		env->cfg->redis_replica_timeout,
 		env->cfg->redis_replica_connect_timeout);
+	set_timeout(&moddata->reconnect_interval, 1000, 0);
+	set_timeout(&moddata->replica_reconnect_interval, 1000, 0);
 
 	moddata->logical_db = env->cfg->redis_logical_db;
 	moddata->replica_logical_db = env->cfg->redis_replica_logical_db;
@@ -245,7 +324,13 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env)
 			moddata->server_password,
 			moddata->logical_db,
 			moddata->connect_timeout,
-			moddata->command_timeout);
+			moddata->command_timeout,
+			&moddata->reconnect_interval,
+			&moddata->reconnect_attempts,
+			&moddata->reconnect_wait,
+			&moddata->wait_lock,
+			env->now_tv,
+			"");
 		if(!ctx) {
 			log_err("redis_init: failed to init redis "
 				"(for thread %d)", i);
@@ -263,7 +348,13 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env)
 				moddata->replica_server_password,
 				moddata->replica_logical_db,
 				moddata->replica_connect_timeout,
-				moddata->replica_command_timeout);
+				moddata->replica_command_timeout,
+				&moddata->replica_reconnect_interval,
+				&moddata->replica_reconnect_attempts,
+				&moddata->replica_reconnect_wait,
+				&moddata->replica_wait_lock,
+				env->now_tv,
+				"replica ");
 			if(!ctx) {
 				log_err("redis_init: failed to init redis "
 					"replica (for thread %d)", i);
@@ -301,7 +392,7 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env)
 set_with_ex_fail:
 	log_err("redis_init: failure during redis_init, the "
 		"redis-expire-records option requires the SET with EX command "
-		"(redis >= 2.6.2)");
+		"(redis >= 2.6.12)");
 	return 1;
 fail:
 	moddata_clean(&moddata);
@@ -364,7 +455,13 @@ redis_command(struct module_env* env, struct cachedb_env* cachedb_env,
 				d->replica_server_password,
 				d->replica_logical_db,
 				d->replica_connect_timeout,
-				d->replica_command_timeout);
+				d->replica_command_timeout,
+				&d->replica_reconnect_interval,
+				&d->replica_reconnect_attempts,
+				&d->replica_reconnect_wait,
+				&d->replica_wait_lock,
+				env->now_tv,
+				"replica ");
 		} else {
 			ctx = redis_connect(
 				d->server_host,
@@ -373,7 +470,13 @@ redis_command(struct module_env* env, struct cachedb_env* cachedb_env,
 				d->server_password,
 				d->logical_db,
 				d->connect_timeout,
-				d->command_timeout);
+				d->command_timeout,
+				&d->reconnect_interval,
+				&d->reconnect_attempts,
+				&d->reconnect_wait,
+				&d->wait_lock,
+				env->now_tv,
+				"");
 		}
 		ctx_selector[env->alloc->thread_num] = ctx;
 	}
@@ -405,7 +508,14 @@ redis_lookup(struct module_env* env, struct cachedb_env* cachedb_env,
 	char* key, struct sldns_buffer* result_buffer)
 {
 	redisReply* rep;
-	char cmdbuf[4+(CACHEDB_HASHSIZE/8)*2+1]; /* "GET " + key */
+	/* Supported commands:
+	 * - "GET " + key
+	 */
+#define REDIS_LOOKUP_MAX_BUF_LEN			\
+	4				/* "GET " */	\
+	+(CACHEDB_HASHSIZE/8)*2		/* key hash */	\
+	+ 1				/* \0 */
+	char cmdbuf[REDIS_LOOKUP_MAX_BUF_LEN];
 	int n;
 	int ret = 0;
 
@@ -465,7 +575,13 @@ redis_store(struct module_env* env, struct cachedb_env* cachedb_env,
 	 *   older redis 2.0.0 was "SETEX " + key + " " + ttl + " %b"
 	 * - "EXPIRE " + key + " 0"
 	 */
-	char cmdbuf[6+(CACHEDB_HASHSIZE/8)*2+11+3+1];
+#define REDIS_STORE_MAX_BUF_LEN				\
+	7			/* "EXPIRE " */		\
+	+(CACHEDB_HASHSIZE/8)*2	/* key hash */		\
+	+ 7			/* " %b EX " */		\
+	+ 20			/* ttl (uint64_t) */	\
+	+ 1			/* \0 */
+	char cmdbuf[REDIS_STORE_MAX_BUF_LEN];
 
 	if (!set_ttl) {
 		verbose(VERB_ALGO, "redis_store %s (%d bytes)", key, (int)data_len);
diff --git a/contrib/unbound/compat/fake-rfc2553.c b/contrib/unbound/compat/fake-rfc2553.c
index 0f0f34f1fb2d..45b703f2bce8 100644
--- a/contrib/unbound/compat/fake-rfc2553.c
+++ b/contrib/unbound/compat/fake-rfc2553.c
@@ -57,7 +57,7 @@ int getnameinfo(const struct sockaddr *sa, size_t ATTR_UNUSED(salen), char *host
 	}
 
 	if (host != NULL) {
-		if (flags & NI_NUMERICHOST) {
+		if ((flags & NI_NUMERICHOST)) {
 			if (strlcpy(host, inet_ntoa(sin->sin_addr),
 			    hostlen) >= hostlen)
 				return (EAI_MEMORY);
@@ -168,7 +168,7 @@ getaddrinfo(const char *hostname, const char *servname,
 			port = 0;
 	}
 
-	if (hints && hints->ai_flags & AI_PASSIVE) {
+	if (hints && (hints->ai_flags & AI_PASSIVE)) {
 		addr = htonl(0x00000000);
 		if (hostname && inet_aton(hostname, &in) != 0)
 			addr = in.s_addr;
@@ -193,7 +193,7 @@ getaddrinfo(const char *hostname, const char *servname,
 	}
 	
 	/* Don't try DNS if AI_NUMERICHOST is set */
-	if (hints && hints->ai_flags & AI_NUMERICHOST)
+	if (hints && (hints->ai_flags & AI_NUMERICHOST))
 		return (EAI_NONAME);
 	
 	hp = gethostbyname(hostname);
diff --git a/contrib/unbound/config.h.in b/contrib/unbound/config.h.in
index 584810398b91..a2b3f33c32be 100644
--- a/contrib/unbound/config.h.in
+++ b/contrib/unbound/config.h.in
@@ -173,7 +173,11 @@
    0 if you don't. */
 #undef HAVE_DECL_SSL_CTX_SET_ECDH_AUTO
 
-/* Define to 1 if you have the declaration of 'strlcat', and to 0 if you
+/* Define to 1 if you have the declaration of `SSL_CTX_set_tmp_ecdh', and to 0
+   if you don't. */
+#undef HAVE_DECL_SSL_CTX_SET_TMP_ECDH
+
+/* Define to 1 if you have the declaration of `strlcat', and to 0 if you
    don't. */
 #undef HAVE_DECL_STRLCAT
 
@@ -477,13 +481,19 @@
    'ngtcp2_crypto_quictls_from_ossl_encryption_level' function. */
 #undef HAVE_NGTCP2_CRYPTO_QUICTLS_FROM_OSSL_ENCRYPTION_LEVEL
 
-/* Define to 1 if the system has the type 'ngtcp2_encryption_level'. */
+/* Define to 1 if you have the `ngtcp2_crypto_quictls_init' function. */
+#undef HAVE_NGTCP2_CRYPTO_QUICTLS_INIT
+
+/* Define to 1 if the system has the type `ngtcp2_encryption_level'. */
 #undef HAVE_NGTCP2_ENCRYPTION_LEVEL
 
 /* Define to 1 if you have the <ngtcp2/ngtcp2_crypto_openssl.h> header file.
    */
 #undef HAVE_NGTCP2_NGTCP2_CRYPTO_OPENSSL_H
 
+/* Define to 1 if you have the <ngtcp2/ngtcp2_crypto_ossl.h> header file. */
+#undef HAVE_NGTCP2_NGTCP2_CRYPTO_OSSL_H
+
 /* Define to 1 if you have the <ngtcp2/ngtcp2_crypto_quictls.h> header file.
    */
 #undef HAVE_NGTCP2_NGTCP2_CRYPTO_QUICTLS_H
@@ -645,10 +655,7 @@
    function. */
 #undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB
 
-/* Define to 1 if you have the 'SSL_CTX_set_tmp_ecdh' function. */
-#undef HAVE_SSL_CTX_SET_TMP_ECDH
-
-/* Define to 1 if you have the 'SSL_get0_alpn_selected' function. */
+/* Define to 1 if you have the `SSL_get0_alpn_selected' function. */
 #undef HAVE_SSL_GET0_ALPN_SELECTED
 
 /* Define to 1 if you have the 'SSL_get0_peername' function. */
@@ -1023,6 +1030,9 @@
 /* Define this to enable client TCP Fast Open. */
 #undef USE_MSG_FASTOPEN
 
+/* Define this to use ngtcp2_crypto_ossl. */
+#undef USE_NGTCP2_CRYPTO_OSSL
+
 /* Define this to enable client TCP Fast Open. */
 #undef USE_OSX_MSG_FASTOPEN
 
diff --git a/contrib/unbound/configure b/contrib/unbound/configure
index c4c5de99d85d..3093412a492f 100755
--- a/contrib/unbound/configure
+++ b/contrib/unbound/configure
@@ -1,11 +1,11 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.72 for unbound 1.23.1.
+# Generated by GNU Autoconf 2.71 for unbound 1.24.1.
 #
 # Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
 #
 #
-# Copyright (C) 1992-1996, 1998-2017, 2020-2023 Free Software Foundation,
+# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
 # Inc.
 #
 #
@@ -17,6 +17,7 @@
 
 # Be more Bourne compatible
 DUALCASE=1; export DUALCASE # for MKS sh
+as_nop=:
 if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
 then :
   emulate sh
@@ -25,13 +26,12 @@ then :
   # is contrary to our usage.  Disable this feature.
   alias -g '${1+"$@"}'='"$@"'
   setopt NO_GLOB_SUBST
-else case e in #(
-  e) case `(set -o) 2>/dev/null` in #(
+else $as_nop
+  case `(set -o) 2>/dev/null` in #(
   *posix*) :
     set -o posix ;; #(
   *) :
      ;;
-esac ;;
 esac
 fi
 
@@ -103,7 +103,7 @@ IFS=$as_save_IFS
 
      ;;
 esac
-# We did not find ourselves, most probably we were run as 'sh COMMAND'
+# We did not find ourselves, most probably we were run as `sh COMMAND'
 # in which case we are not to be found in the path.
 if test "x$as_myself" = x; then
   as_myself=$0
@@ -133,14 +133,15 @@ case $- in # ((((
 esac
 exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
 # Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed 'exec'.
+# out after a failed `exec'.
 printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
 exit 255
   fi
   # We don't want this to propagate to other subprocesses.
           { _as_can_reexec=; unset _as_can_reexec;}
 if test "x$CONFIG_SHELL" = x; then
-  as_bourne_compatible="if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+  as_bourne_compatible="as_nop=:
+if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
 then :
   emulate sh
   NULLCMD=:
@@ -148,13 +149,12 @@ then :
   # is contrary to our usage.  Disable this feature.
   alias -g '\${1+\"\$@\"}'='\"\$@\"'
   setopt NO_GLOB_SUBST
-else case e in #(
-  e) case \`(set -o) 2>/dev/null\` in #(
+else \$as_nop
+  case \`(set -o) 2>/dev/null\` in #(
   *posix*) :
     set -o posix ;; #(
   *) :
      ;;
-esac ;;
 esac
 fi
 "
@@ -172,9 +172,8 @@ as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
 if ( set x; as_fn_ret_success y && test x = \"\$1\" )
 then :
 
-else case e in #(
-  e) exitcode=1; echo positional parameters were not saved. ;;
-esac
+else \$as_nop
+  exitcode=1; echo positional parameters were not saved.
 fi
 test x\$exitcode = x0 || exit 1
 blah=\$(echo \$(echo blah))
@@ -196,15 +195,14 @@ test \$(( 1 + 1 )) = 2 || exit 1
   if (eval "$as_required") 2>/dev/null
 then :
   as_have_required=yes
-else case e in #(
-  e) as_have_required=no ;;
-esac
+else $as_nop
+  as_have_required=no
 fi
   if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null
 then :
 
-else case e in #(
-  e) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+else $as_nop
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
 as_found=false
 for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
 do
@@ -237,13 +235,12 @@ IFS=$as_save_IFS
 if $as_found
 then :
 
-else case e in #(
-  e) if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+else $as_nop
+  if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
 	      as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null
 then :
   CONFIG_SHELL=$SHELL as_have_required=yes
-fi ;;
-esac
+fi
 fi
 
 
@@ -265,7 +262,7 @@ case $- in # ((((
 esac
 exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
 # Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed 'exec'.
+# out after a failed `exec'.
 printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
 exit 255
 fi
@@ -286,8 +283,7 @@ $0: message. Then install a modern shell, or manually run
 $0: the script under such a shell if you do have one."
   fi
   exit 1
-fi ;;
-esac
+fi
 fi
 fi
 SHELL=${CONFIG_SHELL-/bin/sh}
@@ -326,6 +322,14 @@ as_fn_exit ()
   as_fn_set_status $1
   exit $1
 } # as_fn_exit
+# as_fn_nop
+# ---------
+# Do nothing but, unlike ":", preserve the value of $?.
+as_fn_nop ()
+{
+  return $?
+}
+as_nop=as_fn_nop
 
 # as_fn_mkdir_p
 # -------------
@@ -394,12 +398,11 @@ then :
   {
     eval $1+=\$2
   }'
-else case e in #(
-  e) as_fn_append ()
+else $as_nop
+  as_fn_append ()
   {
     eval $1=\$$1\$2
-  } ;;
-esac
+  }
 fi # as_fn_append
 
 # as_fn_arith ARG...
@@ -413,14 +416,21 @@ then :
   {
     as_val=$(( $* ))
   }'
-else case e in #(
-  e) as_fn_arith ()
+else $as_nop
+  as_fn_arith ()
   {
     as_val=`expr "$@" || test $? -eq 1`
-  } ;;
-esac
+  }
 fi # as_fn_arith
 
+# as_fn_nop
+# ---------
+# Do nothing but, unlike ":", preserve the value of $?.
+as_fn_nop ()
+{
+  return $?
+}
+as_nop=as_fn_nop
 
 # as_fn_error STATUS ERROR [LINENO LOG_FD]
 # ----------------------------------------
@@ -494,8 +504,6 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits
     /[$]LINENO/=
   ' <$as_myself |
     sed '
-      t clear
-      :clear
       s/[$]LINENO.*/&-/
       t lineno
       b
@@ -544,6 +552,7 @@ esac
 as_echo='printf %s\n'
 as_echo_n='printf %s'
 
+
 rm -f conf$$ conf$$.exe conf$$.file
 if test -d conf$$.dir; then
   rm -f conf$$.dir/conf$$.file
@@ -555,9 +564,9 @@ if (echo >conf$$.file) 2>/dev/null; then
   if ln -s conf$$.file conf$$ 2>/dev/null; then
     as_ln_s='ln -s'
     # ... but there are two gotchas:
-    # 1) On MSYS, both 'ln -s file dir' and 'ln file dir' fail.
-    # 2) DJGPP < 2.04 has no symlinks; 'ln -s' creates a wrapper executable.
-    # In both cases, we have to default to 'cp -pR'.
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -pR'.
     ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
       as_ln_s='cp -pR'
   elif ln conf$$.file conf$$ 2>/dev/null; then
@@ -582,12 +591,10 @@ as_test_x='test -x'
 as_executable_p=as_fn_executable_p
 
 # Sed expression to map a string onto a valid CPP name.
-as_sed_cpp="y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g"
-as_tr_cpp="eval sed '$as_sed_cpp'" # deprecated
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
 
 # Sed expression to map a string onto a valid variable name.
-as_sed_sh="y%*+%pp%;s%[^_$as_cr_alnum]%_%g"
-as_tr_sh="eval sed '$as_sed_sh'" # deprecated
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
 
 SHELL=${CONFIG_SHELL-/bin/sh}
 
@@ -615,8 +622,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='unbound'
 PACKAGE_TARNAME='unbound'
-PACKAGE_VERSION='1.23.1'
-PACKAGE_STRING='unbound 1.23.1'
+PACKAGE_VERSION='1.24.1'
+PACKAGE_STRING='unbound 1.24.1'
 PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
 PACKAGE_URL=''
 
@@ -653,7 +660,6 @@ ac_includes_default="\
 
 ac_header_c_list=
 ac_func_c_list=
-enable_year2038=no
 ac_subst_vars='LTLIBOBJS
 date
 version
@@ -679,7 +685,9 @@ opt_dnstap_socket_path
 ENABLE_DNSTAP
 PROTOBUFC_LIBS
 PROTOBUFC_CFLAGS
+PROTOC_GEN_C
 PROTOC_C
+PROTOC
 UBSYMS
 EXTRALINK
 COMMON_OBJ_ALL_SYMBOLS
@@ -740,7 +748,6 @@ PTHREAD_LIBS
 PTHREAD_CXX
 PTHREAD_CC
 ax_pthread_config
-CPP
 ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ
 SLDNS_ALLOCCHECK_EXTRA_OBJ
 USE_SYSTEMD_FALSE
@@ -751,6 +758,7 @@ SYSTEMD_LIBS
 SYSTEMD_CFLAGS
 RUNTIME_PATH
 LIBOBJS
+CPP
 PKG_CONFIG_LIBDIR
 PKG_CONFIG_PATH
 PKG_CONFIG
@@ -766,6 +774,7 @@ RANLIB
 ac_ct_AR
 DLLTOOL
 OBJDUMP
+FILECMD
 LN_S
 NM
 ac_ct_DUMPBIN
@@ -877,8 +886,10 @@ enable_pie
 enable_relro_now
 enable_shared
 enable_static
+enable_pic
 with_pic
 enable_fast_install
+enable_aix_soname
 with_aix_soname
 with_gnu_ld
 with_sysroot
@@ -933,7 +944,6 @@ with_libmnl
 enable_explicit_port_randomisation
 enable_linux_ip_local_port_range
 with_libunbound_only
-enable_year2038
 '
       ac_precious_vars='build_alias
 host_alias
@@ -949,11 +959,11 @@ LT_SYS_LIBRARY_PATH
 PKG_CONFIG
 PKG_CONFIG_PATH
 PKG_CONFIG_LIBDIR
+CPP
 SYSTEMD_CFLAGS
 SYSTEMD_LIBS
 SYSTEMD_DAEMON_CFLAGS
 SYSTEMD_DAEMON_LIBS
-CPP
 PYTHON_VERSION
 SOURCE_DATE_EPOCH
 PROTOBUFC_CFLAGS
@@ -1066,7 +1076,7 @@ do
     ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
     # Reject names that are not valid shell variable names.
     expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
-      as_fn_error $? "invalid feature name: '$ac_useropt'"
+      as_fn_error $? "invalid feature name: \`$ac_useropt'"
     ac_useropt_orig=$ac_useropt
     ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
     case $ac_user_opts in
@@ -1092,7 +1102,7 @@ do
     ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
     # Reject names that are not valid shell variable names.
     expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
-      as_fn_error $? "invalid feature name: '$ac_useropt'"
+      as_fn_error $? "invalid feature name: \`$ac_useropt'"
     ac_useropt_orig=$ac_useropt
     ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
     case $ac_user_opts in
@@ -1305,7 +1315,7 @@ do
     ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
     # Reject names that are not valid shell variable names.
     expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
-      as_fn_error $? "invalid package name: '$ac_useropt'"
+      as_fn_error $? "invalid package name: \`$ac_useropt'"
     ac_useropt_orig=$ac_useropt
     ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
     case $ac_user_opts in
@@ -1321,7 +1331,7 @@ do
     ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
     # Reject names that are not valid shell variable names.
     expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
-      as_fn_error $? "invalid package name: '$ac_useropt'"
+      as_fn_error $? "invalid package name: \`$ac_useropt'"
     ac_useropt_orig=$ac_useropt
     ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
     case $ac_user_opts in
@@ -1351,8 +1361,8 @@ do
   | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
     x_libraries=$ac_optarg ;;
 
-  -*) as_fn_error $? "unrecognized option: '$ac_option'
-Try '$0 --help' for more information"
+  -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
     ;;
 
   *=*)
@@ -1360,7 +1370,7 @@ Try '$0 --help' for more information"
     # Reject names that are not valid shell variable names.
     case $ac_envvar in #(
       '' | [0-9]* | *[!_$as_cr_alnum]* )
-      as_fn_error $? "invalid variable name: '$ac_envvar'" ;;
+      as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
     esac
     eval $ac_envvar=\$ac_optarg
     export $ac_envvar ;;
@@ -1410,7 +1420,7 @@ do
   as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
 done
 
-# There might be people who depend on the old broken behavior: '$host'
+# There might be people who depend on the old broken behavior: `$host'
 # used to hold the argument of --host etc.
 # FIXME: To remove some day.
 build=$build_alias
@@ -1478,7 +1488,7 @@ if test ! -r "$srcdir/$ac_unique_file"; then
   test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
   as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
 fi
-ac_msg="sources are in $srcdir, but 'cd $srcdir' does not work"
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
 ac_abs_confdir=`(
 	cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
 	pwd)`
@@ -1506,7 +1516,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-'configure' configures unbound 1.23.1 to adapt to many kinds of systems.
+\`configure' configures unbound 1.24.1 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1520,11 +1530,11 @@ Configuration:
       --help=short        display options specific to this package
       --help=recursive    display the short help of all the included packages
   -V, --version           display version information and exit
-  -q, --quiet, --silent   do not print 'checking ...' messages
+  -q, --quiet, --silent   do not print \`checking ...' messages
       --cache-file=FILE   cache test results in FILE [disabled]
-  -C, --config-cache      alias for '--cache-file=config.cache'
+  -C, --config-cache      alias for \`--cache-file=config.cache'
   -n, --no-create         do not create output files
-      --srcdir=DIR        find the sources in DIR [configure dir or '..']
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
 
 Installation directories:
   --prefix=PREFIX         install architecture-independent files in PREFIX
@@ -1532,10 +1542,10 @@ Installation directories:
   --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
                           [PREFIX]
 
-By default, 'make install' will install all the files in
-'$ac_default_prefix/bin', '$ac_default_prefix/lib' etc.  You can specify
-an installation prefix other than '$ac_default_prefix' using '--prefix',
-for instance '--prefix=\$HOME'.
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
 
 For better control, use the options below.
 
@@ -1572,7 +1582,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of unbound 1.23.1:";;
+     short | recursive ) echo "Configuration of unbound 1.24.1:";;
    esac
   cat <<\_ACEOF
 
@@ -1589,8 +1599,13 @@ Optional Features:
                           NOW, to protect GOT and .dtor areas)
   --enable-shared[=PKGS]  build shared libraries [default=yes]
   --enable-static[=PKGS]  build static libraries [default=yes]
+  --enable-pic[=PKGS]     try to use only PIC/non-PIC objects [default=use
+                          both]
   --enable-fast-install[=PKGS]
                           optimize for fast installation [default=yes]
+  --enable-aix-soname=aix|svr4|both
+                          shared library versioning (aka "SONAME") variant to
+                          provide on AIX, [default=aix].
   --disable-libtool-lock  avoid locking (might break parallel builds)
   --disable-rpath         disable hardcoded rpath (default=enabled)
   --disable-largefile     omit support for large files
@@ -1648,7 +1663,6 @@ Optional Features:
                           randomness. Define this only when the target system
                           restricts (e.g. some of SELinux enabled
                           distributions) the use of non-ephemeral ports.
-  --enable-year2038       support timestamps after 2038
 
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
@@ -1671,11 +1685,6 @@ Optional Packages:
                           not exist if you are content with the builtin.
   --with-username=user    set default user that unbound changes to (default
                           user is unbound)
-  --with-pic[=PKGS]       try to use only PIC/non-PIC objects [default=use
-                          both]
-  --with-aix-soname=aix|svr4|both
-                          shared library versioning (aka "SONAME") variant to
-                          provide on AIX, [default=aix].
   --with-gnu-ld           assume the C compiler uses GNU ld [default=no]
   --with-sysroot[=DIR]    Search for dependent libraries within DIR (or the
                           compiler's sysroot if not specified).
@@ -1724,12 +1733,12 @@ Some influential environment variables:
   LIBS        libraries to pass to the linker, e.g. -l<library>
   CPPFLAGS    (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
               you have headers in a nonstandard directory <include dir>
-  YACC        The 'Yet Another Compiler Compiler' implementation to use.
-              Defaults to the first program found out of: 'bison -y', 'byacc',
-              'yacc'.
+  YACC        The `Yet Another Compiler Compiler' implementation to use.
+              Defaults to the first program found out of: `bison -y', `byacc',
+              `yacc'.
   YFLAGS      The list of arguments that will be passed by default to $YACC.
               This script will default YFLAGS to the empty string to avoid a
-              default value of '-d' given by some make applications.
+              default value of `-d' given by some make applications.
   LT_SYS_LIBRARY_PATH
               User-defined run-time library search path.
   PKG_CONFIG  path to pkg-config utility
@@ -1737,6 +1746,7 @@ Some influential environment variables:
               directories to add to pkg-config's search path
   PKG_CONFIG_LIBDIR
               path overriding pkg-config's built-in search path
+  CPP         C preprocessor
   SYSTEMD_CFLAGS
               C compiler flags for SYSTEMD, overriding pkg-config
   SYSTEMD_LIBS
@@ -1745,7 +1755,6 @@ Some influential environment variables:
               C compiler flags for SYSTEMD_DAEMON, overriding pkg-config
   SYSTEMD_DAEMON_LIBS
               linker flags for SYSTEMD_DAEMON, overriding pkg-config
-  CPP         C preprocessor
   PYTHON_VERSION
               The installed Python version to use, for example '2.3'. This
               string will be appended to the Python interpreter canonical
@@ -1759,7 +1768,7 @@ Some influential environment variables:
   PROTOBUFC_LIBS
               linker flags for PROTOBUFC, overriding pkg-config
 
-Use these variables to override the choices made by 'configure' or to help
+Use these variables to override the choices made by `configure' or to help
 it to find libraries and programs with nonstandard names/locations.
 
 Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
@@ -1826,10 +1835,10 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-unbound configure 1.23.1
-generated by GNU Autoconf 2.72
+unbound configure 1.24.1
+generated by GNU Autoconf 2.71
 
-Copyright (C) 2023 Free Software Foundation, Inc.
+Copyright (C) 2021 Free Software Foundation, Inc.
 This configure script is free software; the Free Software Foundation
 gives unlimited permission to copy, distribute and modify it.
 _ACEOF
@@ -1868,12 +1877,11 @@ printf "%s\n" "$ac_try_echo"; } >&5
        } && test -s conftest.$ac_objext
 then :
   ac_retval=0
-else case e in #(
-  e) printf "%s\n" "$as_me: failed program was:" >&5
+else $as_nop
+  printf "%s\n" "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-	ac_retval=1 ;;
-esac
+	ac_retval=1
 fi
   eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
   as_fn_set_status $ac_retval
@@ -1892,8 +1900,8 @@ printf %s "checking for $2... " >&6; }
 if eval test \${$3+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $4
 #include <$2>
@@ -1901,12 +1909,10 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   eval "$3=yes"
-else case e in #(
-  e) eval "$3=no" ;;
-esac
+else $as_nop
+  eval "$3=no"
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 eval ac_res=\$$3
 	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
@@ -1946,12 +1952,11 @@ printf "%s\n" "$ac_try_echo"; } >&5
        }
 then :
   ac_retval=0
-else case e in #(
-  e) printf "%s\n" "$as_me: failed program was:" >&5
+else $as_nop
+  printf "%s\n" "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-	ac_retval=1 ;;
-esac
+	ac_retval=1
 fi
   # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
   # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
@@ -1974,15 +1979,15 @@ printf %s "checking for $2... " >&6; }
 if eval test \${$3+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 /* Define $2 to an innocuous variant, in case <limits.h> declares $2.
    For example, HP-UX 11i <limits.h> declares gettimeofday.  */
 #define $2 innocuous_$2
 
 /* System header to define __stub macros and hopefully few prototypes,
-   which can conflict with char $2 (void); below.  */
+   which can conflict with char $2 (); below.  */
 
 #include <limits.h>
 #undef $2
@@ -1993,7 +1998,7 @@ else case e in #(
 #ifdef __cplusplus
 extern "C"
 #endif
-char $2 (void);
+char $2 ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
@@ -2012,13 +2017,11 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   eval "$3=yes"
-else case e in #(
-  e) eval "$3=no" ;;
-esac
+else $as_nop
+  eval "$3=no"
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext ;;
-esac
+    conftest$ac_exeext conftest.$ac_ext
 fi
 eval ac_res=\$$3
 	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
@@ -2039,8 +2042,8 @@ printf %s "checking for $2... " >&6; }
 if eval test \${$3+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) eval "$3=no"
+else $as_nop
+  eval "$3=no"
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $4
@@ -2070,14 +2073,12 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
 
-else case e in #(
-  e) eval "$3=yes" ;;
-esac
+else $as_nop
+  eval "$3=yes"
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 eval ac_res=\$$3
 	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
@@ -2086,6 +2087,44 @@ printf "%s\n" "$ac_res" >&6; }
 
 } # ac_fn_c_check_type
 
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } > conftest.i && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }
+then :
+  ac_retval=0
+else $as_nop
+  printf "%s\n" "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+    ac_retval=1
+fi
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_cpp
+
 # ac_fn_c_try_run LINENO
 # ----------------------
 # Try to run conftest.$ac_ext, and return whether this succeeded. Assumes that
@@ -2116,13 +2155,12 @@ printf "%s\n" "$ac_try_echo"; } >&5
   test $ac_status = 0; }; }
 then :
   ac_retval=0
-else case e in #(
-  e) printf "%s\n" "$as_me: program exited with status $ac_status" >&5
+else $as_nop
+  printf "%s\n" "$as_me: program exited with status $ac_status" >&5
        printf "%s\n" "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-       ac_retval=$ac_status ;;
-esac
+       ac_retval=$ac_status
 fi
   rm -rf conftest.dSYM conftest_ipa8_conftest.oo
   eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
@@ -2175,19 +2213,18 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_hi=$ac_mid; break
-else case e in #(
-  e) as_fn_arith $ac_mid + 1 && ac_lo=$as_val
+else $as_nop
+  as_fn_arith $ac_mid + 1 && ac_lo=$as_val
 			if test $ac_lo -le $ac_mid; then
 			  ac_lo= ac_hi=
 			  break
 			fi
-			as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val ;;
-esac
+			as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
   done
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $4
 int
@@ -2222,23 +2259,20 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_lo=$ac_mid; break
-else case e in #(
-  e) as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
+else $as_nop
+  as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
 			if test $ac_mid -le $ac_hi; then
 			  ac_lo= ac_hi=
 			  break
 			fi
-			as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val ;;
-esac
+			as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
   done
-else case e in #(
-  e) ac_lo= ac_hi= ;;
-esac
+else $as_nop
+  ac_lo= ac_hi=
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 # Binary search between lo and hi bounds.
@@ -2261,9 +2295,8 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_hi=$ac_mid
-else case e in #(
-  e) as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val ;;
-esac
+else $as_nop
+  as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 done
@@ -2311,9 +2344,8 @@ _ACEOF
 if ac_fn_c_try_run "$LINENO"
 then :
   echo >>conftest.val; read $3 <conftest.val; ac_retval=0
-else case e in #(
-  e) ac_retval=1 ;;
-esac
+else $as_nop
+  ac_retval=1
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
@@ -2325,45 +2357,6 @@ rm -f conftest.val
 
 } # ac_fn_c_compute_int
 
-# ac_fn_c_try_cpp LINENO
-# ----------------------
-# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_cpp ()
-{
-  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-  if { { ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
-  ac_status=$?
-  if test -s conftest.err; then
-    grep -v '^ *+' conftest.err >conftest.er1
-    cat conftest.er1 >&5
-    mv -f conftest.er1 conftest.err
-  fi
-  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-  test $ac_status = 0; } > conftest.i && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }
-then :
-  ac_retval=0
-else case e in #(
-  e) printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-    ac_retval=1 ;;
-esac
-fi
-  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-  as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_cpp
-
 # ac_fn_check_decl LINENO SYMBOL VAR INCLUDES EXTRA-OPTIONS FLAG-VAR
 # ------------------------------------------------------------------
 # Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR
@@ -2377,8 +2370,8 @@ printf %s "checking whether $as_decl_name is declared... " >&6; }
 if eval test \${$3+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
+else $as_nop
+  as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
   eval ac_save_FLAGS=\$$6
   as_fn_append $6 " $5"
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -2402,14 +2395,12 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   eval "$3=yes"
-else case e in #(
-  e) eval "$3=no" ;;
-esac
+else $as_nop
+  eval "$3=no"
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
   eval $6=\$ac_save_FLAGS
- ;;
-esac
+
 fi
 eval ac_res=\$$3
 	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
@@ -2430,8 +2421,8 @@ printf %s "checking for $2.$3... " >&6; }
 if eval test \${$4+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $5
 int
@@ -2447,8 +2438,8 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   eval "$4=yes"
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $5
 int
@@ -2464,15 +2455,12 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   eval "$4=yes"
-else case e in #(
-  e) eval "$4=no" ;;
-esac
+else $as_nop
+  eval "$4=no"
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 eval ac_res=\$$4
 	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
@@ -2504,8 +2492,8 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by unbound $as_me 1.23.1, which was
-generated by GNU Autoconf 2.72.  Invocation command line was
+It was created by unbound $as_me 1.24.1, which was
+generated by GNU Autoconf 2.71.  Invocation command line was
 
   $ $0$ac_configure_args_raw
 
@@ -2751,10 +2739,10 @@ esac
 printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;}
     sed 's/^/| /' "$ac_site_file" >&5
     . "$ac_site_file" \
-      || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+      || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
 as_fn_error $? "failed to load site script $ac_site_file
-See 'config.log' for more details" "$LINENO" 5; }
+See \`config.log' for more details" "$LINENO" 5; }
   fi
 done
 
@@ -2791,7 +2779,9 @@ struct stat;
 /* Most of the following tests are stolen from RCS 5.7 src/conf.sh.  */
 struct buf { int x; };
 struct buf * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (char **p, int i)
+static char *e (p, i)
+     char **p;
+     int i;
 {
   return p[i];
 }
@@ -2805,21 +2795,6 @@ static char *f (char * (*g) (char **, int), char **p, ...)
   return s;
 }
 
-/* C89 style stringification. */
-#define noexpand_stringify(a) #a
-const char *stringified = noexpand_stringify(arbitrary+token=sequence);
-
-/* C89 style token pasting.  Exercises some of the corner cases that
-   e.g. old MSVC gets wrong, but not very hard. */
-#define noexpand_concat(a,b) a##b
-#define expand_concat(a,b) noexpand_concat(a,b)
-extern int vA;
-extern int vbee;
-#define aye A
-#define bee B
-int *pvA = &expand_concat(v,aye);
-int *pvbee = &noexpand_concat(v,bee);
-
 /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
    function prototypes and stuff, but not \xHH hex character constants.
    These do not provoke an error unfortunately, instead are silently treated
@@ -2847,19 +2822,16 @@ ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]);
 
 # Test code for whether the C compiler supports C99 (global declarations)
 ac_c_conftest_c99_globals='
-/* Does the compiler advertise C99 conformance? */
+// Does the compiler advertise C99 conformance?
 #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L
 # error "Compiler does not advertise C99 conformance"
 #endif
 
-// See if C++-style comments work.
-
 #include <stdbool.h>
 extern int puts (const char *);
 extern int printf (const char *, ...);
 extern int dprintf (int, const char *, ...);
 extern void *malloc (size_t);
-extern void free (void *);
 
 // Check varargs macros.  These examples are taken from C99 6.10.3.5.
 // dprintf is used instead of fprintf to avoid needing to declare
@@ -2909,6 +2881,7 @@ typedef const char *ccp;
 static inline int
 test_restrict (ccp restrict text)
 {
+  // See if C++-style comments work.
   // Iterate through items via the restricted pointer.
   // Also check for declarations in for loops.
   for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i)
@@ -2974,8 +2947,6 @@ ac_c_conftest_c99_main='
   ia->datasize = 10;
   for (int i = 0; i < ia->datasize; ++i)
     ia->data[i] = i * 1.234;
-  // Work around memory leak warnings.
-  free (ia);
 
   // Check named initializers.
   struct named_init ni = {
@@ -2997,7 +2968,7 @@ ac_c_conftest_c99_main='
 
 # Test code for whether the C compiler supports C11 (global declarations)
 ac_c_conftest_c11_globals='
-/* Does the compiler advertise C11 conformance? */
+// Does the compiler advertise C11 conformance?
 #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L
 # error "Compiler does not advertise C11 conformance"
 #endif
@@ -3193,9 +3164,8 @@ IFS=$as_save_IFS
 if $as_found
 then :
 
-else case e in #(
-  e) as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5 ;;
-esac
+else $as_nop
+  as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5
 fi
 
 
@@ -3223,12 +3193,12 @@ for ac_var in $ac_precious_vars; do
   eval ac_new_val=\$ac_env_${ac_var}_value
   case $ac_old_set,$ac_new_set in
     set,)
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' was set to '$ac_old_val' in the previous run" >&5
-printf "%s\n" "$as_me: error: '$ac_var' was set to '$ac_old_val' in the previous run" >&2;}
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
       ac_cache_corrupted=: ;;
     ,set)
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' was not set in the previous run" >&5
-printf "%s\n" "$as_me: error: '$ac_var' was not set in the previous run" >&2;}
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
       ac_cache_corrupted=: ;;
     ,);;
     *)
@@ -3237,18 +3207,18 @@ printf "%s\n" "$as_me: error: '$ac_var' was not set in the previous run" >&2;}
 	ac_old_val_w=`echo x $ac_old_val`
 	ac_new_val_w=`echo x $ac_new_val`
 	if test "$ac_old_val_w" != "$ac_new_val_w"; then
-	  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' has changed since the previous run:" >&5
-printf "%s\n" "$as_me: error: '$ac_var' has changed since the previous run:" >&2;}
+	  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
 	  ac_cache_corrupted=:
 	else
-	  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in '$ac_var' since the previous run:" >&5
-printf "%s\n" "$as_me: warning: ignoring whitespace changes in '$ac_var' since the previous run:" >&2;}
+	  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
 	  eval $ac_var=\$ac_old_val
 	fi
-	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}:   former value:  '$ac_old_val'" >&5
-printf "%s\n" "$as_me:   former value:  '$ac_old_val'" >&2;}
-	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}:   current value: '$ac_new_val'" >&5
-printf "%s\n" "$as_me:   current value: '$ac_new_val'" >&2;}
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}:   former value:  \`$ac_old_val'" >&5
+printf "%s\n" "$as_me:   former value:  \`$ac_old_val'" >&2;}
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}:   current value: \`$ac_new_val'" >&5
+printf "%s\n" "$as_me:   current value: \`$ac_new_val'" >&2;}
       fi;;
   esac
   # Pass precious variables to config.status.
@@ -3264,11 +3234,11 @@ printf "%s\n" "$as_me:   current value: '$ac_new_val'" >&2;}
   fi
 done
 if $ac_cache_corrupted; then
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
 printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;}
-  as_fn_error $? "run '${MAKE-make} distclean' and/or 'rm $cache_file'
+  as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file'
 	    and start over" "$LINENO" 5
 fi
 ## -------------------- ##
@@ -3284,13 +3254,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 UNBOUND_VERSION_MAJOR=1
 
-UNBOUND_VERSION_MINOR=23
+UNBOUND_VERSION_MINOR=24
 
 UNBOUND_VERSION_MICRO=1
 
 
 LIBUNBOUND_CURRENT=9
-LIBUNBOUND_REVISION=32
+LIBUNBOUND_REVISION=34
 LIBUNBOUND_AGE=1
 # 1.0.0 had 0:12:0
 # 1.0.1 had 0:13:0
@@ -3390,6 +3360,8 @@ LIBUNBOUND_AGE=1
 # 1.22.0 had 9:30:1
 # 1.23.0 had 9:31:1
 # 1.23.1 had 9:32:1
+# 1.24.0 had 9:33:1
+# 1.24.1 had 9:34:1
 
 #   Current  -- the number of the binary API that we're implementing
 #   Revision -- which iteration of the implementation of the binary
@@ -3442,8 +3414,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$CC"; then
+else $as_nop
+  if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -3465,8 +3437,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -3488,8 +3459,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_CC"; then
+else $as_nop
+  if test -n "$ac_ct_CC"; then
   ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -3511,8 +3482,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
@@ -3547,8 +3517,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$CC"; then
+else $as_nop
+  if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -3570,8 +3540,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -3593,8 +3562,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$CC"; then
+else $as_nop
+  if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
   ac_prog_rejected=no
@@ -3633,8 +3602,7 @@ if test $ac_prog_rejected = yes; then
     ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@"
   fi
 fi
-fi ;;
-esac
+fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -3658,8 +3626,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$CC"; then
+else $as_nop
+  if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -3681,8 +3649,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -3708,8 +3675,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_CC"; then
+else $as_nop
+  if test -n "$ac_ct_CC"; then
   ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -3731,8 +3698,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
@@ -3770,8 +3736,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$CC"; then
+else $as_nop
+  if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -3793,8 +3759,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -3816,8 +3781,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_CC"; then
+else $as_nop
+  if test -n "$ac_ct_CC"; then
   ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -3839,8 +3804,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
@@ -3869,10 +3833,10 @@ fi
 fi
 
 
-test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
 as_fn_error $? "no acceptable C compiler found in \$PATH
-See 'config.log' for more details" "$LINENO" 5; }
+See \`config.log' for more details" "$LINENO" 5; }
 
 # Provide some information about the compiler.
 printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
@@ -3944,8 +3908,8 @@ printf "%s\n" "$ac_try_echo"; } >&5
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }
 then :
-  # Autoconf-2.13 could set the ac_cv_exeext variable to 'no'.
-# So ignore a value of 'no', otherwise this would lead to 'EXEEXT = no'
+  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
 # in a Makefile.  We should not override ac_cv_exeext if it was cached,
 # so that the user can short-circuit this test for compilers unknown to
 # Autoconf.
@@ -3965,7 +3929,7 @@ do
 	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
 	fi
 	# We set ac_cv_exeext here because the later test for it is not
-	# safe: cross compilers may not add the suffix if given an '-o'
+	# safe: cross compilers may not add the suffix if given an `-o'
 	# argument, so we may need to know it at that point already.
 	# Even if this section looks crufty: it has the advantage of
 	# actually working.
@@ -3976,9 +3940,8 @@ do
 done
 test "$ac_cv_exeext" = no && ac_cv_exeext=
 
-else case e in #(
-  e) ac_file='' ;;
-esac
+else $as_nop
+  ac_file=''
 fi
 if test -z "$ac_file"
 then :
@@ -3987,14 +3950,13 @@ printf "%s\n" "no" >&6; }
 printf "%s\n" "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
 as_fn_error 77 "C compiler cannot create executables
-See 'config.log' for more details" "$LINENO" 5; }
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; } ;;
-esac
+See \`config.log' for more details" "$LINENO" 5; }
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
 printf %s "checking for C compiler default output file name... " >&6; }
@@ -4018,10 +3980,10 @@ printf "%s\n" "$ac_try_echo"; } >&5
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }
 then :
-  # If both 'conftest.exe' and 'conftest' are 'present' (well, observable)
-# catch 'conftest.exe'.  For instance with Cygwin, 'ls conftest' will
-# work properly (i.e., refer to 'conftest.exe'), while it won't with
-# 'rm'.
+  # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
 for ac_file in conftest.exe conftest conftest.*; do
   test -f "$ac_file" || continue
   case $ac_file in
@@ -4031,12 +3993,11 @@ for ac_file in conftest.exe conftest conftest.*; do
     * ) break;;
   esac
 done
-else case e in #(
-  e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+else $as_nop
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
 as_fn_error $? "cannot compute suffix of executables: cannot compile and link
-See 'config.log' for more details" "$LINENO" 5; } ;;
-esac
+See \`config.log' for more details" "$LINENO" 5; }
 fi
 rm -f conftest conftest$ac_cv_exeext
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
@@ -4052,8 +4013,6 @@ int
 main (void)
 {
 FILE *f = fopen ("conftest.out", "w");
- if (!f)
-  return 1;
  return ferror (f) || fclose (f) != 0;
 
   ;
@@ -4093,27 +4052,26 @@ printf "%s\n" "$ac_try_echo"; } >&5
     if test "$cross_compiling" = maybe; then
 	cross_compiling=yes
     else
-	{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+	{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
 as_fn_error 77 "cannot run C compiled programs.
-If you meant to cross compile, use '--host'.
-See 'config.log' for more details" "$LINENO" 5; }
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details" "$LINENO" 5; }
     fi
   fi
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
 printf "%s\n" "$cross_compiling" >&6; }
 
-rm -f conftest.$ac_ext conftest$ac_cv_exeext \
-  conftest.o conftest.obj conftest.out
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
 ac_clean_files=$ac_clean_files_save
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
 printf %s "checking for suffix of object files... " >&6; }
 if test ${ac_cv_objext+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 int
@@ -4145,18 +4103,16 @@ then :
        break;;
   esac
 done
-else case e in #(
-  e) printf "%s\n" "$as_me: failed program was:" >&5
+else $as_nop
+  printf "%s\n" "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
 as_fn_error $? "cannot compute suffix of object files: cannot compile
-See 'config.log' for more details" "$LINENO" 5; } ;;
-esac
+See \`config.log' for more details" "$LINENO" 5; }
 fi
-rm -f conftest.$ac_cv_objext conftest.$ac_ext ;;
-esac
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
 printf "%s\n" "$ac_cv_objext" >&6; }
@@ -4167,8 +4123,8 @@ printf %s "checking whether the compiler supports GNU C... " >&6; }
 if test ${ac_cv_c_compiler_gnu+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 int
@@ -4185,14 +4141,12 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_compiler_gnu=yes
-else case e in #(
-  e) ac_compiler_gnu=no ;;
-esac
+else $as_nop
+  ac_compiler_gnu=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 ac_cv_c_compiler_gnu=$ac_compiler_gnu
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
 printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; }
@@ -4210,8 +4164,8 @@ printf %s "checking whether $CC accepts -g... " >&6; }
 if test ${ac_cv_prog_cc_g+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_save_c_werror_flag=$ac_c_werror_flag
+else $as_nop
+  ac_save_c_werror_flag=$ac_c_werror_flag
    ac_c_werror_flag=yes
    ac_cv_prog_cc_g=no
    CFLAGS="-g"
@@ -4229,8 +4183,8 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_prog_cc_g=yes
-else case e in #(
-  e) CFLAGS=""
+else $as_nop
+  CFLAGS=""
       cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -4245,8 +4199,8 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
 
-else case e in #(
-  e) ac_c_werror_flag=$ac_save_c_werror_flag
+else $as_nop
+  ac_c_werror_flag=$ac_save_c_werror_flag
 	 CFLAGS="-g"
 	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -4263,15 +4217,12 @@ if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_prog_cc_g=yes
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-   ac_c_werror_flag=$ac_save_c_werror_flag ;;
-esac
+   ac_c_werror_flag=$ac_save_c_werror_flag
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
 printf "%s\n" "$ac_cv_prog_cc_g" >&6; }
@@ -4298,8 +4249,8 @@ printf %s "checking for $CC option to enable C11 features... " >&6; }
 if test ${ac_cv_prog_cc_c11+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_cv_prog_cc_c11=no
+else $as_nop
+  ac_cv_prog_cc_c11=no
 ac_save_CC=$CC
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -4316,28 +4267,25 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam
   test "x$ac_cv_prog_cc_c11" != "xno" && break
 done
 rm -f conftest.$ac_ext
-CC=$ac_save_CC ;;
-esac
+CC=$ac_save_CC
 fi
 
 if test "x$ac_cv_prog_cc_c11" = xno
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
 printf "%s\n" "unsupported" >&6; }
-else case e in #(
-  e) if test "x$ac_cv_prog_cc_c11" = x
+else $as_nop
+  if test "x$ac_cv_prog_cc_c11" = x
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
 printf "%s\n" "none needed" >&6; }
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
 printf "%s\n" "$ac_cv_prog_cc_c11" >&6; }
-     CC="$CC $ac_cv_prog_cc_c11" ;;
-esac
+     CC="$CC $ac_cv_prog_cc_c11"
 fi
   ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11
-  ac_prog_cc_stdc=c11 ;;
-esac
+  ac_prog_cc_stdc=c11
 fi
 fi
 if test x$ac_prog_cc_stdc = xno
@@ -4347,8 +4295,8 @@ printf %s "checking for $CC option to enable C99 features... " >&6; }
 if test ${ac_cv_prog_cc_c99+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_cv_prog_cc_c99=no
+else $as_nop
+  ac_cv_prog_cc_c99=no
 ac_save_CC=$CC
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -4365,28 +4313,25 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam
   test "x$ac_cv_prog_cc_c99" != "xno" && break
 done
 rm -f conftest.$ac_ext
-CC=$ac_save_CC ;;
-esac
+CC=$ac_save_CC
 fi
 
 if test "x$ac_cv_prog_cc_c99" = xno
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
 printf "%s\n" "unsupported" >&6; }
-else case e in #(
-  e) if test "x$ac_cv_prog_cc_c99" = x
+else $as_nop
+  if test "x$ac_cv_prog_cc_c99" = x
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
 printf "%s\n" "none needed" >&6; }
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
 printf "%s\n" "$ac_cv_prog_cc_c99" >&6; }
-     CC="$CC $ac_cv_prog_cc_c99" ;;
-esac
+     CC="$CC $ac_cv_prog_cc_c99"
 fi
   ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99
-  ac_prog_cc_stdc=c99 ;;
-esac
+  ac_prog_cc_stdc=c99
 fi
 fi
 if test x$ac_prog_cc_stdc = xno
@@ -4396,8 +4341,8 @@ printf %s "checking for $CC option to enable C89 features... " >&6; }
 if test ${ac_cv_prog_cc_c89+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_cv_prog_cc_c89=no
+else $as_nop
+  ac_cv_prog_cc_c89=no
 ac_save_CC=$CC
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -4414,28 +4359,25 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam
   test "x$ac_cv_prog_cc_c89" != "xno" && break
 done
 rm -f conftest.$ac_ext
-CC=$ac_save_CC ;;
-esac
+CC=$ac_save_CC
 fi
 
 if test "x$ac_cv_prog_cc_c89" = xno
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
 printf "%s\n" "unsupported" >&6; }
-else case e in #(
-  e) if test "x$ac_cv_prog_cc_c89" = x
+else $as_nop
+  if test "x$ac_cv_prog_cc_c89" = x
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
 printf "%s\n" "none needed" >&6; }
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
 printf "%s\n" "$ac_cv_prog_cc_c89" >&6; }
-     CC="$CC $ac_cv_prog_cc_c89" ;;
-esac
+     CC="$CC $ac_cv_prog_cc_c89"
 fi
   ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89
-  ac_prog_cc_stdc=c89 ;;
-esac
+  ac_prog_cc_stdc=c89
 fi
 fi
 
@@ -4486,8 +4428,8 @@ printf %s "checking whether it is safe to define __EXTENSIONS__... " >&6; }
 if test ${ac_cv_safe_to_define___extensions__+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #         define __EXTENSIONS__ 1
@@ -4503,12 +4445,10 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_safe_to_define___extensions__=yes
-else case e in #(
-  e) ac_cv_safe_to_define___extensions__=no ;;
-esac
+else $as_nop
+  ac_cv_safe_to_define___extensions__=no
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5
 printf "%s\n" "$ac_cv_safe_to_define___extensions__" >&6; }
@@ -4518,8 +4458,8 @@ printf %s "checking whether _XOPEN_SOURCE should be defined... " >&6; }
 if test ${ac_cv_should_define__xopen_source+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_cv_should_define__xopen_source=no
+else $as_nop
+  ac_cv_should_define__xopen_source=no
     if test $ac_cv_header_wchar_h = yes
 then :
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -4538,8 +4478,8 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
 
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
             #define _XOPEN_SOURCE 500
@@ -4557,12 +4497,10 @@ if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_should_define__xopen_source=yes
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi ;;
-esac
+fi
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_should_define__xopen_source" >&5
 printf "%s\n" "$ac_cv_should_define__xopen_source" >&6; }
@@ -4587,8 +4525,6 @@ printf "%s\n" "$ac_cv_should_define__xopen_source" >&6; }
 
   printf "%s\n" "#define __STDC_WANT_IEC_60559_DFP_EXT__ 1" >>confdefs.h
 
-  printf "%s\n" "#define __STDC_WANT_IEC_60559_EXT__ 1" >>confdefs.h
-
   printf "%s\n" "#define __STDC_WANT_IEC_60559_FUNCS_EXT__ 1" >>confdefs.h
 
   printf "%s\n" "#define __STDC_WANT_IEC_60559_TYPES_EXT__ 1" >>confdefs.h
@@ -4608,9 +4544,8 @@ then :
 
     printf "%s\n" "#define _POSIX_1_SOURCE 2" >>confdefs.h
 
-else case e in #(
-  e) MINIX= ;;
-esac
+else $as_nop
+  MINIX=
 fi
   if test $ac_cv_safe_to_define___extensions__ = yes
 then :
@@ -4705,14 +4640,13 @@ printf "%s\n" X"$ub_conf_file" |
 if test ${with_run_dir+y}
 then :
   withval=$with_run_dir; UNBOUND_RUN_DIR="$withval"
-else case e in #(
-  e) if test $on_mingw = no; then
+else $as_nop
+  if test $on_mingw = no; then
     UNBOUND_RUN_DIR=`dirname "$ub_conf_file"`
 else
     UNBOUND_RUN_DIR=""
 fi
- ;;
-esac
+
 fi
 
 
@@ -4727,14 +4661,13 @@ printf "%s\n" "#define RUN_DIR \"$hdr_run\"" >>confdefs.h
 if test ${with_chroot_dir+y}
 then :
   withval=$with_chroot_dir; UNBOUND_CHROOT_DIR="$withval"
-else case e in #(
-  e) if test $on_mingw = no; then
+else $as_nop
+  if test $on_mingw = no; then
     UNBOUND_CHROOT_DIR="$UNBOUND_RUN_DIR"
 else
     UNBOUND_CHROOT_DIR=""
 fi
- ;;
-esac
+
 fi
 
 
@@ -4749,9 +4682,8 @@ printf "%s\n" "#define CHROOT_DIR \"$hdr_chroot\"" >>confdefs.h
 if test ${with_share_dir+y}
 then :
   withval=$with_share_dir; UNBOUND_SHARE_DIR="$withval"
-else case e in #(
-  e) UNBOUND_SHARE_DIR="$UNBOUND_RUN_DIR" ;;
-esac
+else $as_nop
+  UNBOUND_SHARE_DIR="$UNBOUND_RUN_DIR"
 fi
 
 
@@ -4764,14 +4696,13 @@ printf "%s\n" "#define SHARE_DIR \"$UNBOUND_SHARE_DIR\"" >>confdefs.h
 if test ${with_pidfile+y}
 then :
   withval=$with_pidfile; UNBOUND_PIDFILE="$withval"
-else case e in #(
-  e) if test $on_mingw = no; then
+else $as_nop
+  if test $on_mingw = no; then
     UNBOUND_PIDFILE="$UNBOUND_RUN_DIR/unbound.pid"
 else
     UNBOUND_PIDFILE=""
 fi
- ;;
-esac
+
 fi
 
 
@@ -4786,14 +4717,13 @@ printf "%s\n" "#define PIDFILE \"$hdr_pid\"" >>confdefs.h
 if test ${with_rootkey_file+y}
 then :
   withval=$with_rootkey_file; UNBOUND_ROOTKEY_FILE="$withval"
-else case e in #(
-  e) if test $on_mingw = no; then
+else $as_nop
+  if test $on_mingw = no; then
     UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key"
 else
     UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key"
 fi
- ;;
-esac
+
 fi
 
 
@@ -4808,14 +4738,13 @@ printf "%s\n" "#define ROOT_ANCHOR_FILE \"$hdr_rkey\"" >>confdefs.h
 if test ${with_rootcert_file+y}
 then :
   withval=$with_rootcert_file; UNBOUND_ROOTCERT_FILE="$withval"
-else case e in #(
-  e) if test $on_mingw = no; then
+else $as_nop
+  if test $on_mingw = no; then
     UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem"
 else
     UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem"
 fi
- ;;
-esac
+
 fi
 
 
@@ -4830,9 +4759,8 @@ printf "%s\n" "#define ROOT_CERT_FILE \"$hdr_rpem\"" >>confdefs.h
 if test ${with_username+y}
 then :
   withval=$with_username; UNBOUND_USERNAME="$withval"
-else case e in #(
-  e) UNBOUND_USERNAME="unbound" ;;
-esac
+else $as_nop
+  UNBOUND_USERNAME="unbound"
 fi
 
 
@@ -4855,8 +4783,8 @@ printf %s "checking for grep that handles long lines and -e... " >&6; }
 if test ${ac_cv_path_GREP+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -z "$GREP"; then
+else $as_nop
+  if test -z "$GREP"; then
   ac_path_GREP_found=false
   # Loop through the user's path and test for each of PROGNAME-LIST
   as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -4875,10 +4803,9 @@ do
       as_fn_executable_p "$ac_path_GREP" || continue
 # Check for GNU ac_path_GREP and select it if it is found.
   # Check for GNU $ac_path_GREP
-case `"$ac_path_GREP" --version 2>&1` in #(
+case `"$ac_path_GREP" --version 2>&1` in
 *GNU*)
   ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
-#(
 *)
   ac_count=0
   printf %s 0123456789 >"conftest.in"
@@ -4913,8 +4840,7 @@ IFS=$as_save_IFS
 else
   ac_cv_path_GREP=$GREP
 fi
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
 printf "%s\n" "$ac_cv_path_GREP" >&6; }
@@ -4928,8 +4854,8 @@ printf %s "checking for an ANSI C-conforming const... " >&6; }
 if test ${ac_cv_c_const+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 int
@@ -4993,12 +4919,10 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_c_const=yes
-else case e in #(
-  e) ac_cv_c_const=no ;;
-esac
+else $as_nop
+  ac_cv_c_const=no
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
 printf "%s\n" "$ac_cv_c_const" >&6; }
@@ -5025,8 +4949,8 @@ cache=`echo g | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -g -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -5034,8 +4958,7 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -5058,8 +4981,8 @@ cache=`echo O2 | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -O2 -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -5067,8 +4990,7 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -5098,8 +5020,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$CC"; then
+else $as_nop
+  if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -5121,8 +5043,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -5144,8 +5065,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_CC"; then
+else $as_nop
+  if test -n "$ac_ct_CC"; then
   ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -5167,8 +5088,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
@@ -5203,8 +5123,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$CC"; then
+else $as_nop
+  if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -5226,8 +5146,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -5249,8 +5168,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$CC"; then
+else $as_nop
+  if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
   ac_prog_rejected=no
@@ -5289,8 +5208,7 @@ if test $ac_prog_rejected = yes; then
     ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@"
   fi
 fi
-fi ;;
-esac
+fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -5314,8 +5232,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$CC"; then
+else $as_nop
+  if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -5337,8 +5255,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -5364,8 +5281,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_CC"; then
+else $as_nop
+  if test -n "$ac_ct_CC"; then
   ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -5387,8 +5304,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
@@ -5426,8 +5342,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$CC"; then
+else $as_nop
+  if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -5449,8 +5365,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -5472,8 +5387,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_CC"; then
+else $as_nop
+  if test -n "$ac_ct_CC"; then
   ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -5495,8 +5410,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
@@ -5525,10 +5439,10 @@ fi
 fi
 
 
-test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
 as_fn_error $? "no acceptable C compiler found in \$PATH
-See 'config.log' for more details" "$LINENO" 5; }
+See \`config.log' for more details" "$LINENO" 5; }
 
 # Provide some information about the compiler.
 printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
@@ -5560,8 +5474,8 @@ printf %s "checking whether the compiler supports GNU C... " >&6; }
 if test ${ac_cv_c_compiler_gnu+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 int
@@ -5578,14 +5492,12 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_compiler_gnu=yes
-else case e in #(
-  e) ac_compiler_gnu=no ;;
-esac
+else $as_nop
+  ac_compiler_gnu=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 ac_cv_c_compiler_gnu=$ac_compiler_gnu
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
 printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; }
@@ -5603,8 +5515,8 @@ printf %s "checking whether $CC accepts -g... " >&6; }
 if test ${ac_cv_prog_cc_g+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_save_c_werror_flag=$ac_c_werror_flag
+else $as_nop
+  ac_save_c_werror_flag=$ac_c_werror_flag
    ac_c_werror_flag=yes
    ac_cv_prog_cc_g=no
    CFLAGS="-g"
@@ -5622,8 +5534,8 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_prog_cc_g=yes
-else case e in #(
-  e) CFLAGS=""
+else $as_nop
+  CFLAGS=""
       cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -5638,8 +5550,8 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
 
-else case e in #(
-  e) ac_c_werror_flag=$ac_save_c_werror_flag
+else $as_nop
+  ac_c_werror_flag=$ac_save_c_werror_flag
 	 CFLAGS="-g"
 	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -5656,15 +5568,12 @@ if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_prog_cc_g=yes
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-   ac_c_werror_flag=$ac_save_c_werror_flag ;;
-esac
+   ac_c_werror_flag=$ac_save_c_werror_flag
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
 printf "%s\n" "$ac_cv_prog_cc_g" >&6; }
@@ -5691,8 +5600,8 @@ printf %s "checking for $CC option to enable C11 features... " >&6; }
 if test ${ac_cv_prog_cc_c11+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_cv_prog_cc_c11=no
+else $as_nop
+  ac_cv_prog_cc_c11=no
 ac_save_CC=$CC
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -5709,28 +5618,25 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam
   test "x$ac_cv_prog_cc_c11" != "xno" && break
 done
 rm -f conftest.$ac_ext
-CC=$ac_save_CC ;;
-esac
+CC=$ac_save_CC
 fi
 
 if test "x$ac_cv_prog_cc_c11" = xno
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
 printf "%s\n" "unsupported" >&6; }
-else case e in #(
-  e) if test "x$ac_cv_prog_cc_c11" = x
+else $as_nop
+  if test "x$ac_cv_prog_cc_c11" = x
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
 printf "%s\n" "none needed" >&6; }
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
 printf "%s\n" "$ac_cv_prog_cc_c11" >&6; }
-     CC="$CC $ac_cv_prog_cc_c11" ;;
-esac
+     CC="$CC $ac_cv_prog_cc_c11"
 fi
   ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11
-  ac_prog_cc_stdc=c11 ;;
-esac
+  ac_prog_cc_stdc=c11
 fi
 fi
 if test x$ac_prog_cc_stdc = xno
@@ -5740,8 +5646,8 @@ printf %s "checking for $CC option to enable C99 features... " >&6; }
 if test ${ac_cv_prog_cc_c99+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_cv_prog_cc_c99=no
+else $as_nop
+  ac_cv_prog_cc_c99=no
 ac_save_CC=$CC
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -5758,28 +5664,25 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam
   test "x$ac_cv_prog_cc_c99" != "xno" && break
 done
 rm -f conftest.$ac_ext
-CC=$ac_save_CC ;;
-esac
+CC=$ac_save_CC
 fi
 
 if test "x$ac_cv_prog_cc_c99" = xno
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
 printf "%s\n" "unsupported" >&6; }
-else case e in #(
-  e) if test "x$ac_cv_prog_cc_c99" = x
+else $as_nop
+  if test "x$ac_cv_prog_cc_c99" = x
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
 printf "%s\n" "none needed" >&6; }
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
 printf "%s\n" "$ac_cv_prog_cc_c99" >&6; }
-     CC="$CC $ac_cv_prog_cc_c99" ;;
-esac
+     CC="$CC $ac_cv_prog_cc_c99"
 fi
   ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99
-  ac_prog_cc_stdc=c99 ;;
-esac
+  ac_prog_cc_stdc=c99
 fi
 fi
 if test x$ac_prog_cc_stdc = xno
@@ -5789,8 +5692,8 @@ printf %s "checking for $CC option to enable C89 features... " >&6; }
 if test ${ac_cv_prog_cc_c89+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_cv_prog_cc_c89=no
+else $as_nop
+  ac_cv_prog_cc_c89=no
 ac_save_CC=$CC
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -5807,28 +5710,25 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam
   test "x$ac_cv_prog_cc_c89" != "xno" && break
 done
 rm -f conftest.$ac_ext
-CC=$ac_save_CC ;;
-esac
+CC=$ac_save_CC
 fi
 
 if test "x$ac_cv_prog_cc_c89" = xno
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
 printf "%s\n" "unsupported" >&6; }
-else case e in #(
-  e) if test "x$ac_cv_prog_cc_c89" = x
+else $as_nop
+  if test "x$ac_cv_prog_cc_c89" = x
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
 printf "%s\n" "none needed" >&6; }
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
 printf "%s\n" "$ac_cv_prog_cc_c89" >&6; }
-     CC="$CC $ac_cv_prog_cc_c89" ;;
-esac
+     CC="$CC $ac_cv_prog_cc_c89"
 fi
   ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89
-  ac_prog_cc_stdc=c89 ;;
-esac
+  ac_prog_cc_stdc=c89
 fi
 fi
 
@@ -5865,8 +5765,8 @@ cache=`echo Werror | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -Werror -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -5874,8 +5774,7 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -5898,8 +5797,8 @@ cache=`echo Wall | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -Wall -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -5907,8 +5806,7 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -5933,8 +5831,8 @@ cache=`echo std=c99 | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -std=c99 -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -5942,8 +5840,7 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -5966,8 +5863,8 @@ cache=`echo xc99 | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -xc99 -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -5975,8 +5872,7 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -6013,12 +5909,12 @@ fi
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we need $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE as a flag for $CC" >&5
 printf %s "checking whether we need $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE as a flag for $CC... " >&6; }
-cache=`printf "%s\n" "$C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE" | sed "$as_sed_sh"`
+cache=`printf "%s\n" "$C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE" | $as_tr_sh`
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo '
 #include "confdefs.h"
 #include <stdlib.h>
@@ -6072,8 +5968,7 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -6106,12 +6001,12 @@ fi
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we need $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE as a flag for $CC" >&5
 printf %s "checking whether we need $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE as a flag for $CC... " >&6; }
-cache=`printf "%s\n" "$C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE" | sed "$as_sed_sh"`
+cache=`printf "%s\n" "$C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE" | $as_tr_sh`
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo '
 #include "confdefs.h"
 #include <stdlib.h>
@@ -6165,8 +6060,7 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -6199,12 +6093,12 @@ fi
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we need $C99FLAG as a flag for $CC" >&5
 printf %s "checking whether we need $C99FLAG as a flag for $CC... " >&6; }
-cache=`printf "%s\n" "$C99FLAG" | sed "$as_sed_sh"`
+cache=`printf "%s\n" "$C99FLAG" | $as_tr_sh`
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo '
 #include <stdbool.h>
 #include <ctype.h>
@@ -6231,8 +6125,7 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -6269,8 +6162,8 @@ cache=_D_BSD_SOURCE__D_DEFAULT_SOURCE
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo '
 #include <ctype.h>
 
@@ -6298,8 +6191,7 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -6336,8 +6228,8 @@ cache=_D_GNU_SOURCE
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo '
 #include <netinet/in.h>
 
@@ -6365,8 +6257,7 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -6406,8 +6297,8 @@ cache=_D_GNU_SOURCE__D_FRSRESGID
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo '
 #include <unistd.h>
 
@@ -6435,8 +6326,7 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -6473,8 +6363,8 @@ cache=_D_POSIX_C_SOURCE_200112
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo '
 #include "confdefs.h"
 #ifdef HAVE_TIME_H
@@ -6513,8 +6403,7 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -6551,8 +6440,8 @@ cache=_D__EXTENSIONS__
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo '
 #include "confdefs.h"
 #include <stdlib.h>
@@ -6597,8 +6486,7 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -6654,8 +6542,8 @@ cache=`echo W | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -W -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -6663,8 +6551,7 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -6687,8 +6574,8 @@ cache=`echo Wall | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -Wall -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -6696,8 +6583,7 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -6720,8 +6606,8 @@ cache=`echo Wextra | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -Wextra -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -6729,8 +6615,7 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -6753,8 +6638,8 @@ cache=`echo Wdeclaration-after-statement | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -Wdeclaration-after-statement -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -6762,8 +6647,7 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -6828,10 +6712,9 @@ printf "%s\n" "yes" >&6; }
             fi
             rm -f conftest conftest.c conftest.o
 
-else case e in #(
-  e) CFLAGS="$BAKCFLAGS" ; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; } ;;
-esac
+else $as_nop
+  CFLAGS="$BAKCFLAGS" ; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -6878,10 +6761,9 @@ printf "%s\n" "yes" >&6; }
 	    fi
 	    rm -f conftest conftest.c conftest.o
 
-else case e in #(
-  e) LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; } ;;
-esac
+else $as_nop
+  LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -6926,10 +6808,9 @@ printf "%s\n" "yes" >&6; }
 	    fi
 	    rm -f conftest conftest.c conftest.o
 
-else case e in #(
-  e) LDFLAGS="$BAKLDFLAGS" ; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; } ;;
-esac
+else $as_nop
+  LDFLAGS="$BAKLDFLAGS" ; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -6943,8 +6824,8 @@ printf %s "checking for inline... " >&6; }
 if test ${ac_cv_c_inline+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_cv_c_inline=no
+else $as_nop
+  ac_cv_c_inline=no
 for ac_kw in inline __inline__ __inline; do
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -6962,8 +6843,7 @@ fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
   test "$ac_cv_c_inline" != no && break
 done
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5
 printf "%s\n" "$ac_cv_c_inline" >&6; }
@@ -6989,8 +6869,8 @@ printf %s "checking whether the C compiler (${CC-cc}) accepts the \"format\" att
 if test ${ac_cv_c_format_attribute+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_cv_c_format_attribute=no
+else $as_nop
+  ac_cv_c_format_attribute=no
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 #include <stdio.h>
@@ -7010,13 +6890,11 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_c_format_attribute="yes"
-else case e in #(
-  e) ac_cv_c_format_attribute="no" ;;
-esac
+else $as_nop
+  ac_cv_c_format_attribute="no"
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- ;;
-esac
+
 fi
 
 
@@ -7034,8 +6912,8 @@ printf %s "checking whether the C compiler (${CC-cc}) accepts the \"unused\" att
 if test ${ac_cv_c_unused_attribute+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_cv_c_unused_attribute=no
+else $as_nop
+  ac_cv_c_unused_attribute=no
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 #include <stdio.h>
@@ -7054,13 +6932,11 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_c_unused_attribute="yes"
-else case e in #(
-  e) ac_cv_c_unused_attribute="no" ;;
-esac
+else $as_nop
+  ac_cv_c_unused_attribute="no"
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- ;;
-esac
+
 fi
 
 
@@ -7082,8 +6958,8 @@ printf %s "checking whether the C compiler (${CC-cc}) accepts the \"weak\" attri
 if test ${ac_cv_c_weak_attribute+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_cv_c_weak_attribute=no
+else $as_nop
+  ac_cv_c_weak_attribute=no
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
  #include <stdio.h>
@@ -7102,13 +6978,11 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_c_weak_attribute="yes"
-else case e in #(
-  e) ac_cv_c_weak_attribute="no" ;;
-esac
+else $as_nop
+  ac_cv_c_weak_attribute="no"
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- ;;
-esac
+
 fi
 
 
@@ -7135,8 +7009,8 @@ printf %s "checking whether the C compiler (${CC-cc}) accepts the \"noreturn\" a
 if test ${ac_cv_c_noreturn_attribute+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_cv_c_noreturn_attribute=no
+else $as_nop
+  ac_cv_c_noreturn_attribute=no
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
  #include <stdio.h>
@@ -7155,13 +7029,11 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_c_noreturn_attribute="yes"
-else case e in #(
-  e) ac_cv_c_noreturn_attribute="no" ;;
-esac
+else $as_nop
+  ac_cv_c_noreturn_attribute="no"
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- ;;
-esac
+
 fi
 
 
@@ -7190,8 +7062,8 @@ CFLAGS="$CFLAGS -Werror"
 if test ${ac_cv_c_fallthrough_attribute+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_cv_c_fallthrough_attribute=no
+else $as_nop
+  ac_cv_c_fallthrough_attribute=no
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
  #include <stdio.h>
@@ -7225,13 +7097,11 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_c_fallthrough_attribute="yes"
-else case e in #(
-  e) ac_cv_c_fallthrough_attribute="no" ;;
-esac
+else $as_nop
+  ac_cv_c_fallthrough_attribute="no"
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- ;;
-esac
+
 fi
 
 CFLAGS="$BAKCFLAGS"
@@ -7269,8 +7139,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_LEX+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$LEX"; then
+else $as_nop
+  if test -n "$LEX"; then
   ac_cv_prog_LEX="$LEX" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -7292,8 +7162,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 LEX=$ac_cv_prog_LEX
 if test -n "$LEX"; then
@@ -7351,8 +7220,8 @@ printf %s "checking for lex output file root... " >&6; }
 if test ${ac_cv_prog_lex_root+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 ac_cv_prog_lex_root=unknown
 { { ac_try="$LEX conftest.l"
 case "(($ac_try" in
@@ -7369,8 +7238,7 @@ if test -f lex.yy.c; then
   ac_cv_prog_lex_root=lex.yy
 elif test -f lexyy.c; then
   ac_cv_prog_lex_root=lexyy
-fi ;;
-esac
+fi
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5
 printf "%s\n" "$ac_cv_prog_lex_root" >&6; }
@@ -7385,15 +7253,15 @@ LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root
 if test ${LEXLIB+y}
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex library" >&5
 printf %s "checking for lex library... " >&6; }
 if test ${ac_cv_lib_lex+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
     ac_save_LIBS="$LIBS"
     ac_found=false
     for ac_cv_lib_lex in 'none needed' -lfl -ll 'not found'; do
@@ -7423,8 +7291,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
       fi
     done
     LIBS="$ac_save_LIBS"
-   ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5
 printf "%s\n" "$ac_cv_lib_lex" >&6; }
@@ -7436,12 +7303,10 @@ printf "%s\n" "$as_me: WARNING: required lex library not found; giving up on $LE
 elif test "$ac_cv_lib_lex" = 'none needed'
 then :
   LEXLIB=''
-else case e in #(
-  e) LEXLIB=$ac_cv_lib_lex ;;
-esac
+else $as_nop
+  LEXLIB=$ac_cv_lib_lex
 fi
-   ;;
-esac
+
 fi
 
 
@@ -7453,8 +7318,8 @@ printf %s "checking whether yytext is a pointer... " >&6; }
 if test ${ac_cv_prog_lex_yytext_pointer+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) # POSIX says lex can declare yytext either as a pointer or an array; the
+else $as_nop
+  # POSIX says lex can declare yytext either as a pointer or an array; the
 # default is implementation-dependent.  Figure out which it is, since
 # not all implementations provide the %pointer and %array declarations.
 ac_cv_prog_lex_yytext_pointer=no
@@ -7469,8 +7334,7 @@ then :
   ac_cv_prog_lex_yytext_pointer=yes
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5
 printf "%s\n" "$ac_cv_prog_lex_yytext_pointer" >&6; }
@@ -7530,8 +7394,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_YACC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$YACC"; then
+else $as_nop
+  if test -n "$YACC"; then
   ac_cv_prog_YACC="$YACC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -7553,8 +7417,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 YACC=$ac_cv_prog_YACC
 if test -n "$YACC"; then
@@ -7582,8 +7445,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_doxygen+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$doxygen"; then
+else $as_nop
+  if test -n "$doxygen"; then
   ac_cv_prog_doxygen="$doxygen" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -7605,8 +7468,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 doxygen=$ac_cv_prog_doxygen
 if test -n "$doxygen"; then
@@ -7626,8 +7488,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_STRIP+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$STRIP"; then
+else $as_nop
+  if test -n "$STRIP"; then
   ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -7649,8 +7511,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 STRIP=$ac_cv_prog_STRIP
 if test -n "$STRIP"; then
@@ -7672,8 +7533,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_STRIP+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_STRIP"; then
+else $as_nop
+  if test -n "$ac_ct_STRIP"; then
   ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -7695,8 +7556,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
 if test -n "$ac_ct_STRIP"; then
@@ -7734,16 +7594,15 @@ printf %s "checking build system type... " >&6; }
 if test ${ac_cv_build+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_build_alias=$build_alias
+else $as_nop
+  ac_build_alias=$build_alias
 test "x$ac_build_alias" = x &&
   ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"`
 test "x$ac_build_alias" = x &&
   as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
 ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` ||
   as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
 printf "%s\n" "$ac_cv_build" >&6; }
@@ -7770,15 +7629,14 @@ printf %s "checking host system type... " >&6; }
 if test ${ac_cv_host+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test "x$host_alias" = x; then
+else $as_nop
+  if test "x$host_alias" = x; then
   ac_cv_host=$ac_cv_build
 else
   ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` ||
     as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5
 fi
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
 printf "%s\n" "$ac_cv_host" >&6; }
@@ -7828,8 +7686,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_path_AR+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) case $AR in
+else $as_nop
+  case $AR in
   [\\/]* | ?:[\\/]*)
   ac_cv_path_AR="$AR" # Let the user override the test with a path.
   ;;
@@ -7854,7 +7712,6 @@ done
 IFS=$as_save_IFS
 
   ;;
-esac ;;
 esac
 fi
 AR=$ac_cv_path_AR
@@ -7877,8 +7734,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_path_ac_pt_AR+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) case $ac_pt_AR in
+else $as_nop
+  case $ac_pt_AR in
   [\\/]* | ?:[\\/]*)
   ac_cv_path_ac_pt_AR="$ac_pt_AR" # Let the user override the test with a path.
   ;;
@@ -7903,7 +7760,6 @@ done
 IFS=$as_save_IFS
 
   ;;
-esac ;;
 esac
 fi
 ac_pt_AR=$ac_cv_path_ac_pt_AR
@@ -7943,8 +7799,8 @@ esac
 
 
 
-macro_version='2.4.6'
-macro_revision='2.4.6'
+macro_version='2.5.4'
+macro_revision='2.5.4'
 
 
 
@@ -8035,8 +7891,8 @@ printf %s "checking for a sed that does not truncate output... " >&6; }
 if test ${ac_cv_path_SED+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)           ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
+else $as_nop
+            ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
      for ac_i in 1 2 3 4 5 6 7; do
        ac_script="$ac_script$as_nl$ac_script"
      done
@@ -8061,10 +7917,9 @@ do
       as_fn_executable_p "$ac_path_SED" || continue
 # Check for GNU ac_path_SED and select it if it is found.
   # Check for GNU $ac_path_SED
-case `"$ac_path_SED" --version 2>&1` in #(
+case `"$ac_path_SED" --version 2>&1` in
 *GNU*)
   ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
-#(
 *)
   ac_count=0
   printf %s 0123456789 >"conftest.in"
@@ -8099,8 +7954,7 @@ IFS=$as_save_IFS
 else
   ac_cv_path_SED=$SED
 fi
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
 printf "%s\n" "$ac_cv_path_SED" >&6; }
@@ -8125,8 +7979,8 @@ printf %s "checking for egrep... " >&6; }
 if test ${ac_cv_path_EGREP+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+else $as_nop
+  if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
    then ac_cv_path_EGREP="$GREP -E"
    else
      if test -z "$EGREP"; then
@@ -8148,10 +8002,9 @@ do
       as_fn_executable_p "$ac_path_EGREP" || continue
 # Check for GNU ac_path_EGREP and select it if it is found.
   # Check for GNU $ac_path_EGREP
-case `"$ac_path_EGREP" --version 2>&1` in #(
+case `"$ac_path_EGREP" --version 2>&1` in
 *GNU*)
   ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
-#(
 *)
   ac_count=0
   printf %s 0123456789 >"conftest.in"
@@ -8187,23 +8040,20 @@ else
   ac_cv_path_EGREP=$EGREP
 fi
 
-   fi ;;
-esac
+   fi
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
 printf "%s\n" "$ac_cv_path_EGREP" >&6; }
  EGREP="$ac_cv_path_EGREP"
 
-         EGREP_TRADITIONAL=$EGREP
- ac_cv_path_EGREP_TRADITIONAL=$EGREP
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
 printf %s "checking for fgrep... " >&6; }
 if test ${ac_cv_path_FGREP+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
+else $as_nop
+  if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
    then ac_cv_path_FGREP="$GREP -F"
    else
      if test -z "$FGREP"; then
@@ -8225,10 +8075,9 @@ do
       as_fn_executable_p "$ac_path_FGREP" || continue
 # Check for GNU ac_path_FGREP and select it if it is found.
   # Check for GNU $ac_path_FGREP
-case `"$ac_path_FGREP" --version 2>&1` in #(
+case `"$ac_path_FGREP" --version 2>&1` in
 *GNU*)
   ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
-#(
 *)
   ac_count=0
   printf %s 0123456789 >"conftest.in"
@@ -8264,8 +8113,7 @@ else
   ac_cv_path_FGREP=$FGREP
 fi
 
-   fi ;;
-esac
+   fi
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
 printf "%s\n" "$ac_cv_path_FGREP" >&6; }
@@ -8296,9 +8144,8 @@ test -z "$GREP" && GREP=grep
 if test ${with_gnu_ld+y}
 then :
   withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes
-else case e in #(
-  e) with_gnu_ld=no ;;
-esac
+else $as_nop
+  with_gnu_ld=no
 fi
 
 ac_prog=ld
@@ -8307,7 +8154,7 @@ if test yes = "$GCC"; then
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
 printf %s "checking for ld used by $CC... " >&6; }
   case $host in
-  *-*-mingw*)
+  *-*-mingw* | *-*-windows*)
     # gcc leaves a trailing carriage return, which upsets mingw
     ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
   *)
@@ -8343,8 +8190,8 @@ fi
 if test ${lt_cv_path_LD+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -z "$LD"; then
+else $as_nop
+  if test -z "$LD"; then
   lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
   for ac_dir in $PATH; do
     IFS=$lt_save_ifs
@@ -8367,8 +8214,7 @@ else case e in #(
   IFS=$lt_save_ifs
 else
   lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi ;;
-esac
+fi
 fi
 
 LD=$lt_cv_path_LD
@@ -8385,8 +8231,8 @@ printf %s "checking if the linker ($LD) is GNU ld... " >&6; }
 if test ${lt_cv_prog_gnu_ld+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) # I'd rather use --version here, but apparently some GNU lds only accept -v.
+else $as_nop
+  # I'd rather use --version here, but apparently some GNU lds only accept -v.
 case `$LD -v 2>&1 </dev/null` in
 *GNU* | *'with BFD'*)
   lt_cv_prog_gnu_ld=yes
@@ -8394,7 +8240,6 @@ case `$LD -v 2>&1 </dev/null` in
 *)
   lt_cv_prog_gnu_ld=no
   ;;
-esac ;;
 esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
@@ -8414,8 +8259,8 @@ printf %s "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
 if test ${lt_cv_path_NM+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$NM"; then
+else $as_nop
+  if test -n "$NM"; then
   # Let the user override the test.
   lt_cv_path_NM=$NM
 else
@@ -8436,16 +8281,16 @@ else
 	# Tru64's nm complains that /dev/null is an invalid object file
 	# MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
 	case $build_os in
-	mingw*) lt_bad_file=conftest.nm/nofile ;;
+	mingw* | windows*) lt_bad_file=conftest.nm/nofile ;;
 	*) lt_bad_file=/dev/null ;;
 	esac
-	case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
+	case `"$tmp_nm" -B $lt_bad_file 2>&1 | $SED '1q'` in
 	*$lt_bad_file* | *'Invalid file or object type'*)
 	  lt_cv_path_NM="$tmp_nm -B"
 	  break 2
 	  ;;
 	*)
-	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+	  case `"$tmp_nm" -p /dev/null 2>&1 | $SED '1q'` in
 	  */dev/null*)
 	    lt_cv_path_NM="$tmp_nm -p"
 	    break 2
@@ -8462,8 +8307,7 @@ else
     IFS=$lt_save_ifs
   done
   : ${lt_cv_path_NM=no}
-fi ;;
-esac
+fi
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
 printf "%s\n" "$lt_cv_path_NM" >&6; }
@@ -8484,8 +8328,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_DUMPBIN+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$DUMPBIN"; then
+else $as_nop
+  if test -n "$DUMPBIN"; then
   ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -8507,8 +8351,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 DUMPBIN=$ac_cv_prog_DUMPBIN
 if test -n "$DUMPBIN"; then
@@ -8534,8 +8377,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_DUMPBIN+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_DUMPBIN"; then
+else $as_nop
+  if test -n "$ac_ct_DUMPBIN"; then
   ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -8557,8 +8400,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
 if test -n "$ac_ct_DUMPBIN"; then
@@ -8586,7 +8428,7 @@ esac
   fi
 fi
 
-    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
+    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | $SED '1q'` in
     *COFF*)
       DUMPBIN="$DUMPBIN -symbols -headers"
       ;;
@@ -8612,8 +8454,8 @@ printf %s "checking the name lister ($NM) interface... " >&6; }
 if test ${lt_cv_nm_interface+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_nm_interface="BSD nm"
+else $as_nop
+  lt_cv_nm_interface="BSD nm"
   echo "int some_variable = 0;" > conftest.$ac_ext
   (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5)
   (eval "$ac_compile" 2>conftest.err)
@@ -8626,8 +8468,7 @@ else case e in #(
   if $GREP 'External.*some_variable' conftest.out > /dev/null; then
     lt_cv_nm_interface="MS dumpbin"
   fi
-  rm -f conftest* ;;
-esac
+  rm -f conftest*
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
 printf "%s\n" "$lt_cv_nm_interface" >&6; }
@@ -8649,8 +8490,8 @@ printf %s "checking the maximum length of command line arguments... " >&6; }
 if test ${lt_cv_sys_max_cmd_len+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)   i=0
+else $as_nop
+    i=0
   teststring=ABCD
 
   case $build_os in
@@ -8662,14 +8503,14 @@ else case e in #(
     lt_cv_sys_max_cmd_len=12288;    # 12K is about right
     ;;
 
-  gnu*)
-    # Under GNU Hurd, this test is not required because there is
-    # no limit to the length of command line arguments.
+  gnu* | ironclad*)
+    # Under GNU Hurd and Ironclad, this test is not required because there
+    # is no limit to the length of command line arguments.
     # Libtool will interpret -1 as no limit whatsoever
     lt_cv_sys_max_cmd_len=-1;
     ;;
 
-  cygwin* | mingw* | cegcc*)
+  cygwin* | mingw* | windows* | cegcc*)
     # On Win9x/ME, this test blows up -- it succeeds, but takes
     # about 5 minutes as the teststring grows exponentially.
     # Worse, since 9x/ME are not pre-emptively multitasking,
@@ -8691,7 +8532,7 @@ else case e in #(
     lt_cv_sys_max_cmd_len=8192;
     ;;
 
-  bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
+  darwin* | dragonfly* | freebsd* | midnightbsd* | netbsd* | openbsd*)
     # This has been around since 386BSD, at least.  Likely further.
     if test -x /sbin/sysctl; then
       lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
@@ -8734,7 +8575,7 @@ else case e in #(
   sysv5* | sco5v6* | sysv4.2uw2*)
     kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
     if test -n "$kargmax"; then
-      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[	 ]//'`
+      lt_cv_sys_max_cmd_len=`echo $kargmax | $SED 's/.*[	 ]//'`
     else
       lt_cv_sys_max_cmd_len=32768
     fi
@@ -8772,8 +8613,7 @@ else case e in #(
     fi
     ;;
   esac
- ;;
-esac
+
 fi
 
 if test -n "$lt_cv_sys_max_cmd_len"; then
@@ -8830,11 +8670,11 @@ printf %s "checking how to convert $build file names to $host format... " >&6; }
 if test ${lt_cv_to_host_file_cmd+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) case $host in
+else $as_nop
+  case $host in
   *-*-mingw* )
     case $build in
-      *-*-mingw* ) # actually msys
+      *-*-mingw* | *-*-windows* ) # actually msys
         lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
         ;;
       *-*-cygwin* )
@@ -8847,7 +8687,7 @@ else case e in #(
     ;;
   *-*-cygwin* )
     case $build in
-      *-*-mingw* ) # actually msys
+      *-*-mingw* | *-*-windows* ) # actually msys
         lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
         ;;
       *-*-cygwin* )
@@ -8862,8 +8702,7 @@ else case e in #(
     lt_cv_to_host_file_cmd=func_convert_file_noop
     ;;
 esac
- ;;
-esac
+
 fi
 
 to_host_file_cmd=$lt_cv_to_host_file_cmd
@@ -8879,20 +8718,19 @@ printf %s "checking how to convert $build file names to toolchain format... " >&
 if test ${lt_cv_to_tool_file_cmd+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) #assume ordinary cross tools, or native build.
+else $as_nop
+  #assume ordinary cross tools, or native build.
 lt_cv_to_tool_file_cmd=func_convert_file_noop
 case $host in
-  *-*-mingw* )
+  *-*-mingw* | *-*-windows* )
     case $build in
-      *-*-mingw* ) # actually msys
+      *-*-mingw* | *-*-windows* ) # actually msys
         lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
         ;;
     esac
     ;;
 esac
- ;;
-esac
+
 fi
 
 to_tool_file_cmd=$lt_cv_to_tool_file_cmd
@@ -8908,9 +8746,8 @@ printf %s "checking for $LD option to reload object files... " >&6; }
 if test ${lt_cv_ld_reload_flag+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_ld_reload_flag='-r' ;;
-esac
+else $as_nop
+  lt_cv_ld_reload_flag='-r'
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
 printf "%s\n" "$lt_cv_ld_reload_flag" >&6; }
@@ -8921,7 +8758,7 @@ case $reload_flag in
 esac
 reload_cmds='$LD$reload_flag -o $output$reload_objs'
 case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
+  cygwin* | mingw* | windows* | pw32* | cegcc*)
     if test yes != "$GCC"; then
       reload_cmds=false
     fi
@@ -8943,6 +8780,55 @@ esac
 
 
 
+# Extract the first word of "file", so it can be a program name with args.
+set dummy file; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_FILECMD+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$FILECMD"; then
+  ac_cv_prog_FILECMD="$FILECMD" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_FILECMD="file"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  test -z "$ac_cv_prog_FILECMD" && ac_cv_prog_FILECMD=":"
+fi
+fi
+FILECMD=$ac_cv_prog_FILECMD
+if test -n "$FILECMD"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $FILECMD" >&5
+printf "%s\n" "$FILECMD" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+
+
+
+
+
+
 if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
 set dummy ${ac_tool_prefix}objdump; ac_word=$2
@@ -8951,8 +8837,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_OBJDUMP+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$OBJDUMP"; then
+else $as_nop
+  if test -n "$OBJDUMP"; then
   ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -8974,8 +8860,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 OBJDUMP=$ac_cv_prog_OBJDUMP
 if test -n "$OBJDUMP"; then
@@ -8997,8 +8882,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_OBJDUMP+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_OBJDUMP"; then
+else $as_nop
+  if test -n "$ac_ct_OBJDUMP"; then
   ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9020,8 +8905,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
 if test -n "$ac_ct_OBJDUMP"; then
@@ -9062,8 +8946,8 @@ printf %s "checking how to recognize dependent libraries... " >&6; }
 if test ${lt_cv_deplibs_check_method+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_file_magic_cmd='$MAGIC_CMD'
+else $as_nop
+  lt_cv_file_magic_cmd='$MAGIC_CMD'
 lt_cv_file_magic_test_file=
 lt_cv_deplibs_check_method='unknown'
 # Need to set the preceding variable on all platforms that support
@@ -9071,7 +8955,6 @@ lt_cv_deplibs_check_method='unknown'
 # 'none' -- dependencies not supported.
 # 'unknown' -- same as none, but documents that we really don't know.
 # 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
 # 'file_magic [[regex]]' -- check by looking for files in library path
 # that responds to the $file_magic_cmd with a given extended regex.
 # If you have 'file' or equivalent on your system and you're not sure
@@ -9088,7 +8971,7 @@ beos*)
 
 bsdi[45]*)
   lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
+  lt_cv_file_magic_cmd='$FILECMD -L'
   lt_cv_file_magic_test_file=/shlib/libc.so
   ;;
 
@@ -9098,7 +8981,7 @@ cygwin*)
   lt_cv_file_magic_cmd='func_win32_libid'
   ;;
 
-mingw* | pw32*)
+mingw* | windows* | pw32*)
   # Base MSYS/MinGW do not provide the 'file' command needed by
   # func_win32_libid shell function, so use a weaker test based on 'objdump',
   # unless we find 'file', for example because we are cross-compiling.
@@ -9107,7 +8990,7 @@ mingw* | pw32*)
     lt_cv_file_magic_cmd='func_win32_libid'
   else
     # Keep this pattern in sync with the one in func_win32_libid.
-    lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
+    lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64|pe-aarch64)'
     lt_cv_file_magic_cmd='$OBJDUMP -f'
   fi
   ;;
@@ -9122,14 +9005,14 @@ darwin* | rhapsody*)
   lt_cv_deplibs_check_method=pass_all
   ;;
 
-freebsd* | dragonfly*)
+freebsd* | dragonfly* | midnightbsd*)
   if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
     case $host_cpu in
     i*86 )
       # Not sure whether the presence of OpenBSD here was a mistake.
       # Let's accept both of them until this is cleared up.
       lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
+      lt_cv_file_magic_cmd=$FILECMD
       lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
       ;;
     esac
@@ -9143,7 +9026,7 @@ haiku*)
   ;;
 
 hpux10.20* | hpux11*)
-  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_cmd=$FILECMD
   case $host_cpu in
   ia64*)
     lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
@@ -9180,7 +9063,11 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
   lt_cv_deplibs_check_method=pass_all
   ;;
 
-netbsd*)
+*-mlibc)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+netbsd* | netbsdelf*-gnu)
   if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
     lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
   else
@@ -9190,7 +9077,7 @@ netbsd*)
 
 newos6*)
   lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_cmd=$FILECMD
   lt_cv_file_magic_test_file=/usr/lib/libnls.so
   ;;
 
@@ -9198,7 +9085,7 @@ newos6*)
   lt_cv_deplibs_check_method=pass_all
   ;;
 
-openbsd* | bitrig*)
+openbsd*)
   if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
     lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
   else
@@ -9214,6 +9101,10 @@ rdos*)
   lt_cv_deplibs_check_method=pass_all
   ;;
 
+serenity*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
 solaris*)
   lt_cv_deplibs_check_method=pass_all
   ;;
@@ -9256,8 +9147,7 @@ os2*)
   lt_cv_deplibs_check_method=pass_all
   ;;
 esac
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
 printf "%s\n" "$lt_cv_deplibs_check_method" >&6; }
@@ -9266,7 +9156,7 @@ file_magic_glob=
 want_nocaseglob=no
 if test "$build" = "$host"; then
   case $host_os in
-  mingw* | pw32*)
+  mingw* | windows* | pw32*)
     if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
       want_nocaseglob=yes
     else
@@ -9309,8 +9199,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_DLLTOOL+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$DLLTOOL"; then
+else $as_nop
+  if test -n "$DLLTOOL"; then
   ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9332,8 +9222,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 DLLTOOL=$ac_cv_prog_DLLTOOL
 if test -n "$DLLTOOL"; then
@@ -9355,8 +9244,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_DLLTOOL+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_DLLTOOL"; then
+else $as_nop
+  if test -n "$ac_ct_DLLTOOL"; then
   ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9378,8 +9267,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL
 if test -n "$ac_ct_DLLTOOL"; then
@@ -9421,11 +9309,11 @@ printf %s "checking how to associate runtime and link libraries... " >&6; }
 if test ${lt_cv_sharedlib_from_linklib_cmd+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_sharedlib_from_linklib_cmd='unknown'
+else $as_nop
+  lt_cv_sharedlib_from_linklib_cmd='unknown'
 
 case $host_os in
-cygwin* | mingw* | pw32* | cegcc*)
+cygwin* | mingw* | windows* | pw32* | cegcc*)
   # two different shell functions defined in ltmain.sh;
   # decide which one to use based on capabilities of $DLLTOOL
   case `$DLLTOOL --help 2>&1` in
@@ -9442,8 +9330,7 @@ cygwin* | mingw* | pw32* | cegcc*)
   lt_cv_sharedlib_from_linklib_cmd=$ECHO
   ;;
 esac
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5
 printf "%s\n" "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
@@ -9457,6 +9344,108 @@ test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
 
 
 if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_RANLIB+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$RANLIB"; then
+  ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+printf "%s\n" "$RANLIB" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+  ac_ct_RANLIB=$RANLIB
+  # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_RANLIB+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$ac_ct_RANLIB"; then
+  ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_RANLIB="ranlib"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+printf "%s\n" "$ac_ct_RANLIB" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+  if test "x$ac_ct_RANLIB" = x; then
+    RANLIB=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    RANLIB=$ac_ct_RANLIB
+  fi
+else
+  RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+if test -n "$ac_tool_prefix"; then
   for ac_prog in ar
   do
     # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
@@ -9466,8 +9455,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_AR+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$AR"; then
+else $as_nop
+  if test -n "$AR"; then
   ac_cv_prog_AR="$AR" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9489,8 +9478,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 AR=$ac_cv_prog_AR
 if test -n "$AR"; then
@@ -9516,8 +9504,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_AR+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_AR"; then
+else $as_nop
+  if test -n "$ac_ct_AR"; then
   ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9539,8 +9527,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_AR=$ac_cv_prog_ac_ct_AR
 if test -n "$ac_ct_AR"; then
@@ -9569,13 +9556,29 @@ esac
 fi
 
 : ${AR=ar}
-: ${AR_FLAGS=cru}
 
 
 
 
 
 
+# Use ARFLAGS variable as AR's operation code to sync the variable naming with
+# Automake.  If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have
+# higher priority because that's what people were doing historically (setting
+# ARFLAGS for automake and AR_FLAGS for libtool).  FIXME: Make the AR_FLAGS
+# variable obsoleted/removed.
+
+test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr}
+lt_ar_flags=$AR_FLAGS
+
+
+
+
+
+
+# Make AR_FLAGS overridable by 'make ARFLAGS='.  Don't try to run-time override
+# by AR_FLAGS because that was never working and AR_FLAGS is about to die.
+
 
 
 
@@ -9586,8 +9589,8 @@ printf %s "checking for archiver @FILE support... " >&6; }
 if test ${lt_cv_ar_at_file+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_ar_at_file=no
+else $as_nop
+  lt_cv_ar_at_file=no
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -9624,8 +9627,7 @@ then :
 
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-   ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
 printf "%s\n" "$lt_cv_ar_at_file" >&6; }
@@ -9650,8 +9652,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_STRIP+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$STRIP"; then
+else $as_nop
+  if test -n "$STRIP"; then
   ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9673,8 +9675,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 STRIP=$ac_cv_prog_STRIP
 if test -n "$STRIP"; then
@@ -9696,8 +9697,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_STRIP+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_STRIP"; then
+else $as_nop
+  if test -n "$ac_ct_STRIP"; then
   ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9719,8 +9720,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
 if test -n "$ac_ct_STRIP"; then
@@ -9753,109 +9753,6 @@ test -z "$STRIP" && STRIP=:
 
 
 
-if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
-set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_RANLIB+y}
-then :
-  printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$RANLIB"; then
-  ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  case $as_dir in #(((
-    '') as_dir=./ ;;
-    */) ;;
-    *) as_dir=$as_dir/ ;;
-  esac
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
-    ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
-    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-fi ;;
-esac
-fi
-RANLIB=$ac_cv_prog_RANLIB
-if test -n "$RANLIB"; then
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
-printf "%s\n" "$RANLIB" >&6; }
-else
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_RANLIB"; then
-  ac_ct_RANLIB=$RANLIB
-  # Extract the first word of "ranlib", so it can be a program name with args.
-set dummy ranlib; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_RANLIB+y}
-then :
-  printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_RANLIB"; then
-  ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  case $as_dir in #(((
-    '') as_dir=./ ;;
-    */) ;;
-    *) as_dir=$as_dir/ ;;
-  esac
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
-    ac_cv_prog_ac_ct_RANLIB="ranlib"
-    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-fi ;;
-esac
-fi
-ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
-if test -n "$ac_ct_RANLIB"; then
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
-printf "%s\n" "$ac_ct_RANLIB" >&6; }
-else
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-  if test "x$ac_ct_RANLIB" = x; then
-    RANLIB=":"
-  else
-    case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
-    RANLIB=$ac_ct_RANLIB
-  fi
-else
-  RANLIB="$ac_cv_prog_RANLIB"
-fi
 
 test -z "$RANLIB" && RANLIB=:
 
@@ -9870,15 +9767,8 @@ old_postinstall_cmds='chmod 644 $oldlib'
 old_postuninstall_cmds=
 
 if test -n "$RANLIB"; then
-  case $host_os in
-  bitrig* | openbsd*)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
-    ;;
-  *)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
-    ;;
-  esac
   old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
+  old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
 fi
 
 case $host_os in
@@ -9917,8 +9807,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_AWK+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$AWK"; then
+else $as_nop
+  if test -n "$AWK"; then
   ac_cv_prog_AWK="$AWK" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9940,8 +9830,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 AWK=$ac_cv_prog_AWK
 if test -n "$AWK"; then
@@ -9990,8 +9879,8 @@ printf %s "checking command to parse $NM output from $compiler object... " >&6;
 if test ${lt_cv_sys_global_symbol_pipe+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 # These are sane defaults that work on at least a few old systems.
 # [They come from Ultrix.  What could be older than Ultrix?!! ;)]
 
@@ -10006,7 +9895,7 @@ case $host_os in
 aix*)
   symcode='[BCDT]'
   ;;
-cygwin* | mingw* | pw32* | cegcc*)
+cygwin* | mingw* | windows* | pw32* | cegcc*)
   symcode='[ABCDGISTW]'
   ;;
 hpux*)
@@ -10021,7 +9910,7 @@ osf*)
   symcode='[BCDEGQRST]'
   ;;
 solaris*)
-  symcode='[BDRT]'
+  symcode='[BCDRT]'
   ;;
 sco3.2v5*)
   symcode='[DT]'
@@ -10045,7 +9934,7 @@ esac
 
 if test "$lt_cv_nm_interface" = "MS dumpbin"; then
   # Gets list of data symbols to import.
-  lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
+  lt_cv_sys_global_symbol_to_import="$SED -n -e 's/^I .* \(.*\)$/\1/p'"
   # Adjust the below global symbol transforms to fixup imported variables.
   lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
   lt_c_name_hook=" -e 's/^I .* \(.*\)$/  {\"\1\", (void *) 0},/p'"
@@ -10063,20 +9952,20 @@ fi
 # Transform an extracted symbol line into a proper C declaration.
 # Some systems (esp. on ia64) link data and code symbols differently,
 # so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
+lt_cv_sys_global_symbol_to_cdecl="$SED -n"\
 $lt_cdecl_hook\
 " -e 's/^T .* \(.*\)$/extern int \1();/p'"\
 " -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
 
 # Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
+lt_cv_sys_global_symbol_to_c_name_address="$SED -n"\
 $lt_c_name_hook\
 " -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
 " -e 's/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/p'"
 
 # Transform an extracted symbol line into symbol name with lib prefix and
 # symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="$SED -n"\
 $lt_c_name_lib_hook\
 " -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
 " -e 's/^$symcode$symcode* .* \(lib.*\)$/  {\"\1\", (void *) \&\1},/p'"\
@@ -10085,7 +9974,7 @@ $lt_c_name_lib_hook\
 # Handle CRLF in mingw tool chain
 opt_cr=
 case $build_os in
-mingw*)
+mingw* | windows*)
   opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
   ;;
 esac
@@ -10100,7 +9989,7 @@ for ac_symprfx in "" "_"; do
   if test "$lt_cv_nm_interface" = "MS dumpbin"; then
     # Fake it for dumpbin and say T for any non-static function,
     # D for any global variable and I for any imported variable.
-    # Also find C++ and __fastcall symbols from MSVC++,
+    # Also find C++ and __fastcall symbols from MSVC++ or ICC,
     # which start with @ or ?.
     lt_cv_sys_global_symbol_pipe="$AWK '"\
 "     {last_section=section; section=\$ 3};"\
@@ -10118,9 +10007,9 @@ for ac_symprfx in "" "_"; do
 "     s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
 "     ' prfx=^$ac_symprfx"
   else
-    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[	 ]\($symcode$symcode*\)[	 ][	 ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+    lt_cv_sys_global_symbol_pipe="$SED -n -e 's/^.*[	 ]\($symcode$symcode*\)[	 ][	 ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
   fi
-  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
+  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | $SED '/ __gnu_lto/d'"
 
   # Check to see that the pipe works correctly.
   pipe_works=no
@@ -10136,7 +10025,7 @@ void nm_test_func(void){}
 #ifdef __cplusplus
 }
 #endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
+int main(void){nm_test_var='a';nm_test_func();return(0);}
 _LT_EOF
 
   if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
@@ -10146,11 +10035,8 @@ _LT_EOF
   test $ac_status = 0; }; then
     # Now try to grab the symbols.
     nlist=conftest.nm
-    if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5
-  (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5
-  ac_status=$?
-  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-  test $ac_status = 0; } && test -s "$nlist"; then
+    $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&5
+    if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&5 && test -s "$nlist"; then
       # Try sorting and uniquifying the output.
       if sort "$nlist" | uniq > "$nlist"T; then
 	mv -f "$nlist"T "$nlist"
@@ -10246,8 +10132,7 @@ _LT_EOF
     lt_cv_sys_global_symbol_pipe=
   fi
 done
- ;;
-esac
+
 fi
 
 if test -z "$lt_cv_sys_global_symbol_pipe"; then
@@ -10311,9 +10196,8 @@ printf %s "checking for sysroot... " >&6; }
 if test ${with_sysroot+y}
 then :
   withval=$with_sysroot;
-else case e in #(
-  e) with_sysroot=no ;;
-esac
+else $as_nop
+  with_sysroot=no
 fi
 
 
@@ -10321,11 +10205,13 @@ lt_sysroot=
 case $with_sysroot in #(
  yes)
    if test yes = "$GCC"; then
-     lt_sysroot=`$CC --print-sysroot 2>/dev/null`
+     # Trim trailing / since we'll always append absolute paths and we want
+     # to avoid //, if only for less confusing output for the user.
+     lt_sysroot=`$CC --print-sysroot 2>/dev/null | $SED 's:/\+$::'`
    fi
    ;; #(
  /*)
-   lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
+   lt_sysroot=`echo "$with_sysroot" | $SED -e "$sed_quote_subst"`
    ;; #(
  no|'')
    ;; #(
@@ -10348,8 +10234,8 @@ printf %s "checking for a working dd... " >&6; }
 if test ${ac_cv_path_lt_DD+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) printf 0123456789abcdef0123456789abcdef >conftest.i
+else $as_nop
+  printf 0123456789abcdef0123456789abcdef >conftest.i
 cat conftest.i conftest.i >conftest2.i
 : ${lt_DD:=$DD}
 if test -z "$lt_DD"; then
@@ -10385,8 +10271,7 @@ else
   ac_cv_path_lt_DD=$lt_DD
 fi
 
-rm -f conftest.i conftest2.i conftest.out ;;
-esac
+rm -f conftest.i conftest2.i conftest.out
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5
 printf "%s\n" "$ac_cv_path_lt_DD" >&6; }
@@ -10397,8 +10282,8 @@ printf %s "checking how to truncate binary pipes... " >&6; }
 if test ${lt_cv_truncate_bin+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) printf 0123456789abcdef0123456789abcdef >conftest.i
+else $as_nop
+  printf 0123456789abcdef0123456789abcdef >conftest.i
 cat conftest.i conftest.i >conftest2.i
 lt_cv_truncate_bin=
 if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
@@ -10406,8 +10291,7 @@ if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; the
   && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
 fi
 rm -f conftest.i conftest2.i conftest.out
-test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q" ;;
-esac
+test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5
 printf "%s\n" "$lt_cv_truncate_bin" >&6; }
@@ -10452,7 +10336,7 @@ ia64-*-hpux*)
   ac_status=$?
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *ELF-32*)
 	HPUX_IA64_MODE=32
 	;;
@@ -10473,7 +10357,7 @@ ia64-*-hpux*)
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
     if test yes = "$lt_cv_prog_gnu_ld"; then
-      case `/usr/bin/file conftest.$ac_objext` in
+      case `$FILECMD conftest.$ac_objext` in
 	*32-bit*)
 	  LD="${LD-ld} -melf32bsmip"
 	  ;;
@@ -10485,7 +10369,7 @@ ia64-*-hpux*)
 	;;
       esac
     else
-      case `/usr/bin/file conftest.$ac_objext` in
+      case `$FILECMD conftest.$ac_objext` in
 	*32-bit*)
 	  LD="${LD-ld} -32"
 	  ;;
@@ -10511,7 +10395,7 @@ mips64*-*linux*)
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
     emul=elf
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *32-bit*)
 	emul="${emul}32"
 	;;
@@ -10519,7 +10403,7 @@ mips64*-*linux*)
 	emul="${emul}64"
 	;;
     esac
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *MSB*)
 	emul="${emul}btsmip"
 	;;
@@ -10527,7 +10411,7 @@ mips64*-*linux*)
 	emul="${emul}ltsmip"
 	;;
     esac
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *N32*)
 	emul="${emul}n32"
 	;;
@@ -10538,7 +10422,7 @@ mips64*-*linux*)
   ;;
 
 x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
+s390*-*linux*|s390*-*tpf*|sparc*-*linux*|x86_64-gnu*)
   # Find out what ABI is being produced by ac_compile, and set linker
   # options accordingly.  Note that the listed cases only cover the
   # situations where additional linker options are needed (such as when
@@ -10551,14 +10435,14 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
   ac_status=$?
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
-    case `/usr/bin/file conftest.o` in
+    case `$FILECMD conftest.o` in
       *32-bit*)
 	case $host in
 	  x86_64-*kfreebsd*-gnu)
 	    LD="${LD-ld} -m elf_i386_fbsd"
 	    ;;
-	  x86_64-*linux*)
-	    case `/usr/bin/file conftest.o` in
+	  x86_64-*linux*|x86_64-gnu*)
+	    case `$FILECMD conftest.o` in
 	      *x86-64*)
 		LD="${LD-ld} -m elf32_x86_64"
 		;;
@@ -10586,7 +10470,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
 	  x86_64-*kfreebsd*-gnu)
 	    LD="${LD-ld} -m elf_x86_64_fbsd"
 	    ;;
-	  x86_64-*linux*)
+	  x86_64-*linux*|x86_64-gnu*)
 	    LD="${LD-ld} -m elf_x86_64"
 	    ;;
 	  powerpcle-*linux*)
@@ -10617,8 +10501,8 @@ printf %s "checking whether the C compiler needs -belf... " >&6; }
 if test ${lt_cv_cc_needs_belf+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_ext=c
+else $as_nop
+  ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
@@ -10638,9 +10522,8 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   lt_cv_cc_needs_belf=yes
-else case e in #(
-  e) lt_cv_cc_needs_belf=no ;;
-esac
+else $as_nop
+  lt_cv_cc_needs_belf=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -10649,8 +10532,7 @@ ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
 printf "%s\n" "$lt_cv_cc_needs_belf" >&6; }
@@ -10668,7 +10550,7 @@ printf "%s\n" "$lt_cv_cc_needs_belf" >&6; }
   ac_status=$?
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
-    case `/usr/bin/file conftest.o` in
+    case `$FILECMD conftest.o` in
     *64-bit*)
       case $lt_cv_prog_gnu_ld in
       yes*)
@@ -10708,8 +10590,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_MANIFEST_TOOL+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$MANIFEST_TOOL"; then
+else $as_nop
+  if test -n "$MANIFEST_TOOL"; then
   ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -10731,8 +10613,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL
 if test -n "$MANIFEST_TOOL"; then
@@ -10754,8 +10635,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_MANIFEST_TOOL+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_MANIFEST_TOOL"; then
+else $as_nop
+  if test -n "$ac_ct_MANIFEST_TOOL"; then
   ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -10777,8 +10658,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL
 if test -n "$ac_ct_MANIFEST_TOOL"; then
@@ -10807,23 +10687,22 @@ fi
 test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5
 printf %s "checking if $MANIFEST_TOOL is a manifest tool... " >&6; }
-if test ${lt_cv_path_mainfest_tool+y}
+if test ${lt_cv_path_manifest_tool+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_path_mainfest_tool=no
+else $as_nop
+  lt_cv_path_manifest_tool=no
   echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5
   $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
   cat conftest.err >&5
   if $GREP 'Manifest Tool' conftest.out > /dev/null; then
-    lt_cv_path_mainfest_tool=yes
+    lt_cv_path_manifest_tool=yes
   fi
-  rm -f conftest* ;;
-esac
+  rm -f conftest*
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
-printf "%s\n" "$lt_cv_path_mainfest_tool" >&6; }
-if test yes != "$lt_cv_path_mainfest_tool"; then
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_manifest_tool" >&5
+printf "%s\n" "$lt_cv_path_manifest_tool" >&6; }
+if test yes != "$lt_cv_path_manifest_tool"; then
   MANIFEST_TOOL=:
 fi
 
@@ -10842,8 +10721,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_DSYMUTIL+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$DSYMUTIL"; then
+else $as_nop
+  if test -n "$DSYMUTIL"; then
   ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -10865,8 +10744,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 DSYMUTIL=$ac_cv_prog_DSYMUTIL
 if test -n "$DSYMUTIL"; then
@@ -10888,8 +10766,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_DSYMUTIL+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_DSYMUTIL"; then
+else $as_nop
+  if test -n "$ac_ct_DSYMUTIL"; then
   ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -10911,8 +10789,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
 if test -n "$ac_ct_DSYMUTIL"; then
@@ -10946,8 +10823,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_NMEDIT+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$NMEDIT"; then
+else $as_nop
+  if test -n "$NMEDIT"; then
   ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -10969,8 +10846,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 NMEDIT=$ac_cv_prog_NMEDIT
 if test -n "$NMEDIT"; then
@@ -10992,8 +10868,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_NMEDIT+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_NMEDIT"; then
+else $as_nop
+  if test -n "$ac_ct_NMEDIT"; then
   ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -11015,8 +10891,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
 if test -n "$ac_ct_NMEDIT"; then
@@ -11050,8 +10925,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_LIPO+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$LIPO"; then
+else $as_nop
+  if test -n "$LIPO"; then
   ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -11073,8 +10948,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 LIPO=$ac_cv_prog_LIPO
 if test -n "$LIPO"; then
@@ -11096,8 +10970,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_LIPO+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_LIPO"; then
+else $as_nop
+  if test -n "$ac_ct_LIPO"; then
   ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -11119,8 +10993,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
 if test -n "$ac_ct_LIPO"; then
@@ -11154,8 +11027,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_OTOOL+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$OTOOL"; then
+else $as_nop
+  if test -n "$OTOOL"; then
   ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -11177,8 +11050,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 OTOOL=$ac_cv_prog_OTOOL
 if test -n "$OTOOL"; then
@@ -11200,8 +11072,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_OTOOL+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_OTOOL"; then
+else $as_nop
+  if test -n "$ac_ct_OTOOL"; then
   ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -11223,8 +11095,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
 if test -n "$ac_ct_OTOOL"; then
@@ -11258,8 +11129,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_OTOOL64+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$OTOOL64"; then
+else $as_nop
+  if test -n "$OTOOL64"; then
   ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -11281,8 +11152,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 OTOOL64=$ac_cv_prog_OTOOL64
 if test -n "$OTOOL64"; then
@@ -11304,8 +11174,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_OTOOL64+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_OTOOL64"; then
+else $as_nop
+  if test -n "$ac_ct_OTOOL64"; then
   ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -11327,8 +11197,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
 if test -n "$ac_ct_OTOOL64"; then
@@ -11385,8 +11254,8 @@ printf %s "checking for -single_module linker flag... " >&6; }
 if test ${lt_cv_apple_cc_single_mod+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_apple_cc_single_mod=no
+else $as_nop
+  lt_cv_apple_cc_single_mod=no
       if test -z "$LT_MULTI_MODULE"; then
 	# By default we will add the -single_module flag. You can override
 	# by either setting the environment variable LT_MULTI_MODULE
@@ -11412,19 +11281,55 @@ else case e in #(
 	fi
 	rm -rf libconftest.dylib*
 	rm -f conftest.*
-      fi ;;
-esac
+      fi
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
 printf "%s\n" "$lt_cv_apple_cc_single_mod" >&6; }
 
+    # Feature test to disable chained fixups since it is not
+    # compatible with '-undefined dynamic_lookup'
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -no_fixup_chains linker flag" >&5
+printf %s "checking for -no_fixup_chains linker flag... " >&6; }
+if test ${lt_cv_support_no_fixup_chains+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+   save_LDFLAGS=$LDFLAGS
+        LDFLAGS="$LDFLAGS -Wl,-no_fixup_chains"
+        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  lt_cv_support_no_fixup_chains=yes
+else $as_nop
+  lt_cv_support_no_fixup_chains=no
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+        LDFLAGS=$save_LDFLAGS
+
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_support_no_fixup_chains" >&5
+printf "%s\n" "$lt_cv_support_no_fixup_chains" >&6; }
+
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
 printf %s "checking for -exported_symbols_list linker flag... " >&6; }
 if test ${lt_cv_ld_exported_symbols_list+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_ld_exported_symbols_list=no
+else $as_nop
+  lt_cv_ld_exported_symbols_list=no
       save_LDFLAGS=$LDFLAGS
       echo "_main" > conftest.sym
       LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
@@ -11442,15 +11347,13 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   lt_cv_ld_exported_symbols_list=yes
-else case e in #(
-  e) lt_cv_ld_exported_symbols_list=no ;;
-esac
+else $as_nop
+  lt_cv_ld_exported_symbols_list=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
 	LDFLAGS=$save_LDFLAGS
-     ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
 printf "%s\n" "$lt_cv_ld_exported_symbols_list" >&6; }
@@ -11460,19 +11363,19 @@ printf %s "checking for -force_load linker flag... " >&6; }
 if test ${lt_cv_ld_force_load+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_ld_force_load=no
+else $as_nop
+  lt_cv_ld_force_load=no
       cat > conftest.c << _LT_EOF
 int forced_loaded() { return 2;}
 _LT_EOF
       echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5
       $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5
-      echo "$AR cru libconftest.a conftest.o" >&5
-      $AR cru libconftest.a conftest.o 2>&5
+      echo "$AR $AR_FLAGS libconftest.a conftest.o" >&5
+      $AR $AR_FLAGS libconftest.a conftest.o 2>&5
       echo "$RANLIB libconftest.a" >&5
       $RANLIB libconftest.a 2>&5
       cat > conftest.c << _LT_EOF
-int main() { return 0;}
+int main(void) { return 0;}
 _LT_EOF
       echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5
       $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
@@ -11486,8 +11389,7 @@ _LT_EOF
       fi
         rm -f conftest.err libconftest.a conftest conftest.c
         rm -rf conftest.dSYM
-     ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5
 printf "%s\n" "$lt_cv_ld_force_load" >&6; }
@@ -11496,23 +11398,37 @@ printf "%s\n" "$lt_cv_ld_force_load" >&6; }
       _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
     darwin1.*)
       _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-    darwin*) # darwin 5.x on
-      # if running on 10.5 or later, the deployment target defaults
-      # to the OS version, if on x86, and 10.4, the deployment
-      # target defaults to 10.4. Don't you love it?
-      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
-	10.0,*86*-darwin8*|10.0,*-darwin[91]*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-	10.[012][,.]*)
-	  _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-	10.*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
+    darwin*)
+      case $MACOSX_DEPLOYMENT_TARGET,$host in
+        10.[012],*|,*powerpc*-darwin[5-8]*)
+          _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
+        *)
+          _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup'
+          if test yes = "$lt_cv_support_no_fixup_chains"; then
+            as_fn_append _lt_dar_allow_undefined ' $wl-no_fixup_chains'
+          fi
+        ;;
       esac
     ;;
   esac
     if test yes = "$lt_cv_apple_cc_single_mod"; then
       _lt_dar_single_mod='$single_module'
     fi
+    _lt_dar_needs_single_mod=no
+    case $host_os in
+    rhapsody* | darwin1.*)
+      _lt_dar_needs_single_mod=yes ;;
+    darwin*)
+      # When targeting Mac OS X 10.4 (darwin 8) or later,
+      # -single_module is the default and -multi_module is unsupported.
+      # The toolchain on macOS 10.14 (darwin 18) and later cannot
+      # target any OS version that needs -single_module.
+      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
+      10.0,*-darwin[567].*|10.[0-3],*-darwin[5-9].*|10.[0-3],*-darwin1[0-7].*)
+        _lt_dar_needs_single_mod=yes ;;
+      esac
+    ;;
+    esac
     if test yes = "$lt_cv_ld_exported_symbols_list"; then
       _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
     else
@@ -11605,9 +11521,8 @@ then :
       IFS=$lt_save_ifs
       ;;
     esac
-else case e in #(
-  e) enable_shared=yes ;;
-esac
+else $as_nop
+  enable_shared=yes
 fi
 
 
@@ -11638,9 +11553,8 @@ then :
       IFS=$lt_save_ifs
       ;;
     esac
-else case e in #(
-  e) enable_static=yes ;;
-esac
+else $as_nop
+  enable_static=yes
 fi
 
 
@@ -11651,29 +11565,50 @@ fi
 
 
 
-
-# Check whether --with-pic was given.
+  # Check whether --enable-pic was given.
+if test ${enable_pic+y}
+then :
+  enableval=$enable_pic; lt_p=${PACKAGE-default}
+     case $enableval in
+     yes|no) pic_mode=$enableval ;;
+     *)
+       pic_mode=default
+       # Look at the argument we got.  We use all the common list separators.
+       lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
+       for lt_pkg in $enableval; do
+	 IFS=$lt_save_ifs
+	 if test "X$lt_pkg" = "X$lt_p"; then
+	   pic_mode=yes
+	 fi
+       done
+       IFS=$lt_save_ifs
+       ;;
+     esac
+else $as_nop
+            # Check whether --with-pic was given.
 if test ${with_pic+y}
 then :
   withval=$with_pic; lt_p=${PACKAGE-default}
-    case $withval in
-    yes|no) pic_mode=$withval ;;
-    *)
-      pic_mode=default
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for lt_pkg in $withval; do
-	IFS=$lt_save_ifs
-	if test "X$lt_pkg" = "X$lt_p"; then
-	  pic_mode=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac
-else case e in #(
-  e) pic_mode=default ;;
-esac
+	 case $withval in
+	 yes|no) pic_mode=$withval ;;
+	 *)
+	   pic_mode=default
+	   # Look at the argument we got.  We use all the common list separators.
+	   lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
+	   for lt_pkg in $withval; do
+	     IFS=$lt_save_ifs
+	     if test "X$lt_pkg" = "X$lt_p"; then
+	       pic_mode=yes
+	     fi
+	   done
+	   IFS=$lt_save_ifs
+	   ;;
+	 esac
+else $as_nop
+  pic_mode=default
+fi
+
+
 fi
 
 
@@ -11703,9 +11638,8 @@ then :
       IFS=$lt_save_ifs
       ;;
     esac
-else case e in #(
-  e) enable_fast_install=yes ;;
-esac
+else $as_nop
+  enable_fast_install=yes
 fi
 
 
@@ -11720,31 +11654,43 @@ case $host,$enable_shared in
 power*-*-aix[5-9]*,yes)
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5
 printf %s "checking which variant of shared library versioning to provide... " >&6; }
-
-# Check whether --with-aix-soname was given.
+  # Check whether --enable-aix-soname was given.
+if test ${enable_aix_soname+y}
+then :
+  enableval=$enable_aix_soname; case $enableval in
+     aix|svr4|both)
+       ;;
+     *)
+       as_fn_error $? "Unknown argument to --enable-aix-soname" "$LINENO" 5
+       ;;
+     esac
+     lt_cv_with_aix_soname=$enable_aix_soname
+else $as_nop
+  # Check whether --with-aix-soname was given.
 if test ${with_aix_soname+y}
 then :
   withval=$with_aix_soname; case $withval in
-    aix|svr4|both)
-      ;;
-    *)
-      as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5
-      ;;
-    esac
-    lt_cv_with_aix_soname=$with_aix_soname
-else case e in #(
-  e) if test ${lt_cv_with_aix_soname+y}
+         aix|svr4|both)
+           ;;
+         *)
+           as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5
+           ;;
+         esac
+         lt_cv_with_aix_soname=$with_aix_soname
+else $as_nop
+  if test ${lt_cv_with_aix_soname+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_with_aix_soname=aix ;;
-esac
+else $as_nop
+  lt_cv_with_aix_soname=aix
 fi
 
-    with_aix_soname=$lt_cv_with_aix_soname ;;
-esac
 fi
 
+     enable_aix_soname=$lt_cv_with_aix_soname
+fi
+
+  with_aix_soname=$enable_aix_soname
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5
 printf "%s\n" "$with_aix_soname" >&6; }
   if test aix != "$with_aix_soname"; then
@@ -11833,8 +11779,8 @@ printf %s "checking for objdir... " >&6; }
 if test ${lt_cv_objdir+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) rm -f .libs 2>/dev/null
+else $as_nop
+  rm -f .libs 2>/dev/null
 mkdir .libs 2>/dev/null
 if test -d .libs; then
   lt_cv_objdir=.libs
@@ -11842,8 +11788,7 @@ else
   # MS-DOS does not allow filenames that begin with a dot.
   lt_cv_objdir=_libs
 fi
-rmdir .libs 2>/dev/null ;;
-esac
+rmdir .libs 2>/dev/null
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
 printf "%s\n" "$lt_cv_objdir" >&6; }
@@ -11874,8 +11819,8 @@ esac
 ofile=libtool
 can_build_shared=yes
 
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
+# All known linkers require a '.a' archive for static linking (except MSVC and
+# ICC, which need '.lib').
 libext=a
 
 with_gnu_ld=$lt_cv_prog_gnu_ld
@@ -11904,8 +11849,8 @@ printf %s "checking for ${ac_tool_prefix}file... " >&6; }
 if test ${lt_cv_path_MAGIC_CMD+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) case $MAGIC_CMD in
+else $as_nop
+  case $MAGIC_CMD in
 [\\/*] |  ?:[\\/]*)
   lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
   ;;
@@ -11948,7 +11893,6 @@ _LT_EOF
   IFS=$lt_save_ifs
   MAGIC_CMD=$lt_save_MAGIC_CMD
   ;;
-esac ;;
 esac
 fi
 
@@ -11972,8 +11916,8 @@ printf %s "checking for file... " >&6; }
 if test ${lt_cv_path_MAGIC_CMD+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) case $MAGIC_CMD in
+else $as_nop
+  case $MAGIC_CMD in
 [\\/*] |  ?:[\\/]*)
   lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
   ;;
@@ -12016,7 +11960,6 @@ _LT_EOF
   IFS=$lt_save_ifs
   MAGIC_CMD=$lt_save_MAGIC_CMD
   ;;
-esac ;;
 esac
 fi
 
@@ -12060,7 +12003,7 @@ objext=$objext
 lt_simple_compile_test_code="int some_variable = 0;"
 
 # Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
+lt_simple_link_test_code='int main(void){return(0);}'
 
 
 
@@ -12112,8 +12055,8 @@ printf %s "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
 if test ${lt_cv_prog_compiler_rtti_exceptions+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_prog_compiler_rtti_exceptions=no
+else $as_nop
+  lt_cv_prog_compiler_rtti_exceptions=no
    ac_outfile=conftest.$ac_objext
    echo "$lt_simple_compile_test_code" > conftest.$ac_ext
    lt_compiler_flag="-fno-rtti -fno-exceptions"  ## exclude from sc_useless_quotes_in_assignment
@@ -12141,8 +12084,7 @@ else case e in #(
      fi
    fi
    $RM conftest*
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
 printf "%s\n" "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
@@ -12198,7 +12140,7 @@ lt_prog_compiler_static=
       # PIC is the default for these OSes.
       ;;
 
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
+    mingw* | windows* | cygwin* | pw32* | os2* | cegcc*)
       # This hack is so that the source file can tell whether it is being
       # built for inclusion in a dll (and should export symbols for example).
       # Although the cygwin gcc ignores -fPIC, still need this for old-style
@@ -12301,7 +12243,7 @@ lt_prog_compiler_static=
       esac
       ;;
 
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
+    mingw* | windows* | cygwin* | pw32* | os2* | cegcc*)
       # This hack is so that the source file can tell whether it is being
       # built for inclusion in a dll (and should export symbols for example).
       lt_prog_compiler_pic='-DDLL_EXPORT'
@@ -12342,6 +12284,12 @@ lt_prog_compiler_static=
 	lt_prog_compiler_pic='-KPIC'
 	lt_prog_compiler_static='-static'
         ;;
+      *flang* | ftn | f18* | f95*)
+        # Flang compiler.
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-fPIC'
+	lt_prog_compiler_static='-static'
+        ;;
       # icc used to be incompatible with GCC.
       # ICC 10 doesn't accept -KPIC any more.
       icc* | ifort*)
@@ -12386,7 +12334,7 @@ lt_prog_compiler_static=
 	lt_prog_compiler_static='-qstaticlink'
 	;;
       *)
-	case `$CC -V 2>&1 | sed 5q` in
+	case `$CC -V 2>&1 | $SED 5q` in
 	*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*)
 	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
 	  lt_prog_compiler_pic='-KPIC'
@@ -12424,6 +12372,12 @@ lt_prog_compiler_static=
       lt_prog_compiler_static='-Bstatic'
       ;;
 
+    *-mlibc)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_pic='-fPIC'
+      lt_prog_compiler_static='-static'
+      ;;
+
     *nto* | *qnx*)
       # QNX uses GNU C++, but need to define -shared option too, otherwise
       # it will coredump.
@@ -12440,6 +12394,9 @@ lt_prog_compiler_static=
       lt_prog_compiler_static='-non_shared'
       ;;
 
+    serenity*)
+      ;;
+
     solaris*)
       lt_prog_compiler_pic='-KPIC'
       lt_prog_compiler_static='-Bstatic'
@@ -12507,9 +12464,8 @@ printf %s "checking for $compiler option to produce PIC... " >&6; }
 if test ${lt_cv_prog_compiler_pic+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_prog_compiler_pic=$lt_prog_compiler_pic ;;
-esac
+else $as_nop
+  lt_cv_prog_compiler_pic=$lt_prog_compiler_pic
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
 printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; }
@@ -12524,8 +12480,8 @@ printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6;
 if test ${lt_cv_prog_compiler_pic_works+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_prog_compiler_pic_works=no
+else $as_nop
+  lt_cv_prog_compiler_pic_works=no
    ac_outfile=conftest.$ac_objext
    echo "$lt_simple_compile_test_code" > conftest.$ac_ext
    lt_compiler_flag="$lt_prog_compiler_pic -DPIC"  ## exclude from sc_useless_quotes_in_assignment
@@ -12553,8 +12509,7 @@ else case e in #(
      fi
    fi
    $RM conftest*
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
 printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; }
@@ -12590,8 +12545,8 @@ printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6;
 if test ${lt_cv_prog_compiler_static_works+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_prog_compiler_static_works=no
+else $as_nop
+  lt_cv_prog_compiler_static_works=no
    save_LDFLAGS=$LDFLAGS
    LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
    echo "$lt_simple_link_test_code" > conftest.$ac_ext
@@ -12612,8 +12567,7 @@ else case e in #(
    fi
    $RM -r conftest*
    LDFLAGS=$save_LDFLAGS
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
 printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; }
@@ -12635,8 +12589,8 @@ printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
 if test ${lt_cv_prog_compiler_c_o+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_prog_compiler_c_o=no
+else $as_nop
+  lt_cv_prog_compiler_c_o=no
    $RM -r conftest 2>/dev/null
    mkdir conftest
    cd conftest
@@ -12676,8 +12630,7 @@ else case e in #(
    cd ..
    $RM -r conftest
    $RM conftest*
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
 printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
@@ -12692,8 +12645,8 @@ printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
 if test ${lt_cv_prog_compiler_c_o+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_prog_compiler_c_o=no
+else $as_nop
+  lt_cv_prog_compiler_c_o=no
    $RM -r conftest 2>/dev/null
    mkdir conftest
    cd conftest
@@ -12733,8 +12686,7 @@ else case e in #(
    cd ..
    $RM -r conftest
    $RM conftest*
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
 printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
@@ -12813,21 +12765,18 @@ printf %s "checking whether the $compiler linker ($LD) supports shared libraries
   extract_expsyms_cmds=
 
   case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
+  cygwin* | mingw* | windows* | pw32* | cegcc*)
+    # FIXME: the MSVC++ and ICC port hasn't been tested in a loooong time
     # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
+    # Microsoft Visual C++ or Intel C++ Compiler.
     if test yes != "$GCC"; then
       with_gnu_ld=no
     fi
     ;;
   interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
+    # we just hope/assume this is gcc and not c89 (= MSVC++ or ICC)
     with_gnu_ld=yes
     ;;
-  openbsd* | bitrig*)
-    with_gnu_ld=no
-    ;;
   esac
 
   ld_shlibs=yes
@@ -12874,7 +12823,7 @@ printf %s "checking whether the $compiler linker ($LD) supports shared libraries
       whole_archive_flag_spec=
     fi
     supports_anon_versioning=no
-    case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in
+    case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
       *GNU\ gold*) supports_anon_versioning=yes ;;
       *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
       *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
@@ -12928,7 +12877,7 @@ _LT_EOF
       fi
       ;;
 
-    cygwin* | mingw* | pw32* | cegcc*)
+    cygwin* | mingw* | windows* | pw32* | cegcc*)
       # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
       # as there is no search path for DLLs.
       hardcode_libdir_flag_spec='-L$libdir'
@@ -12938,6 +12887,7 @@ _LT_EOF
       enable_shared_with_static_runtimes=yes
       export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols'
       exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'
+      file_list_spec='@'
 
       if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
         archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
@@ -12957,7 +12907,7 @@ _LT_EOF
 
     haiku*)
       archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-      link_all_deplibs=yes
+      link_all_deplibs=no
       ;;
 
     os2*)
@@ -12984,8 +12934,9 @@ _LT_EOF
 	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
 	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
 	emximp -o $lib $output_objdir/$libname.def'
-      old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+      old_archive_from_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
       enable_shared_with_static_runtimes=yes
+      file_list_spec='@'
       ;;
 
     interix[3-9]*)
@@ -13000,7 +12951,7 @@ _LT_EOF
       # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
       # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
       archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      archive_expsym_cmds='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
       ;;
 
     gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
@@ -13043,7 +12994,7 @@ _LT_EOF
 	  compiler_needs_object=yes
 	  ;;
 	esac
-	case `$CC -V 2>&1 | sed 5q` in
+	case `$CC -V 2>&1 | $SED 5q` in
 	*Sun\ C*)			# Sun C 5.9
 	  whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
 	  compiler_needs_object=yes
@@ -13055,13 +13006,14 @@ _LT_EOF
 
         if test yes = "$supports_anon_versioning"; then
           archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
-            cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+            cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
             echo "local: *; };" >> $output_objdir/$libname.ver~
             $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
         fi
 
 	case $cc_basename in
 	tcc*)
+	  hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
 	  export_dynamic_flag_spec='-rdynamic'
 	  ;;
 	xlf* | bgf* | bgxlf* | mpixlf*)
@@ -13071,7 +13023,7 @@ _LT_EOF
 	  archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
 	  if test yes = "$supports_anon_versioning"; then
 	    archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
-              cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+              cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
               echo "local: *; };" >> $output_objdir/$libname.ver~
               $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
 	  fi
@@ -13082,7 +13034,12 @@ _LT_EOF
       fi
       ;;
 
-    netbsd*)
+    *-mlibc)
+	archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+	archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+      ;;
+
+    netbsd* | netbsdelf*-gnu)
       if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
 	archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
 	wlarc=
@@ -13203,7 +13160,7 @@ _LT_EOF
 	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
 	  export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
 	else
-	  export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
+	  export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
 	fi
 	aix_use_runtimelinking=no
 
@@ -13328,8 +13285,8 @@ else
   if test ${lt_cv_aix_libpath_+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 int
@@ -13361,8 +13318,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
   if test -z "$lt_cv_aix_libpath_"; then
     lt_cv_aix_libpath_=/usr/lib:/lib
   fi
-   ;;
-esac
+
 fi
 
   aix_libpath=$lt_cv_aix_libpath_
@@ -13384,8 +13340,8 @@ else
   if test ${lt_cv_aix_libpath_+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 int
@@ -13417,8 +13373,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
   if test -z "$lt_cv_aix_libpath_"; then
     lt_cv_aix_libpath_=/usr/lib:/lib
   fi
-   ;;
-esac
+
 fi
 
   aix_libpath=$lt_cv_aix_libpath_
@@ -13474,14 +13429,14 @@ fi
       export_dynamic_flag_spec=-rdynamic
       ;;
 
-    cygwin* | mingw* | pw32* | cegcc*)
+    cygwin* | mingw* | windows* | pw32* | cegcc*)
       # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
+      # Microsoft Visual C++ or Intel C++ Compiler.
       # hardcode_libdir_flag_spec is actually meaningless, as there is
       # no search path for DLLs.
       case $cc_basename in
-      cl*)
-	# Native MSVC
+      cl* | icl*)
+	# Native MSVC or ICC
 	hardcode_libdir_flag_spec=' '
 	allow_undefined_flag=unsupported
 	always_export_symbols=yes
@@ -13491,14 +13446,14 @@ fi
 	# Tell ltmain to make .dll files, not .so files.
 	shrext_cmds=.dll
 	# FIXME: Setting linknames here is a bad hack.
-	archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
+	archive_cmds='$CC -Fe$output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
 	archive_expsym_cmds='if   test DEF = "`$SED -n     -e '\''s/^[	 ]*//'\''     -e '\''/^\(;.*\)*$/d'\''     -e '\''s/^\(EXPORTS\|LIBRARY\)\([	 ].*\)*$/DEF/p'\''     -e q     $export_symbols`" ; then
             cp "$export_symbols" "$output_objdir/$soname.def";
             echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
           else
             $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
           fi~
-          $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
+          $CC -Fe$tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
           linknames='
 	# The linker will not automatically build a static lib if we build a DLL.
 	# _LT_TAGVAR(old_archive_from_new_cmds, )='true'
@@ -13522,7 +13477,7 @@ fi
           fi'
 	;;
       *)
-	# Assume MSVC wrapper
+	# Assume MSVC and ICC wrapper
 	hardcode_libdir_flag_spec=' '
 	allow_undefined_flag=unsupported
 	# Tell ltmain to make .lib files, not .a files.
@@ -13563,8 +13518,8 @@ fi
     output_verbose_link_cmd=func_echo_all
     archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
     module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
-    archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
-    module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
+    archive_expsym_cmds="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
+    module_expsym_cmds="$SED -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
 
   else
   ld_shlibs=no
@@ -13598,7 +13553,7 @@ fi
       ;;
 
     # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | dragonfly*)
+    freebsd* | dragonfly* | midnightbsd*)
       archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
       hardcode_libdir_flag_spec='-R$libdir'
       hardcode_direct=yes
@@ -13669,8 +13624,8 @@ printf %s "checking if $CC understands -b... " >&6; }
 if test ${lt_cv_prog_compiler__b+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_prog_compiler__b=no
+else $as_nop
+  lt_cv_prog_compiler__b=no
    save_LDFLAGS=$LDFLAGS
    LDFLAGS="$LDFLAGS -b"
    echo "$lt_simple_link_test_code" > conftest.$ac_ext
@@ -13691,8 +13646,7 @@ else case e in #(
    fi
    $RM -r conftest*
    LDFLAGS=$save_LDFLAGS
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
 printf "%s\n" "$lt_cv_prog_compiler__b" >&6; }
@@ -13740,8 +13694,8 @@ printf %s "checking whether the $host_os linker accepts -exported_symbol... " >&
 if test ${lt_cv_irix_exported_symbol+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) save_LDFLAGS=$LDFLAGS
+else $as_nop
+  save_LDFLAGS=$LDFLAGS
 	   LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
 	   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -13750,14 +13704,12 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   lt_cv_irix_exported_symbol=yes
-else case e in #(
-  e) lt_cv_irix_exported_symbol=no ;;
-esac
+else $as_nop
+  lt_cv_irix_exported_symbol=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-           LDFLAGS=$save_LDFLAGS ;;
-esac
+           LDFLAGS=$save_LDFLAGS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
 printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
@@ -13781,11 +13733,15 @@ printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
 	# Fabrice Bellard et al's Tiny C Compiler
 	ld_shlibs=yes
 	archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
 	;;
       esac
       ;;
 
-    netbsd*)
+    *-mlibc)
+      ;;
+
+    netbsd* | netbsdelf*-gnu)
       if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
 	archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
       else
@@ -13807,7 +13763,7 @@ printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
     *nto* | *qnx*)
       ;;
 
-    openbsd* | bitrig*)
+    openbsd*)
       if test -f /usr/libexec/ld.so; then
 	hardcode_direct=yes
 	hardcode_shlibpath_var=no
@@ -13850,8 +13806,9 @@ printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
 	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
 	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
 	emximp -o $lib $output_objdir/$libname.def'
-      old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+      old_archive_from_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
       enable_shared_with_static_runtimes=yes
+      file_list_spec='@'
       ;;
 
     osf3*)
@@ -13885,6 +13842,9 @@ printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
       hardcode_libdir_separator=:
       ;;
 
+    serenity*)
+      ;;
+
     solaris*)
       no_undefined_flag=' -z defs'
       if test yes = "$GCC"; then
@@ -14082,8 +14042,8 @@ printf %s "checking whether -lc should be explicitly linked in... " >&6; }
 if test ${lt_cv_archive_cmds_need_lc+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) $RM conftest*
+else $as_nop
+  $RM conftest*
 	echo "$lt_simple_compile_test_code" > conftest.$ac_ext
 
 	if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
@@ -14119,8 +14079,7 @@ else case e in #(
 	  cat conftest.err 1>&5
 	fi
 	$RM conftest*
-	 ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5
 printf "%s\n" "$lt_cv_archive_cmds_need_lc" >&6; }
@@ -14291,7 +14250,7 @@ if test yes = "$GCC"; then
     *) lt_awk_arg='/^libraries:/' ;;
   esac
   case $host_os in
-    mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;;
+    mingw* | windows* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;;
     *) lt_sed_strip_eq='s|=/|/|g' ;;
   esac
   lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
@@ -14349,7 +14308,7 @@ BEGIN {RS = " "; FS = "/|\n";} {
   # AWK program above erroneously prepends '/' to C:/dos/paths
   # for these hosts.
   case $host_os in
-    mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
+    mingw* | windows* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
       $SED 's|/\([A-Za-z]:\)|\1|g'` ;;
   esac
   sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
@@ -14423,7 +14382,7 @@ aix[4-9]*)
     # Unfortunately, runtime linking may impact performance, so we do
     # not want this to be the default eventually. Also, we use the
     # versioned .so libs for executables only if there is the -brtl
-    # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
+    # linker flag in LDFLAGS as well, or --enable-aix-soname=svr4 only.
     # To allow for filename-based versioning support, we need to create
     # libNAME.so.V as an archive file, containing:
     # *) an Import File, referring to the versioned filename of the
@@ -14517,7 +14476,7 @@ bsdi[45]*)
   # libtool to hard-code these into programs
   ;;
 
-cygwin* | mingw* | pw32* | cegcc*)
+cygwin* | mingw* | windows* | pw32* | cegcc*)
   version_type=windows
   shrext_cmds=.dll
   need_version=no
@@ -14528,15 +14487,29 @@ cygwin* | mingw* | pw32* | cegcc*)
     # gcc
     library_names_spec='$libname.dll.a'
     # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \$file`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname~
-      chmod a+x \$dldir/$dlname~
-      if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
-        eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
-      fi'
+    # If user builds GCC with multilib enabled,
+    # it should just install on $(libdir)
+    # not on $(libdir)/../bin or 32 bits dlls would override 64 bit ones.
+    if test xyes = x"$multilib"; then
+      postinstall_cmds='base_file=`basename \$file`~
+        dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
+        dldir=$destdir/`dirname \$dlpath`~
+        $install_prog $dir/$dlname $destdir/$dlname~
+        chmod a+x $destdir/$dlname~
+        if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+          eval '\''$striplib $destdir/$dlname'\'' || exit \$?;
+        fi'
+    else
+      postinstall_cmds='base_file=`basename \$file`~
+        dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
+        dldir=$destdir/`dirname \$dlpath`~
+        test -d \$dldir || mkdir -p \$dldir~
+        $install_prog $dir/$dlname \$dldir/$dlname~
+        chmod a+x \$dldir/$dlname~
+        if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+          eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+        fi'
+    fi
     postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
       dlpath=$dir/\$dldll~
        $RM \$dlpath'
@@ -14545,30 +14518,30 @@ cygwin* | mingw* | pw32* | cegcc*)
     case $host_os in
     cygwin*)
       # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+      soname_spec='`echo $libname | $SED -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
 
       sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"
       ;;
-    mingw* | cegcc*)
+    mingw* | windows* | cegcc*)
       # MinGW DLLs use traditional 'lib' prefix
       soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
       ;;
     pw32*)
       # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+      library_names_spec='`echo $libname | $SED -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
       ;;
     esac
     dynamic_linker='Win32 ld.exe'
     ;;
 
-  *,cl*)
-    # Native MSVC
+  *,cl* | *,icl*)
+    # Native MSVC or ICC
     libname_spec='$name'
     soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
     library_names_spec='$libname.dll.lib'
 
     case $build_os in
-    mingw*)
+    mingw* | windows*)
       sys_lib_search_path_spec=
       lt_save_ifs=$IFS
       IFS=';'
@@ -14581,7 +14554,7 @@ cygwin* | mingw* | pw32* | cegcc*)
       done
       IFS=$lt_save_ifs
       # Convert to MSYS style.
-      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'`
+      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'`
       ;;
     cygwin*)
       # Convert to unix form, then to dos form, then back to unix form
@@ -14618,7 +14591,7 @@ cygwin* | mingw* | pw32* | cegcc*)
     ;;
 
   *)
-    # Assume MSVC wrapper
+    # Assume MSVC and ICC wrapper
     library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib'
     dynamic_linker='Win32 ld.exe'
     ;;
@@ -14651,7 +14624,7 @@ dgux*)
   shlibpath_var=LD_LIBRARY_PATH
   ;;
 
-freebsd* | dragonfly*)
+freebsd* | dragonfly* | midnightbsd*)
   # DragonFly does not have aout.  When/if they implement a new
   # versioning mechanism, adjust this.
   if test -x /usr/bin/objformat; then
@@ -14675,7 +14648,27 @@ freebsd* | dragonfly*)
       need_version=yes
       ;;
   esac
+  case $host_cpu in
+    powerpc64)
+      # On FreeBSD bi-arch platforms, a different variable is used for 32-bit
+      # binaries.  See <https://man.freebsd.org/cgi/man.cgi?query=ld.so>.
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int test_pointer_size[sizeof (void *) - 5];
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
   shlibpath_var=LD_LIBRARY_PATH
+else $as_nop
+  shlibpath_var=LD_32_LIBRARY_PATH
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+      ;;
+    *)
+      shlibpath_var=LD_LIBRARY_PATH
+      ;;
+  esac
   case $host_os in
   freebsd2.*)
     shlibpath_overrides_runpath=yes
@@ -14705,8 +14698,9 @@ haiku*)
   soname_spec='$libname$release$shared_ext$major'
   shlibpath_var=LIBRARY_PATH
   shlibpath_overrides_runpath=no
-  sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
-  hardcode_into_libs=yes
+  sys_lib_search_path_spec='/boot/system/non-packaged/develop/lib /boot/system/develop/lib'
+  sys_lib_dlsearch_path_spec='/boot/home/config/non-packaged/lib /boot/home/config/lib /boot/system/non-packaged/lib /boot/system/lib'
+  hardcode_into_libs=no
   ;;
 
 hpux9* | hpux10* | hpux11*)
@@ -14816,7 +14810,7 @@ linux*android*)
   version_type=none # Android doesn't support versioned libraries.
   need_lib_prefix=no
   need_version=no
-  library_names_spec='$libname$release$shared_ext'
+  library_names_spec='$libname$release$shared_ext $libname$shared_ext'
   soname_spec='$libname$release$shared_ext'
   finish_cmds=
   shlibpath_var=LD_LIBRARY_PATH
@@ -14828,8 +14822,9 @@ linux*android*)
   hardcode_into_libs=yes
 
   dynamic_linker='Android linker'
-  # Don't embed -rpath directories since the linker doesn't support them.
-  hardcode_libdir_flag_spec='-L$libdir'
+  # -rpath works at least for libraries that are not overridden by
+  # libraries installed in system locations.
+  hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
   ;;
 
 # This must be glibc/ELF.
@@ -14847,8 +14842,8 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
   if test ${lt_cv_shlibpath_overrides_runpath+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) lt_cv_shlibpath_overrides_runpath=no
+else $as_nop
+  lt_cv_shlibpath_overrides_runpath=no
     save_LDFLAGS=$LDFLAGS
     save_libdir=$libdir
     eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
@@ -14875,8 +14870,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
     LDFLAGS=$save_LDFLAGS
     libdir=$save_libdir
-     ;;
-esac
+
 fi
 
   shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
@@ -14889,7 +14883,7 @@ fi
   # Add ABI-specific directories to the system library path.
   sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib"
 
-  # Ideally, we could use ldconfig to report *all* directores which are
+  # Ideally, we could use ldconfig to report *all* directories which are
   # searched for libraries, however this is still not possible.  Aside from not
   # being certain /sbin/ldconfig is available, command
   # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
@@ -14909,6 +14903,18 @@ fi
   dynamic_linker='GNU/Linux ld.so'
   ;;
 
+netbsdelf*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='NetBSD ld.elf_so'
+  ;;
+
 netbsd*)
   version_type=sunos
   need_lib_prefix=no
@@ -14927,6 +14933,18 @@ netbsd*)
   hardcode_into_libs=yes
   ;;
 
+*-mlibc)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  dynamic_linker='mlibc ld.so'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
 newsos6)
   version_type=linux # correct to gnu/linux during the next big refactor
   library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
@@ -14946,7 +14964,7 @@ newsos6)
   dynamic_linker='ldqnx.so'
   ;;
 
-openbsd* | bitrig*)
+openbsd*)
   version_type=sunos
   sys_lib_dlsearch_path_spec=/usr/lib
   need_lib_prefix=no
@@ -15006,6 +15024,17 @@ rdos*)
   dynamic_linker=no
   ;;
 
+serenity*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  dynamic_linker='SerenityOS LibELF'
+  ;;
+
 solaris*)
   version_type=linux # correct to gnu/linux during the next big refactor
   need_lib_prefix=no
@@ -15103,6 +15132,493 @@ uts4*)
   shlibpath_var=LD_LIBRARY_PATH
   ;;
 
+emscripten*)
+  version_type=none
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext'
+  soname_spec='$libname$release$shared_ext'
+  finish_cmds=
+  dynamic_linker="Emscripten linker"
+  lt_prog_compiler_wl=
+lt_prog_compiler_pic=
+lt_prog_compiler_static=
+
+
+  if test yes = "$GCC"; then
+    lt_prog_compiler_wl='-Wl,'
+    lt_prog_compiler_static='-static'
+
+    case $host_os in
+      aix*)
+      # All AIX code is PIC.
+      if test ia64 = "$host_cpu"; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static='-Bstatic'
+      fi
+      lt_prog_compiler_pic='-fPIC'
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            lt_prog_compiler_pic='-fPIC'
+        ;;
+      m68k)
+            # FIXME: we need at least 68020 code to build shared libraries, but
+            # adding the '-m68020' flag to GCC prevents building anything better,
+            # like '-m68040'.
+            lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
+        ;;
+      esac
+      ;;
+
+    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+      # PIC is the default for these OSes.
+      ;;
+
+    mingw* | windows* | cygwin* | pw32* | os2* | cegcc*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      # Although the cygwin gcc ignores -fPIC, still need this for old-style
+      # (--disable-auto-import) libraries
+      lt_prog_compiler_pic='-DDLL_EXPORT'
+      case $host_os in
+      os2*)
+	lt_prog_compiler_static='$wl-static'
+	;;
+      esac
+      ;;
+
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      lt_prog_compiler_pic='-fno-common'
+      ;;
+
+    haiku*)
+      # PIC is the default for Haiku.
+      # The "-static" flag exists, but is broken.
+      lt_prog_compiler_static=
+      ;;
+
+    hpux*)
+      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
+      # sets the default TLS model and affects inlining.
+      case $host_cpu in
+      hppa*64*)
+	# +Z the default
+	;;
+      *)
+	lt_prog_compiler_pic='-fPIC'
+	;;
+      esac
+      ;;
+
+    interix[3-9]*)
+      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+      # Instead, we relocate shared libraries at runtime.
+      ;;
+
+    msdosdjgpp*)
+      # Just because we use GCC doesn't mean we suddenly get shared libraries
+      # on systems that don't support them.
+      lt_prog_compiler_can_build_shared=no
+      enable_shared=no
+      ;;
+
+    *nto* | *qnx*)
+      # QNX uses GNU C++, but need to define -shared option too, otherwise
+      # it will coredump.
+      lt_prog_compiler_pic='-fPIC -shared'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	lt_prog_compiler_pic=-Kconform_pic
+      fi
+      ;;
+
+    *)
+      lt_prog_compiler_pic='-fPIC'
+      ;;
+    esac
+
+    case $cc_basename in
+    nvcc*) # Cuda Compiler Driver 2.2
+      lt_prog_compiler_wl='-Xlinker '
+      if test -n "$lt_prog_compiler_pic"; then
+        lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic"
+      fi
+      ;;
+    esac
+  else
+    # PORTME Check for flag to pass linker flags through the system compiler.
+    case $host_os in
+    aix*)
+      lt_prog_compiler_wl='-Wl,'
+      if test ia64 = "$host_cpu"; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static='-Bstatic'
+      else
+	lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
+      fi
+      ;;
+
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      lt_prog_compiler_pic='-fno-common'
+      case $cc_basename in
+      nagfor*)
+        # NAG Fortran compiler
+        lt_prog_compiler_wl='-Wl,-Wl,,'
+        lt_prog_compiler_pic='-PIC'
+        lt_prog_compiler_static='-Bstatic'
+        ;;
+      esac
+      ;;
+
+    mingw* | windows* | cygwin* | pw32* | os2* | cegcc*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      lt_prog_compiler_pic='-DDLL_EXPORT'
+      case $host_os in
+      os2*)
+	lt_prog_compiler_static='$wl-static'
+	;;
+      esac
+      ;;
+
+    hpux9* | hpux10* | hpux11*)
+      lt_prog_compiler_wl='-Wl,'
+      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+      # not for PA HP-UX.
+      case $host_cpu in
+      hppa*64*|ia64*)
+	# +Z the default
+	;;
+      *)
+	lt_prog_compiler_pic='+Z'
+	;;
+      esac
+      # Is there a better lt_prog_compiler_static that works with the bundled CC?
+      lt_prog_compiler_static='$wl-a ${wl}archive'
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      lt_prog_compiler_wl='-Wl,'
+      # PIC (with -KPIC) is the default.
+      lt_prog_compiler_static='-non_shared'
+      ;;
+
+    linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+      case $cc_basename in
+      # old Intel for x86_64, which still supported -KPIC.
+      ecc*)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-KPIC'
+	lt_prog_compiler_static='-static'
+        ;;
+      *flang* | ftn | f18* | f95*)
+        # Flang compiler.
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-fPIC'
+	lt_prog_compiler_static='-static'
+        ;;
+      # icc used to be incompatible with GCC.
+      # ICC 10 doesn't accept -KPIC any more.
+      icc* | ifort*)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-fPIC'
+	lt_prog_compiler_static='-static'
+        ;;
+      # Lahey Fortran 8.1.
+      lf95*)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='--shared'
+	lt_prog_compiler_static='--static'
+	;;
+      nagfor*)
+	# NAG Fortran compiler
+	lt_prog_compiler_wl='-Wl,-Wl,,'
+	lt_prog_compiler_pic='-PIC'
+	lt_prog_compiler_static='-Bstatic'
+	;;
+      tcc*)
+	# Fabrice Bellard et al's Tiny C Compiler
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-fPIC'
+	lt_prog_compiler_static='-static'
+	;;
+      pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
+        # Portland Group compilers (*not* the Pentium gcc compiler,
+	# which looks to be a dead project)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-fpic'
+	lt_prog_compiler_static='-Bstatic'
+        ;;
+      ccc*)
+        lt_prog_compiler_wl='-Wl,'
+        # All Alpha code is PIC.
+        lt_prog_compiler_static='-non_shared'
+        ;;
+      xl* | bgxl* | bgf* | mpixl*)
+	# IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-qpic'
+	lt_prog_compiler_static='-qstaticlink'
+	;;
+      *)
+	case `$CC -V 2>&1 | $SED 5q` in
+	*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*)
+	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
+	  lt_prog_compiler_pic='-KPIC'
+	  lt_prog_compiler_static='-Bstatic'
+	  lt_prog_compiler_wl=''
+	  ;;
+	*Sun\ F* | *Sun*Fortran*)
+	  lt_prog_compiler_pic='-KPIC'
+	  lt_prog_compiler_static='-Bstatic'
+	  lt_prog_compiler_wl='-Qoption ld '
+	  ;;
+	*Sun\ C*)
+	  # Sun C 5.9
+	  lt_prog_compiler_pic='-KPIC'
+	  lt_prog_compiler_static='-Bstatic'
+	  lt_prog_compiler_wl='-Wl,'
+	  ;;
+        *Intel*\ [CF]*Compiler*)
+	  lt_prog_compiler_wl='-Wl,'
+	  lt_prog_compiler_pic='-fPIC'
+	  lt_prog_compiler_static='-static'
+	  ;;
+	*Portland\ Group*)
+	  lt_prog_compiler_wl='-Wl,'
+	  lt_prog_compiler_pic='-fpic'
+	  lt_prog_compiler_static='-Bstatic'
+	  ;;
+	esac
+	;;
+      esac
+      ;;
+
+    newsos6)
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    *-mlibc)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_pic='-fPIC'
+      lt_prog_compiler_static='-static'
+      ;;
+
+    *nto* | *qnx*)
+      # QNX uses GNU C++, but need to define -shared option too, otherwise
+      # it will coredump.
+      lt_prog_compiler_pic='-fPIC -shared'
+      ;;
+
+    osf3* | osf4* | osf5*)
+      lt_prog_compiler_wl='-Wl,'
+      # All OSF/1 code is PIC.
+      lt_prog_compiler_static='-non_shared'
+      ;;
+
+    rdos*)
+      lt_prog_compiler_static='-non_shared'
+      ;;
+
+    serenity*)
+      ;;
+
+    solaris*)
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      case $cc_basename in
+      f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
+	lt_prog_compiler_wl='-Qoption ld ';;
+      *)
+	lt_prog_compiler_wl='-Wl,';;
+      esac
+      ;;
+
+    sunos4*)
+      lt_prog_compiler_wl='-Qoption ld '
+      lt_prog_compiler_pic='-PIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    sysv4 | sysv4.2uw2* | sysv4.3*)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	lt_prog_compiler_pic='-Kconform_pic'
+	lt_prog_compiler_static='-Bstatic'
+      fi
+      ;;
+
+    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    unicos*)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_can_build_shared=no
+      ;;
+
+    uts4*)
+      lt_prog_compiler_pic='-pic'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    *)
+      lt_prog_compiler_can_build_shared=no
+      ;;
+    esac
+  fi
+
+case $host_os in
+  # For platforms that do not support PIC, -DPIC is meaningless:
+  *djgpp*)
+    lt_prog_compiler_pic=
+    ;;
+  *)
+    lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
+    ;;
+esac
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+printf %s "checking for $compiler option to produce PIC... " >&6; }
+if test ${lt_cv_prog_compiler_pic+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  lt_cv_prog_compiler_pic=$lt_prog_compiler_pic
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
+printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; }
+lt_prog_compiler_pic=$lt_cv_prog_compiler_pic
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
+if test ${lt_cv_prog_compiler_pic_works+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  lt_cv_prog_compiler_pic_works=no
+   ac_outfile=conftest.$ac_objext
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="$lt_prog_compiler_pic -DPIC"  ## exclude from sc_useless_quotes_in_assignment
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&5
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_pic_works=yes
+     fi
+   fi
+   $RM conftest*
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
+printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; }
+
+if test yes = "$lt_cv_prog_compiler_pic_works"; then
+    case $lt_prog_compiler_pic in
+     "" | " "*) ;;
+     *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
+     esac
+else
+    lt_prog_compiler_pic=
+     lt_prog_compiler_can_build_shared=no
+fi
+
+fi
+
+
+
+
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if test ${lt_cv_prog_compiler_static_works+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  lt_cv_prog_compiler_static_works=no
+   save_LDFLAGS=$LDFLAGS
+   LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+   echo "$lt_simple_link_test_code" > conftest.$ac_ext
+   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+     # The linker can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     if test -s conftest.err; then
+       # Append any errors to the config.log.
+       cat conftest.err 1>&5
+       $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
+       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+       if diff conftest.exp conftest.er2 >/dev/null; then
+         lt_cv_prog_compiler_static_works=yes
+       fi
+     else
+       lt_cv_prog_compiler_static_works=yes
+     fi
+   fi
+   $RM -r conftest*
+   LDFLAGS=$save_LDFLAGS
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
+printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; }
+
+if test yes = "$lt_cv_prog_compiler_static_works"; then
+    :
+else
+    lt_prog_compiler_static=
+fi
+
+
+
+='-fPIC'
+  archive_cmds='$CC -sSIDE_MODULE=2 -shared $libobjs $deplibs $compiler_flags -o $lib'
+  archive_expsym_cmds='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -sSIDE_MODULE=2 -shared $libobjs $deplibs $compiler_flags -o $lib -s EXPORTED_FUNCTIONS=@$output_objdir/$soname.expsym'
+  archive_cmds_need_lc=no
+  no_undefined_flag=
+  ;;
+
 *)
   dynamic_linker=no
   ;;
@@ -15287,7 +15803,7 @@ else
     lt_cv_dlopen_self=yes
     ;;
 
-  mingw* | pw32* | cegcc*)
+  mingw* | windows* | pw32* | cegcc*)
     lt_cv_dlopen=LoadLibrary
     lt_cv_dlopen_libs=
     ;;
@@ -15304,22 +15820,16 @@ printf %s "checking for dlopen in -ldl... " >&6; }
 if test ${ac_cv_lib_dl_dlopen+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_check_lib_save_LIBS=$LIBS
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
 LIBS="-ldl  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen (void);
+   builtin and then its argument prototype would still apply.  */
+char dlopen ();
 int
 main (void)
 {
@@ -15331,27 +15841,24 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_dl_dlopen=yes
-else case e in #(
-  e) ac_cv_lib_dl_dlopen=no ;;
-esac
+else $as_nop
+  ac_cv_lib_dl_dlopen=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS ;;
-esac
+LIBS=$ac_check_lib_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
 printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
 if test "x$ac_cv_lib_dl_dlopen" = xyes
 then :
   lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else case e in #(
-  e)
+else $as_nop
+
     lt_cv_dlopen=dyld
     lt_cv_dlopen_libs=
     lt_cv_dlopen_self=yes
-     ;;
-esac
+
 fi
 
     ;;
@@ -15369,28 +15876,22 @@ fi
 if test "x$ac_cv_func_shl_load" = xyes
 then :
   lt_cv_dlopen=shl_load
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
 printf %s "checking for shl_load in -ldld... " >&6; }
 if test ${ac_cv_lib_dld_shl_load+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_check_lib_save_LIBS=$LIBS
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
 LIBS="-ldld  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char shl_load (void);
+   builtin and then its argument prototype would still apply.  */
+char shl_load ();
 int
 main (void)
 {
@@ -15402,47 +15903,39 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_dld_shl_load=yes
-else case e in #(
-  e) ac_cv_lib_dld_shl_load=no ;;
-esac
+else $as_nop
+  ac_cv_lib_dld_shl_load=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS ;;
-esac
+LIBS=$ac_check_lib_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
 printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; }
 if test "x$ac_cv_lib_dld_shl_load" = xyes
 then :
   lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld
-else case e in #(
-  e) ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
+else $as_nop
+  ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
 if test "x$ac_cv_func_dlopen" = xyes
 then :
   lt_cv_dlopen=dlopen
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
 printf %s "checking for dlopen in -ldl... " >&6; }
 if test ${ac_cv_lib_dl_dlopen+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_check_lib_save_LIBS=$LIBS
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
 LIBS="-ldl  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen (void);
+   builtin and then its argument prototype would still apply.  */
+char dlopen ();
 int
 main (void)
 {
@@ -15454,42 +15947,34 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_dl_dlopen=yes
-else case e in #(
-  e) ac_cv_lib_dl_dlopen=no ;;
-esac
+else $as_nop
+  ac_cv_lib_dl_dlopen=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS ;;
-esac
+LIBS=$ac_check_lib_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
 printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
 if test "x$ac_cv_lib_dl_dlopen" = xyes
 then :
   lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
 printf %s "checking for dlopen in -lsvld... " >&6; }
 if test ${ac_cv_lib_svld_dlopen+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_check_lib_save_LIBS=$LIBS
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
 LIBS="-lsvld  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen (void);
+   builtin and then its argument prototype would still apply.  */
+char dlopen ();
 int
 main (void)
 {
@@ -15501,42 +15986,34 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_svld_dlopen=yes
-else case e in #(
-  e) ac_cv_lib_svld_dlopen=no ;;
-esac
+else $as_nop
+  ac_cv_lib_svld_dlopen=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS ;;
-esac
+LIBS=$ac_check_lib_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
 printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; }
 if test "x$ac_cv_lib_svld_dlopen" = xyes
 then :
   lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
 printf %s "checking for dld_link in -ldld... " >&6; }
 if test ${ac_cv_lib_dld_dld_link+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_check_lib_save_LIBS=$LIBS
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
 LIBS="-ldld  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dld_link (void);
+   builtin and then its argument prototype would still apply.  */
+char dld_link ();
 int
 main (void)
 {
@@ -15548,14 +16025,12 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_dld_dld_link=yes
-else case e in #(
-  e) ac_cv_lib_dld_dld_link=no ;;
-esac
+else $as_nop
+  ac_cv_lib_dld_dld_link=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS ;;
-esac
+LIBS=$ac_check_lib_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
 printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; }
@@ -15564,24 +16039,19 @@ then :
   lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld
 fi
 
-	       ;;
-esac
+
 fi
 
-	     ;;
-esac
+
 fi
 
-	   ;;
-esac
+
 fi
 
-	 ;;
-esac
+
 fi
 
-       ;;
-esac
+
 fi
 
     ;;
@@ -15609,8 +16079,8 @@ printf %s "checking whether a program can dlopen itself... " >&6; }
 if test ${lt_cv_dlopen_self+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) 	  if test yes = "$cross_compiling"; then :
+else $as_nop
+  	  if test yes = "$cross_compiling"; then :
   lt_cv_dlopen_self=cross
 else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
@@ -15660,11 +16130,11 @@ else
 /* When -fvisibility=hidden is used, assume the code has been annotated
    correspondingly for the symbols needed.  */
 #if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
+int fnord (void) __attribute__((visibility("default")));
 #endif
 
-int fnord () { return 42; }
-int main ()
+int fnord (void) { return 42; }
+int main (void)
 {
   void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
   int status = $lt_dlunknown;
@@ -15704,8 +16174,7 @@ _LT_EOF
 fi
 rm -fr conftest*
 
-     ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
 printf "%s\n" "$lt_cv_dlopen_self" >&6; }
@@ -15717,8 +16186,8 @@ printf %s "checking whether a statically linked program can dlopen itself... " >
 if test ${lt_cv_dlopen_self_static+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) 	  if test yes = "$cross_compiling"; then :
+else $as_nop
+  	  if test yes = "$cross_compiling"; then :
   lt_cv_dlopen_self_static=cross
 else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
@@ -15768,11 +16237,11 @@ else
 /* When -fvisibility=hidden is used, assume the code has been annotated
    correspondingly for the symbols needed.  */
 #if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
+int fnord (void) __attribute__((visibility("default")));
 #endif
 
-int fnord () { return 42; }
-int main ()
+int fnord (void) { return 42; }
+int main (void)
 {
   void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
   int status = $lt_dlunknown;
@@ -15812,8 +16281,7 @@ _LT_EOF
 fi
 rm -fr conftest*
 
-       ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
 printf "%s\n" "$lt_cv_dlopen_self_static" >&6; }
@@ -15856,30 +16324,41 @@ striplib=
 old_striplib=
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
 printf %s "checking whether stripping libraries is possible... " >&6; }
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
+if test -z "$STRIP"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
 else
-# FIXME - insert some real tests, host_os isn't really good enough
-  case $host_os in
-  darwin*)
-    if test -n "$STRIP"; then
+  if $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+    old_striplib="$STRIP --strip-debug"
+    striplib="$STRIP --strip-unneeded"
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+  else
+    case $host_os in
+    darwin*)
+      # FIXME - insert some real tests, host_os isn't really good enough
       striplib="$STRIP -x"
       old_striplib="$STRIP -S"
       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
-    else
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+      ;;
+    freebsd*)
+      if $STRIP -V 2>&1 | $GREP "elftoolchain" >/dev/null; then
+        old_striplib="$STRIP --strip-debug"
+        striplib="$STRIP --strip-unneeded"
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+      else
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-    fi
-    ;;
-  *)
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+      fi
+      ;;
+    *)
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-    ;;
-  esac
+      ;;
+    esac
+  fi
 fi
 
 
@@ -15988,8 +16467,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_path_PKG_CONFIG+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) case $PKG_CONFIG in
+else $as_nop
+  case $PKG_CONFIG in
   [\\/]* | ?:[\\/]*)
   ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
   ;;
@@ -16014,7 +16493,6 @@ done
 IFS=$as_save_IFS
 
   ;;
-esac ;;
 esac
 fi
 PKG_CONFIG=$ac_cv_path_PKG_CONFIG
@@ -16037,8 +16515,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_path_ac_pt_PKG_CONFIG+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) case $ac_pt_PKG_CONFIG in
+else $as_nop
+  case $ac_pt_PKG_CONFIG in
   [\\/]* | ?:[\\/]*)
   ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
   ;;
@@ -16063,7 +16541,6 @@ done
 IFS=$as_save_IFS
 
   ;;
-esac ;;
 esac
 fi
 ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
@@ -16104,6 +16581,9 @@ printf "%s\n" "no" >&6; }
 		PKG_CONFIG=""
 	fi
 fi
+if test -z "$PKG_CONFIG"; then
+	as_fn_error $? "pkg-config not found" "$LINENO" 5
+fi
 fi
 
 # Checks for header files.
@@ -16395,132 +16875,265 @@ ac_fn_c_check_type "$LINENO" "int8_t" "ac_cv_type_int8_t" "$ac_includes_default"
 if test "x$ac_cv_type_int8_t" = xyes
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
 printf "%s\n" "#define int8_t signed char" >>confdefs.h
- ;;
-esac
+
 fi
 
 ac_fn_c_check_type "$LINENO" "int16_t" "ac_cv_type_int16_t" "$ac_includes_default"
 if test "x$ac_cv_type_int16_t" = xyes
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
 printf "%s\n" "#define int16_t short" >>confdefs.h
- ;;
-esac
+
 fi
 
 ac_fn_c_check_type "$LINENO" "int32_t" "ac_cv_type_int32_t" "$ac_includes_default"
 if test "x$ac_cv_type_int32_t" = xyes
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
 printf "%s\n" "#define int32_t int" >>confdefs.h
- ;;
-esac
+
 fi
 
 ac_fn_c_check_type "$LINENO" "int64_t" "ac_cv_type_int64_t" "$ac_includes_default"
 if test "x$ac_cv_type_int64_t" = xyes
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
 printf "%s\n" "#define int64_t long long" >>confdefs.h
- ;;
-esac
+
 fi
 
 ac_fn_c_check_type "$LINENO" "uint8_t" "ac_cv_type_uint8_t" "$ac_includes_default"
 if test "x$ac_cv_type_uint8_t" = xyes
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
 printf "%s\n" "#define uint8_t unsigned char" >>confdefs.h
- ;;
-esac
+
 fi
 
 ac_fn_c_check_type "$LINENO" "uint16_t" "ac_cv_type_uint16_t" "$ac_includes_default"
 if test "x$ac_cv_type_uint16_t" = xyes
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
 printf "%s\n" "#define uint16_t unsigned short" >>confdefs.h
- ;;
-esac
+
 fi
 
 ac_fn_c_check_type "$LINENO" "uint32_t" "ac_cv_type_uint32_t" "$ac_includes_default"
 if test "x$ac_cv_type_uint32_t" = xyes
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
 printf "%s\n" "#define uint32_t unsigned int" >>confdefs.h
- ;;
-esac
+
 fi
 
 ac_fn_c_check_type "$LINENO" "uint64_t" "ac_cv_type_uint64_t" "$ac_includes_default"
 if test "x$ac_cv_type_uint64_t" = xyes
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
 printf "%s\n" "#define uint64_t unsigned long long" >>confdefs.h
- ;;
-esac
+
 fi
 
 ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default"
 if test "x$ac_cv_type_size_t" = xyes
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
 printf "%s\n" "#define size_t unsigned int" >>confdefs.h
- ;;
-esac
+
 fi
 
 ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "$ac_includes_default"
 if test "x$ac_cv_type_ssize_t" = xyes
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
 printf "%s\n" "#define ssize_t int" >>confdefs.h
- ;;
-esac
+
 fi
 
-ac_fn_c_check_type "$LINENO" "uid_t" "ac_cv_type_uid_t" "$ac_includes_default"
-if test "x$ac_cv_type_uid_t" = xyes
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+printf %s "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+  CPP=
+fi
+if test -z "$CPP"; then
+  if test ${ac_cv_prog_CPP+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+      # Double quotes because $CC needs to be expanded
+    for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp
+    do
+      ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <limits.h>
+		     Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"
 then :
 
-else case e in #(
-  e)
-printf "%s\n" "#define uid_t int" >>confdefs.h
- ;;
-esac
+else $as_nop
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"
+then :
+  # Broken: success on invalid input.
+continue
+else $as_nop
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok
+then :
+  break
+fi
+
+    done
+    ac_cv_prog_CPP=$CPP
+
+fi
+  CPP=$ac_cv_prog_CPP
+else
+  ac_cv_prog_CPP=$CPP
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+printf "%s\n" "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <limits.h>
+		     Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"
+then :
+
+else $as_nop
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"
+then :
+  # Broken: success on invalid input.
+continue
+else $as_nop
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok
+then :
+
+else $as_nop
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5; }
 fi
 
-ac_fn_c_check_type "$LINENO" "gid_t" "ac_cv_type_gid_t" "$ac_includes_default"
-if test "x$ac_cv_type_gid_t" = xyes
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5
+printf %s "checking for uid_t in sys/types.h... " >&6; }
+if test ${ac_cv_type_uid_t+y}
 then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "uid_t" >/dev/null 2>&1
+then :
+  ac_cv_type_uid_t=yes
+else $as_nop
+  ac_cv_type_uid_t=no
+fi
+rm -rf conftest*
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5
+printf "%s\n" "$ac_cv_type_uid_t" >&6; }
+if test $ac_cv_type_uid_t = no; then
+
+printf "%s\n" "#define uid_t int" >>confdefs.h
+
 
-else case e in #(
-  e)
 printf "%s\n" "#define gid_t int" >>confdefs.h
- ;;
-esac
+
 fi
 
 
@@ -16529,8 +17142,8 @@ fi
 if test "x$ac_cv_type_pid_t" = xyes
 then :
 
-else case e in #(
-  e)                                         cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+                                          cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
           #if defined _WIN64 && !defined __CYGWIN__
@@ -16549,16 +17162,14 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_pid_type='int'
-else case e in #(
-  e) ac_pid_type='__int64' ;;
-esac
+else $as_nop
+  ac_pid_type='__int64'
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 
 printf "%s\n" "#define pid_t $ac_pid_type" >>confdefs.h
 
-     ;;
-esac
+
 fi
 
 
@@ -16566,11 +17177,10 @@ ac_fn_c_check_type "$LINENO" "off_t" "ac_cv_type_off_t" "$ac_includes_default"
 if test "x$ac_cv_type_off_t" = xyes
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
 printf "%s\n" "#define off_t long int" >>confdefs.h
- ;;
-esac
+
 fi
 
 ac_fn_c_check_type "$LINENO" "u_char" "ac_cv_type_u_char" "
@@ -16583,11 +17193,10 @@ $ac_includes_default
 if test "x$ac_cv_type_u_char" = xyes
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
 printf "%s\n" "#define u_char unsigned char" >>confdefs.h
- ;;
-esac
+
 fi
 
 ac_fn_c_check_type "$LINENO" "rlim_t" "ac_cv_type_rlim_t" "
@@ -16600,11 +17209,10 @@ $ac_includes_default
 if test "x$ac_cv_type_rlim_t" = xyes
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
 printf "%s\n" "#define rlim_t unsigned long" >>confdefs.h
- ;;
-esac
+
 fi
 
 
@@ -16621,11 +17229,10 @@ $ac_includes_default
 if test "x$ac_cv_type_socklen_t" = xyes
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
 printf "%s\n" "#define socklen_t int" >>confdefs.h
- ;;
-esac
+
 fi
 
  ac_fn_c_check_type "$LINENO" "in_addr_t" "ac_cv_type_in_addr_t" "
@@ -16641,11 +17248,10 @@ $ac_includes_default
 if test "x$ac_cv_type_in_addr_t" = xyes
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
 printf "%s\n" "#define in_addr_t uint32_t" >>confdefs.h
- ;;
-esac
+
 fi
 
  ac_fn_c_check_type "$LINENO" "in_port_t" "ac_cv_type_in_port_t" "
@@ -16661,11 +17267,10 @@ $ac_includes_default
 if test "x$ac_cv_type_in_port_t" = xyes
 then :
 
-else case e in #(
-  e)
+else $as_nop
+
 printf "%s\n" "#define in_port_t uint16_t" >>confdefs.h
- ;;
-esac
+
 fi
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if memcmp compares unsigned" >&5
@@ -16684,8 +17289,8 @@ printf "%s\n" "#define MEMCMP_IS_BROKEN 1" >>confdefs.h
 esac
 
 
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #include <stdio.h>
@@ -16704,8 +17309,8 @@ if ac_fn_c_try_run "$LINENO"
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
-else case e in #(
-  e)  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+else $as_nop
+   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 
 printf "%s\n" "#define MEMCMP_IS_BROKEN 1" >>confdefs.h
@@ -16716,26 +17321,24 @@ printf "%s\n" "#define MEMCMP_IS_BROKEN 1" >>confdefs.h
  ;;
 esac
 
- ;;
-esac
+
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
 
 # The cast to long int works around a bug in the HP C Compiler
 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like 'int a3[[(sizeof (unsigned char)) >= 0]];'.
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
 # This bug is HP SR number 8606223364.
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5
 printf %s "checking size of time_t... " >&6; }
 if test ${ac_cv_sizeof_time_t+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t"        "
+else $as_nop
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t"        "
 $ac_includes_default
 #ifdef TIME_WITH_SYS_TIME
 # include <sys/time.h>
@@ -16751,19 +17354,17 @@ $ac_includes_default
 "
 then :
 
-else case e in #(
-  e) if test "$ac_cv_type_time_t" = yes; then
-     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+else $as_nop
+  if test "$ac_cv_type_time_t" = yes; then
+     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
 as_fn_error 77 "cannot compute sizeof (time_t)
-See 'config.log' for more details" "$LINENO" 5; }
+See \`config.log' for more details" "$LINENO" 5; }
    else
      ac_cv_sizeof_time_t=0
-   fi ;;
-esac
+   fi
 fi
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5
 printf "%s\n" "$ac_cv_sizeof_time_t" >&6; }
@@ -16775,30 +17376,28 @@ printf "%s\n" "#define SIZEOF_TIME_T $ac_cv_sizeof_time_t" >>confdefs.h
 
 # The cast to long int works around a bug in the HP C Compiler
 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like 'int a3[[(sizeof (unsigned char)) >= 0]];'.
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
 # This bug is HP SR number 8606223364.
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of size_t" >&5
 printf %s "checking size of size_t... " >&6; }
 if test ${ac_cv_sizeof_size_t+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (size_t))" "ac_cv_sizeof_size_t"        "$ac_includes_default"
+else $as_nop
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (size_t))" "ac_cv_sizeof_size_t"        "$ac_includes_default"
 then :
 
-else case e in #(
-  e) if test "$ac_cv_type_size_t" = yes; then
-     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+else $as_nop
+  if test "$ac_cv_type_size_t" = yes; then
+     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
 as_fn_error 77 "cannot compute sizeof (size_t)
-See 'config.log' for more details" "$LINENO" 5; }
+See \`config.log' for more details" "$LINENO" 5; }
    else
      ac_cv_sizeof_size_t=0
-   fi ;;
-esac
+   fi
 fi
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_size_t" >&5
 printf "%s\n" "$ac_cv_sizeof_size_t" >&6; }
@@ -16815,9 +17414,8 @@ printf "%s\n" "#define SIZEOF_SIZE_T $ac_cv_sizeof_size_t" >>confdefs.h
 if test ${enable_rpath+y}
 then :
   enableval=$enable_rpath; enable_rpath=$enableval
-else case e in #(
-  e) enable_rpath=yes ;;
-esac
+else $as_nop
+  enable_rpath=yes
 fi
 
 if test "x$enable_rpath" = xno; then
@@ -16833,21 +17431,15 @@ printf %s "checking for library containing inet_pton... " >&6; }
 if test ${ac_cv_search_inet_pton+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_func_search_save_LIBS=$LIBS
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char inet_pton (void);
+   builtin and then its argument prototype would still apply.  */
+char inet_pton ();
 int
 main (void)
 {
@@ -16878,13 +17470,11 @@ done
 if test ${ac_cv_search_inet_pton+y}
 then :
 
-else case e in #(
-  e) ac_cv_search_inet_pton=no ;;
-esac
+else $as_nop
+  ac_cv_search_inet_pton=no
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS ;;
-esac
+LIBS=$ac_func_search_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_pton" >&5
 printf "%s\n" "$ac_cv_search_inet_pton" >&6; }
@@ -16900,21 +17490,15 @@ printf %s "checking for library containing socket... " >&6; }
 if test ${ac_cv_search_socket+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_func_search_save_LIBS=$LIBS
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char socket (void);
+   builtin and then its argument prototype would still apply.  */
+char socket ();
 int
 main (void)
 {
@@ -16945,13 +17529,11 @@ done
 if test ${ac_cv_search_socket+y}
 then :
 
-else case e in #(
-  e) ac_cv_search_socket=no ;;
-esac
+else $as_nop
+  ac_cv_search_socket=no
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS ;;
-esac
+LIBS=$ac_func_search_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_socket" >&5
 printf "%s\n" "$ac_cv_search_socket" >&6; }
@@ -16971,8 +17553,8 @@ printf %s "checking for working chown... " >&6; }
 if test ${ac_cv_func_chown_works+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test "$cross_compiling" = yes
+else $as_nop
+  if test "$cross_compiling" = yes
 then :
   case "$host_os" in # ((
 			  # Guess yes on glibc systems.
@@ -16980,8 +17562,8 @@ then :
 			  # If we don't know, assume the worst.
 		  *)      ac_cv_func_chown_works=no ;;
 		esac
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $ac_includes_default
 #include <fcntl.h>
@@ -17009,18 +17591,15 @@ _ACEOF
 if ac_fn_c_try_run "$LINENO"
 then :
   ac_cv_func_chown_works=yes
-else case e in #(
-  e) ac_cv_func_chown_works=no ;;
-esac
+else $as_nop
+  ac_cv_func_chown_works=no
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
 rm -f conftest.chown
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_chown_works" >&5
 printf "%s\n" "$ac_cv_func_chown_works" >&6; }
@@ -17053,19 +17632,19 @@ printf %s "checking for working fork... " >&6; }
 if test ${ac_cv_func_fork_works+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test "$cross_compiling" = yes
+else $as_nop
+  if test "$cross_compiling" = yes
 then :
   ac_cv_func_fork_works=cross
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $ac_includes_default
 int
 main (void)
 {
 
-	  /* By R. Kuhlmann. */
+	  /* By Ruediger Kuhlmann. */
 	  return fork () < 0;
 
   ;
@@ -17075,16 +17654,13 @@ _ACEOF
 if ac_fn_c_try_run "$LINENO"
 then :
   ac_cv_func_fork_works=yes
-else case e in #(
-  e) ac_cv_func_fork_works=no ;;
-esac
+else $as_nop
+  ac_cv_func_fork_works=no
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fork_works" >&5
 printf "%s\n" "$ac_cv_func_fork_works" >&6; }
@@ -17112,12 +17688,12 @@ printf %s "checking for working vfork... " >&6; }
 if test ${ac_cv_func_vfork_works+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test "$cross_compiling" = yes
+else $as_nop
+  if test "$cross_compiling" = yes
 then :
   ac_cv_func_vfork_works=cross
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 /* Thanks to Paul Eggert for this test.  */
 $ac_includes_default
@@ -17228,16 +17804,13 @@ _ACEOF
 if ac_fn_c_try_run "$LINENO"
 then :
   ac_cv_func_vfork_works=yes
-else case e in #(
-  e) ac_cv_func_vfork_works=no ;;
-esac
+else $as_nop
+  ac_cv_func_vfork_works=no
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vfork_works" >&5
 printf "%s\n" "$ac_cv_func_vfork_works" >&6; }
@@ -17267,97 +17840,72 @@ fi
 
 printf "%s\n" "#define RETSIGTYPE void" >>confdefs.h
 
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for declarations of fseeko and ftello" >&5
-printf %s "checking for declarations of fseeko and ftello... " >&6; }
-if test ${ac_cv_func_fseeko_ftello+y}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5
+printf %s "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; }
+if test ${ac_cv_sys_largefile_source+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  while :; do
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-
-#if defined __hpux && !defined _LARGEFILE_SOURCE
-# include <limits.h>
-# if LONG_MAX >> 31 == 0
-#  error "32-bit HP-UX 11/ia64 needs _LARGEFILE_SOURCE for fseeko in C++"
-# endif
-#endif
 #include <sys/types.h> /* for off_t */
-#include <stdio.h>
-
+     #include <stdio.h>
 int
 main (void)
 {
-
-  int (*fp1) (FILE *, off_t, int) = fseeko;
-  off_t (*fp2) (FILE *) = ftello;
-  return fseeko (stdin, 0, 0)
-      && fp1 (stdin, 0, 0)
-      && ftello (stdin) >= 0
-      && fp2 (stdin) >= 0;
-
+int (*fp) (FILE *, off_t, int) = fseeko;
+     return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"
+if ac_fn_c_try_link "$LINENO"
 then :
-  ac_cv_func_fseeko_ftello=yes
-else case e in #(
-  e) ac_save_CPPFLAGS="$CPPFLAGS"
-    CPPFLAGS="$CPPFLAGS -D_LARGEFILE_SOURCE=1"
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+  ac_cv_sys_largefile_source=no; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-
-#if defined __hpux && !defined _LARGEFILE_SOURCE
-# include <limits.h>
-# if LONG_MAX >> 31 == 0
-#  error "32-bit HP-UX 11/ia64 needs _LARGEFILE_SOURCE for fseeko in C++"
-# endif
-#endif
+#define _LARGEFILE_SOURCE 1
 #include <sys/types.h> /* for off_t */
-#include <stdio.h>
-
+     #include <stdio.h>
 int
 main (void)
 {
-
-  int (*fp1) (FILE *, off_t, int) = fseeko;
-  off_t (*fp2) (FILE *) = ftello;
-  return fseeko (stdin, 0, 0)
-      && fp1 (stdin, 0, 0)
-      && ftello (stdin) >= 0
-      && fp2 (stdin) >= 0;
-
+int (*fp) (FILE *, off_t, int) = fseeko;
+     return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"
+if ac_fn_c_try_link "$LINENO"
 then :
-  ac_cv_func_fseeko_ftello="need _LARGEFILE_SOURCE"
-else case e in #(
-  e) ac_cv_func_fseeko_ftello=no ;;
-esac
+  ac_cv_sys_largefile_source=1; break
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+  ac_cv_sys_largefile_source=unknown
+  break
+done
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_source" >&5
+printf "%s\n" "$ac_cv_sys_largefile_source" >&6; }
+case $ac_cv_sys_largefile_source in #(
+  no | unknown) ;;
+  *)
+printf "%s\n" "#define _LARGEFILE_SOURCE $ac_cv_sys_largefile_source" >>confdefs.h
+;;
 esac
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fseeko_ftello" >&5
-printf "%s\n" "$ac_cv_func_fseeko_ftello" >&6; }
-if test "$ac_cv_func_fseeko_ftello" != no
-then :
-
-printf "%s\n" "#define HAVE_FSEEKO 1" >>confdefs.h
+rm -rf conftest*
 
-fi
-if test "$ac_cv_func_fseeko_ftello" = "need _LARGEFILE_SOURCE"
-then :
+# We used to try defining _XOPEN_SOURCE=500 too, to work around a bug
+# in glibc 2.1.3, but that breaks too many other things.
+# If you want fseeko and ftello with glibc, upgrade to a fixed glibc.
+if test $ac_cv_sys_largefile_source != unknown; then
 
-printf "%s\n" "#define _LARGEFILE_SOURCE 1" >>confdefs.h
+printf "%s\n" "#define HAVE_FSEEKO 1" >>confdefs.h
 
 fi
 
@@ -17367,34 +17915,31 @@ if test ${enable_largefile+y}
 then :
   enableval=$enable_largefile;
 fi
-if test "$enable_largefile,$enable_year2038" != no,no
-then :
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable large file support" >&5
-printf %s "checking for $CC option to enable large file support... " >&6; }
-if test ${ac_cv_sys_largefile_opts+y}
+
+if test "$enable_largefile" != no; then
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5
+printf %s "checking for special C compiler options needed for large files... " >&6; }
+if test ${ac_cv_sys_largefile_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_save_CC="$CC"
-  ac_opt_found=no
-  for ac_opt in "none needed" "-D_FILE_OFFSET_BITS=64" "-D_LARGE_FILES=1" "-n32"; do
-    if test x"$ac_opt" != x"none needed"
-then :
-  CC="$ac_save_CC $ac_opt"
-fi
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  ac_cv_sys_largefile_CC=no
+     if test "$GCC" != yes; then
+       ac_save_CC=$CC
+       while :; do
+	 # IRIX 6.2 and later do not support large files by default,
+	 # so use the C compiler's -n32 option if that helps.
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 #include <sys/types.h>
-#ifndef FTYPE
-# define FTYPE off_t
-#endif
- /* Check that FTYPE can represent 2**63 - 1 correctly.
-    We can't simply define LARGE_FTYPE to be 9223372036854775807,
+ /* Check that off_t can represent 2**63 - 1 correctly.
+    We can't simply define LARGE_OFF_T to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_FTYPE (((FTYPE) 1 << 31 << 31) - 1 + ((FTYPE) 1 << 31 << 31))
-  int FTYPE_is_large[(LARGE_FTYPE % 2147483629 == 721
-		       && LARGE_FTYPE % 2147483647 == 1)
+#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
+  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+		       && LARGE_OFF_T % 2147483647 == 1)
 		      ? 1 : -1];
 int
 main (void)
@@ -17404,88 +17949,142 @@ main (void)
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-  if test x"$ac_opt" = x"none needed"
-then :
-  # GNU/Linux s390x and alpha need _FILE_OFFSET_BITS=64 for wide ino_t.
-	 CC="$CC -DFTYPE=ino_t"
 	 if ac_fn_c_try_compile "$LINENO"
 then :
-
-else case e in #(
-  e) CC="$CC -D_FILE_OFFSET_BITS=64"
-	    if ac_fn_c_try_compile "$LINENO"
-then :
-  ac_opt='-D_FILE_OFFSET_BITS=64'
+  break
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam ;;
-esac
+rm -f core conftest.err conftest.$ac_objext conftest.beam
+	 CC="$CC -n32"
+	 if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_cv_sys_largefile_CC=' -n32'; break
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam
+	 break
+       done
+       CC=$ac_save_CC
+       rm -f conftest.$ac_ext
+    fi
 fi
-      ac_cv_sys_largefile_opts=$ac_opt
-      ac_opt_found=yes
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5
+printf "%s\n" "$ac_cv_sys_largefile_CC" >&6; }
+  if test "$ac_cv_sys_largefile_CC" != no; then
+    CC=$CC$ac_cv_sys_largefile_CC
+  fi
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5
+printf %s "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; }
+if test ${ac_cv_sys_file_offset_bits+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  while :; do
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+    We can't simply define LARGE_OFF_T to be 9223372036854775807,
+    since some C++ compilers masquerading as C compilers
+    incorrectly reject 9223372036854775807.  */
+#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
+  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+		       && LARGE_OFF_T % 2147483647 == 1)
+		      ? 1 : -1];
+int
+main (void)
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_cv_sys_file_offset_bits=no; break
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-    test $ac_opt_found = no || break
-  done
-  CC="$ac_save_CC"
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#define _FILE_OFFSET_BITS 64
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+    We can't simply define LARGE_OFF_T to be 9223372036854775807,
+    since some C++ compilers masquerading as C compilers
+    incorrectly reject 9223372036854775807.  */
+#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
+  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+		       && LARGE_OFF_T % 2147483647 == 1)
+		      ? 1 : -1];
+int
+main (void)
+{
 
-  test $ac_opt_found = yes || ac_cv_sys_largefile_opts="support not detected" ;;
-esac
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_cv_sys_file_offset_bits=64; break
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_opts" >&5
-printf "%s\n" "$ac_cv_sys_largefile_opts" >&6; }
-
-ac_have_largefile=yes
-case $ac_cv_sys_largefile_opts in #(
-  "none needed") :
-     ;; #(
-  "supported through gnulib") :
-     ;; #(
-  "support not detected") :
-    ac_have_largefile=no ;; #(
-  "-D_FILE_OFFSET_BITS=64") :
-
-printf "%s\n" "#define _FILE_OFFSET_BITS 64" >>confdefs.h
- ;; #(
-  "-D_LARGE_FILES=1") :
-
-printf "%s\n" "#define _LARGE_FILES 1" >>confdefs.h
- ;; #(
-  "-n32") :
-    CC="$CC -n32" ;; #(
-  *) :
-    as_fn_error $? "internal error: bad value for \$ac_cv_sys_largefile_opts" "$LINENO" 5 ;;
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+  ac_cv_sys_file_offset_bits=unknown
+  break
+done
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5
+printf "%s\n" "$ac_cv_sys_file_offset_bits" >&6; }
+case $ac_cv_sys_file_offset_bits in #(
+  no | unknown) ;;
+  *)
+printf "%s\n" "#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits" >>confdefs.h
+;;
 esac
-
-if test "$enable_year2038" != no
-then :
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option for timestamps after 2038" >&5
-printf %s "checking for $CC option for timestamps after 2038... " >&6; }
-if test ${ac_cv_sys_year2038_opts+y}
+rm -rf conftest*
+  if test $ac_cv_sys_file_offset_bits = unknown; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5
+printf %s "checking for _LARGE_FILES value needed for large files... " >&6; }
+if test ${ac_cv_sys_large_files+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_save_CPPFLAGS="$CPPFLAGS"
-  ac_opt_found=no
-  for ac_opt in "none needed" "-D_TIME_BITS=64" "-D__MINGW_USE_VC2005_COMPAT" "-U_USE_32_BIT_TIME_T -D__MINGW_USE_VC2005_COMPAT"; do
-    if test x"$ac_opt" != x"none needed"
+else $as_nop
+  while :; do
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+    We can't simply define LARGE_OFF_T to be 9223372036854775807,
+    since some C++ compilers masquerading as C compilers
+    incorrectly reject 9223372036854775807.  */
+#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
+  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+		       && LARGE_OFF_T % 2147483647 == 1)
+		      ? 1 : -1];
+int
+main (void)
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
 then :
-  CPPFLAGS="$ac_save_CPPFLAGS $ac_opt"
+  ac_cv_sys_large_files=no; break
 fi
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-
-  #include <time.h>
-  /* Check that time_t can represent 2**32 - 1 correctly.  */
-  #define LARGE_TIME_T \\
-    ((time_t) (((time_t) 1 << 30) - 1 + 3 * ((time_t) 1 << 30)))
-  int verify_time_t_range[(LARGE_TIME_T / 65537 == 65535
-                           && LARGE_TIME_T % 65537 == 0)
-                          ? 1 : -1];
-
+#define _LARGE_FILES 1
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+    We can't simply define LARGE_OFF_T to be 9223372036854775807,
+    since some C++ compilers masquerading as C compilers
+    incorrectly reject 9223372036854775807.  */
+#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
+  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+		       && LARGE_OFF_T % 2147483647 == 1)
+		      ? 1 : -1];
 int
 main (void)
 {
@@ -17496,47 +18095,25 @@ main (void)
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
-  ac_cv_sys_year2038_opts="$ac_opt"
-      ac_opt_found=yes
+  ac_cv_sys_large_files=1; break
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-    test $ac_opt_found = no || break
-  done
-  CPPFLAGS="$ac_save_CPPFLAGS"
-  test $ac_opt_found = yes || ac_cv_sys_year2038_opts="support not detected" ;;
-esac
+  ac_cv_sys_large_files=unknown
+  break
+done
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_year2038_opts" >&5
-printf "%s\n" "$ac_cv_sys_year2038_opts" >&6; }
-
-ac_have_year2038=yes
-case $ac_cv_sys_year2038_opts in #(
-  "none needed") :
-     ;; #(
-  "support not detected") :
-    ac_have_year2038=no ;; #(
-  "-D_TIME_BITS=64") :
-
-printf "%s\n" "#define _TIME_BITS 64" >>confdefs.h
- ;; #(
-  "-D__MINGW_USE_VC2005_COMPAT") :
-
-printf "%s\n" "#define __MINGW_USE_VC2005_COMPAT 1" >>confdefs.h
- ;; #(
-  "-U_USE_32_BIT_TIME_T"*) :
-    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
-as_fn_error $? "the 'time_t' type is currently forced to be 32-bit. It
-will stop working after mid-January 2038. Remove
-_USE_32BIT_TIME_T from the compiler flags.
-See 'config.log' for more details" "$LINENO" 5; } ;; #(
-  *) :
-    as_fn_error $? "internal error: bad value for \$ac_cv_sys_year2038_opts" "$LINENO" 5 ;;
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5
+printf "%s\n" "$ac_cv_sys_large_files" >&6; }
+case $ac_cv_sys_large_files in #(
+  no | unknown) ;;
+  *)
+printf "%s\n" "#define _LARGE_FILES $ac_cv_sys_large_files" >>confdefs.h
+;;
 esac
-
+rm -rf conftest*
+  fi
 fi
 
-fi
 
 
 
@@ -17546,8 +18123,8 @@ cache=_D_LARGEFILE_SOURCE_1
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo '
 #include <stdio.h>
 int test(void) {
@@ -17573,8 +18150,7 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -17618,8 +18194,8 @@ then :
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: crosscompile(yes)" >&5
 printf "%s\n" "crosscompile(yes)" >&6; }
 
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 
@@ -17754,19 +18330,17 @@ then :
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
-else case e in #(
-  e)
+else $as_nop
+
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 
 printf "%s\n" "#define NONBLOCKING_IS_BROKEN 1" >>confdefs.h
 
- ;;
-esac
+
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
 fi
@@ -17804,11 +18378,10 @@ printf "%s\n" "yes" >&6; }
 printf "%s\n" "#define MKDIR_HAS_ONE_ARG 1" >>confdefs.h
 
 
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
- ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 
@@ -17826,8 +18399,8 @@ if test c${cross_compiling} = cno; then
 if test "$cross_compiling" = yes
 then :
   eval "ac_cv_c_strptime_works=maybe"
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #define _XOPEN_SOURCE 600
@@ -17842,13 +18415,11 @@ _ACEOF
 if ac_fn_c_try_run "$LINENO"
 then :
   eval "ac_cv_c_strptime_works=yes"
-else case e in #(
-  e) eval "ac_cv_c_strptime_works=no" ;;
-esac
+else $as_nop
+  eval "ac_cv_c_strptime_works=no"
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
 else
@@ -17869,14 +18440,13 @@ printf "%s\n" "#define STRPTIME_WORKS 1" >>confdefs.h
 
 fi
 
-else case e in #(
-  e) case " $LIBOBJS " in
+else $as_nop
+  case " $LIBOBJS " in
   *" strptime.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS strptime.$ac_objext"
  ;;
 esac
- ;;
-esac
+
 fi
 
 done
@@ -17903,9 +18473,8 @@ fi
 if test ${enable_systemd+y}
 then :
   enableval=$enable_systemd;
-else case e in #(
-  e) enable_systemd=no ;;
-esac
+else $as_nop
+  enable_systemd=no
 fi
 
 have_systemd=no
@@ -17916,8 +18485,8 @@ then :
 		have_systemd=no
 
 pkg_failed=no
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD" >&5
-printf %s "checking for SYSTEMD... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libsystemd" >&5
+printf %s "checking for libsystemd... " >&6; }
 
 if test -n "$SYSTEMD_CFLAGS"; then
     pkg_cv_SYSTEMD_CFLAGS="$SYSTEMD_CFLAGS"
@@ -17957,7 +18526,7 @@ fi
 
 
 if test $pkg_failed = yes; then
-   	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 
 if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
@@ -17966,14 +18535,14 @@ else
         _pkg_short_errors_supported=no
 fi
         if test $_pkg_short_errors_supported = yes; then
-	        SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd" 2>&1`
+                SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd" 2>&1`
         else
-	        SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd" 2>&1`
+                SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd" 2>&1`
         fi
-	# Put the nasty error message in config.log where it belongs
-	echo "$SYSTEMD_PKG_ERRORS" >&5
+        # Put the nasty error message in config.log where it belongs
+        echo "$SYSTEMD_PKG_ERRORS" >&5
 
-	as_fn_error $? "Package requirements (libsystemd) were not met:
+        as_fn_error $? "Package requirements (libsystemd) were not met:
 
 $SYSTEMD_PKG_ERRORS
 
@@ -17984,10 +18553,10 @@ Alternatively, you may set the environment variables SYSTEMD_CFLAGS
 and SYSTEMD_LIBS to avoid the need to call pkg-config.
 See the pkg-config man page for more details." "$LINENO" 5
 elif test $pkg_failed = untried; then
-     	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-	{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+        { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
 as_fn_error $? "The pkg-config script could not be found or is too old.  Make sure it
 is in your PATH or set the PKG_CONFIG environment variable to the full
 path to pkg-config.
@@ -17997,13 +18566,13 @@ and SYSTEMD_LIBS to avoid the need to call pkg-config.
 See the pkg-config man page for more details.
 
 To get pkg-config, see <http://pkg-config.freedesktop.org/>.
-See 'config.log' for more details" "$LINENO" 5; }
+See \`config.log' for more details" "$LINENO" 5; }
 else
-	SYSTEMD_CFLAGS=$pkg_cv_SYSTEMD_CFLAGS
-	SYSTEMD_LIBS=$pkg_cv_SYSTEMD_LIBS
+        SYSTEMD_CFLAGS=$pkg_cv_SYSTEMD_CFLAGS
+        SYSTEMD_LIBS=$pkg_cv_SYSTEMD_LIBS
         { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
-	have_systemd=yes
+        have_systemd=yes
 fi
 		if test "x$have_systemd" != "xyes"
 then :
@@ -18011,8 +18580,8 @@ then :
 		have_systemd_daemon=no
 
 pkg_failed=no
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD_DAEMON" >&5
-printf %s "checking for SYSTEMD_DAEMON... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libsystemd-daemon" >&5
+printf %s "checking for libsystemd-daemon... " >&6; }
 
 if test -n "$SYSTEMD_DAEMON_CFLAGS"; then
     pkg_cv_SYSTEMD_DAEMON_CFLAGS="$SYSTEMD_DAEMON_CFLAGS"
@@ -18052,7 +18621,7 @@ fi
 
 
 if test $pkg_failed = yes; then
-   	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 
 if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
@@ -18061,14 +18630,14 @@ else
         _pkg_short_errors_supported=no
 fi
         if test $_pkg_short_errors_supported = yes; then
-	        SYSTEMD_DAEMON_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd-daemon" 2>&1`
+                SYSTEMD_DAEMON_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd-daemon" 2>&1`
         else
-	        SYSTEMD_DAEMON_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd-daemon" 2>&1`
+                SYSTEMD_DAEMON_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd-daemon" 2>&1`
         fi
-	# Put the nasty error message in config.log where it belongs
-	echo "$SYSTEMD_DAEMON_PKG_ERRORS" >&5
+        # Put the nasty error message in config.log where it belongs
+        echo "$SYSTEMD_DAEMON_PKG_ERRORS" >&5
 
-	as_fn_error $? "Package requirements (libsystemd-daemon) were not met:
+        as_fn_error $? "Package requirements (libsystemd-daemon) were not met:
 
 $SYSTEMD_DAEMON_PKG_ERRORS
 
@@ -18079,10 +18648,10 @@ Alternatively, you may set the environment variables SYSTEMD_DAEMON_CFLAGS
 and SYSTEMD_DAEMON_LIBS to avoid the need to call pkg-config.
 See the pkg-config man page for more details." "$LINENO" 5
 elif test $pkg_failed = untried; then
-     	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-	{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+        { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
 as_fn_error $? "The pkg-config script could not be found or is too old.  Make sure it
 is in your PATH or set the PKG_CONFIG environment variable to the full
 path to pkg-config.
@@ -18092,13 +18661,13 @@ and SYSTEMD_DAEMON_LIBS to avoid the need to call pkg-config.
 See the pkg-config man page for more details.
 
 To get pkg-config, see <http://pkg-config.freedesktop.org/>.
-See 'config.log' for more details" "$LINENO" 5; }
+See \`config.log' for more details" "$LINENO" 5; }
 else
-	SYSTEMD_DAEMON_CFLAGS=$pkg_cv_SYSTEMD_DAEMON_CFLAGS
-	SYSTEMD_DAEMON_LIBS=$pkg_cv_SYSTEMD_DAEMON_LIBS
+        SYSTEMD_DAEMON_CFLAGS=$pkg_cv_SYSTEMD_DAEMON_CFLAGS
+        SYSTEMD_DAEMON_LIBS=$pkg_cv_SYSTEMD_DAEMON_LIBS
         { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
-	have_systemd_daemon=yes
+        have_systemd_daemon=yes
 fi
 		if test "x$have_systemd_daemon" = "xyes"
 then :
@@ -18189,8 +18758,8 @@ esac
 
 printf "%s\n" "#define malloc rpl_malloc_unbound" >>confdefs.h
 
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 #if defined STDC_HEADERS || defined HAVE_STDLIB_H
 #include <stdlib.h>
@@ -18220,17 +18789,15 @@ esac
 
 printf "%s\n" "#define malloc rpl_malloc_unbound" >>confdefs.h
 
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
 printf "%s\n" "#define HAVE_MALLOC 1" >>confdefs.h
- ;;
-esac
+
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
 
@@ -18275,11 +18842,10 @@ printf "%s\n" "yes" >&6; }
 printf "%s\n" "#define HAVE_WINDOWS_THREADS 1" >>confdefs.h
 
 
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
- ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 
@@ -18295,286 +18861,12 @@ else
 if test ${with_pthreads+y}
 then :
   withval=$with_pthreads;
-else case e in #(
-  e)  withval="yes"  ;;
-esac
+else $as_nop
+   withval="yes"
 fi
 
 ub_have_pthreads=no
 if test x_$withval != x_no; then
-	ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
-printf %s "checking how to run the C preprocessor... " >&6; }
-# On Suns, sometimes $CPP names a directory.
-if test -n "$CPP" && test -d "$CPP"; then
-  CPP=
-fi
-if test -z "$CPP"; then
-  if test ${ac_cv_prog_CPP+y}
-then :
-  printf %s "(cached) " >&6
-else case e in #(
-  e)     # Double quotes because $CC needs to be expanded
-    for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp
-    do
-      ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
-  # Use a header file that comes with gcc, so configuring glibc
-  # with a fresh cross-compiler works.
-  # On the NeXT, cc -E runs the code through the compiler's parser,
-  # not just through cpp. "Syntax error" is here to catch this case.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include <limits.h>
-		     Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"
-then :
-
-else case e in #(
-  e) # Broken: fails on valid input.
-continue ;;
-esac
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-  # OK, works on sane cases.  Now check whether nonexistent headers
-  # can be detected and how.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"
-then :
-  # Broken: success on invalid input.
-continue
-else case e in #(
-  e) # Passes both tests.
-ac_preproc_ok=:
-break ;;
-esac
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-done
-# Because of 'break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok
-then :
-  break
-fi
-
-    done
-    ac_cv_prog_CPP=$CPP
-   ;;
-esac
-fi
-  CPP=$ac_cv_prog_CPP
-else
-  ac_cv_prog_CPP=$CPP
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
-printf "%s\n" "$CPP" >&6; }
-ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
-  # Use a header file that comes with gcc, so configuring glibc
-  # with a fresh cross-compiler works.
-  # On the NeXT, cc -E runs the code through the compiler's parser,
-  # not just through cpp. "Syntax error" is here to catch this case.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include <limits.h>
-		     Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"
-then :
-
-else case e in #(
-  e) # Broken: fails on valid input.
-continue ;;
-esac
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-  # OK, works on sane cases.  Now check whether nonexistent headers
-  # can be detected and how.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"
-then :
-  # Broken: success on invalid input.
-continue
-else case e in #(
-  e) # Passes both tests.
-ac_preproc_ok=:
-break ;;
-esac
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-done
-# Because of 'break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok
-then :
-
-else case e in #(
-  e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
-as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
-See 'config.log' for more details" "$LINENO" 5; } ;;
-esac
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep -e" >&5
-printf %s "checking for egrep -e... " >&6; }
-if test ${ac_cv_path_EGREP_TRADITIONAL+y}
-then :
-  printf %s "(cached) " >&6
-else case e in #(
-  e) if test -z "$EGREP_TRADITIONAL"; then
-  ac_path_EGREP_TRADITIONAL_found=false
-  # Loop through the user's path and test for each of PROGNAME-LIST
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
-  IFS=$as_save_IFS
-  case $as_dir in #(((
-    '') as_dir=./ ;;
-    */) ;;
-    *) as_dir=$as_dir/ ;;
-  esac
-    for ac_prog in grep ggrep
-   do
-    for ac_exec_ext in '' $ac_executable_extensions; do
-      ac_path_EGREP_TRADITIONAL="$as_dir$ac_prog$ac_exec_ext"
-      as_fn_executable_p "$ac_path_EGREP_TRADITIONAL" || continue
-# Check for GNU ac_path_EGREP_TRADITIONAL and select it if it is found.
-  # Check for GNU $ac_path_EGREP_TRADITIONAL
-case `"$ac_path_EGREP_TRADITIONAL" --version 2>&1` in #(
-*GNU*)
-  ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" ac_path_EGREP_TRADITIONAL_found=:;;
-#(
-*)
-  ac_count=0
-  printf %s 0123456789 >"conftest.in"
-  while :
-  do
-    cat "conftest.in" "conftest.in" >"conftest.tmp"
-    mv "conftest.tmp" "conftest.in"
-    cp "conftest.in" "conftest.nl"
-    printf "%s\n" 'EGREP_TRADITIONAL' >> "conftest.nl"
-    "$ac_path_EGREP_TRADITIONAL" -E 'EGR(EP|AC)_TRADITIONAL$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
-    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
-    as_fn_arith $ac_count + 1 && ac_count=$as_val
-    if test $ac_count -gt ${ac_path_EGREP_TRADITIONAL_max-0}; then
-      # Best one so far, save it but keep looking for a better one
-      ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL"
-      ac_path_EGREP_TRADITIONAL_max=$ac_count
-    fi
-    # 10*(2^10) chars as input seems more than enough
-    test $ac_count -gt 10 && break
-  done
-  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
-      $ac_path_EGREP_TRADITIONAL_found && break 3
-    done
-  done
-  done
-IFS=$as_save_IFS
-  if test -z "$ac_cv_path_EGREP_TRADITIONAL"; then
-    :
-  fi
-else
-  ac_cv_path_EGREP_TRADITIONAL=$EGREP_TRADITIONAL
-fi
-
-    if test "$ac_cv_path_EGREP_TRADITIONAL"
-then :
-  ac_cv_path_EGREP_TRADITIONAL="$ac_cv_path_EGREP_TRADITIONAL -E"
-else case e in #(
-  e) if test -z "$EGREP_TRADITIONAL"; then
-  ac_path_EGREP_TRADITIONAL_found=false
-  # Loop through the user's path and test for each of PROGNAME-LIST
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
-  IFS=$as_save_IFS
-  case $as_dir in #(((
-    '') as_dir=./ ;;
-    */) ;;
-    *) as_dir=$as_dir/ ;;
-  esac
-    for ac_prog in egrep
-   do
-    for ac_exec_ext in '' $ac_executable_extensions; do
-      ac_path_EGREP_TRADITIONAL="$as_dir$ac_prog$ac_exec_ext"
-      as_fn_executable_p "$ac_path_EGREP_TRADITIONAL" || continue
-# Check for GNU ac_path_EGREP_TRADITIONAL and select it if it is found.
-  # Check for GNU $ac_path_EGREP_TRADITIONAL
-case `"$ac_path_EGREP_TRADITIONAL" --version 2>&1` in #(
-*GNU*)
-  ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" ac_path_EGREP_TRADITIONAL_found=:;;
-#(
-*)
-  ac_count=0
-  printf %s 0123456789 >"conftest.in"
-  while :
-  do
-    cat "conftest.in" "conftest.in" >"conftest.tmp"
-    mv "conftest.tmp" "conftest.in"
-    cp "conftest.in" "conftest.nl"
-    printf "%s\n" 'EGREP_TRADITIONAL' >> "conftest.nl"
-    "$ac_path_EGREP_TRADITIONAL" 'EGR(EP|AC)_TRADITIONAL$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
-    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
-    as_fn_arith $ac_count + 1 && ac_count=$as_val
-    if test $ac_count -gt ${ac_path_EGREP_TRADITIONAL_max-0}; then
-      # Best one so far, save it but keep looking for a better one
-      ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL"
-      ac_path_EGREP_TRADITIONAL_max=$ac_count
-    fi
-    # 10*(2^10) chars as input seems more than enough
-    test $ac_count -gt 10 && break
-  done
-  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
-      $ac_path_EGREP_TRADITIONAL_found && break 3
-    done
-  done
-  done
-IFS=$as_save_IFS
-  if test -z "$ac_cv_path_EGREP_TRADITIONAL"; then
-    as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
-  fi
-else
-  ac_cv_path_EGREP_TRADITIONAL=$EGREP_TRADITIONAL
-fi
- ;;
-esac
-fi ;;
-esac
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP_TRADITIONAL" >&5
-printf "%s\n" "$ac_cv_path_EGREP_TRADITIONAL" >&6; }
- EGREP_TRADITIONAL=$ac_cv_path_EGREP_TRADITIONAL
-
 
 
 
@@ -18615,14 +18907,8 @@ printf %s "checking for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS...
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char pthread_join (void);
+   builtin and then its argument prototype would still apply.  */
+char pthread_join ();
 int
 main (void)
 {
@@ -18716,7 +19002,7 @@ case $host_os in
 
 _ACEOF
 if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP_TRADITIONAL "AX_PTHREAD_ZOS_MISSING" >/dev/null 2>&1
+  $EGREP "AX_PTHREAD_ZOS_MISSING" >/dev/null 2>&1
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&5
 printf "%s\n" "$as_me: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&2;}
@@ -18746,8 +19032,8 @@ printf %s "checking whether $CC is Clang... " >&6; }
 if test ${ax_cv_PTHREAD_CLANG+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ax_cv_PTHREAD_CLANG=no
+else $as_nop
+  ax_cv_PTHREAD_CLANG=no
      # Note that Autoconf sets GCC=yes for Clang as well as GCC
      if test "x$GCC" = "xyes"; then
         cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -18759,15 +19045,14 @@ else case e in #(
 
 _ACEOF
 if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP_TRADITIONAL "AX_PTHREAD_CC_IS_CLANG" >/dev/null 2>&1
+  $EGREP "AX_PTHREAD_CC_IS_CLANG" >/dev/null 2>&1
 then :
   ax_cv_PTHREAD_CLANG=yes
 fi
 rm -rf conftest*
 
      fi
-     ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG" >&5
 printf "%s\n" "$ax_cv_PTHREAD_CLANG" >&6; }
@@ -18817,9 +19102,8 @@ esac
 if test "x$ax_pthread_check_macro" = "x--"
 then :
   ax_pthread_check_cond=0
-else case e in #(
-  e) ax_pthread_check_cond="!defined($ax_pthread_check_macro)" ;;
-esac
+else $as_nop
+  ax_pthread_check_cond="!defined($ax_pthread_check_macro)"
 fi
 
 
@@ -18853,8 +19137,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ax_pthread_config+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ax_pthread_config"; then
+else $as_nop
+  if test -n "$ax_pthread_config"; then
   ac_cv_prog_ax_pthread_config="$ax_pthread_config" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -18877,8 +19161,7 @@ done
 IFS=$as_save_IFS
 
   test -z "$ac_cv_prog_ax_pthread_config" && ac_cv_prog_ax_pthread_config="no"
-fi ;;
-esac
+fi
 fi
 ax_pthread_config=$ac_cv_prog_ax_pthread_config
 if test -n "$ax_pthread_config"; then
@@ -19011,8 +19294,8 @@ printf %s "checking whether Clang needs flag to prevent \"argument unused\" warn
 if test ${ax_cv_PTHREAD_CLANG_NO_WARN_FLAG+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown
+else $as_nop
+  ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown
              # Create an alternate version of $ac_link that compiles and
              # links in two steps (.c -> .o, .o -> exe) instead of one
              # (.c -> exe), because the warning occurs only in the second
@@ -19058,8 +19341,7 @@ then :
   ax_pthread_try=no
 fi
              ax_cv_PTHREAD_CLANG_NO_WARN_FLAG="$ax_pthread_try"
-             ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&5
 printf "%s\n" "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&6; }
@@ -19086,8 +19368,8 @@ printf %s "checking for joinable pthread attribute... " >&6; }
 if test ${ax_cv_PTHREAD_JOINABLE_ATTR+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ax_cv_PTHREAD_JOINABLE_ATTR=unknown
+else $as_nop
+  ax_cv_PTHREAD_JOINABLE_ATTR=unknown
              for ax_pthread_attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do
                  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -19107,8 +19389,7 @@ fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
              done
-             ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_JOINABLE_ATTR" >&5
 printf "%s\n" "$ax_cv_PTHREAD_JOINABLE_ATTR" >&6; }
@@ -19128,15 +19409,14 @@ printf %s "checking whether more special flags are required for pthreads... " >&
 if test ${ax_cv_PTHREAD_SPECIAL_FLAGS+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ax_cv_PTHREAD_SPECIAL_FLAGS=no
+else $as_nop
+  ax_cv_PTHREAD_SPECIAL_FLAGS=no
              case $host_os in
              solaris*)
              ax_cv_PTHREAD_SPECIAL_FLAGS="-D_POSIX_PTHREAD_SEMANTICS"
              ;;
              esac
-             ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_SPECIAL_FLAGS" >&5
 printf "%s\n" "$ax_cv_PTHREAD_SPECIAL_FLAGS" >&6; }
@@ -19152,8 +19432,8 @@ printf %s "checking for PTHREAD_PRIO_INHERIT... " >&6; }
 if test ${ax_cv_PTHREAD_PRIO_INHERIT+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 #include <pthread.h>
 int
@@ -19168,14 +19448,12 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ax_cv_PTHREAD_PRIO_INHERIT=yes
-else case e in #(
-  e) ax_cv_PTHREAD_PRIO_INHERIT=no ;;
-esac
+else $as_nop
+  ax_cv_PTHREAD_PRIO_INHERIT=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-             ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_PRIO_INHERIT" >&5
 printf "%s\n" "$ax_cv_PTHREAD_PRIO_INHERIT" >&6; }
@@ -19225,8 +19503,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_PTHREAD_CC+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$PTHREAD_CC"; then
+else $as_nop
+  if test -n "$PTHREAD_CC"; then
   ac_cv_prog_PTHREAD_CC="$PTHREAD_CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -19248,8 +19526,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 PTHREAD_CC=$ac_cv_prog_PTHREAD_CC
 if test -n "$PTHREAD_CC"; then
@@ -19276,8 +19553,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_PTHREAD_CXX+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$PTHREAD_CXX"; then
+else $as_nop
+  if test -n "$PTHREAD_CXX"; then
   ac_cv_prog_PTHREAD_CXX="$PTHREAD_CXX" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -19299,8 +19576,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 PTHREAD_CXX=$ac_cv_prog_PTHREAD_CXX
 if test -n "$PTHREAD_CXX"; then
@@ -19370,30 +19646,28 @@ fi
 
 		# The cast to long int works around a bug in the HP C Compiler
 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like 'int a3[[(sizeof (unsigned char)) >= 0]];'.
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
 # This bug is HP SR number 8606223364.
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5
 printf %s "checking size of unsigned long... " >&6; }
 if test ${ac_cv_sizeof_unsigned_long+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long"        "$ac_includes_default"
+else $as_nop
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long"        "$ac_includes_default"
 then :
 
-else case e in #(
-  e) if test "$ac_cv_type_unsigned_long" = yes; then
-     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+else $as_nop
+  if test "$ac_cv_type_unsigned_long" = yes; then
+     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
 as_fn_error 77 "cannot compute sizeof (unsigned long)
-See 'config.log' for more details" "$LINENO" 5; }
+See \`config.log' for more details" "$LINENO" 5; }
    else
      ac_cv_sizeof_unsigned_long=0
-   fi ;;
-esac
+   fi
 fi
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5
 printf "%s\n" "$ac_cv_sizeof_unsigned_long" >&6; }
@@ -19405,30 +19679,28 @@ printf "%s\n" "#define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long" >>confd
 
 		# The cast to long int works around a bug in the HP C Compiler
 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like 'int a3[[(sizeof (unsigned char)) >= 0]];'.
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
 # This bug is HP SR number 8606223364.
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of pthread_t" >&5
 printf %s "checking size of pthread_t... " >&6; }
 if test ${ac_cv_sizeof_pthread_t+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (pthread_t))" "ac_cv_sizeof_pthread_t"        "$ac_includes_default"
+else $as_nop
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (pthread_t))" "ac_cv_sizeof_pthread_t"        "$ac_includes_default"
 then :
 
-else case e in #(
-  e) if test "$ac_cv_type_pthread_t" = yes; then
-     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+else $as_nop
+  if test "$ac_cv_type_pthread_t" = yes; then
+     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
 as_fn_error 77 "cannot compute sizeof (pthread_t)
-See 'config.log' for more details" "$LINENO" 5; }
+See \`config.log' for more details" "$LINENO" 5; }
    else
      ac_cv_sizeof_pthread_t=0
-   fi ;;
-esac
+   fi
 fi
- ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_pthread_t" >&5
 printf "%s\n" "$ac_cv_sizeof_pthread_t" >&6; }
@@ -19496,9 +19768,8 @@ fi
 if test ${with_solaris_threads+y}
 then :
   withval=$with_solaris_threads;
-else case e in #(
-  e)  withval="no"  ;;
-esac
+else $as_nop
+   withval="no"
 fi
 
 ub_have_sol_threads=no
@@ -19512,21 +19783,15 @@ printf %s "checking for library containing thr_create... " >&6; }
 if test ${ac_cv_search_thr_create+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_func_search_save_LIBS=$LIBS
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char thr_create (void);
+   builtin and then its argument prototype would still apply.  */
+char thr_create ();
 int
 main (void)
 {
@@ -19557,13 +19822,11 @@ done
 if test ${ac_cv_search_thr_create+y}
 then :
 
-else case e in #(
-  e) ac_cv_search_thr_create=no ;;
-esac
+else $as_nop
+  ac_cv_search_thr_create=no
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS ;;
-esac
+LIBS=$ac_func_search_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_thr_create" >&5
 printf "%s\n" "$ac_cv_search_thr_create" >&6; }
@@ -19584,8 +19847,8 @@ cache=`echo mt | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -mt -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -19593,8 +19856,7 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -19611,11 +19873,10 @@ fi
 
 		ub_have_sol_threads=yes
 
-else case e in #(
-  e)
+else $as_nop
+
 		as_fn_error $? "no solaris threads found." "$LINENO" 5
-	 ;;
-esac
+
 fi
 
 	fi
@@ -19648,9 +19909,8 @@ printf "%s\n" "#define UB_SYSLOG_FACILITY ${UNBOUND_SYSLOG_FACILITY}" >>confdefs
 if test ${with_dynlibmodule+y}
 then :
   withval=$with_dynlibmodule;
-else case e in #(
-  e)  withval="no"  ;;
-esac
+else $as_nop
+   withval="no"
 fi
 
 
@@ -19673,21 +19933,15 @@ printf %s "checking for library containing dlopen... " >&6; }
 if test ${ac_cv_search_dlopen+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_func_search_save_LIBS=$LIBS
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen (void);
+   builtin and then its argument prototype would still apply.  */
+char dlopen ();
 int
 main (void)
 {
@@ -19718,13 +19972,11 @@ done
 if test ${ac_cv_search_dlopen+y}
 then :
 
-else case e in #(
-  e) ac_cv_search_dlopen=no ;;
-esac
+else $as_nop
+  ac_cv_search_dlopen=no
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS ;;
-esac
+LIBS=$ac_func_search_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5
 printf "%s\n" "$ac_cv_search_dlopen" >&6; }
@@ -19748,9 +20000,8 @@ fi
 if test ${with_pyunbound+y}
 then :
   withval=$with_pyunbound;
-else case e in #(
-  e)  withval="no"  ;;
-esac
+else $as_nop
+   withval="no"
 fi
 
 
@@ -19767,9 +20018,8 @@ fi
 if test ${with_pythonmodule+y}
 then :
   withval=$with_pythonmodule;
-else case e in #(
-  e)  withval="no"  ;;
-esac
+else $as_nop
+   withval="no"
 fi
 
 
@@ -19797,8 +20047,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_path_PYTHON+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) case $PYTHON in
+else $as_nop
+  case $PYTHON in
   [\\/]* | ?:[\\/]*)
   ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
   ;;
@@ -19823,7 +20073,6 @@ done
 IFS=$as_save_IFS
 
   ;;
-esac ;;
 esac
 fi
 PYTHON=$ac_cv_path_PYTHON
@@ -20001,9 +20250,8 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   pythonexists=yes
-else case e in #(
-  e) pythonexists=no ;;
-esac
+else $as_nop
+  pythonexists=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -20113,8 +20361,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_path_SWIG+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) case $SWIG in
+else $as_nop
+  case $SWIG in
   [\\/]* | ?:[\\/]*)
   ac_cv_path_SWIG="$SWIG" # Let the user override the test with a path.
   ;;
@@ -20139,7 +20387,6 @@ done
 IFS=$as_save_IFS
 
   ;;
-esac ;;
 esac
 fi
 SWIG=$ac_cv_path_SWIG
@@ -20240,8 +20487,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_path_SWIG+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) case $SWIG in
+else $as_nop
+  case $SWIG in
   [\\/]* | ?:[\\/]*)
   ac_cv_path_SWIG="$SWIG" # Let the user override the test with a path.
   ;;
@@ -20266,7 +20513,6 @@ done
 IFS=$as_save_IFS
 
   ;;
-esac ;;
 esac
 fi
 SWIG=$ac_cv_path_SWIG
@@ -20428,17 +20674,15 @@ ax_date_fmt="%Y%m%d"
 if test x"$SOURCE_DATE_EPOCH" = x
 then :
   CONFIG_DATE=`date "+$ax_date_fmt"`
-else case e in #(
-  e) ax_build_date=`date -u -d "@$SOURCE_DATE_EPOCH" "+$ax_date_fmt" 2>/dev/null \
+else $as_nop
+  ax_build_date=`date -u -d "@$SOURCE_DATE_EPOCH" "+$ax_date_fmt" 2>/dev/null \
                  || date -u -r "$SOURCE_DATE_EPOCH" "+$ax_date_fmt" 2>/dev/null`
   if test x"$ax_build_date" = x
 then :
   as_fn_error $? "malformed SOURCE_DATE_EPOCH" "$LINENO" 5
-else case e in #(
-  e) CONFIG_DATE=$ax_build_date ;;
-esac
-fi ;;
-esac
+else $as_nop
+  CONFIG_DATE=$ax_build_date
+fi
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CONFIG_DATE" >&5
 printf "%s\n" "$CONFIG_DATE" >&6; }
@@ -20533,11 +20777,10 @@ if test ${with_ssl+y}
 then :
   withval=$with_ssl;
 
-else case e in #(
-  e)
+else $as_nop
+
             withval="yes"
-         ;;
-esac
+
 fi
 
     if test x_$withval = x_no; then
@@ -20633,8 +20876,8 @@ printf "%s\n" "yes" >&6; }
 printf "%s\n" "#define HAVE_EVP_SHA256 1" >>confdefs.h
 
 
-else case e in #(
-  e)
+else $as_nop
+
                 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
                 # check if -lwsock32 or -lgdi32 are needed.
@@ -20667,8 +20910,8 @@ printf "%s\n" "#define HAVE_EVP_SHA256 1" >>confdefs.h
                     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
-else case e in #(
-  e)
+else $as_nop
+
                     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
                     LIBS="$BAKLIBS"
@@ -20701,8 +20944,8 @@ printf "%s\n" "#define HAVE_EVP_SHA256 1" >>confdefs.h
 			{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
-else case e in #(
-  e)
+else $as_nop
+
 			{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 			LIBS="$BAKLIBS"
@@ -20735,8 +20978,8 @@ printf "%s\n" "#define HAVE_EVP_SHA256 1" >>confdefs.h
 			    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
-else case e in #(
-  e)
+else $as_nop
+
 			    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 			    LIBS="$BAKLIBS"
@@ -20769,8 +21012,8 @@ printf "%s\n" "#define HAVE_EVP_SHA256 1" >>confdefs.h
 				{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
-else case e in #(
-  e)
+else $as_nop
+
 				{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 				LIBS="$BAKLIBS"
@@ -20802,38 +21045,32 @@ printf "%s\n" "#define HAVE_EVP_SHA256 1" >>confdefs.h
 				    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
-else case e in #(
-  e)
+else $as_nop
+
 				    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 				    as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5
-				 ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-			     ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-			 ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-		     ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-                 ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-             ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -20878,14 +21115,8 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char SSL_CTX_new (void);
+   builtin and then its argument prototype would still apply.  */
+char SSL_CTX_new ();
 int
 main (void)
 {
@@ -20901,8 +21132,8 @@ then :
 printf "%s\n" "no" >&6; }
 	LIBS="$BAKLIBS"
 
-else case e in #(
-  e)
+else $as_nop
+
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 	LIBS="$BAKLIBS"
@@ -20911,21 +21142,15 @@ printf %s "checking for library containing dlopen... " >&6; }
 if test ${ac_cv_search_dlopen+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_func_search_save_LIBS=$LIBS
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen (void);
+   builtin and then its argument prototype would still apply.  */
+char dlopen ();
 int
 main (void)
 {
@@ -20956,13 +21181,11 @@ done
 if test ${ac_cv_search_dlopen+y}
 then :
 
-else case e in #(
-  e) ac_cv_search_dlopen=no ;;
-esac
+else $as_nop
+  ac_cv_search_dlopen=no
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS ;;
-esac
+LIBS=$ac_func_search_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5
 printf "%s\n" "$ac_cv_search_dlopen" >&6; }
@@ -20973,8 +21196,7 @@ then :
 
 fi
 
- ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -21009,14 +21231,13 @@ then :
 printf "%s\n" "no" >&6; }
 	LIBS="$BAKLIBS"
 
-else case e in #(
-  e)
+else $as_nop
+
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 	LIBS="$BAKLIBS"
 	LIBS="$LIBS -lcrypt32"
- ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -21036,8 +21257,8 @@ printf %s "checking for $CC options needed to detect all undeclared functions...
 if test ${ac_cv_c_undeclared_builtin_options+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_save_CFLAGS=$CFLAGS
+else $as_nop
+  ac_save_CFLAGS=$CFLAGS
    ac_cv_c_undeclared_builtin_options='cannot detect'
    for ac_arg in '' -fno-builtin; do
      CFLAGS="$ac_save_CFLAGS $ac_arg"
@@ -21056,8 +21277,8 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
 
-else case e in #(
-  e) # This test program should compile successfully.
+else $as_nop
+  # This test program should compile successfully.
         # No library function is consistently available on
         # freestanding implementations, so test against a dummy
         # declaration.  Include always-available headers on the
@@ -21085,29 +21306,26 @@ then :
   if test x"$ac_arg" = x
 then :
   ac_cv_c_undeclared_builtin_options='none needed'
-else case e in #(
-  e) ac_cv_c_undeclared_builtin_options=$ac_arg ;;
-esac
+else $as_nop
+  ac_cv_c_undeclared_builtin_options=$ac_arg
 fi
           break
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
     done
     CFLAGS=$ac_save_CFLAGS
-   ;;
-esac
+
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_undeclared_builtin_options" >&5
 printf "%s\n" "$ac_cv_c_undeclared_builtin_options" >&6; }
   case $ac_cv_c_undeclared_builtin_options in #(
   'cannot detect') :
-    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
 as_fn_error $? "cannot make $CC report undeclared builtins
-See 'config.log' for more details" "$LINENO" 5; } ;; #(
+See \`config.log' for more details" "$LINENO" 5; } ;; #(
   'none needed') :
     ac_c_undeclared_builtin_options='' ;; #(
   *) :
@@ -21118,36 +21336,32 @@ ac_fn_check_decl "$LINENO" "strlcpy" "ac_cv_have_decl_strlcpy" "$ac_includes_def
 if test "x$ac_cv_have_decl_strlcpy" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_STRLCPY $ac_have_decl" >>confdefs.h
 ac_fn_check_decl "$LINENO" "strlcat" "ac_cv_have_decl_strlcat" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS"
 if test "x$ac_cv_have_decl_strlcat" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_STRLCAT $ac_have_decl" >>confdefs.h
 ac_fn_check_decl "$LINENO" "arc4random" "ac_cv_have_decl_arc4random" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS"
 if test "x$ac_cv_have_decl_arc4random" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_ARC4RANDOM $ac_have_decl" >>confdefs.h
 ac_fn_check_decl "$LINENO" "arc4random_uniform" "ac_cv_have_decl_arc4random_uniform" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS"
 if test "x$ac_cv_have_decl_arc4random_uniform" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_ARC4RANDOM_UNIFORM $ac_have_decl" >>confdefs.h
 
@@ -21362,12 +21576,6 @@ then :
   printf "%s\n" "#define HAVE_BIO_SET_CALLBACK_EX 1" >>confdefs.h
 
 fi
-ac_fn_c_check_func "$LINENO" "SSL_CTX_set_tmp_ecdh" "ac_cv_func_SSL_CTX_set_tmp_ecdh"
-if test "x$ac_cv_func_SSL_CTX_set_tmp_ecdh" = xyes
-then :
-  printf "%s\n" "#define HAVE_SSL_CTX_SET_TMP_ECDH 1" >>confdefs.h
-
-fi
 
 
 # these check_funcs need -lssl
@@ -21466,9 +21674,8 @@ $ac_includes_default
 if test "x$ac_cv_have_decl_SSL_COMP_get_compression_methods" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS $ac_have_decl" >>confdefs.h
 ac_fn_check_decl "$LINENO" "sk_SSL_COMP_pop_free" "ac_cv_have_decl_sk_SSL_COMP_pop_free" "
@@ -21495,9 +21702,8 @@ $ac_includes_default
 if test "x$ac_cv_have_decl_sk_SSL_COMP_pop_free" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_SK_SSL_COMP_POP_FREE $ac_have_decl" >>confdefs.h
 ac_fn_check_decl "$LINENO" "SSL_CTX_set_ecdh_auto" "ac_cv_have_decl_SSL_CTX_set_ecdh_auto" "
@@ -21524,11 +21730,38 @@ $ac_includes_default
 if test "x$ac_cv_have_decl_SSL_CTX_set_ecdh_auto" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_SSL_CTX_SET_ECDH_AUTO $ac_have_decl" >>confdefs.h
+ac_fn_check_decl "$LINENO" "SSL_CTX_set_tmp_ecdh" "ac_cv_have_decl_SSL_CTX_set_tmp_ecdh" "
+$ac_includes_default
+#ifdef HAVE_OPENSSL_ERR_H
+#include <openssl/err.h>
+#endif
+
+#ifdef HAVE_OPENSSL_RAND_H
+#include <openssl/rand.h>
+#endif
+
+#ifdef HAVE_OPENSSL_CONF_H
+#include <openssl/conf.h>
+#endif
+
+#ifdef HAVE_OPENSSL_ENGINE_H
+#include <openssl/engine.h>
+#endif
+#include <openssl/ssl.h>
+#include <openssl/evp.h>
+
+" "$ac_c_undeclared_builtin_options" "CFLAGS"
+if test "x$ac_cv_have_decl_SSL_CTX_set_tmp_ecdh" = xyes
+then :
+  ac_have_decl=1
+else $as_nop
+  ac_have_decl=0
+fi
+printf "%s\n" "#define HAVE_DECL_SSL_CTX_SET_TMP_ECDH $ac_have_decl" >>confdefs.h
 
 
 if test "$ac_cv_func_HMAC_Init_ex" = "yes"; then
@@ -21576,15 +21809,14 @@ then :
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: int" >&5
 printf "%s\n" "int" >&6; }
 
-else case e in #(
-  e)
+else $as_nop
+
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: void" >&5
 printf "%s\n" "void" >&6; }
 
 printf "%s\n" "#define HMAC_INIT_EX_RETURNS_VOID 1" >>confdefs.h
 
- ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
@@ -21615,27 +21847,21 @@ fi
 
 	if test "x$ac_cv_header_bsd_string_h" = xyes -a "x$ac_cv_header_bsd_stdlib_h" = xyes; then
 		for func in strlcpy strlcat arc4random arc4random_uniform reallocarray; do
-			as_ac_Search=`printf "%s\n" "ac_cv_search_$func" | sed "$as_sed_sh"`
+			as_ac_Search=`printf "%s\n" "ac_cv_search_$func" | $as_tr_sh`
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing $func" >&5
 printf %s "checking for library containing $func... " >&6; }
 if eval test \${$as_ac_Search+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_func_search_save_LIBS=$LIBS
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $func (void);
+   builtin and then its argument prototype would still apply.  */
+char $func ();
 int
 main (void)
 {
@@ -21666,13 +21892,11 @@ done
 if eval test \${$as_ac_Search+y}
 then :
 
-else case e in #(
-  e) eval "$as_ac_Search=no" ;;
-esac
+else $as_nop
+  eval "$as_ac_Search=no"
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS ;;
-esac
+LIBS=$ac_func_search_save_LIBS
 fi
 eval ac_res=\$$as_ac_Search
 	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
@@ -21767,18 +21991,16 @@ case "$enable_gost" in
 if test "x$ac_cv_func_EVP_PKEY_set_type_str" = xyes
 then :
   :
-else case e in #(
-  e) as_fn_error $? "OpenSSL 1.0.0 is needed for GOST support" "$LINENO" 5 ;;
-esac
+else $as_nop
+  as_fn_error $? "OpenSSL 1.0.0 is needed for GOST support" "$LINENO" 5
 fi
 
 	ac_fn_c_check_func "$LINENO" "EC_KEY_new" "ac_cv_func_EC_KEY_new"
 if test "x$ac_cv_func_EC_KEY_new" = xyes
 then :
 
-else case e in #(
-  e) as_fn_error $? "OpenSSL does not support ECC, needed for GOST support" "$LINENO" 5 ;;
-esac
+else $as_nop
+  as_fn_error $? "OpenSSL does not support ECC, needed for GOST support" "$LINENO" 5
 fi
 
 
@@ -21792,8 +22014,8 @@ fi
 if test "$cross_compiling" = yes
 then :
   eval "ac_cv_c_gost_works=maybe"
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #include <string.h>
@@ -21881,13 +22103,11 @@ _ACEOF
 if ac_fn_c_try_run "$LINENO"
 then :
   eval "ac_cv_c_gost_works=yes"
-else case e in #(
-  e) eval "ac_cv_c_gost_works=no" ;;
-esac
+else $as_nop
+  eval "ac_cv_c_gost_works=no"
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
 CFLAGS="$BAKCFLAGS"
@@ -21933,29 +22153,26 @@ then :
 
 fi
 
-else case e in #(
-  e)
+else $as_nop
+
 		  # without EVP_PKEY_fromdata, older openssl, check for support
 		  ac_fn_c_check_func "$LINENO" "ECDSA_sign" "ac_cv_func_ECDSA_sign"
 if test "x$ac_cv_func_ECDSA_sign" = xyes
 then :
 
-else case e in #(
-  e) as_fn_error $? "OpenSSL does not support ECDSA: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5 ;;
-esac
+else $as_nop
+  as_fn_error $? "OpenSSL does not support ECDSA: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5
 fi
 
 		  ac_fn_c_check_func "$LINENO" "SHA384_Init" "ac_cv_func_SHA384_Init"
 if test "x$ac_cv_func_SHA384_Init" = xyes
 then :
 
-else case e in #(
-  e) as_fn_error $? "OpenSSL does not support SHA384: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5 ;;
-esac
+else $as_nop
+  as_fn_error $? "OpenSSL does not support SHA384: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5
 fi
 
-		 ;;
-esac
+
 fi
 
 	      ac_fn_check_decl "$LINENO" "NID_X9_62_prime256v1" "ac_cv_have_decl_NID_X9_62_prime256v1" "$ac_includes_default
@@ -21965,17 +22182,15 @@ fi
 if test "x$ac_cv_have_decl_NID_X9_62_prime256v1" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_NID_X9_62_PRIME256V1 $ac_have_decl" >>confdefs.h
 if test $ac_have_decl = 1
 then :
 
-else case e in #(
-  e) as_fn_error $? "OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5 ;;
-esac
+else $as_nop
+  as_fn_error $? "OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5
 fi
 ac_fn_check_decl "$LINENO" "NID_secp384r1" "ac_cv_have_decl_NID_secp384r1" "$ac_includes_default
 #include <openssl/evp.h>
@@ -21984,17 +22199,15 @@ ac_fn_check_decl "$LINENO" "NID_secp384r1" "ac_cv_have_decl_NID_secp384r1" "$ac_
 if test "x$ac_cv_have_decl_NID_secp384r1" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_NID_SECP384R1 $ac_have_decl" >>confdefs.h
 if test $ac_have_decl = 1
 then :
 
-else case e in #(
-  e) as_fn_error $? "OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5 ;;
-esac
+else $as_nop
+  as_fn_error $? "OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5
 fi
 
 	      # see if OPENSSL 1.0.0 or later (has EVP MD and Verify independency)
@@ -22040,7 +22253,7 @@ case "$enable_dsa" in
 if test "x$ac_cv_func_DSA_SIG_new" = xyes
 then :
 
-      as_ac_Type=`printf "%s\n" "ac_cv_type_DSA_SIG*" | sed "$as_sed_sh"`
+      as_ac_Type=`printf "%s\n" "ac_cv_type_DSA_SIG*" | $as_tr_sh`
 ac_fn_c_check_type "$LINENO" "DSA_SIG*" "$as_ac_Type" "
 $ac_includes_default
 #ifdef HAVE_OPENSSL_ERR_H
@@ -22067,17 +22280,15 @@ then :
 printf "%s\n" "#define USE_DSA 1" >>confdefs.h
 
 
-else case e in #(
-  e) if test "x$enable_dsa" = "xyes"; then as_fn_error $? "OpenSSL does not support DSA and you used --enable-dsa." "$LINENO" 5
-               fi  ;;
-esac
+else $as_nop
+  if test "x$enable_dsa" = "xyes"; then as_fn_error $? "OpenSSL does not support DSA and you used --enable-dsa." "$LINENO" 5
+               fi
 fi
 
 
-else case e in #(
-  e) if test "x$enable_dsa" = "xyes"; then as_fn_error $? "OpenSSL does not support DSA and you used --enable-dsa." "$LINENO" 5
-               fi  ;;
-esac
+else $as_nop
+  if test "x$enable_dsa" = "xyes"; then as_fn_error $? "OpenSSL does not support DSA and you used --enable-dsa." "$LINENO" 5
+               fi
 fi
 
       else
@@ -22124,9 +22335,8 @@ case "$enable_ed25519" in
 if test "x$ac_cv_have_decl_NID_ED25519" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_NID_ED25519 $ac_have_decl" >>confdefs.h
 if test $ac_have_decl = 1
@@ -22134,10 +22344,9 @@ then :
 
       		use_ed25519="yes"
 
-else case e in #(
-  e)  if test "x$enable_ed25519" = "xyes"; then as_fn_error $? "OpenSSL does not support ED25519 and you used --enable-ed25519." "$LINENO" 5
-	      	fi  ;;
-esac
+else $as_nop
+   if test "x$enable_ed25519" = "xyes"; then as_fn_error $? "OpenSSL does not support ED25519 and you used --enable-ed25519." "$LINENO" 5
+	      	fi
 fi
 
       fi
@@ -22181,9 +22390,8 @@ case "$enable_ed448" in
 if test "x$ac_cv_have_decl_NID_ED448" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_NID_ED448 $ac_have_decl" >>confdefs.h
 if test $ac_have_decl = 1
@@ -22191,10 +22399,9 @@ then :
 
       		use_ed448="yes"
 
-else case e in #(
-  e)  if test "x$enable_ed448" = "xyes"; then as_fn_error $? "OpenSSL does not support ED448 and you used --enable-ed448." "$LINENO" 5
-	      	fi  ;;
-esac
+else $as_nop
+   if test "x$enable_ed448" = "xyes"; then as_fn_error $? "OpenSSL does not support ED448 and you used --enable-ed448." "$LINENO" 5
+	      	fi
 fi
 
       fi
@@ -22240,9 +22447,8 @@ if test "x$ac_cv_have_decl_MSG_FASTOPEN" = xyes
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&5
 printf "%s\n" "$as_me: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&2;}
-else case e in #(
-  e) as_fn_error $? "TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client" "$LINENO" 5 ;;
-esac
+else $as_nop
+  as_fn_error $? "TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client" "$LINENO" 5
 fi
 
 printf "%s\n" "#define USE_MSG_FASTOPEN 1" >>confdefs.h
@@ -22256,9 +22462,8 @@ if test "x$ac_cv_have_decl_CONNECT_RESUME_ON_READ_WRITE" = xyes
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&5
 printf "%s\n" "$as_me: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&2;}
-else case e in #(
-  e) as_fn_error $? "TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client" "$LINENO" 5 ;;
-esac
+else $as_nop
+  as_fn_error $? "TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client" "$LINENO" 5
 fi
 
 printf "%s\n" "#define USE_OSX_MSG_FASTOPEN 1" >>confdefs.h
@@ -22286,9 +22491,8 @@ if test "x$ac_cv_have_decl_TCP_FASTOPEN" = xyes
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO" >&5
 printf "%s\n" "$as_me: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO" >&2;}
-else case e in #(
-  e) as_fn_error $? "TCP Fast Open is not available for server mode: please rerun without --enable-tfo-server" "$LINENO" 5 ;;
-esac
+else $as_nop
+  as_fn_error $? "TCP Fast Open is not available for server mode: please rerun without --enable-tfo-server" "$LINENO" 5
 fi
 
 printf "%s\n" "#define USE_TCP_FASTOPEN 1" >>confdefs.h
@@ -22304,9 +22508,8 @@ esac
 if test ${with_libevent+y}
 then :
   withval=$with_libevent;
-else case e in #(
-  e)  with_libevent="no"  ;;
-esac
+else $as_nop
+   with_libevent="no"
 fi
 
 if test "x_$with_libevent" != x_no; then
@@ -22385,21 +22588,15 @@ printf %s "checking for library containing clock_gettime... " >&6; }
 if test ${ac_cv_search_clock_gettime+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_func_search_save_LIBS=$LIBS
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char clock_gettime (void);
+   builtin and then its argument prototype would still apply.  */
+char clock_gettime ();
 int
 main (void)
 {
@@ -22430,13 +22627,11 @@ done
 if test ${ac_cv_search_clock_gettime+y}
 then :
 
-else case e in #(
-  e) ac_cv_search_clock_gettime=no ;;
-esac
+else $as_nop
+  ac_cv_search_clock_gettime=no
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS ;;
-esac
+LIBS=$ac_func_search_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5
 printf "%s\n" "$ac_cv_search_clock_gettime" >&6; }
@@ -22469,21 +22664,15 @@ printf %s "checking for library containing event_set... " >&6; }
 if test ${ac_cv_search_event_set+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_func_search_save_LIBS=$LIBS
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char event_set (void);
+   builtin and then its argument prototype would still apply.  */
+char event_set ();
 int
 main (void)
 {
@@ -22514,13 +22703,11 @@ done
 if test ${ac_cv_search_event_set+y}
 then :
 
-else case e in #(
-  e) ac_cv_search_event_set=no ;;
-esac
+else $as_nop
+  ac_cv_search_event_set=no
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS ;;
-esac
+LIBS=$ac_func_search_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_event_set" >&5
 printf "%s\n" "$ac_cv_search_event_set" >&6; }
@@ -22532,28 +22719,22 @@ then :
 fi
 
 
-else case e in #(
-  e)
+else $as_nop
+
 		{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing event_set" >&5
 printf %s "checking for library containing event_set... " >&6; }
 if test ${ac_cv_search_event_set+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_func_search_save_LIBS=$LIBS
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char event_set (void);
+   builtin and then its argument prototype would still apply.  */
+char event_set ();
 int
 main (void)
 {
@@ -22584,13 +22765,11 @@ done
 if test ${ac_cv_search_event_set+y}
 then :
 
-else case e in #(
-  e) ac_cv_search_event_set=no ;;
-esac
+else $as_nop
+  ac_cv_search_event_set=no
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS ;;
-esac
+LIBS=$ac_func_search_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_event_set" >&5
 printf "%s\n" "$ac_cv_search_event_set" >&6; }
@@ -22601,8 +22780,7 @@ then :
 
 fi
 
-	 ;;
-esac
+
 fi
 	ac_fn_c_check_func "$LINENO" "event_base_free" "ac_cv_func_event_base_free"
 if test "x$ac_cv_func_event_base_free" = xyes
@@ -22664,9 +22842,8 @@ fi
 if test "x$ac_cv_have_decl_evsignal_assign" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_EVSIGNAL_ASSIGN $ac_have_decl" >>confdefs.h
 
@@ -22687,9 +22864,8 @@ fi
 if test ${with_libexpat+y}
 then :
   withval=$with_libexpat;
-else case e in #(
-  e)  withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr"  ;;
-esac
+else $as_nop
+   withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr"
 fi
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libexpat" >&5
@@ -22725,9 +22901,8 @@ ac_fn_check_decl "$LINENO" "XML_StopParser" "ac_cv_have_decl_XML_StopParser" "$a
 if test "x$ac_cv_have_decl_XML_StopParser" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_XML_STOPPARSER $ac_have_decl" >>confdefs.h
 
@@ -22738,9 +22913,8 @@ printf "%s\n" "#define HAVE_DECL_XML_STOPPARSER $ac_have_decl" >>confdefs.h
 if test ${with_libhiredis+y}
 then :
   withval=$with_libhiredis;
-else case e in #(
-  e)  withval="no"  ;;
-esac
+else $as_nop
+   withval="no"
 fi
 
 found_libhiredis="no"
@@ -22784,9 +22958,8 @@ fi
 if test "x$ac_cv_have_decl_redisConnect" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_REDISCONNECT $ac_have_decl" >>confdefs.h
 
@@ -22798,9 +22971,8 @@ fi
 if test ${with_libnghttp2+y}
 then :
   withval=$with_libnghttp2;
-else case e in #(
-  e)  withval="no"  ;;
-esac
+else $as_nop
+   withval="no"
 fi
 
 found_libnghttp2="no"
@@ -22844,9 +23016,8 @@ fi
 if test "x$ac_cv_have_decl_nghttp2_session_server_new" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_NGHTTP2_SESSION_SERVER_NEW $ac_have_decl" >>confdefs.h
 
@@ -22858,9 +23029,8 @@ fi
 if test ${with_libngtcp2+y}
 then :
   withval=$with_libngtcp2;
-else case e in #(
-  e)  withval="no"  ;;
-esac
+else $as_nop
+   withval="no"
 fi
 
 found_libngtcp2="no"
@@ -22896,6 +23066,13 @@ then :
   printf "%s\n" "#define HAVE_NGTCP2_NGTCP2_H 1" >>confdefs.h
 
 fi
+ac_fn_c_check_header_compile "$LINENO" "ngtcp2/ngtcp2_crypto_ossl.h" "ac_cv_header_ngtcp2_ngtcp2_crypto_ossl_h" "$ac_includes_default
+"
+if test "x$ac_cv_header_ngtcp2_ngtcp2_crypto_ossl_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_NGTCP2_NGTCP2_CRYPTO_OSSL_H 1" >>confdefs.h
+
+fi
 ac_fn_c_check_header_compile "$LINENO" "ngtcp2/ngtcp2_crypto_openssl.h" "ac_cv_header_ngtcp2_ngtcp2_crypto_openssl_h" "$ac_includes_default
 "
 if test "x$ac_cv_header_ngtcp2_ngtcp2_crypto_openssl_h" = xyes
@@ -22918,9 +23095,8 @@ fi
 if test "x$ac_cv_have_decl_ngtcp2_conn_server_new" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_NGTCP2_CONN_SERVER_NEW $ac_have_decl" >>confdefs.h
 
@@ -22931,33 +23107,71 @@ printf "%s\n" "#define HAVE_DECL_NGTCP2_CONN_SERVER_NEW $ac_have_decl" >>confdef
 if test "x$ac_cv_have_decl_ngtcp2_crypto_encrypt_cb" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_NGTCP2_CRYPTO_ENCRYPT_CB $ac_have_decl" >>confdefs.h
 
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_openssl" >&5
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_ossl" >&5
+printf %s "checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_ossl... " >&6; }
+if test ${ac_cv_lib_ngtcp2_crypto_ossl_ngtcp2_crypto_encrypt_cb+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lngtcp2_crypto_ossl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char ngtcp2_crypto_encrypt_cb ();
+int
+main (void)
+{
+return ngtcp2_crypto_encrypt_cb ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_ngtcp2_crypto_ossl_ngtcp2_crypto_encrypt_cb=yes
+else $as_nop
+  ac_cv_lib_ngtcp2_crypto_ossl_ngtcp2_crypto_encrypt_cb=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ngtcp2_crypto_ossl_ngtcp2_crypto_encrypt_cb" >&5
+printf "%s\n" "$ac_cv_lib_ngtcp2_crypto_ossl_ngtcp2_crypto_encrypt_cb" >&6; }
+if test "x$ac_cv_lib_ngtcp2_crypto_ossl_ngtcp2_crypto_encrypt_cb" = xyes
+then :
+
+	LIBS="$LIBS -lngtcp2_crypto_ossl"
+
+printf "%s\n" "#define USE_NGTCP2_CRYPTO_OSSL 1" >>confdefs.h
+
+
+else $as_nop
+
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_openssl" >&5
 printf %s "checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_openssl... " >&6; }
 if test ${ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_encrypt_cb+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_check_lib_save_LIBS=$LIBS
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
 LIBS="-lngtcp2_crypto_openssl  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char ngtcp2_crypto_encrypt_cb (void);
+   builtin and then its argument prototype would still apply.  */
+char ngtcp2_crypto_encrypt_cb ();
 int
 main (void)
 {
@@ -22969,43 +23183,35 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_encrypt_cb=yes
-else case e in #(
-  e) ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_encrypt_cb=no ;;
-esac
+else $as_nop
+  ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_encrypt_cb=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS ;;
-esac
+LIBS=$ac_check_lib_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_encrypt_cb" >&5
 printf "%s\n" "$ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_encrypt_cb" >&6; }
 if test "x$ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_encrypt_cb" = xyes
 then :
    LIBS="$LIBS -lngtcp2_crypto_openssl"
-fi
+else $as_nop
 
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_quictls" >&5
+            { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_quictls" >&5
 printf %s "checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_quictls... " >&6; }
 if test ${ac_cv_lib_ngtcp2_crypto_quictls_ngtcp2_crypto_encrypt_cb+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_check_lib_save_LIBS=$LIBS
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
 LIBS="-lngtcp2_crypto_quictls  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char ngtcp2_crypto_encrypt_cb (void);
+   builtin and then its argument prototype would still apply.  */
+char ngtcp2_crypto_encrypt_cb ();
 int
 main (void)
 {
@@ -23017,14 +23223,12 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_ngtcp2_crypto_quictls_ngtcp2_crypto_encrypt_cb=yes
-else case e in #(
-  e) ac_cv_lib_ngtcp2_crypto_quictls_ngtcp2_crypto_encrypt_cb=no ;;
-esac
+else $as_nop
+  ac_cv_lib_ngtcp2_crypto_quictls_ngtcp2_crypto_encrypt_cb=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS ;;
-esac
+LIBS=$ac_check_lib_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ngtcp2_crypto_quictls_ngtcp2_crypto_encrypt_cb" >&5
 printf "%s\n" "$ac_cv_lib_ngtcp2_crypto_quictls_ngtcp2_crypto_encrypt_cb" >&6; }
@@ -23033,6 +23237,12 @@ then :
    LIBS="$LIBS -lngtcp2_crypto_quictls"
 fi
 
+
+fi
+
+
+fi
+
     ac_fn_c_check_func "$LINENO" "ngtcp2_crypto_encrypt_cb" "ac_cv_func_ngtcp2_crypto_encrypt_cb"
 if test "x$ac_cv_func_ngtcp2_crypto_encrypt_cb" = xyes
 then :
@@ -23081,6 +23291,12 @@ then :
   printf "%s\n" "#define HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT 1" >>confdefs.h
 
 fi
+ac_fn_c_check_func "$LINENO" "ngtcp2_crypto_quictls_init" "ac_cv_func_ngtcp2_crypto_quictls_init"
+if test "x$ac_cv_func_ngtcp2_crypto_quictls_init" = xyes
+then :
+  printf "%s\n" "#define HAVE_NGTCP2_CRYPTO_QUICTLS_INIT 1" >>confdefs.h
+
+fi
 ac_fn_c_check_func "$LINENO" "ngtcp2_conn_get_num_scid" "ac_cv_func_ngtcp2_conn_get_num_scid"
 if test "x$ac_cv_func_ngtcp2_conn_get_num_scid" = xyes
 then :
@@ -23101,6 +23317,10 @@ then :
 fi
 
 
+    # these check_funcs need -lssl
+    BAKLIBS="$LIBS"
+    LIBS="-lssl $LIBS"
+
   for ac_func in SSL_is_quic
 do :
   ac_fn_c_check_func "$LINENO" "SSL_is_quic" "ac_cv_func_SSL_is_quic"
@@ -23108,12 +23328,13 @@ if test "x$ac_cv_func_SSL_is_quic" = xyes
 then :
   printf "%s\n" "#define HAVE_SSL_IS_QUIC 1" >>confdefs.h
 
-else case e in #(
-  e) as_fn_error $? "No QUIC support detected in OpenSSL. Need OpenSSL version with QUIC support to enable DNS over QUIC with libngtcp2." "$LINENO" 5 ;;
-esac
+else $as_nop
+  as_fn_error $? "No QUIC support detected in OpenSSL. Need OpenSSL version with QUIC support to enable DNS over QUIC with libngtcp2." "$LINENO" 5
 fi
 
 done
+    LIBS="$BAKLIBS"
+
     ac_fn_c_check_type "$LINENO" "struct ngtcp2_version_cid" "ac_cv_type_struct_ngtcp2_version_cid" "$ac_includes_default
     #include <ngtcp2/ngtcp2.h>
 
@@ -23209,12 +23430,11 @@ printf "%s\n" "yes" >&6; }
 printf "%s\n" "#define HAVE_NGTCP2_CONN_SHUTDOWN_STREAM4 1" >>confdefs.h
 
 
-else case e in #(
-  e)
+else $as_nop
+
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-     ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 
@@ -23244,22 +23464,16 @@ printf %s "checking for compress in -lz... " >&6; }
 if test ${ac_cv_lib_z_compress+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_check_lib_save_LIBS=$LIBS
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
 LIBS="-lz  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char compress (void);
+   builtin and then its argument prototype would still apply.  */
+char compress ();
 int
 main (void)
 {
@@ -23271,14 +23485,12 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_z_compress=yes
-else case e in #(
-  e) ac_cv_lib_z_compress=no ;;
-esac
+else $as_nop
+  ac_cv_lib_z_compress=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS ;;
-esac
+LIBS=$ac_check_lib_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_compress" >&5
 printf "%s\n" "$ac_cv_lib_z_compress" >&6; }
@@ -23316,22 +23528,16 @@ printf %s "checking for compress in -lz... " >&6; }
 if test ${ac_cv_lib_z_compress+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_check_lib_save_LIBS=$LIBS
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
 LIBS="-lz  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char compress (void);
+   builtin and then its argument prototype would still apply.  */
+char compress ();
 int
 main (void)
 {
@@ -23343,14 +23549,12 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_z_compress=yes
-else case e in #(
-  e) ac_cv_lib_z_compress=no ;;
-esac
+else $as_nop
+  ac_cv_lib_z_compress=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS ;;
-esac
+LIBS=$ac_check_lib_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_compress" >&5
 printf "%s\n" "$ac_cv_lib_z_compress" >&6; }
@@ -23419,8 +23623,8 @@ printf "%s\n" "#define USE_WINSOCK 1" >>confdefs.h
 	fi
 fi
 
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #ifdef HAVE_WS2TCPIP_H
@@ -23447,8 +23651,8 @@ printf "%s\n" "#define USE_WINSOCK 1" >>confdefs.h
 
 USE_WINSOCK="1"
 
-else case e in #(
-  e) ORIGLIBS="$LIBS"
+else $as_nop
+  ORIGLIBS="$LIBS"
 LIBS="$LIBS -lws2_32"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -23477,22 +23681,19 @@ printf "%s\n" "#define USE_WINSOCK 1" >>confdefs.h
 
 USE_WINSOCK="1"
 
-else case e in #(
-  e)
+else $as_nop
+
 ac_cv_func_getaddrinfo="no"
 LIBS="$ORIGLIBS"
- ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
- ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
- ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -23527,8 +23728,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_WINDRES+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$WINDRES"; then
+else $as_nop
+  if test -n "$WINDRES"; then
   ac_cv_prog_WINDRES="$WINDRES" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -23550,8 +23751,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 WINDRES=$ac_cv_prog_WINDRES
 if test -n "$WINDRES"; then
@@ -23573,8 +23773,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_WINDRES+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) if test -n "$ac_ct_WINDRES"; then
+else $as_nop
+  if test -n "$ac_ct_WINDRES"; then
   ac_cv_prog_ac_ct_WINDRES="$ac_ct_WINDRES" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -23596,8 +23796,7 @@ done
   done
 IFS=$as_save_IFS
 
-fi ;;
-esac
+fi
 fi
 ac_ct_WINDRES=$ac_cv_prog_ac_ct_WINDRES
 if test -n "$ac_ct_WINDRES"; then
@@ -23687,10 +23886,9 @@ printf "%s\n" "yes" >&6; }
 printf "%s\n" "#define HAVE_IOCTLSOCKET 1" >>confdefs.h
 
 
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; } ;;
-esac
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -23713,8 +23911,8 @@ cache=`echo daemon | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_cc_deprecated_$cache+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e)
+else $as_nop
+
 echo '
 #include <stdlib.h>
 #include <unistd.h>
@@ -23726,8 +23924,7 @@ else
 eval "cv_cc_deprecated_$cache=yes"
 fi
 rm -f conftest conftest.o conftest.c
- ;;
-esac
+
 fi
 
 if eval "test \"`echo '$cv_cc_deprecated_'$cache`\" = yes"; then
@@ -23834,10 +24031,9 @@ printf "%s\n" "yes" >&6; }
 
 printf "%s\n" "#define HAVE_HTOBE64 1" >>confdefs.h
 
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; } ;;
-esac
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -23870,10 +24066,9 @@ printf "%s\n" "yes" >&6; }
 
 printf "%s\n" "#define HAVE_BE64TOH 1" >>confdefs.h
 
-else case e in #(
-  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; } ;;
-esac
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -23883,21 +24078,15 @@ printf %s "checking for library containing setusercontext... " >&6; }
 if test ${ac_cv_search_setusercontext+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_func_search_save_LIBS=$LIBS
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char setusercontext (void);
+   builtin and then its argument prototype would still apply.  */
+char setusercontext ();
 int
 main (void)
 {
@@ -23928,13 +24117,11 @@ done
 if test ${ac_cv_search_setusercontext+y}
 then :
 
-else case e in #(
-  e) ac_cv_search_setusercontext=no ;;
-esac
+else $as_nop
+  ac_cv_search_setusercontext=no
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS ;;
-esac
+LIBS=$ac_func_search_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_setusercontext" >&5
 printf "%s\n" "$ac_cv_search_setusercontext" >&6; }
@@ -24158,15 +24345,14 @@ if test "x$ac_cv_func_setresuid" = xyes
 then :
   printf "%s\n" "#define HAVE_SETRESUID 1" >>confdefs.h
 
-else case e in #(
-  e) ac_fn_c_check_func "$LINENO" "setreuid" "ac_cv_func_setreuid"
+else $as_nop
+  ac_fn_c_check_func "$LINENO" "setreuid" "ac_cv_func_setreuid"
 if test "x$ac_cv_func_setreuid" = xyes
 then :
   printf "%s\n" "#define HAVE_SETREUID 1" >>confdefs.h
 
 fi
- ;;
-esac
+
 fi
 
 done
@@ -24178,15 +24364,14 @@ if test "x$ac_cv_func_setresgid" = xyes
 then :
   printf "%s\n" "#define HAVE_SETRESGID 1" >>confdefs.h
 
-else case e in #(
-  e) ac_fn_c_check_func "$LINENO" "setregid" "ac_cv_func_setregid"
+else $as_nop
+  ac_fn_c_check_func "$LINENO" "setregid" "ac_cv_func_setregid"
 if test "x$ac_cv_func_setregid" = xyes
 then :
   printf "%s\n" "#define HAVE_SETREGID 1" >>confdefs.h
 
 fi
- ;;
-esac
+
 fi
 
 done
@@ -24230,12 +24415,11 @@ printf "%s\n" "yes" >&6; }
 printf "%s\n" "#define HAVE_LINK_ATOMIC_STORE 1" >>confdefs.h
 
 
-else case e in #(
-  e)
+else $as_nop
+
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
- ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -24266,9 +24450,8 @@ $ac_includes_default
 if test "x$ac_cv_have_decl_inet_pton" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_INET_PTON $ac_have_decl" >>confdefs.h
 ac_fn_check_decl "$LINENO" "inet_ntop" "ac_cv_have_decl_inet_ntop" "
@@ -24297,9 +24480,8 @@ $ac_includes_default
 if test "x$ac_cv_have_decl_inet_ntop" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_INET_NTOP $ac_have_decl" >>confdefs.h
 
@@ -24308,14 +24490,13 @@ if test "x$ac_cv_func_inet_aton" = xyes
 then :
   printf "%s\n" "#define HAVE_INET_ATON 1" >>confdefs.h
 
-else case e in #(
-  e) case " $LIBOBJS " in
+else $as_nop
+  case " $LIBOBJS " in
   *" inet_aton.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS inet_aton.$ac_objext"
  ;;
 esac
- ;;
-esac
+
 fi
 
 ac_fn_c_check_func "$LINENO" "inet_pton" "ac_cv_func_inet_pton"
@@ -24323,14 +24504,13 @@ if test "x$ac_cv_func_inet_pton" = xyes
 then :
   printf "%s\n" "#define HAVE_INET_PTON 1" >>confdefs.h
 
-else case e in #(
-  e) case " $LIBOBJS " in
+else $as_nop
+  case " $LIBOBJS " in
   *" inet_pton.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS inet_pton.$ac_objext"
  ;;
 esac
- ;;
-esac
+
 fi
 
 ac_fn_c_check_func "$LINENO" "inet_ntop" "ac_cv_func_inet_ntop"
@@ -24338,14 +24518,13 @@ if test "x$ac_cv_func_inet_ntop" = xyes
 then :
   printf "%s\n" "#define HAVE_INET_NTOP 1" >>confdefs.h
 
-else case e in #(
-  e) case " $LIBOBJS " in
+else $as_nop
+  case " $LIBOBJS " in
   *" inet_ntop.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS inet_ntop.$ac_objext"
  ;;
 esac
- ;;
-esac
+
 fi
 
 ac_fn_c_check_func "$LINENO" "snprintf" "ac_cv_func_snprintf"
@@ -24353,14 +24532,13 @@ if test "x$ac_cv_func_snprintf" = xyes
 then :
   printf "%s\n" "#define HAVE_SNPRINTF 1" >>confdefs.h
 
-else case e in #(
-  e) case " $LIBOBJS " in
+else $as_nop
+  case " $LIBOBJS " in
   *" snprintf.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS snprintf.$ac_objext"
  ;;
 esac
- ;;
-esac
+
 fi
 
 # test if snprintf return the proper length
@@ -24372,8 +24550,8 @@ printf %s "checking for correct snprintf return value... " >&6; }
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: maybe" >&5
 printf "%s\n" "maybe" >&6; }
-else case e in #(
-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $ac_includes_default
 
@@ -24384,8 +24562,8 @@ if ac_fn_c_try_run "$LINENO"
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
-else case e in #(
-  e)
+else $as_nop
+
 		{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 
@@ -24397,12 +24575,10 @@ printf "%s\n" "#define SNPRINTF_RET_BROKEN /**/" >>confdefs.h
  ;;
 esac
 
-	   ;;
-esac
+
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
-esac
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
     fi
@@ -24412,14 +24588,13 @@ if test "x$ac_cv_func_strlcat" = xyes
 then :
   printf "%s\n" "#define HAVE_STRLCAT 1" >>confdefs.h
 
-else case e in #(
-  e) case " $LIBOBJS " in
+else $as_nop
+  case " $LIBOBJS " in
   *" strlcat.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS strlcat.$ac_objext"
  ;;
 esac
- ;;
-esac
+
 fi
 
 ac_fn_c_check_func "$LINENO" "strlcpy" "ac_cv_func_strlcpy"
@@ -24427,14 +24602,13 @@ if test "x$ac_cv_func_strlcpy" = xyes
 then :
   printf "%s\n" "#define HAVE_STRLCPY 1" >>confdefs.h
 
-else case e in #(
-  e) case " $LIBOBJS " in
+else $as_nop
+  case " $LIBOBJS " in
   *" strlcpy.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS strlcpy.$ac_objext"
  ;;
 esac
- ;;
-esac
+
 fi
 
 ac_fn_c_check_func "$LINENO" "memmove" "ac_cv_func_memmove"
@@ -24442,14 +24616,13 @@ if test "x$ac_cv_func_memmove" = xyes
 then :
   printf "%s\n" "#define HAVE_MEMMOVE 1" >>confdefs.h
 
-else case e in #(
-  e) case " $LIBOBJS " in
+else $as_nop
+  case " $LIBOBJS " in
   *" memmove.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS memmove.$ac_objext"
  ;;
 esac
- ;;
-esac
+
 fi
 
 ac_fn_c_check_func "$LINENO" "gmtime_r" "ac_cv_func_gmtime_r"
@@ -24457,14 +24630,13 @@ if test "x$ac_cv_func_gmtime_r" = xyes
 then :
   printf "%s\n" "#define HAVE_GMTIME_R 1" >>confdefs.h
 
-else case e in #(
-  e) case " $LIBOBJS " in
+else $as_nop
+  case " $LIBOBJS " in
   *" gmtime_r.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS gmtime_r.$ac_objext"
  ;;
 esac
- ;;
-esac
+
 fi
 
 ac_fn_c_check_func "$LINENO" "isblank" "ac_cv_func_isblank"
@@ -24472,14 +24644,13 @@ if test "x$ac_cv_func_isblank" = xyes
 then :
   printf "%s\n" "#define HAVE_ISBLANK 1" >>confdefs.h
 
-else case e in #(
-  e) case " $LIBOBJS " in
+else $as_nop
+  case " $LIBOBJS " in
   *" isblank.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS isblank.$ac_objext"
  ;;
 esac
- ;;
-esac
+
 fi
 
 ac_fn_c_check_func "$LINENO" "explicit_bzero" "ac_cv_func_explicit_bzero"
@@ -24487,14 +24658,13 @@ if test "x$ac_cv_func_explicit_bzero" = xyes
 then :
   printf "%s\n" "#define HAVE_EXPLICIT_BZERO 1" >>confdefs.h
 
-else case e in #(
-  e) case " $LIBOBJS " in
+else $as_nop
+  case " $LIBOBJS " in
   *" explicit_bzero.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS explicit_bzero.$ac_objext"
  ;;
 esac
- ;;
-esac
+
 fi
 
 LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS"
@@ -24524,8 +24694,8 @@ printf "%s\n" "yes" >&6; }
 printf "%s\n" "#define HAVE_REALLOCARRAY 1" >>confdefs.h
 
 
-else case e in #(
-  e)
+else $as_nop
+
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 	case " $LIBOBJS " in
@@ -24534,8 +24704,7 @@ printf "%s\n" "no" >&6; }
  ;;
 esac
 
- ;;
-esac
+
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -24543,9 +24712,8 @@ ac_fn_check_decl "$LINENO" "reallocarray" "ac_cv_have_decl_reallocarray" "$ac_in
 if test "x$ac_cv_have_decl_reallocarray" = xyes
 then :
   ac_have_decl=1
-else case e in #(
-  e) ac_have_decl=0 ;;
-esac
+else $as_nop
+  ac_have_decl=0
 fi
 printf "%s\n" "#define HAVE_DECL_REALLOCARRAY $ac_have_decl" >>confdefs.h
 
@@ -24555,14 +24723,13 @@ if test "x$ac_cv_func_arc4random" = xyes
 then :
   printf "%s\n" "#define HAVE_ARC4RANDOM 1" >>confdefs.h
 
-else case e in #(
-  e) case " $LIBOBJS " in
+else $as_nop
+  case " $LIBOBJS " in
   *" arc4random.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS arc4random.$ac_objext"
  ;;
 esac
- ;;
-esac
+
 fi
 
 	ac_fn_c_check_func "$LINENO" "arc4random_uniform" "ac_cv_func_arc4random_uniform"
@@ -24570,14 +24737,13 @@ if test "x$ac_cv_func_arc4random_uniform" = xyes
 then :
   printf "%s\n" "#define HAVE_ARC4RANDOM_UNIFORM 1" >>confdefs.h
 
-else case e in #(
-  e) case " $LIBOBJS " in
+else $as_nop
+  case " $LIBOBJS " in
   *" arc4random_uniform.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS arc4random_uniform.$ac_objext"
  ;;
 esac
- ;;
-esac
+
 fi
 
 	if test "$ac_cv_func_arc4random" = "no"; then
@@ -24595,8 +24761,8 @@ if test "x$ac_cv_func_getentropy" = xyes
 then :
   printf "%s\n" "#define HAVE_GETENTROPY 1" >>confdefs.h
 
-else case e in #(
-  e)
+else $as_nop
+
 		    if test "$USE_WINSOCK" = 1; then
 			case " $LIBOBJS " in
   *" getentropy_win.$ac_objext "* ) ;;
@@ -24629,8 +24795,8 @@ if test "x$ac_cv_header_sys_sha2_h" = xyes
 then :
   printf "%s\n" "#define HAVE_SYS_SHA2_H 1" >>confdefs.h
 
-else case e in #(
-  e)
+else $as_nop
+
 
   for ac_func in SHA512_Update
 do :
@@ -24639,21 +24805,19 @@ if test "x$ac_cv_func_SHA512_Update" = xyes
 then :
   printf "%s\n" "#define HAVE_SHA512_UPDATE 1" >>confdefs.h
 
-else case e in #(
-  e)
+else $as_nop
+
 						case " $LIBOBJS " in
   *" sha512.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS sha512.$ac_objext"
  ;;
 esac
 
-					 ;;
-esac
+
 fi
 
 done
-				 ;;
-esac
+
 fi
 
 done
@@ -24666,21 +24830,15 @@ printf %s "checking for library containing clock_gettime... " >&6; }
 if test ${ac_cv_search_clock_gettime+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_func_search_save_LIBS=$LIBS
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char clock_gettime (void);
+   builtin and then its argument prototype would still apply.  */
+char clock_gettime ();
 int
 main (void)
 {
@@ -24711,13 +24869,11 @@ done
 if test ${ac_cv_search_clock_gettime+y}
 then :
 
-else case e in #(
-  e) ac_cv_search_clock_gettime=no ;;
-esac
+else $as_nop
+  ac_cv_search_clock_gettime=no
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS ;;
-esac
+LIBS=$ac_func_search_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5
 printf "%s\n" "$ac_cv_search_clock_gettime" >&6; }
@@ -24752,8 +24908,8 @@ if test "x$ac_cv_func_SHA512_Update" = xyes
 then :
   printf "%s\n" "#define HAVE_SHA512_UPDATE 1" >>confdefs.h
 
-else case e in #(
-  e)
+else $as_nop
+
 
 printf "%s\n" "#define COMPAT_SHA512 1" >>confdefs.h
 
@@ -24763,8 +24919,7 @@ printf "%s\n" "#define COMPAT_SHA512 1" >>confdefs.h
  ;;
 esac
 
-				 ;;
-esac
+
 fi
 
 done
@@ -24788,21 +24943,15 @@ printf %s "checking for library containing clock_gettime... " >&6; }
 if test ${ac_cv_search_clock_gettime+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_func_search_save_LIBS=$LIBS
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char clock_gettime (void);
+   builtin and then its argument prototype would still apply.  */
+char clock_gettime ();
 int
 main (void)
 {
@@ -24833,13 +24982,11 @@ done
 if test ${ac_cv_search_clock_gettime+y}
 then :
 
-else case e in #(
-  e) ac_cv_search_clock_gettime=no ;;
-esac
+else $as_nop
+  ac_cv_search_clock_gettime=no
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS ;;
-esac
+LIBS=$ac_func_search_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5
 printf "%s\n" "$ac_cv_search_clock_gettime" >&6; }
@@ -24853,8 +25000,7 @@ fi
 			;;
 			esac
 		    fi
-		 ;;
-esac
+
 fi
 
 done
@@ -24867,14 +25013,13 @@ if test "x$ac_cv_func_ctime_r" = xyes
 then :
   printf "%s\n" "#define HAVE_CTIME_R 1" >>confdefs.h
 
-else case e in #(
-  e) case " $LIBOBJS " in
+else $as_nop
+  case " $LIBOBJS " in
   *" ctime_r.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS ctime_r.$ac_objext"
  ;;
 esac
- ;;
-esac
+
 fi
 
 ac_fn_c_check_func "$LINENO" "strsep" "ac_cv_func_strsep"
@@ -24882,14 +25027,13 @@ if test "x$ac_cv_func_strsep" = xyes
 then :
   printf "%s\n" "#define HAVE_STRSEP 1" >>confdefs.h
 
-else case e in #(
-  e) case " $LIBOBJS " in
+else $as_nop
+  case " $LIBOBJS " in
   *" strsep.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS strsep.$ac_objext"
  ;;
 esac
- ;;
-esac
+
 fi
 
 
@@ -24940,9 +25084,8 @@ fi
 if test ${enable_dnstap+y}
 then :
   enableval=$enable_dnstap; opt_dnstap=$enableval
-else case e in #(
-  e) opt_dnstap=no ;;
-esac
+else $as_nop
+  opt_dnstap=no
 fi
 
 
@@ -24951,22 +25094,69 @@ fi
 if test ${with_dnstap_socket_path+y}
 then :
   withval=$with_dnstap_socket_path; opt_dnstap_socket_path=$withval
-else case e in #(
-  e) opt_dnstap_socket_path="$UNBOUND_RUN_DIR/dnstap.sock" ;;
-esac
+else $as_nop
+  opt_dnstap_socket_path="$UNBOUND_RUN_DIR/dnstap.sock"
 fi
 
 
     if test "x$opt_dnstap" != "xno"; then
-        # Extract the first word of "protoc-c", so it can be a program name with args.
+	# Extract the first word of "protoc", so it can be a program name with args.
+set dummy protoc; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PROTOC+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $PROTOC in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PROTOC="$PROTOC" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_PROTOC="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PROTOC=$ac_cv_path_PROTOC
+if test -n "$PROTOC"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PROTOC" >&5
+printf "%s\n" "$PROTOC" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+	# 'protoc-c' is deprecated. We use 'protoc' instead. If it can not be
+	# found, try 'protoc-c'.
+	if test -z "$PROTOC"; then
+	    # Extract the first word of "protoc-c", so it can be a program name with args.
 set dummy protoc-c; ac_word=$2
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
 printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_path_PROTOC_C+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) case $PROTOC_C in
+else $as_nop
+  case $PROTOC_C in
   [\\/]* | ?:[\\/]*)
   ac_cv_path_PROTOC_C="$PROTOC_C" # Let the user override the test with a path.
   ;;
@@ -24991,7 +25181,6 @@ done
 IFS=$as_save_IFS
 
   ;;
-esac ;;
 esac
 fi
 PROTOC_C=$ac_cv_path_PROTOC_C
@@ -25004,9 +25193,83 @@ printf "%s\n" "no" >&6; }
 fi
 
 
-        if test -z "$PROTOC_C"; then
-          as_fn_error $? "The protoc-c program was not found. Please install protobuf-c!" "$LINENO" 5
-        fi
+	else
+	    PROTOC_C="$PROTOC"
+	fi
+	if test -z "$PROTOC_C"; then
+	  as_fn_error $? "The protoc or protoc-c program was not found. It is needed for dnstap, use --disable-dnstap, or install protobuf-c to provide protoc or protoc-c" "$LINENO" 5
+	fi
+
+	# Check for protoc-gen-c plugin
+	# Extract the first word of "protoc-gen-c", so it can be a program name with args.
+set dummy protoc-gen-c; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PROTOC_GEN_C+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $PROTOC_GEN_C in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PROTOC_GEN_C="$PROTOC_GEN_C" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_PROTOC_GEN_C="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PROTOC_GEN_C=$ac_cv_path_PROTOC_GEN_C
+if test -n "$PROTOC_GEN_C"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PROTOC_GEN_C" >&5
+printf "%s\n" "$PROTOC_GEN_C" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+	if test -z "$PROTOC_GEN_C"; then
+	  as_fn_error $? "The protoc-gen-c plugin was not found. It is needed for dnstap, use --disable-dnstap, or install protobuf-c-compiler to provide protoc-gen-c" "$LINENO" 5
+	fi
+
+	# Test that protoc-gen-c actually works
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if protoc-gen-c plugin works" >&5
+printf %s "checking if protoc-gen-c plugin works... " >&6; }
+	cat > conftest.proto << EOF
+syntax = "proto2";
+message TestMessage {
+  optional string test_field = 1;
+}
+EOF
+	if $PROTOC_C --c_out=. conftest.proto >/dev/null 2>&1; then
+	  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+	  rm -f conftest.proto conftest.pb-c.c conftest.pb-c.h
+	else
+	  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+	  rm -f conftest.proto conftest.pb-c.c conftest.pb-c.h
+	  as_fn_error $? "The protoc-gen-c plugin is not working properly. Please ensure protobuf-c-compiler is properly installed" "$LINENO" 5
+	fi
+
 
 # Check whether --with-protobuf-c was given.
 if test ${with_protobuf_c+y}
@@ -25020,13 +25283,13 @@ then :
                 fi
                 LDFLAGS="$LDFLAGS -L$withval/lib"
 
-else case e in #(
-  e)
+else $as_nop
+
                 if test -n "$PKG_CONFIG"; then
 
 pkg_failed=no
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for PROTOBUFC" >&5
-printf %s "checking for PROTOBUFC... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libprotobuf-c" >&5
+printf %s "checking for libprotobuf-c... " >&6; }
 
 if test -n "$PROTOBUFC_CFLAGS"; then
     pkg_cv_PROTOBUFC_CFLAGS="$PROTOBUFC_CFLAGS"
@@ -25066,7 +25329,7 @@ fi
 
 
 if test $pkg_failed = yes; then
-   	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 
 if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
@@ -25075,12 +25338,12 @@ else
         _pkg_short_errors_supported=no
 fi
         if test $_pkg_short_errors_supported = yes; then
-	        PROTOBUFC_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libprotobuf-c" 2>&1`
+                PROTOBUFC_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libprotobuf-c" 2>&1`
         else
-	        PROTOBUFC_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libprotobuf-c" 2>&1`
+                PROTOBUFC_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libprotobuf-c" 2>&1`
         fi
-	# Put the nasty error message in config.log where it belongs
-	echo "$PROTOBUFC_PKG_ERRORS" >&5
+        # Put the nasty error message in config.log where it belongs
+        echo "$PROTOBUFC_PKG_ERRORS" >&5
 
 
                             # pkg-config failed; try falling back to known values
@@ -25098,7 +25361,7 @@ fi
 
 
 elif test $pkg_failed = untried; then
-     	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 
                             # pkg-config failed; try falling back to known values
@@ -25116,8 +25379,8 @@ printf "%s\n" "no" >&6; }
 
 
 else
-	PROTOBUFC_CFLAGS=$pkg_cv_PROTOBUFC_CFLAGS
-	PROTOBUFC_LIBS=$pkg_cv_PROTOBUFC_LIBS
+        PROTOBUFC_CFLAGS=$pkg_cv_PROTOBUFC_CFLAGS
+        PROTOBUFC_LIBS=$pkg_cv_PROTOBUFC_LIBS
         { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
@@ -25137,8 +25400,7 @@ fi
                     fi
                 fi
 
-         ;;
-esac
+
 fi
 
         { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing protobuf_c_message_pack" >&5
@@ -25146,21 +25408,15 @@ printf %s "checking for library containing protobuf_c_message_pack... " >&6; }
 if test ${ac_cv_search_protobuf_c_message_pack+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_func_search_save_LIBS=$LIBS
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char protobuf_c_message_pack (void);
+   builtin and then its argument prototype would still apply.  */
+char protobuf_c_message_pack ();
 int
 main (void)
 {
@@ -25191,13 +25447,11 @@ done
 if test ${ac_cv_search_protobuf_c_message_pack+y}
 then :
 
-else case e in #(
-  e) ac_cv_search_protobuf_c_message_pack=no ;;
-esac
+else $as_nop
+  ac_cv_search_protobuf_c_message_pack=no
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS ;;
-esac
+LIBS=$ac_func_search_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_protobuf_c_message_pack" >&5
 printf "%s\n" "$ac_cv_search_protobuf_c_message_pack" >&6; }
@@ -25206,9 +25460,8 @@ if test "$ac_res" != no
 then :
   test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
 
-else case e in #(
-  e) as_fn_error $? "The protobuf-c library was not found. Please install the development libraries for protobuf-c!" "$LINENO" 5 ;;
-esac
+else $as_nop
+  as_fn_error $? "The protobuf-c library was not found. Please install the development libraries for protobuf-c!" "$LINENO" 5
 fi
 
 
@@ -25248,9 +25501,8 @@ printf "%s\n" "#define DNSTAP_SOCKET_PATH \"$hdr_dnstap_socket_path\"" >>confdef
 if test ${enable_dnscrypt+y}
 then :
   enableval=$enable_dnscrypt; opt_dnscrypt=$enableval
-else case e in #(
-  e) opt_dnscrypt=no ;;
-esac
+else $as_nop
+  opt_dnscrypt=no
 fi
 
 
@@ -25270,21 +25522,15 @@ printf %s "checking for library containing sodium_init... " >&6; }
 if test ${ac_cv_search_sodium_init+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_func_search_save_LIBS=$LIBS
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char sodium_init (void);
+   builtin and then its argument prototype would still apply.  */
+char sodium_init ();
 int
 main (void)
 {
@@ -25315,13 +25561,11 @@ done
 if test ${ac_cv_search_sodium_init+y}
 then :
 
-else case e in #(
-  e) ac_cv_search_sodium_init=no ;;
-esac
+else $as_nop
+  ac_cv_search_sodium_init=no
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS ;;
-esac
+LIBS=$ac_func_search_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sodium_init" >&5
 printf "%s\n" "$ac_cv_search_sodium_init" >&6; }
@@ -25330,9 +25574,8 @@ if test "$ac_res" != no
 then :
   test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
 
-else case e in #(
-  e) as_fn_error $? "The sodium library was not found. Please install sodium!" "$LINENO" 5 ;;
-esac
+else $as_nop
+  as_fn_error $? "The sodium library was not found. Please install sodium!" "$LINENO" 5
 fi
 
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing crypto_box_curve25519xchacha20poly1305_beforenm" >&5
@@ -25340,21 +25583,15 @@ printf %s "checking for library containing crypto_box_curve25519xchacha20poly130
 if test ${ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_func_search_save_LIBS=$LIBS
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char crypto_box_curve25519xchacha20poly1305_beforenm (void);
+   builtin and then its argument prototype would still apply.  */
+char crypto_box_curve25519xchacha20poly1305_beforenm ();
 int
 main (void)
 {
@@ -25385,13 +25622,11 @@ done
 if test ${ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm+y}
 then :
 
-else case e in #(
-  e) ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm=no ;;
-esac
+else $as_nop
+  ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm=no
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS ;;
-esac
+LIBS=$ac_func_search_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm" >&5
 printf "%s\n" "$ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm" >&6; }
@@ -25406,12 +25641,11 @@ then :
 printf "%s\n" "#define USE_DNSCRYPT_XCHACHA20 1" >>confdefs.h
 
 
-else case e in #(
-  e)
+else $as_nop
+
             ENABLE_DNSCRYPT_XCHACHA20=0
 
-         ;;
-esac
+
 fi
 
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing sodium_set_misuse_handler" >&5
@@ -25419,21 +25653,15 @@ printf %s "checking for library containing sodium_set_misuse_handler... " >&6; }
 if test ${ac_cv_search_sodium_set_misuse_handler+y}
 then :
   printf %s "(cached) " >&6
-else case e in #(
-  e) ac_func_search_save_LIBS=$LIBS
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.
-   The 'extern "C"' is for builds by C++ compilers;
-   although this is not generally supported in C code supporting it here
-   has little cost and some practical benefit (sr 110532).  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char sodium_set_misuse_handler (void);
+   builtin and then its argument prototype would still apply.  */
+char sodium_set_misuse_handler ();
 int
 main (void)
 {
@@ -25464,13 +25692,11 @@ done
 if test ${ac_cv_search_sodium_set_misuse_handler+y}
 then :
 
-else case e in #(
-  e) ac_cv_search_sodium_set_misuse_handler=no ;;
-esac
+else $as_nop
+  ac_cv_search_sodium_set_misuse_handler=no
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS ;;
-esac
+LIBS=$ac_func_search_save_LIBS
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sodium_set_misuse_handler" >&5
 printf "%s\n" "$ac_cv_search_sodium_set_misuse_handler" >&6; }
@@ -25583,17 +25809,16 @@ if test "x$ac_cv_header_net_pfvar_h" = xyes
 then :
   printf "%s\n" "#define HAVE_NET_PFVAR_H 1" >>confdefs.h
 
-else case e in #(
-  e)
+else $as_nop
+
 		    # mnl
 
 # Check whether --with-libmnl was given.
 if test ${with_libmnl+y}
 then :
   withval=$with_libmnl;
-else case e in #(
-  e)  withval="yes"  ;;
-esac
+else $as_nop
+   withval="yes"
 fi
 
 		    found_libmnl="no"
@@ -25624,8 +25849,7 @@ printf "%s\n" "found in $dir" >&6; }
 		    if test x_$found_libmnl != x_yes; then
 			  as_fn_error $? "Could not find libmnl, libmnl.h" "$LINENO" 5
 		    fi
-		 ;;
-esac
+
 fi
 
 done
@@ -25823,7 +26047,7 @@ printf "%s\n" "#define MAXSYSLOGMSGLEN 10240" >>confdefs.h
 
 
 
-version=1.23.1
+version=1.24.1
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for build time" >&5
 printf %s "checking for build time... " >&6; }
@@ -25831,17 +26055,15 @@ ax_date_fmt="%b %e, %Y"
 if test x"$SOURCE_DATE_EPOCH" = x
 then :
   date=`date "+$ax_date_fmt"`
-else case e in #(
-  e) ax_build_date=`date -u -d "@$SOURCE_DATE_EPOCH" "+$ax_date_fmt" 2>/dev/null \
+else $as_nop
+  ax_build_date=`date -u -d "@$SOURCE_DATE_EPOCH" "+$ax_date_fmt" 2>/dev/null \
                  || date -u -r "$SOURCE_DATE_EPOCH" "+$ax_date_fmt" 2>/dev/null`
   if test x"$ax_build_date" = x
 then :
   as_fn_error $? "malformed SOURCE_DATE_EPOCH" "$LINENO" 5
-else case e in #(
-  e) date=$ax_build_date ;;
-esac
-fi ;;
-esac
+else $as_nop
+  date=$ax_build_date
+fi
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $date" >&5
 printf "%s\n" "$date" >&6; }
@@ -25862,8 +26084,8 @@ cat >confcache <<\_ACEOF
 # config.status only pays attention to the cache file if you give it
 # the --recheck option to rerun configure.
 #
-# 'ac_cv_env_foo' variables (set or unset) will be overridden when
-# loading this file, other *unset* 'ac_cv_foo' will be assigned the
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
 # following values.
 
 _ACEOF
@@ -25893,14 +26115,14 @@ printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;}
   (set) 2>&1 |
     case $as_nl`(ac_space=' '; set) 2>&1` in #(
     *${as_nl}ac_space=\ *)
-      # 'set' does not quote correctly, so add quotes: double-quote
+      # `set' does not quote correctly, so add quotes: double-quote
       # substitution turns \\\\ into \\, and sed turns \\ into \.
       sed -n \
 	"s/'/'\\\\''/g;
 	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
       ;; #(
     *)
-      # 'set' quotes correctly as required by POSIX, so do not add quotes.
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
       sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
       ;;
     esac |
@@ -25961,12 +26183,6 @@ LIBOBJS=$ac_libobjs
 LTLIBOBJS=$ac_ltlibobjs
 
 
-# Check whether --enable-year2038 was given.
-if test ${enable_year2038+y}
-then :
-  enableval=$enable_year2038;
-fi
-
 if test -z "${USE_SYSTEMD_TRUE}" && test -z "${USE_SYSTEMD_FALSE}"; then
   as_fn_error $? "conditional \"USE_SYSTEMD\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -26000,6 +26216,7 @@ cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
 
 # Be more Bourne compatible
 DUALCASE=1; export DUALCASE # for MKS sh
+as_nop=:
 if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
 then :
   emulate sh
@@ -26008,13 +26225,12 @@ then :
   # is contrary to our usage.  Disable this feature.
   alias -g '${1+"$@"}'='"$@"'
   setopt NO_GLOB_SUBST
-else case e in #(
-  e) case `(set -o) 2>/dev/null` in #(
+else $as_nop
+  case `(set -o) 2>/dev/null` in #(
   *posix*) :
     set -o posix ;; #(
   *) :
      ;;
-esac ;;
 esac
 fi
 
@@ -26086,7 +26302,7 @@ IFS=$as_save_IFS
 
      ;;
 esac
-# We did not find ourselves, most probably we were run as 'sh COMMAND'
+# We did not find ourselves, most probably we were run as `sh COMMAND'
 # in which case we are not to be found in the path.
 if test "x$as_myself" = x; then
   as_myself=$0
@@ -26115,6 +26331,7 @@ as_fn_error ()
 } # as_fn_error
 
 
+
 # as_fn_set_status STATUS
 # -----------------------
 # Set $? to STATUS, without forking.
@@ -26154,12 +26371,11 @@ then :
   {
     eval $1+=\$2
   }'
-else case e in #(
-  e) as_fn_append ()
+else $as_nop
+  as_fn_append ()
   {
     eval $1=\$$1\$2
-  } ;;
-esac
+  }
 fi # as_fn_append
 
 # as_fn_arith ARG...
@@ -26173,12 +26389,11 @@ then :
   {
     as_val=$(( $* ))
   }'
-else case e in #(
-  e) as_fn_arith ()
+else $as_nop
+  as_fn_arith ()
   {
     as_val=`expr "$@" || test $? -eq 1`
-  } ;;
-esac
+  }
 fi # as_fn_arith
 
 
@@ -26261,9 +26476,9 @@ if (echo >conf$$.file) 2>/dev/null; then
   if ln -s conf$$.file conf$$ 2>/dev/null; then
     as_ln_s='ln -s'
     # ... but there are two gotchas:
-    # 1) On MSYS, both 'ln -s file dir' and 'ln file dir' fail.
-    # 2) DJGPP < 2.04 has no symlinks; 'ln -s' creates a wrapper executable.
-    # In both cases, we have to default to 'cp -pR'.
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -pR'.
     ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
       as_ln_s='cp -pR'
   elif ln conf$$.file conf$$ 2>/dev/null; then
@@ -26344,12 +26559,10 @@ as_test_x='test -x'
 as_executable_p=as_fn_executable_p
 
 # Sed expression to map a string onto a valid CPP name.
-as_sed_cpp="y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g"
-as_tr_cpp="eval sed '$as_sed_cpp'" # deprecated
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
 
 # Sed expression to map a string onto a valid variable name.
-as_sed_sh="y%*+%pp%;s%[^_$as_cr_alnum]%_%g"
-as_tr_sh="eval sed '$as_sed_sh'" # deprecated
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
 
 
 exec 6>&1
@@ -26364,8 +26577,8 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by unbound $as_me 1.23.1, which was
-generated by GNU Autoconf 2.72.  Invocation command line was
+This file was extended by unbound $as_me 1.24.1, which was
+generated by GNU Autoconf 2.71.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
   CONFIG_HEADERS  = $CONFIG_HEADERS
@@ -26397,7 +26610,7 @@ _ACEOF
 
 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 ac_cs_usage="\
-'$as_me' instantiates files and other configuration actions
+\`$as_me' instantiates files and other configuration actions
 from templates according to the current configuration.  Unless the files
 and actions are specified as TAGs, all are instantiated by default.
 
@@ -26432,11 +26645,11 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-unbound config.status 1.23.1
-configured by $0, generated by GNU Autoconf 2.72,
+unbound config.status 1.24.1
+configured by $0, generated by GNU Autoconf 2.71,
   with options \\"\$ac_cs_config\\"
 
-Copyright (C) 2023 Free Software Foundation, Inc.
+Copyright (C) 2021 Free Software Foundation, Inc.
 This config.status script is free software; the Free Software Foundation
 gives unlimited permission to copy, distribute and modify it."
 
@@ -26496,8 +26709,8 @@ do
     ac_need_defaults=false;;
   --he | --h)
     # Conflict between --help and --header
-    as_fn_error $? "ambiguous option: '$1'
-Try '$0 --help' for more information.";;
+    as_fn_error $? "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
   --help | --hel | -h )
     printf "%s\n" "$ac_cs_usage"; exit ;;
   -q | -quiet | --quiet | --quie | --qui | --qu | --q \
@@ -26505,8 +26718,8 @@ Try '$0 --help' for more information.";;
     ac_cs_silent=: ;;
 
   # This is an error.
-  -*) as_fn_error $? "unrecognized option: '$1'
-Try '$0 --help' for more information." ;;
+  -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
 
   *) as_fn_append ac_config_targets " $1"
      ac_need_defaults=false ;;
@@ -26592,6 +26805,7 @@ lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_q
 lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`'
 reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`'
 reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`'
+FILECMD='`$ECHO "$FILECMD" | $SED "$delay_single_quote_subst"`'
 OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`'
 deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`'
 file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`'
@@ -26600,6 +26814,7 @@ want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`'
 DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`'
 sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`'
 AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`'
+lt_ar_flags='`$ECHO "$lt_ar_flags" | $SED "$delay_single_quote_subst"`'
 AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`'
 archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`'
 STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`'
@@ -26720,6 +26935,7 @@ LN_S \
 lt_SP2NL \
 lt_NL2SP \
 reload_flag \
+FILECMD \
 OBJDUMP \
 deplibs_check_method \
 file_magic_cmd \
@@ -26728,7 +26944,6 @@ want_nocaseglob \
 DLLTOOL \
 sharedlib_from_linklib_cmd \
 AR \
-AR_FLAGS \
 archiver_list_spec \
 STRIP \
 RANLIB \
@@ -26861,7 +27076,7 @@ do
     "contrib/unbound_portable.service") CONFIG_FILES="$CONFIG_FILES contrib/unbound_portable.service" ;;
     "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
 
-  *) as_fn_error $? "invalid argument: '$ac_config_target'" "$LINENO" 5;;
+  *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
   esac
 done
 
@@ -26881,7 +27096,7 @@ fi
 # creating and moving files from /tmp can sometimes cause problems.
 # Hook for its removal unless debugging.
 # Note that there is a small window in which the directory will not be cleaned:
-# after its creation but before its name has been assigned to '$tmp'.
+# after its creation but before its name has been assigned to `$tmp'.
 $debug ||
 {
   tmp= ac_tmp=
@@ -26905,7 +27120,7 @@ ac_tmp=$tmp
 
 # Set up the scripts for CONFIG_FILES section.
 # No need to generate them if there are no CONFIG_FILES.
-# This happens for instance with './config.status config.h'.
+# This happens for instance with `./config.status config.h'.
 if test -n "$CONFIG_FILES"; then
 
 
@@ -27063,13 +27278,13 @@ fi # test -n "$CONFIG_FILES"
 
 # Set up the scripts for CONFIG_HEADERS section.
 # No need to generate them if there are no CONFIG_HEADERS.
-# This happens for instance with './config.status Makefile'.
+# This happens for instance with `./config.status Makefile'.
 if test -n "$CONFIG_HEADERS"; then
 cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
 BEGIN {
 _ACEOF
 
-# Transform confdefs.h into an awk script 'defines.awk', embedded as
+# Transform confdefs.h into an awk script `defines.awk', embedded as
 # here-document in config.status, that substitutes the proper values into
 # config.h.in to produce config.h.
 
@@ -27179,7 +27394,7 @@ do
   esac
   case $ac_mode$ac_tag in
   :[FHL]*:*);;
-  :L* | :C*:*) as_fn_error $? "invalid tag '$ac_tag'" "$LINENO" 5;;
+  :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
   :[FH]-) ac_tag=-:-;;
   :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
   esac
@@ -27201,19 +27416,19 @@ do
       -) ac_f="$ac_tmp/stdin";;
       *) # Look for the file first in the build tree, then in the source tree
 	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
-	 # because $ac_f cannot contain ':'.
+	 # because $ac_f cannot contain `:'.
 	 test -f "$ac_f" ||
 	   case $ac_f in
 	   [\\/$]*) false;;
 	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
 	   esac ||
-	   as_fn_error 1 "cannot find input file: '$ac_f'" "$LINENO" 5;;
+	   as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
       esac
       case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
       as_fn_append ac_file_inputs " '$ac_f'"
     done
 
-    # Let's still pretend it is 'configure' which instantiates (i.e., don't
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
     # use $as_me), people would be surprised to read:
     #    /* config.h.  Generated by config.status.  */
     configure_input='Generated from '`
@@ -27337,7 +27552,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 esac
 _ACEOF
 
-# Neutralize VPATH when '$srcdir' = '.'.
+# Neutralize VPATH when `$srcdir' = `.'.
 # Shell code in configure.ac might set extrasub.
 # FIXME: do we really want to maintain this feature?
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
@@ -27366,9 +27581,9 @@ test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
   { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
   { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' \
       "$ac_tmp/out"`; test -z "$ac_out"; } &&
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable 'datarootdir'
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
 which seems to be undefined.  Please make sure it is defined" >&5
-printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable 'datarootdir'
+printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
 which seems to be undefined.  Please make sure it is defined" >&2;}
 
   rm -f "$ac_tmp/stdin"
@@ -27425,19 +27640,18 @@ printf "%s\n" "$as_me: executing $ac_file commands" >&6;}
     cat <<_LT_EOF >> "$cfgfile"
 #! $SHELL
 # Generated automatically by $as_me ($PACKAGE) $VERSION
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
 # NOTE: Changes made to this file will be lost: look at ltmain.sh.
 
 # Provide generalized library-building support services.
 # Written by Gordon Matzigkeit, 1996
 
-# Copyright (C) 2014 Free Software Foundation, Inc.
+# Copyright (C) 2024 Free Software Foundation, Inc.
 # This is free software; see the source for copying conditions.  There is NO
 # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
 # GNU Libtool is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of of the License, or
+# the Free Software Foundation; either version 2 of the License, or
 # (at your option) any later version.
 #
 # As a special exception to the GNU General Public License, if you
@@ -27545,6 +27759,9 @@ to_host_file_cmd=$lt_cv_to_host_file_cmd
 # convert \$build files to toolchain format.
 to_tool_file_cmd=$lt_cv_to_tool_file_cmd
 
+# A file(cmd) program that detects file types.
+FILECMD=$lt_FILECMD
+
 # An object symbol dumper.
 OBJDUMP=$lt_OBJDUMP
 
@@ -27569,8 +27786,11 @@ sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd
 # The archiver.
 AR=$lt_AR
 
+# Flags to create an archive (by configure).
+lt_ar_flags=$lt_ar_flags
+
 # Flags to create an archive.
-AR_FLAGS=$lt_AR_FLAGS
+AR_FLAGS=\${ARFLAGS-"\$lt_ar_flags"}
 
 # How to feed a file listing to the archiver.
 archiver_list_spec=$lt_archiver_list_spec
@@ -27812,7 +28032,7 @@ hardcode_direct=$hardcode_direct
 
 # Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
 # DIR into the resulting binary and the resulting library dependency is
-# "absolute",i.e impossible to change by setting \$shlibpath_var if the
+# "absolute",i.e. impossible to change by setting \$shlibpath_var if the
 # library is relocated.
 hardcode_direct_absolute=$hardcode_direct_absolute
 
@@ -27946,7 +28166,7 @@ ltmain=$ac_aux_dir/ltmain.sh
   # if finds mixed CR/LF and LF-only lines.  Since sed operates in
   # text mode, it properly converts lines to CR/LF.  This bash problem
   # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "$cfgfile" \
+  $SED '$q' "$ltmain" >> "$cfgfile" \
      || (rm -f "$cfgfile"; exit 1)
 
    mv -f "$cfgfile" "$ofile" ||
diff --git a/contrib/unbound/configure.ac b/contrib/unbound/configure.ac
index 051e7b392e33..4ff4c0ef5cc4 100644
--- a/contrib/unbound/configure.ac
+++ b/contrib/unbound/configure.ac
@@ -11,7 +11,7 @@ sinclude(dnscrypt/dnscrypt.m4)
 
 # must be numbers. ac_defun because of later processing
 m4_define([VERSION_MAJOR],[1])
-m4_define([VERSION_MINOR],[23])
+m4_define([VERSION_MINOR],[24])
 m4_define([VERSION_MICRO],[1])
 AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
 AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
@@ -19,7 +19,7 @@ AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
 AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
 
 LIBUNBOUND_CURRENT=9
-LIBUNBOUND_REVISION=32
+LIBUNBOUND_REVISION=34
 LIBUNBOUND_AGE=1
 # 1.0.0 had 0:12:0
 # 1.0.1 had 0:13:0
@@ -119,6 +119,8 @@ LIBUNBOUND_AGE=1
 # 1.22.0 had 9:30:1
 # 1.23.0 had 9:31:1
 # 1.23.1 had 9:32:1
+# 1.24.0 had 9:33:1
+# 1.24.1 had 9:34:1
 
 #   Current  -- the number of the binary API that we're implementing
 #   Revision -- which iteration of the implementation of the binary
@@ -996,7 +998,7 @@ else
 	AC_MSG_RESULT([no])
 fi
 AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h openssl/param_build.h],,, [AC_INCLUDES_DEFAULT])
-AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex SSL_CTX_set_tmp_ecdh])
+AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex])
 
 # these check_funcs need -lssl
 BAKLIBS="$LIBS"
@@ -1004,7 +1006,7 @@ LIBS="-lssl $LIBS"
 AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos SSL_get1_peer_certificate])
 LIBS="$BAKLIBS"
 
-AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
+AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto,SSL_CTX_set_tmp_ecdh], [], [], [
 AC_INCLUDES_DEFAULT
 #ifdef HAVE_OPENSSL_ERR_H
 #include <openssl/err.h>
@@ -1610,17 +1612,29 @@ if test x_$withval = x_yes -o x_$withval != x_no; then
     if test x_$found_libngtcp2 != x_yes; then
 	AC_MSG_ERROR([Could not find libngtcp2, ngtcp2.h])
     fi
-    AC_CHECK_HEADERS([ngtcp2/ngtcp2.h ngtcp2/ngtcp2_crypto_openssl.h ngtcp2/ngtcp2_crypto_quictls.h],,, [AC_INCLUDES_DEFAULT])
+    AC_CHECK_HEADERS([ngtcp2/ngtcp2.h ngtcp2/ngtcp2_crypto_ossl.h ngtcp2/ngtcp2_crypto_openssl.h ngtcp2/ngtcp2_crypto_quictls.h],,, [AC_INCLUDES_DEFAULT])
     AC_CHECK_DECLS([ngtcp2_conn_server_new], [], [], [AC_INCLUDES_DEFAULT
     #include <ngtcp2/ngtcp2.h>
     ])
     AC_CHECK_DECLS([ngtcp2_crypto_encrypt_cb], [], [], [AC_INCLUDES_DEFAULT
     #include <ngtcp2/ngtcp2_crypto.h>
     ])
-    AC_CHECK_LIB([ngtcp2_crypto_openssl], [ngtcp2_crypto_encrypt_cb], [ LIBS="$LIBS -lngtcp2_crypto_openssl" ])
-    AC_CHECK_LIB([ngtcp2_crypto_quictls], [ngtcp2_crypto_encrypt_cb], [ LIBS="$LIBS -lngtcp2_crypto_quictls" ])
-    AC_CHECK_FUNCS([ngtcp2_crypto_encrypt_cb ngtcp2_ccerr_default ngtcp2_conn_in_closing_period ngtcp2_conn_in_draining_period ngtcp2_conn_get_max_local_streams_uni ngtcp2_crypto_quictls_from_ossl_encryption_level ngtcp2_crypto_quictls_configure_server_context ngtcp2_crypto_quictls_configure_client_context ngtcp2_conn_get_num_scid ngtcp2_conn_tls_early_data_rejected ngtcp2_conn_encode_0rtt_transport_params])
+    AC_CHECK_LIB([ngtcp2_crypto_ossl], [ngtcp2_crypto_encrypt_cb], [
+	LIBS="$LIBS -lngtcp2_crypto_ossl"
+	AC_DEFINE(USE_NGTCP2_CRYPTO_OSSL, 1, [Define this to use ngtcp2_crypto_ossl.])
+    ], [
+        AC_CHECK_LIB([ngtcp2_crypto_openssl], [ngtcp2_crypto_encrypt_cb], [ LIBS="$LIBS -lngtcp2_crypto_openssl" ], [
+            AC_CHECK_LIB([ngtcp2_crypto_quictls], [ngtcp2_crypto_encrypt_cb], [ LIBS="$LIBS -lngtcp2_crypto_quictls" ])
+	])
+    ])
+    AC_CHECK_FUNCS([ngtcp2_crypto_encrypt_cb ngtcp2_ccerr_default ngtcp2_conn_in_closing_period ngtcp2_conn_in_draining_period ngtcp2_conn_get_max_local_streams_uni ngtcp2_crypto_quictls_from_ossl_encryption_level ngtcp2_crypto_quictls_configure_server_context ngtcp2_crypto_quictls_configure_client_context ngtcp2_crypto_quictls_init ngtcp2_conn_get_num_scid ngtcp2_conn_tls_early_data_rejected ngtcp2_conn_encode_0rtt_transport_params])
+
+    # these check_funcs need -lssl
+    BAKLIBS="$LIBS"
+    LIBS="-lssl $LIBS"
     AC_CHECK_FUNCS([SSL_is_quic], [], [AC_MSG_ERROR([No QUIC support detected in OpenSSL. Need OpenSSL version with QUIC support to enable DNS over QUIC with libngtcp2.])])
+    LIBS="$BAKLIBS"
+
     AC_CHECK_TYPES([struct ngtcp2_version_cid, ngtcp2_encryption_level],,,[AC_INCLUDES_DEFAULT
     #include <ngtcp2/ngtcp2.h>
     ])
diff --git a/contrib/unbound/contrib/aaaa-filter-iterator.patch b/contrib/unbound/contrib/aaaa-filter-iterator.patch
index b0c2b2198a60..4ada030730fc 100644
--- a/contrib/unbound/contrib/aaaa-filter-iterator.patch
+++ b/contrib/unbound/contrib/aaaa-filter-iterator.patch
@@ -1,10 +1,10 @@
 diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
-index 5a75e319..c6c6dbe2 100644
+index 172eb26c..2921c87f 100644
 --- a/doc/unbound.conf.5.in
 +++ b/doc/unbound.conf.5.in
-@@ -970,6 +970,13 @@ potentially broken nameservers. A lot of domains will not be resolvable when
- this option in enabled. Only use if you know what you are doing.
- This option only has effect when qname-minimisation is enabled. Default is no.
+@@ -2146,6 +2146,13 @@ Default: no
+ .UNINDENT
+ .INDENT 0.0
  .TP
 +.B aaaa\-filter: \fI<yes or no>
 +Activate behavior similar to BIND's AAAA-filter.
@@ -13,14 +13,14 @@ index 5a75e319..c6c6dbe2 100644
 +This also causes an additional A query to be sent for each AAAA query.
 +This breaks DNSSEC!
 +.TP
- .B aggressive\-nsec: \fI<yes or no>
- Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN
- and other denials, using information from previous NXDOMAINs answers.
+ .B aggressive\-nsec: \fI<yes or no>\fP 
+ Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN and other
+ denials, using information from previous NXDOMAINs answers.
 diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c
-index f093c1bf..e55a2246 100644
+index 49a5f5da..fbe434fa 100644
 --- a/iterator/iter_scrub.c
 +++ b/iterator/iter_scrub.c
-@@ -679,6 +679,32 @@ static int sanitize_nsec_is_overreach(sldns_buffer* pkt,
+@@ -849,6 +849,32 @@ scrub_sanitize_rr_length(sldns_buffer* pkt, struct msg_parse* msg,
  	return 0;
  }
  
@@ -53,15 +53,15 @@ index f093c1bf..e55a2246 100644
  /**
   * Given a response event, remove suspect RRsets from the response.
   * "Suspect" rrsets are potentially poison. Note that this routine expects
-@@ -698,6 +724,7 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
+@@ -869,6 +895,7 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
  	struct query_info* qinfo, uint8_t* zonename, struct module_env* env,
- 	struct iter_env* ie)
+ 	struct iter_env* ie, struct module_qstate* qstate)
  {
 +	int found_a_record = 0; /* ASN: do we have a A record? */
  	int del_addi = 0; /* if additional-holding rrsets are deleted, we
  		do not trust the normalized additional-A-AAAA any more */
- 	struct rrset_parse* rrset, *prev;
-@@ -733,6 +760,13 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
+ 	uint8_t* ns_rrset_dname = NULL;
+@@ -906,6 +933,13 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
  		rrset = rrset->rrset_all_next;
  	}
  
@@ -75,9 +75,9 @@ index f093c1bf..e55a2246 100644
  	/* At this point, we brutally remove ALL rrsets that aren't 
  	 * children of the originating zone. The idea here is that, 
  	 * as far as we know, the server that we contacted is ONLY 
-@@ -744,6 +778,24 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
- 	rrset = msg->rrset_first;
- 	while(rrset) {
+@@ -925,6 +959,24 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
+ 				continue;
+ 		}
  
 +		/* ASN: For AAAA records only... */
 +		if((ie->aaaa_filter) && (rrset->type == LDNS_RR_TYPE_AAAA)) {
@@ -101,10 +101,10 @@ index f093c1bf..e55a2246 100644
  		if( (rrset->type == LDNS_RR_TYPE_A || 
  			rrset->type == LDNS_RR_TYPE_AAAA)) {
 diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c
-index 2482a1f4..bd5ba243 100644
+index 1da21896..6583dd0e 100644
 --- a/iterator/iter_utils.c
 +++ b/iterator/iter_utils.c
-@@ -177,6 +177,7 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
+@@ -250,6 +250,7 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
  	iter_env->outbound_msg_retry = cfg->outbound_msg_retry;
  	iter_env->max_sent_count = cfg->max_sent_count;
  	iter_env->max_query_restarts = cfg->max_query_restarts;
@@ -113,12 +113,12 @@ index 2482a1f4..bd5ba243 100644
  }
  
 diff --git a/iterator/iterator.c b/iterator/iterator.c
-index 54006940..768fe202 100644
+index 71e64655..735f4ca0 100644
 --- a/iterator/iterator.c
 +++ b/iterator/iterator.c
-@@ -2155,6 +2155,53 @@ processDSNSFind(struct module_qstate* qstate, struct iter_qstate* iq, int id)
- 
- 	return 0;
+@@ -2412,6 +2412,53 @@ check_waiting_queries(struct iter_qstate* iq, struct module_qstate* qstate,
+ 		qstate->ext_state[id] = module_wait_reply;
+ 	}
  }
 +
 +/**
@@ -170,8 +170,8 @@ index 54006940..768fe202 100644
  	
  /** 
   * This is the request event state where the request will be sent to one of
-@@ -2216,6 +2263,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
- 		return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
+@@ -2554,6 +2601,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
+ 		}
  	}
  	
 +	/* ASN: If we have a AAAA query, then also query for A records */
@@ -184,7 +184,7 @@ index 54006940..768fe202 100644
  	/* Make sure we have a delegation point, otherwise priming failed
  	 * or another failure occurred */
  	if(!iq->dp) {
-@@ -3648,6 +3702,61 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
+@@ -4178,6 +4232,61 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
  	return 0;
  }
  
@@ -246,7 +246,7 @@ index 54006940..768fe202 100644
  /*
   * Return priming query results to interested super querystates.
   * 
-@@ -3667,6 +3776,9 @@ iter_inform_super(struct module_qstate* qstate, int id,
+@@ -4197,6 +4306,9 @@ iter_inform_super(struct module_qstate* qstate, int id,
  	else if(super->qinfo.qtype == LDNS_RR_TYPE_DS && ((struct iter_qstate*)
  		super->minfo[id])->state == DSNS_FIND_STATE)
  		processDSNSResponse(qstate, id, super);
@@ -256,7 +256,7 @@ index 54006940..768fe202 100644
  	else if(qstate->return_rcode != LDNS_RCODE_NOERROR)
  		error_supers(qstate, id, super);
  	else if(qstate->is_priming)
-@@ -3704,6 +3816,9 @@ iter_handle(struct module_qstate* qstate, struct iter_qstate* iq,
+@@ -4234,6 +4346,9 @@ iter_handle(struct module_qstate* qstate, struct iter_qstate* iq,
  			case INIT_REQUEST_3_STATE:
  				cont = processInitRequest3(qstate, iq, id);
  				break;
@@ -266,7 +266,7 @@ index 54006940..768fe202 100644
  			case QUERYTARGETS_STATE:
  				cont = processQueryTargets(qstate, iq, ie, id);
  				break;
-@@ -4040,6 +4155,8 @@ iter_state_to_string(enum iter_state state)
+@@ -4578,6 +4693,8 @@ iter_state_to_string(enum iter_state state)
  		return "INIT REQUEST STATE (stage 2)";
  	case INIT_REQUEST_3_STATE:
  		return "INIT REQUEST STATE (stage 3)";
@@ -275,7 +275,7 @@ index 54006940..768fe202 100644
  	case QUERYTARGETS_STATE :
  		return "QUERY TARGETS STATE";
  	case PRIME_RESP_STATE :
-@@ -4064,6 +4181,7 @@ iter_state_is_responsestate(enum iter_state s)
+@@ -4602,6 +4719,7 @@ iter_state_is_responsestate(enum iter_state s)
  		case INIT_REQUEST_STATE :
  		case INIT_REQUEST_2_STATE :
  		case INIT_REQUEST_3_STATE :
@@ -284,10 +284,10 @@ index 54006940..768fe202 100644
  		case COLLECT_CLASS_STATE :
  			return 0;
 diff --git a/iterator/iterator.h b/iterator/iterator.h
-index 8b840528..a61c4195 100644
+index ae4b4e45..a44f9d27 100644
 --- a/iterator/iterator.h
 +++ b/iterator/iterator.h
-@@ -133,6 +133,9 @@ struct iter_env {
+@@ -157,6 +157,9 @@ struct iter_env {
  	 */
  	int* target_fetch_policy;
  
@@ -297,7 +297,7 @@ index 8b840528..a61c4195 100644
  	/** lock on ratelimit counter */
  	lock_basic_type queries_ratelimit_lock;
  	/** number of queries that have been ratelimited */
-@@ -187,6 +190,14 @@ enum iter_state {
+@@ -217,6 +220,14 @@ enum iter_state {
  	 */
  	INIT_REQUEST_3_STATE,
  
@@ -312,9 +312,9 @@ index 8b840528..a61c4195 100644
  	/**
  	 * Each time a delegation point changes for a given query or a 
  	 * query times out and/or wakes up, this state is (re)visited. 
-@@ -376,6 +387,13 @@ struct iter_qstate {
- 	 */
- 	int refetch_glue;
+@@ -434,6 +445,13 @@ struct iter_qstate {
+ 	 * already so that it is accepted later. */
+ 	int empty_nodata_found;
  
 +	/**
 +	 * ASN: This is a flag that, if true, means that this query is
@@ -327,10 +327,10 @@ index 8b840528..a61c4195 100644
  	struct outbound_list outlist;
  
 diff --git a/pythonmod/interface.i b/pythonmod/interface.i
-index 1ca8686a..d91b19ec 100644
+index 2040fb9e..f073c3dc 100644
 --- a/pythonmod/interface.i
 +++ b/pythonmod/interface.i
-@@ -995,6 +995,7 @@ struct config_file {
+@@ -1013,6 +1013,7 @@ struct config_file {
     int harden_dnssec_stripped;
     int harden_referral_path;
     int use_caps_bits_for_id;
@@ -339,23 +339,23 @@ index 1ca8686a..d91b19ec 100644
     struct config_strlist* private_domain;
     size_t unwanted_threshold;
 diff --git a/util/config_file.c b/util/config_file.c
-index 969d664b..8d94b008 100644
+index b1e767b3..5eb3c099 100644
 --- a/util/config_file.c
 +++ b/util/config_file.c
-@@ -231,6 +231,7 @@ config_create(void)
- 	cfg->harden_referral_path = 0;
+@@ -247,6 +247,7 @@ config_create(void)
  	cfg->harden_algo_downgrade = 0;
+ 	cfg->harden_unknown_additional = 0;
  	cfg->use_caps_bits_for_id = 0;
 +	cfg->aaaa_filter = 0; /* ASN: default is disabled */
  	cfg->caps_whitelist = NULL;
  	cfg->private_address = NULL;
  	cfg->private_domain = NULL;
 diff --git a/util/config_file.h b/util/config_file.h
-index c7c9a0a4..e3aa15b0 100644
+index 44ac036b..1e59ab07 100644
 --- a/util/config_file.h
 +++ b/util/config_file.h
-@@ -285,6 +285,8 @@ struct config_file {
- 	int harden_algo_downgrade;
+@@ -311,6 +311,8 @@ struct config_file {
+ 	int harden_unknown_additional;
  	/** use 0x20 bits in query as random ID bits */
  	int use_caps_bits_for_id;
 +	/** ASN: enable AAAA filter? */
@@ -364,10 +364,10 @@ index c7c9a0a4..e3aa15b0 100644
  	struct config_strlist* caps_whitelist;
  	/** strip away these private addrs from answers, no DNS Rebinding */
 diff --git a/util/configlexer.lex b/util/configlexer.lex
-index 34a0e5dd..c890be2a 100644
+index bc258673..76aab170 100644
 --- a/util/configlexer.lex
 +++ b/util/configlexer.lex
-@@ -317,6 +317,7 @@ use-caps-for-id{COLON}		{ YDVAR(1, VAR_USE_CAPS_FOR_ID) }
+@@ -327,6 +327,7 @@ use-caps-for-id{COLON}		{ YDVAR(1, VAR_USE_CAPS_FOR_ID) }
  caps-whitelist{COLON}		{ YDVAR(1, VAR_CAPS_WHITELIST) }
  caps-exempt{COLON}		{ YDVAR(1, VAR_CAPS_WHITELIST) }
  unwanted-reply-threshold{COLON}	{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) }
@@ -376,10 +376,10 @@ index 34a0e5dd..c890be2a 100644
  private-domain{COLON}		{ YDVAR(1, VAR_PRIVATE_DOMAIN) }
  prefetch-key{COLON}		{ YDVAR(1, VAR_PREFETCH_KEY) }
 diff --git a/util/configparser.y b/util/configparser.y
-index d4f965f9..8cc237c6 100644
+index 82e1d878..dc19bed5 100644
 --- a/util/configparser.y
 +++ b/util/configparser.y
-@@ -97,6 +97,7 @@ extern struct config_parser_state* cfg_parser;
+@@ -100,6 +100,7 @@ extern struct config_parser_state* cfg_parser;
  %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
  %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
  %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
@@ -387,7 +387,7 @@ index d4f965f9..8cc237c6 100644
  %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
  %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
  %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
-@@ -247,6 +248,7 @@ content_server: server_num_threads | server_verbosity | server_port |
+@@ -276,6 +277,7 @@ content_server: server_num_threads | server_verbosity | server_port |
  	server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
  	server_harden_referral_path | server_private_address |
  	server_private_domain | server_extended_statistics |
@@ -395,7 +395,7 @@ index d4f965f9..8cc237c6 100644
  	server_local_data_ptr | server_jostle_timeout |
  	server_unwanted_reply_threshold | server_log_time_ascii |
  	server_domain_insecure | server_val_sig_skew_min |
-@@ -1754,6 +1756,15 @@ server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
+@@ -1932,6 +1934,15 @@ server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
  			yyerror("out of memory");
  	}
  	;
diff --git a/contrib/unbound/contrib/unbound.service.in b/contrib/unbound/contrib/unbound.service.in
index 8a5d3b2b0189..cc8d0ed2dab3 100644
--- a/contrib/unbound/contrib/unbound.service.in
+++ b/contrib/unbound/contrib/unbound.service.in
@@ -38,11 +38,17 @@
 ;   - `LockPersonality=yes` locks down the personality system call so that the
 ;     kernel execution domain may not be changed from the default.
 ;
+;   - With /etc/systemd/network/*.network a setting to make sure the network
+;     is not considered online too early, can reduce network unreachable
+;     errors on server start:
+;     [Link]
+;     RequiredForOnline=routable
 ;
 [Unit]
 Description=Validating, recursive, and caching DNS resolver
 Documentation=man:unbound(8)
 After=network-online.target
+Wants=network-online.target
 Before=nss-lookup.target
 
 [Install]
diff --git a/contrib/unbound/daemon/cachedump.c b/contrib/unbound/daemon/cachedump.c
index ba986c763edc..f0a693bf6f8e 100644
--- a/contrib/unbound/daemon/cachedump.c
+++ b/contrib/unbound/daemon/cachedump.c
@@ -62,84 +62,231 @@
 #include "sldns/wire2str.h"
 #include "sldns/str2wire.h"
 
+static void spool_txt_printf(struct config_strlist_head* txt,
+	const char* format, ...) ATTR_FORMAT(printf, 2, 3);
+
+/** Append to strlist at end, and log error if out of memory. */
+static void
+spool_txt_string(struct config_strlist_head* txt, char* str)
+{
+	if(!cfg_strlist_append(txt, strdup(str))) {
+		log_err("out of memory in spool text");
+	}
+}
+
+/** Spool txt to spool list. */
+static void
+spool_txt_vmsg(struct config_strlist_head* txt, const char* format,
+	va_list args)
+{
+	char msg[65535];
+	vsnprintf(msg, sizeof(msg), format, args);
+	spool_txt_string(txt, msg);
+}
+
+/** Print item to spool list. On alloc failure the list is as before. */
+static void
+spool_txt_printf(struct config_strlist_head* txt, const char* format, ...)
+{
+	va_list args;
+	va_start(args, format);
+	spool_txt_vmsg(txt, format, args);
+	va_end(args);
+}
+
 /** dump one rrset zonefile line */
-static int
-dump_rrset_line(RES* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i)
+static void
+dump_rrset_line(struct config_strlist_head* txt, struct ub_packed_rrset_key* k,
+	time_t now, size_t i)
 {
 	char s[65535];
 	if(!packed_rr_to_string(k, i, now, s, sizeof(s))) {
-		return ssl_printf(ssl, "BADRR\n");
+		spool_txt_string(txt, "BADRR\n");
+		return;
 	}
-	return ssl_printf(ssl, "%s", s);
+	spool_txt_string(txt, s);
 }
 
 /** dump rrset key and data info */
-static int
-dump_rrset(RES* ssl, struct ub_packed_rrset_key* k, 
+static void
+dump_rrset(struct config_strlist_head* txt, struct ub_packed_rrset_key* k,
 	struct packed_rrset_data* d, time_t now)
 {
 	size_t i;
 	/* rd lock held by caller */
-	if(!k || !d) return 1;
-	if(k->id == 0) return 1; /* deleted */
-	if(d->ttl < now) return 1; /* expired */
+	if(!k || !d) return;
+	if(k->id == 0) return; /* deleted */
+	if(d->ttl < now) return; /* expired */
 
 	/* meta line */
-	if(!ssl_printf(ssl, ";rrset%s " ARG_LL "d %u %u %d %d\n",
+	spool_txt_printf(txt, ";rrset%s " ARG_LL "d %u %u %d %d\n",
 		(k->rk.flags & PACKED_RRSET_NSEC_AT_APEX)?" nsec_apex":"",
 		(long long)(d->ttl - now),
 		(unsigned)d->count, (unsigned)d->rrsig_count,
 		(int)d->trust, (int)d->security
-		)) 
-		return 0;
+		);
 	for(i=0; i<d->count + d->rrsig_count; i++) {
-		if(!dump_rrset_line(ssl, k, now, i))
+		dump_rrset_line(txt, k, now, i);
+	}
+}
+
+/** Spool strlist to the output. */
+static int
+spool_strlist(RES* ssl, struct config_strlist* list)
+{
+	struct config_strlist* s;
+	for(s=list; s; s=s->next) {
+		if(!ssl_printf(ssl, "%s", s->str))
 			return 0;
 	}
 	return 1;
 }
 
-/** dump lruhash rrset cache */
+/** dump lruhash cache and call callback for every item. */
 static int
-dump_rrset_lruhash(RES* ssl, struct lruhash* h, time_t now)
+dump_lruhash(struct lruhash* table,
+	void (*func)(struct lruhash_entry*, struct config_strlist_head*, void*),
+	RES* ssl, void* arg)
 {
-	struct lruhash_entry* e;
-	/* lruhash already locked by caller */
-	/* walk in order of lru; best first */
-	for(e=h->lru_start; e; e = e->lru_next) {
-		lock_rw_rdlock(&e->lock);
-		if(!dump_rrset(ssl, (struct ub_packed_rrset_key*)e->key,
-			(struct packed_rrset_data*)e->data, now)) {
-			lock_rw_unlock(&e->lock);
+	int just_started = 1;
+	int not_done = 1;
+	hashvalue_type hash;
+	size_t num = 0; /* number of entries processed. */
+	size_t max = 2; /* number of entries after which it unlocks. */
+	struct config_strlist_head txt; /* Text strings spooled. */
+	memset(&txt, 0, sizeof(txt));
+
+	while(not_done) {
+		size_t i; /* hash bin. */
+		/* Process a number of items. */
+		num = 0;
+		lock_quick_lock(&table->lock);
+		if(just_started) {
+			i = 0;
+		} else {
+			i = hash&table->size_mask;
+		}
+		while(num < max) {
+			/* Process bin. */
+			int found = 0;
+			size_t num_bin = 0;
+			struct lruhash_bin* bin = &table->array[i];
+			struct lruhash_entry* e;
+			lock_quick_lock(&bin->lock);
+			for(e = bin->overflow_list; e; e = e->overflow_next) {
+				/* Entry e is locked by the func. */
+				func(e, &txt, arg);
+				num_bin++;
+			}
+			lock_quick_unlock(&bin->lock);
+			/* This addition of bin number of entries may take
+			 * it over the max. */
+			num += num_bin;
+
+			/* Move to next bin. */
+			/* Find one with an entry, with a  hash value, so we
+			 * can continue from the hash value. The hash value
+			 * can be indexed also if the array changes size. */
+			i++;
+			while(i < table->size) {
+				bin = &table->array[i];
+				lock_quick_lock(&bin->lock);
+				if(bin->overflow_list) {
+					hash = bin->overflow_list->hash;
+					lock_quick_unlock(&bin->lock);
+					found = 1;
+					just_started = 0;
+					break;
+				}
+				lock_quick_unlock(&bin->lock);
+				i++;
+			}
+			if(!found) {
+				not_done = 0;
+				break;
+			}
+		}
+		lock_quick_unlock(&table->lock);
+		/* Print the spooled items, that are collected while the
+		 * locks are locked. The print happens while they are not
+		 * locked. */
+		if(txt.first) {
+			if(!spool_strlist(ssl, txt.first)) {
+				config_delstrlist(txt.first);
+				return 0;
+			}
+			config_delstrlist(txt.first);
+			memset(&txt, 0, sizeof(txt));
+		}
+	}
+	/* Print the final spooled items. */
+	if(txt.first) {
+		if(!spool_strlist(ssl, txt.first)) {
+			config_delstrlist(txt.first);
 			return 0;
 		}
-		lock_rw_unlock(&e->lock);
+		config_delstrlist(txt.first);
+	}
+	return 1;
+}
+
+/** dump slabhash cache and call callback for every item. */
+static int
+dump_slabhash(struct slabhash* sh,
+	void (*func)(struct lruhash_entry*, struct config_strlist_head*, void*),
+	RES* ssl, void* arg)
+{
+	/* Process a number of items at a time, then unlock the cache,
+	 * so that ordinary processing can continue. Keep an iteration marker
+	 * to continue the loop. That means the cache can change, items
+	 * could be inserted and deleted. And, for example, the hash table
+	 * can grow. */
+	size_t slab;
+	for(slab=0; slab<sh->size; slab++) {
+		if(!dump_lruhash(sh->array[slab], func, ssl, arg))
+			return 0;
 	}
 	return 1;
 }
 
+/** Struct for dump information. */
+struct dump_info {
+	/** The worker. */
+	struct worker* worker;
+	/** The printout connection. */
+	RES* ssl;
+};
+
+/** Dump the rrset cache entry */
+static void
+dump_rrset_entry(struct lruhash_entry* e, struct config_strlist_head* txt,
+	void* arg)
+{
+	struct dump_info* dump_info = (struct dump_info*)arg;
+	lock_rw_rdlock(&e->lock);
+	dump_rrset(txt, (struct ub_packed_rrset_key*)e->key,
+		(struct packed_rrset_data*)e->data,
+		*dump_info->worker->env.now);
+	lock_rw_unlock(&e->lock);
+}
+
 /** dump rrset cache */
 static int
 dump_rrset_cache(RES* ssl, struct worker* worker)
 {
 	struct rrset_cache* r = worker->env.rrset_cache;
-	size_t slab;
+	struct dump_info dump_info;
+	dump_info.worker = worker;
+	dump_info.ssl = ssl;
 	if(!ssl_printf(ssl, "START_RRSET_CACHE\n")) return 0;
-	for(slab=0; slab<r->table.size; slab++) {
-		lock_quick_lock(&r->table.array[slab]->lock);
-		if(!dump_rrset_lruhash(ssl, r->table.array[slab],
-			*worker->env.now)) {
-			lock_quick_unlock(&r->table.array[slab]->lock);
-			return 0;
-		}
-		lock_quick_unlock(&r->table.array[slab]->lock);
-	}
+	if(!dump_slabhash(&r->table, &dump_rrset_entry, ssl, &dump_info))
+		return 0;
 	return ssl_printf(ssl, "END_RRSET_CACHE\n");
 }
 
 /** dump message to rrset reference */
-static int
-dump_msg_ref(RES* ssl, struct ub_packed_rrset_key* k)
+static void
+dump_msg_ref(struct config_strlist_head* txt, struct ub_packed_rrset_key* k)
 {
 	char* nm, *tp, *cl;
 	nm = sldns_wire2str_dname(k->rk.dname, k->rk.dname_len);
@@ -149,30 +296,25 @@ dump_msg_ref(RES* ssl, struct ub_packed_rrset_key* k)
 		free(nm);
 		free(tp);
 		free(cl);
-		return ssl_printf(ssl, "BADREF\n");
-	}
-	if(!ssl_printf(ssl, "%s %s %s %d\n", nm, cl, tp, (int)k->rk.flags)) {
-		free(nm);
-		free(tp);
-		free(cl);
-		return 0;
+		spool_txt_string(txt, "BADREF\n");
+		return;
 	}
+	spool_txt_printf(txt, "%s %s %s %d\n", nm, cl, tp, (int)k->rk.flags);
 	free(nm);
 	free(tp);
 	free(cl);
-
-	return 1;
 }
 
 /** dump message entry */
-static int
-dump_msg(RES* ssl, struct query_info* k, struct reply_info* d, time_t now)
+static void
+dump_msg(struct config_strlist_head* txt, struct query_info* k,
+	struct reply_info* d, time_t now)
 {
 	size_t i;
 	char* nm, *tp, *cl;
-	if(!k || !d) return 1;
-	if(d->ttl < now) return 1; /* expired */
-	
+	if(!k || !d) return;
+	if(d->ttl < now) return; /* expired */
+
 	nm = sldns_wire2str_dname(k->qname, k->qname_len);
 	tp = sldns_wire2str_type(k->qtype);
 	cl = sldns_wire2str_class(k->qclass);
@@ -180,45 +322,35 @@ dump_msg(RES* ssl, struct query_info* k, struct reply_info* d, time_t now)
 		free(nm);
 		free(tp);
 		free(cl);
-		return 1; /* skip this entry */
+		return; /* skip this entry */
 	}
 	if(!rrset_array_lock(d->ref, d->rrset_count, now)) {
 		/* rrsets have timed out or do not exist */
 		free(nm);
 		free(tp);
 		free(cl);
-		return 1; /* skip this entry */
+		return; /* skip this entry */
 	}
-	
+
 	/* meta line */
-	if(!ssl_printf(ssl, "msg %s %s %s %d %d " ARG_LL "d %d %u %u %u %d %s\n",
-			nm, cl, tp,
-			(int)d->flags, (int)d->qdcount, 
-			(long long)(d->ttl-now), (int)d->security,
-			(unsigned)d->an_numrrsets,
-			(unsigned)d->ns_numrrsets,
-			(unsigned)d->ar_numrrsets,
-			(int)d->reason_bogus,
-			d->reason_bogus_str?d->reason_bogus_str:"")) {
-		free(nm);
-		free(tp);
-		free(cl);
-		rrset_array_unlock(d->ref, d->rrset_count);
-		return 0;
-	}
+	spool_txt_printf(txt,
+		"msg %s %s %s %d %d " ARG_LL "d %d %u %u %u %d %s\n",
+		nm, cl, tp,
+		(int)d->flags, (int)d->qdcount,
+		(long long)(d->ttl-now), (int)d->security,
+		(unsigned)d->an_numrrsets,
+		(unsigned)d->ns_numrrsets,
+		(unsigned)d->ar_numrrsets,
+		(int)d->reason_bogus,
+		d->reason_bogus_str?d->reason_bogus_str:"");
 	free(nm);
 	free(tp);
 	free(cl);
 	
 	for(i=0; i<d->rrset_count; i++) {
-		if(!dump_msg_ref(ssl, d->rrsets[i])) {
-			rrset_array_unlock(d->ref, d->rrset_count);
-			return 0;
-		}
+		dump_msg_ref(txt, d->rrsets[i]);
 	}
 	rrset_array_unlock(d->ref, d->rrset_count);
-
-	return 1;
 }
 
 /** copy msg to worker pad */
@@ -247,49 +379,40 @@ copy_msg(struct regional* region, struct lruhash_entry* e,
 	return (*k)->qname != NULL;
 }
 
-/** dump lruhash msg cache */
-static int
-dump_msg_lruhash(RES* ssl, struct worker* worker, struct lruhash* h)
+/** Dump the msg entry. */
+static void
+dump_msg_entry(struct lruhash_entry* e, struct config_strlist_head* txt,
+	void* arg)
 {
-	struct lruhash_entry* e;
+	struct dump_info* dump_info = (struct dump_info*)arg;
 	struct query_info* k;
 	struct reply_info* d;
 
-	/* lruhash already locked by caller */
-	/* walk in order of lru; best first */
-	for(e=h->lru_start; e; e = e->lru_next) {
-		regional_free_all(worker->scratchpad);
-		lock_rw_rdlock(&e->lock);
-		/* make copy of rrset in worker buffer */
-		if(!copy_msg(worker->scratchpad, e, &k, &d)) {
-			lock_rw_unlock(&e->lock);
-			return 0;
-		}
+	regional_free_all(dump_info->worker->scratchpad);
+	/* Make copy of rrset in worker buffer. */
+	lock_rw_rdlock(&e->lock);
+	if(!copy_msg(dump_info->worker->scratchpad, e, &k, &d)) {
 		lock_rw_unlock(&e->lock);
-		/* release lock so we can lookup the rrset references 
-		 * in the rrset cache */
-		if(!dump_msg(ssl, k, d, *worker->env.now)) {
-			return 0;
-		}
+		log_err("out of memory in dump_msg_entry");
+		return;
 	}
-	return 1;
+	lock_rw_unlock(&e->lock);
+	/* Release lock so we can lookup the rrset references
+	 * in the rrset cache. */
+	dump_msg(txt, k, d, *dump_info->worker->env.now);
 }
 
 /** dump msg cache */
 static int
 dump_msg_cache(RES* ssl, struct worker* worker)
 {
-	struct slabhash* sh = worker->env.msg_cache;
-	size_t slab;
+	struct dump_info dump_info;
+	dump_info.worker = worker;
+	dump_info.ssl = ssl;
 	if(!ssl_printf(ssl, "START_MSG_CACHE\n")) return 0;
-	for(slab=0; slab<sh->size; slab++) {
-		lock_quick_lock(&sh->array[slab]->lock);
-		if(!dump_msg_lruhash(ssl, worker, sh->array[slab])) {
-			lock_quick_unlock(&sh->array[slab]->lock);
-			return 0;
-		}
-		lock_quick_unlock(&sh->array[slab]->lock);
-	}
+	if(!dump_slabhash(worker->env.msg_cache, &dump_msg_entry, ssl,
+		&dump_info))
+		return 0;
 	return ssl_printf(ssl, "END_MSG_CACHE\n");
 }
 
@@ -811,12 +934,18 @@ print_dp_main(RES* ssl, struct delegpt* dp, struct dns_msg* msg)
 		struct ub_packed_rrset_key* k = msg->rep->rrsets[i];
 		struct packed_rrset_data* d = 
 			(struct packed_rrset_data*)k->entry.data;
+		struct config_strlist_head txt;
+		memset(&txt, 0, sizeof(txt));
 		if(d->security == sec_status_bogus) {
 			if(!ssl_printf(ssl, "Address is BOGUS:\n"))
 				return;
 		}
-		if(!dump_rrset(ssl, k, d, 0))
+		dump_rrset(&txt, k, d, 0);
+		if(!spool_strlist(ssl, txt.first)) {
+			config_delstrlist(txt.first);
 			return;
+		}
+		config_delstrlist(txt.first);
 	    }
 	delegpt_count_ns(dp, &n_ns, &n_miss);
 	delegpt_count_addr(dp, &n_addr, &n_res, &n_avail);
diff --git a/contrib/unbound/daemon/remote.c b/contrib/unbound/daemon/remote.c
index 89134efc92a8..d8ee7fa7d7c1 100644
--- a/contrib/unbound/daemon/remote.c
+++ b/contrib/unbound/daemon/remote.c
@@ -101,6 +101,10 @@
 #ifdef USE_CACHEDB
 #include "cachedb/cachedb.h"
 #endif
+#ifdef CLIENT_SUBNET
+#include "edns-subnet/subnetmod.h"
+#include "edns-subnet/addrtree.h"
+#endif
 
 #ifdef HAVE_SYS_TYPES_H
 #  include <sys/types.h>
@@ -1148,6 +1152,8 @@ print_ext(RES* ssl, struct ub_stats_info* s, int inhibit_zero)
 		(unsigned long)s->svr.ans_bogus)) return 0;
 	if(!ssl_printf(ssl, "num.rrset.bogus"SQ"%lu\n",
 		(unsigned long)s->svr.rrset_bogus)) return 0;
+	if(!ssl_printf(ssl, "num.valops"SQ"%lu\n",
+		(unsigned long)s->svr.val_ops)) return 0;
 	if(!ssl_printf(ssl, "num.query.aggressive.NOERROR"SQ"%lu\n",
 		(unsigned long)s->svr.num_neg_cache_noerror)) return 0;
 	if(!ssl_printf(ssl, "num.query.aggressive.NXDOMAIN"SQ"%lu\n",
@@ -1576,7 +1582,7 @@ do_view_zone_add(RES* ssl, struct worker* worker, char* arg)
 		}
 		if(!v->isfirst) {
 			/* Global local-zone is not used for this view,
-			 * therefore add defaults to this view-specic
+			 * therefore add defaults to this view-specific
 			 * local-zone. */
 			struct config_file lz_cfg;
 			memset(&lz_cfg, 0, sizeof(lz_cfg));
@@ -1740,6 +1746,334 @@ do_view_datas_remove(struct daemon_remote* rc, RES* ssl, struct worker* worker,
 	(void)ssl_printf(ssl, "removed %d datas\n", num);
 }
 
+/** information for the domain search */
+struct cache_lookup_info {
+	/** The connection to print on. */
+	RES* ssl;
+	/** The worker. */
+	struct worker* worker;
+	/** The domain, in wireformat. */
+	uint8_t* nm;
+	/** The length of nm. */
+	size_t nmlen;
+};
+
+#ifdef CLIENT_SUBNET
+static void addrtree_traverse_visit_node(struct addrnode* n, addrkey_t* addr,
+	size_t addr_size, int is_ipv6, time_t now, struct query_info* q,
+	void (*func)(struct query_info*, struct reply_info*, addrkey_t*,
+		size_t, int, addrlen_t, int, time_t, void*), void* arg);
+
+/** Lookup in subnet addrtree */
+static void
+cache_lookup_subnet_addrnode(struct query_info* q, struct reply_info* d,
+	addrkey_t* addr, size_t addr_size, int is_ipv6, addrlen_t scope,
+	int only_match_scope_zero, time_t ttl, void* arg)
+{
+	size_t i;
+	char s[65535], tp[32], cl[32], rc[32], fg[32], astr[64];
+	struct cache_lookup_info* inf = (struct cache_lookup_info*)arg;
+	if(is_ipv6) {
+		if(addr_size < 16 || inet_ntop(AF_INET6, addr, astr,
+			sizeof(astr)) == NULL)
+			snprintf(astr, sizeof(astr), "(inet6ntoperror)");
+	} else {
+		if(addr_size < 4 || inet_ntop(AF_INET, addr, astr,
+			sizeof(astr)) == NULL)
+			snprintf(astr, sizeof(astr), "(inetntoperror)");
+	}
+	sldns_wire2str_dname_buf(q->qname, q->qname_len, s, sizeof(s));
+	sldns_wire2str_type_buf(q->qtype, tp, sizeof(tp));
+	sldns_wire2str_class_buf(q->qclass, cl, sizeof(cl));
+	sldns_wire2str_rcode_buf(FLAGS_GET_RCODE(d->flags),
+		rc, sizeof(rc));
+	snprintf(fg, sizeof(fg), "%s%s%s%s%s%s%s%s",
+		((d->flags&BIT_QR)?" QR":""),
+		((d->flags&BIT_AA)?" AA":""),
+		((d->flags&BIT_TC)?" TC":""),
+		((d->flags&BIT_RD)?" RD":""),
+		((d->flags&BIT_RA)?" RA":""),
+		((d->flags&BIT_Z)?" Z":""),
+		((d->flags&BIT_AD)?" AD":""),
+		((d->flags&BIT_CD)?" CD":""));
+	if(!rrset_array_lock(d->ref, d->rrset_count,
+		*inf->worker->env.now)) {
+		/* rrsets have timed out or do not exist */
+		return;
+	}
+	if(!ssl_printf(inf->ssl, "subnet %s/%d%s %s %s %s " ARG_LL "d\n", astr,
+		(int)scope, (only_match_scope_zero?" scope_zero":""),
+		s, cl, tp, (long long)(ttl-*inf->worker->env.now))) {
+		rrset_array_unlock(d->ref, d->rrset_count);
+		return;
+	}
+	ssl_printf(inf->ssl,
+		"subnet msg %s %s %s%s %s %d %d " ARG_LL "d %d %u %u %u %d %s\n",
+		s, cl, tp, fg, rc,
+		(int)d->flags, (int)d->qdcount,
+		(long long)(d->ttl-*inf->worker->env.now),
+		(int)d->security,
+		(unsigned)d->an_numrrsets,
+		(unsigned)d->ns_numrrsets,
+		(unsigned)d->ar_numrrsets,
+		(int)d->reason_bogus,
+		d->reason_bogus_str?d->reason_bogus_str:"");
+	for(i=0; i<d->rrset_count; i++) {
+		struct ub_packed_rrset_key* rk = d->rrsets[i];
+		struct packed_rrset_data* rd = (struct packed_rrset_data*)rk->entry.data;
+		size_t j;
+		for(j=0; j<rd->count + rd->rrsig_count; j++) {
+			if(!packed_rr_to_string(rk, j,
+				*inf->worker->env.now, s, sizeof(s))) {
+				ssl_printf(inf->ssl, "BADRR\n");
+			} else {
+				ssl_printf(inf->ssl, "%s", s);
+			}
+		}
+	}
+	rrset_array_unlock(d->ref, d->rrset_count);
+	ssl_printf(inf->ssl, "\n");
+}
+
+/** Visit an edge in subnet addrtree traverse */
+static void
+addrtree_traverse_visit_edge(struct addredge* edge, addrkey_t* addr,
+	size_t addr_size, int is_ipv6, time_t now, struct query_info* q,
+	void (*func)(struct query_info*, struct reply_info*, addrkey_t*,
+		size_t, int, addrlen_t, int, time_t, void*), void* arg)
+{
+	size_t n;
+	addrlen_t addrlen;
+	if(!edge || !edge->node)
+		return;
+	addrlen = edge->len;
+	/* ceil() */
+	n = (size_t)((addrlen / KEYWIDTH) + ((addrlen % KEYWIDTH != 0)?1:0));
+	if(n > addr_size)
+		n = addr_size;
+	memset(addr, 0, addr_size);
+	memcpy(addr, edge->str, n);
+	addrtree_traverse_visit_node(edge->node, addr, addr_size, is_ipv6,
+		now, q, func, arg);
+}
+
+/** Visit a node in subnet addrtree traverse */
+static void
+addrtree_traverse_visit_node(struct addrnode* n, addrkey_t* addr,
+	size_t addr_size, int is_ipv6, time_t now, struct query_info* q,
+	void (*func)(struct query_info*, struct reply_info*, addrkey_t*,
+		size_t, int, addrlen_t, int, time_t, void*), void* arg)
+{
+	/* If this node has data, and not expired. */
+	if(n->elem && n->ttl >= now) {
+		func(q, (struct reply_info*)n->elem, addr, addr_size, is_ipv6,
+			n->scope, n->only_match_scope_zero, n->ttl, arg);
+	}
+	/* Traverse edges. */
+	addrtree_traverse_visit_edge(n->edge[0], addr, addr_size, is_ipv6,
+		now, q, func, arg);
+	addrtree_traverse_visit_edge(n->edge[1], addr, addr_size, is_ipv6,
+		now, q, func, arg);
+}
+
+/** Traverse subnet addrtree */
+static void
+addrtree_traverse(struct addrtree* tree, int is_ipv6, time_t now,
+	struct query_info* q,
+	void (*func)(struct query_info*, struct reply_info*, addrkey_t*,
+		size_t, int, addrlen_t, int, time_t, void*), void* arg)
+{
+	uint8_t addr[16]; /* Large enough for IPv4 and IPv6. */
+	memset(addr, 0, sizeof(addr));
+	addrtree_traverse_visit_node(tree->root, (addrkey_t*)addr,
+		sizeof(addr), is_ipv6, now, q, func, arg);
+}
+
+/** Lookup cache_lookup for subnet content. */
+static void
+cache_lookup_subnet_msg(struct lruhash_entry* e, void* arg)
+{
+	struct cache_lookup_info* inf = (struct cache_lookup_info*)arg;
+	struct msgreply_entry *k = (struct msgreply_entry*)e->key;
+	struct subnet_msg_cache_data* d =
+		(struct subnet_msg_cache_data*)e->data;
+	if(!dname_subdomain_c(k->key.qname, inf->nm))
+		return;
+
+	if(d->tree4) {
+		addrtree_traverse(d->tree4, 0, *inf->worker->env.now, &k->key,
+			&cache_lookup_subnet_addrnode, inf);
+	}
+	if(d->tree6) {
+		addrtree_traverse(d->tree6, 1, *inf->worker->env.now, &k->key,
+			&cache_lookup_subnet_addrnode, inf);
+	}
+}
+#endif /* CLIENT_SUBNET */
+
+static void
+cache_lookup_rrset(struct lruhash_entry* e, void* arg)
+{
+	struct cache_lookup_info* inf = (struct cache_lookup_info*)arg;
+	struct ub_packed_rrset_key* k = (struct ub_packed_rrset_key*)e->key;
+	struct packed_rrset_data* d = (struct packed_rrset_data*)e->data;
+	if(*inf->worker->env.now < d->ttl &&
+		k->id != 0 && /* not deleted */
+		dname_subdomain_c(k->rk.dname, inf->nm)) {
+		size_t i;
+		for(i=0; i<d->count + d->rrsig_count; i++) {
+			char s[65535];
+			if(!packed_rr_to_string(k, i, *inf->worker->env.now,
+				s, sizeof(s))) {
+				ssl_printf(inf->ssl, "BADRR\n");
+				return;
+			}
+			ssl_printf(inf->ssl, "%s", s);
+		}
+		ssl_printf(inf->ssl, "\n");
+	}
+}
+
+static void
+cache_lookup_msg(struct lruhash_entry* e, void* arg)
+{
+	struct cache_lookup_info* inf = (struct cache_lookup_info*)arg;
+	struct msgreply_entry* k = (struct msgreply_entry*)e->key;
+	struct reply_info* d = (struct reply_info*)e->data;
+	if(*inf->worker->env.now < d->ttl &&
+		dname_subdomain_c(k->key.qname, inf->nm)) {
+		size_t i;
+		char s[65535], tp[32], cl[32], rc[32], fg[32];
+		sldns_wire2str_dname_buf(k->key.qname, k->key.qname_len,
+			s, sizeof(s));
+		sldns_wire2str_type_buf(k->key.qtype, tp, sizeof(tp));
+		sldns_wire2str_class_buf(k->key.qclass, cl, sizeof(cl));
+		sldns_wire2str_rcode_buf(FLAGS_GET_RCODE(d->flags),
+			rc, sizeof(rc));
+		snprintf(fg, sizeof(fg), "%s%s%s%s%s%s%s%s",
+			((d->flags&BIT_QR)?" QR":""),
+			((d->flags&BIT_AA)?" AA":""),
+			((d->flags&BIT_TC)?" TC":""),
+			((d->flags&BIT_RD)?" RD":""),
+			((d->flags&BIT_RA)?" RA":""),
+			((d->flags&BIT_Z)?" Z":""),
+			((d->flags&BIT_AD)?" AD":""),
+			((d->flags&BIT_CD)?" CD":""));
+		if(!rrset_array_lock(d->ref, d->rrset_count,
+			*inf->worker->env.now)) {
+			/* rrsets have timed out or do not exist */
+			return;
+		}
+		ssl_printf(inf->ssl,
+			"msg %s %s %s%s %s %d %d " ARG_LL "d %d %u %u %u %d %s\n",
+			s, cl, tp, fg, rc,
+			(int)d->flags, (int)d->qdcount,
+			(long long)(d->ttl-*inf->worker->env.now),
+			(int)d->security,
+			(unsigned)d->an_numrrsets,
+			(unsigned)d->ns_numrrsets,
+			(unsigned)d->ar_numrrsets,
+			(int)d->reason_bogus,
+			d->reason_bogus_str?d->reason_bogus_str:"");
+		for(i=0; i<d->rrset_count; i++) {
+			struct ub_packed_rrset_key* rk = d->rrsets[i];
+			struct packed_rrset_data* rd = (struct packed_rrset_data*)rk->entry.data;
+			size_t j;
+			for(j=0; j<rd->count + rd->rrsig_count; j++) {
+				if(!packed_rr_to_string(rk, j,
+					*inf->worker->env.now, s, sizeof(s))) {
+					rrset_array_unlock(d->ref, d->rrset_count);
+					ssl_printf(inf->ssl, "BADRR\n");
+					return;
+				}
+				ssl_printf(inf->ssl, "%s", s);
+			}
+		}
+		rrset_array_unlock(d->ref, d->rrset_count);
+		ssl_printf(inf->ssl, "\n");
+	}
+}
+
+/** perform cache search for domain */
+static void
+do_cache_lookup_domain(RES* ssl, struct worker* worker, uint8_t* nm,
+	size_t nmlen)
+{
+#ifdef CLIENT_SUBNET
+	int m;
+	struct subnet_env* sn_env = NULL;
+#endif /* CLIENT_SUBNET */
+	struct cache_lookup_info inf;
+	inf.ssl = ssl;
+	inf.worker = worker;
+	inf.nm = nm;
+	inf.nmlen = nmlen;
+
+#ifdef CLIENT_SUBNET
+	m = modstack_find(worker->env.modstack, "subnetcache");
+	if(m != -1) sn_env = (struct subnet_env*)worker->env.modinfo[m];
+	if(sn_env) {
+		lock_rw_rdlock(&sn_env->biglock);
+		slabhash_traverse(sn_env->subnet_msg_cache, 0,
+			&cache_lookup_subnet_msg, &inf);
+		lock_rw_unlock(&sn_env->biglock);
+	}
+#endif /* CLIENT_SUBNET */
+
+	slabhash_traverse(&worker->env.rrset_cache->table, 0,
+		&cache_lookup_rrset, &inf);
+	slabhash_traverse(worker->env.msg_cache, 0, &cache_lookup_msg, &inf);
+}
+
+/** cache lookup of domain */
+static void
+do_cache_lookup(RES* ssl, struct worker* worker, char* arg)
+{
+	uint8_t nm[LDNS_MAX_DOMAINLEN+1];
+	size_t nmlen;
+	int status;
+	char* s = arg, *next = NULL;
+	int allow_long = 0;
+
+	if(arg[0] == '+' && arg[1] == 't' && (arg[2]==' ' || arg[2]=='\t')) {
+		allow_long = 1;
+		s = arg+2;
+	}
+
+	/* Find the commandline arguments of domains. */
+	while(s && *s != 0) {
+		s = skipwhite(s);
+		if(*s == 0)
+			break;
+		if(strchr(s, ' ') || strchr(s, '\t')) {
+			char* sp = strchr(s, ' ');
+			if(strchr(s, '\t') != 0 && strchr(s, '\t') < sp)
+				sp = strchr(s, '\t');
+			*sp = 0;
+			next = sp+1;
+		} else {
+			next = NULL;
+		}
+
+		nmlen = sizeof(nm);
+		status = sldns_str2wire_dname_buf(s, nm, &nmlen);
+		if(status != 0) {
+			ssl_printf(ssl, "error cannot parse name %s at %d: %s\n", s,
+				LDNS_WIREPARSE_OFFSET(status),
+				sldns_get_errorstr_parse(status));
+			return;
+		}
+		if(!allow_long && dname_count_labels(nm) < 3) {
+			ssl_printf(ssl, "error name too short: '%s'. Need example.com. or longer, short names take very long, use +t to allow them.\n", s);
+			return;
+		}
+
+		do_cache_lookup_domain(ssl, worker, nm, nmlen);
+
+		s = next;
+	}
+}
+
 /** cache lookup of nameservers */
 static void
 do_lookup(RES* ssl, struct worker* worker, char* arg)
@@ -2887,10 +3221,13 @@ do_auth_zone_reload(RES* ssl, struct worker* worker, char* arg)
 			(void)ssl_printf(ssl, "error: no SOA in zone after read %s\n", arg);
 			return;
 		}
-		if(xfr->have_zone)
+		if(xfr->have_zone) {
 			xfr->lease_time = *worker->env.now;
+			xfr->soa_zone_acquired = *worker->env.now;
+		}
 		lock_basic_unlock(&xfr->lock);
 	}
+	z->soa_zone_acquired = *worker->env.now;
 
 	auth_zone_verify_zonemd(z, &worker->env, &worker->env.mesh->mods,
 		&reason, 0, 0);
@@ -3039,7 +3376,7 @@ static void
 do_list_auth_zones(RES* ssl, struct auth_zones* az)
 {
 	struct auth_zone* z;
-	char buf[LDNS_MAX_DOMAINLEN], buf2[256];
+	char buf[LDNS_MAX_DOMAINLEN], buf2[256], buf3[256];
 	lock_rw_rdlock(&az->lock);
 	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
 		lock_rw_rdlock(&z->lock);
@@ -3048,18 +3385,41 @@ do_list_auth_zones(RES* ssl, struct auth_zones* az)
 			snprintf(buf2, sizeof(buf2), "expired");
 		else {
 			uint32_t serial = 0;
-			if(auth_zone_get_serial(z, &serial))
+			if(auth_zone_get_serial(z, &serial)) {
 				snprintf(buf2, sizeof(buf2), "serial %u",
 					(unsigned)serial);
-			else	snprintf(buf2, sizeof(buf2), "no serial");
+				if(z->soa_zone_acquired != 0) {
+#if defined(HAVE_STRFTIME) && defined(HAVE_LOCALTIME_R)
+					char tmbuf[32];
+					struct tm tm;
+					struct tm *tm_p;
+					tm_p = localtime_r(
+						&z->soa_zone_acquired, &tm);
+					if(!strftime(tmbuf, sizeof(tmbuf), "%Y-%m-%dT%H:%M:%S", tm_p))
+						snprintf(tmbuf, sizeof(tmbuf), "strftime-err-%u", (unsigned)z->soa_zone_acquired);
+					snprintf(buf3, sizeof(buf3),
+						"\t since %u %s",
+						(unsigned)z->soa_zone_acquired,
+						tmbuf);
+#else
+					snprintf(buf3, sizeof(buf3),
+						"\t since %u",
+						(unsigned)z->soa_zone_acquired);
+#endif
+				} else {
+					buf3[0]=0;
+				}
+			} else	{
+				snprintf(buf2, sizeof(buf2), "no serial");
+				buf3[0]=0;
+			}
 		}
-		if(!ssl_printf(ssl, "%s\t%s\n", buf, buf2)) {
+		lock_rw_unlock(&z->lock);
+		if(!ssl_printf(ssl, "%s\t%s%s\n", buf, buf2, buf3)) {
 			/* failure to print */
-			lock_rw_unlock(&z->lock);
 			lock_rw_unlock(&az->lock);
 			return;
 		}
-		lock_rw_unlock(&z->lock);
 	}
 	lock_rw_unlock(&az->lock);
 }
@@ -3502,6 +3862,30 @@ do_print_cookie_secrets(RES* ssl, struct worker* worker) {
 	explicit_bzero(secret_hex, sizeof(secret_hex));
 }
 
+/** check that there is no argument after a command that takes no arguments. */
+static int
+cmd_no_args(RES* ssl, char* cmd, char* p)
+{
+	if(p && *p != 0) {
+		/* cmd contains the command that is called at the start,
+		 * with space or tab after it. */
+		char* c = cmd;
+		if(strchr(c, ' ') && strchr(c, '\t')) {
+			if(strchr(c, ' ') < strchr(c, '\t'))
+				*strchr(c, ' ')=0;
+			else	*strchr(c, '\t')=0;
+		} else if(strchr(c, ' ')) {
+			*strchr(c, ' ')=0;
+		} else if(strchr(c, '\t')) {
+			*strchr(c, '\t')=0;
+		}
+		(void)ssl_printf(ssl, "error command %s takes no arguments,"
+			" have '%s'\n", c, p);
+		return 1;
+	}
+	return 0;
+}
+
 /** check for name with end-of-string, space or tab after it */
 static int
 cmdcmp(char* p, const char* cmd, size_t len)
@@ -3517,27 +3901,41 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 	char* p = skipwhite(cmd);
 	/* compare command */
 	if(cmdcmp(p, "stop", 4)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+4)))
+			return;
 		do_stop(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "reload_keep_cache", 17)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+17)))
+			return;
 		do_reload(ssl, worker, 1);
 		return;
 	} else if(cmdcmp(p, "reload", 6)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+6)))
+			return;
 		do_reload(ssl, worker, 0);
 		return;
 	} else if(cmdcmp(p, "fast_reload", 11)) {
 		do_fast_reload(ssl, worker, s, skipwhite(p+11));
 		return;
 	} else if(cmdcmp(p, "stats_noreset", 13)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+13)))
+			return;
 		do_stats(ssl, worker, 0);
 		return;
 	} else if(cmdcmp(p, "stats", 5)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+5)))
+			return;
 		do_stats(ssl, worker, 1);
 		return;
 	} else if(cmdcmp(p, "status", 6)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+6)))
+			return;
 		do_status(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "dump_cache", 10)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+10)))
+			return;
 #ifdef THREADS_DISABLED
 		if(worker->daemon->num > 1) {
 			(void)ssl_printf(ssl, "dump_cache/load_cache is not "
@@ -3548,6 +3946,8 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 		(void)dump_cache(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "load_cache", 10)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+10)))
+			return;
 #ifdef THREADS_DISABLED
 		if(worker->daemon->num > 1) {
 			/* The warning can't be printed when stdin is sending
@@ -3558,18 +3958,28 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 		if(load_cache(ssl, worker)) send_ok(ssl);
 		return;
 	} else if(cmdcmp(p, "list_forwards", 13)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+13)))
+			return;
 		do_list_forwards(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "list_stubs", 10)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+10)))
+			return;
 		do_list_stubs(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "list_insecure", 13)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+13)))
+			return;
 		do_insecure_list(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "list_local_zones", 16)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+16)))
+			return;
 		do_list_local_zones(ssl, worker->daemon->local_zones);
 		return;
 	} else if(cmdcmp(p, "list_local_data", 15)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+15)))
+			return;
 		do_list_local_data(ssl, worker, worker->daemon->local_zones);
 		return;
 	} else if(cmdcmp(p, "view_list_local_zones", 21)) {
@@ -3585,6 +3995,8 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 		do_ip_ratelimit_list(ssl, worker, p+17);
 		return;
 	} else if(cmdcmp(p, "list_auth_zones", 15)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+15)))
+			return;
 		do_list_auth_zones(ssl, worker->env.auth_zones);
 		return;
 	} else if(cmdcmp(p, "auth_zone_reload", 16)) {
@@ -3605,14 +4017,21 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 		return;
 	} else if(cmdcmp(p, "flush_stats", 11)) {
 		/* must always distribute this cmd */
+		if(cmd_no_args(ssl, p, skipwhite(p+11)))
+			return;
 		if(rc) distribute_cmd(rc, ssl, cmd);
 		do_flush_stats(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "flush_requestlist", 17)) {
 		/* must always distribute this cmd */
+		if(cmd_no_args(ssl, p, skipwhite(p+17)))
+			return;
 		if(rc) distribute_cmd(rc, ssl, cmd);
 		do_flush_requestlist(ssl, worker);
 		return;
+	} else if(cmdcmp(p, "cache_lookup", 12)) {
+		do_cache_lookup(ssl, worker, skipwhite(p+12));
+		return;
 	} else if(cmdcmp(p, "lookup", 6)) {
 		do_lookup(ssl, worker, skipwhite(p+6));
 		return;
@@ -3620,15 +4039,23 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 	 * Each line needs to be distributed if THREADS_DISABLED.
 	 */
 	} else if(cmdcmp(p, "local_zones_remove", 18)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+18)))
+			return;
 		do_zones_remove(rc, ssl, worker);
 		return;
 	} else if(cmdcmp(p, "local_zones", 11)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+11)))
+			return;
 		do_zones_add(rc, ssl, worker);
 		return;
 	} else if(cmdcmp(p, "local_datas_remove", 18)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+18)))
+			return;
 		do_datas_remove(rc, ssl, worker);
 		return;
 	} else if(cmdcmp(p, "local_datas", 11)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+11)))
+			return;
 		do_datas_add(rc, ssl, worker);
 		return;
 	} else if(cmdcmp(p, "view_local_datas_remove", 23)){
@@ -3638,6 +4065,8 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 		do_view_datas_add(rc, ssl, worker, skipwhite(p+16));
 		return;
 	} else if(cmdcmp(p, "print_cookie_secrets", 20)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+20)))
+			return;
 		do_print_cookie_secrets(ssl, worker);
 		return;
 	}
@@ -3687,10 +4116,16 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 	} else if(cmdcmp(p, "flush", 5)) {
 		do_flush_name(ssl, worker, skipwhite(p+5));
 	} else if(cmdcmp(p, "dump_requestlist", 16)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+16)))
+			return;
 		do_dump_requestlist(ssl, worker);
 	} else if(cmdcmp(p, "dump_infra", 10)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+10)))
+			return;
 		do_dump_infra(ssl, worker);
 	} else if(cmdcmp(p, "log_reopen", 10)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+10)))
+			return;
 		do_log_reopen(ssl, worker);
 	} else if(cmdcmp(p, "set_option", 10)) {
 		do_set_option(ssl, worker, skipwhite(p+10));
@@ -3707,8 +4142,12 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 	} else if(cmdcmp(p, "add_cookie_secret", 17)) {
 		do_add_cookie_secret(ssl, worker, skipwhite(p+17));
 	} else if(cmdcmp(p, "drop_cookie_secret", 18)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+18)))
+			return;
 		do_drop_cookie_secret(ssl, worker);
 	} else if(cmdcmp(p, "activate_cookie_secret", 22)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+22)))
+			return;
 		do_activate_cookie_secret(ssl, worker);
 	} else {
 		(void)ssl_printf(ssl, "error unknown command '%s'\n", p);
@@ -4348,37 +4787,45 @@ fr_check_tag_defines(struct fast_reload_thread* fr, struct config_file* newcfg)
 	return 1;
 }
 
-/** fast reload thread, check if config item has changed, if not add to
- * the explanatory string. */
+/** fast reload thread, add incompatible option to the explanatory string */
 static void
-fr_check_changed_cfg(int cmp, const char* desc, char* str, size_t len)
+fr_add_incompatible_option(const char* desc, char* str, size_t len)
 {
-	if(cmp) {
-		size_t slen = strlen(str);
-		size_t desclen = strlen(desc);
-		if(slen == 0) {
-			snprintf(str, len, "%s", desc);
-			return;
-		}
-		if(len - slen < desclen+2)
-			return; /* It does not fit */
-		snprintf(str+slen, len-slen, " %s", desc);
+	size_t slen = strlen(str);
+	size_t desclen = strlen(desc);
+	if(slen == 0) {
+		snprintf(str, len, "%s", desc);
+		return;
 	}
+	if(len - slen < desclen+2)
+		return; /* It does not fit */
+	snprintf(str+slen, len-slen, " %s", desc);
 }
 
+/** fast reload thread, check if config item has changed; thus incompatible */
+#define FR_CHECK_CHANGED_CFG(desc, var, str)				\
+do {									\
+	if(cfg->var != newcfg->var) {					\
+		fr_add_incompatible_option(desc, str, sizeof(str));	\
+	}								\
+} while(0);
+
 /** fast reload thread, check if config string has changed, checks NULLs. */
-static void
-fr_check_changed_cfg_str(char* cmp1, char* cmp2, const char* desc, char* str,
-	size_t len)
-{
-	if((!cmp1 && cmp2) ||
-		(cmp1 && !cmp2) ||
-		(cmp1 && cmp2 && strcmp(cmp1, cmp2) != 0)) {
-		fr_check_changed_cfg(1, desc, str, len);
-	}
-}
+#define FR_CHECK_CHANGED_CFG_STR(desc, var, str)			\
+do {									\
+	if((!cfg->var && newcfg->var) ||				\
+		(cfg->var && !newcfg->var) ||				\
+		(cfg->var && newcfg->var				\
+		&& strcmp(cfg->var, newcfg->var) != 0)) {		\
+		fr_add_incompatible_option(desc, str, sizeof(str));	\
+	}								\
+} while(0);
 
 /** fast reload thread, check if config strlist has changed. */
+#define FR_CHECK_CHANGED_CFG_STRLIST(desc, var, str) do {		\
+	fr_check_changed_cfg_strlist(cfg->var, newcfg->var, desc, str,	\
+		sizeof(str));						\
+	} while(0);
 static void
 fr_check_changed_cfg_strlist(struct config_strlist* cmp1,
 	struct config_strlist* cmp2, const char* desc, char* str, size_t len)
@@ -4389,18 +4836,22 @@ fr_check_changed_cfg_strlist(struct config_strlist* cmp1,
 			(p1->str && !p2->str) ||
 			(p1->str && p2->str && strcmp(p1->str, p2->str) != 0)) {
 			/* The strlist is different. */
-			fr_check_changed_cfg(1, desc, str, len);
+			fr_add_incompatible_option(desc, str, len);
 			return;
 		}
 		p1 = p1->next;
 		p2 = p2->next;
 	}
 	if((!p1 && p2) || (p1 && !p2)) {
-		fr_check_changed_cfg(1, desc, str, len);
+		fr_add_incompatible_option(desc, str, len);
 	}
 }
 
 /** fast reload thread, check if config str2list has changed. */
+#define FR_CHECK_CHANGED_CFG_STR2LIST(desc, var, buff) do {		\
+	fr_check_changed_cfg_str2list(cfg->var, newcfg->var, desc, buff,\
+		sizeof(buff));						\
+	} while(0);
 static void
 fr_check_changed_cfg_str2list(struct config_str2list* cmp1,
 	struct config_str2list* cmp2, const char* desc, char* str, size_t len)
@@ -4411,7 +4862,7 @@ fr_check_changed_cfg_str2list(struct config_str2list* cmp1,
 			(p1->str && !p2->str) ||
 			(p1->str && p2->str && strcmp(p1->str, p2->str) != 0)) {
 			/* The str2list is different. */
-			fr_check_changed_cfg(1, desc, str, len);
+			fr_add_incompatible_option(desc, str, len);
 			return;
 		}
 		if((!p1->str2 && p2->str2) ||
@@ -4419,14 +4870,14 @@ fr_check_changed_cfg_str2list(struct config_str2list* cmp1,
 			(p1->str2 && p2->str2 &&
 			strcmp(p1->str2, p2->str2) != 0)) {
 			/* The str2list is different. */
-			fr_check_changed_cfg(1, desc, str, len);
+			fr_add_incompatible_option(desc, str, len);
 			return;
 		}
 		p1 = p1->next;
 		p2 = p2->next;
 	}
 	if((!p1 && p2) || (p1 && !p2)) {
-		fr_check_changed_cfg(1, desc, str, len);
+		fr_add_incompatible_option(desc, str, len);
 	}
 }
 
@@ -4440,98 +4891,54 @@ fr_check_compat_cfg(struct fast_reload_thread* fr, struct config_file* newcfg)
 	changed_str[0]=0;
 
 	/* Find incompatible options, and if so, print an error. */
-	fr_check_changed_cfg(cfg->num_threads != newcfg->num_threads,
-		"num-threads", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->do_ip4 != newcfg->do_ip4,
-		"do-ip4", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->do_ip6 != newcfg->do_ip6,
-		"do-ip6", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->do_udp != newcfg->do_udp,
-		"do-udp", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->do_tcp != newcfg->do_tcp,
-		"do-tcp", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->port != newcfg->port,
-		"port", changed_str, sizeof(changed_str));
+	FR_CHECK_CHANGED_CFG("num-threads", num_threads, changed_str);
+	FR_CHECK_CHANGED_CFG("do-ip4", do_ip4, changed_str);
+	FR_CHECK_CHANGED_CFG("do-ip6", do_ip6, changed_str);
+	FR_CHECK_CHANGED_CFG("do-udp", do_udp, changed_str);
+	FR_CHECK_CHANGED_CFG("do-tcp", do_tcp, changed_str);
+	FR_CHECK_CHANGED_CFG("port", port, changed_str);
 	/* But cfg->outgoing_num_ports has been changed at startup,
 	 * possibly to reduce it, so do not check it here. */
-	fr_check_changed_cfg(cfg->outgoing_num_tcp != newcfg->outgoing_num_tcp,
-		"outgoing-num-tcp", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->incoming_num_tcp != newcfg->incoming_num_tcp,
-		"incoming-num-tcp", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->num_out_ifs != newcfg->num_out_ifs,
-		"outgoing-interface", changed_str, sizeof(changed_str));
+	FR_CHECK_CHANGED_CFG("outgoing-num-tcp", outgoing_num_tcp, changed_str);
+	FR_CHECK_CHANGED_CFG("incoming-num-tcp", incoming_num_tcp, changed_str);
+	FR_CHECK_CHANGED_CFG("outgoing-interface", num_out_ifs, changed_str);
 	if(cfg->num_out_ifs == newcfg->num_out_ifs) {
 		for(i=0; i<cfg->num_out_ifs; i++)
-			fr_check_changed_cfg(strcmp(cfg->out_ifs[i],
-				newcfg->out_ifs[i]) != 0, "outgoing-interface",
-				changed_str, sizeof(changed_str));
+			FR_CHECK_CHANGED_CFG_STR("outgoing-interface",
+				out_ifs[i], changed_str);
 	}
-	fr_check_changed_cfg(cfg->num_ifs != newcfg->num_ifs,
-		"interface", changed_str, sizeof(changed_str));
+	FR_CHECK_CHANGED_CFG("interface", num_ifs, changed_str);
 	if(cfg->num_ifs == newcfg->num_ifs) {
 		for(i=0; i<cfg->num_ifs; i++)
-			fr_check_changed_cfg(strcmp(cfg->ifs[i],
-				newcfg->ifs[i]) != 0, "interface",
-				changed_str, sizeof(changed_str));
-	}
-	fr_check_changed_cfg(cfg->if_automatic != newcfg->if_automatic,
-		"interface-automatic", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->so_rcvbuf != newcfg->so_rcvbuf,
-		"so-rcvbuf", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->so_sndbuf != newcfg->so_sndbuf,
-		"so-sndbuf", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->so_reuseport != newcfg->so_reuseport,
-		"so-reuseport", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->ip_transparent != newcfg->ip_transparent,
-		"ip-transparent", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->ip_freebind != newcfg->ip_freebind,
-		"ip-freebind", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->udp_connect != newcfg->udp_connect,
-		"udp-connect", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->msg_buffer_size != newcfg->msg_buffer_size,
-		"msg-buffer-size", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->do_tcp_keepalive != newcfg->do_tcp_keepalive,
-		"edns-tcp-keepalive", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->tcp_keepalive_timeout != newcfg->tcp_keepalive_timeout,
-		"edns-tcp-keepalive-timeout", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->tcp_idle_timeout != newcfg->tcp_idle_timeout,
-		"tcp-idle-timeout", changed_str, sizeof(changed_str));
+			FR_CHECK_CHANGED_CFG_STR("interface",
+				ifs[i], changed_str);
+	}
+	FR_CHECK_CHANGED_CFG("interface-automatic", if_automatic, changed_str);
+	FR_CHECK_CHANGED_CFG("so-rcvbuf", so_rcvbuf, changed_str);
+	FR_CHECK_CHANGED_CFG("so-sndbuf", so_sndbuf, changed_str);
+	FR_CHECK_CHANGED_CFG("so-reuseport", so_reuseport, changed_str);
+	FR_CHECK_CHANGED_CFG("ip-transparent", ip_transparent, changed_str);
+	FR_CHECK_CHANGED_CFG("ip-freebind", ip_freebind, changed_str);
+	FR_CHECK_CHANGED_CFG("udp-connect", udp_connect, changed_str);
+	FR_CHECK_CHANGED_CFG("msg-buffer-size", msg_buffer_size, changed_str);
+	FR_CHECK_CHANGED_CFG("edns-tcp-keepalive", do_tcp_keepalive, changed_str);
+	FR_CHECK_CHANGED_CFG("edns-tcp-keepalive-timeout", tcp_keepalive_timeout, changed_str);
+	FR_CHECK_CHANGED_CFG("tcp-idle-timeout", tcp_idle_timeout, changed_str);
 	/* Not changed, only if DoH is used, it is then stored in commpoints,
 	 * as well as used from cfg. */
-	fr_check_changed_cfg(
-		cfg->harden_large_queries != newcfg->harden_large_queries,
-		"harden-large-queries", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->http_max_streams != newcfg->http_max_streams,
-		"http-max-streams", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str(cfg->http_endpoint, newcfg->http_endpoint,
-		"http-endpoint", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->http_notls_downstream != newcfg->http_notls_downstream,
-		"http_notls_downstream", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->https_port != newcfg->https_port,
-		"https-port", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->ssl_port != newcfg->ssl_port,
-		"tls-port", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str(cfg->ssl_service_key, newcfg->ssl_service_key,
-		"tls-service-key", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str(cfg->ssl_service_pem, newcfg->ssl_service_pem,
-		"tls-service-pem", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str(cfg->tls_cert_bundle, newcfg->tls_cert_bundle,
-		"tls-cert-bundle", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_strlist(cfg->proxy_protocol_port,
-		newcfg->proxy_protocol_port, "proxy-protocol-port",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_strlist(cfg->tls_additional_port,
-		newcfg->tls_additional_port, "tls-additional-port",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str(cfg->if_automatic_ports,
-		newcfg->if_automatic_ports, "interface-automatic-ports",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->udp_upstream_without_downstream !=
-		newcfg->udp_upstream_without_downstream,
-		"udp-upstream-without-downstream", changed_str,
-		sizeof(changed_str));
+	FR_CHECK_CHANGED_CFG("harden-large-queries", harden_large_queries, changed_str);
+	FR_CHECK_CHANGED_CFG("http-max-streams", http_max_streams, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("http-endpoint", http_endpoint, changed_str);
+	FR_CHECK_CHANGED_CFG("http_notls_downstream", http_notls_downstream, changed_str);
+	FR_CHECK_CHANGED_CFG("https-port", https_port, changed_str);
+	FR_CHECK_CHANGED_CFG("tls-port", ssl_port, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("tls-service-key", ssl_service_key, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("tls-service-pem", ssl_service_pem, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("tls-cert-bundle", tls_cert_bundle, changed_str);
+	FR_CHECK_CHANGED_CFG_STRLIST("proxy-protocol-port", proxy_protocol_port, changed_str);
+	FR_CHECK_CHANGED_CFG_STRLIST("tls-additional-port", tls_additional_port, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("interface-automatic-ports", if_automatic_ports, changed_str);
+	FR_CHECK_CHANGED_CFG("udp-upstream-without-downstream", udp_upstream_without_downstream, changed_str);
 
 	if(changed_str[0] != 0) {
 		/* The new config changes some items that do not work with
@@ -4549,7 +4956,7 @@ fr_check_compat_cfg(struct fast_reload_thread* fr, struct config_file* newcfg)
 
 /** fast reload thread, check nopause config items */
 static int
-fr_check_nopause_cfg(struct fast_reload_thread* fr, struct config_file* newcfg)
+fr_check_nopause_compat_cfg(struct fast_reload_thread* fr, struct config_file* newcfg)
 {
 	char changed_str[1024];
 	struct config_file* cfg = fr->worker->env.cfg;
@@ -4558,94 +4965,43 @@ fr_check_nopause_cfg(struct fast_reload_thread* fr, struct config_file* newcfg)
 	changed_str[0]=0;
 
 	/* Check for iter_env. */
-	fr_check_changed_cfg(
-		cfg->outbound_msg_retry != newcfg->outbound_msg_retry,
-		"outbound-msg-retry", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->max_sent_count != newcfg->max_sent_count,
-		"max-sent-count", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->max_query_restarts != newcfg->max_query_restarts,
-		"max-query-restarts", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(strcmp(cfg->target_fetch_policy,
-		newcfg->target_fetch_policy) != 0,
-		"target-fetch-policy", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->donotquery_localhost != newcfg->donotquery_localhost,
-		"do-not-query-localhost", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_strlist(cfg->donotqueryaddrs,
-		newcfg->donotqueryaddrs, "do-not-query-localhost",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_strlist(cfg->private_address,
-		newcfg->private_address, "private-address",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_strlist(cfg->private_domain,
-		newcfg->private_domain, "private-domain",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_strlist(cfg->caps_whitelist,
-		newcfg->caps_whitelist, "caps-exempt",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->do_nat64 != newcfg->do_nat64,
-		"do-nat64", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str(cfg->nat64_prefix, newcfg->nat64_prefix,
-		"nat64-prefix", changed_str, sizeof(changed_str));
+	FR_CHECK_CHANGED_CFG("outbound-msg-retry", outbound_msg_retry, changed_str);
+	FR_CHECK_CHANGED_CFG("max-sent-count", max_sent_count, changed_str);
+	FR_CHECK_CHANGED_CFG("max-query-restarts", max_query_restarts, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("target-fetch-policy", target_fetch_policy, changed_str);
+	FR_CHECK_CHANGED_CFG("do-not-query-localhost", donotquery_localhost, changed_str);
+	FR_CHECK_CHANGED_CFG_STRLIST("do-not-query-address", donotqueryaddrs, changed_str);
+	FR_CHECK_CHANGED_CFG_STRLIST("private-address", private_address, changed_str);
+	FR_CHECK_CHANGED_CFG_STRLIST("private-domain", private_domain, changed_str);
+	FR_CHECK_CHANGED_CFG_STRLIST("caps-exempt", caps_whitelist, changed_str);
+	FR_CHECK_CHANGED_CFG("do-nat64", do_nat64, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("nat64-prefix", nat64_prefix, changed_str);
 
 	/* Check for val_env. */
-	fr_check_changed_cfg(cfg->bogus_ttl != newcfg->bogus_ttl,
-		"val-bogus-ttl", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->val_date_override != newcfg->val_date_override,
-		"val-date-override", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->val_sig_skew_min != newcfg->val_sig_skew_min,
-		"val-sig-skew-min", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->val_sig_skew_max != newcfg->val_sig_skew_max,
-		"val-sig-skew-max", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->val_max_restart != newcfg->val_max_restart,
-		"val-max-restart", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(strcmp(cfg->val_nsec3_key_iterations,
-		newcfg->val_nsec3_key_iterations) != 0,
-		"val-nsec3-keysize-iterations", changed_str,
-		sizeof(changed_str));
+	FR_CHECK_CHANGED_CFG("val-bogus-ttl", bogus_ttl, changed_str);
+	FR_CHECK_CHANGED_CFG("val-date-override", val_date_override, changed_str);
+	FR_CHECK_CHANGED_CFG("val-sig-skew-min", val_sig_skew_min, changed_str);
+	FR_CHECK_CHANGED_CFG("val-sig-skew-max", val_sig_skew_max, changed_str);
+	FR_CHECK_CHANGED_CFG("val-max-restart", val_max_restart, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("val-nsec3-keysize-iterations",
+		val_nsec3_key_iterations, changed_str);
 
 	/* Check for infra. */
-	fr_check_changed_cfg(cfg->host_ttl != newcfg->host_ttl,
-		"infra-host-ttl", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->infra_keep_probing != newcfg->infra_keep_probing,
-		"infra-keep-probing", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->ratelimit != newcfg->ratelimit,
-		"ratelimit", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->ip_ratelimit != newcfg->ip_ratelimit,
-		"ip-ratelimit", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->ip_ratelimit_cookie != newcfg->ip_ratelimit_cookie,
-		"ip-ratelimit-cookie", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str2list(cfg->wait_limit_netblock,
-		newcfg->wait_limit_netblock, "wait-limit-netblock",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str2list(cfg->wait_limit_cookie_netblock,
-		newcfg->wait_limit_cookie_netblock,
-		"wait-limit-cookie-netblock", changed_str,
-		sizeof(changed_str));
-	fr_check_changed_cfg_str2list(cfg->ratelimit_below_domain,
-		newcfg->ratelimit_below_domain, "ratelimit-below-domain",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str2list(cfg->ratelimit_for_domain,
-		newcfg->ratelimit_for_domain, "ratelimit-for-domain",
-		changed_str, sizeof(changed_str));
+	FR_CHECK_CHANGED_CFG("infra-host-ttl", host_ttl, changed_str);
+	FR_CHECK_CHANGED_CFG("infra-keep-probing", infra_keep_probing, changed_str);
+	FR_CHECK_CHANGED_CFG("ratelimit", ratelimit, changed_str);
+	FR_CHECK_CHANGED_CFG("ip-ratelimit", ip_ratelimit, changed_str);
+	FR_CHECK_CHANGED_CFG("ip-ratelimit-cookie", ip_ratelimit_cookie, changed_str);
+	FR_CHECK_CHANGED_CFG_STR2LIST("wait-limit-netblock", wait_limit_netblock, changed_str);
+	FR_CHECK_CHANGED_CFG_STR2LIST("wait-limit-cookie-netblock", wait_limit_cookie_netblock, changed_str);
+	FR_CHECK_CHANGED_CFG_STR2LIST("ratelimit-below-domain", ratelimit_below_domain, changed_str);
+	FR_CHECK_CHANGED_CFG_STR2LIST("ratelimit-for-domain", ratelimit_for_domain, changed_str);
 
 	/* Check for dnstap. */
-	fr_check_changed_cfg(
-		cfg->dnstap_send_identity != newcfg->dnstap_send_identity,
-		"dnstap-send-identity", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->dnstap_send_version != newcfg->dnstap_send_version,
-		"dnstap-send-version", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str(cfg->dnstap_identity, newcfg->dnstap_identity,
-		"dnstap-identity", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str(cfg->dnstap_version, newcfg->dnstap_version,
-		"dnstap-version", changed_str, sizeof(changed_str));
+	FR_CHECK_CHANGED_CFG("dnstap-send-identity", dnstap_send_identity, changed_str);
+	FR_CHECK_CHANGED_CFG("dnstap-send-version", dnstap_send_version, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("dnstap-identity", dnstap_identity, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("dnstap-version", dnstap_version, changed_str);
 
 	if(changed_str[0] != 0) {
 		/* The new config changes some items that need a pause,
@@ -5507,7 +5863,7 @@ fr_atomic_copy_cfg(struct config_file* oldcfg, struct config_file* cfg,
 	COPY_VAR_ptr(tls_cert_bundle);
 	COPY_VAR_int(tls_win_cert);
 	COPY_VAR_ptr(tls_additional_port);
-	/* The first is used to walk throught the list but last is
+	/* The first is used to walk through the list but last is
 	 * only used during config read. */
 	COPY_VAR_ptr(tls_session_ticket_keys.first);
 	COPY_VAR_ptr(tls_session_ticket_keys.last);
@@ -5694,7 +6050,7 @@ fr_atomic_copy_cfg(struct config_file* oldcfg, struct config_file* cfg,
 	   tagname, num_tags
 	*/
 	COPY_VAR_int(remote_control_enable);
-	/* The first is used to walk throught the list but last is
+	/* The first is used to walk through the list but last is
 	 * only used during config read. */
 	COPY_VAR_ptr(control_ifs.first);
 	COPY_VAR_ptr(control_ifs.last);
@@ -5820,6 +6176,7 @@ fr_atomic_copy_cfg(struct config_file* oldcfg, struct config_file* cfg,
 	COPY_VAR_ptr(ipset_name_v6);
 #endif
 	COPY_VAR_int(ede);
+	COPY_VAR_int(iter_scrub_promiscuous);
 }
 #endif /* ATOMIC_POINTER_LOCK_FREE && HAVE_LINK_ATOMIC_STORE */
 
@@ -6193,7 +6550,7 @@ fr_load_config(struct fast_reload_thread* fr, struct timeval* time_read,
 		config_delete(newcfg);
 		return 0;
 	}
-	if(!fr_check_nopause_cfg(fr, newcfg)) {
+	if(!fr_check_nopause_compat_cfg(fr, newcfg)) {
 		config_delete(newcfg);
 		return 0;
 	}
@@ -7131,6 +7488,7 @@ fr_worker_auth_add(struct worker* worker, struct fast_reload_auth_change* item,
 			xfr->serial = 0;
 		}
 	}
+	auth_zone_pickup_initial_zone(item->new_z, &worker->env);
 	lock_rw_unlock(&item->new_z->lock);
 	lock_rw_unlock(&worker->env.auth_zones->lock);
 	lock_rw_unlock(&worker->daemon->fast_reload_thread->old_auth_zones->lock);
@@ -7257,7 +7615,7 @@ void
 fast_reload_worker_pickup_changes(struct worker* worker)
 {
 	/* The pickup of changes is called when the fast reload has
-	 * a syncronized moment, and all the threads are paused and the
+	 * a synchronized moment, and all the threads are paused and the
 	 * reload has been applied. Then the worker can pick up the new
 	 * changes and store them in worker-specific structs.
 	 * The pickup is also called when there is no pause, and then
diff --git a/contrib/unbound/daemon/stats.c b/contrib/unbound/daemon/stats.c
index 7efb83a0bc3f..41c4656aaec5 100644
--- a/contrib/unbound/daemon/stats.c
+++ b/contrib/unbound/daemon/stats.c
@@ -273,6 +273,7 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset)
 	/* add in the values from the mesh */
 	s->svr.ans_secure += (long long)worker->env.mesh->ans_secure;
 	s->svr.ans_bogus += (long long)worker->env.mesh->ans_bogus;
+	s->svr.val_ops += (long long)worker->env.mesh->val_ops;
 	s->svr.ans_rcode_nodata += (long long)worker->env.mesh->ans_nodata;
 	s->svr.ans_expired += (long long)worker->env.mesh->ans_expired;
 	for(i=0; i<UB_STATS_RCODE_NUM; i++)
@@ -495,6 +496,7 @@ void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a)
 		total->svr.ans_rcode_nodata += a->svr.ans_rcode_nodata;
 		total->svr.ans_secure += a->svr.ans_secure;
 		total->svr.ans_bogus += a->svr.ans_bogus;
+		total->svr.val_ops += a->svr.val_ops;
 		total->svr.unwanted_replies += a->svr.unwanted_replies;
 		total->svr.unwanted_queries += a->svr.unwanted_queries;
 		total->svr.tcp_accept_usage += a->svr.tcp_accept_usage;
diff --git a/contrib/unbound/daemon/unbound.c b/contrib/unbound/daemon/unbound.c
index 8e59bb25a725..164d0fb89509 100644
--- a/contrib/unbound/daemon/unbound.c
+++ b/contrib/unbound/daemon/unbound.c
@@ -174,7 +174,7 @@ static void
 checkrlimits(struct config_file* cfg)
 {
 #ifndef S_SPLINT_S
-#ifdef HAVE_GETRLIMIT
+#if defined(HAVE_GETRLIMIT) && !defined(unbound_testbound)
 	/* list has number of ports to listen to, ifs number addresses */
 	int list = ((cfg->do_udp?1:0) + (cfg->do_tcp?1 + 
 			(int)cfg->incoming_num_tcp:0));
@@ -463,11 +463,11 @@ detach(void)
 #endif /* HAVE_DAEMON */
 }
 
+#ifdef HAVE_SSL
 /* setup a listening ssl context, fatal_exit() on any failure */
 static void
 setup_listen_sslctx(void** ctx, int is_dot, int is_doh, struct config_file* cfg)
 {
-#ifdef HAVE_SSL
 	if(!(*ctx = listen_sslctx_create(
 		cfg->ssl_service_key, cfg->ssl_service_pem, NULL,
 		cfg->tls_ciphers, cfg->tls_ciphersuites,
@@ -476,10 +476,8 @@ setup_listen_sslctx(void** ctx, int is_dot, int is_doh, struct config_file* cfg)
 		is_dot, is_doh))) {
 		fatal_exit("could not set up listen SSL_CTX");
 	}
-#else /* HAVE_SSL */
-	(void)ctx;(void)is_dot;(void)is_doh;(void)cfg;
-#endif /* HAVE_SSL */
 }
+#endif /* HAVE_SSL */
 
 /* setups the needed ssl contexts, fatal_exit() on any failure */
 static void
@@ -747,6 +745,7 @@ run_daemon(const char* cfgfile, int cmdline_verbose, int debug_mode, int need_pi
 					"the commandline to see more errors, "
 					"or unbound-checkconf", cfgfile);
 			log_warn("Continuing with default config settings");
+			config_auto_slab_values(cfg);
 		}
 		apply_settings(daemon, cfg, cmdline_verbose, debug_mode);
 		if(!done_setup)
diff --git a/contrib/unbound/daemon/worker.c b/contrib/unbound/daemon/worker.c
index ead20938e172..8e4a9b3d650a 100644
--- a/contrib/unbound/daemon/worker.c
+++ b/contrib/unbound/daemon/worker.c
@@ -1707,6 +1707,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 			repinfo->client_addrlen, edns.cookie_valid,
 			c->buffer)) {
 			worker->stats.num_queries_ip_ratelimited++;
+			regional_free_all(worker->scratchpad);
 			comm_point_drop_reply(repinfo);
 			return 0;
 		}
@@ -1818,8 +1819,9 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 		goto send_reply;
 	}
 	if(worker->env.auth_zones &&
-		auth_zones_answer(worker->env.auth_zones, &worker->env,
-		&qinfo, &edns, repinfo, c->buffer, worker->scratchpad)) {
+		auth_zones_downstream_answer(worker->env.auth_zones,
+		&worker->env, &qinfo, &edns, repinfo, c->buffer,
+		worker->scratchpad)) {
 		regional_free_all(worker->scratchpad);
 		if(sldns_buffer_limit(c->buffer) == 0) {
 			comm_point_drop_reply(repinfo);
@@ -1872,20 +1874,11 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 	/* If we've found a local alias, replace the qname with the alias
 	 * target before resolving it. */
 	if(qinfo.local_alias) {
-		struct ub_packed_rrset_key* rrset = qinfo.local_alias->rrset;
-		struct packed_rrset_data* d = rrset->entry.data;
-
-		/* Sanity check: our current implementation only supports
-		 * a single CNAME RRset as a local alias. */
-		if(qinfo.local_alias->next ||
-			rrset->rk.type != htons(LDNS_RR_TYPE_CNAME) ||
-			d->count != 1) {
-			log_err("assumption failure: unexpected local alias");
+		if(!local_alias_shallow_copy_qname(qinfo.local_alias, &qinfo.qname,
+			&qinfo.qname_len)) {
 			regional_free_all(worker->scratchpad);
 			return 0; /* drop it */
 		}
-		qinfo.qname = d->rr_data[0] + 2;
-		qinfo.qname_len = d->rr_len[0] - 2;
 	}
 
 	/* If we may apply IP-based actions to the answer, build the client
diff --git a/contrib/unbound/dns64/dns64.c b/contrib/unbound/dns64/dns64.c
index f028cd28aa24..fbdbd87b9f63 100644
--- a/contrib/unbound/dns64/dns64.c
+++ b/contrib/unbound/dns64/dns64.c
@@ -631,7 +631,7 @@ handle_event_moddone(struct module_qstate* qstate, int id)
 
 	/* When an AAAA query completes check if we want to perform DNS64
 	 * synthesis. We skip queries with DNSSEC enabled (!CD) and
-	 * ones generated by us to retrive the A/PTR record to use for
+	 * ones generated by us to retrieve the A/PTR record to use for
 	 * synth. */
 	int could_synth =
 		qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA &&
diff --git a/contrib/unbound/dnstap/dnstap.c b/contrib/unbound/dnstap/dnstap.c
index 071fd0895fe6..3b27301825c2 100644
--- a/contrib/unbound/dnstap/dnstap.c
+++ b/contrib/unbound/dnstap/dnstap.c
@@ -542,7 +542,7 @@ dt_msg_send_outside_query(struct dt_env *env,
 	qflags = sldns_buffer_read_u16_at(qmsg, 2);
 
 	/* type */
-	if (qflags & BIT_RD) {
+	if ((qflags & BIT_RD)) {
 		if (!env->log_forwarder_query_messages)
 			return;
 		dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__FORWARDER_QUERY);
@@ -599,7 +599,7 @@ dt_msg_send_outside_response(struct dt_env *env,
 	qflags = ntohs(qflags);
 
 	/* type */
-	if (qflags & BIT_RD) {
+	if ((qflags & BIT_RD)) {
 		if (!env->log_forwarder_response_messages)
 			return;
 		dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__FORWARDER_RESPONSE);
diff --git a/contrib/unbound/dnstap/dnstap.m4 b/contrib/unbound/dnstap/dnstap.m4
index 78d0dd68b762..89eda929bfb3 100644
--- a/contrib/unbound/dnstap/dnstap.m4
+++ b/contrib/unbound/dnstap/dnstap.m4
@@ -18,10 +18,41 @@ AC_DEFUN([dt_DNSTAP],
         [opt_dnstap_socket_path="$1"])
 
     if test "x$opt_dnstap" != "xno"; then
-        AC_PATH_PROG([PROTOC_C], [protoc-c])
-        if test -z "$PROTOC_C"; then
-          AC_MSG_ERROR([The protoc-c program was not found. Please install protobuf-c!])
-        fi
+	AC_PATH_PROG([PROTOC], [protoc])
+	# 'protoc-c' is deprecated. We use 'protoc' instead. If it can not be
+	# found, try 'protoc-c'.
+	if test -z "$PROTOC"; then
+	    AC_PATH_PROG([PROTOC_C], [protoc-c])
+	else
+	    PROTOC_C="$PROTOC"
+	fi
+	if test -z "$PROTOC_C"; then
+	  AC_MSG_ERROR([[The protoc or protoc-c program was not found. It is needed for dnstap, use --disable-dnstap, or install protobuf-c to provide protoc or protoc-c]])
+	fi
+
+	# Check for protoc-gen-c plugin
+	AC_PATH_PROG([PROTOC_GEN_C], [protoc-gen-c])
+	if test -z "$PROTOC_GEN_C"; then
+	  AC_MSG_ERROR([[The protoc-gen-c plugin was not found. It is needed for dnstap, use --disable-dnstap, or install protobuf-c-compiler to provide protoc-gen-c]])
+	fi
+
+	# Test that protoc-gen-c actually works
+	AC_MSG_CHECKING([if protoc-gen-c plugin works])
+	cat > conftest.proto << EOF
+syntax = "proto2";
+message TestMessage {
+  optional string test_field = 1;
+}
+EOF
+	if $PROTOC_C --c_out=. conftest.proto >/dev/null 2>&1; then
+	  AC_MSG_RESULT([yes])
+	  rm -f conftest.proto conftest.pb-c.c conftest.pb-c.h
+	else
+	  AC_MSG_RESULT([no])
+	  rm -f conftest.proto conftest.pb-c.c conftest.pb-c.h
+	  AC_MSG_ERROR([[The protoc-gen-c plugin is not working properly. Please ensure protobuf-c-compiler is properly installed]])
+	fi
+
         AC_ARG_WITH([protobuf-c],
             AS_HELP_STRING([--with-protobuf-c=path], [Path where protobuf-c is installed, for dnstap]),
             [
diff --git a/contrib/unbound/dnstap/dnstap.proto b/contrib/unbound/dnstap/dnstap.proto
index dfc8ad411d94..75b8757c2081 100644
--- a/contrib/unbound/dnstap/dnstap.proto
+++ b/contrib/unbound/dnstap/dnstap.proto
@@ -98,7 +98,7 @@ message Policy {
     // rule: the rule matched by the message.
     //
     // In a RPZ context, this is the owner name of the rule in
-    // the Reponse Policy Zone in wire format.
+    // the Response Policy Zone in wire format.
     optional bytes rule = 2;
 
     // action: the policy action taken in response to the
diff --git a/contrib/unbound/dnstap/dtstream.c b/contrib/unbound/dnstap/dtstream.c
index 2d5ab20f0c84..39d43403bc62 100644
--- a/contrib/unbound/dnstap/dtstream.c
+++ b/contrib/unbound/dnstap/dtstream.c
@@ -1509,7 +1509,7 @@ void dtio_output_cb(int ATTR_UNUSED(fd), short bits, void* arg)
 	}
 #endif
 
-	if((bits&UB_EV_READ || dtio->ssl_brief_write)) {
+	if((bits&UB_EV_READ) || dtio->ssl_brief_write) {
 #ifdef HAVE_SSL
 		if(dtio->ssl_brief_write)
 			(void)dtio_disable_brief_write(dtio);
diff --git a/contrib/unbound/doc/Changelog b/contrib/unbound/doc/Changelog
index 9668a6364cf4..c78cdff3b9bf 100644
--- a/contrib/unbound/doc/Changelog
+++ b/contrib/unbound/doc/Changelog
@@ -1,3 +1,270 @@
+17 September 2025: Yorgos
+	- Too many quotes for the EDE message debug printout.
+
+15 September 2025: Yorgos
+	- Small debug output improvement when attaching an EDE.
+
+15 September 2025: Wouter
+	- Fix to print warning for when so-sndbuf setsockopt is not granted.
+
+11 September 2025: Wouter
+	- version set to 1.24.0 for release.
+	- tag for 1.24.0rc1.
+	- Update contrib/aaaa-filter-iterator.patch so it applies on 1.24.0.
+
+9 September 2025: Wouter
+	- Fix #1332: CNAME chains are sometimes not followed when RPZs add a
+	  local CNAME rewrite.
+
+8 September 2025: Yorgos
+	- Update documentation for using "SET ... EX" in Redis.
+	- Document max buffer sizes for Redis commands.
+	- Update man pages.
+
+3 September 2025: Wouter
+	- For #1328: make depend.
+
+2 September 2025: Wouter
+	- Fix #1235: Outdated Python2 code in
+	  unbound/pythonmod/examples/log.py.
+	- Fix #1324: Memory leak in 'msgparse.c' in
+	  'parse_edns_options_from_query(...)'.
+	- Fix indentation in tcp-mss option parsing.
+
+1 September 2025: Wouter
+	- Fix for #1324: Fix to free edns options scratch in ratelimit case.
+
+29 August 2025: Yorgos
+	- Limit the number of consecutive reads on an HTTP/2 session.
+	  Thanks to Gal Bar Nahum for exposing the possibility of infinite
+	  reads on the session.
+
+28 August 2025: Wouter
+	- Fix setup_listen_sslctx warning for nettle compile.
+
+27 August 2025: Wouter
+	- Fix unbound-control dump_cache for double unlock of lruhash table.
+
+26 August 2025: Wouter
+	- Fix ports workflow to install expat for macos.
+
+22 August 2025: Wouter
+	- For #1318: Fix compile warnings for DoH compile on windows.
+	- Fix sha1 enable environment variable in test code on windows.
+	- Fix #1319: [FR] zone status for Unbound auth-zones.
+	- Fix that the zone acquired timestamp is set after the
+	  zonefile is read.
+
+21 August 2025: Wouter
+	- Fix to check for extraneous command arguments for unbound-control,
+	  when the command takes no arguments but there are arguments present.
+	- Fix #1317: Unbound starts too early. Add
+	  Wants=network-online.target under [Unit] in unbound.service.
+	- Fix for #1317: Fix contrib/unbound.service comment path for
+	  systemd network configuration.
+
+15 August 2025: Wouter
+	- unbound-control cache_lookup +t allows tld and root names. And
+	  subnet cache contents are printed.
+	- Fix cache_lookup subnet printout to wipe zero part of the prefix.
+	- Fix cache_lookup subnet print to not print messages without rrsets
+	  and perform in-depth check on node in the addrtree.
+
+14 August 2025: Wouter
+	- Fix to increase responsiveness of dump_cache.
+	- Fix to decouple file descriptor activity and cache lookups in
+	  dump_cache.
+
+13 August 2025: Wouter
+	- unbound-control cache_lookup <domains> prints the cached rrsets
+	  and messages for those.
+	- Fix to remove debug from cache_lookup.
+	- Fix to unlock cache_lookup message for malformed records.
+
+12 August 2025: Wouter
+	- Fix that unbound-control dump_cache releases the cache locks
+	  every so often, so that the server stays responsive.
+
+7 August 2025: Wouter
+	- Fix dname_str for printout of long names. Thanks to Jan Komissar
+	  for the fix.
+	- Fix that edns-subnet failure to create a subquery errors as
+	  servfail, and not formerror.
+	- Fix to whitespace in dname_str.
+
+6 August 2025: Wouter
+	- Fix edns subnet, so that the subquery without subnet is stored in
+	  global cache if the querier used 0.0.0.0/0 and the name and address
+	  do not receive subnet treatment. If the name and address are
+	  configured for subnet, it is stored in the subnet cache.
+
+5 August 2025: Wouter
+	- Fix #1309: incorrectly reclaimed tcp handler can cause data
+	  corruption and segfault.
+	- Fix to use assertions for consistency checks in #1309 reclaimed
+	  tcp handlers.
+
+1 August 2025: Wouter
+	- Fix testbound test program to accurately output packets from hex.
+
+28 July 2025: Wouter
+	- Fix redis cachedb module gettimeofday init failure.
+
+24 July 2025: Wouter
+	- Redis checks for server down and throttles reconnects.
+
+17 July 2025: Wouter
+	- Fix to not set rlimits in the unit tests.
+	- Fix #1303: [FR] Disable TLSv1.2.
+	- iana portlist updated.
+
+16 July 2025: Wouter
+	- Fix for RebirthDay Attack CVE-2025-5994, reported by Xiang Li
+	  from AOSP Lab Nankai University.
+	- Tag for 1.23.1 with the release of 1.23.0 and the CVE fix, the
+	  repository continues with the previous fixes, with 1.23.2.
+	- Add unit tests for non-ecs aggregation.
+
+12 July 2025: Yorgos
+	- Merge #1289 from Roland van Rijswijk-Deij: Add extra statistic to
+	  track the number of signature validation operations.
+	  Adds 'num.valops' to extended statistics.
+	- For #1289: test num.valops in existing stat_values.tdir.
+	- For #1289: add num.valops in the unbound-control man page.
+
+11 July 2025: Wouter
+	- Fix detection of SSL_CTX_set_tmp_ecdh function.
+	- For #1301: configure cant find SSL_is_quic in OpenSSL 3.5.1.
+
+8 July 2025: Wouter
+	- Fix to improve dnstap discovery on Fedora.
+
+3 July 2025: Wouter
+	- Fix #1300: Is 'sock-queue-timeout' a linux only feature.
+	- For #1300: implement sock-queue-timeout for FreeBSD as well.
+	- Fix layout of comm_point_udp_ancil_callback.
+
+2 July 2025: Wouter
+	- Merge #1299: Fix typos.
+	- Generate ltmain.sh and configure again.
+
+25 June 2025: Yorgos
+	- Fix #1247: forward-first: ssl handshake failed on root nameservers.
+	- For #1247, turn off fetch-policy for delegation when looking into
+	  parent side name servers that may not update the addresses and hit
+	  NXNS limits.
+	- For #1247, replay test (added tcp_transport to
+	  outnet_serviced_query).
+
+20 June 2025: Yorgos
+	- Fix #1293: EDE 6 is attached to insecure cached answers when client
+	  sends the CD bit.
+
+19 June 2025: Wouter
+	- Fix #1296: DNS over QUIC depends on a very outdated version of
+	  ngtcp2. Fixed so it works with ngtcp2 1.13.0 and OpenSSL 3.5.0.
+	- Merge #1297: edns-subnet: fix NULL_AFTER_DEREF on subnetmod.
+	- Fix rrset cache create allocation failure case.
+
+17 June 2025: Yorgos
+	- Fix for consistent use of local zone CNAME alias for configured auth
+	  zones. Now it also applies to downstream configured auth zones.
+
+16 June 2025: Wouter
+	- Fix to check control-interface addresses in unbound-checkconf.
+	- Fix #1295: Windows 32-bit binaries download seems to be missing dll
+	  dependency.
+
+12 June 2025: Wouter
+	- Fix header return value description for skip_pkt_rrs and
+	  parse_edns_from_query_pkt.
+
+11 June 2025: Wouter
+	- Fix bitwise operators in conditional expressions with parentheses.
+	- Fix conditional expressions with parentheses for bitwise and.
+
+5 June 2025: Wouter
+	- Fix unbound-anchor certificate file read for line ends and end of
+	  file.
+	- Fix comment for the dname_remove_label_limit_len function.
+	- iana portlist updated.
+
+3 June 2025: Yorgos
+	- Small manpage corrections for the 'disable-dnssec-lame-check' option.
+
+21 May 2025: Wouter
+	- Fix #1288: [FR] Improve fuzzing of unbound by adapting the netbound
+	  program.
+
+20 May 2025: Yorgos
+	- Merge #1285:  RST man pages. It introduces restructuredText man pages
+	  to sync the online and source code man page documentation.
+	  The templated man pages (*.in) are still part of the repo but
+	  generated with docutils from their .rst counterpart.
+	  Documentation on how to generate those (mainly for core developers)
+	  is in README.man.
+	- Add more checks about respip in unbound-checkconf.
+	  Also fixes #310: unbound-checkconf not reporting RPZ configuration
+	  error.
+
+19 May 2025: Wouter
+	- Fix for cname chain length with qtype ANY and qname minimisation.
+	  Thanks to Jim Greenwood from Nominet for the report.
+
+15 May 2025: Wouter
+	- Fix config of slab values when there is no config file.
+
+13 May 2025: Yorgos
+	- Fix #1284: NULL pointer deref in az_find_nsec_cover() (latent bug)
+	  by adding a log_assert() to safeguard future development.
+	- Fix #1282: log-destaddr fail on long ipv6 addresses.
+
+13 May 2025: Wouter
+	- Change default for so-sndbuf to 1m, to mitigate a cross-layer
+	  issue where the UDP socket send buffers are exhausted waiting
+	  for ARP/NDP resolution. Thanks to Reflyable for the report.
+	- Adjusted so-sndbuf default to 4m.
+
+12 May 2025: Yorgos
+	- Merge #1280: Fix auth nsec3 code. Fixes NSEC3 code to not break on
+	  broken auth zones that include unsigned out of zone (above apex)
+	  data. Could lead to hang while trying to prove a wildcard answer.
+
+12 May 2025: Wouter
+	- Fix #1283: Unsafe usage of atoi() while parsing the configuration
+	  file.
+
+9 May 2025: Wouter
+	- Fix #1281: forward-zone "name: ." conflicts with auth-zone "name: ."
+	  in 1.23.0, but worked in 1.22.0.
+
+5 May 2025: Yorgos
+	- Sync unbound and unbound-checkconf log output for unknown modules.
+
+29 April 2025: Wouter
+	- Fix for parallel build of dnstap protoc-c output.
+	- Fix dnstap to use protoc.
+
+29 April 2025: Yorgos
+	- Merge #1276: Auto-configure '-slabs' values.
+
+28 April 2025: Yorgos
+	- Merge #1275: Use macros for the fr_check_changed* functions.
+
+25 April 2025: Wouter
+	- Fix #1272: assertion failure testcode/unitverify.c:202.
+
+16 April 2025: Wouter
+	- Increase default to `num-queries-per-thread: 2048`, when unbound is
+	  compiled with libevent. It makes saturation of the task queue more
+	  resource intensive and less practical. Thanks to Shiming Liu,
+	  Network and Information Security Lab, Tsinghua University for the
+	  report.
+
+11 April 2025: Wouter
+	- Tag for 1.23.0rc2. This became the release of 1.23.0 on 24 April
+	  2025. The code repository continues with 1.23.1 in development.
+
 11 April 2025: Yorgos
 	- Merge #1265: Fix WSAPoll.
 
@@ -651,7 +918,7 @@
 	  now checks both single and multi process/thread operation.
 
 16 May 2024: Yorgos
-	- Merge #1070: Fix rtt assignement for low values of
+	- Merge #1070: Fix rtt assignment for low values of
 	  infra-cache-max-rtt.
 
 16 May 2024: Wouter
@@ -1059,7 +1326,7 @@
 13 October 2023: George
 	- Better fix for infinite loop when reading multiple lines of input on
 	  a broken remote control socket, by treating a zero byte line the
-	  same as transmission end. Addesses #947 and #948.
+	  same as transmission end. Addresses #947 and #948.
 
 12 October 2023: Wouter
 	- Merge #944: Disable EDNS DO.
@@ -1082,7 +1349,7 @@
 
 10 October 2023: George
 	- Fix infinite loop when reading multiple lines of input on a broken
-	  remote control socket. Addesses #947 and #948.
+	  remote control socket. Addresses #947 and #948.
 
 9 October 2023: Wouter
 	- Fix edns subnet so that queries with a source prefix of zero cause
@@ -1515,7 +1782,7 @@
 	- Ignore expired error responses.
 
 11 November 2022: Wouter
-	- Fix #779: [doc] Missing documention in ub_resolve_event() for
+	- Fix #779: [doc] Missing documentation in ub_resolve_event() for
 	  callback parameter was_ratelimited.
 
 9 November 2022: George
@@ -2479,7 +2746,7 @@
 	  not hang. removed trailing slashes from configure paths. Moved iOS
 	  tests to allow-failure.
 	- travis, analyzer disabled on test without debug, that does not
-	  run anway.  Turn off failing tests except one.  Update iOS test
+	  run anyway.  Turn off failing tests except one.  Update iOS test
 	  to xcode image 12.2.
 
 22 March 2021: George
@@ -2568,7 +2835,7 @@
 	- Fix build on Python 3.10.
 
 10 February 2021: Wouter
-	- Merge PR #420 from dyunwei: DOH not responsing with
+	- Merge PR #420 from dyunwei: DOH not responding with
 	  "http2_query_read_done failure" logged.
 
 9 February 2021: Wouter
@@ -2968,7 +3235,7 @@
 
 6 August 2020: Wouter
 	- Merge PR #284 and Fix #246: Remove DLV entirely from Unbound.
-	  The DLV has been decommisioned and in unbound 1.5.4, in 2015, there
+	  The DLV has been decommissioned and in unbound 1.5.4, in 2015, there
 	  was advise to stop using it.  The current code base does not contain
 	  DLV code any more.  The use of dlv options displays a warning.
 
@@ -3517,7 +3784,7 @@
 3 December 2019: Wouter
 	- Merge pull request #124 from rmetrich: Changed log lock
 	  from 'quick' to 'basic' because this is an I/O lock.
-	- Fix text around serial arithmatic used for RRSIG times to refer
+	- Fix text around serial arithmetic used for RRSIG times to refer
 	  to correct RFC number.
 	- Fix Assert Causing DoS in synth_cname(),
 	  reported by X41 D-Sec.
@@ -3780,7 +4047,7 @@
 	- For #52 #53, second context does not close logfile override.
 	- Fix #52 #53, fix for example fail program.
 	- Fix to return after failed auth zone http chunk write.
-	- Fix to remove unused test for task_probe existance.
+	- Fix to remove unused test for task_probe existence.
 	- Fix to timeval_add for remaining second in microseconds.
 	- Check repinfo in worker_handle_request, if null, drop it.
 
@@ -5037,7 +5304,7 @@
 
 1 February 2018: Wouter
 	- fix unaligned structure making a false positive in checklock
-	  unitialised memory.
+	  uninitialised memory.
 
 29 January 2018: Ralph
 	- Use NSEC with longest ce to prove wildcard absence.
@@ -5640,8 +5907,8 @@
 	- Remove (now unused) event2 include from dnscrypt code.
 
 24 March 2017: George
-	- Fix to prevent non-referal query from being cached as referal when the
-	  no_cache_store flag was set.
+	- Fix to prevent non-referral query from being cached as referral when
+	  the no_cache_store flag was set.
 
 23 March 2017: Wouter
 	- Fix #1239: configure fails to find python distutils if python
@@ -5704,7 +5971,7 @@
 
 7 March 2017: Wouter
 	- Fix #1230: swig version 2.0.0 is required for pythonmod, with
-	  1.3.40 it crashes when running repeatly unbound-control reload.
+	  1.3.40 it crashes when running repeatedly unbound-control reload.
 	- Response actions based on IP address from Jinmei Tatuya (Infoblox).
 
 6 March 2017: Wouter
@@ -5720,7 +5987,7 @@
 	  known vulns.
 
 27 February 2017: Wouter
-	- Fix #1227: Fix that Unbound control allows weak ciphersuits.
+	- Fix #1227: Fix that Unbound control allows weak ciphersuites.
 	- Fix #1226: provide official 32bit binary for windows.
 
 24 February 2017: Wouter
@@ -6709,7 +6976,7 @@
 	- Fix #674: Do not free pointers given by getenv.
 
 29 May 2015: Wouter
-	- Fix that unparseable error responses are ratelimited.
+	- Fix that unparsable error responses are ratelimited.
 	- SOA negative TTL is capped at minimumttl in its rdata section.
 	- cache-max-negative-ttl config option, default 3600.
 
@@ -6727,7 +6994,7 @@
 
 10 May 2015: Wouter
 	- Change syntax of particular validator error to be easier for
-	  machine parse, swap rrset and ip adres info so it looks like:
+	  machine parse, swap rrset and ip address info so it looks like:
 	  validation failure <www.example.nl. TXT IN>: signature crypto
 	  failed from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN>
 
@@ -8307,7 +8574,7 @@
 	- fix that --enable-static-exe does not complain about it unknown.
 
 30 June 2011: Wouter
-	- tag relase 1.4.11, trunk is 1.4.12 development.
+	- tag release 1.4.11, trunk is 1.4.12 development.
 	- iana portlist updated.
 	- fix bug#395: id bits of other query may leak out under conditions
 	- fix replyaddr count wrong after jostled queries, which leads to
@@ -9637,7 +9904,7 @@
 
 8 June 2009: Wouter
 	- Removed RFC5011 REVOKE flag support. Partial 5011 support may cause
-	  inadvertant behaviour.
+	  inadvertent behaviour.
 	- 1.3.0 tarball for release created.
 	- 1.3.1 development in svn trunk.
 	- iana portlist updated.
@@ -9986,7 +10253,7 @@
 	- initgroups(3) is called to drop secondary group permissions, if
 	  applicable.
 	- configure option --with-ldns-builtin forces the use of the 
-	  inluded ldns package with the unbound source.  The -I include
+	  included ldns package with the unbound source.  The -I include
 	  is put before the others, so it avoids bad include files from
 	  an older ldns install.
 	- daemon(3) posix call is used when available.
@@ -10291,7 +10558,7 @@
 	  please ranlib, stop file without symbols warning.
 	- harden referral path now also validates the root after priming.
 	  It looks up the root NS authoritatively as well as the root servers
-	  and attemps to validate the entries.
+	  and attempts to validate the entries.
 
 16 October 2008: Wouter
 	- Fixup negative TTL values appearing (reported by Attila Nagy).
@@ -11070,7 +11337,7 @@
 	- please doxygen, put doxygen comment in one place.
 	- asynclook -b blocking mode and test.
 	- refactor asynclook, nicer code.
-	- fixup race problems from opensll in rand init from library, with
+	- fixup race problems from openssl in rand init from library, with
 	  a mutex around the rand init.
 	- fix pass async_id=NULL to _async resolve().
 	- rewrote _wait() routine, so that it is threadsafe.
@@ -12043,7 +12310,7 @@
 11 June 2007: Wouter
 	- replies on TCP queries have the address field set in replyinfo,
 	  for serviced queries, because the initiator does not know that
-	  a TCP fallback has occured.
+	  a TCP fallback has occurred.
 	- omit DNSSEC types from nonDO replies, except if qtype is ANY or
 	  if qtype directly queries for the type (and then only show that
 	  'unknown type' in the answer section).
diff --git a/contrib/unbound/doc/README b/contrib/unbound/doc/README
index 1cd60bb0b12d..3b1e2504b9a1 100644
--- a/contrib/unbound/doc/README
+++ b/contrib/unbound/doc/README
@@ -1,4 +1,4 @@
-README for Unbound 1.23.1
+README for Unbound 1.24.1
 Copyright 2007 NLnet Labs
 http://unbound.net
 
diff --git a/contrib/unbound/doc/README.man b/contrib/unbound/doc/README.man
new file mode 100644
index 000000000000..8e7897f47790
--- /dev/null
+++ b/contrib/unbound/doc/README.man
@@ -0,0 +1,16 @@
+After Unbound 1.23.0, the source of the man pages is in reStructuredText format.
+
+This helps with the online documentation at https://unbound.docs.nlnetlabs.nl
+and makes it easier to maintain and contribute to the documentation.
+
+The templated man pages (*.in) are still part of the code repository as to not
+alter current procedures that could be in place by users/packagers.
+
+The templated man pages (*.in) are generated by Sphinx (used for the online
+documentation).
+The online documentation has its own repository at
+https://github.com/NLnetLabs/unbound-manual.
+
+In the README.md there (branch test-auto for now), there are further simple
+instructions on how to generate the templated man pages there and update them
+in this repository.
diff --git a/contrib/unbound/doc/example.conf.in b/contrib/unbound/doc/example.conf.in
index e0149a2df6aa..191b58f30b69 100644
--- a/contrib/unbound/doc/example.conf.in
+++ b/contrib/unbound/doc/example.conf.in
@@ -1,7 +1,7 @@
 #
 # Example configuration file.
 #
-# See unbound.conf(5) man page, version 1.23.1.
+# See unbound.conf(5) man page, version 1.24.1.
 #
 # this is a comment.
 
@@ -116,8 +116,8 @@ server:
 	# so-rcvbuf: 0
 
 	# buffer size for UDP port 53 outgoing (SO_SNDBUF socket option).
-	# 0 is system default.  Use 4m to handle spikes on very busy servers.
-	# so-sndbuf: 0
+	# 0 is system default. Set larger to handle spikes on very busy servers.
+	# so-sndbuf: 4m
 
 	# use SO_REUSEPORT to distribute queries over threads.
 	# at extreme load it could be better to turn it off to distribute even.
@@ -163,7 +163,7 @@ server:
 	# msg-cache-slabs: 4
 
 	# the number of queries that a thread gets to service.
-	# num-queries-per-thread: 1024
+	# num-queries-per-thread: 2048
 
 	# if very busy, 50% queries run to completion, 50% get timeout in msec
 	# jostle-timeout: 200
@@ -196,6 +196,10 @@ server:
 	# Limit on upstream queries for an incoming query and its recursion.
 	# max-global-quota: 200
 
+	# Should the scrubber remove promiscuous NS from positive answers,
+	# protects against poison attempts.
+	# iter-scrub-promiscuous: yes
+
 	# msec for waiting for an unknown server to reply.  Increase if you
 	# are behind a slow satellite link, to eg. 1128.
 	# unknown-server-time-limit: 376
@@ -279,7 +283,7 @@ server:
 	# do-ip6: yes
 
 	# If running unbound on an IPv6-only host, domains that only have
-	# IPv4 servers would become unresolveable.  If NAT64 is available in
+	# IPv4 servers would become unresolvable.  If NAT64 is available in
 	# the network, unbound can use NAT64 to reach these servers with
 	# the following option.  This is NOT needed for enabling DNS64 on a
 	# system that has IPv4 connectivity.
diff --git a/contrib/unbound/doc/libunbound.3.in b/contrib/unbound/doc/libunbound.3.in
index 8ef33b0998a2..681c141fcd76 100644
--- a/contrib/unbound/doc/libunbound.3.in
+++ b/contrib/unbound/doc/libunbound.3.in
@@ -1,335 +1,306 @@
-.TH "libunbound" "3" "Jul 16, 2025" "NLnet Labs" "unbound 1.23.1"
-.\"
-.\" libunbound.3 -- unbound library functions manual
-.\"
-.\" Copyright (c) 2007, NLnet Labs. All rights reserved.
-.\"
-.\" See LICENSE for the license.
-.\"
-.\"
-.SH "NAME"
-.B libunbound,
-.B unbound.h,
-.B ub_ctx,
-.B ub_result,
-.B ub_callback_type,
-.B ub_ctx_create,
-.B ub_ctx_delete,
-.B ub_ctx_set_option,
-.B ub_ctx_get_option,
-.B ub_ctx_config,
-.B ub_ctx_set_fwd,
-.B ub_ctx_set_stub,
-.B ub_ctx_set_tls,
-.B ub_ctx_resolvconf,
-.B ub_ctx_hosts,
-.B ub_ctx_add_ta,
-.B ub_ctx_add_ta_autr,
-.B ub_ctx_add_ta_file,
-.B ub_ctx_trustedkeys,
-.B ub_ctx_debugout,
-.B ub_ctx_debuglevel,
-.B ub_ctx_async,
-.B ub_poll,
-.B ub_wait,
-.B ub_fd,
-.B ub_process,
-.B ub_resolve,
-.B ub_resolve_async,
-.B ub_cancel,
-.B ub_resolve_free,
-.B ub_strerror,
-.B ub_ctx_print_local_zones,
-.B ub_ctx_zone_add,
-.B ub_ctx_zone_remove,
-.B ub_ctx_data_add,
-.B ub_ctx_data_remove
-\- Unbound DNS validating resolver 1.23.1 functions.
-.SH "SYNOPSIS"
-.B #include <unbound.h>
-.LP
-\fIstruct ub_ctx *\fR
-\fBub_ctx_create\fR(\fIvoid\fR);
-.LP
-\fIvoid\fR
-\fBub_ctx_delete\fR(\fIstruct ub_ctx*\fR ctx);
-.LP
-\fIint\fR
-\fBub_ctx_set_option\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR opt, \fIchar*\fR val);
-.LP
-\fIint\fR
-\fBub_ctx_get_option\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR opt, \fIchar**\fR val);
-.LP
-\fIint\fR
-\fBub_ctx_config\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
-.LP
-\fIint\fR
-\fBub_ctx_set_fwd\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR addr);
-.LP
-\fIint\fR
-\fBub_ctx_set_stub\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone,
-\fIchar*\fR addr,
-.br
-		\fIint\fR isprime);
-.LP
-\fIint\fR
-\fBub_ctx_set_tls\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR tls);
-.LP
-\fIint\fR
-\fBub_ctx_resolvconf\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
-.LP
-\fIint\fR
-\fBub_ctx_hosts\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
-.LP
-\fIint\fR
-\fBub_ctx_add_ta\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR ta);
-.LP
-\fIint\fR
-\fBub_ctx_add_ta_autr\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
-.LP
-\fIint\fR
-\fBub_ctx_add_ta_file\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
-.LP
-\fIint\fR
-\fBub_ctx_trustedkeys\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
-.LP
-\fIint\fR
-\fBub_ctx_debugout\fR(\fIstruct ub_ctx*\fR ctx, \fIFILE*\fR out);
-.LP
-\fIint\fR
-\fBub_ctx_debuglevel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR d);
-.LP
-\fIint\fR
-\fBub_ctx_async\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR dothread);
-.LP
-\fIint\fR
-\fBub_poll\fR(\fIstruct ub_ctx*\fR ctx);
-.LP
-\fIint\fR
-\fBub_wait\fR(\fIstruct ub_ctx*\fR ctx);
-.LP
-\fIint\fR
-\fBub_fd\fR(\fIstruct ub_ctx*\fR ctx);
-.LP
-\fIint\fR
-\fBub_process\fR(\fIstruct ub_ctx*\fR ctx);
-.LP
-\fIint\fR
-\fBub_resolve\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR name, 
-.br
-           \fIint\fR rrtype, \fIint\fR rrclass, \fIstruct ub_result**\fR result);
-.LP
-\fIint\fR
-\fBub_resolve_async\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR name, 
-.br
-                 \fIint\fR rrtype, \fIint\fR rrclass, \fIvoid*\fR mydata, 
-.br
-                 \fIub_callback_type\fR callback, \fIint*\fR async_id);
-.LP
-\fIint\fR
-\fBub_cancel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR async_id);
-.LP
-\fIvoid\fR
-\fBub_resolve_free\fR(\fIstruct ub_result*\fR result);
-.LP
-\fIconst char *\fR
-\fBub_strerror\fR(\fIint\fR err);
-.LP
-\fIint\fR
-\fBub_ctx_print_local_zones\fR(\fIstruct ub_ctx*\fR ctx);
-.LP
-\fIint\fR
-\fBub_ctx_zone_add\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone_name, \fIchar*\fR zone_type);
-.LP
-\fIint\fR
-\fBub_ctx_zone_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone_name);
-.LP
-\fIint\fR
-\fBub_ctx_data_add\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data);
-.LP
-\fIint\fR
-\fBub_ctx_data_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data);
-.SH "DESCRIPTION"
-.B Unbound 
-is an implementation of a DNS resolver, that does caching and 
-DNSSEC validation. This is the library API, for using the \-lunbound library.
-The server daemon is described in \fIunbound\fR(8).
-The library works independent from a running unbound server, and
-can be used to convert hostnames to ip addresses, and back,
-and obtain other information from the DNS. The library performs public\-key
-validation of results with DNSSEC.
-.P
-The library uses a variable of type \fIstruct ub_ctx\fR to keep context
-between calls. The user must maintain it, creating it with
-.B ub_ctx_create
-and deleting it with
-.B ub_ctx_delete\fR.
-It can be created and deleted at any time. Creating it anew removes any 
-previous configuration (such as trusted keys) and clears any cached results.
-.P
-The functions are thread\-safe, and a context can be used in a threaded (as 
-well as in a non\-threaded) environment. Also resolution (and validation) 
-can be performed blocking and non\-blocking (also called asynchronous). 
-The async method returns from the call immediately, so that processing 
-can go on, while the results become available later. 
-.P
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "LIBUNBOUND" "3" "Oct 22, 2025" "1.24.1" "Unbound"
+.SH NAME
+libunbound \- Unbound DNS validating resolver 1.24.1 functions.
+.SH SYNOPSIS
+.sp
+\fB#include <unbound.h>\fP
+.sp
+struct ub_ctx * \fBub_ctx_create\fP(void);
+.sp
+void \fBub_ctx_delete\fP(struct ub_ctx* ctx);
+.sp
+int \fBub_ctx_set_option\fP(struct ub_ctx* ctx, char* opt, char* val);
+.sp
+int \fBub_ctx_get_option\fP(struct ub_ctx* ctx, char* opt, char** val);
+.sp
+int \fBub_ctx_config\fP(struct ub_ctx* ctx, char* fname);
+.sp
+int \fBub_ctx_set_fwd\fP(struct ub_ctx* ctx, char* addr);
+.INDENT 0.0
+.TP
+int \fBub_ctx_set_stub\fP(struct ub_ctx* ctx, char* zone, char* addr,
+int isprime);
+.UNINDENT
+.sp
+int \fBub_ctx_set_tls\fP(struct ub_ctx* ctx, int tls);
+.sp
+int \fBub_ctx_resolvconf\fP(struct ub_ctx* ctx, char* fname);
+.sp
+int \fBub_ctx_hosts\fP(struct ub_ctx* ctx, char* fname);
+.sp
+int \fBub_ctx_add_ta\fP(struct ub_ctx* ctx, char* ta);
+.sp
+int \fBub_ctx_add_ta_autr\fP(struct ub_ctx* ctx, char* fname);
+.sp
+int \fBub_ctx_add_ta_file\fP(struct ub_ctx* ctx, char* fname);
+.sp
+int \fBub_ctx_trustedkeys\fP(struct ub_ctx* ctx, char* fname);
+.sp
+int \fBub_ctx_debugout\fP(struct ub_ctx* ctx, FILE* out);
+.sp
+int \fBub_ctx_debuglevel\fP(struct ub_ctx* ctx, int d);
+.sp
+int \fBub_ctx_async\fP(struct ub_ctx* ctx, int dothread);
+.sp
+int \fBub_poll\fP(struct ub_ctx* ctx);
+.sp
+int \fBub_wait\fP(struct ub_ctx* ctx);
+.sp
+int \fBub_fd\fP(struct ub_ctx* ctx);
+.sp
+int \fBub_process\fP(struct ub_ctx* ctx);
+.INDENT 0.0
+.TP
+int \fBub_resolve\fP(struct ub_ctx* ctx, char* name,
+int rrtype, int rrclass, struct ub_result** result);
+.TP
+int \fBub_resolve_async\fP(struct ub_ctx* ctx, char* name,
+int rrtype, int rrclass, void* mydata,
+ub_callback_type* callback, int* async_id);
+.UNINDENT
+.sp
+int \fBub_cancel\fP(struct ub_ctx* ctx, int async_id);
+.sp
+void \fBub_resolve_free\fP(struct ub_result* result);
+.sp
+const char * \fBub_strerror\fP(int err);
+.sp
+int \fBub_ctx_print_local_zones\fP(struct ub_ctx* ctx);
+.sp
+int \fBub_ctx_zone_add\fP(struct ub_ctx* ctx, char* zone_name, char* zone_type);
+.sp
+int \fBub_ctx_zone_remove\fP(struct ub_ctx* ctx, char* zone_name);
+.sp
+int \fBub_ctx_data_add\fP(struct ub_ctx* ctx, char* data);
+.sp
+int \fBub_ctx_data_remove\fP(struct ub_ctx* ctx, char* data);
+.SH DESCRIPTION
+.sp
+Unbound is an implementation of a DNS resolver, that does caching and DNSSEC
+validation.
+This is the library API, for using the \fB\-lunbound\fP library.
+The server daemon is described in \fI\%unbound(8)\fP\&.
+The library works independent from a running unbound server, and can be used to
+convert hostnames to ip addresses, and back, and obtain other information from
+the DNS.
+The library performs public\-key validation of results with DNSSEC.
+.sp
+The library uses a variable of type \fIstruct ub_ctx\fP to keep context between
+calls.
+The user must maintain it, creating it with \fBub_ctx_create\fP and deleting it
+with \fBub_ctx_delete\fP\&.
+It can be created and deleted at any time.
+Creating it anew removes any previous configuration (such as trusted keys) and
+clears any cached results.
+.sp
+The functions are thread\-safe, and a context can be used in a threaded (as well
+as in a non\-threaded) environment.
+Also resolution (and validation) can be performed blocking and non\-blocking
+(also called asynchronous).
+The async method returns from the call immediately, so that processing can go
+on, while the results become available later.
+.sp
 The functions are discussed in turn below.
-.SH "FUNCTIONS"
-.TP 
+.SH FUNCTIONS
+.INDENT 0.0
+.TP
 .B ub_ctx_create
 Create a new context, initialised with defaults.
-The information from /etc/resolv.conf and /etc/hosts is not utilised 
-by default. Use 
-.B ub_ctx_resolvconf
-and
-.B ub_ctx_hosts
-to read them.
-Before you call this, use the openssl functions CRYPTO_set_id_callback and
-CRYPTO_set_locking_callback to set up asynchronous operation if you use
-lib openssl (the application calls these functions once for initialisation).
-Openssl 1.0.0 or later uses the CRYPTO_THREADID_set_callback function.
+The information from \fB/etc/resolv.conf\fP and \fB/etc/hosts\fP is
+not utilised by default.
+Use \fBub_ctx_resolvconf\fP and \fBub_ctx_hosts\fP to read them.
+Before you call this, use the openssl functions
+\fBCRYPTO_set_id_callback\fP and \fBCRYPTO_set_locking_callback\fP to set
+up asynchronous operation if you use lib openssl (the application calls
+these functions once for initialisation).
+Openssl 1.0.0 or later uses the \fBCRYPTO_THREADID_set_callback\fP
+function.
 .TP
 .B ub_ctx_delete
 Delete validation context and free associated resources.
-Outstanding async queries are killed and callbacks are not called for them.
+Outstanding async queries are killed and callbacks are not called for
+them.
 .TP
 .B ub_ctx_set_option
-A power\-user interface that lets you specify one of the options from the
-config file format, see \fIunbound.conf\fR(5). Not all options are
-relevant. For some specific options, such as adding trust anchors, special
-routines exist. Pass the option name with the trailing ':'.
+A power\-user interface that lets you specify one of the options from
+the config file format, see \fI\%unbound.conf(5)\fP\&.
+Not all options are relevant.
+For some specific options, such as adding trust anchors, special
+routines exist.
+Pass the option name with the trailing \fB\(aq:\(aq\fP\&.
 .TP
 .B ub_ctx_get_option
-A power\-user interface that gets an option value.  Some options cannot be
-gotten, and others return a newline separated list.  Pass the option name
-without trailing ':'.  The returned value must be free(2)d by the caller.
+A power\-user interface that gets an option value.
+Some options cannot be gotten, and others return a newline separated
+list.
+Pass the option name without trailing \fB\(aq:\(aq\fP\&.
+The returned value must be free(2)d by the caller.
 .TP
 .B ub_ctx_config
-A power\-user interface that lets you specify an unbound config file, see
-\fIunbound.conf\fR(5), which is read for configuration. Not all options are
-relevant. For some specific options, such as adding trust anchors, special
-routines exist.  This function is thread\-safe only if a single instance of
-ub_ctx* exists in the application.  If several instances exist the
-application has to ensure that ub_ctx_config is not called in parallel by
-the different instances.
+A power\-user interface that lets you specify an unbound config file,
+see \fI\%unbound.conf(5)\fP, which is read for
+configuration.
+Not all options are relevant.
+For some specific options, such as adding trust anchors, special
+routines exist.
+This function is thread\-safe only if a single instance of \fBub_ctx\fP*
+exists in the application.
+If several instances exist the application has to ensure that
+\fBub_ctx_config\fP is not called in parallel by the different instances.
 .TP
 .B ub_ctx_set_fwd
-Set machine to forward DNS queries to, the caching resolver to use. 
-IP4 or IP6 address. Forwards all DNS requests to that machine, which 
-is expected to run a recursive resolver. If the proxy is not 
-DNSSEC capable, validation may fail. Can be called several times, in 
-that case the addresses are used as backup servers.
-At this time it is only possible to set configuration before the
-first resolve is done.
+Set machine to forward DNS queries to, the caching resolver to use.
+IP4 or IP6 address.
+Forwards all DNS requests to that machine, which is expected to run a
+recursive resolver.
+If the proxy is not DNSSEC capable, validation may fail.
+Can be called several times, in that case the addresses are used as
+backup servers.
+At this time it is only possible to set configuration before the first
+resolve is done.
 .TP
 .B ub_ctx_set_stub
-Set a stub zone, authoritative dns servers to use for a particular zone.
-IP4 or IP6 address.  If the address is NULL the stub entry is removed.
-Set isprime true if you configure root hints with it.  Otherwise similar to
-the stub zone item from unbound's config file.  Can be called several times,
-for different zones, or to add multiple addresses for a particular zone.
-At this time it is only possible to set configuration before the
-first resolve is done.
+Set a stub zone, authoritative dns servers to use for a particular
+zone.
+IP4 or IP6 address.
+If the address is NULL the stub entry is removed.
+Set isprime true if you configure root hints with it.
+Otherwise similar to the stub zone item from unbound\(aqs config file.
+Can be called several times, for different zones, or to add multiple
+addresses for a particular zone.
+At this time it is only possible to set configuration before the first
+resolve is done.
 .TP
 .B ub_ctx_set_tls
-Enable DNS over TLS (DoT) for machines set with 
-.B ub_ctx_set_fwd.
-At this time it is only possible to set configuration before the
-first resolve is done.
+Enable DNS over TLS (DoT) for machines set with \fBub_ctx_set_fwd\fP\&.
+At this time it is only possible to set configuration before the first
+resolve is done.
 .TP
 .B ub_ctx_resolvconf
-By default the root servers are queried and full resolver mode is used, but
-you can use this call to read the list of nameservers to use from the
-filename given.
-Usually "/etc/resolv.conf". Uses those nameservers as caching proxies.
+By default the root servers are queried and full resolver mode is used,
+but you can use this call to read the list of nameservers to use from
+the filename given.
+Usually \fB\(dq/etc/resolv.conf\(dq\fP\&.
+Uses those nameservers as caching proxies.
 If they do not support DNSSEC, validation may fail.
 Only nameservers are picked up, the searchdomain, ndots and other
-settings from \fIresolv.conf\fR(5) are ignored.
-If fname NULL is passed, "/etc/resolv.conf" is used (if on Windows, 
-the system\-wide configured nameserver is picked instead).
-At this time it is only possible to set configuration before the
-first resolve is done.
+settings from \fIresolv.conf(5)\fP are ignored.
+If fname NULL is passed, \fB\(dq/etc/resolv.conf\(dq\fP is used (if on
+Windows, the system\-wide configured nameserver is picked instead).
+At this time it is only possible to set configuration before the first
+resolve is done.
 .TP
 .B ub_ctx_hosts
 Read list of hosts from the filename given.
-Usually "/etc/hosts". When queried for, these addresses are not marked 
-DNSSEC secure. If fname NULL is passed, "/etc/hosts" is used 
-(if on Windows, etc/hosts from WINDIR is picked instead).
-At this time it is only possible to set configuration before the
-first resolve is done.
-.TP
-.B
-ub_ctx_add_ta
+Usually \fB\(dq/etc/hosts\(dq\fP\&.
+When queried for, these addresses are not marked DNSSEC secure.
+If fname NULL is passed, \fB\(dq/etc/hosts\(dq\fP is used (if on Windows,
+\fBetc/hosts\fP from WINDIR is picked instead).
+At this time it is only possible to set configuration before the first
+resolve is done.
+.TP
+.B ub_ctx_add_ta
 Add a trust anchor to the given context.
-At this time it is only possible to add trusted keys before the
-first resolve is done.
+At this time it is only possible to add trusted keys before the first
+resolve is done.
 The format is a string, similar to the zone\-file format,
-[domainname] [type] [rdata contents]. Both DS and DNSKEY records are accepted.
+\fB[domainname]\fP \fB[type]\fP \fB[rdata contents]\fP\&.
+Both DS and DNSKEY records are accepted.
 .TP
 .B ub_ctx_add_ta_autr
-Add filename with automatically tracked trust anchor to the given context.
-Pass name of a file with the managed trust anchor.  You can create this
-file with \fIunbound\-anchor\fR(8) for the root anchor.  You can also
-create it with an initial file with one line with a DNSKEY or DS record.
+Add filename with automatically tracked trust anchor to the given
+context.
+Pass name of a file with the managed trust anchor.
+You can create this file with
+\fI\%unbound\-anchor(8)\fP for the root anchor.
+You can also create it with an initial file with one line with a DNSKEY
+or DS record.
 If the file is writable, it is updated when the trust anchor changes.
-At this time it is only possible to add trusted keys before the
-first resolve is done.
+At this time it is only possible to add trusted keys before the first
+resolve is done.
 .TP
 .B ub_ctx_add_ta_file
 Add trust anchors to the given context.
 Pass name of a file with DS and DNSKEY records in zone file format.
-At this time it is only possible to add trusted keys before the
-first resolve is done.
+At this time it is only possible to add trusted keys before the first
+resolve is done.
 .TP
 .B ub_ctx_trustedkeys
 Add trust anchors to the given context.
-Pass the name of a bind\-style config file with trusted\-keys{}.
-At this time it is only possible to add trusted keys before the
-first resolve is done.
+Pass the name of a bind\-style config file with \fBtrusted\-keys{}\fP\&.
+At this time it is only possible to add trusted keys before the first
+resolve is done.
 .TP
 .B ub_ctx_debugout
-Set debug and error log output to the given stream. Pass NULL to disable
-output. Default is stderr. File\-names or using syslog can be enabled
-using config options, this routine is for using your own stream.
+Set debug and error log output to the given stream.
+Pass NULL to disable output.
+Default is stderr.
+File\-names or using syslog can be enabled using config options, this
+routine is for using your own stream.
 .TP
 .B ub_ctx_debuglevel
-Set debug verbosity for the context. Output is directed to stderr.
+Set debug verbosity for the context.
+Output is directed to stderr.
 Higher debug level gives more output.
 .TP
 .B ub_ctx_async
 Set a context behaviour for asynchronous action.
-if set to true, enables threading and a call to 
-.B ub_resolve_async 
+if set to true, enables threading and a call to \fBub_resolve_async\fP
 creates a thread to handle work in the background.
 If false, a process is forked to handle work in the background.
-Changes to this setting after 
-.B ub_resolve_async 
-calls have been made have no effect (delete and re\-create the context 
-to change).
+Changes to this setting after \fBub_resolve_async\fP calls have been made
+have no effect (delete and re\-create the context to change).
 .TP
 .B ub_poll
 Poll a context to see if it has any new results.
-Do not poll in a loop, instead extract the fd below to poll for readiness,
-and then check, or wait using the wait routine.
+Do not poll in a loop, instead extract the \fBfd\fP below to poll for
+readiness, and then check, or wait using the wait routine.
 Returns 0 if nothing to read, or nonzero if a result is available.
-If nonzero, call 
-.B ub_process 
-to do callbacks.
+If nonzero, call \fBub_process\fP to do callbacks.
 .TP
 .B ub_wait
-Wait for a context to finish with results. Calls 
-.B ub_process 
-after the wait for you. After the wait, there are no more outstanding 
-asynchronous queries.
+Wait for a context to finish with results.
+Calls \fBub_process\fP after the wait for you.
+After the wait, there are no more outstanding asynchronous queries.
 .TP
 .B ub_fd
-Get file descriptor. Wait for it to become readable, at this point
-answers are returned from the asynchronous validating resolver.
-Then call the \fBub_process\fR to continue processing.
+Get file descriptor.
+Wait for it to become readable, at this point answers are returned from
+the asynchronous validating resolver.
+Then call the \fBub_process\fP to continue processing.
 .TP
 .B ub_process
 Call this routine to continue processing results from the validating
-resolver (when the fd becomes readable).
+resolver (when the \fBfd\fP becomes readable).
 Will perform necessary callbacks.
 .TP
 .B ub_resolve
@@ -340,95 +311,111 @@ The result structure is newly allocated with the resulting data.
 .TP
 .B ub_resolve_async
 Perform asynchronous resolution and validation of the target name.
-Arguments mean the same as for \fBub_resolve\fR except no
-data is returned immediately, instead a callback is called later.
-The callback receives a copy of the mydata pointer, that you can use to pass
-information to the callback. The callback type is a function pointer to
-a function declared as
-.IP
-void my_callback_function(void* my_arg, int err, 
-.br
-                  struct ub_result* result);
-.IP
-The async_id is returned so you can (at your option) decide to track it
-and cancel the request if needed.  If you pass a NULL pointer the async_id
-is not returned. 
+Arguments mean the same as for \fBub_resolve\fP except no data is
+returned immediately, instead a callback is called later.
+The callback receives a copy of the mydata pointer, that you can use to
+pass information to the callback.
+The callback type is a function pointer to a function declared as:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+void my_callback_function(void* my_arg, int err,
+                struct ub_result* result);
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The \fBasync_id\fP is returned so you can (at your option) decide to
+track it and cancel the request if needed.
+If you pass a NULL pointer the \fBasync_id\fP is not returned.
 .TP
 .B ub_cancel
-Cancel an async query in progress.  This may return an error if the query
-does not exist, or the query is already being delivered, in that case you 
-may still get a callback for the query.
+Cancel an async query in progress.
+This may return an error if the query does not exist, or the query is
+already being delivered, in that case you may still get a callback for
+the query.
 .TP
 .B ub_resolve_free
-Free struct ub_result contents after use.
+Free struct \fBub_result\fP contents after use.
 .TP
 .B ub_strerror
-Convert error value from one of the unbound library functions 
-to a human readable string.
+Convert error value from one of the unbound library functions to a
+human readable string.
 .TP
 .B ub_ctx_print_local_zones
 Debug printout the local authority information to debug output.
 .TP
 .B ub_ctx_zone_add
-Add new zone to local authority info, like local\-zone \fIunbound.conf\fR(5) 
-statement.
+Add new zone to local authority info, like local\-zone
+\fI\%unbound.conf(5)\fP statement.
 .TP
 .B ub_ctx_zone_remove
 Delete zone from local authority info.
 .TP
 .B ub_ctx_data_add
 Add resource record data to local authority info, like local\-data
-\fIunbound.conf\fR(5) statement.
+\fI\%unbound.conf(5)\fP statement.
 .TP
 .B ub_ctx_data_remove
 Delete local authority data from the name given.
-.SH "RESULT DATA STRUCTURE"
-The result of the DNS resolution and validation is returned as 
-\fIstruct ub_result\fR. The result structure contains the following entries.
-.P
+.UNINDENT
+.SH RESULT DATA STRUCTURE
+.sp
+The result of the DNS resolution and validation is returned as \fIstruct
+ub_result\fP\&.
+The result structure contains the following entries:
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-	struct ub_result {
-		char* qname; /* text string, original question */
-		int qtype;   /* type code asked for */
-		int qclass;  /* class code asked for */
-		char** data; /* array of rdata items, NULL terminated*/
-		int* len;    /* array with lengths of rdata items */
-		char* canonname; /* canonical name of result */
-		int rcode;   /* additional error code in case of no data */
-		void* answer_packet; /* full network format answer packet */
-		int answer_len;  /* length of packet in octets */
-		int havedata; /* true if there is data */
-		int nxdomain; /* true if nodata because name does not exist */
-		int secure;   /* true if result is secure */
-		int bogus;    /* true if a security failure happened */
-		char* why_bogus; /* string with error if bogus */
-		int was_ratelimited; /* true if the query was ratelimited (SERVFAIL) by unbound */
-		int ttl;     /* number of seconds the result is valid */
-	};
+.ft C
+struct ub_result {
+     char* qname;         /* text string, original question */
+     int qtype;           /* type code asked for */
+     int qclass;          /* class code asked for */
+     char** data;         /* array of rdata items, NULL terminated*/
+     int* len;            /* array with lengths of rdata items */
+     char* canonname;     /* canonical name of result */
+     int rcode;           /* additional error code in case of no data */
+     void* answer_packet; /* full network format answer packet */
+     int answer_len;      /* length of packet in octets */
+     int havedata;        /* true if there is data */
+     int nxdomain;        /* true if nodata because name does not exist */
+     int secure;          /* true if result is secure */
+     int bogus;           /* true if a security failure happened */
+     char* why_bogus;     /* string with error if bogus */
+     int was_ratelimited; /* true if the query was ratelimited (SERVFAIL) by unbound */
+     int ttl;             /* number of seconds the result is valid */
+};
+.ft P
 .fi
-.P
-If both secure and bogus are false, security was not enabled for the 
-domain of the query.  Else, they are not both true, one of them is true.
-.SH "RETURN VALUES"
-Many routines return an error code. The value 0 (zero) denotes no error
-happened. Other values can be passed to
-.B ub_strerror
-to obtain a readable error string.
-.B ub_strerror
-returns a zero terminated string.
-.B ub_ctx_create
-returns NULL on an error (a malloc failure).
-.B ub_poll
-returns true if some information may be available, false otherwise.
-.B ub_fd
-returns a file descriptor or \-1 on error.
-.B ub_ctx_config
-and
-.B ub_ctx_resolvconf
-attempt to leave errno informative on a function return with file read failure.
-.SH "SEE ALSO"
-\fIunbound.conf\fR(5), 
-\fIunbound\fR(8).
-.SH "AUTHORS"
-.B Unbound
-developers are mentioned in the CREDITS file in the distribution.
+.UNINDENT
+.UNINDENT
+.sp
+If both secure and bogus are false, security was not enabled for the domain of
+the query.
+Else, they are not both true, one of them is true.
+.SH RETURN VALUES
+.sp
+Many routines return an error code.
+The value 0 (zero) denotes no error happened.
+Other values can be passed to \fBub_strerror\fP to obtain a readable error
+string.
+\fBub_strerror\fP returns a zero terminated string.
+\fBub_ctx_create\fP returns NULL on an error (a malloc failure).
+\fBub_poll\fP returns true if some information may be available, false otherwise.
+\fBub_fd\fP returns a file descriptor or \-1 on error.
+\fBub_ctx_config\fP and \fBub_ctx_resolvconf\fP attempt to leave errno informative
+on a function return with file read failure.
+.SH SEE ALSO
+.sp
+\fI\%unbound.conf(5)\fP, \fI\%unbound(8)\fP\&.
+.SH AUTHOR
+Unbound developers are mentioned in the CREDITS file in the distribution.
+.SH COPYRIGHT
+1999-2025, NLnet Labs
+.\" Generated by docutils manpage writer.
+.
diff --git a/contrib/unbound/doc/libunbound.rst b/contrib/unbound/doc/libunbound.rst
new file mode 100644
index 000000000000..97883dc555a3
--- /dev/null
+++ b/contrib/unbound/doc/libunbound.rst
@@ -0,0 +1,491 @@
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+libunbound(3)
+=============
+
+Synopsis
+--------
+
+.. only:: html
+
+    .. code-block:: c
+
+        #include <unbound.h>
+
+        struct ub_ctx * ub_ctx_create(void);
+
+        void ub_ctx_delete(struct ub_ctx* ctx);
+
+        int ub_ctx_set_option(struct ub_ctx* ctx, char* opt, char* val);
+
+        int ub_ctx_get_option(struct ub_ctx* ctx, char* opt, char** val);
+
+        int ub_ctx_config(struct ub_ctx* ctx, char* fname);
+
+        int ub_ctx_set_fwd(struct ub_ctx* ctx, char* addr);
+
+        int ub_ctx_set_stub(struct ub_ctx* ctx, char* zone, char* addr,
+                            int isprime);
+
+        int ub_ctx_set_tls(struct ub_ctx* ctx, int tls);
+
+        int ub_ctx_resolvconf(struct ub_ctx* ctx, char* fname);
+
+        int ub_ctx_hosts(struct ub_ctx* ctx, char* fname);
+
+        int ub_ctx_add_ta(struct ub_ctx* ctx, char* ta);
+
+        int ub_ctx_add_ta_autr(struct ub_ctx* ctx, char* fname);
+
+        int ub_ctx_add_ta_file(struct ub_ctx* ctx, char* fname);
+
+        int ub_ctx_trustedkeys(struct ub_ctx* ctx, char* fname);
+
+        int ub_ctx_debugout(struct ub_ctx* ctx, FILE* out);
+
+        int ub_ctx_debuglevel(struct ub_ctx* ctx, int d);
+
+        int ub_ctx_async(struct ub_ctx* ctx, int dothread);
+
+        int ub_poll(struct ub_ctx* ctx);
+
+        int ub_wait(struct ub_ctx* ctx);
+
+        int ub_fd(struct ub_ctx* ctx);
+
+        int ub_process(struct ub_ctx* ctx);
+
+        int ub_resolve(struct ub_ctx* ctx, char* name, int rrtype,
+                       int rrclass, struct ub_result** result);
+
+        int ub_resolve_async(struct ub_ctx* ctx, char* name, int rrtype,
+                             int rrclass, void* mydata, ub_callback_type callback,
+                             int* async_id);
+
+        int ub_cancel(struct ub_ctx* ctx, int async_id);
+
+        void ub_resolve_free(struct ub_result* result);
+
+        const char * ub_strerror(int err);
+
+        int ub_ctx_print_local_zones(struct ub_ctx* ctx);
+
+        int ub_ctx_zone_add(struct ub_ctx* ctx, char* zone_name, char* zone_type);
+
+        int ub_ctx_zone_remove(struct ub_ctx* ctx, char* zone_name);
+
+        int ub_ctx_data_add(struct ub_ctx* ctx, char* data);
+
+        int ub_ctx_data_remove(struct ub_ctx* ctx, char* data);
+
+.. only:: man
+
+    **#include <unbound.h>**
+
+    struct ub_ctx \* **ub_ctx_create**\ (void);
+
+    void **ub_ctx_delete**\ (struct ub_ctx\* ctx);
+
+    int **ub_ctx_set_option**\ (struct ub_ctx\* ctx, char\* opt, char\* val);
+
+    int **ub_ctx_get_option**\ (struct ub_ctx\* ctx, char\* opt, char\*\* val);
+
+    int **ub_ctx_config**\ (struct ub_ctx\* ctx, char* fname);
+
+    int **ub_ctx_set_fwd**\ (struct ub_ctx\* ctx, char\* addr);
+
+    int **ub_ctx_set_stub**\ (struct ub_ctx\* ctx, char\* zone, char\* addr,
+        int isprime);
+
+    int **ub_ctx_set_tls**\ (struct ub_ctx\* ctx, int tls);
+
+    int **ub_ctx_resolvconf**\ (struct ub_ctx\* ctx, char\* fname);
+
+    int **ub_ctx_hosts**\ (struct ub_ctx\* ctx, char\* fname);
+
+    int **ub_ctx_add_ta**\ (struct ub_ctx\* ctx, char\* ta);
+
+    int **ub_ctx_add_ta_autr**\ (struct ub_ctx\* ctx, char\* fname);
+
+    int **ub_ctx_add_ta_file**\ (struct ub_ctx\* ctx, char\* fname);
+
+    int **ub_ctx_trustedkeys**\ (struct ub_ctx\* ctx, char\* fname);
+
+    int **ub_ctx_debugout**\ (struct ub_ctx\* ctx, FILE\* out);
+
+    int **ub_ctx_debuglevel**\ (struct ub_ctx\* ctx, int d);
+
+    int **ub_ctx_async**\ (struct ub_ctx\* ctx, int dothread);
+
+    int **ub_poll**\ (struct ub_ctx\* ctx);
+
+    int **ub_wait**\ (struct ub_ctx\* ctx);
+
+    int **ub_fd**\ (struct ub_ctx\* ctx);
+
+    int **ub_process**\ (struct ub_ctx\* ctx);
+
+    int **ub_resolve**\ (struct ub_ctx\* ctx, char\* name,
+        int rrtype, int rrclass, struct ub_result\*\* result);
+
+    int **ub_resolve_async**\ (struct ub_ctx\* ctx, char\* name,
+        int rrtype, int rrclass, void\* mydata,
+        ub_callback_type\* callback, int\* async_id);
+
+    int **ub_cancel**\ (struct ub_ctx\* ctx, int async_id);
+
+    void **ub_resolve_free**\ (struct ub_result\* result);
+
+    const char \* **ub_strerror**\ (int err);
+
+    int **ub_ctx_print_local_zones**\ (struct ub_ctx\* ctx);
+
+    int **ub_ctx_zone_add**\ (struct ub_ctx\* ctx, char\* zone_name, char\* zone_type);
+
+    int **ub_ctx_zone_remove**\ (struct ub_ctx\* ctx, char\* zone_name);
+
+    int **ub_ctx_data_add**\ (struct ub_ctx\* ctx, char\* data);
+
+    int **ub_ctx_data_remove**\ (struct ub_ctx\* ctx, char\* data);
+
+Description
+-----------
+
+Unbound is an implementation of a DNS resolver, that does caching and DNSSEC
+validation.
+This is the library API, for using the ``-lunbound`` library.
+The server daemon is described in :doc:`unbound(8)</manpages/unbound>`.
+The library works independent from a running unbound server, and can be used to
+convert hostnames to ip addresses, and back, and obtain other information from
+the DNS.
+The library performs public-key validation of results with DNSSEC.
+
+The library uses a variable of type *struct ub_ctx* to keep context between
+calls.
+The user must maintain it, creating it with **ub_ctx_create** and deleting it
+with **ub_ctx_delete**.
+It can be created and deleted at any time.
+Creating it anew removes any previous configuration (such as trusted keys) and
+clears any cached results.
+
+The functions are thread-safe, and a context can be used in a threaded (as well
+as in a non-threaded) environment.
+Also resolution (and validation) can be performed blocking and non-blocking
+(also called asynchronous).
+The async method returns from the call immediately, so that processing can go
+on, while the results become available later.
+
+The functions are discussed in turn below.
+
+Functions
+---------
+
+.. glossary::
+
+    ub_ctx_create
+        Create a new context, initialised with defaults.
+        The information from :file:`/etc/resolv.conf` and :file:`/etc/hosts` is
+        not utilised by default.
+        Use **ub_ctx_resolvconf** and **ub_ctx_hosts** to read them.
+        Before you call this, use the openssl functions
+        **CRYPTO_set_id_callback** and **CRYPTO_set_locking_callback** to set
+        up asynchronous operation if you use lib openssl (the application calls
+        these functions once for initialisation).
+        Openssl 1.0.0 or later uses the **CRYPTO_THREADID_set_callback**
+        function.
+
+    ub_ctx_delete
+        Delete validation context and free associated resources.
+        Outstanding async queries are killed and callbacks are not called for
+        them.
+
+    ub_ctx_set_option
+        A power-user interface that lets you specify one of the options from
+        the config file format, see :doc:`unbound.conf(5)</manpages/unbound.conf>`.
+        Not all options are relevant.
+        For some specific options, such as adding trust anchors, special
+        routines exist.
+        Pass the option name with the trailing ``':'``.
+
+    ub_ctx_get_option
+        A power-user interface that gets an option value.
+        Some options cannot be gotten, and others return a newline separated
+        list.
+        Pass the option name without trailing ``':'``.
+        The returned value must be free(2)d by the caller.
+
+    ub_ctx_config
+        A power-user interface that lets you specify an unbound config file,
+        see :doc:`unbound.conf(5)</manpages/unbound.conf>`, which is read for
+        configuration.
+        Not all options are relevant.
+        For some specific options, such as adding trust anchors, special
+        routines exist.
+        This function is thread-safe only if a single instance of **ub_ctx**\*
+        exists in the application.
+        If several instances exist the application has to ensure that
+        **ub_ctx_config** is not called in parallel by the different instances.
+
+    ub_ctx_set_fwd
+        Set machine to forward DNS queries to, the caching resolver to use.
+        IP4 or IP6 address.
+        Forwards all DNS requests to that machine, which is expected to run a
+        recursive resolver.
+        If the proxy is not DNSSEC capable, validation may fail.
+        Can be called several times, in that case the addresses are used as
+        backup servers.
+        At this time it is only possible to set configuration before the first
+        resolve is done.
+
+    ub_ctx_set_stub
+        Set a stub zone, authoritative dns servers to use for a particular
+        zone.
+        IP4 or IP6 address.
+        If the address is NULL the stub entry is removed.
+        Set isprime true if you configure root hints with it.
+        Otherwise similar to the stub zone item from unbound's config file.
+        Can be called several times, for different zones, or to add multiple
+        addresses for a particular zone.
+        At this time it is only possible to set configuration before the first
+        resolve is done.
+
+    ub_ctx_set_tls
+        Enable DNS over TLS (DoT) for machines set with **ub_ctx_set_fwd**.
+        At this time it is only possible to set configuration before the first
+        resolve is done.
+
+    ub_ctx_resolvconf
+        By default the root servers are queried and full resolver mode is used,
+        but you can use this call to read the list of nameservers to use from
+        the filename given.
+        Usually :file:`"/etc/resolv.conf"`.
+        Uses those nameservers as caching proxies.
+        If they do not support DNSSEC, validation may fail.
+        Only nameservers are picked up, the searchdomain, ndots and other
+        settings from *resolv.conf(5)* are ignored.
+        If fname NULL is passed, :file:`"/etc/resolv.conf"` is used (if on
+        Windows, the system-wide configured nameserver is picked instead).
+        At this time it is only possible to set configuration before the first
+        resolve is done.
+
+    ub_ctx_hosts
+        Read list of hosts from the filename given.
+        Usually :file:`"/etc/hosts"`.
+        When queried for, these addresses are not marked DNSSEC secure.
+        If fname NULL is passed, :file:`"/etc/hosts"` is used (if on Windows,
+        :file:`etc/hosts` from WINDIR is picked instead).
+        At this time it is only possible to set configuration before the first
+        resolve is done.
+
+    ub_ctx_add_ta
+        Add a trust anchor to the given context.
+        At this time it is only possible to add trusted keys before the first
+        resolve is done.
+        The format is a string, similar to the zone-file format,
+        **[domainname]** **[type]** **[rdata contents]**.
+        Both DS and DNSKEY records are accepted.
+
+    ub_ctx_add_ta_autr
+        Add filename with automatically tracked trust anchor to the given
+        context.
+        Pass name of a file with the managed trust anchor.
+        You can create this file with
+        :doc:`unbound-anchor(8)</manpages/unbound-anchor>` for the root anchor.
+        You can also create it with an initial file with one line with a DNSKEY
+        or DS record.
+        If the file is writable, it is updated when the trust anchor changes.
+        At this time it is only possible to add trusted keys before the first
+        resolve is done.
+
+    ub_ctx_add_ta_file
+        Add trust anchors to the given context.
+        Pass name of a file with DS and DNSKEY records in zone file format.
+        At this time it is only possible to add trusted keys before the first
+        resolve is done.
+
+    ub_ctx_trustedkeys
+        Add trust anchors to the given context.
+        Pass the name of a bind-style config file with ``trusted-keys{}``.
+        At this time it is only possible to add trusted keys before the first
+        resolve is done.
+
+    ub_ctx_debugout
+        Set debug and error log output to the given stream.
+        Pass NULL to disable output.
+        Default is stderr.
+        File-names or using syslog can be enabled using config options, this
+        routine is for using your own stream.
+
+    ub_ctx_debuglevel
+        Set debug verbosity for the context.
+        Output is directed to stderr.
+        Higher debug level gives more output.
+
+    ub_ctx_async
+        Set a context behaviour for asynchronous action.
+        if set to true, enables threading and a call to **ub_resolve_async**
+        creates a thread to handle work in the background.
+        If false, a process is forked to handle work in the background.
+        Changes to this setting after **ub_resolve_async** calls have been made
+        have no effect (delete and re-create the context to change).
+
+    ub_poll
+        Poll a context to see if it has any new results.
+        Do not poll in a loop, instead extract the **fd** below to poll for
+        readiness, and then check, or wait using the wait routine.
+        Returns 0 if nothing to read, or nonzero if a result is available.
+        If nonzero, call **ub_process** to do callbacks.
+
+    ub_wait
+        Wait for a context to finish with results.
+        Calls **ub_process** after the wait for you.
+        After the wait, there are no more outstanding asynchronous queries.
+
+    ub_fd 
+        Get file descriptor.
+        Wait for it to become readable, at this point answers are returned from
+        the asynchronous validating resolver.
+        Then call the **ub_process** to continue processing.
+
+    ub_process
+        Call this routine to continue processing results from the validating
+        resolver (when the **fd** becomes readable).
+        Will perform necessary callbacks.
+
+    ub_resolve
+        Perform resolution and validation of the target name.
+        The name is a domain name in a zero terminated text string.
+        The rrtype and rrclass are DNS type and class codes.
+        The result structure is newly allocated with the resulting data.
+
+    ub_resolve_async
+        Perform asynchronous resolution and validation of the target name.
+        Arguments mean the same as for **ub_resolve** except no data is
+        returned immediately, instead a callback is called later.
+        The callback receives a copy of the mydata pointer, that you can use to
+        pass information to the callback.
+        The callback type is a function pointer to a function declared as:
+
+        .. code-block:: c
+
+            void my_callback_function(void* my_arg, int err,
+                            struct ub_result* result);
+
+        The **async_id** is returned so you can (at your option) decide to
+        track it and cancel the request if needed.
+        If you pass a NULL pointer the **async_id** is not returned.
+
+    ub_cancel
+        Cancel an async query in progress.
+        This may return an error if the query does not exist, or the query is
+        already being delivered, in that case you may still get a callback for
+        the query.
+
+    ub_resolve_free
+        Free struct **ub_result** contents after use.
+
+    ub_strerror
+        Convert error value from one of the unbound library functions to a
+        human readable string.
+
+    ub_ctx_print_local_zones
+        Debug printout the local authority information to debug output.
+
+    ub_ctx_zone_add
+        Add new zone to local authority info, like local-zone
+        :doc:`unbound.conf(5)</manpages/unbound.conf>` statement.
+
+    ub_ctx_zone_remove
+        Delete zone from local authority info.
+
+    ub_ctx_data_add
+        Add resource record data to local authority info, like local-data
+        :doc:`unbound.conf(5)</manpages/unbound.conf>` statement.
+
+    ub_ctx_data_remove
+        Delete local authority data from the name given.
+
+Result Data structure
+---------------------
+
+The result of the DNS resolution and validation is returned as *struct
+ub_result*.
+The result structure contains the following entries:
+
+.. code-block:: c
+
+    struct ub_result {
+         char* qname;         /* text string, original question */
+         int qtype;           /* type code asked for */
+         int qclass;          /* class code asked for */
+         char** data;         /* array of rdata items, NULL terminated*/
+         int* len;            /* array with lengths of rdata items */
+         char* canonname;     /* canonical name of result */
+         int rcode;           /* additional error code in case of no data */
+         void* answer_packet; /* full network format answer packet */
+         int answer_len;      /* length of packet in octets */
+         int havedata;        /* true if there is data */
+         int nxdomain;        /* true if nodata because name does not exist */
+         int secure;          /* true if result is secure */
+         int bogus;           /* true if a security failure happened */
+         char* why_bogus;     /* string with error if bogus */
+         int was_ratelimited; /* true if the query was ratelimited (SERVFAIL) by unbound */
+         int ttl;             /* number of seconds the result is valid */
+    };
+
+If both secure and bogus are false, security was not enabled for the domain of
+the query.
+Else, they are not both true, one of them is true.
+
+Return Values
+-------------
+
+Many routines return an error code.
+The value 0 (zero) denotes no error happened.
+Other values can be passed to **ub_strerror** to obtain a readable error
+string.
+**ub_strerror** returns a zero terminated string.
+**ub_ctx_create** returns NULL on an error (a malloc failure).
+**ub_poll** returns true if some information may be available, false otherwise.
+**ub_fd** returns a file descriptor or -1 on error.
+**ub_ctx_config** and **ub_ctx_resolvconf** attempt to leave errno informative
+on a function return with file read failure.
+
+See Also
+--------
+
+:doc:`unbound.conf(5)</manpages/unbound.conf>`, :doc:`unbound(8)</manpages/unbound>`.
diff --git a/contrib/unbound/doc/unbound-anchor.8.in b/contrib/unbound/doc/unbound-anchor.8.in
index f93c5d0cd045..f9cf83fdcd99 100644
--- a/contrib/unbound/doc/unbound-anchor.8.in
+++ b/contrib/unbound/doc/unbound-anchor.8.in
@@ -1,189 +1,300 @@
-.TH "unbound-anchor" "8" "Jul 16, 2025" "NLnet Labs" "unbound 1.23.1"
-.\"
-.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
-.\"
-.\" Copyright (c) 2008, NLnet Labs. All rights reserved.
-.\"
-.\" See LICENSE for the license.
-.\"
-.\"
-.SH "NAME"
-.B unbound\-anchor
-\- Unbound anchor utility.
-.SH "SYNOPSIS"
-.B unbound\-anchor
-.RB [ opts ]
-.SH "DESCRIPTION"
-.B Unbound\-anchor
-performs setup or update of the root trust anchor for DNSSEC validation.
-The program fetches the trust anchor with the method from RFC7958 when
-regular RFC5011 update fails to bring it up to date.
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "UNBOUND-ANCHOR" "8" "Oct 22, 2025" "1.24.1" "Unbound"
+.SH NAME
+unbound-anchor \- Unbound 1.24.1 anchor utility.
+.SH SYNOPSIS
+.sp
+\fBunbound\-anchor\fP [\fBopts\fP]
+.SH DESCRIPTION
+.sp
+\fBunbound\-anchor\fP performs setup or update of the root trust anchor for DNSSEC
+validation.
+The program fetches the trust anchor with the method from \fI\%RFC 7958\fP when
+regular \fI\%RFC 5011\fP update fails to bring it up to date.
 It can be run (as root) from the commandline, or run as part of startup
-scripts.  Before you start the \fIunbound\fR(8) DNS server.
-.P
+scripts.
+Before you start the \fI\%unbound(8)\fP DNS server.
+.sp
 Suggested usage:
-.P
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-	# in the init scripts.
-	# provide or update the root anchor (if necessary)
-	unbound-anchor \-a "@UNBOUND_ROOTKEY_FILE@"
-	# Please note usage of this root anchor is at your own risk
-	# and under the terms of our LICENSE (see source).
-	#
-	# start validating resolver
-	# the unbound.conf contains:
-	#   auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
-	unbound \-c unbound.conf
+.ft C
+# in the init scripts.
+# provide or update the root anchor (if necessary)
+unbound\-anchor \-a \(dq@UNBOUND_ROOTKEY_FILE@\(dq
+# Please note usage of this root anchor is at your own risk
+# and under the terms of our LICENSE (see source).
+#
+# start validating resolver
+# the unbound.conf contains:
+# auto\-trust\-anchor\-file: \(dq@UNBOUND_ROOTKEY_FILE@\(dq
+unbound \-c unbound.conf
+.ft P
 .fi
-.P
-This tool provides builtin default contents for the root anchor and root
-update certificate files.
-.P
+.UNINDENT
+.UNINDENT
+.sp
+This tool provides builtin default contents for the root anchor and root update
+certificate files.
+.sp
 It tests if the root anchor file works, and if not, and an update is possible,
 attempts to update the root anchor using the root update certificate.
-It performs a https fetch of root-anchors.xml and checks the results (RFC7958),
-if all checks are successful, it updates the root anchor file.  Otherwise
-the root anchor file is unchanged.  It performs RFC5011 tracking if the
-DNSSEC information available via the DNS makes that possible.
-.P
-It does not perform an update if the certificate is expired, if the network
-is down or other errors occur.
-.P
+It performs a https fetch of
+\fI\%root\-anchors.xml\fP
+and checks the results (\fI\%RFC 7958\fP); if all checks are successful, it updates
+the root anchor file.
+Otherwise the root anchor file is unchanged.
+It performs \fI\%RFC 5011\fP tracking if the DNSSEC information available via the
+DNS makes that possible.
+.sp
+It does not perform an update if the certificate is expired, if the network is
+down or other errors occur.
+.sp
 The available options are:
+.INDENT 0.0
 .TP
-.B \-a \fIfile
+.B \-a <file>
 The root anchor key file, that is read in and written out.
-Default is @UNBOUND_ROOTKEY_FILE@.
-If the file does not exist, or is empty, a builtin root key is written to it.
+Default is \fB@UNBOUND_ROOTKEY_FILE@\fP\&.
+If the file does not exist, or is empty, a builtin root key is written
+to it.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-c \fIfile
+.B \-c <file>
 The root update certificate file, that is read in.
-Default is @UNBOUND_ROOTCERT_FILE@.
+Default is \fB@UNBOUND_ROOTCERT_FILE@\fP\&.
 If the file does not exist, or is empty, a builtin certificate is used.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-l
 List the builtin root key and builtin root update certificate on stdout.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-u \fIname
-The server name, it connects to https://name.  Specify without https:// prefix.
-The default is "data.iana.org".  It connects to the port specified with \-P.
+.B \-u <name>
+The server name, it connects to \fBhttps://name\fP\&.
+Specify without \fBhttps://\fP prefix.
+The default is \fB\(dqdata.iana.org\(dq\fP\&.
+It connects to the port specified with \fI\%\-P\fP\&.
 You can pass an IPv4 address or IPv6 address (no brackets) if you want.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-S
-Do not use SNI for the HTTPS connection.  Default is to use SNI.
+Do not use SNI for the HTTPS connection.
+Default is to use SNI.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-b \fIaddress
-The source address to bind to for domain resolution and contacting the server
-on https.  May be either an IPv4 address or IPv6 address (no brackets).
+.B \-b <address>
+The source address to bind to for domain resolution and contacting the
+server on https.
+May be either an IPv4 address or IPv6 address (no brackets).
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-x \fIpath
-The pathname to the root\-anchors.xml file on the server. (forms URL with \-u).
-The default is /root\-anchors/root\-anchors.xml.
+.B \-x <path>
+The pathname to the root\-anchors.xml file on the server.
+(forms URL with \fI\%\-u\fP).
+The default is \fB/root\-anchors/root\-anchors.xml\fP\&.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-s \fIpath
-The pathname to the root\-anchors.p7s file on the server. (forms URL with \-u).
-The default is /root\-anchors/root\-anchors.p7s.  This file has to be a PKCS7
-signature over the xml file, using the pem file (\-c) as trust anchor.
+.B \-s <path>
+The pathname to the root\-anchors.p7s file on the server.
+(forms URL with \fI\%\-u\fP).
+The default is \fB/root\-anchors/root\-anchors.p7s\fP\&.
+This file has to be a PKCS7 signature over the xml file, using the pem
+file (\fI\%\-c\fP) as trust anchor.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-n \fIname
-The emailAddress for the Subject of the signer's certificate from the p7s
-signature file.  Only signatures from this name are allowed.  default is
-dnssec@iana.org.  If you pass "" then the emailAddress is not checked.
+.B \-n <name>
+The emailAddress for the Subject of the signer\(aqs certificate from the
+p7s signature file.
+Only signatures from this name are allowed.
+The default is \fBdnssec@iana.org\fP\&.
+If you pass \fB\(dq\(dq\fP then the emailAddress is not checked.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-4
-Use IPv4 for domain resolution and contacting the server on https.  Default is
-to use IPv4 and IPv6 where appropriate.
+Use IPv4 for domain resolution and contacting the server on
+https.
+Default is to use IPv4 and IPv6 where appropriate.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-6
-Use IPv6 for domain resolution and contacting the server on https.  Default is
-to use IPv4 and IPv6 where appropriate.
-.TP
-.B \-f \fIresolv.conf
-Use the given resolv.conf file.  Not enabled by default, but you could try to
-pass /etc/resolv.conf on some systems.  It contains the IP addresses of the
-recursive nameservers to use.  However, since this tool could be used to
-bootstrap that very recursive nameserver, it would not be useful (since
-that server is not up yet, since we are bootstrapping it).  It could be
-useful in a situation where you know an upstream cache is deployed (and
-running) and in captive portal situations.
-.TP
-.B \-r \fIroot.hints
-Use the given root.hints file (same syntax as the BIND and Unbound root hints
-file) to bootstrap domain resolution.  By default a list of builtin root
-hints is used.  Unbound\-anchor goes to the network itself for these roots,
-to resolve the server (\-u option) and to check the root DNSKEY records.
+Use IPv6 for domain resolution and contacting the server on https.
+Default is to use IPv4 and IPv6 where appropriate.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-f <resolv.conf>
+Use the given resolv.conf file.
+Not enabled by default, but you could try to pass
+\fB/etc/resolv.conf\fP on some systems.
+It contains the IP addresses of the recursive nameservers to use.
+However, since this tool could be used to bootstrap that very recursive
+nameserver, it would not be useful (since that server is not up yet,
+since we are bootstrapping it).
+It could be useful in a situation where you know an upstream cache is
+deployed (and running) and in captive portal situations.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-r <root.hints>
+Use the given root.hints file (same syntax as the BIND and Unbound root
+hints file) to bootstrap domain resolution.
+By default a list of builtin root hints is used.
+unbound\-anchor goes to the network itself for these roots, to resolve
+the server (\fI\%\-u\fP option) and to check the root DNSKEY records.
 It does so, because the tool when used for bootstrapping the recursive
-resolver, cannot use that recursive resolver itself because it is bootstrapping
-that server.
+resolver, cannot use that recursive resolver itself because it is
+bootstrapping that server.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-R
-Allow fallback from \-f resolv.conf file to direct root servers query.
-It allows you to prefer local resolvers, but fallback automatically
-to direct root query if they do not respond or do not support DNSSEC.
+Allow fallback from \fI\%\-f\fP \fB<resolv.conf>\fP file to direct root
+servers query.
+It allows you to prefer local resolvers, but fallback automatically to
+direct root query if they do not respond or do not support DNSSEC.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-v
-More verbose. Once prints informational messages, multiple times may enable
-large debug amounts (such as full certificates or byte\-dumps of downloaded
-files).  By default it prints almost nothing.  It also prints nothing on
-errors by default; in that case the original root anchor file is simply
-left undisturbed, so that a recursive server can start right after it.
+More verbose.
+Once prints informational messages, multiple times may enable large
+debug amounts (such as full certificates or byte\-dumps of downloaded
+files).
+By default it prints almost nothing.
+It also prints nothing on errors by default; in that case the original
+root anchor file is simply left undisturbed, so that a recursive server
+can start right after it.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-C \fIunbound.conf
-Debug option to read unbound.conf into the resolver process used.
+.B \-C <unbound.conf>
+Debug option to read \fB<unbound.conf>\fP into the resolver process
+used.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-P \fIport
-Set the port number to use for the https connection.  The default is 443.
+.B \-P <port>
+Set the port number to use for the https connection.
+The default is 443.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-F
-Debug option to force update of the root anchor through downloading the xml
-file and verifying it with the certificate.  By default it first tries to
-update by contacting the DNS, which uses much less bandwidth, is much
-faster (200 msec not 2 sec), and is nicer to the deployed infrastructure.
-With this option, it still attempts to do so (and may verbosely tell you),
-but then ignores the result and goes on to use the xml fallback method.
+Debug option to force update of the root anchor through downloading the
+xml file and verifying it with the certificate.
+By default it first tries to update by contacting the DNS, which uses
+much less bandwidth, is much faster (200 msec not 2 sec), and is nicer
+to the deployed infrastructure.
+With this option, it still attempts to do so (and may verbosely tell
+you), but then ignores the result and goes on to use the xml fallback
+method.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-h
 Show the version and commandline option help.
-.SH "EXIT CODE"
+.UNINDENT
+.SH EXIT CODE
+.sp
 This tool exits with value 1 if the root anchor was updated using the
-certificate or if the builtin root-anchor was used.  It exits with code
-0 if no update was necessary, if the update was possible with RFC5011
-tracking, or if an error occurred.
-.P
+certificate or if the builtin root\-anchor was used.
+It exits with code 0 if no update was necessary, if the update was possible
+with \fI\%RFC 5011\fP tracking, or if an error occurred.
+.sp
 You can check the exit value in this manner:
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-	unbound-anchor \-a "root.key" || logger "Please check root.key"
+.ft C
+unbound\-anchor \-a \(dqroot.key\(dq || logger \(dqPlease check root.key\(dq
+.ft P
 .fi
+.UNINDENT
+.UNINDENT
+.sp
 Or something more suitable for your operational environment.
-.SH "TRUST"
-The root keys and update certificate included in this tool
-are provided for convenience and under the terms of our
-license (see the LICENSE file in the source distribution or
-https://github.com/NLnetLabs/unbound/blob/master/LICENSE) and might be stale or
-not suitable to your purpose.
-.P
-By running "unbound\-anchor \-l" the  keys and certificate that are
+.SH TRUST
+.sp
+The root keys and update certificate included in this tool are provided for
+convenience and under the terms of our license (see the LICENSE file in the
+source distribution or \fI\%https://github.com/NLnetLabs/unbound/blob/master/LICENSE\fP
+and might be stale or not suitable to your purpose.
+.sp
+By running \fI\%unbound\-anchor \-l\fP the keys and certificate that are
 configured in the code are printed for your convenience.
-.P
-The build\-in configuration can be overridden by providing a root\-cert
-file and a rootkey file.
-.SH "FILES"
+.sp
+The built\-in configuration can be overridden by providing a root\-cert file and
+a rootkey file.
+.SH FILES
+.INDENT 0.0
 .TP
-.I @UNBOUND_ROOTKEY_FILE@
-The root anchor file, updated with 5011 tracking, and read and written to.
+.B @UNBOUND_ROOTKEY_FILE@
+The root anchor file, updated with 5011 tracking, and read and written
+to.
 The file is created if it does not exist.
 .TP
-.I @UNBOUND_ROOTCERT_FILE@
-The trusted self\-signed certificate that is used to verify the downloaded
-DNSSEC root trust anchor.  You can update it by fetching it from
-https://data.iana.org/root\-anchors/icannbundle.pem (and validate it).
+.B @UNBOUND_ROOTCERT_FILE@
+The trusted self\-signed certificate that is used to verify the
+downloaded DNSSEC root trust anchor.
+You can update it by fetching it from
+\fI\%https://data.iana.org/root\-anchors/icannbundle.pem\fP (and validate it).
 If the file does not exist or is empty, a builtin version is used.
 .TP
-.I https://data.iana.org/root\-anchors/root\-anchors.xml
+.B \fI\%https://data.iana.org/root\-anchors/root\-anchors.xml\fP
 Source for the root key information.
 .TP
-.I https://data.iana.org/root\-anchors/root\-anchors.p7s
+.B \fI\%https://data.iana.org/root\-anchors/root\-anchors.p7s\fP
 Signature on the root key information.
-.SH "SEE ALSO"
-\fIunbound.conf\fR(5),
-\fIunbound\fR(8).
+.UNINDENT
+.SH SEE ALSO
+.sp
+\fI\%unbound.conf(5)\fP,
+\fI\%unbound(8)\fP\&.
+.SH AUTHOR
+Unbound developers are mentioned in the CREDITS file in the distribution.
+.SH COPYRIGHT
+1999-2025, NLnet Labs
+.\" Generated by docutils manpage writer.
+.
diff --git a/contrib/unbound/doc/unbound-anchor.rst b/contrib/unbound/doc/unbound-anchor.rst
new file mode 100644
index 000000000000..480db8eeb8c9
--- /dev/null
+++ b/contrib/unbound/doc/unbound-anchor.rst
@@ -0,0 +1,281 @@
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+.. program:: unbound-anchor
+
+unbound-anchor(8)
+=================
+
+Synopsis
+--------
+
+**unbound-anchor** [``opts``]
+
+Description
+-----------
+
+``unbound-anchor`` performs setup or update of the root trust anchor for DNSSEC
+validation.
+The program fetches the trust anchor with the method from :rfc:`7958` when
+regular :rfc:`5011` update fails to bring it up to date.
+It can be run (as root) from the commandline, or run as part of startup
+scripts.
+Before you start the :doc:`unbound(8)</manpages/unbound>` DNS server.
+
+Suggested usage:
+
+.. code-block:: text
+
+   # in the init scripts.
+   # provide or update the root anchor (if necessary)
+   unbound-anchor -a "@UNBOUND_ROOTKEY_FILE@"
+   # Please note usage of this root anchor is at your own risk
+   # and under the terms of our LICENSE (see source).
+   #
+   # start validating resolver
+   # the unbound.conf contains:
+   # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
+   unbound -c unbound.conf
+
+This tool provides builtin default contents for the root anchor and root update
+certificate files.
+
+It tests if the root anchor file works, and if not, and an update is possible,
+attempts to update the root anchor using the root update certificate.
+It performs a https fetch of
+`root-anchors.xml <http://data.iana.org/root-anchors/root-anchors.xml>`__
+and checks the results (:rfc:`7958`); if all checks are successful, it updates
+the root anchor file.
+Otherwise the root anchor file is unchanged.
+It performs :rfc:`5011` tracking if the DNSSEC information available via the
+DNS makes that possible.
+
+It does not perform an update if the certificate is expired, if the network is
+down or other errors occur.
+
+The available options are:
+
+.. option:: -a <file>
+
+       The root anchor key file, that is read in and written out.
+       Default is :file:`@UNBOUND_ROOTKEY_FILE@`.
+       If the file does not exist, or is empty, a builtin root key is written
+       to it.
+
+.. option:: -c <file>
+
+       The root update certificate file, that is read in.
+       Default is :file:`@UNBOUND_ROOTCERT_FILE@`.
+       If the file does not exist, or is empty, a builtin certificate is used.
+
+.. option:: -l
+
+       List the builtin root key and builtin root update certificate on stdout.
+
+.. option:: -u <name>
+
+       The server name, it connects to ``https://name``.
+       Specify without ``https://`` prefix.
+       The default is ``"data.iana.org"``.
+       It connects to the port specified with :option:`-P`.
+       You can pass an IPv4 address or IPv6 address (no brackets) if you want.
+
+.. option:: -S
+
+       Do not use SNI for the HTTPS connection.
+       Default is to use SNI.
+
+.. option:: -b <address>
+
+       The source address to bind to for domain resolution and contacting the
+       server on https.
+       May be either an IPv4 address or IPv6 address (no brackets).
+
+.. option:: -x <path>
+
+       The pathname to the root-anchors.xml file on the server.
+       (forms URL with :option:`-u`).
+       The default is :file:`/root-anchors/root-anchors.xml`.
+
+.. option:: -s <path>
+
+       The pathname to the root-anchors.p7s file on the server.
+       (forms URL with :option:`-u`).
+       The default is :file:`/root-anchors/root-anchors.p7s`.
+       This file has to be a PKCS7 signature over the xml file, using the pem
+       file (:option:`-c`) as trust anchor.
+
+.. option:: -n <name>
+
+       The emailAddress for the Subject of the signer's certificate from the
+       p7s signature file.
+       Only signatures from this name are allowed.
+       The default is ``dnssec@iana.org``.
+       If you pass ``""`` then the emailAddress is not checked.
+
+.. option:: -4
+
+       Use IPv4 for domain resolution and contacting the server on
+       https.
+       Default is to use IPv4 and IPv6 where appropriate.
+
+.. option:: -6
+
+       Use IPv6 for domain resolution and contacting the server on https.
+       Default is to use IPv4 and IPv6 where appropriate.
+
+.. option:: -f <resolv.conf>
+
+       Use the given resolv.conf file.
+       Not enabled by default, but you could try to pass
+       :file:`/etc/resolv.conf` on some systems.
+       It contains the IP addresses of the recursive nameservers to use.
+       However, since this tool could be used to bootstrap that very recursive
+       nameserver, it would not be useful (since that server is not up yet,
+       since we are bootstrapping it).
+       It could be useful in a situation where you know an upstream cache is
+       deployed (and running) and in captive portal situations.
+
+.. option:: -r <root.hints>
+
+       Use the given root.hints file (same syntax as the BIND and Unbound root
+       hints file) to bootstrap domain resolution.
+       By default a list of builtin root hints is used.
+       unbound-anchor goes to the network itself for these roots, to resolve
+       the server (:option:`-u` option) and to check the root DNSKEY records.
+       It does so, because the tool when used for bootstrapping the recursive
+       resolver, cannot use that recursive resolver itself because it is
+       bootstrapping that server.
+
+.. option:: -R
+
+       Allow fallback from :option:`-f` ``<resolv.conf>`` file to direct root
+       servers query.
+       It allows you to prefer local resolvers, but fallback automatically to
+       direct root query if they do not respond or do not support DNSSEC.
+
+.. option:: -v
+
+       More verbose.
+       Once prints informational messages, multiple times may enable large
+       debug amounts (such as full certificates or byte-dumps of downloaded
+       files).
+       By default it prints almost nothing.
+       It also prints nothing on errors by default; in that case the original
+       root anchor file is simply left undisturbed, so that a recursive server
+       can start right after it.
+
+.. option:: -C <unbound.conf>
+
+       Debug option to read :file:`<unbound.conf>` into the resolver process
+       used.
+
+.. option:: -P <port>
+
+       Set the port number to use for the https connection.
+       The default is 443.
+
+.. option:: -F
+
+       Debug option to force update of the root anchor through downloading the
+       xml file and verifying it with the certificate.
+       By default it first tries to update by contacting the DNS, which uses
+       much less bandwidth, is much faster (200 msec not 2 sec), and is nicer
+       to the deployed infrastructure.
+       With this option, it still attempts to do so (and may verbosely tell
+       you), but then ignores the result and goes on to use the xml fallback
+       method.
+
+.. option:: -h
+
+       Show the version and commandline option help.
+
+Exit Code
+---------
+
+This tool exits with value 1 if the root anchor was updated using the
+certificate or if the builtin root-anchor was used.
+It exits with code 0 if no update was necessary, if the update was possible
+with :rfc:`5011` tracking, or if an error occurred.
+
+You can check the exit value in this manner:
+
+.. code-block:: text
+
+       unbound-anchor -a "root.key" || logger "Please check root.key"
+
+Or something more suitable for your operational environment.
+
+Trust
+-----
+
+The root keys and update certificate included in this tool are provided for
+convenience and under the terms of our license (see the LICENSE file in the
+source distribution or https://github.com/NLnetLabs/unbound/blob/master/LICENSE
+and might be stale or not suitable to your purpose.
+
+By running :option:`unbound-anchor -l` the keys and certificate that are
+configured in the code are printed for your convenience.
+
+The built-in configuration can be overridden by providing a root-cert file and
+a rootkey file.
+
+Files
+-----
+
+@UNBOUND_ROOTKEY_FILE@
+       The root anchor file, updated with 5011 tracking, and read and written
+       to.
+       The file is created if it does not exist.
+
+@UNBOUND_ROOTCERT_FILE@
+       The trusted self-signed certificate that is used to verify the
+       downloaded DNSSEC root trust anchor.
+       You can update it by fetching it from
+       https://data.iana.org/root-anchors/icannbundle.pem (and validate it).
+       If the file does not exist or is empty, a builtin version is used.
+
+https://data.iana.org/root-anchors/root-anchors.xml
+       Source for the root key information.
+
+https://data.iana.org/root-anchors/root-anchors.p7s
+       Signature on the root key information.
+
+See Also
+--------
+
+:doc:`unbound.conf(5)</manpages/unbound.conf>`,
+:doc:`unbound(8)</manpages/unbound>`.
diff --git a/contrib/unbound/doc/unbound-checkconf.8.in b/contrib/unbound/doc/unbound-checkconf.8.in
index 8902784bf0c9..e79f20b90603 100644
--- a/contrib/unbound/doc/unbound-checkconf.8.in
+++ b/contrib/unbound/doc/unbound-checkconf.8.in
@@ -1,56 +1,93 @@
-.TH "unbound-checkconf" "8" "Jul 16, 2025" "NLnet Labs" "unbound 1.23.1"
-.\"
-.\" unbound-checkconf.8 -- unbound configuration checker manual
-.\"
-.\" Copyright (c) 2007, NLnet Labs. All rights reserved.
-.\"
-.\" See LICENSE for the license.
-.\"
-.\"
-.SH "NAME"
-unbound\-checkconf
-\- Check Unbound configuration file for errors.
-.SH "SYNOPSIS"
-.B unbound\-checkconf
-.RB [ \-h ]
-.RB [ \-f ]
-.RB [ \-q ]
-.RB [ \-o
-.IR option ]
-.RI [ cfgfile ]
-.SH "DESCRIPTION"
-.B Unbound\-checkconf
-checks the configuration file for the
-\fIunbound\fR(8)
-DNS resolver for syntax and other errors.
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "UNBOUND-CHECKCONF" "8" "Oct 22, 2025" "1.24.1" "Unbound"
+.SH NAME
+unbound-checkconf \- Check Unbound 1.24.1 configuration file for errors.
+.SH SYNOPSIS
+.sp
+\fBunbound\-checkconf\fP [\fB\-hf\fP] [\fB\-o option\fP] [cfgfile]
+.SH DESCRIPTION
+.sp
+\fBunbound\-checkconf\fP checks the configuration file for the
+\fI\%unbound(8)\fP DNS resolver for syntax and other errors.
 The config file syntax is described in
-\fIunbound.conf\fR(5).
-.P
+\fI\%unbound.conf(5)\fP\&.
+.sp
 The available options are:
+.INDENT 0.0
 .TP
 .B \-h
 Show the version and commandline option help.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-f
-Print full pathname, with chroot applied to it.  Use with the \-o option.
-.TP
-.B \-o\fI option
-If given, after checking the config file the value of this option is
-printed to stdout.  For "" (disabled) options an empty line is printed.
+Print full pathname, with chroot applied to it.
+Use with the \fI\%\-o\fP option.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-q
 Make the operation quiet, suppress output on success.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-o <option>
+If given, after checking the config file the value of this option is
+printed to stdout.
+For \fB\(dq\(dq\fP (disabled) options an empty line is printed.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I cfgfile
-The config file to read with settings for Unbound. It is checked.
+.B cfgfile
+The config file to read with settings for Unbound.
+It is checked.
 If omitted, the config file at the default location is checked.
-.SH "EXIT CODE"
-The unbound\-checkconf program exits with status code 1 on error,
-0 for a correct config file.
-.SH "FILES"
+.UNINDENT
+.SH EXIT CODE
+.sp
+The \fBunbound\-checkconf\fP program exits with status code 1 on error, 0 for a
+correct config file.
+.SH FILES
+.INDENT 0.0
 .TP
-.I @ub_conf_file@
+.B @ub_conf_file@
 Unbound configuration file.
-.SH "SEE ALSO"
-\fIunbound.conf\fR(5),
-\fIunbound\fR(8).
+.UNINDENT
+.SH SEE ALSO
+.sp
+\fI\%unbound.conf(5)\fP,
+\fI\%unbound(8)\fP\&.
+.SH AUTHOR
+Unbound developers are mentioned in the CREDITS file in the distribution.
+.SH COPYRIGHT
+1999-2025, NLnet Labs
+.\" Generated by docutils manpage writer.
+.
diff --git a/contrib/unbound/doc/unbound-checkconf.rst b/contrib/unbound/doc/unbound-checkconf.rst
new file mode 100644
index 000000000000..fbaacbee7d8e
--- /dev/null
+++ b/contrib/unbound/doc/unbound-checkconf.rst
@@ -0,0 +1,98 @@
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+.. program:: unbound-checkconf
+
+unbound-checkconf(8)
+====================
+
+Synopsis
+--------
+
+**unbound-checkconf** [``-hf``] [``-o option``] [cfgfile]
+
+Description
+-----------
+
+``unbound-checkconf`` checks the configuration file for the
+:doc:`unbound(8)</manpages/unbound>` DNS resolver for syntax and other errors.
+The config file syntax is described in
+:doc:`unbound.conf(5)</manpages/unbound.conf>`.
+
+The available options are:
+
+.. option:: -h
+
+    Show the version and commandline option help.
+
+.. option:: -f
+
+    Print full pathname, with chroot applied to it.
+    Use with the :option:`-o` option.
+
+.. option:: -q
+
+    Make the operation quiet, suppress output on success.
+
+.. option:: -o <option>
+
+    If given, after checking the config file the value of this option is
+    printed to stdout.
+    For ``""`` (disabled) options an empty line is printed.
+
+.. option:: cfgfile
+
+    The config file to read with settings for Unbound.
+    It is checked.
+    If omitted, the config file at the default location is checked.
+
+Exit Code
+---------
+
+The ``unbound-checkconf`` program exits with status code 1 on error, 0 for a
+correct config file.
+
+Files
+-----
+
+@ub_conf_file@
+    Unbound configuration file.
+
+See Also
+--------
+
+:doc:`unbound.conf(5)</manpages/unbound.conf>`,
+:doc:`unbound(8)</manpages/unbound>`.
diff --git a/contrib/unbound/doc/unbound-control.8.in b/contrib/unbound/doc/unbound-control.8.in
index f7a497782701..6ebab1620c1b 100644
--- a/contrib/unbound/doc/unbound-control.8.in
+++ b/contrib/unbound/doc/unbound-control.8.in
@@ -1,982 +1,1548 @@
-.TH "unbound-control" "8" "Jul 16, 2025" "NLnet Labs" "unbound 1.23.1"
-.\"
-.\" unbound-control.8 -- unbound remote control manual
-.\"
-.\" Copyright (c) 2008, NLnet Labs. All rights reserved.
-.\"
-.\" See LICENSE for the license.
-.\"
-.\"
-.SH "NAME"
-.B unbound\-control,
-.B unbound\-control\-setup
-\- Unbound remote server control utility.
-.SH "SYNOPSIS"
-.B unbound\-control
-.RB [ \-hq ]
-.RB [ \-c
-.IR cfgfile ]
-.RB [ \-s
-.IR server ]
-.IR command
-.SH "DESCRIPTION"
-.B Unbound\-control
-performs remote administration on the \fIunbound\fR(8) DNS server.
-It reads the configuration file, contacts the Unbound server over SSL
-sends the command and displays the result.
-.P
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "UNBOUND-CONTROL" "8" "Oct 22, 2025" "1.24.1" "Unbound"
+.SH NAME
+unbound-control \- Unbound 1.24.1 remote server control utility.
+.SH SYNOPSIS
+.sp
+\fBunbound\-control\fP [\fB\-hq\fP] [\fB\-c cfgfile\fP] [\fB\-s server\fP] command
+.SH DESCRIPTION
+.sp
+\fBunbound\-control\fP performs remote administration on the
+\fI\%unbound(8)\fP DNS server.
+It reads the configuration file, contacts the Unbound server over TLS sends the
+command and displays the result.
+.sp
 The available options are:
+.INDENT 0.0
 .TP
 .B \-h
 Show the version and commandline option help.
-.TP
-.B \-c \fIcfgfile
-The config file to read with settings.  If not given the default
-config file @ub_conf_file@ is used.
-.TP
-.B \-s \fIserver[@port]
-IPv4 or IPv6 address of the server to contact.  If not given, the
-address is read from the config file.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-c <cfgfile>
+The config file to read with settings.
+If not given the default config file
+\fB@ub_conf_file@\fP is used.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-s <server[@port]>
+IPv4 or IPv6 address of the server to contact.
+If not given, the address is read from the config file.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-q
-quiet, if the option is given it does not print anything if it works ok.
-.SH "COMMANDS"
+Quiet, if the option is given it does not print anything if it works ok.
+.UNINDENT
+.SH COMMANDS
+.sp
 There are several commands that the server understands.
-.TP
-.B start
-Start the server. Simply execs \fIunbound\fR(8).  The Unbound executable
-is searched for in the \fBPATH\fR set in the environment.  It is started
-with the config file specified using \fI\-c\fR or the default config file.
-.TP
-.B stop
-Stop the server. The server daemon exits.
-.TP
-.B reload
-Reload the server. This flushes the cache and reads the config file fresh.
-.TP
-.B reload_keep_cache
+.INDENT 0.0
+.TP
+.B start 
+Start the server.
+Simply execs \fI\%unbound(8)\fP\&.
+The \fBunbound\fP executable is searched for in the \fBPATH\fP set in the
+environment.
+It is started with the config file specified using \fI\%\-c\fP or the
+default config file.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stop 
+Stop the server.
+The server daemon exits.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B reload 
+Reload the server.
+This flushes the cache and reads the config file fresh.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B reload_keep_cache 
 Reload the server but try to keep the RRset and message cache if
 (re)configuration allows for it.
-That means the caches sizes and the number of threads must not change between
-reloads.
+That means the caches sizes and the number of threads must not change
+between reloads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B fast_reload \fR[\fI+dpv\fR]
+.B fast_reload [\fB+dpv\fP] 
 Reload the server, but keep downtime to a minimum, so that user queries
-keep seeing service. This needs the code compiled with threads. The config
-is loaded in a thread, and prepared, then it briefly pauses the existing
-server and updates config options. The intent is that the pause does not
-impact the service of user queries. The cache is kept. Also user queries
-worked on are kept and continue, but with the new config options.
-.IP
+keep seeing service.
+This needs the code compiled with threads.
+The config is loaded in a thread, and prepared, then it briefly pauses the
+existing server and updates config options.
+The intent is that the pause does not impact the service of user queries.
+The cache is kept.
+Also user queries worked on are kept and continue, but with the new config
+options.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
 This command is experimental at this time.
-.IP
+.UNINDENT
+.UNINDENT
+.sp
 The amount of temporal memory needed during a fast_reload is twice the
 amount needed for configuration.
-This is because Unbound temporarily needs to store both current configuration
-values and new ones while trying to fast_reload.
+This is because Unbound temporarily needs to store both current
+configuration values and new ones while trying to fast_reload.
 Zones loaded from disk (authority zones and RPZ zones) are included in such
 memory needs.
-.IP
+.sp
 Options that can be changed are for
-forwards,
-stubs,
-views,
-authority zones,
-RPZ zones and
-local zones.
-.IP
+\fI\%forwards\fP,
+\fI\%stubs\fP,
+\fI\%views\fP,
+\fI\%authority zones\fP,
+\fI\%RPZ zones\fP and
+\fI\%local zones\fP\&.
+.sp
 Also
-access-control and similar options,
-interface-action and similar options and
-tcp-connection-limit.
+\fI\%access\-control\fP and similar options,
+\fI\%interface\-action\fP and similar
+options and
+\fI\%tcp\-connection\-limit\fP\&.
 It can reload some
-define-tag
+\fI\%define\-tag\fP
 changes, more on that below.
 Further options include
-insecure-lan-zones,
-domain-insecure,
-trust-anchor-file,
-trust-anchor,
-trusted-keys-file,
-auto-trust-anchor-file,
-edns-client-string,
+\fI\%insecure\-lan\-zones\fP,
+\fI\%domain\-insecure\fP,
+\fI\%trust\-anchor\-file\fP,
+\fI\%trust\-anchor\fP,
+\fI\%trusted\-keys\-file\fP,
+\fI\%auto\-trust\-anchor\-file\fP,
+\fI\%edns\-client\-string\fP,
 ipset,
-log-identity,
-infra-cache-numhosts,
-msg-cache-size,
-rrset-cache-size,
-key-cache-size,
-ratelimit-size,
-neg-cache-size,
-num-queries-per-thread,
-jostle-timeout,
-use-caps-for-id,
-unwanted-reply-threshold,
-tls-use-sni,
-outgoing-tcp-mss,
-ip-dscp,
-max-reuse-tcp-queries,
-tcp-reuse-timeout,
-tcp-auth-query-timeout,
-delay-close.
-.IP
+\fI\%log\-identity\fP,
+\fI\%infra\-cache\-numhosts\fP,
+\fI\%msg\-cache\-size\fP,
+\fI\%rrset\-cache\-size\fP,
+\fI\%key\-cache\-size\fP,
+\fI\%ratelimit\-size\fP,
+\fI\%neg\-cache\-size\fP,
+\fI\%num\-queries\-per\-thread\fP,
+\fI\%jostle\-timeout\fP,
+\fI\%use\-caps\-for\-id\fP,
+\fI\%unwanted\-reply\-threshold\fP,
+\fI\%tls\-use\-sni\fP,
+\fI\%outgoing\-tcp\-mss\fP,
+\fI\%ip\-dscp\fP,
+\fI\%max\-reuse\-tcp\-queries\fP,
+\fI\%tcp\-reuse\-timeout\fP,
+\fI\%tcp\-auth\-query\-timeout\fP,
+\fI\%delay\-close\fP\&.
+\fI\%iter\-scrub\-promiscuous\fP\&.
+.sp
 It does not work with
-interface and
-outgoing-interface changes,
+\fI\%interface\fP and
+\fI\%outgoing\-interface\fP changes,
 also not with
-remote control,
-outgoing-port-permit,
-outgoing-port-avoid,
-msg-buffer-size,
-any **\*-slabs** options and
-statistics-interval changes.
-.IP
-For dnstap these options can be changed:
-dnstap-log-resolver-query-messages,
-dnstap-log-resolver-response-messages,
-dnstap-log-client-query-messages,
-dnstap-log-client-response-messages,
-dnstap-log-forwarder-query-messages and
-dnstap-log-forwarder-response-messages.
-.IP
+\fI\%remote control\fP,
+\fI\%outgoing\-port\-permit\fP,
+\fI\%outgoing\-port\-avoid\fP,
+\fI\%msg\-buffer\-size\fP,
+any \fB*\-slabs\fP options and
+\fI\%statistics\-interval\fP changes.
+.sp
+For \fI\%dnstap\fP these options can be changed:
+\fI\%dnstap\-log\-resolver\-query\-messages\fP,
+\fI\%dnstap\-log\-resolver\-response\-messages\fP,
+\fI\%dnstap\-log\-client\-query\-messages\fP,
+\fI\%dnstap\-log\-client\-response\-messages\fP,
+\fI\%dnstap\-log\-forwarder\-query\-messages\fP and
+\fI\%dnstap\-log\-forwarder\-response\-messages\fP\&.
+.sp
 It does not work with these options:
-dnstap-enable,
-dnstap-bidirectional,
-dnstap-socket-path,
-dnstap-ip,
-dnstap-tls,
-dnstap-tls-server-name,
-dnstap-tls-cert-bundle,
-dnstap-tls-client-key-file and
-dnstap-tls-client-cert-file.
-.IP
+\fI\%dnstap\-enable\fP,
+\fI\%dnstap\-bidirectional\fP,
+\fI\%dnstap\-socket\-path\fP,
+\fI\%dnstap\-ip\fP,
+\fI\%dnstap\-tls\fP,
+\fI\%dnstap\-tls\-server\-name\fP,
+\fI\%dnstap\-tls\-cert\-bundle\fP,
+\fI\%dnstap\-tls\-client\-key\-file\fP and
+\fI\%dnstap\-tls\-client\-cert\-file\fP\&.
+.sp
 The options
-dnstap-send-identity,
-dnstap-send-version,
-dnstap-identity, and
-dnstap-version can be loaded
-when ``+p`` is not used.
-.IP
-The '+v' option makes the output verbose which includes the time it took to do
-the reload.
-With '+vv' it is more verbose which includes the amount of memory that was
-allocated temporarily to perform the reload; this amount of memory can be big
-if the config has large contents.
-In the timing output the 'reload' time is the time during which the server was
-paused.
-.IP
-The '+p' option makes the reload not pause threads, they keep running.
+\fI\%dnstap\-send\-identity\fP,
+\fI\%dnstap\-send\-version\fP,
+\fI\%dnstap\-identity\fP, and
+\fI\%dnstap\-version\fP can be loaded
+when \fB+p\fP is not used.
+.sp
+The \fB+v\fP option makes the output verbose which includes the time it took
+to do the reload.
+With \fB+vv\fP it is more verbose which includes the amount of memory that
+was allocated temporarily to perform the reload; this amount of memory can
+be big if the config has large contents.
+In the timing output the \(aqreload\(aq time is the time during which the server
+was paused.
+.sp
+The \fB+p\fP option makes the reload not pause threads, they keep running.
 Locks are acquired, but items are updated in sequence, so it is possible
 for threads to see an inconsistent state with some options from the old
 and some options from the new config, such as cache TTL parameters from the
-old config and forwards from the new config. The stubs and forwards are
-updated at the same time, so that they are viewed consistently, either old
-or new values together. The option makes the reload time take eg. 3
-microseconds instead of 0.3 milliseconds during which the worker threads are
-interrupted. So, the interruption is much shorter, at the expense of some
-inconsistency. After the reload itself, every worker thread is briefly
-contacted to make them release resources, this makes the delete timing
-a little longer, and takes up time from the remote control servicing
-worker thread.
-.IP
-With the nopause option, the reload does not work to reload some options,
-that fast reload works on without the nopause option: val-bogus-ttl,
-val-override-date, val-sig-skew-min, val-sig-skew-max, val-max-restart,
-val-nsec3-keysize-iterations, target-fetch-policy, outbound-msg-retry,
-max-sent-count, max-query-restarts, do-not-query-address,
-do-not-query-localhost, private-address, private-domain, caps-exempt,
-nat64-prefix, do-nat64, infra-host-ttl, infra-keep-probing, ratelimit,
-ip-ratelimit, ip-ratelimit-cookie, wait-limit-netblock,
-wait-limit-cookie-netblock, ratelimit-below-domain, ratelimit-for-domain.
-.IP
-The '+d' option makes the reload drop queries that the worker threads are
-working on. This is like flush_requestlist. Without it the queries are kept
-so that users keep getting answers for those queries that are currently
-processed. The drop makes it so that queries during the life time of the
+old config and forwards from the new config.
+The stubs and forwards are updated at the same time, so that they are
+viewed consistently, either old or new values together.
+The option makes the reload time take eg. 3 microseconds instead of 0.3
+milliseconds during which the worker threads are interrupted.
+So, the interruption is much shorter, at the expense of some inconsistency.
+After the reload itself, every worker thread is briefly contacted to make
+them release resources, this makes the delete timing a little longer, and
+takes up time from the remote control servicing worker thread.
+.sp
+With the nopause option (\fB+p\fP), the reload does not work to reload some
+options, that fast reload works on without the nopause option:
+\fI\%val\-bogus\-ttl\fP,
+\fI\%val\-override\-date\fP,
+\fI\%val\-sig\-skew\-min\fP,
+\fI\%val\-sig\-skew\-max\fP,
+\fI\%val\-max\-restart\fP,
+\fI\%val\-nsec3\-keysize\-iterations\fP,
+\fI\%target\-fetch\-policy\fP,
+\fI\%outbound\-msg\-retry\fP,
+\fI\%max\-sent\-count\fP,
+\fI\%max\-query\-restarts\fP,
+\fI\%do\-not\-query\-address\fP,
+\fI\%do\-not\-query\-localhost\fP,
+\fI\%private\-address\fP,
+\fI\%private\-domain\fP,
+\fI\%caps\-exempt\fP,
+\fI\%nat64\-prefix\fP,
+\fI\%do\-nat64\fP,
+\fI\%infra\-host\-ttl\fP,
+\fI\%infra\-keep\-probing\fP,
+\fI\%ratelimit\fP,
+\fI\%ip\-ratelimit\fP,
+\fI\%ip\-ratelimit\-cookie\fP,
+\fI\%wait\-limit\-netblock\fP,
+\fI\%wait\-limit\-cookie\-netblock\fP,
+\fI\%ratelimit\-below\-domain\fP,
+\fI\%ratelimit\-for\-domain\fP\&.
+.sp
+The \fB+d\fP option makes the reload drop queries that the worker threads are
+working on.
+This is like
+\fI\%flush_requestlist\fP\&.
+Without it the queries are kept so that users keep getting answers for
+those queries that are currently processed.
+The drop makes it so that queries during the life time of the
 query processing see only old, or only new config options.
-.IP
-When there are changes to the config tags, from the \fBdefine\-tag\fR option,
-then the '+d' option is implicitly turned on with a warning printout, and
+.sp
+When there are changes to the config tags, from the
+\fI\%define\-tag\fP option,
+then the \fB+d\fP option is implicitly turned on with a warning printout, and
 queries are dropped.
 This is to stop references to the old tag information, by the old
-queries. If the number of tags is increased in the newly loaded config, by
-adding tags at the end, then the implicit '+d' option is not needed.
-.IP
+queries.
+If the number of tags is increased in the newly loaded config, by
+adding tags at the end, then the implicit \fB+d\fP option is not needed.
+.sp
 For response ip, that is actions associated with IP addresses, and perhaps
 intersected with access control tag and action information, those settings
 are stored with a query when it comes in based on its source IP address.
 The old information is kept with the query until the queries are done.
-This is gone when those queries are resolved and finished, or it is possible
-to flush the requestlist with '+d'.
-.TP
-.B verbosity \fInumber
-Change verbosity value for logging. Same values as \fBverbosity\fR keyword in
-\fIunbound.conf\fR(5).  This new setting lasts until the server is issued
-a reload (taken from config file again), or the next verbosity control command.
-.TP
-.B log_reopen
-Reopen the logfile, close and open it.  Useful for logrotation to make the
-daemon release the file it is logging to.  If you are using syslog it will
-attempt to close and open the syslog (which may not work if chrooted).
-.TP
-.B stats
-Print statistics. Resets the internal counters to zero, this can be
-controlled using the \fBstatistics\-cumulative\fR config statement.
-Statistics are printed with one [name]: [value] per line.
-.TP
-.B stats_noreset
-Peek at statistics. Prints them like the \fBstats\fR command does, but does not
-reset the internal counters to zero.
-.TP
-.B status
-Display server status. Exit code 3 if not running (the connection to the
-port is refused), 1 on error, 0 if running.
-.TP
-.B local_zone \fIname\fR \fItype
-Add new local zone with name and type. Like \fBlocal\-zone\fR config statement.
+This is gone when those queries are resolved and finished, or it is
+possible to flush the requestlist with \fB+d\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B verbosity \fInumber\fP 
+Change verbosity value for logging.
+Same values as the \fBverbosity:\fP keyword in
+\fI\%unbound.conf(5)\fP\&.
+This new setting lasts until the server is issued a reload (taken from
+config file again), or the next verbosity control command.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log_reopen 
+Reopen the logfile, close and open it.
+Useful for logrotation to make the daemon release the file it is logging
+to.
+If you are using syslog it will attempt to close and open the syslog (which
+may not work if chrooted).
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stats 
+Print statistics.
+Resets the internal counters to zero, this can be controlled using the
+\fBstatistics\-cumulative:\fP config statement.
+Statistics are printed with one \fB[name]: [value]\fP per line.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stats_noreset 
+Peek at statistics.
+Prints them like the stats command does, but does not reset the internal
+counters to zero.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B status 
+Display server status.
+Exit code 3 if not running (the connection to the port is refused), 1 on
+error, 0 if running.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local_zone \fIname type\fP 
+Add new local zone with name and type.
+Like local\-zone config statement.
 If the zone already exists, the type is changed to the given argument.
-.TP
-.B local_zone_remove \fIname
-Remove the local zone with the given name.  Removes all local data inside
-it.  If the zone does not exist, the command succeeds.
-.TP
-.B local_data \fIRR data...
-Add new local data, the given resource record. Like \fBlocal\-data\fR
-config statement, except for when no covering zone exists.  In that case
-this remote control command creates a transparent zone with the same
-name as this record.
-.TP
-.B local_data_remove \fIname
-Remove all RR data from local name.  If the name already has no items,
-nothing happens.  Often results in NXDOMAIN for the name (in a static zone),
-but if the name has become an empty nonterminal (there is still data in
-domain names below the removed name), NOERROR nodata answers are the
-result for that name.
-.TP
-.B local_zones
-Add local zones read from stdin of unbound\-control. Input is read per line,
-with name space type on a line. For bulk additions.
-.TP
-.B local_zones_remove
-Remove local zones read from stdin of unbound\-control. Input is one name per
-line. For bulk removals.
-.TP
-.B local_datas
-Add local data RRs read from stdin of unbound\-control. Input is one RR per
-line. For bulk additions.
-.TP
-.B local_datas_remove
-Remove local data RRs read from stdin of unbound\-control. Input is one name per
-line. For bulk removals.
-.TP
-.B dump_cache
-The content of the cache is printed in a text format to stdout.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local_zone_remove \fIname\fP 
+Remove the local zone with the given name.
+Removes all local data inside it.
+If the zone does not exist, the command succeeds.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local_data \fIRR data...\fP 
+Add new local data, the given resource record.
+Like \fBlocal\-data:\fP keyword, except for when no covering zone exists.
+In that case this remote control command creates a transparent zone with
+the same name as this record.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local_data_remove \fIname\fP 
+Remove all RR data from local name.
+If the name already has no items, nothing happens.
+Often results in NXDOMAIN for the name (in a static zone), but if the name
+has become an empty nonterminal (there is still data in domain names below
+the removed name), NOERROR nodata answers are the result for that name.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local_zones 
+Add local zones read from stdin of unbound\-control.
+Input is read per line, with name space type on a line.
+For bulk additions.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local_zones_remove 
+Remove local zones read from stdin of unbound\-control.
+Input is one name per line.
+For bulk removals.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local_datas 
+Add local data RRs read from stdin of unbound\-control.
+Input is one RR per line.
+For bulk additions.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local_datas_remove 
+Remove local data RRs read from stdin of unbound\-control.
+Input is one name per line.
+For bulk removals.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dump_cache 
+The contents of the cache is printed in a text format to stdout.
 You can redirect it to a file to store the cache in a file.
-Not supported in remote Unbounds in multi-process operation.
+Not supported in remote Unbounds in multi\-process operation.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B load_cache
-The content of the cache is loaded from stdin.
+.B load_cache 
+The contents of the cache is loaded from stdin.
 Uses the same format as dump_cache uses.
 Loading the cache with old, or wrong data can result in old or wrong data
 returned to clients.
 Loading data into the cache in this way is supported in order to aid with
 debugging.
-Not supported in remote Unbounds in multi-process operation.
-.TP
-.B lookup \fIname
-Print to stdout the name servers that would be used to look up the
-name specified.
-.TP
-.B flush \fR[\fI+c\fR] \fIname
-Remove the name from the cache. Removes the types
-A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR, SVCB and HTTPS.
-Because that is fast to do. Other record types can be removed using
-.B flush_type
-or
-.B flush_zone\fR.
-.IP
-The '+c' option removes the items also from the cachedb cache. If
-cachedb is in use.
-.TP
-.B flush_type \fR[\fI+c\fR] \fIname\fR \fItype
+Not supported in remote Unbounds in multi\-process operation.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B cache_lookup [\fB+t\fP] \fInames\fP 
+Print to stdout the RRsets and messages that are in the cache.
+For every name listed the content at or under the name is printed.
+Several names separated by spaces can be given, each is printed.
+When subnetcache is enabled, also matching entries from the subnet
+cache are printed.
+.sp
+The \fB+t\fP option allows tld and root names.
+With it names like \(aqcom\(aq and \(aq.\(aq can be used, but it takes a lot of
+effort to look up in the cache.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B lookup \fIname\fP 
+Print to stdout the name servers that would be used to look up the name
+specified.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B flush [\fB+c\fP] \fIname\fP 
+Remove the name from the cache.
+Removes the types A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR,
+SVCB and HTTPS.
+Because that is fast to do.
+Other record types can be removed using \fBflush_type\fP or \fBflush_zone\fP\&.
+.sp
+The \fB+c\fP option removes the items also from the cachedb cache.
+If cachedb is in use.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B flush_type [\fB+c\fP] \fIname type\fP 
 Remove the name, type information from the cache.
+.sp
+The \fB+c\fP option removes the items also from the cachedb cache.
+If cachedb is in use.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B flush_zone \fR[\fI+c\fR] \fIname
+.B flush_zone [\fB+c\fP] name 
 Remove all information at or below the name from the cache.
-The rrsets and key entries are removed so that new lookups will be performed.
+The rrsets and key entries are removed so that new lookups will be
+performed.
 This needs to walk and inspect the entire cache, and is a slow operation.
 The entries are set to expired in the implementation of this command (so,
-with serve\-expired enabled, it'll serve that information but schedule a
+with serve\-expired enabled, it\(aqll serve that information but schedule a
 prefetch for new information).
+.sp
+The \fB+c\fP option removes the items also from the cachedb cache.
+If cachedb is in use.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B flush_bogus \fR[\fI+c\fR]
+.B flush_bogus [\fB+c\fP] 
 Remove all bogus data from the cache.
-.TP
-.B flush_negative \fR[\fI+c\fR]
-Remove all negative data from the cache.  This is nxdomain answers,
-nodata answers and servfail answers.  Also removes bad key entries
-(which could be due to failed lookups) from the dnssec key cache, and
-iterator last-resort lookup failures from the rrset cache.
-.TP
-.B flush_stats
+.sp
+The \fB+c\fP option removes the items also from the cachedb cache.
+If cachedb is in use.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B flush_negative [\fB+c\fP] 
+Remove all negative data from the cache.
+This is nxdomain answers, nodata answers and servfail answers.
+Also removes bad key entries (which could be due to failed lookups) from
+the dnssec key cache, and iterator last\-resort lookup failures from the
+rrset cache.
+.sp
+The \fB+c\fP option removes the items also from the cachedb cache.
+If cachedb is in use.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B flush_stats 
 Reset statistics to zero.
-.TP
-.B flush_requestlist
-Drop the queries that are worked on.  Stops working on the queries that the
-server is working on now.  The cache is unaffected.  No reply is sent for
-those queries, probably making those users request again later.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B flush_requestlist 
+Drop the queries that are worked on.
+Stops working on the queries that the server is working on now.
+The cache is unaffected.
+No reply is sent for those queries, probably making those users request
+again later.
 Useful to make the server restart working on queries with new settings,
 such as a higher verbosity level.
-.TP
-.B dump_requestlist
-Show what is worked on.  Prints all queries that the server is currently
-working on.  Prints the time that users have been waiting.  For internal
-requests, no time is printed.  And then prints out the module status.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dump_requestlist 
+Show what is worked on.
+Prints all queries that the server is currently working on.
+Prints the time that users have been waiting.
+For internal requests, no time is printed.
+And then prints out the module status.
 This prints the queries from the first thread, and not queries that are
 being serviced from other threads.
-.TP
-.B flush_infra \fIall|IP
-If all then entire infra cache is emptied.  If a specific IP address, the
-entry for that address is removed from the cache.  It contains EDNS, ping
-and lameness data.
-.TP
-.B dump_infra
+.UNINDENT
+.INDENT 0.0
+.TP
+.B flush_infra \fIall|IP\fP 
+If all then entire infra cache is emptied.
+If a specific IP address, the entry for that address is removed from the
+cache.
+It contains EDNS, ping and lameness data.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dump_infra 
 Show the contents of the infra cache.
-.TP
-.B set_option \fIopt: val
-Set the option to the given value without a reload.  The cache is
-therefore not flushed.  The option must end with a ':' and whitespace
-must be between the option and the value.  Some values may not have an
-effect if set this way, the new values are not written to the config file,
-not all options are supported.  This is different from the set_option call
-in libunbound, where all values work because Unbound has not been initialized.
-.IP
+.UNINDENT
+.INDENT 0.0
+.TP
+.B set_option \fIopt: val\fP 
+Set the option to the given value without a reload.
+The cache is therefore not flushed.
+The option must end with a \fB\(aq:\(aq\fP and whitespace must be between the
+option and the value.
+Some values may not have an effect if set this way, the new values are not
+written to the config file, not all options are supported.
+This is different from the set_option call in libunbound, where all values
+work because Unbound has not been initialized.
+.sp
 The values that work are: statistics\-interval, statistics\-cumulative,
-do\-not\-query\-localhost, harden\-short\-bufsize, harden\-large\-queries,
+do\-not\-query\-localhost,  harden\-short\-bufsize, harden\-large\-queries,
 harden\-glue, harden\-dnssec\-stripped, harden\-below\-nxdomain,
-harden\-referral\-path, prefetch, prefetch\-key, log\-queries,
-hide\-identity, hide\-version, identity, version, val\-log\-level,
-val\-log\-squelch, ignore\-cd\-flag, add\-holddown, del\-holddown,
-keep\-missing, tcp\-upstream, ssl\-upstream, max\-udp\-size, ratelimit,
-ip\-ratelimit, cache\-max\-ttl, cache\-min\-ttl, cache\-max\-negative\-ttl.
-.TP
-.B get_option \fIopt
-Get the value of the option.  Give the option name without a trailing ':'.
-The value is printed.  If the value is "", nothing is printed
-and the connection closes.  On error 'error ...' is printed (it gives
-a syntax error on unknown option).  For some options a list of values,
-one on each line, is printed.  The options are shown from the config file
-as modified with set_option.  For some options an override may have been
-taken that does not show up with this command, not results from e.g. the
-verbosity and forward control commands.  Not all options work, see list_stubs,
-list_forwards, list_local_zones and list_local_data for those.
-.TP
-.B list_stubs
-List the stub zones in use.  These are printed one by one to the output.
+harden\-referral\-path,  prefetch, prefetch\-key, log\-queries, hide\-identity,
+hide\-version, identity, version, val\-log\-level, val\-log\-squelch,
+ignore\-cd\-flag, add\-holddown, del\-holddown, keep\-missing, tcp\-upstream,
+ssl\-upstream, max\-udp\-size, ratelimit, ip\-ratelimit, cache\-max\-ttl,
+cache\-min\-ttl, cache\-max\-negative\-ttl.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B get_option \fIopt\fP 
+Get the value of the option.
+Give the option name without a trailing \fB\(aq:\(aq\fP\&.
+The value is printed.
+If the value is \fB\(dq\(dq\fP, nothing is printed and the connection closes.
+On error \fB\(aqerror ...\(aq\fP is printed (it gives a syntax error on unknown
+option).
+For some options a list of values, one on each line, is printed.
+The options are shown from the config file as modified with set_option.
+For some options an override may have been taken that does not show up with
+this command, not results from e.g. the verbosity and forward control
+commands.
+Not all options work, see list_stubs, list_forwards, list_local_zones and
+list_local_data for those.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B list_stubs 
+List the stub zones in use.
+These are printed one by one to the output.
 This includes the root hints in use.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B list_forwards
-List the forward zones in use.  These are printed zone by zone to the output.
+.B list_forwards 
+List the forward zones in use.
+These are printed zone by zone to the output.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B list_insecure
+.B list_insecure 
 List the zones with domain\-insecure.
-.TP
-.B list_local_zones
-List the local zones in use.  These are printed one per line with zone type.
-.TP
-.B list_local_data
-List the local data RRs in use.  The resource records are printed.
-.TP
-.B insecure_add \fIzone
-Add a \fBdomain\-insecure\fR for the given zone, like the statement in unbound.conf.
-Adds to the running Unbound without affecting the cache contents (which may
-still be bogus, use \fBflush_zone\fR to remove it), does not affect the config file.
-.TP
-.B insecure_remove \fIzone
+.UNINDENT
+.INDENT 0.0
+.TP
+.B list_local_zones 
+List the local zones in use.
+These are printed one per line with zone type.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B list_local_data 
+List the local data RRs in use.
+The resource records are printed.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B insecure_add \fIzone\fP 
+Add a domain\-insecure for the given zone, like the statement in
+unbound.conf.
+Adds to the running Unbound without affecting the cache
+contents (which may still be bogus, use flush_zone to remove it), does not
+affect the config file.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B insecure_remove \fIzone\fP 
 Removes domain\-insecure for the given zone.
-.TP
-.B forward_add \fR[\fI+it\fR] \fIzone addr ...
-Add a new forward zone to running Unbound.  With +i option also adds a
-\fIdomain\-insecure\fR for the zone (so it can resolve insecurely if you have
-a DNSSEC root trust anchor configured for other names).
-The addr can be IP4, IP6 or nameserver names, like \fIforward-zone\fR config
-in unbound.conf.
-The +t option sets it to use tls upstream, like \fIforward\-tls\-upstream\fR: yes.
-.TP
-.B forward_remove \fR[\fI+i\fR] \fIzone
-Remove a forward zone from running Unbound.  The +i also removes a
-\fIdomain\-insecure\fR for the zone.
-.TP
-.B stub_add \fR[\fI+ipt\fR] \fIzone addr ...
-Add a new stub zone to running Unbound.  With +i option also adds a
-\fIdomain\-insecure\fR for the zone.  With +p the stub zone is set to prime,
-without it it is set to notprime.  The addr can be IP4, IP6 or nameserver
-names, like the \fIstub-zone\fR config in unbound.conf.
-The +t option sets it to use tls upstream, like \fIstub\-tls\-upstream\fR: yes.
-.TP
-.B stub_remove \fR[\fI+i\fR] \fIzone
-Remove a stub zone from running Unbound.  The +i also removes a
-\fIdomain\-insecure\fR for the zone.
-.TP
-.B forward \fR[\fIoff\fR | \fIaddr ...\fR ]
-Setup forwarding mode.  Configures if the server should ask other upstream
-nameservers, should go to the internet root nameservers itself, or show
-the current config.  You could pass the nameservers after a DHCP update.
-.IP
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward_add [\fB+it\fP] \fIzone addr ...\fP 
+Add a new forward zone to running Unbound.
+With \fB+i\fP option also adds a domain\-insecure for the zone (so it can
+resolve insecurely if you have a DNSSEC root trust anchor configured for
+other names).
+The addr can be IP4, IP6 or nameserver names, like forward\-zone config in
+unbound.conf.
+The \fB+t\fP option sets it to use TLS upstream, like
+\fI\%forward\-tls\-upstream: yes\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward_remove [\fB+i\fP] \fIzone\fP 
+Remove a forward zone from running Unbound.
+The \fB+i\fP also removes a domain\-insecure for the zone.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub_add [\fB+ipt\fP] \fIzone addr ...\fP 
+Add a new stub zone to running Unbound.
+With \fB+i\fP option also adds a domain\-insecure for the zone.
+With \fB+p\fP the stub zone is set to prime, without it it is set to
+notprime.
+The addr can be IP4, IP6 or nameserver names, like the \fBstub\-zone:\fP
+config in unbound.conf.
+The \fB+t\fP option sets it to use TLS upstream, like
+\fI\%stub\-tls\-upstream: yes\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub_remove [\fB+i\fP] \fIzone\fP 
+Remove a stub zone from running Unbound.
+The \fB+i\fP also removes a domain\-insecure for the zone.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward [\fIoff\fP | \fIaddr ...\fP ] 
+Setup forwarding mode.
+Configures if the server should ask other upstream nameservers, should go
+to the internet root nameservers itself, or show the current config.
+You could pass the nameservers after a DHCP update.
+.sp
 Without arguments the current list of addresses used to forward all queries
-to is printed.  On startup this is from the forward\-zone "." configuration.
-Afterwards it shows the status.  It prints off when no forwarding is used.
-.IP
-If \fIoff\fR is passed, forwarding is disabled and the root nameservers
-are used.  This can be used to avoid to avoid buggy or non\-DNSSEC supporting
-nameservers returned from DHCP.  But may not work in hotels or hotspots.
-.IP
-If one or more IPv4 or IPv6 addresses are given, those are then used to forward
-queries to.  The addresses must be separated with spaces.  With '@port' the
-port number can be set explicitly (default port is 53 (DNS)).
-.IP
-By default the forwarder information from the config file for the root "." is
-used.  The config file is not changed, so after a reload these changes are
-gone.  Other forward zones from the config file are not affected by this command.
-.TP
-.B ratelimit_list \fR[\fI+a\fR]
-List the domains that are ratelimited.  Printed one per line with current
-estimated qps and qps limit from config.  With +a it prints all domains, not
-just the ratelimited domains, with their estimated qps.  The ratelimited
-domains return an error for uncached (new) queries, but cached queries work
-as normal.
-.TP
-.B ip_ratelimit_list \fR[\fI+a\fR]
-List the ip addresses that are ratelimited.  Printed one per line with current
-estimated qps and qps limit from config.  With +a it prints all ips, not
-just the ratelimited ips, with their estimated qps.  The ratelimited
-ips are dropped before checking the cache.
-.TP
-.B list_auth_zones
-List the auth zones that are configured.  Printed one per line with a status,
-indicating if the zone is expired and current serial number.  Configured RPZ
-zones are included.
-.TP
-.B auth_zone_reload \fIzone\fR
-Reload the auth zone (or RPZ zone) from zonefile.  The zonefile is read in
-overwriting the current contents of the zone in memory.  This changes the auth
-zone contents itself, not the cache contents.  Such cache contents exists if
-you set Unbound to validate with for-upstream yes and that can be cleared with
-\fBflush_zone\fR \fIzone\fR.
-.TP
-.B auth_zone_transfer \fIzone\fR
-Transfer the auth zone (or RPZ zone) from master.  The auth zone probe sequence
-is started, where the masters are probed to see if they have an updated zone
-(with the SOA serial check).  And then the zone is transferred for a newer zone
-version.
-.TP
-.B rpz_enable \fIzone\fR
+to is printed.
+On startup this is from the forward\-zone \fB\(dq.\(dq\fP configuration.
+Afterwards it shows the status.
+It prints off when no forwarding is used.
+.sp
+If off is passed, forwarding is disabled and the root nameservers are
+used.
+This can be used to avoid to avoid buggy or non\-DNSSEC supporting
+nameservers returned from DHCP.
+But may not work in hotels or hotspots.
+.sp
+If one or more IPv4 or IPv6 addresses are given, those are then used to
+forward queries to.
+The addresses must be separated with spaces.
+With \fB\(aq@port\(aq\fP the port number can be set explicitly (default port is 53
+(DNS)).
+.sp
+By default the forwarder information from the config file for the root
+\fB\(dq.\(dq\fP is used.
+The config file is not changed, so after a reload these changes are gone.
+Other forward zones from the config file are not affected by this command.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ratelimit_list [\fB+a\fP] 
+List the domains that are ratelimited.
+Printed one per line with current estimated qps and qps limit from config.
+With \fB+a\fP it prints all domains, not just the ratelimited domains, with
+their estimated qps.
+The ratelimited domains return an error for uncached (new) queries, but
+cached queries work as normal.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip_ratelimit_list [\fB+a\fP] 
+List the ip addresses that are ratelimited.
+Printed one per line with current estimated qps and qps limit from config.
+With \fB+a\fP it prints all ips, not just the ratelimited ips, with their
+estimated qps.
+The ratelimited ips are dropped before checking the cache.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B list_auth_zones 
+List the auth zones that are configured.
+Printed one per line with a status, indicating if the zone is expired and
+current serial number.
+Configured RPZ zones are included.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B auth_zone_reload \fIzone\fP 
+Reload the auth zone (or RPZ zone) from zonefile.
+The zonefile is read in overwriting the current contents of the zone in
+memory.
+This changes the auth zone contents itself, not the cache contents.
+Such cache contents exists if you set Unbound to validate with
+\fBfor\-upstream: yes\fP and that can be cleared with \fBflush_zone\fP \fIzone\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B auth_zone_transfer \fIzone\fP 
+Transfer the auth zone (or RPZ zone) from master.
+The auth zone probe sequence is started, where the masters are probed to
+see if they have an updated zone (with the SOA serial check).
+And then the zone is transferred for a newer zone version.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B rpz_enable \fIzone\fP 
 Enable the RPZ zone if it had previously been disabled.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B rpz_disable \fIzone\fR
+.B rpz_disable \fIzone\fP 
 Disable the RPZ zone.
-.TP
-.B view_list_local_zones \fIview\fR
-\fIlist_local_zones\fR for given view.
-.TP
-.B view_local_zone \fIview\fR \fIname\fR \fItype
-\fIlocal_zone\fR for given view.
-.TP
-.B view_local_zone_remove \fIview\fR \fIname
-\fIlocal_zone_remove\fR for given view.
-.TP
-.B view_list_local_data \fIview\fR
-\fIlist_local_data\fR for given view.
-.TP
-.B view_local_data \fIview\fR \fIRR data...
-\fIlocal_data\fR for given view.
-.TP
-.B view_local_data_remove \fIview\fR \fIname
-\fIlocal_data_remove\fR for given view.
-.TP
-.B view_local_datas_remove \fIview\fR
-Remove a list of \fIlocal_data\fR for given view from stdin. Like local_datas_remove.
-.TP
-.B view_local_datas \fIview\fR
-Add a list of \fIlocal_data\fR for given view from stdin.  Like local_datas.
-.TP
-.B add_cookie_secret <secret>
-Add or replace a cookie secret persistently. <secret> needs to be an 128 bit
-hex string.
-.IP
-Cookie secrets can be either \fIactive\fR or \fIstaging\fR. \fIActive\fR cookie
-secrets are used to create DNS Cookies, but verification of a DNS Cookie
-succeeds with any of the \fIactive\fR or \fIstaging\fR cookie secrets. The
-state of the current cookie secrets can be printed with the
-\fBprint_cookie_secrets\fR command.
-.IP
-When there are no cookie secrets configured yet, the <secret> is added as
-\fIactive\fR. If there is already an \fIactive\fR cookie secret, the <secret>
-is added as \fIstaging\fR or replacing an existing \fIstaging\fR secret.
-.IP
-To "roll" a cookie secret used in an anycast set. The new secret has to be
-added as staging secret to \fBall\fR nodes in the anycast set. When \fBall\fR
-nodes can verify DNS Cookies with the new secret, the new secret can be
-activated with the \fBactivate_cookie_secret\fR command. After \fBall\fR nodes
-have the new secret \fIactive\fR for at least one hour, the previous secret can
-be dropped with the \fBdrop_cookie_secret\fR command.
-.IP
-Persistence is accomplished by writing to a file which if configured with the
-\fBcookie\-secret\-file\fR option in the server section of the config file.
-This is disabled by default, "".
-.TP
-.B drop_cookie_secret
-Drop the \fIstaging\fR cookie secret.
-.TP
-.B activate_cookie_secret
-Make the current \fIstaging\fR cookie secret \fIactive\fR, and the current
-\fIactive\fR cookie secret \fIstaging\fR.
-.TP
-.B print_cookie_secrets
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view_list_local_zones \fIview\fP 
+\fIlist_local_zones\fP for given view.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view_local_zone \fIview name type\fP 
+\fIlocal_zone\fP for given view.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view_local_zone_remove \fIview name\fP 
+\fIlocal_zone_remove\fP for given view.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view_list_local_data \fIview\fP 
+\fIlist_local_data\fP for given view.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view_local_data \fIview RR data...\fP 
+\fIlocal_data\fP for given view.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view_local_data_remove \fIview name\fP 
+\fIlocal_data_remove\fP for given view.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view_local_datas_remove \fIview\fP 
+Remove a list of \fIlocal_data\fP for given view from stdin.
+Like \fIlocal_datas_remove\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view_local_datas \fIview\fP 
+Add a list of \fIlocal_data\fP for given view from stdin.
+Like \fIlocal_datas\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B add_cookie_secret \fIsecret\fP 
+Add or replace a cookie secret persistently.
+\fIsecret\fP needs to be an 128 bit hex string.
+.sp
+Cookie secrets can be either \fBactive\fP or \fBstaging\fP\&.
+\fBActive\fP cookie secrets are used to create DNS Cookies, but verification
+of a DNS Cookie succeeds with any of the \fBactive\fP or \fBstaging\fP cookie
+secrets.
+The state of the current cookie secrets can be printed with the
+\fI\%print_cookie_secrets\fP
+command.
+.sp
+When there are no cookie secrets configured yet, the \fIsecret\fP is added as
+\fBactive\fP\&.
+If there is already an \fBactive\fP cookie secret, the \fIsecret\fP is added as
+\fBstaging\fP or replacing an existing \fBstaging\fP secret.
+.sp
+To \(dqroll\(dq a cookie secret used in an anycast set.
+The new secret has to be added as \fBstaging\fP secret to \fBall\fP nodes in
+the anycast set.
+When \fBall\fP nodes can verify DNS Cookies with the new secret, the new
+secret can be activated with the
+\fI\%activate_cookie_secret\fP
+command.
+After \fBall\fP nodes have the new secret \fBactive\fP for at least one hour,
+the previous secret can be dropped with the
+\fI\%drop_cookie_secret\fP
+command.
+.sp
+Persistence is accomplished by writing to a file which is configured with
+the
+\fI\%cookie\-secret\-file\fP
+option in the server section of the config file.
+This is disabled by default, \(dq\(dq.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B drop_cookie_secret 
+Drop the \fBstaging\fP cookie secret.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B activate_cookie_secret 
+Make the current \fBstaging\fP cookie secret \fBactive\fP, and the current
+\fBactive\fP cookie secret \fBstaging\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B print_cookie_secrets 
 Show the current configured cookie secrets with their status.
-.SH "EXIT CODE"
-The unbound\-control program exits with status code 1 on error, 0 on success.
-.SH "SET UP"
-The setup requires a self\-signed certificate and private keys for both
-the server and client.  The script \fIunbound\-control\-setup\fR generates
-these in the default run directory, or with \-d in another directory.
+.UNINDENT
+.SH EXIT CODE
+.sp
+The \fBunbound\-control\fP program exits with status code 1 on error, 0 on
+success.
+.SH SET UP
+.sp
+The setup requires a self\-signed certificate and private keys for both the
+server and client.
+The script \fBunbound\-control\-setup\fP generates these in the default run
+directory, or with \fB\-d\fP in another directory.
 If you change the access control permissions on the key files you can decide
-who can use unbound\-control, by default owner and group but not all users.
-Run the script under the same username as you have configured in unbound.conf
-or as root, so that the daemon is permitted to read the files, for example with:
+who can use \fBunbound\-control\fP, by default owner and group but not all users.
+Run the script under the same username as you have configured in
+\fBunbound.conf\fP or as root, so that the daemon is permitted to read the
+files, for example with:
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-    sudo \-u unbound unbound\-control\-setup
+.ft C
+sudo \-u unbound unbound\-control\-setup
+.ft P
 .fi
-If you have not configured
-a username in unbound.conf, the keys need read permission for the user
-credentials under which the daemon is started.
+.UNINDENT
+.UNINDENT
+.sp
+If you have not configured a username in \fBunbound.conf\fP, the keys need
+read permission for the user credentials under which the daemon is started.
 The script preserves private keys present in the directory.
-After running the script as root, turn on \fBcontrol\-enable\fR in
-\fIunbound.conf\fR.
-.SH "STATISTIC COUNTERS"
-The \fIstats\fR command shows a number of statistic counters.
-.TP
-.I threadX.num.queries
+After running the script as root, turn on
+\fI\%control\-enable\fP in
+\fBunbound.conf\fP\&.
+.SH STATISTIC COUNTERS
+.sp
+The \fI\%stats\fP and
+\fI\%stats_noreset\fP commands show a
+number of statistic counters:
+.INDENT 0.0
+.TP
+.B threadX.num.queries 
 number of queries received by thread
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.queries_ip_ratelimited
+.B threadX.num.queries_ip_ratelimited 
 number of queries rate limited by thread
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.queries_cookie_valid
+.B threadX.num.queries_cookie_valid 
 number of queries with a valid DNS Cookie by thread
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.queries_cookie_client
+.B threadX.num.queries_cookie_client 
 number of queries with a client part only DNS Cookie by thread
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.queries_cookie_invalid
+.B threadX.num.queries_cookie_invalid 
 number of queries with an invalid DNS Cookie by thread
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.queries_discard_timeout
-number of queries removed due to discard-timeout by thread
+.B threadX.num.queries_discard_timeout 
+number of queries removed due to discard\-timeout by thread
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.queries_wait_limit
-number of queries removed due to wait-limit by thread
+.B threadX.num.queries_wait_limit 
+number of queries removed due to wait\-limit by thread
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.cachehits
+.B threadX.num.cachehits 
 number of queries that were successfully answered using a cache lookup
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.cachemiss
+.B threadX.num.cachemiss 
 number of queries that needed recursive processing
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.dnscrypt.crypted
-number of queries that were encrypted and successfully decapsulated by dnscrypt.
+.B threadX.num.dnscrypt.crypted 
+number of queries that were encrypted and successfully decapsulated by
+dnscrypt.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.dnscrypt.cert
+.B threadX.num.dnscrypt.cert 
 number of queries that were requesting dnscrypt certificates.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.dnscrypt.cleartext
+.B threadX.num.dnscrypt.cleartext 
 number of queries received on dnscrypt port that were cleartext and not a
 request for certificates.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.dnscrypt.malformed
+.B threadX.num.dnscrypt.malformed 
 number of request that were neither cleartext, not valid dnscrypt messages.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.dns_error_reports
+.B threadX.num.dns_error_reports 
 number of DNS Error Reports generated by thread
-.TP
-.I threadX.num.prefetch
-number of cache prefetches performed.  This number is included in
-cachehits, as the original query had the unprefetched answer from cache,
-and resulted in recursive processing, taking a slot in the requestlist.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.num.prefetch 
+number of cache prefetches performed.
+This number is included in cachehits, as the original query had the
+unprefetched answer from cache, and resulted in recursive processing,
+taking a slot in the requestlist.
 Not part of the recursivereplies (or the histogram thereof) or cachemiss,
 as a cache response was sent.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.expired
+.B threadX.num.expired 
 number of replies that served an expired cache entry.
-.TP
-.I threadX.num.queries_timed_out
-number of queries that are dropped because they waited in the UDP socket buffer
-for too long.
-.TP
-.I threadX.query.queue_time_us.max
-The maximum wait time for packets in the socket buffer, in microseconds. This
-is only reported when sock-queue-timeout is enabled.
-.TP
-.I threadX.num.recursivereplies
-The number of replies sent to queries that needed recursive processing. Could be smaller than threadX.num.cachemiss if due to timeouts no replies were sent for some queries.
-.TP
-.I threadX.requestlist.avg
-The average number of requests in the internal recursive processing request list on insert of a new incoming recursive processing query.
-.TP
-.I threadX.requestlist.max
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.num.queries_timed_out 
+number of queries that are dropped because they waited in the UDP socket
+buffer for too long.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.query.queue_time_us.max 
+The maximum wait time for packets in the socket buffer, in microseconds.
+This is only reported when
+\fI\%sock\-queue\-timeout\fP is enabled.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.num.recursivereplies 
+The number of replies sent to queries that needed recursive processing.
+Could be smaller than threadX.num.cachemiss if due to timeouts no replies
+were sent for some queries.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.requestlist.avg 
+The average number of requests in the internal recursive processing request
+list on insert of a new incoming recursive processing query.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.requestlist.max 
 Maximum size attained by the internal recursive processing request list.
-.TP
-.I threadX.requestlist.overwritten
-Number of requests in the request list that were overwritten by newer entries. This happens if there is a flood of queries that recursive processing and the server has a hard time.
-.TP
-.I threadX.requestlist.exceeded
-Queries that were dropped because the request list was full. This happens if a flood of queries need recursive processing, and the server can not keep up.
-.TP
-.I threadX.requestlist.current.all
-Current size of the request list, includes internally generated queries (such
-as priming queries and glue lookups).
-.TP
-.I threadX.requestlist.current.user
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.requestlist.overwritten 
+Number of requests in the request list that were overwritten by newer
+entries.
+This happens if there is a flood of queries that recursive processing and
+the server has a hard time.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.requestlist.exceeded 
+Queries that were dropped because the request list was full.
+This happens if a flood of queries need recursive processing, and the
+server can not keep up.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.requestlist.current.all 
+Current size of the request list, includes internally generated queries
+(such as priming queries and glue lookups).
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.requestlist.current.user 
 Current size of the request list, only the requests from client queries.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.recursion.time.avg
-Average time it took to answer queries that needed recursive processing. Note that queries that were answered from the cache are not in this average.
+.B threadX.recursion.time.avg 
+Average time it took to answer queries that needed recursive processing.
+Note that queries that were answered from the cache are not in this average.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.recursion.time.median
+.B threadX.recursion.time.median 
 The median of the time it took to answer queries that needed recursive
-processing.  The median means that 50% of the user queries were answered in
-less than this time.  Because of big outliers (usually queries to non
-responsive servers), the average can be bigger than the median.  This median
-has been calculated by interpolation from a histogram.
-.TP
-.I threadX.tcpusage
-The currently held tcp buffers for incoming connections.  A spot value on
-the time of the request.  This helps you spot if the incoming\-num\-tcp
-buffers are full.
-.TP
-.I total.num.queries
+processing.
+The median means that 50% of the user queries were answered in less than
+this time.
+Because of big outliers (usually queries to non responsive servers), the
+average can be bigger than the median.
+This median has been calculated by interpolation from a histogram.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.tcpusage 
+The currently held tcp buffers for incoming connections.
+A spot value on the time of the request.
+This helps you spot if the incoming\-num\-tcp buffers are full.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B total.num.queries 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.queries_ip_ratelimited
+.B total.num.queries_ip_ratelimited 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.queries_cookie_valid
+.B total.num.queries_cookie_valid 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.queries_cookie_client
+.B total.num.queries_cookie_client 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.queries_cookie_invalid
+.B total.num.queries_cookie_invalid 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.queries_discard_timeout
+.B total.num.queries_discard_timeout 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.queries_wait_limit
+.B total.num.queries_wait_limit 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.cachehits
+.B total.num.cachehits 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.cachemiss
+.B total.num.cachemiss 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.dnscrypt.crypted
+.B total.num.dnscrypt.crypted 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.dnscrypt.cert
+.B total.num.dnscrypt.cert 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.dnscrypt.cleartext
+.B total.num.dnscrypt.cleartext 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.dnscrypt.malformed
+.B total.num.dnscrypt.malformed 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.dns_error_reports
+.B total.num.dns_error_reports 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.prefetch
+.B total.num.prefetch 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.expired
+.B total.num.expired 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.queries_timed_out
+.B total.num.queries_timed_out 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.query.queue_time_us.max
+.B total.query.queue_time_us.max 
 the maximum of the thread values.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.recursivereplies
+.B total.num.recursivereplies 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.requestlist.avg
+.B total.requestlist.avg 
 averaged over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.requestlist.max
+.B total.requestlist.max 
 the maximum of the thread requestlist.max values.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.requestlist.overwritten
+.B total.requestlist.overwritten 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.requestlist.exceeded
+.B total.requestlist.exceeded 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.requestlist.current.all
+.B total.requestlist.current.all 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.recursion.time.median
+.B total.recursion.time.median 
 averaged over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.tcpusage
+.B total.tcpusage 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I time.now
+.B time.now 
 current time in seconds since 1970.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I time.up
+.B time.up 
 uptime since server boot in seconds.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I time.elapsed
+.B time.elapsed 
 time since last statistics printout, in seconds.
+.UNINDENT
 .SH EXTENDED STATISTICS
+.INDENT 0.0
 .TP
-.I mem.cache.rrset
+.B mem.cache.rrset 
 Memory in bytes in use by the RRset cache.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I mem.cache.message
+.B mem.cache.message 
 Memory in bytes in use by the message cache.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I mem.cache.dnscrypt_shared_secret
+.B mem.cache.dnscrypt_shared_secret 
 Memory in bytes in use by the dnscrypt shared secrets cache.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I mem.cache.dnscrypt_nonce
+.B mem.cache.dnscrypt_nonce 
 Memory in bytes in use by the dnscrypt nonce cache.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I mem.mod.iterator
+.B mem.mod.iterator 
 Memory in bytes in use by the iterator module.
-.TP
-.I mem.mod.validator
-Memory in bytes in use by the validator module. Includes the key cache and
-negative cache.
-.TP
-.I mem.streamwait
-Memory in bytes in used by the TCP and TLS stream wait buffers.  These are
-answers waiting to be written back to the clients.
-.TP
-.I mem.http.query_buffer
-Memory in bytes used by the HTTP/2 query buffers. Containing (partial) DNS
-queries waiting for request stream completion.
-.TP
-.I mem.http.response_buffer
-Memory in bytes used by the HTTP/2 response buffers. Containing DNS responses
-waiting to be written back to the clients.
-.TP
-.I mem.quic
-Memory in bytes used by QUIC. Containing connection information, stream
-information, queries read and responses written back to the clients.
-.TP
-.I histogram.<sec>.<usec>.to.<sec>.<usec>
-Shows a histogram, summed over all threads. Every element counts the
-recursive queries whose reply time fit between the lower and upper bound.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B mem.mod.validator 
+Memory in bytes in use by the validator module.
+Includes the key cache and negative cache.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B mem.streamwait 
+Memory in bytes in used by the TCP and TLS stream wait buffers.
+These are answers waiting to be written back to the clients.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B mem.http.query_buffer 
+Memory in bytes used by the HTTP/2 query buffers.
+Containing (partial) DNS queries waiting for request stream completion.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B mem.http.response_buffer 
+Memory in bytes used by the HTTP/2 response buffers.
+Containing DNS responses waiting to be written back to the clients.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B mem.quic 
+Memory in bytes used by QUIC.
+Containing connection information, stream information, queries read and
+responses written back to the clients.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B histogram.<sec>.<usec>.to.<sec>.<usec> 
+Shows a histogram, summed over all threads.
+Every element counts the recursive queries whose reply time fit between the
+lower and upper bound.
 Times larger or equal to the lowerbound, and smaller than the upper bound.
 There are 40 buckets, with bucket sizes doubling.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.type.A
+.B num.query.type.A 
 The total number of queries over all threads with query type A.
 Printed for the other query types as well, but only for the types for which
 queries were received, thus =0 entries are omitted for brevity.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.type.other
+.B num.query.type.other 
 Number of queries with query types 256\-65535.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.class.IN
-The total number of queries over all threads with query class IN (internet).
+.B num.query.class.IN 
+The total number of queries over all threads with query class IN
+(internet).
 Also printed for other classes (such as CH (CHAOS) sometimes used for
 debugging), or NONE, ANY, used by dynamic update.
 num.query.class.other is printed for classes 256\-65535.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.opcode.QUERY
+.B num.query.opcode.QUERY 
 The total number of queries over all threads with query opcode QUERY.
 Also printed for other opcodes, UPDATE, ...
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.tcp
+.B num.query.tcp 
 Number of queries that were made using TCP towards the Unbound server.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.tcpout
+.B num.query.tcpout 
 Number of queries that the Unbound server made using TCP outgoing towards
 other servers.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.udpout
+.B num.query.udpout 
 Number of queries that the Unbound server made using UDP outgoing towards
 other servers.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.tls
+.B num.query.tls 
 Number of queries that were made using TLS towards the Unbound server.
 These are also counted in num.query.tcp, because TLS uses TCP.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.tls.resume
-Number of TLS session resumptions, these are queries over TLS towards
-the Unbound server where the client negotiated a TLS session resumption key.
+.B num.query.tls.resume 
+Number of TLS session resumptions, these are queries over TLS towards the
+Unbound server where the client negotiated a TLS session resumption key.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.https
+.B num.query.https 
 Number of queries that were made using HTTPS towards the Unbound server.
 These are also counted in num.query.tcp and num.query.tls, because HTTPS
 uses TLS and TCP.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.quic
+.B num.query.quic 
 Number of queries that were made using QUIC towards the Unbound server.
-These are also counted in num.query.tls, because TLS is used for these queries.
+These are also counted in num.query.tls, because TLS is used for these
+queries.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.ipv6
+.B num.query.ipv6 
 Number of queries that were made using IPv6 towards the Unbound server.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.flags.RD
+.B num.query.flags.RD 
 The number of queries that had the RD flag set in the header.
 Also printed for flags QR, AA, TC, RA, Z, AD, CD.
-Note that queries with flags QR, AA or TC may have been rejected
-because of that.
+Note that queries with flags QR, AA or TC may have been rejected because of
+that.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.edns.present
+.B num.query.edns.present 
 number of queries that had an EDNS OPT record present.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.edns.DO
-number of queries that had an EDNS OPT record with the DO (DNSSEC OK) bit set.
+.B num.query.edns.DO 
+number of queries that had an EDNS OPT record with the DO (DNSSEC OK) bit
+set.
 These queries are also included in the num.query.edns.present number.
-.TP
-.I num.query.ratelimited
-The number of queries that are turned away from being send to nameserver due to
-ratelimiting.
-.TP
-.I num.query.dnscrypt.shared_secret.cachemiss
-The number of dnscrypt queries that did not find a shared secret in the cache.
-This can be used to compute the shared secret hitrate.
-.TP
-.I num.query.dnscrypt.replay
-The number of dnscrypt queries that found a nonce hit in the nonce cache and
-hence are considered a query replay.
-.TP
-.I num.answer.rcode.NXDOMAIN
-The number of answers to queries, from cache or from recursion, that had the
-return code NXDOMAIN. Also printed for the other return codes.
-.TP
-.I num.answer.rcode.nodata
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.query.ratelimited 
+The number of queries that are turned away from being send to nameserver
+due to ratelimiting.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.query.dnscrypt.shared_secret.cachemiss 
+The number of dnscrypt queries that did not find a shared secret in the
+cache.
+This can be use to compute the shared secret hitrate.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.query.dnscrypt.replay 
+The number of dnscrypt queries that found a nonce hit in the nonce cache
+and hence are considered a query replay.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.answer.rcode.NXDOMAIN 
+The number of answers to queries, from cache or from recursion, that had
+the return code NXDOMAIN.
+Also printed for the other return codes.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.answer.rcode.nodata 
 The number of answers to queries that had the pseudo return code nodata.
-This means the actual return code was NOERROR, but additionally, no data was
-carried in the answer (making what is called a NOERROR/NODATA answer).
+This means the actual return code was NOERROR, but additionally, no data
+was carried in the answer (making what is called a NOERROR/NODATA answer).
 These queries are also included in the num.answer.rcode.NOERROR number.
 Common for AAAA lookups when an A record exists, and no AAAA.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.answer.secure
-Number of answers that were secure.  The answer validated correctly.
+.B num.answer.secure 
+Number of answers that were secure.
+The answer validated correctly.
 The AD bit might have been set in some of these answers, where the client
 signalled (with DO or AD bit in the query) that they were ready to accept
 the AD bit in the answer.
-.TP
-.I num.answer.bogus
-Number of answers that were bogus.  These answers resulted in SERVFAIL
-to the client because the answer failed validation.
-.TP
-.I num.rrset.bogus
-The number of rrsets marked bogus by the validator.  Increased for every
-RRset inspection that fails.
-.TP
-.I unwanted.queries
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.answer.bogus 
+Number of answers that were bogus.
+These answers resulted in SERVFAIL to the client because the answer failed
+validation.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.rrset.bogus 
+The number of rrsets marked bogus by the validator.
+Increased for every RRset inspection that fails.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.valops 
+The number of validation operations performed by the validator.
+Increased for every RRSIG verification operation regardless of the
+validation result.
+The RRSIG and key combination needs to first pass some sanity checks before
+Unbound even performs the verification, e.g., length/protocol checks.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B unwanted.queries 
 Number of queries that were refused or dropped because they failed the
 access control settings.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I unwanted.replies
-Replies that were unwanted or unsolicited.  Could have been random traffic,
-delayed duplicates, very late answers, or could be spoofing attempts.
+.B unwanted.replies 
+Replies that were unwanted or unsolicited.
+Could have been random traffic, delayed duplicates, very late answers, or
+could be spoofing attempts.
 Some low level of late answers and delayed duplicates are to be expected
-with the UDP protocol.  Very high values could indicate a threat (spoofing).
+with the UDP protocol.
+Very high values could indicate a threat (spoofing).
+.UNINDENT
+.INDENT 0.0
 .TP
-.I msg.cache.count
+.B msg.cache.count 
 The number of items (DNS replies) in the message cache.
-.TP
-.I rrset.cache.count
-The number of RRsets in the rrset cache.  This includes rrsets used by
-the messages in the message cache, but also delegation information.
-.TP
-.I infra.cache.count
-The number of items in the infra cache.  These are IP addresses with their
-timing and protocol support information.
-.TP
-.I key.cache.count
-The number of items in the key cache.  These are DNSSEC keys, one item
-per delegation point, and their validation status.
-.TP
-.I msg.cache.max_collisions
-The maximum number of hash table collisions in the msg cache. This is the
-number of hashes that are identical when a new element is inserted in the
-hash table. If the value is very large, like hundreds, something is wrong
-with the performance of the hash table, hash values are incorrect or malicious.
-.TP
-.I rrset.cache.max_collisions
-The maximum number of hash table collisions in the rrset cache. This is the
-number of hashes that are identical when a new element is inserted in the
-hash table. If the value is very large, like hundreds, something is wrong
-with the performance of the hash table, hash values are incorrect or malicious.
-.TP
-.I dnscrypt_shared_secret.cache.count
-The number of items in the shared secret cache. These are precomputed shared
-secrets for a given client public key/server secret key pair. Shared secrets
-are CPU intensive and this cache allows Unbound to avoid recomputing the
-shared secret when multiple dnscrypt queries are sent from the same client.
-.TP
-.I dnscrypt_nonce.cache.count
-The number of items in the client nonce cache. This cache is used to prevent
-dnscrypt queries replay. The client nonce must be unique for each client public
-key/server secret key pair. This cache should be able to host QPS * `replay
-window` interval keys to prevent replay of a query during `replay window`
-seconds.
-.TP
-.I num.query.authzone.up
+.UNINDENT
+.INDENT 0.0
+.TP
+.B rrset.cache.count 
+The number of RRsets in the rrset cache.
+This includes rrsets used by the messages in the message cache, but also
+delegation information.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B infra.cache.count 
+The number of items in the infra cache.
+These are IP addresses with their timing and protocol support information.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B key.cache.count 
+The number of items in the key cache.
+These are DNSSEC keys, one item per delegation point, and their validation
+status.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B msg.cache.max_collisions 
+The maximum number of hash table collisions in the msg cache.
+This is the number of hashes that are identical when a new element is
+inserted in the hash table.
+If the value is very large, like hundreds, something is wrong with the
+performance of the hash table, hash values are incorrect or malicious.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B rrset.cache.max_collisions 
+The maximum number of hash table collisions in the rrset cache.
+This is the number of hashes that are identical when a new element is
+inserted in the hash table.
+If the value is very large, like hundreds, something is wrong with the
+performance of the hash table, hash values are incorrect or malicious.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt_shared_secret.cache.count 
+The number of items in the shared secret cache.
+These are precomputed shared secrets for a given client public key/server
+secret key pair.
+Shared secrets are CPU intensive and this cache allows Unbound to avoid
+recomputing the shared secret when multiple dnscrypt queries are sent from
+the same client.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt_nonce.cache.count 
+The number of items in the client nonce cache.
+This cache is used to prevent dnscrypt queries replay.
+The client nonce must be unique for each client public key/server secret
+key pair.
+This cache should be able to host QPS * \fIreplay window\fP interval keys to
+prevent replay of a query during \fIreplay window\fP seconds.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.query.authzone.up 
 The number of queries answered from auth\-zone data, upstream queries.
-These queries would otherwise have been sent (with fallback enabled) to
-the internet, but are now answered from the auth zone.
+These queries would otherwise have been sent (with fallback enabled) to the
+internet, but are now answered from the auth zone.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.authzone.down
+.B num.query.authzone.down 
 The number of queries for downstream answered from auth\-zone data.
-These queries are from downstream clients, and have had an answer from
-the data in the auth zone.
+These queries are from downstream clients, and have had an answer from the
+data in the auth zone.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.aggressive.NOERROR
+.B num.query.aggressive.NOERROR 
 The number of queries answered using cached NSEC records with NODATA RCODE.
 These queries would otherwise have been sent to the internet, but are now
 answered using cached data.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.aggressive.NXDOMAIN
-The number of queries answered using cached NSEC records with NXDOMAIN RCODE.
+.B num.query.aggressive.NXDOMAIN 
+The number of queries answered using cached NSEC records with NXDOMAIN
+RCODE.
 These queries would otherwise have been sent to the internet, but are now
 answered using cached data.
-.TP
-.I num.query.subnet
-Number of queries that got an answer that contained EDNS client subnet data.
-.TP
-.I num.query.subnet_cache
-Number of queries answered from the edns client subnet cache.  These are
-counted as cachemiss by the main counters, but hit the client subnet
-specific cache after getting processed by the edns client subnet module.
-.TP
-.I num.query.cachedb
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.query.subnet 
+Number of queries that got an answer that contained EDNS client subnet
+data.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.query.subnet_cache 
+Number of queries answered from the edns client subnet cache.
+These are counted as cachemiss by the main counters, but hit the client
+subnet specific cache after getting processed by the edns client subnet
+module.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.query.cachedb 
 Number of queries answered from the external cache of cachedb.
 These are counted as cachemiss by the main counters, but hit the cachedb
 external cache after getting processed by the cachedb module.
-.TP
-.I num.rpz.action.<rpz_action>
-Number of queries answered using configured RPZ policy, per RPZ action type.
-Possible actions are: nxdomain, nodata, passthru, drop, tcp\-only, local\-data,
-disabled, and cname\-override.
-.SH "FILES"
-.TP
-.I @ub_conf_file@
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.rpz.action.<rpz_action> 
+Number of queries answered using configured RPZ policy, per RPZ action
+type.
+Possible actions are: nxdomain, nodata, passthru, drop, tcp\-only,
+local\-data, disabled, and cname\-override.
+.UNINDENT
+.SH FILES
+.INDENT 0.0
+.TP
+.B @ub_conf_file@
 Unbound configuration file.
 .TP
-.I @UNBOUND_RUN_DIR@
-directory with private keys (unbound_server.key and unbound_control.key) and
-self\-signed certificates (unbound_server.pem and unbound_control.pem).
-.SH "SEE ALSO"
-\fIunbound.conf\fR(5),
-\fIunbound\fR(8).
+.B @UNBOUND_RUN_DIR@
+directory with private keys (\fBunbound_server.key\fP and
+\fBunbound_control.key\fP) and self\-signed certificates
+(\fBunbound_server.pem\fP and \fBunbound_control.pem\fP).
+.UNINDENT
+.SH SEE ALSO
+.sp
+\fI\%unbound.conf(5)\fP,
+\fI\%unbound(8)\fP\&.
+.SH AUTHOR
+Unbound developers are mentioned in the CREDITS file in the distribution.
+.SH COPYRIGHT
+1999-2025, NLnet Labs
+.\" Generated by docutils manpage writer.
+.
diff --git a/contrib/unbound/doc/unbound-control.rst b/contrib/unbound/doc/unbound-control.rst
new file mode 100644
index 000000000000..71ff6ee37b6c
--- /dev/null
+++ b/contrib/unbound/doc/unbound-control.rst
@@ -0,0 +1,1375 @@
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+.. program:: unbound-control
+
+unbound-control(8)
+==================
+
+Synopsis
+--------
+
+**unbound-control** [``-hq``] [``-c cfgfile``] [``-s server``] command
+
+Description
+-----------
+
+``unbound-control`` performs remote administration on the
+:doc:`unbound(8)</manpages/unbound>` DNS server.
+It reads the configuration file, contacts the Unbound server over TLS sends the
+command and displays the result.
+
+The available options are:
+
+.. option:: -h
+
+    Show the version and commandline option help.
+
+.. option:: -c <cfgfile>
+
+    The config file to read with settings.
+    If not given the default config file
+    :file:`@ub_conf_file@` is used.
+
+.. option:: -s <server[@port]>
+
+    IPv4 or IPv6 address of the server to contact.
+    If not given, the address is read from the config file.
+
+.. option:: -q
+
+    Quiet, if the option is given it does not print anything if it works ok.
+
+Commands
+--------
+
+There are several commands that the server understands.
+
+
+@@UAHL@unbound-control.commands@start@@
+    Start the server.
+    Simply execs :doc:`unbound(8)</manpages/unbound>`.
+    The ``unbound`` executable is searched for in the **PATH** set in the
+    environment.
+    It is started with the config file specified using :option:`-c` or the
+    default config file.
+
+
+@@UAHL@unbound-control.commands@stop@@
+    Stop the server.
+    The server daemon exits.
+
+
+@@UAHL@unbound-control.commands@reload@@
+    Reload the server.
+    This flushes the cache and reads the config file fresh.
+
+
+@@UAHL@unbound-control.commands@reload_keep_cache@@
+    Reload the server but try to keep the RRset and message cache if
+    (re)configuration allows for it.
+    That means the caches sizes and the number of threads must not change
+    between reloads.
+
+
+@@UAHL@unbound-control.commands@fast_reload@@ [``+dpv``]
+    Reload the server, but keep downtime to a minimum, so that user queries
+    keep seeing service.
+    This needs the code compiled with threads.
+    The config is loaded in a thread, and prepared, then it briefly pauses the
+    existing server and updates config options.
+    The intent is that the pause does not impact the service of user queries.
+    The cache is kept.
+    Also user queries worked on are kept and continue, but with the new config
+    options.
+
+    .. note::
+        This command is experimental at this time.
+
+    The amount of temporal memory needed during a fast_reload is twice the
+    amount needed for configuration.
+    This is because Unbound temporarily needs to store both current
+    configuration values and new ones while trying to fast_reload.
+    Zones loaded from disk (authority zones and RPZ zones) are included in such
+    memory needs.
+
+    Options that can be changed are for
+    :ref:`forwards<unbound.conf.forward>`,
+    :ref:`stubs<unbound.conf.stub>`,
+    :ref:`views<unbound.conf.view>`,
+    :ref:`authority zones<unbound.conf.auth>`,
+    :ref:`RPZ zones<unbound.conf.rpz>` and
+    :ref:`local zones<unbound.conf.local-zone>`.
+
+    Also
+    :ref:`access-control<unbound.conf.access-control>` and similar options,
+    :ref:`interface-action<unbound.conf.interface-action>` and similar
+    options and
+    :ref:`tcp-connection-limit<unbound.conf.tcp-connection-limit>`.
+    It can reload some
+    :ref:`define-tag<unbound.conf.define-tag>`
+    changes, more on that below.
+    Further options include
+    :ref:`insecure-lan-zones<unbound.conf.insecure-lan-zones>`,
+    :ref:`domain-insecure<unbound.conf.domain-insecure>`,
+    :ref:`trust-anchor-file<unbound.conf.trust-anchor-file>`,
+    :ref:`trust-anchor<unbound.conf.trust-anchor>`,
+    :ref:`trusted-keys-file<unbound.conf.trusted-keys-file>`,
+    :ref:`auto-trust-anchor-file<unbound.conf.auto-trust-anchor-file>`,
+    :ref:`edns-client-string<unbound.conf.edns-client-string>`,
+    ipset,
+    :ref:`log-identity<unbound.conf.log-identity>`,
+    :ref:`infra-cache-numhosts<unbound.conf.infra-cache-numhosts>`,
+    :ref:`msg-cache-size<unbound.conf.msg-cache-size>`,
+    :ref:`rrset-cache-size<unbound.conf.rrset-cache-size>`,
+    :ref:`key-cache-size<unbound.conf.key-cache-size>`,
+    :ref:`ratelimit-size<unbound.conf.ratelimit-size>`,
+    :ref:`neg-cache-size<unbound.conf.neg-cache-size>`,
+    :ref:`num-queries-per-thread<unbound.conf.num-queries-per-thread>`,
+    :ref:`jostle-timeout<unbound.conf.jostle-timeout>`,
+    :ref:`use-caps-for-id<unbound.conf.use-caps-for-id>`,
+    :ref:`unwanted-reply-threshold<unbound.conf.unwanted-reply-threshold>`,
+    :ref:`tls-use-sni<unbound.conf.tls-use-sni>`,
+    :ref:`outgoing-tcp-mss<unbound.conf.outgoing-tcp-mss>`,
+    :ref:`ip-dscp<unbound.conf.ip-dscp>`,
+    :ref:`max-reuse-tcp-queries<unbound.conf.max-reuse-tcp-queries>`,
+    :ref:`tcp-reuse-timeout<unbound.conf.tcp-reuse-timeout>`,
+    :ref:`tcp-auth-query-timeout<unbound.conf.tcp-auth-query-timeout>`,
+    :ref:`delay-close<unbound.conf.delay-close>`.
+    :ref:`iter-scrub-promiscuous<unbound.conf.iter-scrub-promiscuous>`.
+
+    It does not work with
+    :ref:`interface<unbound.conf.interface>` and
+    :ref:`outgoing-interface<unbound.conf.outgoing-interface>` changes,
+    also not with
+    :ref:`remote control<unbound.conf.remote>`,
+    :ref:`outgoing-port-permit<unbound.conf.outgoing-port-permit>`,
+    :ref:`outgoing-port-avoid<unbound.conf.outgoing-port-avoid>`,
+    :ref:`msg-buffer-size<unbound.conf.msg-buffer-size>`,
+    any **\*-slabs** options and
+    :ref:`statistics-interval<unbound.conf.statistics-interval>` changes.
+
+    For :ref:`dnstap<unbound.conf.dnstap>` these options can be changed:
+    :ref:`dnstap-log-resolver-query-messages<unbound.conf.dnstap.dnstap-log-resolver-query-messages>`,
+    :ref:`dnstap-log-resolver-response-messages<unbound.conf.dnstap.dnstap-log-resolver-response-messages>`,
+    :ref:`dnstap-log-client-query-messages<unbound.conf.dnstap.dnstap-log-client-query-messages>`,
+    :ref:`dnstap-log-client-response-messages<unbound.conf.dnstap.dnstap-log-client-response-messages>`,
+    :ref:`dnstap-log-forwarder-query-messages<unbound.conf.dnstap.dnstap-log-forwarder-query-messages>` and
+    :ref:`dnstap-log-forwarder-response-messages<unbound.conf.dnstap.dnstap-log-forwarder-response-messages>`.
+
+    It does not work with these options:
+    :ref:`dnstap-enable<unbound.conf.dnstap.dnstap-enable>`,
+    :ref:`dnstap-bidirectional<unbound.conf.dnstap.dnstap-bidirectional>`,
+    :ref:`dnstap-socket-path<unbound.conf.dnstap.dnstap-socket-path>`,
+    :ref:`dnstap-ip<unbound.conf.dnstap.dnstap-ip>`,
+    :ref:`dnstap-tls<unbound.conf.dnstap.dnstap-tls>`,
+    :ref:`dnstap-tls-server-name<unbound.conf.dnstap.dnstap-tls-server-name>`,
+    :ref:`dnstap-tls-cert-bundle<unbound.conf.dnstap.dnstap-tls-cert-bundle>`,
+    :ref:`dnstap-tls-client-key-file<unbound.conf.dnstap.dnstap-tls-client-key-file>` and
+    :ref:`dnstap-tls-client-cert-file<unbound.conf.dnstap.dnstap-tls-client-cert-file>`.
+
+    The options
+    :ref:`dnstap-send-identity<unbound.conf.dnstap.dnstap-send-identity>`,
+    :ref:`dnstap-send-version<unbound.conf.dnstap.dnstap-send-version>`,
+    :ref:`dnstap-identity<unbound.conf.dnstap.dnstap-identity>`, and
+    :ref:`dnstap-version<unbound.conf.dnstap.dnstap-version>` can be loaded
+    when ``+p`` is not used.
+
+    The ``+v`` option makes the output verbose which includes the time it took
+    to do the reload.
+    With ``+vv`` it is more verbose which includes the amount of memory that
+    was allocated temporarily to perform the reload; this amount of memory can
+    be big if the config has large contents.
+    In the timing output the 'reload' time is the time during which the server
+    was paused.
+
+    The ``+p`` option makes the reload not pause threads, they keep running.
+    Locks are acquired, but items are updated in sequence, so it is possible
+    for threads to see an inconsistent state with some options from the old
+    and some options from the new config, such as cache TTL parameters from the
+    old config and forwards from the new config.
+    The stubs and forwards are updated at the same time, so that they are
+    viewed consistently, either old or new values together.
+    The option makes the reload time take eg. 3 microseconds instead of 0.3
+    milliseconds during which the worker threads are interrupted.
+    So, the interruption is much shorter, at the expense of some inconsistency.
+    After the reload itself, every worker thread is briefly contacted to make
+    them release resources, this makes the delete timing a little longer, and
+    takes up time from the remote control servicing worker thread.
+
+    With the nopause option (``+p``), the reload does not work to reload some
+    options, that fast reload works on without the nopause option:
+    :ref:`val-bogus-ttl<unbound.conf.val-bogus-ttl>`,
+    :ref:`val-override-date<unbound.conf.val-override-date>`,
+    :ref:`val-sig-skew-min<unbound.conf.val-sig-skew-min>`,
+    :ref:`val-sig-skew-max<unbound.conf.val-sig-skew-max>`,
+    :ref:`val-max-restart<unbound.conf.val-max-restart>`,
+    :ref:`val-nsec3-keysize-iterations<unbound.conf.val-nsec3-keysize-iterations>`,
+    :ref:`target-fetch-policy<unbound.conf.target-fetch-policy>`,
+    :ref:`outbound-msg-retry<unbound.conf.outbound-msg-retry>`,
+    :ref:`max-sent-count<unbound.conf.max-sent-count>`,
+    :ref:`max-query-restarts<unbound.conf.max-query-restarts>`,
+    :ref:`do-not-query-address<unbound.conf.do-not-query-address>`,
+    :ref:`do-not-query-localhost<unbound.conf.do-not-query-localhost>`,
+    :ref:`private-address<unbound.conf.private-address>`,
+    :ref:`private-domain<unbound.conf.private-domain>`,
+    :ref:`caps-exempt<unbound.conf.caps-exempt>`,
+    :ref:`nat64-prefix<unbound.conf.nat64.nat64-prefix>`,
+    :ref:`do-nat64<unbound.conf.nat64.do-nat64>`,
+    :ref:`infra-host-ttl<unbound.conf.infra-host-ttl>`,
+    :ref:`infra-keep-probing<unbound.conf.infra-keep-probing>`,
+    :ref:`ratelimit<unbound.conf.ratelimit>`,
+    :ref:`ip-ratelimit<unbound.conf.ip-ratelimit>`,
+    :ref:`ip-ratelimit-cookie<unbound.conf.ip-ratelimit-cookie>`,
+    :ref:`wait-limit-netblock<unbound.conf.wait-limit-netblock>`,
+    :ref:`wait-limit-cookie-netblock<unbound.conf.wait-limit-cookie-netblock>`,
+    :ref:`ratelimit-below-domain<unbound.conf.ratelimit-below-domain>`,
+    :ref:`ratelimit-for-domain<unbound.conf.ratelimit-for-domain>`.
+
+    The ``+d`` option makes the reload drop queries that the worker threads are
+    working on.
+    This is like
+    :ref:`flush_requestlist<unbound-control.commands.flush_requestlist>`.
+    Without it the queries are kept so that users keep getting answers for
+    those queries that are currently processed.
+    The drop makes it so that queries during the life time of the
+    query processing see only old, or only new config options.
+
+    When there are changes to the config tags, from the
+    :ref:`define-tag<unbound.conf.define-tag>` option,
+    then the ``+d`` option is implicitly turned on with a warning printout, and
+    queries are dropped.
+    This is to stop references to the old tag information, by the old
+    queries.
+    If the number of tags is increased in the newly loaded config, by
+    adding tags at the end, then the implicit ``+d`` option is not needed.
+
+    For response ip, that is actions associated with IP addresses, and perhaps
+    intersected with access control tag and action information, those settings
+    are stored with a query when it comes in based on its source IP address.
+    The old information is kept with the query until the queries are done.
+    This is gone when those queries are resolved and finished, or it is
+    possible to flush the requestlist with ``+d``.
+
+
+@@UAHL@unbound-control.commands@verbosity@@ *number*
+    Change verbosity value for logging.
+    Same values as the **verbosity:** keyword in
+    :doc:`unbound.conf(5)</manpages/unbound.conf>`.
+    This new setting lasts until the server is issued a reload (taken from
+    config file again), or the next verbosity control command.
+
+
+@@UAHL@unbound-control.commands@log_reopen@@
+    Reopen the logfile, close and open it.
+    Useful for logrotation to make the daemon release the file it is logging
+    to.
+    If you are using syslog it will attempt to close and open the syslog (which
+    may not work if chrooted).
+
+
+@@UAHL@unbound-control.commands@stats@@
+    Print statistics.
+    Resets the internal counters to zero, this can be controlled using the
+    **statistics-cumulative:** config statement.
+    Statistics are printed with one ``[name]: [value]`` per line.
+
+
+@@UAHL@unbound-control.commands@stats_noreset@@
+    Peek at statistics.
+    Prints them like the stats command does, but does not reset the internal
+    counters to zero.
+
+
+@@UAHL@unbound-control.commands@status@@
+    Display server status.
+    Exit code 3 if not running (the connection to the port is refused), 1 on
+    error, 0 if running.
+
+
+@@UAHL@unbound-control.commands@local_zone@@ *name type*
+    Add new local zone with name and type.
+    Like local-zone config statement.
+    If the zone already exists, the type is changed to the given argument.
+
+
+@@UAHL@unbound-control.commands@local_zone_remove@@ *name*
+    Remove the local zone with the given name.
+    Removes all local data inside it.
+    If the zone does not exist, the command succeeds.
+
+
+@@UAHL@unbound-control.commands@local_data@@ *RR data...*
+    Add new local data, the given resource record.
+    Like **local-data:** keyword, except for when no covering zone exists.
+    In that case this remote control command creates a transparent zone with
+    the same name as this record.
+
+
+@@UAHL@unbound-control.commands@local_data_remove@@ *name*
+    Remove all RR data from local name.
+    If the name already has no items, nothing happens.
+    Often results in NXDOMAIN for the name (in a static zone), but if the name
+    has become an empty nonterminal (there is still data in domain names below
+    the removed name), NOERROR nodata answers are the result for that name.
+
+
+@@UAHL@unbound-control.commands@local_zones@@
+    Add local zones read from stdin of unbound-control.
+    Input is read per line, with name space type on a line.
+    For bulk additions.
+
+
+@@UAHL@unbound-control.commands@local_zones_remove@@
+    Remove local zones read from stdin of unbound-control.
+    Input is one name per line.
+    For bulk removals.
+
+
+@@UAHL@unbound-control.commands@local_datas@@
+    Add local data RRs read from stdin of unbound-control.
+    Input is one RR per line.
+    For bulk additions.
+
+
+@@UAHL@unbound-control.commands@local_datas_remove@@
+    Remove local data RRs read from stdin of unbound-control.
+    Input is one name per line.
+    For bulk removals.
+
+
+@@UAHL@unbound-control.commands@dump_cache@@
+    The contents of the cache is printed in a text format to stdout.
+    You can redirect it to a file to store the cache in a file.
+    Not supported in remote Unbounds in multi-process operation.
+
+
+@@UAHL@unbound-control.commands@load_cache@@
+    The contents of the cache is loaded from stdin.
+    Uses the same format as dump_cache uses.
+    Loading the cache with old, or wrong data can result in old or wrong data
+    returned to clients.
+    Loading data into the cache in this way is supported in order to aid with
+    debugging.
+    Not supported in remote Unbounds in multi-process operation.
+
+
+@@UAHL@unbound-control.commands@cache_lookup@@ [``+t``] *names*
+    Print to stdout the RRsets and messages that are in the cache.
+    For every name listed the content at or under the name is printed.
+    Several names separated by spaces can be given, each is printed.
+    When subnetcache is enabled, also matching entries from the subnet
+    cache are printed.
+
+    The ``+t`` option allows tld and root names.
+    With it names like 'com' and '.' can be used, but it takes a lot of
+    effort to look up in the cache.
+
+
+@@UAHL@unbound-control.commands@lookup@@ *name*
+    Print to stdout the name servers that would be used to look up the name
+    specified.
+
+
+@@UAHL@unbound-control.commands@flush@@ [``+c``] *name*
+    Remove the name from the cache.
+    Removes the types A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR,
+    SVCB and HTTPS.
+    Because that is fast to do.
+    Other record types can be removed using **flush_type** or **flush_zone**.
+
+    The ``+c`` option removes the items also from the cachedb cache.
+    If cachedb is in use.
+
+
+@@UAHL@unbound-control.commands@flush_type@@ [``+c``] *name type*
+    Remove the name, type information from the cache.
+
+    The ``+c`` option removes the items also from the cachedb cache.
+    If cachedb is in use.
+
+
+@@UAHL@unbound-control.commands@flush_zone@@ [``+c``] name
+    Remove all information at or below the name from the cache.
+    The rrsets and key entries are removed so that new lookups will be
+    performed.
+    This needs to walk and inspect the entire cache, and is a slow operation.
+    The entries are set to expired in the implementation of this command (so,
+    with serve-expired enabled, it'll serve that information but schedule a
+    prefetch for new information).
+
+    The ``+c`` option removes the items also from the cachedb cache.
+    If cachedb is in use.
+
+
+@@UAHL@unbound-control.commands@flush_bogus@@ [``+c``]
+    Remove all bogus data from the cache.
+
+    The ``+c`` option removes the items also from the cachedb cache.
+    If cachedb is in use.
+
+
+@@UAHL@unbound-control.commands@flush_negative@@ [``+c``]
+    Remove all negative data from the cache.
+    This is nxdomain answers, nodata answers and servfail answers.
+    Also removes bad key entries (which could be due to failed lookups) from
+    the dnssec key cache, and iterator last-resort lookup failures from the
+    rrset cache.
+
+    The ``+c`` option removes the items also from the cachedb cache.
+    If cachedb is in use.
+
+
+@@UAHL@unbound-control.commands@flush_stats@@
+    Reset statistics to zero.
+
+
+@@UAHL@unbound-control.commands@flush_requestlist@@
+    Drop the queries that are worked on.
+    Stops working on the queries that the server is working on now.
+    The cache is unaffected.
+    No reply is sent for those queries, probably making those users request
+    again later.
+    Useful to make the server restart working on queries with new settings,
+    such as a higher verbosity level.
+
+
+@@UAHL@unbound-control.commands@dump_requestlist@@
+    Show what is worked on.
+    Prints all queries that the server is currently working on.
+    Prints the time that users have been waiting.
+    For internal requests, no time is printed.
+    And then prints out the module status.
+    This prints the queries from the first thread, and not queries that are
+    being serviced from other threads.
+
+
+@@UAHL@unbound-control.commands@flush_infra@@ *all|IP*
+    If all then entire infra cache is emptied.
+    If a specific IP address, the entry for that address is removed from the
+    cache.
+    It contains EDNS, ping and lameness data.
+
+
+@@UAHL@unbound-control.commands@dump_infra@@
+    Show the contents of the infra cache.
+
+
+@@UAHL@unbound-control.commands@set_option@@ *opt: val*
+    Set the option to the given value without a reload.
+    The cache is therefore not flushed.
+    The option must end with a ``':'`` and whitespace must be between the
+    option and the value.
+    Some values may not have an effect if set this way, the new values are not
+    written to the config file, not all options are supported.
+    This is different from the set_option call in libunbound, where all values
+    work because Unbound has not been initialized.
+
+    The values that work are: statistics-interval, statistics-cumulative,
+    do-not-query-localhost,  harden-short-bufsize, harden-large-queries,
+    harden-glue, harden-dnssec-stripped, harden-below-nxdomain,
+    harden-referral-path,  prefetch, prefetch-key, log-queries, hide-identity,
+    hide-version, identity, version, val-log-level, val-log-squelch,
+    ignore-cd-flag, add-holddown, del-holddown, keep-missing, tcp-upstream,
+    ssl-upstream, max-udp-size, ratelimit, ip-ratelimit, cache-max-ttl,
+    cache-min-ttl, cache-max-negative-ttl.
+
+
+@@UAHL@unbound-control.commands@get_option@@ *opt*
+    Get the value of the option.
+    Give the option name without a trailing ``':'``.
+    The value is printed.
+    If the value is ``""``, nothing is printed and the connection closes.
+    On error ``'error ...'`` is printed (it gives a syntax error on unknown
+    option).
+    For some options a list of values, one on each line, is printed.
+    The options are shown from the config file as modified with set_option.
+    For some options an override may have been taken that does not show up with
+    this command, not results from e.g. the verbosity and forward control
+    commands.
+    Not all options work, see list_stubs, list_forwards, list_local_zones and
+    list_local_data for those.
+
+
+@@UAHL@unbound-control.commands@list_stubs@@
+    List the stub zones in use.
+    These are printed one by one to the output.
+    This includes the root hints in use.
+
+
+@@UAHL@unbound-control.commands@list_forwards@@
+    List the forward zones in use.
+    These are printed zone by zone to the output.
+
+
+@@UAHL@unbound-control.commands@list_insecure@@
+    List the zones with domain-insecure.
+
+
+@@UAHL@unbound-control.commands@list_local_zones@@
+    List the local zones in use.
+    These are printed one per line with zone type.
+
+
+@@UAHL@unbound-control.commands@list_local_data@@
+    List the local data RRs in use.
+    The resource records are printed.
+
+
+@@UAHL@unbound-control.commands@insecure_add@@ *zone*
+    Add a domain-insecure for the given zone, like the statement in
+    unbound.conf.
+    Adds to the running Unbound without affecting the cache
+    contents (which may still be bogus, use flush_zone to remove it), does not
+    affect the config file.
+
+
+@@UAHL@unbound-control.commands@insecure_remove@@ *zone*
+    Removes domain-insecure for the given zone.
+
+
+@@UAHL@unbound-control.commands@forward_add@@ [``+it``] *zone addr ...*
+    Add a new forward zone to running Unbound.
+    With ``+i`` option also adds a domain-insecure for the zone (so it can
+    resolve insecurely if you have a DNSSEC root trust anchor configured for
+    other names).
+    The addr can be IP4, IP6 or nameserver names, like forward-zone config in
+    unbound.conf.
+    The ``+t`` option sets it to use TLS upstream, like
+    :ref:`forward-tls-upstream: yes<unbound.conf.forward.forward-tls-upstream>`.
+
+
+@@UAHL@unbound-control.commands@forward_remove@@ [``+i``] *zone*
+    Remove a forward zone from running Unbound.
+    The ``+i`` also removes a domain-insecure for the zone.
+
+
+@@UAHL@unbound-control.commands@stub_add@@ [``+ipt``] *zone addr ...*
+    Add a new stub zone to running Unbound.
+    With ``+i`` option also adds a domain-insecure for the zone.
+    With ``+p`` the stub zone is set to prime, without it it is set to
+    notprime.
+    The addr can be IP4, IP6 or nameserver names, like the **stub-zone:**
+    config in unbound.conf.
+    The ``+t`` option sets it to use TLS upstream, like
+    :ref:`stub-tls-upstream: yes<unbound.conf.stub.stub-tls-upstream>`.
+
+
+@@UAHL@unbound-control.commands@stub_remove@@ [``+i``] *zone*
+    Remove a stub zone from running Unbound.
+    The ``+i`` also removes a domain-insecure for the zone.
+
+
+@@UAHL@unbound-control.commands@forward@@ [*off* | *addr ...* ]
+    Setup forwarding mode.
+    Configures if the server should ask other upstream nameservers, should go
+    to the internet root nameservers itself, or show the current config.
+    You could pass the nameservers after a DHCP update.
+
+    Without arguments the current list of addresses used to forward all queries
+    to is printed.
+    On startup this is from the forward-zone ``"."`` configuration.
+    Afterwards it shows the status.
+    It prints off when no forwarding is used.
+
+    If off is passed, forwarding is disabled and the root nameservers are
+    used.
+    This can be used to avoid to avoid buggy or non-DNSSEC supporting
+    nameservers returned from DHCP.
+    But may not work in hotels or hotspots.
+
+    If one or more IPv4 or IPv6 addresses are given, those are then used to
+    forward queries to.
+    The addresses must be separated with spaces.
+    With ``'@port'`` the port number can be set explicitly (default port is 53
+    (DNS)).
+
+    By default the forwarder information from the config file for the root
+    ``"."`` is used.
+    The config file is not changed, so after a reload these changes are gone.
+    Other forward zones from the config file are not affected by this command.
+
+
+@@UAHL@unbound-control.commands@ratelimit_list@@ [``+a``]
+    List the domains that are ratelimited.
+    Printed one per line with current estimated qps and qps limit from config.
+    With ``+a`` it prints all domains, not just the ratelimited domains, with
+    their estimated qps.
+    The ratelimited domains return an error for uncached (new) queries, but
+    cached queries work as normal.
+
+
+@@UAHL@unbound-control.commands@ip_ratelimit_list@@ [``+a``]
+    List the ip addresses that are ratelimited.
+    Printed one per line with current estimated qps and qps limit from config.
+    With ``+a`` it prints all ips, not just the ratelimited ips, with their
+    estimated qps.
+    The ratelimited ips are dropped before checking the cache.
+
+
+@@UAHL@unbound-control.commands@list_auth_zones@@
+    List the auth zones that are configured.
+    Printed one per line with a status, indicating if the zone is expired and
+    current serial number.
+    Configured RPZ zones are included.
+
+
+@@UAHL@unbound-control.commands@auth_zone_reload@@ *zone*
+    Reload the auth zone (or RPZ zone) from zonefile.
+    The zonefile is read in overwriting the current contents of the zone in
+    memory.
+    This changes the auth zone contents itself, not the cache contents.
+    Such cache contents exists if you set Unbound to validate with
+    **for-upstream: yes** and that can be cleared with **flush_zone** *zone*.
+
+
+@@UAHL@unbound-control.commands@auth_zone_transfer@@ *zone*
+    Transfer the auth zone (or RPZ zone) from master.
+    The auth zone probe sequence is started, where the masters are probed to
+    see if they have an updated zone (with the SOA serial check).
+    And then the zone is transferred for a newer zone version.
+
+
+@@UAHL@unbound-control.commands@rpz_enable@@ *zone*
+    Enable the RPZ zone if it had previously been disabled.
+
+
+@@UAHL@unbound-control.commands@rpz_disable@@ *zone*
+    Disable the RPZ zone.
+
+
+@@UAHL@unbound-control.commands@view_list_local_zones@@ *view*
+    *list_local_zones* for given view.
+
+
+@@UAHL@unbound-control.commands@view_local_zone@@ *view name type*
+    *local_zone* for given view.
+
+
+@@UAHL@unbound-control.commands@view_local_zone_remove@@ *view name*
+    *local_zone_remove* for given view.
+
+
+@@UAHL@unbound-control.commands@view_list_local_data@@ *view*
+    *list_local_data* for given view.
+
+
+@@UAHL@unbound-control.commands@view_local_data@@ *view RR data...*
+    *local_data* for given view.
+
+
+@@UAHL@unbound-control.commands@view_local_data_remove@@ *view name*
+    *local_data_remove* for given view.
+
+
+@@UAHL@unbound-control.commands@view_local_datas_remove@@ *view*
+    Remove a list of *local_data* for given view from stdin.
+    Like *local_datas_remove*.
+
+
+@@UAHL@unbound-control.commands@view_local_datas@@ *view*
+    Add a list of *local_data* for given view from stdin.
+    Like *local_datas*.
+
+
+@@UAHL@unbound-control.commands@add_cookie_secret@@ *secret*
+    Add or replace a cookie secret persistently.
+    *secret* needs to be an 128 bit hex string.
+
+    Cookie secrets can be either **active** or **staging**.
+    **Active** cookie secrets are used to create DNS Cookies, but verification
+    of a DNS Cookie succeeds with any of the **active** or **staging** cookie
+    secrets.
+    The state of the current cookie secrets can be printed with the
+    :ref:`print_cookie_secrets<unbound-control.commands.print_cookie_secrets>`
+    command.
+
+    When there are no cookie secrets configured yet, the *secret* is added as
+    **active**.
+    If there is already an **active** cookie secret, the *secret* is added as
+    **staging** or replacing an existing **staging** secret.
+
+    To "roll" a cookie secret used in an anycast set.
+    The new secret has to be added as **staging** secret to **all** nodes in
+    the anycast set.
+    When **all** nodes can verify DNS Cookies with the new secret, the new
+    secret can be activated with the
+    :ref:`activate_cookie_secret<unbound-control.commands.activate_cookie_secret>`
+    command.
+    After **all** nodes have the new secret **active** for at least one hour,
+    the previous secret can be dropped with the
+    :ref:`drop_cookie_secret<unbound-control.commands.drop_cookie_secret>`
+    command.
+
+    Persistence is accomplished by writing to a file which is configured with
+    the
+    :ref:`cookie-secret-file<unbound.conf.cookie-secret-file>`
+    option in the server section of the config file.
+    This is disabled by default, "".
+
+
+@@UAHL@unbound-control.commands@drop_cookie_secret@@
+    Drop the **staging** cookie secret.
+
+
+@@UAHL@unbound-control.commands@activate_cookie_secret@@
+    Make the current **staging** cookie secret **active**, and the current
+    **active** cookie secret **staging**.
+
+
+@@UAHL@unbound-control.commands@print_cookie_secrets@@
+    Show the current configured cookie secrets with their status.
+
+Exit Code
+---------
+
+The ``unbound-control`` program exits with status code 1 on error, 0 on
+success.
+
+Set Up
+------
+
+The setup requires a self-signed certificate and private keys for both the
+server and client.
+The script ``unbound-control-setup`` generates these in the default run
+directory, or with ``-d`` in another directory.
+If you change the access control permissions on the key files you can decide
+who can use ``unbound-control``, by default owner and group but not all users.
+Run the script under the same username as you have configured in
+:file:`unbound.conf` or as root, so that the daemon is permitted to read the
+files, for example with:
+
+.. code-block:: bash
+
+    sudo -u unbound unbound-control-setup
+
+If you have not configured a username in :file:`unbound.conf`, the keys need
+read permission for the user credentials under which the daemon is started.
+The script preserves private keys present in the directory.
+After running the script as root, turn on
+:ref:`control-enable<unbound.conf.remote.control-enable>` in
+:file:`unbound.conf`.
+
+Statistic Counters
+------------------
+
+The :ref:`stats<unbound-control.commands.stats>` and
+:ref:`stats_noreset<unbound-control.commands.stats_noreset>` commands show a
+number of statistic counters:
+
+
+@@UAHL@unbound-control.stats@threadX.num.queries@@
+    number of queries received by thread
+
+
+@@UAHL@unbound-control.stats@threadX.num.queries_ip_ratelimited@@
+    number of queries rate limited by thread
+
+
+@@UAHL@unbound-control.stats@threadX.num.queries_cookie_valid@@
+    number of queries with a valid DNS Cookie by thread
+
+
+@@UAHL@unbound-control.stats@threadX.num.queries_cookie_client@@
+    number of queries with a client part only DNS Cookie by thread
+
+
+@@UAHL@unbound-control.stats@threadX.num.queries_cookie_invalid@@
+    number of queries with an invalid DNS Cookie by thread
+
+
+@@UAHL@unbound-control.stats@threadX.num.queries_discard_timeout@@
+    number of queries removed due to discard-timeout by thread
+
+
+@@UAHL@unbound-control.stats@threadX.num.queries_wait_limit@@
+    number of queries removed due to wait-limit by thread
+
+
+@@UAHL@unbound-control.stats@threadX.num.cachehits@@
+    number of queries that were successfully answered using a cache lookup
+
+
+@@UAHL@unbound-control.stats@threadX.num.cachemiss@@
+    number of queries that needed recursive processing
+
+
+@@UAHL@unbound-control.stats@threadX.num.dnscrypt.crypted@@
+    number of queries that were encrypted and successfully decapsulated by
+    dnscrypt.
+
+
+@@UAHL@unbound-control.stats@threadX.num.dnscrypt.cert@@
+    number of queries that were requesting dnscrypt certificates.
+
+
+@@UAHL@unbound-control.stats@threadX.num.dnscrypt.cleartext@@
+    number of queries received on dnscrypt port that were cleartext and not a
+    request for certificates.
+
+
+@@UAHL@unbound-control.stats@threadX.num.dnscrypt.malformed@@
+    number of request that were neither cleartext, not valid dnscrypt messages.
+
+
+@@UAHL@unbound-control.stats@threadX.num.dns_error_reports@@
+    number of DNS Error Reports generated by thread
+
+
+@@UAHL@unbound-control.stats@threadX.num.prefetch@@
+    number of cache prefetches performed.
+    This number is included in cachehits, as the original query had the
+    unprefetched answer from cache, and resulted in recursive processing,
+    taking a slot in the requestlist.
+    Not part of the recursivereplies (or the histogram thereof) or cachemiss,
+    as a cache response was sent.
+
+
+@@UAHL@unbound-control.stats@threadX.num.expired@@
+    number of replies that served an expired cache entry.
+
+
+@@UAHL@unbound-control.stats@threadX.num.queries_timed_out@@
+    number of queries that are dropped because they waited in the UDP socket
+    buffer for too long.
+
+
+@@UAHL@unbound-control.stats@threadX.query.queue_time_us.max@@
+    The maximum wait time for packets in the socket buffer, in microseconds.
+    This is only reported when
+    :ref:`sock-queue-timeout<unbound.conf.sock-queue-timeout>` is enabled.
+
+
+@@UAHL@unbound-control.stats@threadX.num.recursivereplies@@
+    The number of replies sent to queries that needed recursive processing.
+    Could be smaller than threadX.num.cachemiss if due to timeouts no replies
+    were sent for some queries.
+
+
+@@UAHL@unbound-control.stats@threadX.requestlist.avg@@
+    The average number of requests in the internal recursive processing request
+    list on insert of a new incoming recursive processing query.
+
+
+@@UAHL@unbound-control.stats@threadX.requestlist.max@@
+    Maximum size attained by the internal recursive processing request list.
+
+
+@@UAHL@unbound-control.stats@threadX.requestlist.overwritten@@
+    Number of requests in the request list that were overwritten by newer
+    entries.
+    This happens if there is a flood of queries that recursive processing and
+    the server has a hard time.
+
+
+@@UAHL@unbound-control.stats@threadX.requestlist.exceeded@@
+    Queries that were dropped because the request list was full.
+    This happens if a flood of queries need recursive processing, and the
+    server can not keep up.
+
+
+@@UAHL@unbound-control.stats@threadX.requestlist.current.all@@
+    Current size of the request list, includes internally generated queries
+    (such as priming queries and glue lookups).
+
+
+@@UAHL@unbound-control.stats@threadX.requestlist.current.user@@
+    Current size of the request list, only the requests from client queries.
+
+
+@@UAHL@unbound-control.stats@threadX.recursion.time.avg@@
+    Average time it took to answer queries that needed recursive processing.
+    Note that queries that were answered from the cache are not in this average.
+
+
+@@UAHL@unbound-control.stats@threadX.recursion.time.median@@
+    The median of the time it took to answer queries that needed recursive
+    processing.
+    The median means that 50% of the user queries were answered in less than
+    this time.
+    Because of big outliers (usually queries to non responsive servers), the
+    average can be bigger than the median.
+    This median has been calculated by interpolation from a histogram.
+
+
+@@UAHL@unbound-control.stats@threadX.tcpusage@@
+    The currently held tcp buffers for incoming connections.
+    A spot value on the time of the request.
+    This helps you spot if the incoming-num-tcp buffers are full.
+
+
+@@UAHL@unbound-control.stats@total.num.queries@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.queries_ip_ratelimited@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.queries_cookie_valid@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.queries_cookie_client@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.queries_cookie_invalid@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.queries_discard_timeout@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.queries_wait_limit@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.cachehits@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.cachemiss@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.dnscrypt.crypted@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.dnscrypt.cert@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.dnscrypt.cleartext@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.dnscrypt.malformed@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.dns_error_reports@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.prefetch@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.expired@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.queries_timed_out@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.query.queue_time_us.max@@
+    the maximum of the thread values.
+
+
+@@UAHL@unbound-control.stats@total.num.recursivereplies@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.requestlist.avg@@
+    averaged over threads.
+
+
+@@UAHL@unbound-control.stats@total.requestlist.max@@
+    the maximum of the thread requestlist.max values.
+
+
+@@UAHL@unbound-control.stats@total.requestlist.overwritten@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.requestlist.exceeded@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.requestlist.current.all@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.recursion.time.median@@
+    averaged over threads.
+
+
+@@UAHL@unbound-control.stats@total.tcpusage@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@time.now@@
+    current time in seconds since 1970.
+
+
+@@UAHL@unbound-control.stats@time.up@@
+    uptime since server boot in seconds.
+
+
+@@UAHL@unbound-control.stats@time.elapsed@@
+    time since last statistics printout, in seconds.
+
+Extended Statistics
+-------------------
+
+
+@@UAHL@unbound-control.stats@mem.cache.rrset@@
+    Memory in bytes in use by the RRset cache.
+
+
+@@UAHL@unbound-control.stats@mem.cache.message@@
+    Memory in bytes in use by the message cache.
+
+
+@@UAHL@unbound-control.stats@mem.cache.dnscrypt_shared_secret@@
+    Memory in bytes in use by the dnscrypt shared secrets cache.
+
+
+@@UAHL@unbound-control.stats@mem.cache.dnscrypt_nonce@@
+    Memory in bytes in use by the dnscrypt nonce cache.
+
+
+@@UAHL@unbound-control.stats@mem.mod.iterator@@
+    Memory in bytes in use by the iterator module.
+
+
+@@UAHL@unbound-control.stats@mem.mod.validator@@
+    Memory in bytes in use by the validator module.
+    Includes the key cache and negative cache.
+
+
+@@UAHL@unbound-control.stats@mem.streamwait@@
+    Memory in bytes in used by the TCP and TLS stream wait buffers.
+    These are answers waiting to be written back to the clients.
+
+
+@@UAHL@unbound-control.stats@mem.http.query_buffer@@
+    Memory in bytes used by the HTTP/2 query buffers.
+    Containing (partial) DNS queries waiting for request stream completion.
+
+
+@@UAHL@unbound-control.stats@mem.http.response_buffer@@
+    Memory in bytes used by the HTTP/2 response buffers.
+    Containing DNS responses waiting to be written back to the clients.
+
+
+@@UAHL@unbound-control.stats@mem.quic@@
+    Memory in bytes used by QUIC.
+    Containing connection information, stream information, queries read and
+    responses written back to the clients.
+
+@@UAHL@unbound-control.stats@histogram@@.<sec>.<usec>.to.<sec>.<usec>
+    Shows a histogram, summed over all threads.
+    Every element counts the recursive queries whose reply time fit between the
+    lower and upper bound.
+    Times larger or equal to the lowerbound, and smaller than the upper bound.
+    There are 40 buckets, with bucket sizes doubling.
+
+
+@@UAHL@unbound-control.stats@num.query.type.A@@
+    The total number of queries over all threads with query type A.
+    Printed for the other query types as well, but only for the types for which
+    queries were received, thus =0 entries are omitted for brevity.
+
+
+@@UAHL@unbound-control.stats@num.query.type.other@@
+    Number of queries with query types 256-65535.
+
+
+@@UAHL@unbound-control.stats@num.query.class.IN@@
+    The total number of queries over all threads with query class IN
+    (internet).
+    Also printed for other classes (such as CH (CHAOS) sometimes used for
+    debugging), or NONE, ANY, used by dynamic update.
+    num.query.class.other is printed for classes 256-65535.
+
+
+@@UAHL@unbound-control.stats@num.query.opcode.QUERY@@
+    The total number of queries over all threads with query opcode QUERY.
+    Also printed for other opcodes, UPDATE, ...
+
+
+@@UAHL@unbound-control.stats@num.query.tcp@@
+    Number of queries that were made using TCP towards the Unbound server.
+
+
+@@UAHL@unbound-control.stats@num.query.tcpout@@
+    Number of queries that the Unbound server made using TCP outgoing towards
+    other servers.
+
+
+@@UAHL@unbound-control.stats@num.query.udpout@@
+    Number of queries that the Unbound server made using UDP outgoing towards
+    other servers.
+
+
+@@UAHL@unbound-control.stats@num.query.tls@@
+    Number of queries that were made using TLS towards the Unbound server.
+    These are also counted in num.query.tcp, because TLS uses TCP.
+
+
+@@UAHL@unbound-control.stats@num.query.tls.resume@@
+    Number of TLS session resumptions, these are queries over TLS towards the
+    Unbound server where the client negotiated a TLS session resumption key.
+
+
+@@UAHL@unbound-control.stats@num.query.https@@
+    Number of queries that were made using HTTPS towards the Unbound server.
+    These are also counted in num.query.tcp and num.query.tls, because HTTPS
+    uses TLS and TCP.
+
+
+@@UAHL@unbound-control.stats@num.query.quic@@
+    Number of queries that were made using QUIC towards the Unbound server.
+    These are also counted in num.query.tls, because TLS is used for these
+    queries.
+
+
+@@UAHL@unbound-control.stats@num.query.ipv6@@
+    Number of queries that were made using IPv6 towards the Unbound server.
+
+
+@@UAHL@unbound-control.stats@num.query.flags.RD@@
+    The number of queries that had the RD flag set in the header.
+    Also printed for flags QR, AA, TC, RA, Z, AD, CD.
+    Note that queries with flags QR, AA or TC may have been rejected because of
+    that.
+
+
+@@UAHL@unbound-control.stats@num.query.edns.present@@
+    number of queries that had an EDNS OPT record present.
+
+
+@@UAHL@unbound-control.stats@num.query.edns.DO@@
+    number of queries that had an EDNS OPT record with the DO (DNSSEC OK) bit
+    set.
+    These queries are also included in the num.query.edns.present number.
+
+
+@@UAHL@unbound-control.stats@num.query.ratelimited@@
+    The number of queries that are turned away from being send to nameserver
+    due to ratelimiting.
+
+
+@@UAHL@unbound-control.stats@num.query.dnscrypt.shared_secret.cachemiss@@
+    The number of dnscrypt queries that did not find a shared secret in the
+    cache.
+    This can be use to compute the shared secret hitrate.
+
+
+@@UAHL@unbound-control.stats@num.query.dnscrypt.replay@@
+    The number of dnscrypt queries that found a nonce hit in the nonce cache
+    and hence are considered a query replay.
+
+
+@@UAHL@unbound-control.stats@num.answer.rcode.NXDOMAIN@@
+    The number of answers to queries, from cache or from recursion, that had
+    the return code NXDOMAIN.
+    Also printed for the other return codes.
+
+
+@@UAHL@unbound-control.stats@num.answer.rcode.nodata@@
+    The number of answers to queries that had the pseudo return code nodata.
+    This means the actual return code was NOERROR, but additionally, no data
+    was carried in the answer (making what is called a NOERROR/NODATA answer).
+    These queries are also included in the num.answer.rcode.NOERROR number.
+    Common for AAAA lookups when an A record exists, and no AAAA.
+
+
+@@UAHL@unbound-control.stats@num.answer.secure@@
+    Number of answers that were secure.
+    The answer validated correctly.
+    The AD bit might have been set in some of these answers, where the client
+    signalled (with DO or AD bit in the query) that they were ready to accept
+    the AD bit in the answer.
+
+
+@@UAHL@unbound-control.stats@num.answer.bogus@@
+    Number of answers that were bogus.
+    These answers resulted in SERVFAIL to the client because the answer failed
+    validation.
+
+
+@@UAHL@unbound-control.stats@num.rrset.bogus@@
+    The number of rrsets marked bogus by the validator.
+    Increased for every RRset inspection that fails.
+
+
+@@UAHL@unbound-control.stats@num.valops@@
+    The number of validation operations performed by the validator.
+    Increased for every RRSIG verification operation regardless of the
+    validation result.
+    The RRSIG and key combination needs to first pass some sanity checks before
+    Unbound even performs the verification, e.g., length/protocol checks.
+
+
+@@UAHL@unbound-control.stats@unwanted.queries@@
+    Number of queries that were refused or dropped because they failed the
+    access control settings.
+
+
+@@UAHL@unbound-control.stats@unwanted.replies@@
+    Replies that were unwanted or unsolicited.
+    Could have been random traffic, delayed duplicates, very late answers, or
+    could be spoofing attempts.
+    Some low level of late answers and delayed duplicates are to be expected
+    with the UDP protocol.
+    Very high values could indicate a threat (spoofing).
+
+
+@@UAHL@unbound-control.stats@msg.cache.count@@
+    The number of items (DNS replies) in the message cache.
+
+
+@@UAHL@unbound-control.stats@rrset.cache.count@@
+    The number of RRsets in the rrset cache.
+    This includes rrsets used by the messages in the message cache, but also
+    delegation information.
+
+
+@@UAHL@unbound-control.stats@infra.cache.count@@
+    The number of items in the infra cache.
+    These are IP addresses with their timing and protocol support information.
+
+
+@@UAHL@unbound-control.stats@key.cache.count@@
+    The number of items in the key cache.
+    These are DNSSEC keys, one item per delegation point, and their validation
+    status.
+
+
+@@UAHL@unbound-control.stats@msg.cache.max_collisions@@
+    The maximum number of hash table collisions in the msg cache.
+    This is the number of hashes that are identical when a new element is
+    inserted in the hash table.
+    If the value is very large, like hundreds, something is wrong with the
+    performance of the hash table, hash values are incorrect or malicious.
+
+
+@@UAHL@unbound-control.stats@rrset.cache.max_collisions@@
+    The maximum number of hash table collisions in the rrset cache.
+    This is the number of hashes that are identical when a new element is
+    inserted in the hash table.
+    If the value is very large, like hundreds, something is wrong with the
+    performance of the hash table, hash values are incorrect or malicious.
+
+
+@@UAHL@unbound-control.stats@dnscrypt_shared_secret.cache.count@@
+    The number of items in the shared secret cache.
+    These are precomputed shared secrets for a given client public key/server
+    secret key pair.
+    Shared secrets are CPU intensive and this cache allows Unbound to avoid
+    recomputing the shared secret when multiple dnscrypt queries are sent from
+    the same client.
+
+
+@@UAHL@unbound-control.stats@dnscrypt_nonce.cache.count@@
+    The number of items in the client nonce cache.
+    This cache is used to prevent dnscrypt queries replay.
+    The client nonce must be unique for each client public key/server secret
+    key pair.
+    This cache should be able to host QPS * `replay window` interval keys to
+    prevent replay of a query during `replay window` seconds.
+
+
+@@UAHL@unbound-control.stats@num.query.authzone.up@@
+    The number of queries answered from auth-zone data, upstream queries.
+    These queries would otherwise have been sent (with fallback enabled) to the
+    internet, but are now answered from the auth zone.
+
+
+@@UAHL@unbound-control.stats@num.query.authzone.down@@
+    The number of queries for downstream answered from auth-zone data.
+    These queries are from downstream clients, and have had an answer from the
+    data in the auth zone.
+
+
+@@UAHL@unbound-control.stats@num.query.aggressive.NOERROR@@
+    The number of queries answered using cached NSEC records with NODATA RCODE.
+    These queries would otherwise have been sent to the internet, but are now
+    answered using cached data.
+
+
+@@UAHL@unbound-control.stats@num.query.aggressive.NXDOMAIN@@
+    The number of queries answered using cached NSEC records with NXDOMAIN
+    RCODE.
+    These queries would otherwise have been sent to the internet, but are now
+    answered using cached data.
+
+
+@@UAHL@unbound-control.stats@num.query.subnet@@
+    Number of queries that got an answer that contained EDNS client subnet
+    data.
+
+
+@@UAHL@unbound-control.stats@num.query.subnet_cache@@
+    Number of queries answered from the edns client subnet cache.
+    These are counted as cachemiss by the main counters, but hit the client
+    subnet specific cache after getting processed by the edns client subnet
+    module.
+
+
+@@UAHL@unbound-control.stats@num.query.cachedb@@
+    Number of queries answered from the external cache of cachedb.
+    These are counted as cachemiss by the main counters, but hit the cachedb
+    external cache after getting processed by the cachedb module.
+
+@@UAHL@unbound-control.stats@num.rpz.action@@.<rpz_action>
+    Number of queries answered using configured RPZ policy, per RPZ action
+    type.
+    Possible actions are: nxdomain, nodata, passthru, drop, tcp-only,
+    local-data, disabled, and cname-override.
+
+Files
+-----
+
+@ub_conf_file@
+    Unbound configuration file.
+
+@UNBOUND_RUN_DIR@
+    directory with private keys (:file:`unbound_server.key` and
+    :file:`unbound_control.key`) and self-signed certificates
+    (:file:`unbound_server.pem` and :file:`unbound_control.pem`).
+
+See Also
+--------
+
+:doc:`unbound.conf(5)</manpages/unbound.conf>`,
+:doc:`unbound(8)</manpages/unbound>`.
diff --git a/contrib/unbound/doc/unbound-host.1.in b/contrib/unbound/doc/unbound-host.1.in
index a99bab0f7be6..446cb83c190c 100644
--- a/contrib/unbound/doc/unbound-host.1.in
+++ b/contrib/unbound/doc/unbound-host.1.in
@@ -1,118 +1,190 @@
-.TH "unbound\-host" "1" "Jul 16, 2025" "NLnet Labs" "unbound 1.23.1"
-.\"
-.\" unbound-host.1 -- unbound DNS lookup utility
-.\"
-.\" Copyright (c) 2007, NLnet Labs. All rights reserved.
-.\"
-.\" See LICENSE for the license.
-.\"
-.\"
-.SH "NAME"
-.B unbound\-host
-\- unbound DNS lookup utility
-.SH "SYNOPSIS"
-.B unbound\-host
-.RB [ \-C
-.IR configfile ]
-.RB [ \-vdhr46D ]
-.RB [ \-c
-.IR class ]
-.RB [ \-t
-.IR type ]
-.RB [ \-y
-.IR key ]
-.RB [ \-f
-.IR keyfile ]
-.RB [ \-F
-.IR namedkeyfile ]
-.I hostname
-.SH "DESCRIPTION"
-.B Unbound\-host
-uses the Unbound validating resolver to query for the hostname and display
-results. With the \fB\-v\fR option it displays validation
-status: secure, insecure, bogus (security failure).
-.P
-By default it reads no configuration file whatsoever.  It attempts to reach
-the internet root servers.  With \fB\-C\fR an Unbound config file and with
-\fB\-r\fR resolv.conf can be read.
-.P
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "UNBOUND-HOST" "1" "Oct 22, 2025" "1.24.1" "Unbound"
+.SH NAME
+unbound-host \- Unbound 1.24.1 DNS lookup utility.
+.SH SYNOPSIS
+.sp
+\fBunbound\-host\fP [\fB\-C configfile\fP] [\fB\-vdhr46D\fP] [\fB\-c class\fP]
+[\fB\-t type\fP] [\fB\-y key\fP] [\fB\-f keyfile\fP] [\fB\-F namedkeyfile\fP] hostname
+.SH DESCRIPTION
+.sp
+\fBunbound\-host\fP uses the Unbound validating resolver to query for the hostname
+and display results.
+With the \fI\%\-v\fP option it displays validation status: secure, insecure,
+bogus (security failure).
+.sp
+By default it reads no configuration file whatsoever.
+It attempts to reach the internet root servers.
+With \fI\%\-C\fP an unbound config file and with \fI\%\-r\fP \fBresolv.conf\fP
+can be read.
+.sp
 The available options are:
+.INDENT 0.0
 .TP
-.I hostname
+.B hostname
 This name is resolved (looked up in the DNS).
 If a IPv4 or IPv6 address is given, a reverse lookup is performed.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-h
 Show the version and commandline option help.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-v
 Enable verbose output and it shows validation results, on every line.
-Secure means that the NXDOMAIN (no such domain name), nodata (no such data)
-or positive data response validated correctly with one of the keys.
+Secure means that the NXDOMAIN (no such domain name), nodata (no such
+data) or positive data response validated correctly with one of the
+keys.
 Insecure means that that domain name has no security set up for it.
-Bogus (security failure) means that the response failed one or more checks,
-it is likely wrong, outdated, tampered with, or broken.
+Bogus (security failure) means that the response failed one or more
+checks, it is likely wrong, outdated, tampered with, or broken.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-d
-Enable debug output to stderr. One \-d shows what the resolver and validator
-are doing and may tell you what is going on. More times, \-d \-d, gives a
-lot of output, with every packet sent and received.
+Enable debug output to stderr.
+One \fI\%\-d\fP shows what the resolver and validator are doing and may
+tell you what is going on.
+More times, \fI\%\-d\fP \fI\%\-d\fP, gives a lot of output, with every
+packet sent and received.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-c \fIclass
-Specify the class to lookup for, the default is IN the internet class.
+.B \-c <class>
+Specify the class to lookup for, the default is IN the internet
+class.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-t \fItype
-Specify the type of data to lookup. The default looks for IPv4, IPv6 and
-mail handler data, or domain name pointers for reverse queries.
+.B \-t <type>
+Specify the type of data to lookup.
+The default looks for IPv4, IPv6 and mail handler data, or domain name
+pointers for reverse queries.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-y \fIkey
-Specify a public key to use as trust anchor. This is the base for a chain
-of trust that is built up from the trust anchor to the response, in order
-to validate the response message. Can be given as a DS or DNSKEY record.
-For example \-y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD".
+.B \-y <key>
+Specify a public key to use as trust anchor.
+This is the base for a chain of trust that is built up from the trust
+anchor to the response, in order to validate the response message.
+Can be given as a DS or DNSKEY record.
+For example:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+\-y \(dqexample.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD\(dq
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-D
-Enables DNSSEC validation.  Reads the root anchor from the default configured
-root anchor at the default location, \fI@UNBOUND_ROOTKEY_FILE@\fR.
+Enables DNSSEC validation.
+Reads the root anchor from the default configured root anchor at the
+default location, \fB@UNBOUND_ROOTKEY_FILE@\fP\&.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-f \fIkeyfile
-Reads keys from a file. Every line has a DS or DNSKEY record, in the format
-as for \-y. The zone file format, the same as dig and drill produce.
+.B \-f <keyfile>
+Reads keys from a file.
+Every line has a DS or DNSKEY record, in the format as for \fI\%\-y\fP\&.
+The zone file format, the same as \fBdig\fP and \fBdrill\fP produce.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-F \fInamedkeyfile
-Reads keys from a BIND\-style named.conf file. Only the trusted\-key {}; entries
-are read.
+.B \-F <namedkeyfile>
+Reads keys from a BIND\-style \fBnamed.conf\fP file.
+Only the \fBtrusted\-key {};\fP entries are read.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-C \fIconfigfile
-Uses the specified unbound.conf to prime
-.IR libunbound (3).
+.B \-C <configfile>
+Uses the specified unbound.conf to prime \fI\%libunbound(3)\fP\&.
 Pass it as first argument if you want to override some options from the
 config file with further arguments on the commandline.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-r
-Read /etc/resolv.conf, and use the forward DNS servers from there (those could
-have been set by DHCP).  More info in
-.IR resolv.conf (5).
+Read \fB/etc/resolv.conf\fP, and use the forward DNS servers from
+there (those could have been set by DHCP).
+More info in \fIresolv.conf(5)\fP\&.
 Breaks validation if those servers do not support DNSSEC.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-4
 Use solely the IPv4 network for sending packets.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-6
 Use solely the IPv6 network for sending packets.
-.SH "EXAMPLES"
-Some examples of use. The keys shown below are fakes, thus a security failure
-is encountered.
-.P
+.UNINDENT
+.SH EXAMPLES
+.sp
+Some examples of use.
+The keys shown below are fakes, thus a security failure is encountered.
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
 $ unbound\-host www.example.com
-.P
-$ unbound\-host \-v \-y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD" www.example.com
-.P
-$ unbound\-host \-v \-y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD" 192.0.2.153
-.SH "EXIT CODE"
-The unbound\-host program exits with status code 1 on error,
-0 on no error. The data may not be available on exit code 0, exit code 1
-means the lookup encountered a fatal error.
-.SH "SEE ALSO"
-\fIunbound.conf\fR(5),
-\fIunbound\fR(8).
+
+$ unbound\-host \-v \-y \(dqexample.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD\(dq www.example.com
+
+$ unbound\-host \-v \-y \(dqexample.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD\(dq 192.0.2.153
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SH EXIT CODE
+.sp
+The \fBunbound\-host\fP program exits with status code 1 on error, 0 on no error.
+The data may not be available on exit code 0, exit code 1 means the lookup
+encountered a fatal error.
+.SH SEE ALSO
+.sp
+\fI\%unbound.conf(5)\fP,
+\fI\%unbound(8)\fP\&.
+.SH AUTHOR
+Unbound developers are mentioned in the CREDITS file in the distribution.
+.SH COPYRIGHT
+1999-2025, NLnet Labs
+.\" Generated by docutils manpage writer.
+.
diff --git a/contrib/unbound/doc/unbound-host.rst b/contrib/unbound/doc/unbound-host.rst
new file mode 100644
index 000000000000..7c809a15d187
--- /dev/null
+++ b/contrib/unbound/doc/unbound-host.rst
@@ -0,0 +1,176 @@
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+.. program:: unbound-host
+
+unbound-host(1)
+===============
+
+Synopsis
+--------
+
+**unbound-host** [``-C configfile``] [``-vdhr46D``] [``-c class``]
+[``-t type``] [``-y key``] [``-f keyfile``] [``-F namedkeyfile``] hostname
+
+Description
+-----------
+
+``unbound-host`` uses the Unbound validating resolver to query for the hostname
+and display results.
+With the :option:`-v` option it displays validation status: secure, insecure,
+bogus (security failure).
+
+By default it reads no configuration file whatsoever.
+It attempts to reach the internet root servers.
+With :option:`-C` an unbound config file and with :option:`-r` ``resolv.conf``
+can be read.
+
+The available options are:
+
+.. option:: hostname
+
+       This name is resolved (looked up in the DNS).
+       If a IPv4 or IPv6 address is given, a reverse lookup is performed.
+
+.. option:: -h
+
+       Show the version and commandline option help.
+
+.. option:: -v
+
+       Enable verbose output and it shows validation results, on every line.
+       Secure means that the NXDOMAIN (no such domain name), nodata (no such
+       data) or positive data response validated correctly with one of the
+       keys.
+       Insecure means that that domain name has no security set up for it.
+       Bogus (security failure) means that the response failed one or more
+       checks, it is likely wrong, outdated, tampered with, or broken.
+
+.. option:: -d
+
+       Enable debug output to stderr.
+       One :option:`-d` shows what the resolver and validator are doing and may
+       tell you what is going on.
+       More times, :option:`-d` :option:`-d`, gives a lot of output, with every
+       packet sent and received.
+
+.. option:: -c <class>
+
+       Specify the class to lookup for, the default is IN the internet
+       class.
+
+.. option:: -t <type>
+
+       Specify the type of data to lookup.
+       The default looks for IPv4, IPv6 and mail handler data, or domain name
+       pointers for reverse queries.
+
+.. option:: -y <key>
+
+       Specify a public key to use as trust anchor.
+       This is the base for a chain of trust that is built up from the trust
+       anchor to the response, in order to validate the response message.
+       Can be given as a DS or DNSKEY record.
+       For example:
+
+       .. code-block:: text
+
+            -y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD"
+
+.. option:: -D
+
+       Enables DNSSEC validation.
+       Reads the root anchor from the default configured root anchor at the
+       default location, :file:`@UNBOUND_ROOTKEY_FILE@`.
+
+.. option:: -f <keyfile>
+
+       Reads keys from a file.
+       Every line has a DS or DNSKEY record, in the format as for :option:`-y`.
+       The zone file format, the same as ``dig`` and ``drill`` produce.
+
+.. option:: -F <namedkeyfile>
+
+       Reads keys from a BIND-style :file:`named.conf` file.
+       Only the ``trusted-key {};`` entries are read.
+
+.. option:: -C <configfile>
+
+       Uses the specified unbound.conf to prime :doc:`libunbound(3)</manpages/libunbound>`.
+       Pass it as first argument if you want to override some options from the
+       config file with further arguments on the commandline.
+
+.. option:: -r
+
+       Read :file:`/etc/resolv.conf`, and use the forward DNS servers from
+       there (those could have been set by DHCP).
+       More info in *resolv.conf(5)*.
+       Breaks validation if those servers do not support DNSSEC.
+
+.. option:: -4
+
+       Use solely the IPv4 network for sending packets.
+
+.. option:: -6
+
+       Use solely the IPv6 network for sending packets.
+
+Examples
+--------
+
+Some examples of use.
+The keys shown below are fakes, thus a security failure is encountered.
+
+.. code-block:: text
+
+       $ unbound-host www.example.com
+
+       $ unbound-host -v -y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD" www.example.com
+
+       $ unbound-host -v -y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD" 192.0.2.153
+
+Exit Code
+---------
+
+The ``unbound-host`` program exits with status code 1 on error, 0 on no error.
+The data may not be available on exit code 0, exit code 1 means the lookup
+encountered a fatal error.
+
+See Also
+--------
+
+:doc:`unbound.conf(5)</manpages/unbound.conf>`,
+:doc:`unbound(8)</manpages/unbound>`.
diff --git a/contrib/unbound/doc/unbound.8.in b/contrib/unbound/doc/unbound.8.in
index 1ec4c304b70c..9144a65b8cfa 100644
--- a/contrib/unbound/doc/unbound.8.in
+++ b/contrib/unbound/doc/unbound.8.in
@@ -1,88 +1,123 @@
-.TH "unbound" "8" "Jul 16, 2025" "NLnet Labs" "unbound 1.23.1"
-.\"
-.\" unbound.8 -- unbound manual
-.\"
-.\" Copyright (c) 2007, NLnet Labs. All rights reserved.
-.\"
-.\" See LICENSE for the license.
-.\"
-.\"
-.SH "NAME"
-.B unbound
-\- Unbound DNS validating resolver 1.23.1.
-.SH "SYNOPSIS"
-.B unbound
-.RB [ \-h ]
-.RB [ \-d ]
-.RB [ \-p ]
-.RB [ \-v ]
-.RB [ \-c
-.IR cfgfile ]
-.SH "DESCRIPTION"
-.B Unbound
-is a caching DNS resolver.
-.P
-It uses a built in list of authoritative nameservers for the root zone (.),
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "UNBOUND" "8" "Oct 22, 2025" "1.24.1" "Unbound"
+.SH NAME
+unbound \- Unbound DNS validating resolver 1.24.1.
+.SH SYNOPSIS
+.sp
+\fBunbound\fP [\fB\-hdpv\fP] [\fB\-c <cfgfile>\fP]
+.SH DESCRIPTION
+.sp
+\fBunbound\fP is a caching DNS resolver.
+.sp
+It uses a built in list of authoritative nameservers for the root zone (\fB\&.\fP),
 the so called root hints.
-On receiving a DNS query it will ask the root nameservers for
-an answer and will in almost all cases receive a delegation to a top level
-domain (TLD) authoritative nameserver.
+On receiving a DNS query it will ask the root nameservers for an answer and
+will in almost all cases receive a delegation to a top level domain (TLD)
+authoritative nameserver.
 It will then ask that nameserver for an answer.
-It will recursively continue until an answer is found or no answer is
-available (NXDOMAIN).
-For performance and efficiency reasons that answer is cached for a
-certain time (the answer's time\-to\-live or TTL).
+It will recursively continue until an answer is found or no answer is available
+(NXDOMAIN).
+For performance and efficiency reasons that answer is cached for a certain time
+(the answer\(aqs time\-to\-live or TTL).
 A second query for the same name will then be answered from the cache.
 Unbound can also do DNSSEC validation.
-.P
-To use a locally running
-.B Unbound
-for resolving put
 .sp
-.RS 6n
+To use a locally running Unbound for resolving put:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
 nameserver 127.0.0.1
-.RE
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+into \fIresolv.conf(5)\fP\&.
+.sp
+If authoritative DNS is needed as well using \fI\%nsd(8)\fP,
+careful setup is required because authoritative nameservers and resolvers are
+using the same port number (53).
 .sp
-into
-.IR resolv.conf (5).
-.P
-If authoritative DNS is needed as well using
-.IR nsd (8),
-careful setup is required because authoritative nameservers and
-resolvers are using the same port number (53).
-.P
 The available options are:
+.INDENT 0.0
 .TP
 .B \-h
 Show the version number and commandline option help, and exit.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-c\fI cfgfile
-Set the config file with settings for Unbound to read instead of reading the
-file at the default location, @ub_conf_file@. The syntax is
-described in \fIunbound.conf\fR(5).
+.B \-c <cfgfile>
+Set the config file with settings for unbound to read instead of reading the
+file at the default location, \fB@ub_conf_file@\fP\&.
+The syntax is described in \fI\%unbound.conf(5)\fP\&.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-d
-Debug flag: do not fork into the background, but stay attached to
-the console.  This flag will also delay writing to the log file until
-the thread\-spawn time, so that most config and setup errors appear on
-stderr. If given twice or more, logging does not switch to the log file
-or to syslog, but the log messages are printed to stderr all the time.
+Debug flag: do not fork into the background, but stay attached to the
+console.
+This flag will also delay writing to the log file until the thread\-spawn
+time, so that most config and setup errors appear on stderr.
+If given twice or more, logging does not switch to the log file or to
+syslog, but the log messages are printed to stderr all the time.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-p
-Don't use a pidfile.  This argument should only be used by supervision
-systems which can ensure that only one instance of Unbound will run
-concurrently.
+Don\(aqt use a pidfile.
+This argument should only be used by supervision systems which can ensure
+that only one instance of Unbound will run concurrently.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-v
-Increase verbosity. If given multiple times, more information is logged.
-This is added to the verbosity (if any) from the config file.
+Increase verbosity.
+If given multiple times, more information is logged.
+This is in addition to the verbosity (if any) from the config file.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-V
 Show the version number and build options, and exit.
-.SH "SEE ALSO"
-\fIunbound.conf\fR(5),
-\fIunbound\-checkconf\fR(8),
-\fInsd\fR(8).
-.SH "AUTHORS"
-.B Unbound
-developers are mentioned in the CREDITS file in the distribution.
+.UNINDENT
+.SH SEE ALSO
+.sp
+\fI\%unbound.conf(5)\fP,
+\fI\%unbound\-checkconf(8)\fP,
+\fI\%nsd(8)\fP\&.
+.SH AUTHOR
+Unbound developers are mentioned in the CREDITS file in the distribution.
+.SH COPYRIGHT
+1999-2025, NLnet Labs
+.\" Generated by docutils manpage writer.
+.
diff --git a/contrib/unbound/doc/unbound.conf.5.in b/contrib/unbound/doc/unbound.conf.5.in
index 46af53802479..b5088a921aad 100644
--- a/contrib/unbound/doc/unbound.conf.5.in
+++ b/contrib/unbound/doc/unbound.conf.5.in
@@ -1,1395 +1,2549 @@
-.TH "unbound.conf" "5" "Jul 16, 2025" "NLnet Labs" "unbound 1.23.1"
-.\"
-.\" unbound.conf.5 -- unbound.conf manual
-.\"
-.\" Copyright (c) 2007, NLnet Labs. All rights reserved.
-.\"
-.\" See LICENSE for the license.
-.\"
-.\"
-.SH "NAME"
-.B unbound.conf
-\- Unbound configuration file.
-.SH "SYNOPSIS"
-.B unbound.conf
-.SH "DESCRIPTION"
-.B unbound.conf
-is used to configure
-\fIunbound\fR(8).
-The file format has attributes and values. Some attributes have attributes
-inside them.
-The notation is: attribute: value.
-.P
-Comments start with # and last to the end of line. Empty lines are
-ignored as is whitespace at the beginning of a line.
-.P
-The utility
-\fIunbound\-checkconf\fR(8)
-can be used to check unbound.conf prior to usage.
-.SH "EXAMPLE"
-An example config file is shown below. Copy this to /etc/unbound/unbound.conf
-and start the server with:
-.P
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "UNBOUND.CONF" "5" "Oct 22, 2025" "1.24.1" "Unbound"
+.SH NAME
+unbound.conf \- Unbound 1.24.1 configuration file.
+.SH SYNOPSIS
+.sp
+\fBunbound.conf\fP
+.SH DESCRIPTION
+.sp
+\fBunbound.conf\fP is used to configure \fI\%unbound(8)\fP\&.
+The file format has attributes and values.
+Some attributes have attributes inside them.
+The notation is: \fBattribute: value\fP\&.
+.sp
+Comments start with \fB#\fP and last to the end of line.
+Empty lines are ignored as is whitespace at the beginning of a line.
+.sp
+The utility \fI\%unbound\-checkconf(8)\fP can be
+used to check \fBunbound.conf\fP prior to usage.
+.SH EXAMPLE
+.sp
+An example config file is shown below.
+Copy this to \fB/etc/unbound/unbound.conf\fP and start the server with:
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-	$ unbound \-c /etc/unbound/unbound.conf
+.ft C
+$ unbound \-c /etc/unbound/unbound.conf
+.ft P
 .fi
-.P
-Most settings are the defaults. Stop the server with:
-.P
+.UNINDENT
+.UNINDENT
+.sp
+Most settings are the defaults.
+Stop the server with:
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-	$ kill `cat /etc/unbound/unbound.pid`
+.ft C
+$ kill \(gacat /etc/unbound/unbound.pid\(ga
+.ft P
 .fi
-.P
-Below is a minimal config file. The source distribution contains an extensive
-example.conf file with all the options.
-.P
+.UNINDENT
+.UNINDENT
+.sp
+Below is a minimal config file.
+The source distribution contains an extensive \fBexample.conf\fP file with
+all the options.
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
+.ft C
 # unbound.conf(5) config file for unbound(8).
 server:
-	directory: "/etc/unbound"
-	username: unbound
-	# make sure unbound can access entropy from inside the chroot.
-	# e.g. on linux the use these commands (on BSD, devfs(8) is used):
-	#      mount \-\-bind \-n /dev/urandom /etc/unbound/dev/urandom
-	# and  mount \-\-bind \-n /dev/log /etc/unbound/dev/log
-	chroot: "/etc/unbound"
-	# logfile: "/etc/unbound/unbound.log"  #uncomment to use logfile.
-	pidfile: "/etc/unbound/unbound.pid"
-	# verbosity: 1		# uncomment and increase to get more logging.
-	# listen on all interfaces, answer queries from the local subnet.
-	interface: 0.0.0.0
-	interface: ::0
-	access\-control: 10.0.0.0/8 allow
-	access\-control: 2001:DB8::/64 allow
+    directory: \(dq/etc/unbound\(dq
+    username: unbound
+    # make sure unbound can access entropy from inside the chroot.
+    # e.g. on linux the use these commands (on BSD, devfs(8) is used):
+    #      mount \-\-bind \-n /dev/urandom /etc/unbound/dev/urandom
+    # and  mount \-\-bind \-n /dev/log /etc/unbound/dev/log
+    chroot: \(dq/etc/unbound\(dq
+    # logfile: \(dq/etc/unbound/unbound.log\(dq  #uncomment to use logfile.
+    pidfile: \(dq/etc/unbound/unbound.pid\(dq
+    # verbosity: 1      # uncomment and increase to get more logging.
+    # listen on all interfaces, answer queries from the local subnet.
+    interface: 0.0.0.0
+    interface: ::0
+    access\-control: 10.0.0.0/8 allow
+    access\-control: 2001:DB8::/64 allow
+.ft P
 .fi
-.SH "FILE FORMAT"
-There must be whitespace between keywords.  Attribute keywords end with a
-colon ':'.  An attribute is followed by a value, or its containing attributes
-in which case it is referred to as a clause.  Clauses can be repeated throughout
-the file (or included files) to group attributes under the same clause.
-.P
-Files can be included using the
-.B include:
-directive. It can appear anywhere, it accepts a single file name as argument.
-Processing continues as if the text from the included file was copied into
-the config file at that point.  If also using chroot, using full path names
-for the included files works, relative pathnames for the included names work
-if the directory where the daemon is started equals its chroot/working
-directory or is specified before the include statement with directory: dir.
-Wildcards can be used to include multiple files, see \fIglob\fR(7).
-.P
-For a more structural include option, the
-.B include\-toplevel:
-directive can be used.  This closes whatever clause is currently active (if any)
-and forces the use of clauses in the included files and right after this
-directive.
-.SS "Server Options"
-These options are part of the
-.B server:
-clause.
-.TP
-.B verbosity: \fI<number>
-The verbosity number, level 0 means no verbosity, only errors.  Level 1
-gives operational information.  Level 2 gives detailed operational
-information including short information per query.  Level 3 gives query level
-information, output per query.  Level 4 gives algorithm level information.
-Level 5 logs client identification for cache misses.  Default is level 1.
-The verbosity can also be increased from the commandline, see \fIunbound\fR(8).
-.TP
-.B statistics\-interval: \fI<seconds>
-The number of seconds between printing statistics to the log for every thread.
-Disable with value 0 or "". Default is disabled.  The histogram statistics
-are only printed if replies were sent during the statistics interval,
-requestlist statistics are printed for every interval (but can be 0).
+.UNINDENT
+.UNINDENT
+.SH FILE FORMAT
+.sp
+There must be whitespace between keywords.
+Attribute keywords end with a colon \fB\(aq:\(aq\fP\&.
+An attribute is followed by a value, or its containing attributes in which case
+it is referred to as a clause.
+Clauses can be repeated throughout the file (or included files) to group
+attributes under the same clause.
+.sp
+Files can be included using the \fBinclude:\fP directive.
+It can appear anywhere, it accepts a single file name as argument.
+Processing continues as if the text from the included file was copied into the
+config file at that point.
+If also using \fI\%chroot\fP, using full path names for
+the included files works, relative pathnames for the included names work if the
+directory where the daemon is started equals its chroot/working directory or is
+specified before the include statement with \fI\%directory:
+dir\fP\&.
+Wildcards can be used to include multiple files, see \fIglob(7)\fP\&.
+.sp
+For a more structural include option, the \fBinclude\-toplevel:\fP directive can
+be used.
+This closes whatever clause is currently active (if any) and forces the use of
+clauses in the included files and right after this directive.
+.SS Server Options
+.sp
+These options are part of the \fBserver:\fP clause.
+.INDENT 0.0
+.TP
+.B verbosity: \fI<number>\fP 
+The verbosity level.
+.INDENT 7.0
+.TP
+.B Level 0
+No verbosity, only errors.
+.TP
+.B Level 1
+Gives operational information.
+.TP
+.B Level 2
+Gives detailed operational information including short information per
+query.
+.TP
+.B Level 3
+Gives query level information, output per query.
+.TP
+.B Level 4
+Gives algorithm level information.
+.TP
+.B Level 5
+Logs client identification for cache misses.
+.UNINDENT
+.sp
+The verbosity can also be increased from the command line and during run
+time via remote control. See \fI\%unbound(8)\fP and
+\fI\%unbound\-control(8)\fP respectively.
+.sp
+Default: 1
+.UNINDENT
+.INDENT 0.0
+.TP
+.B statistics\-interval: \fI<seconds>\fP 
+The number of seconds between printing statistics to the log for every
+thread.
+Disable with value \fB0\fP or \fB\(dq\(dq\fP\&.
+The histogram statistics are only printed if replies were sent during the
+statistics interval, requestlist statistics are printed for every interval
+(but can be 0).
 This is because the median calculation requires data to be present.
-.TP
-.B statistics\-cumulative: \fI<yes or no>
-If enabled, statistics are cumulative since starting Unbound, without clearing
-the statistics counters after logging the statistics. Default is no.
-.TP
-.B extended\-statistics: \fI<yes or no>
-If enabled, extended statistics are printed from \fIunbound\-control\fR(8).
-Default is off, because keeping track of more statistics takes time.  The
-counters are listed in \fIunbound\-control\fR(8).
-.TP
-.B statistics\-inhibit\-zero: \fI<yes or no>
-If enabled, selected extended statistics with a value of 0 are inhibited from
-printing with \fIunbound\-control\fR(8).
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B statistics\-cumulative: \fI<yes or no>\fP 
+If enabled, statistics are cumulative since starting Unbound, without
+clearing the statistics counters after logging the statistics.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B extended\-statistics: \fI<yes or no>\fP 
+If enabled, extended statistics are printed from
+\fI\%unbound\-control(8)\fP\&.
+The counters are listed in
+\fI\%unbound\-control(8)\fP\&.
+Keeping track of more statistics takes time.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B statistics\-inhibit\-zero: \fI<yes or no>\fP 
+If enabled, selected extended statistics with a value of 0 are inhibited
+from printing with
+\fI\%unbound\-control(8)\fP\&.
 These are query types, query classes, query opcodes, answer rcodes
-(except NOERROR, FORMERR, SERVFAIL, NXDOMAIN, NOTIMPL, REFUSED) and
-RPZ actions.
-Default is on.
-.TP
-.B num\-threads: \fI<number>
+(except NOERROR, FORMERR, SERVFAIL, NXDOMAIN, NOTIMPL, REFUSED)
+and PRZ actions.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num\-threads: \fI<number>\fP 
 The number of threads to create to serve clients. Use 1 for no threading.
-.TP
-.B port: \fI<port number>
-The port number, default 53, on which the server responds to queries.
-.TP
-.B interface: \fI<ip address or interface name [@port]>
-Interface to use to connect to the network. This interface is listened to
-for queries from clients, and answers to clients are given from it.
-Can be given multiple times to work on several interfaces. If none are
-given the default is to listen to localhost.  If an interface name is used
-instead of an ip address, the list of ip addresses on that interface are used.
-The interfaces are not changed on a reload (kill \-HUP) but only on restart.
-A port number can be specified with @port (without spaces between
-interface and port number), if not specified the default port (from
-\fBport\fR) is used.
-.TP
-.B ip\-address: \fI<ip address or interface name [@port]>
-Same as interface: (for ease of compatibility with nsd.conf).
-.TP
-.B interface\-automatic: \fI<yes or no>
+.sp
+Default: 1
+.UNINDENT
+.INDENT 0.0
+.TP
+.B port: \fI<port number>\fP 
+The port number on which the server responds to queries.
+.sp
+Default: 53
+.UNINDENT
+.INDENT 0.0
+.TP
+.B interface: \fI<IP address or interface name[@port]>\fP 
+Interface to use to connect to the network.
+This interface is listened to for queries from clients, and answers to
+clients are given from it.
+Can be given multiple times to work on several interfaces.
+If none are given the default is to listen on localhost.
+.sp
+If an interface name is used instead of an IP address, the list of IP
+addresses on that interface are used.
+The interfaces are not changed on a reload (\fBkill \-HUP\fP) but only on
+restart.
+.sp
+A port number can be specified with @port (without spaces between interface
+and port number), if not specified the default port (from
+\fI\%port\fP) is used.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-address: \fI<IP address or interface name[@port]>\fP 
+Same as \fI\%interface\fP (for ease of
+compatibility with \fI\%nsd.conf(5)\fP).
+.UNINDENT
+.INDENT 0.0
+.TP
+.B interface\-automatic: \fI<yes or no>\fP 
 Listen on all addresses on all (current and future) interfaces, detect the
-source interface on UDP queries and copy them to replies.  This is a lot like
-ip\-transparent, but this option services all interfaces whilst with
-ip\-transparent you can select which (future) interfaces Unbound provides
-service on.  This feature is experimental, and needs support in your OS for
-particular socket options.  Default value is no.
-.TP
-.B interface\-automatic\-ports: \fI<string>
-List the port numbers that interface-automatic listens on. If empty, the
-default port is listened on. The port numbers are separated by spaces in the
-string. Default is "".
-.IP
+source interface on UDP queries and copy them to replies.
+This is a lot like \fI\%ip\-transparent\fP, but
+this option services all interfaces whilst with
+\fI\%ip\-transparent\fP you can select which
+(future) interfaces Unbound provides service on.
+This feature is experimental, and needs support in your OS for particular
+socket options.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B interface\-automatic\-ports: \fI\(dq<string>\(dq\fP 
+List the port numbers that
+\fI\%interface\-automatic\fP listens on.
+If empty, the default port is listened on.
+The port numbers are separated by spaces in the string.
+.sp
 This can be used to have interface automatic to deal with the interface,
 and listen on the normal port number, by including it in the list, and
-also https or dns over tls port numbers by putting them in the list as well.
-.TP
-.B outgoing\-interface: \fI<ip address or ip6 netblock>
-Interface to use to connect to the network. This interface is used to send
-queries to authoritative servers and receive their replies. Can be given
-multiple times to work on several interfaces. If none are given the
-default (all) is used. You can specify the same interfaces in
-.B interface:
-and
-.B outgoing\-interface:
-lines, the interfaces are then used for both purposes. Outgoing queries are
-sent via a random outgoing interface to counter spoofing.
-.IP
+also HTTPS or DNS\-over\-TLS port numbers by putting them in the list as
+well.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B outgoing\-interface: \fI<IPv4/IPv6 address or IPv6 netblock>\fP 
+Interface to use to connect to the network.
+This interface is used to send queries to authoritative servers and receive
+their replies.
+Can be given multiple times to work on several interfaces.
+If none are given the default (all) is used.
+You can specify the same interfaces in
+\fI\%interface\fP and
+\fI\%outgoing\-interface\fP lines, the
+interfaces are then used for both purposes.
+Outgoing queries are sent via a random outgoing interface to counter
+spoofing.
+.sp
 If an IPv6 netblock is specified instead of an individual IPv6 address,
 outgoing UDP queries will use a randomised source address taken from the
-netblock to counter spoofing. Requires the IPv6 netblock to be routed to the
-host running Unbound, and requires OS support for unprivileged non-local binds
-(currently only supported on Linux). Several netblocks may be specified with
-multiple
-.B outgoing\-interface:
-options, but do not specify both an individual IPv6 address and an IPv6
-netblock, or the randomisation will be compromised.  Consider combining with
-.B prefer\-ip6: yes
-to increase the likelihood of IPv6 nameservers being selected for queries.
+netblock to counter spoofing.
+Requires the IPv6 netblock to be routed to the host running Unbound, and
+requires OS support for unprivileged non\-local binds (currently only
+supported on Linux).
+Several netblocks may be specified with multiple
+\fI\%outgoing\-interface\fP options, but do
+not specify both an individual IPv6 address and an IPv6 netblock, or the
+randomisation will be compromised.
+Consider combining with \fI\%prefer\-ip6: yes\fP to
+increase the likelihood of IPv6 nameservers being selected for queries.
 On Linux you need these two commands to be able to use the freebind socket
 option to receive traffic for the ip6 netblock:
-ip \-6 addr add mynetblock/64 dev lo &&
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+ip \-6 addr add mynetblock/64 dev lo && \e
 ip \-6 route add local mynetblock/64 dev lo
-.TP
-.B outgoing\-range: \fI<number>
-Number of ports to open. This number of file descriptors can be opened per
-thread. Must be at least 1. Default depends on compile options. Larger
-numbers need extra resources from the operating system.  For performance a
-very large value is best, use libevent to make this possible.
-.TP
-.B outgoing\-port\-permit: \fI<port number or range>
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B outgoing\-range: \fI<number>\fP 
+Number of ports to open.
+This number of file descriptors can be opened per thread.
+Must be at least 1.
+Default depends on compile options.
+Larger numbers need extra resources from the operating system.
+For performance a very large value is best, use libevent to make this
+possible.
+.sp
+Default: 4096 (libevent) / 960 (minievent) / 48 (windows)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B outgoing\-port\-permit: \fI<port number or range>\fP 
 Permit Unbound to open this port or range of ports for use to send queries.
 A larger number of permitted outgoing ports increases resilience against
-spoofing attempts. Make sure these ports are not needed by other daemons.
-By default only ports above 1024 that have not been assigned by IANA are used.
-Give a port number or a range of the form "low\-high", without spaces.
-.IP
-The \fBoutgoing\-port\-permit\fR and \fBoutgoing\-port\-avoid\fR statements
-are processed in the line order of the config file, adding the permitted ports
-and subtracting the avoided ports from the set of allowed ports.  The
-processing starts with the non IANA allocated ports above 1024 in the set
-of allowed ports.
-.TP
-.B outgoing\-port\-avoid: \fI<port number or range>
+spoofing attempts.
+Make sure these ports are not needed by other daemons.
+By default only ports above 1024 that have not been assigned by IANA are
+used.
+Give a port number or a range of the form \(dqlow\-high\(dq, without spaces.
+.sp
+The \fI\%outgoing\-port\-permit\fP and
+\fI\%outgoing\-port\-avoid\fP statements
+are processed in the line order of the config file, adding the permitted
+ports and subtracting the avoided ports from the set of allowed ports.
+The processing starts with the non IANA allocated ports above 1024 in the
+set of allowed ports.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B outgoing\-port\-avoid: \fI<port number or range>\fP 
 Do not permit Unbound to open this port or range of ports for use to send
-queries. Use this to make sure Unbound does not grab a port that another
-daemon needs. The port is avoided on all outgoing interfaces, both IP4 and IP6.
-By default only ports above 1024 that have not been assigned by IANA are used.
-Give a port number or a range of the form "low\-high", without spaces.
-.TP
-.B outgoing\-num\-tcp: \fI<number>
-Number of outgoing TCP buffers to allocate per thread. Default is 10. If
-set to 0, or if do\-tcp is "no", no TCP queries to authoritative servers
-are done.  For larger installations increasing this value is a good idea.
-.TP
-.B incoming\-num\-tcp: \fI<number>
-Number of incoming TCP buffers to allocate per thread. Default is
-10. If set to 0, or if do\-tcp is "no", no TCP queries from clients are
-accepted. For larger installations increasing this value is a good idea.
-.TP
-.B edns\-buffer\-size: \fI<number>
+queries.
+Use this to make sure Unbound does not grab a port that another daemon
+needs.
+The port is avoided on all outgoing interfaces, both IPv4 and IPv6.
+By default only ports above 1024 that have not been assigned by IANA are
+used.
+Give a port number or a range of the form \(dqlow\-high\(dq, without spaces.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B outgoing\-num\-tcp: \fI<number>\fP 
+Number of outgoing TCP buffers to allocate per thread.
+If set to 0, or if \fI\%do\-tcp: no\fP is set, no TCP
+queries to authoritative servers are done.
+For larger installations increasing this value is a good idea.
+.sp
+Default: 10
+.UNINDENT
+.INDENT 0.0
+.TP
+.B incoming\-num\-tcp: \fI<number>\fP 
+Number of incoming TCP buffers to allocate per thread.
+If set to 0, or if \fI\%do\-tcp: no\fP is set, no TCP
+queries from clients are accepted.
+For larger installations increasing this value is a good idea.
+.sp
+Default: 10
+.UNINDENT
+.INDENT 0.0
+.TP
+.B edns\-buffer\-size: \fI<number>\fP 
 Number of bytes size to advertise as the EDNS reassembly buffer size.
-This is the value put into datagrams over UDP towards peers.  The actual
-buffer size is determined by msg\-buffer\-size (both for TCP and UDP).  Do
-not set higher than that value.  Default is 1232 which is the DNS Flag Day 2020
-recommendation. Setting to 512 bypasses even the most stringent path MTU
-problems, but is seen as extreme, since the amount of TCP fallback generated is
-excessive (probably also for this resolver, consider tuning the outgoing tcp
-number).
-.TP
-.B max\-udp\-size: \fI<number>
-Maximum UDP response size (not applied to TCP response).  65536 disables the
-udp response size maximum, and uses the choice from the client, always.
-Suggested values are 512 to 4096. Default is 1232. The default value is the
-same as the default for edns\-buffer\-size.
-.TP
-.B stream\-wait\-size: \fI<number>
-Number of bytes size maximum to use for waiting stream buffers.  Default is
-4 megabytes.  A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes,
-megabytes or gigabytes (1024*1024 bytes in a megabyte).  As TCP and TLS streams
-queue up multiple results, the amount of memory used for these buffers does
-not exceed this number, otherwise the responses are dropped.  This manages
-the total memory usage of the server (under heavy use), the number of requests
-that can be queued up per connection is also limited, with further requests
-waiting in TCP buffers.
-.TP
-.B msg\-buffer\-size: \fI<number>
-Number of bytes size of the message buffers. Default is 65552 bytes, enough
-for 64 Kb packets, the maximum DNS message size. No message larger than this
-can be sent or received. Can be reduced to use less memory, but some requests
-for DNS data, such as for huge resource records, will result in a SERVFAIL
-reply to the client.
-.TP
-.B msg\-cache\-size: \fI<number>
-Number of bytes size of the message cache. Default is 4 megabytes.
-A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+This is the value put into datagrams over UDP towards peers.
+The actual buffer size is determined by
+\fI\%msg\-buffer\-size\fP (both for TCP and
+UDP).
+Do not set higher than that value.
+Setting to 512 bypasses even the most stringent path MTU problems, but is
+seen as extreme, since the amount of TCP fallback generated is excessive
+(probably also for this resolver, consider tuning
+\fI\%outgoing\-num\-tcp\fP).
+.sp
+Default: 1232 (\fI\%DNS Flag Day 2020 recommendation\fP)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-udp\-size: \fI<number>\fP 
+Maximum UDP response size (not applied to TCP response).
+65536 disables the UDP response size maximum, and uses the choice from the
+client, always.
+Suggested values are 512 to 4096.
+.sp
+Default: 1232 (same as \fI\%edns\-buffer\-size\fP)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stream\-wait\-size: \fI<number>\fP 
+Number of bytes size maximum to use for waiting stream buffers.
+A plain number is in bytes, append \(aqk\(aq, \(aqm\(aq or \(aqg\(aq for kilobytes, megabytes
 or gigabytes (1024*1024 bytes in a megabyte).
-.TP
-.B msg\-cache\-slabs: \fI<number>
-Number of slabs in the message cache. Slabs reduce lock contention by threads.
-Must be set to a power of 2. Setting (close) to the number of cpus is a
-reasonable guess.
-.TP
-.B num\-queries\-per\-thread: \fI<number>
+As TCP and TLS streams queue up multiple results, the amount of memory used
+for these buffers does not exceed this number, otherwise the responses are
+dropped.
+This manages the total memory usage of the server (under heavy use), the
+number of requests that can be queued up per connection is also limited,
+with further requests waiting in TCP buffers.
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B msg\-buffer\-size: \fI<number>\fP 
+Number of bytes size of the message buffers.
+Default is 65552 bytes, enough for 64 Kb packets, the maximum DNS message
+size.
+No message larger than this can be sent or received.
+Can be reduced to use less memory, but some requests for DNS data, such as
+for huge resource records, will result in a SERVFAIL reply to the client.
+.sp
+Default: 65552
+.UNINDENT
+.INDENT 0.0
+.TP
+.B msg\-cache\-size: \fI<number>\fP 
+Number of bytes size of the message cache.
+A plain number is in bytes, append \(aqk\(aq, \(aqm\(aq or \(aqg\(aq for kilobytes, megabytes
+or gigabytes (1024*1024 bytes in a megabyte).
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B msg\-cache\-slabs: \fI<number>\fP 
+Number of slabs in the message cache.
+Slabs reduce lock contention by threads.
+Must be set to a power of 2.
+Setting (close) to the number of cpus is a fairly good setting.
+If left unconfigured, it will be configured automatically to be a power of
+2 close to the number of configured threads in multi\-threaded environments.
+.sp
+Default: (unconfigured)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num\-queries\-per\-thread: \fI<number>\fP 
 The number of queries that every thread will service simultaneously.
-If more queries arrive that need servicing, and no queries can be jostled out
-(see \fIjostle\-timeout\fR), then the queries are dropped. This forces
-the client to resend after a timeout; allowing the server time to work on
-the existing queries. Default depends on compile options, 512 or 1024.
-.TP
-.B jostle\-timeout: \fI<msec>
-Timeout used when the server is very busy.  Set to a value that usually
-results in one roundtrip to the authority servers.  If too many queries
-arrive, then 50% of the queries are allowed to run to completion, and
-the other 50% are replaced with the new incoming query if they have already
-spent more than their allowed time.  This protects against denial of
-service by slow queries or high query rates.  Default 200 milliseconds.
-The effect is that the qps for long-lasting queries is about
-(numqueriesperthread / 2) / (average time for such long queries) qps.
-The qps for short queries can be about (numqueriesperthread / 2)
-/ (jostletimeout in whole seconds) qps per thread, about (1024/2)*5 = 2560
-qps by default.
-.TP
-.B delay\-close: \fI<msec>
+If more queries arrive that need servicing, and no queries can be jostled
+out (see \fI\%jostle\-timeout\fP), then the
+queries are dropped.
+This forces the client to resend after a timeout; allowing the server time
+to work on the existing queries.
+Default depends on compile options.
+.sp
+Default: 2048 (libevent) / 512 (minievent) / 24 (windows)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B jostle\-timeout: \fI<msec>\fP 
+Timeout used when the server is very busy.
+Set to a value that usually results in one roundtrip to the authority
+servers.
+.sp
+If too many queries arrive, then 50% of the queries are allowed to run to
+completion, and the other 50% are replaced with the new incoming query if
+they have already spent more than their allowed time.
+This protects against denial of service by slow queries or high query
+rates.
+.sp
+The effect is that the qps for long\-lasting queries is about:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+(num\-queries\-per\-thread / 2) / (average time for such long queries) qps
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The qps for short queries can be about:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+(num\-queries\-per\-thread / 2) / (jostle\-timeout in whole seconds) qps per thread
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+about (2048/2)*5 = 5120 qps by default.
+.sp
+Default: 200
+.UNINDENT
+.INDENT 0.0
+.TP
+.B delay\-close: \fI<msec>\fP 
 Extra delay for timeouted UDP ports before they are closed, in msec.
-Default is 0, and that disables it.  This prevents very delayed answer
-packets from the upstream (recursive) servers from bouncing against
-closed ports and setting off all sort of close-port counters, with
-eg. 1500 msec.  When timeouts happen you need extra sockets, it checks
-the ID and remote IP of packets, and unwanted packets are added to the
-unwanted packet counter.
-.TP
-.B udp\-connect: \fI<yes or no>
-Perform connect for UDP sockets that mitigates ICMP side channel leakage.
-Default is yes.
-.TP
-.B unknown\-server\-time\-limit: \fI<msec>
+This prevents very delayed answer packets from the upstream (recursive)
+servers from bouncing against closed ports and setting off all sort of
+close\-port counters, with eg. 1500 msec.
+When timeouts happen you need extra sockets, it checks the ID and remote IP
+of packets, and unwanted packets are added to the unwanted packet counter.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B udp\-connect: \fI<yes or no>\fP 
+Perform \fIconnect(2)\fP for UDP sockets that mitigates ICMP side channel
+leakage.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B unknown\-server\-time\-limit: \fI<msec>\fP 
 The wait time in msec for waiting for an unknown server to reply.
 Increase this if you are behind a slow satellite link, to eg. 1128.
 That would then avoid re\-querying every initial query because it times out.
-Default is 376 msec.
-.TP
-.B discard\-timeout: \fI<msec>
-The wait time in msec where recursion requests are dropped. This is
-to stop a large number of replies from accumulating. They receive
-no reply, the work item continues to recurse. It is nice to be a bit
-larger than serve\-expired\-client\-timeout if that is enabled.
-A value of 1900 msec is suggested. The value 0 disables it.
-Default 1900 msec.
-.TP
-.B wait\-limit: \fI<number>
+.sp
+Default: 376
+.UNINDENT
+.INDENT 0.0
+.TP
+.B discard\-timeout: \fI<msec>\fP 
+The wait time in msec where recursion requests are dropped.
+This is to stop a large number of replies from accumulating.
+They receive no reply, the work item continues to recurse.
+It is nice to be a bit larger than
+\fI\%serve\-expired\-client\-timeout\fP
+if that is enabled.
+A value of \fB1900\fP msec is suggested.
+The value \fB0\fP disables it.
+.sp
+Default: 1900
+.UNINDENT
+.INDENT 0.0
+.TP
+.B wait\-limit: \fI<number>\fP 
 The number of replies that can wait for recursion, for an IP address.
 This makes a ratelimit per IP address of waiting replies for recursion.
 It stops very large amounts of queries waiting to be returned to one
-destination. The value 0 disables wait limits. Default is 1000.
+destination.
+The value \fB0\fP disables wait limits.
+.sp
+Default: 1000
+.UNINDENT
+.INDENT 0.0
 .TP
-.B wait\-limit\-cookie: \fI<number>
+.B wait\-limit\-cookie: \fI<number>\fP 
 The number of replies that can wait for recursion, for an IP address
-that sent the query with a valid DNS cookie. Since the cookie validates
-the client address, the limit can be higher. Default is 10000.
-.TP
-.B wait\-limit\-netblock: \fI<netblock> <number>
-The wait limit for the netblock. If not given the wait\-limit value is
-used. The most specific netblock is used to determine the limit. Useful for
-overriding the default for a specific, group or individual, server.
-The value -1 disables wait limits for the netblock.
-By default the loopback has a wait limit netblock of -1, it is not limited,
-because it is separated from the rest of network for spoofed packets.
-The loopback addresses 127.0.0.0/8 and ::1/128 are default at -1.
-.TP
-.B wait\-limit\-cookie\-netblock: \fI<netblock> <number>
-The wait limit for the netblock, when the query has a DNS cookie.
-If not given, the wait\-limit\-cookie value is used.
-The value -1 disables wait limits for the netblock.
-The loopback addresses 127.0.0.0/8 and ::1/128 are default at -1.
-.TP
-.B so\-rcvbuf: \fI<number>
-If not 0, then set the SO_RCVBUF socket option to get more buffer
-space on UDP port 53 incoming queries.  So that short spikes on busy
-servers do not drop packets (see counter in netstat \-su).  Default is
-0 (use system value).  Otherwise, the number of bytes to ask for, try
-"4m" on a busy server.  The OS caps it at a maximum, on linux Unbound
-needs root permission to bypass the limit, or the admin can use sysctl
-net.core.rmem_max.  On BSD change kern.ipc.maxsockbuf in /etc/sysctl.conf.
-On OpenBSD change header and recompile kernel. On Solaris ndd \-set
-/dev/udp udp_max_buf 8388608.
-.TP
-.B so\-sndbuf: \fI<number>
+that sent the query with a valid DNS Cookie.
+Since the cookie validates the client address, this limit can be higher.
+.sp
+Default: 10000
+.UNINDENT
+.INDENT 0.0
+.TP
+.B wait\-limit\-netblock: \fI<netblock>\fP \fI<number>\fP 
+The wait limit for the netblock.
+If not given the
+\fI\%wait\-limit\fP
+value is used.
+The most specific netblock is used to determine the limit.
+Useful for overriding the default for a specific, group or individual,
+server.
+The value \fB\-1\fP disables wait limits for the netblock.
+By default the loopback has a wait limit netblock of \fB\-1\fP, it is not
+limited, because it is separated from the rest of network for spoofed
+packets.
+The loopback addresses \fB127.0.0.0/8\fP and \fB::1/128\fP are default at \fB\-1\fP\&.
+.sp
+Default: (none)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B wait\-limit\-cookie\-netblock: \fI<netblock>\fP \fI<number>\fP 
+The wait limit for the netblock, when the query has a DNS Cookie.
+If not given, the
+\fI\%wait\-limit\-cookie\fP
+value is used.
+The value \fB\-1\fP disables wait limits for the netblock.
+The loopback addresses \fB127.0.0.0/8\fP and \fB::1/128\fP are default at \fB\-1\fP\&.
+.sp
+Default: (none)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B so\-rcvbuf: \fI<number>\fP 
+If not 0, then set the SO_RCVBUF socket option to get more buffer space on
+UDP port 53 incoming queries.
+So that short spikes on busy servers do not drop packets (see counter in
+\fBnetstat \-su\fP).
+Otherwise, the number of bytes to ask for, try \(dq4m\(dq on a busy server.
+.sp
+The OS caps it at a maximum, on linux Unbound needs root permission to
+bypass the limit, or the admin can use \fBsysctl net.core.rmem_max\fP\&.
+.sp
+On BSD change \fBkern.ipc.maxsockbuf\fP in \fB/etc/sysctl.conf\fP\&.
+.sp
+On OpenBSD change header and recompile kernel.
+.sp
+On Solaris \fBndd \-set /dev/udp udp_max_buf 8388608\fP\&.
+.sp
+Default: 0 (use system value)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B so\-sndbuf: \fI<number>\fP 
 If not 0, then set the SO_SNDBUF socket option to get more buffer space on
-UDP port 53 outgoing queries.  This for very busy servers handles spikes
-in answer traffic, otherwise 'send: resource temporarily unavailable'
-can get logged, the buffer overrun is also visible by netstat \-su.
-Default is 0 (use system value).  Specify the number of bytes to ask
-for, try "4m" on a very busy server.  The OS caps it at a maximum, on
-linux Unbound needs root permission to bypass the limit, or the admin
-can use sysctl net.core.wmem_max.  On BSD, Solaris changes are similar
-to so\-rcvbuf.
-.TP
-.B so\-reuseport: \fI<yes or no>
+UDP port 53 outgoing queries.
+This for very busy servers handles spikes in answer traffic, otherwise:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+send: resource temporarily unavailable
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+can get logged, the buffer overrun is also visible by \fBnetstat \-su\fP\&.
+If set to 0 it uses the system value.
+Specify the number of bytes to ask for, try \(dq8m\(dq on a very busy server.
+.sp
+It needs some space to be able to deal with packets that wait for local
+address resolution, from like ARP and NDP discovery, before they are sent
+out, hence it is elevated above the system default by default.
+.sp
+The OS caps it at a maximum, on linux Unbound needs root permission to
+bypass the limit, or the admin can use \fBsysctl net.core.wmem_max\fP\&.
+.sp
+On BSD, Solaris changes are similar to
+\fI\%so\-rcvbuf\fP\&.
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B so\-reuseport: \fI<yes or no>\fP 
 If yes, then open dedicated listening sockets for incoming queries for each
-thread and try to set the SO_REUSEPORT socket option on each socket.  May
-distribute incoming queries to threads more evenly.  Default is yes.
-On Linux it is supported in kernels >= 3.9.  On other systems, FreeBSD, OSX
-it may also work.  You can enable it (on any platform and kernel),
-it then attempts to open the port and passes the option if it was available
-at compile time, if that works it is used, if it fails, it continues
-silently (unless verbosity 3) without the option.
+thread and try to set the SO_REUSEPORT socket option on each socket.
+May distribute incoming queries to threads more evenly.
+.sp
+On Linux it is supported in kernels >= 3.9.
+.sp
+On other systems, FreeBSD, OSX it may also work.
+.sp
+You can enable it (on any platform and kernel), it then attempts to open
+the port and passes the option if it was available at compile time, if that
+works it is used, if it fails, it continues silently (unless verbosity 3)
+without the option.
+.sp
 At extreme load it could be better to turn it off to distribute the queries
 evenly, reported for Linux systems (4.4.x).
-.TP
-.B ip\-transparent: \fI<yes or no>
-If yes, then use IP_TRANSPARENT socket option on sockets where Unbound
-is listening for incoming traffic.  Default no.  Allows you to bind to
-non\-local interfaces.  For example for non\-existent IP addresses that
-are going to exist later on, with host failover configuration.  This is
-a lot like interface\-automatic, but that one services all interfaces
-and with this option you can select which (future) interfaces Unbound
-provides service on.  This option needs Unbound to be started with root
-permissions on some systems.  The option uses IP_BINDANY on FreeBSD systems
-and SO_BINDANY on OpenBSD systems.
-.TP
-.B ip\-freebind: \fI<yes or no>
-If yes, then use IP_FREEBIND socket option on sockets where Unbound
-is listening to incoming traffic.  Default no.  Allows you to bind to
-IP addresses that are nonlocal or do not exist, like when the network
-interface or IP address is down.  Exists only on Linux, where the similar
-ip\-transparent option is also available.
-.TP
-.B ip-dscp: \fI<number>
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-transparent: \fI<yes or no>\fP 
+If yes, then use IP_TRANSPARENT socket option on sockets where Unbound is
+listening for incoming traffic.
+Allows you to bind to non\-local interfaces.
+For example for non\-existent IP addresses that are going to exist later on,
+with host failover configuration.
+.sp
+This is a lot like
+\fI\%interface\-automatic\fP, but that one
+services all interfaces and with this option you can select which (future)
+interfaces Unbound provides service on.
+.sp
+This option needs Unbound to be started with root permissions on some
+systems.
+The option uses IP_BINDANY on FreeBSD systems and SO_BINDANY on OpenBSD
+systems.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-freebind: \fI<yes or no>\fP 
+If yes, then use IP_FREEBIND socket option on sockets where Unbound is
+listening to incoming traffic.
+Allows you to bind to IP addresses that are nonlocal or do not exist, like
+when the network interface or IP address is down.
+.sp
+Exists only on Linux, where the similar
+\fI\%ip\-transparent\fP option is also
+available.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-dscp: \fI<number>\fP 
 The value of the Differentiated Services Codepoint (DSCP) in the
 differentiated services field (DS) of the outgoing IP packet headers.
-The field replaces the outdated IPv4 Type-Of-Service field and the
-IPv6 traffic class field.
-.TP
-.B rrset\-cache\-size: \fI<number>
-Number of bytes size of the RRset cache. Default is 4 megabytes.
-A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+The field replaces the outdated IPv4 Type\-Of\-Service field and the IPv6
+traffic class field.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B rrset\-cache\-size: \fI<number>\fP 
+Number of bytes size of the RRset cache.
+A plain number is in bytes, append \(aqk\(aq, \(aqm\(aq or \(aqg\(aq for kilobytes, megabytes
 or gigabytes (1024*1024 bytes in a megabyte).
-.TP
-.B rrset\-cache\-slabs: \fI<number>
-Number of slabs in the RRset cache. Slabs reduce lock contention by threads.
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B rrset\-cache\-slabs: \fI<number>\fP 
+Number of slabs in the RRset cache.
+Slabs reduce lock contention by threads.
 Must be set to a power of 2.
-.TP
-.B cache\-max\-ttl: \fI<seconds>
-Time to live maximum for RRsets and messages in the cache. Default is
-86400 seconds (1 day).  When the TTL expires, the cache item has expired.
+Setting (close) to the number of cpus is a fairly good setting.
+If left unconfigured, it will be configured automatically to be a power of
+2 close to the number of configured threads in multi\-threaded environments.
+.sp
+Default: (unconfigured)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B cache\-max\-ttl: \fI<seconds>\fP 
+Time to live maximum for RRsets and messages in the cache.
+When the TTL expires, the cache item has expired.
 Can be set lower to force the resolver to query for data often, and not
-trust (very large) TTL values.  Downstream clients also see the lower TTL.
-.TP
-.B cache\-min\-ttl: \fI<seconds>
-Time to live minimum for RRsets and messages in the cache. Default is 0.
+trust (very large) TTL values.
+Downstream clients also see the lower TTL.
+.sp
+Default: 86400 (1 day)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B cache\-min\-ttl: \fI<seconds>\fP 
+Time to live minimum for RRsets and messages in the cache.
 If the minimum kicks in, the data is cached for longer than the domain
 owner intended, and thus less queries are made to look up the data.
 Zero makes sure the data in the cache is as the domain owner intended,
 higher values, especially more than an hour or so, can lead to trouble as
 the data in the cache does not match up with the actual data any more.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
 .TP
-.B cache\-max\-negative\-ttl: \fI<seconds>
+.B cache\-max\-negative\-ttl: \fI<seconds>\fP 
 Time to live maximum for negative responses, these have a SOA in the
-authority section that is limited in time.  Default is 3600.
-This applies to nxdomain and nodata answers.
+authority section that is limited in time.
+This applies to NXDOMAIN and NODATA answers.
+.sp
+Default: 3600
+.UNINDENT
+.INDENT 0.0
 .TP
-.B cache\-min\-negative\-ttl: \fI<seconds>
+.B cache\-min\-negative\-ttl: \fI<seconds>\fP 
 Time to live minimum for negative responses, these have a SOA in the
 authority section that is limited in time.
-Default is 0 (disabled).
-If this is disabled and \fBcache-min-ttl\fR is configured, it will take effect
-instead.
-In that case you can set this to 1 to honor the upstream TTL.
-This applies to nxdomain and nodata answers.
-.TP
-.B infra\-host\-ttl: \fI<seconds>
-Time to live for entries in the host cache. The host cache contains
-roundtrip timing, lameness and EDNS support information. Default is 900.
-.TP
-.B infra\-cache\-slabs: \fI<number>
-Number of slabs in the infrastructure cache. Slabs reduce lock contention
-by threads. Must be set to a power of 2.
-.TP
-.B infra\-cache\-numhosts: \fI<number>
-Number of hosts for which information is cached. Default is 10000.
-.TP
-.B infra\-cache\-min\-rtt: \fI<msec>
+If this is disabled and
+\fI\%cache\-min\-ttl\fP
+is configured, it will take effect instead.
+In that case you can set this to \fB1\fP to honor the upstream TTL.
+This applies to NXDOMAIN and NODATA answers.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B infra\-host\-ttl: \fI<seconds>\fP 
+Time to live for entries in the host cache.
+The host cache contains roundtrip timing, lameness and EDNS support
+information.
+.sp
+Default: 900
+.UNINDENT
+.INDENT 0.0
+.TP
+.B infra\-cache\-slabs: \fI<number>\fP 
+Number of slabs in the infrastructure cache.
+Slabs reduce lock contention by threads.
+Must be set to a power of 2.
+Setting (close) to the number of cpus is a fairly good setting.
+If left unconfigured, it will be configured automatically to be a power of
+2 close to the number of configured threads in multi\-threaded environments.
+.sp
+Default: (unconfigured)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B infra\-cache\-numhosts: \fI<number>\fP 
+Number of hosts for which information is cached.
+.sp
+Default: 10000
+.UNINDENT
+.INDENT 0.0
+.TP
+.B infra\-cache\-min\-rtt: \fI<msec>\fP 
 Lower limit for dynamic retransmit timeout calculation in infrastructure
-cache. Default is 50 milliseconds. Increase this value if using forwarders
-needing more time to do recursive name resolution.
-.TP
-.B infra\-cache\-max\-rtt: \fI<msec>
+cache.
+Increase this value if using forwarders needing more time to do recursive
+name resolution.
+.sp
+Default: 50
+.UNINDENT
+.INDENT 0.0
+.TP
+.B infra\-cache\-max\-rtt: \fI<msec>\fP 
 Upper limit for dynamic retransmit timeout calculation in infrastructure
-cache. Default is 2 minutes.
+cache.
+.sp
+Default: 120000 (2 minutes)
+.UNINDENT
+.INDENT 0.0
 .TP
-.B infra\-keep\-probing: \fI<yes or no>
+.B infra\-keep\-probing: \fI<yes or no>\fP 
 If enabled the server keeps probing hosts that are down, in the one probe
-at a time regime.  Default is no.  Hosts that are down, eg. they did
-not respond during the one probe at a time period, are marked as down and
-it may take \fBinfra\-host\-ttl\fR time to get probed again.
-.TP
-.B define\-tag: \fI<"list of tags">
-Define the tags that can be used with local\-zone and access\-control.
-Enclose the list between quotes ("") and put spaces between tags.
-.TP
-.B do\-ip4: \fI<yes or no>
-Enable or disable whether ip4 queries are answered or issued. Default is yes.
-.TP
-.B do\-ip6: \fI<yes or no>
-Enable or disable whether ip6 queries are answered or issued. Default is yes.
+at a time regime.
+Hosts that are down, eg. they did not respond during the one probe at a
+time period, are marked as down and it may take
+\fI\%infra\-host\-ttl\fP time to get probed
+again.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B define\-tag: \fI\(dq<list of tags>\(dq\fP 
+Define the tags that can be used with
+\fI\%local\-zone\fP and
+\fI\%access\-control\fP\&.
+Enclose the list between quotes (\fB\(dq\(dq\fP) and put spaces between tags.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B do\-ip4: \fI<yes or no>\fP 
+Enable or disable whether IPv4 queries are answered or issued.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B do\-ip6: \fI<yes or no>\fP 
+Enable or disable whether IPv6 queries are answered or issued.
 If disabled, queries are not answered on IPv6, and queries are not sent on
-IPv6 to the internet nameservers.  With this option you can disable the
-IPv6 transport for sending DNS traffic, it does not impact the contents of
-the DNS traffic, which may have ip4 and ip6 addresses in it.
-.TP
-.B prefer\-ip4: \fI<yes or no>
+IPv6 to the internet nameservers.
+With this option you can disable the IPv6 transport for sending DNS
+traffic, it does not impact the contents of the DNS traffic, which may have
+IPv4 (A) and IPv6 (AAAA) addresses in it.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B prefer\-ip4: \fI<yes or no>\fP 
 If enabled, prefer IPv4 transport for sending DNS queries to internet
-nameservers. Default is no.  Useful if the IPv6 netblock the server has,
-the entire /64 of that is not owned by one operator and the reputation of
-the netblock /64 is an issue, using IPv4 then uses the IPv4 filters that
-the upstream servers have.
-.TP
-.B prefer\-ip6: \fI<yes or no>
+nameservers.
+Useful if the IPv6 netblock the server has, the entire /64 of that is not
+owned by one operator and the reputation of the netblock /64 is an issue,
+using IPv4 then uses the IPv4 filters that the upstream servers have.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B prefer\-ip6: \fI<yes or no>\fP 
 If enabled, prefer IPv6 transport for sending DNS queries to internet
-nameservers. Default is no.
-.TP
-.B do\-udp: \fI<yes or no>
-Enable or disable whether UDP queries are answered or issued. Default is yes.
-.TP
-.B do\-tcp: \fI<yes or no>
-Enable or disable whether TCP queries are answered or issued. Default is yes.
-.TP
-.B tcp\-mss: \fI<number>
-Maximum segment size (MSS) of TCP socket on which the server responds
-to queries. Value lower than common MSS on Ethernet
-(1220 for example) will address path MTU problem.
+nameservers.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B do\-udp: \fI<yes or no>\fP 
+Enable or disable whether UDP queries are answered or issued.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B do\-tcp: \fI<yes or no>\fP 
+Enable or disable whether TCP queries are answered or issued.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tcp\-mss: \fI<number>\fP 
+Maximum segment size (MSS) of TCP socket on which the server responds to
+queries.
+Value lower than common MSS on Ethernet (1220 for example) will address
+path MTU problem.
 Note that not all platform supports socket option to set MSS (TCP_MAXSEG).
-Default is system default MSS determined by interface MTU and
-negotiation between server and client.
-.TP
-.B outgoing\-tcp\-mss: \fI<number>
-Maximum segment size (MSS) of TCP socket for outgoing queries
-(from Unbound to other servers). Value lower than
-common MSS on Ethernet (1220 for example) will address path MTU problem.
+Default is system default MSS determined by interface MTU and negotiation
+between server and client.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B outgoing\-tcp\-mss: \fI<number>\fP 
+Maximum segment size (MSS) of TCP socket for outgoing queries (from Unbound
+to other servers).
+Value lower than common MSS on Ethernet (1220 for example) will address
+path MTU problem.
 Note that not all platform supports socket option to set MSS (TCP_MAXSEG).
-Default is system default MSS determined by interface MTU and
-negotiation between Unbound and other servers.
+Default is system default MSS determined by interface MTU and negotiation
+between Unbound and other servers.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B tcp-idle-timeout: \fI<msec>\fR
+.B tcp\-idle\-timeout: \fI<msec>\fP 
 The period Unbound will wait for a query on a TCP connection.
 If this timeout expires Unbound closes the connection.
-This option defaults to 30000 milliseconds.
-When the number of free incoming TCP buffers falls below 50% of the
-total number configured, the option value used is progressively
-reduced, first to 1% of the configured value, then to 0.2% of the
-configured value if the number of free buffers falls below 35% of the
-total number configured, and finally to 0 if the number of free buffers
-falls below 20% of the total number configured. A minimum timeout of
-200 milliseconds is observed regardless of the option value used.
-It will be overridden by \fBedns\-tcp\-keepalive\-timeout\fR if
-\fBedns\-tcp\-keepalive\fR is enabled.
-.TP
-.B tcp-reuse-timeout: \fI<msec>\fR
-The period Unbound will keep TCP persistent connections open to
-authority servers. This option defaults to 60000 milliseconds.
-.TP
-.B max-reuse-tcp-queries: \fI<number>\fR
+When the number of free incoming TCP buffers falls below 50% of the total
+number configured, the option value used is progressively reduced, first to
+1% of the configured value, then to 0.2% of the configured value if the
+number of free buffers falls below 35% of the total number configured, and
+finally to 0 if the number of free buffers falls below 20% of the total
+number configured.
+A minimum timeout of 200 milliseconds is observed regardless of the option
+value used.
+It will be overridden by
+\fI\%edns\-tcp\-keepalive\-timeout\fP
+if
+\fI\%edns\-tcp\-keepalive\fP
+is enabled.
+.sp
+Default: 30000 (30 seconds)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tcp\-reuse\-timeout: \fI<msec>\fP 
+The period Unbound will keep TCP persistent connections open to authority
+servers.
+.sp
+Default: 60000 (60 seconds)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-reuse\-tcp\-queries: \fI<number>\fP 
 The maximum number of queries that can be sent on a persistent TCP
 connection.
-This option defaults to 200 queries.
+.sp
+Default: 200
+.UNINDENT
+.INDENT 0.0
 .TP
-.B tcp-auth-query-timeout: \fI<number>\fR
+.B tcp\-auth\-query\-timeout: \fI<number>\fP 
 Timeout in milliseconds for TCP queries to auth servers.
-This option defaults to 3000 milliseconds.
-.TP
-.B edns-tcp-keepalive: \fI<yes or no>\fR
-Enable or disable EDNS TCP Keepalive. Default is no.
-.TP
-.B edns-tcp-keepalive-timeout: \fI<msec>\fR
-Overrides \fBtcp\-idle\-timeout\fR when \fBedns\-tcp\-keepalive\fR is enabled.
+.sp
+Default: 3000 (3 seconds)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B edns\-tcp\-keepalive: \fI<yes or no>\fP 
+Enable or disable EDNS TCP Keepalive.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B edns\-tcp\-keepalive\-timeout: \fI<msec>\fP 
+Overrides
+\fI\%tcp\-idle\-timeout\fP
+when
+\fI\%edns\-tcp\-keepalive\fP
+is enabled.
 If the client supports the EDNS TCP Keepalive option,
-Unbound sends the timeout value to the client to encourage it to
-close the connection before the server times out.
-This option defaults to 120000 milliseconds.
-.TP
-.B sock\-queue\-timeout: \fI<sec>\fR
+If the client supports the EDNS TCP Keepalive option, Unbound sends the
+timeout value to the client to encourage it to close the connection before
+the server times out.
+.sp
+Default: 120000 (2 minutes)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B sock\-queue\-timeout: \fI<sec>\fP 
 UDP queries that have waited in the socket buffer for a long time can be
-dropped. Default is 0, disabled. The time is set in seconds, 3 could be a
-good value to ignore old queries that likely the client does not need a reply
-for any more. This could happen if the host has not been able to service
-the queries for a while, i.e. Unbound is not running, and then is enabled
-again. It uses timestamp socket options.
-.TP
-.B tcp\-upstream: \fI<yes or no>
+dropped.
+The time is set in seconds, 3 could be a good value to ignore old queries
+that likely the client does not need a reply for any more.
+This could happen if the host has not been able to service the queries for
+a while, i.e. Unbound is not running, and then is enabled again.
+It uses timestamp socket options.
+The socket option is available on the Linux and FreeBSD platforms.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tcp\-upstream: \fI<yes or no>\fP 
 Enable or disable whether the upstream queries use TCP only for transport.
-Default is no.  Useful in tunneling scenarios. If set to no you can specify
-TCP transport only for selected forward or stub zones using forward-tcp-upstream
-or stub-tcp-upstream respectively.
-.TP
-.B udp\-upstream\-without\-downstream: \fI<yes or no>
-Enable udp upstream even if do-udp is no.  Default is no, and this does not
-change anything.  Useful for TLS service providers, that want no udp downstream
-but use udp to fetch data upstream.
-.TP
-.B tls\-upstream: \fI<yes or no>
+Useful in tunneling scenarios.
+If set to no you can specify TCP transport only for selected forward or
+stub zones using
+\fI\%forward\-tcp\-upstream\fP or
+\fI\%stub\-tcp\-upstream\fP
+respectively.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B udp\-upstream\-without\-downstream: \fI<yes or no>\fP 
+Enable UDP upstream even if \fI\%do\-udp: no\fP is set.
+Useful for TLS service providers, that want no UDP downstream but use UDP
+to fetch data upstream.
+.sp
+Default: no (no changes)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-upstream: \fI<yes or no>\fP 
 Enabled or disable whether the upstream queries use TLS only for transport.
-Default is no.  Useful in tunneling scenarios.  The TLS contains plain DNS in
-TCP wireformat.  The other server must support this (see
-\fBtls\-service\-key\fR).
-If you enable this, also configure a tls\-cert\-bundle or use tls\-win\-cert or
-tls\-system\-cert to load CA certs, otherwise the connections cannot be
-authenticated. This option enables TLS for all of them, but if you do not set
-this you can configure TLS specifically for some forward zones with
-forward\-tls\-upstream.  And also with stub\-tls\-upstream.
-If the tls\-upstream option is enabled, it is for all the forwards and stubs,
-where the forward\-tls\-upstream and stub\-tls\-upstream options are ignored,
-as if they had been set to yes.
-.TP
-.B ssl\-upstream: \fI<yes or no>
-Alternate syntax for \fBtls\-upstream\fR.  If both are present in the config
-file the last is used.
-.TP
-.B tls\-service\-key: \fI<file>
-If enabled, the server provides DNS-over-TLS or DNS-over-HTTPS service on the
-TCP ports marked implicitly or explicitly for these services with tls\-port or
-https\-port. The file must contain the private key for the TLS session, the
-public certificate is in the tls\-service\-pem file and it must also be
-specified if tls\-service\-key is specified.  The default is "", turned off.
-Enabling or disabling this service requires a restart (a reload is not enough),
-because the key is read while root permissions are held and before chroot (if any).
-The ports enabled implicitly or explicitly via \fBtls\-port:\fR and
-\fBhttps\-port:\fR do not provide normal DNS TCP service. Unbound needs to be
-compiled with libnghttp2 in order to provide DNS-over-HTTPS.
-.TP
-.B ssl\-service\-key: \fI<file>
-Alternate syntax for \fBtls\-service\-key\fR.
-.TP
-.B tls\-service\-pem: \fI<file>
-The public key certificate pem file for the tls service.  Default is "",
-turned off.
-.TP
-.B ssl\-service\-pem: \fI<file>
-Alternate syntax for \fBtls\-service\-pem\fR.
-.TP
-.B tls\-port: \fI<number>
-The port number on which to provide TCP TLS service, default 853, only
-interfaces configured with that port number as @number get the TLS service.
-.TP
-.B ssl\-port: \fI<number>
-Alternate syntax for \fBtls\-port\fR.
-.TP
-.B tls\-cert\-bundle: \fI<file>
-If null or "", no file is used.  Set it to the certificate bundle file,
-for example "/etc/pki/tls/certs/ca\-bundle.crt".  These certificates are used
-for authenticating connections made to outside peers.  For example auth\-zone
-urls, and also DNS over TLS connections.  It is read at start up before
-permission drop and chroot.
-.TP
-.B ssl\-cert\-bundle: \fI<file>
-Alternate syntax for \fBtls\-cert\-bundle\fR.
-.TP
-.B tls\-win\-cert: \fI<yes or no>
-Add the system certificates to the cert bundle certificates for authentication.
-If no cert bundle, it uses only these certificates.  Default is no.
-On windows this option uses the certificates from the cert store.  Use
-the tls\-cert\-bundle option on other systems. On other systems, this option
-enables the system certificates.
-.TP
-.B tls\-system\-cert: \fI<yes or no>
-This the same setting as the tls\-win\-cert setting, under a different name.
+Useful in tunneling scenarios.
+The TLS contains plain DNS in TCP wireformat.
+The other server must support this (see
+\fI\%tls\-service\-key\fP).
+.sp
+If you enable this, also configure a
+\fI\%tls\-cert\-bundle\fP or use
+\fI\%tls\-win\-cert\fP or
+\fI\%tls\-system\-cert\fP to load CA certs,
+otherwise the connections cannot be authenticated.
+.sp
+This option enables TLS for all of them, but if you do not set this you can
+configure TLS specifically for some forward zones with
+\fI\%forward\-tls\-upstream\fP\&.
+And also with
+\fI\%stub\-tls\-upstream\fP\&.
+If the
+\fI\%tls\-upstream\fP
+option is enabled, it is for all the forwards and stubs, where the
+\fI\%forward\-tls\-upstream\fP
+and
+\fI\%stub\-tls\-upstream\fP
+options are ignored, as if they had been set to yes.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ssl\-upstream: \fI<yes or no>\fP 
+Alternate syntax for \fI\%tls\-upstream\fP\&.
+If both are present in the config file the last is used.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-service\-key: \fI<file>\fP 
+If enabled, the server provides DNS\-over\-TLS or DNS\-over\-HTTPS service on
+the TCP ports marked implicitly or explicitly for these services with
+\fI\%tls\-port\fP or
+\fI\%https\-port\fP\&.
+The file must contain the private key for the TLS session, the public
+certificate is in the \fI\%tls\-service\-pem\fP
+file and it must also be specified if
+\fI\%tls\-service\-key\fP is specified.
+Enabling or disabling this service requires a restart (a reload is not
+enough), because the key is read while root permissions are held and before
+chroot (if any).
+The ports enabled implicitly or explicitly via
+\fI\%tls\-port\fP and
+\fI\%https\-port\fP do not provide normal DNS TCP
+service.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+Unbound needs to be compiled with libnghttp2 in order to provide
+DNS\-over\-HTTPS.
+.UNINDENT
+.UNINDENT
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ssl\-service\-key: \fI<file>\fP 
+Alternate syntax for \fI\%tls\-service\-key\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-service\-pem: \fI<file>\fP 
+The public key certificate pem file for the tls service.
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ssl\-service\-pem: \fI<file>\fP 
+Alternate syntax for \fI\%tls\-service\-pem\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-port: \fI<number>\fP 
+The port number on which to provide TCP TLS service.
+Only interfaces configured with that port number as @number get the TLS
+service.
+.sp
+Default: 853
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ssl\-port: \fI<number>\fP 
+Alternate syntax for \fI\%tls\-port\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-cert\-bundle: \fI<file>\fP 
+If null or \fB\(dq\(dq\fP, no file is used.
+Set it to the certificate bundle file, for example
+\fB/etc/pki/tls/certs/ca\-bundle.crt\fP\&.
+These certificates are used for authenticating connections made to outside
+peers.
+For example \fI\%auth\-zone urls\fP, and also
+DNS\-over\-TLS connections.
+It is read at start up before permission drop and chroot.
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ssl\-cert\-bundle: \fI<file>\fP 
+Alternate syntax for \fI\%tls\-cert\-bundle\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-win\-cert: \fI<yes or no>\fP 
+Add the system certificates to the cert bundle certificates for
+authentication.
+If no cert bundle, it uses only these certificates.
+On windows this option uses the certificates from the cert store.
+Use the \fI\%tls\-cert\-bundle\fP option on
+other systems.
+On other systems, this option enables the system certificates.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-system\-cert: \fI<yes or no>\fP 
+This the same attribute as the
+\fI\%tls\-win\-cert\fP attribute, under a
+different name.
 Because it is not windows specific.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-additional\-port: \fI<portnr>\fP 
+List port numbers as
+\fI\%tls\-additional\-port\fP, and when
+interfaces are defined, eg. with the @port suffix, as this port number,
+they provide DNS\-over\-TLS service.
+Can list multiple, each on a new statement.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B tls\-additional\-port: \fI<portnr>
-List portnumbers as tls\-additional\-port, and when interfaces are defined,
-eg. with the @port suffix, as this port number, they provide dns over TLS
-service.  Can list multiple, each on a new statement.
-.TP
-.B tls-session-ticket-keys: \fI<file>
-If not "", lists files with 80 bytes of random contents that are used to
-perform TLS session resumption for clients using the Unbound server.
+.B tls\-session\-ticket\-keys: \fI<file>\fP 
+If not \fB\(dq\(dq\fP, lists files with 80 bytes of random contents that are used
+to perform TLS session resumption for clients using the Unbound server.
 These files contain the secret key for the TLS session tickets.
 First key use to encrypt and decrypt TLS session tickets.
-Other keys use to decrypt only.  With this you can roll over to new keys,
-by generating a new first file and allowing decrypt of the old file by
-listing it after the first file for some time, after the wait clients are not
-using the old key any more and the old key can be removed.
-One way to create the file is dd if=/dev/random bs=1 count=80 of=ticket.dat
-The first 16 bytes should be different from the old one if you create a second key, that is the name used to identify the key.  Then there is 32 bytes random
-data for an AES key and then 32 bytes random data for the HMAC key.
-.TP
-.B tls\-ciphers: \fI<string with cipher list>
-Set the list of ciphers to allow when serving TLS.  Use "" for defaults,
-and that is the default.
-.TP
-.B tls\-ciphersuites: \fI<string with ciphersuites list>
-Set the list of ciphersuites to allow when serving TLS.  This is for newer
-TLS 1.3 connections.  Use "" for defaults, and that is the default.
-.TP
-.B pad\-responses: \fI<yes or no>
+Other keys use to decrypt only.
+.sp
+With this you can roll over to new keys, by generating a new first file and
+allowing decrypt of the old file by listing it after the first file for
+some time, after the wait clients are not using the old key any more and
+the old key can be removed.
+One way to create the file is:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+dd if=/dev/random bs=1 count=80 of=ticket.dat
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The first 16 bytes should be different from the old one if you create a
+second key, that is the name used to identify the key.
+Then there is 32 bytes random data for an AES key and then 32 bytes random
+data for the HMAC key.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-ciphers: \fI<string with cipher list>\fP 
+Set the list of ciphers to allow when serving TLS.
+Use \fB\(dq\(dq\fP for default ciphers.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-ciphersuites: \fI<string with ciphersuites list>\fP 
+Set the list of ciphersuites to allow when serving TLS.
+This is for newer TLS 1.3 connections.
+Use \fB\(dq\(dq\fP for default ciphersuites.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B pad\-responses: \fI<yes or no>\fP 
 If enabled, TLS serviced queries that contained an EDNS Padding option will
 cause responses padded to the closest multiple of the size specified in
-\fBpad\-responses\-block\-size\fR.
-Default is yes.
-.TP
-.B pad\-responses\-block\-size: \fI<number>
-The block size with which to pad responses serviced over TLS. Only responses
-to padded queries will be padded.
-Default is 468.
-.TP
-.B pad\-queries: \fI<yes or no>
-If enabled, all queries sent over TLS upstreams will be padded to the closest
-multiple of the size specified in \fBpad\-queries\-block\-size\fR.
-Default is yes.
-.TP
-.B pad\-queries\-block\-size: \fI<number>
+\fI\%pad\-responses\-block\-size\fP\&.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B pad\-responses\-block\-size: \fI<number>\fP 
+The block size with which to pad responses serviced over TLS.
+Only responses to padded queries will be padded.
+.sp
+Default: 468
+.UNINDENT
+.INDENT 0.0
+.TP
+.B pad\-queries: \fI<yes or no>\fP 
+If enabled, all queries sent over TLS upstreams will be padded to the
+closest multiple of the size specified in
+\fI\%pad\-queries\-block\-size\fP\&.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B pad\-queries\-block\-size: \fI<number>\fP 
 The block size with which to pad queries sent over TLS upstreams.
-Default is 128.
+.sp
+Default: 128
+.UNINDENT
+.INDENT 0.0
 .TP
-.B tls\-use\-sni: \fI<yes or no>
+.B tls\-use\-sni: \fI<yes or no>\fP 
 Enable or disable sending the SNI extension on TLS connections.
-Default is yes.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
 Changing the value requires a reload.
-.TP
-.B https\-port: \fI<number>
-The port number on which to provide DNS-over-HTTPS service, default 443, only
-interfaces configured with that port number as @number get the HTTPS service.
-.TP
-.B http\-endpoint: \fI<endpoint string>
-The HTTP endpoint to provide DNS-over-HTTPS service on. Default "/dns-query".
-.TP
-.B http\-max\-streams: \fI<number of streams>
+.UNINDENT
+.UNINDENT
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B https\-port: \fI<number>\fP 
+The port number on which to provide DNS\-over\-HTTPS service.
+Only interfaces configured with that port number as @number get the HTTPS
+service.
+.sp
+Default: 443
+.UNINDENT
+.INDENT 0.0
+.TP
+.B http\-endpoint: \fI<endpoint string>\fP 
+The HTTP endpoint to provide DNS\-over\-HTTPS service on.
+.sp
+Default: /dns\-query
+.UNINDENT
+.INDENT 0.0
+.TP
+.B http\-max\-streams: \fI<number of streams>\fP 
 Number used in the SETTINGS_MAX_CONCURRENT_STREAMS parameter in the HTTP/2
-SETTINGS frame for DNS-over-HTTPS connections. Default 100.
-.TP
-.B http\-query\-buffer\-size: \fI<size in bytes>
-Maximum number of bytes used for all HTTP/2 query buffers combined. These
-buffers contain (partial) DNS queries waiting for request stream completion.
-An RST_STREAM frame will be send to streams exceeding this limit. Default is 4
-megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes,
-megabytes or gigabytes (1024*1024 bytes in a megabyte).
-.TP
-.B http\-response\-buffer\-size: \fI<size in bytes>
-Maximum number of bytes used for all HTTP/2 response buffers combined. These
-buffers contain DNS responses waiting to be written back to the clients.
-An RST_STREAM frame will be send to streams exceeding this limit. Default is 4
-megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes,
-megabytes or gigabytes (1024*1024 bytes in a megabyte).
-.TP
-.B http\-nodelay: \fI<yes or no>
-Set TCP_NODELAY socket option on sockets used to provide DNS-over-HTTPS service.
-Ignored if the option is not available. Default is yes.
-.TP
-.B http\-notls\-downstream: \fI<yes or no>
-Disable use of TLS for the downstream DNS-over-HTTP connections.  Useful for
-local back end servers.  Default is no.
-.TP
-.B proxy\-protocol\-port: \fI<portnr>
-List port numbers as proxy\-protocol\-port, and when interfaces are defined,
-eg. with the @port suffix, as this port number, they support and expect PROXYv2.
-In this case the proxy address will only be used for the network communication
-and initial ACL (check if the proxy itself is denied/refused by configuration).
-The proxied address (if any) will then be used as the true client address and
-will be used where applicable for logging, ACL, DNSTAP, RPZ and IP ratelimiting.
+SETTINGS frame for DNS\-over\-HTTPS connections.
+.sp
+Default: 100
+.UNINDENT
+.INDENT 0.0
+.TP
+.B http\-query\-buffer\-size: \fI<size in bytes>\fP 
+Maximum number of bytes used for all HTTP/2 query buffers combined.
+These buffers contain (partial) DNS queries waiting for request stream
+completion.
+An RST_STREAM frame will be send to streams exceeding this limit.
+A plain number is in bytes, append \(aqk\(aq, \(aqm\(aq or \(aqg\(aq for kilobytes, megabytes
+or gigabytes (1024*1024 bytes in a megabyte).
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B http\-response\-buffer\-size: \fI<size in bytes>\fP 
+Maximum number of bytes used for all HTTP/2 response buffers combined.
+These buffers contain DNS responses waiting to be written back to the
+clients.
+An RST_STREAM frame will be send to streams exceeding this limit.
+A plain number is in bytes, append \(aqk\(aq, \(aqm\(aq or \(aqg\(aq for kilobytes, megabytes
+or gigabytes (1024*1024 bytes in a megabyte).
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B http\-nodelay: \fI<yes or no>\fP 
+Set TCP_NODELAY socket option on sockets used to provide DNS\-over\-HTTPS
+service.
+Ignored if the option is not available.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B http\-notls\-downstream: \fI<yes or no>\fP 
+Disable use of TLS for the downstream DNS\-over\-HTTP connections.
+Useful for local back end servers.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B proxy\-protocol\-port: \fI<portnr>\fP 
+List port numbers as
+\fI\%proxy\-protocol\-port\fP, and when
+interfaces are defined, eg. with the @port suffix, as this port number,
+they support and expect PROXYv2.
+.sp
+In this case the proxy address will only be used for the network
+communication and initial ACL (check if the proxy itself is denied/refused
+by configuration).
+.sp
+The proxied address (if any) will then be used as the true client address
+and will be used where applicable for logging, ACL, DNSTAP, RPZ and IP
+ratelimiting.
+.sp
 PROXYv2 is supported for UDP and TCP/TLS listening interfaces.
+.sp
 There is no support for PROXYv2 on a DoH, DoQ or DNSCrypt listening interface.
+.sp
 Can list multiple, each on a new statement.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B quic\-port: \fI<number>
-The port number on which to provide DNS-over-QUIC service, default 853, only
-interfaces configured with that port number as @number get the QUIC service.
+.B quic\-port: \fI<number>\fP 
+The port number on which to provide DNS\-over\-QUIC service.
+Only interfaces configured with that port number as @number get the QUIC
+service.
 The interface uses QUIC for the UDP traffic on that port number.
-.TP
-.B quic\-size: \fI<size in bytes>
-Maximum number of bytes for all QUIC buffers and data combined. Default is 8
-megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes,
-megabytes or gigabytes (1024*1024 bytes in a megabyte). New connections receive
-connection refused when the limit is exceeded. New streams are reset when the
-limit is exceeded.
-.TP
-.B use\-systemd: \fI<yes or no>
+.sp
+Default: 853
+.UNINDENT
+.INDENT 0.0
+.TP
+.B quic\-size: \fI<size in bytes>\fP 
+Maximum number of bytes for all QUIC buffers and data combined.
+A plain number is in bytes, append \(aqk\(aq, \(aqm\(aq or \(aqg\(aq for kilobytes, megabytes
+or gigabytes (1024*1024 bytes in a megabyte).
+New connections receive connection refused when the limit is exceeded.
+New streams are reset when the limit is exceeded.
+.sp
+Default: 8m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B use\-systemd: \fI<yes or no>\fP 
 Enable or disable systemd socket activation.
-Default is no.
-.TP
-.B do\-daemonize: \fI<yes or no>
-Enable or disable whether the Unbound server forks into the background as
-a daemon.  Set the value to \fIno\fR when Unbound runs as systemd service.
-Default is yes.
-.TP
-.B tcp\-connection\-limit: \fI<IP netblock> <limit>
-Allow up to \fIlimit\fR simultaneous TCP connections from the given netblock.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B do\-daemonize: \fI<yes or no>\fP 
+Enable or disable whether the Unbound server forks into the background as a
+daemon.
+Set the value to no when Unbound runs as systemd service.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tcp\-connection\-limit: \fI<IP netblock> <limit>\fP 
+Allow up to limit simultaneous TCP connections from the given netblock.
 When at the limit, further connections are accepted but closed immediately.
 This option is experimental at this time.
+.sp
+Default: (disabled)
+.UNINDENT
+.INDENT 0.0
 .TP
-.B access\-control: \fI<IP netblock> <action>
+.B access\-control: \fI<IP netblock> <action>\fP 
 Specify treatment of incoming queries from their originating IP address.
 Queries can be allowed to have access to this server that gives DNS
-answers, or refused, with other actions possible. The IP address range
-can be specified as a netblock, it is possible to give the statement
-several times in order to specify the treatment of different netblocks.
-.IP
-The netblock is given as an IP4 or IP6 address with /size appended for a
-classless network block. The action can be \fIdeny\fR, \fIrefuse\fR,
-\fIallow\fR, \fIallow_setrd\fR, \fIallow_snoop\fR, \fIallow_cookie\fR,
-\fIdeny_non_local\fR or \fIrefuse_non_local\fR.
-The most specific netblock match is used, if none match \fIrefuse\fR is used.
+answers, or refused, with other actions possible.
+The IP address range can be specified as a netblock, it is possible to give
+the statement several times in order to specify the treatment of different
+netblocks.
+The netblock is given as an IPv4 or IPv6 address with /size appended for a
+classless network block.
+The most specific netblock match is used, if none match
+\fI\%refuse\fP is used.
 The order of the access\-control statements therefore does not matter.
-.IP
-The \fIdeny\fR action stops queries from hosts from that netblock.
-.IP
-The \fIrefuse\fR action stops queries too, but sends a DNS rcode REFUSED
-error message back.
-.IP
-The \fIallow\fR action gives access to clients from that netblock.
-It gives only access for recursion clients (which is
-what almost all clients need).  Nonrecursive queries are refused.
-.IP
-The \fIallow\fR action does allow nonrecursive queries to access the
-local\-data that is configured.  The reason is that this does not involve
-the Unbound server recursive lookup algorithm, and static data is served
-in the reply.  This supports normal operations where nonrecursive queries
-are made for the authoritative data.  For nonrecursive queries any replies
-from the dynamic cache are refused.
-.IP
-The \fIallow_setrd\fR action ignores the recursion desired (RD) bit and
-treats all requests as if the recursion desired bit is set.  Note that this
-behavior violates RFC 1034 which states that a name server should never perform
-recursive service unless asked via the RD bit since this interferes with
-trouble shooting of name servers and their databases. This prohibited behavior
-may be useful if another DNS server must forward requests for specific
-zones to a resolver DNS server, but only supports stub domains and
-sends queries to the resolver DNS server with the RD bit cleared.
-.IP
-The \fIallow_snoop\fR action gives nonrecursive access too.  This give
-both recursive and non recursive access.  The name \fIallow_snoop\fR refers
-to cache snooping, a technique to use nonrecursive queries to examine
-the cache contents (for malicious acts).  However, nonrecursive queries can
-also be a valuable debugging tool (when you want to examine the cache
-contents). In that case use \fIallow_snoop\fR for your administration host.
-.IP
-The \fIallow_cookie\fR action allows access only to UDP queries that contain a
-valid DNS Cookie as specified in RFC 7873 and RFC 9018, when the
-\fBanswer\-cookie\fR option is enabled.
-UDP queries containing only a DNS Client Cookie and no Server Cookie, or an
-invalid DNS Cookie, will receive a BADCOOKIE response including a newly
-generated DNS Cookie, allowing clients to retry with that DNS Cookie.
-The \fIallow_cookie\fR action will also accept requests over stateful
-transports, regardless of the presence of an DNS Cookie and regardless of the
-\fBanswer\-cookie\fR setting.
-UDP queries without a DNS Cookie receive REFUSED responses with the TC flag set,
-that may trigger fall back to TCP for those clients.
-.IP
+The action can be
+\fI\%deny\fP,
+\fI\%refuse\fP,
+\fI\%allow\fP,
+\fI\%allow_setrd\fP,
+\fI\%allow_snoop\fP,
+\fI\%allow_cookie\fP,
+\fI\%deny_non_local\fP or
+\fI\%refuse_non_local\fP\&.
+.INDENT 7.0
+.TP
+.B deny 
+Stops queries from hosts from that netblock.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B refuse 
+Stops queries too, but sends a DNS rcode REFUSED error message back.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B allow 
+Gives access to clients from that netblock.
+It gives only access for recursion clients (which is what almost all
+clients need).
+Non\-recursive queries are refused.
+.sp
+The \fI\%allow\fP action does
+allow non\-recursive queries to access the local\-data that is
+configured.
+The reason is that this does not involve the Unbound server recursive
+lookup algorithm, and static data is served in the reply.
+This supports normal operations where non\-recursive queries are made
+for the authoritative data.
+For non\-recursive queries any replies from the dynamic cache are
+refused.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B allow_setrd 
+Ignores the recursion desired (RD) bit and treats all requests as if
+the recursion desired bit is set.
+.sp
+Note that this behavior violates \fI\%RFC 1034\fP which states that a name
+server should never perform recursive service unless asked via the RD
+bit since this interferes with trouble shooting of name servers and
+their databases.
+This prohibited behavior may be useful if another DNS server must
+forward requests for specific zones to a resolver DNS server, but only
+supports stub domains and sends queries to the resolver DNS server with
+the RD bit cleared.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B allow_snoop 
+Gives non\-recursive access too.
+This gives both recursive and non recursive access.
+The name \fIallow_snoop\fP refers to cache snooping, a technique to use
+non\-recursive queries to examine the cache contents (for malicious
+acts).
+However, non\-recursive queries can also be a valuable debugging tool
+(when you want to examine the cache contents).
+.sp
+In that case use
+\fI\%allow_snoop\fP for
+your administration host.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B allow_cookie 
+Allows access only to UDP queries that contain a valid DNS Cookie as
+specified in RFC 7873 and RFC 9018, when the
+\fI\%answer\-cookie\fP option is enabled.
+UDP queries containing only a DNS Client Cookie and no Server Cookie,
+or an invalid DNS Cookie, will receive a BADCOOKIE response including a
+newly generated DNS Cookie, allowing clients to retry with that DNS
+Cookie.
+The \fIallow_cookie\fP action will also accept requests over stateful
+transports, regardless of the presence of an DNS Cookie and regardless
+of the \fI\%answer\-cookie\fP setting.
+UDP queries without a DNS Cookie receive REFUSED responses with the TC
+flag set, that may trigger fall back to TCP for those clients.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B deny_non_local 
+The
+\fI\%deny_non_local\fP
+action is for hosts that are only allowed to query for the
+authoritative \fI\%local\-data\fP, they are not
+allowed full recursion but only the static data.
+Messages that are disallowed are dropped.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B refuse_non_local 
+The
+\fI\%refuse_non_local\fP
+action is for hosts that are only allowed to query for the
+authoritative \fI\%local\-data\fP, they are not
+allowed full recursion but only the static data.
+Messages that are disallowed receive error code REFUSED.
+.UNINDENT
+.sp
 By default only localhost (the 127.0.0.0/8 IP netblock, not the loopback
-interface) is implicitly \fIallow\fRed, the rest is \fIrefuse\fRd.
-The default is \fIrefuse\fRd, because that is protocol\-friendly. The DNS
-protocol is not designed to handle dropped packets due to policy, and
-dropping may result in (possibly excessive) retried queries.
-.IP
-The deny_non_local and refuse_non_local settings are for hosts that are
-only allowed to query for the authoritative local\-data, they are not
-allowed full recursion but only the static data.  With deny_non_local,
-messages that are disallowed are dropped, with refuse_non_local they
-receive error code REFUSED.
-.TP
-.B access\-control\-tag: \fI<IP netblock> <"list of tags">
-Assign tags to access-control elements. Clients using this access control
-element use localzones that are tagged with one of these tags. Tags must be
-defined in \fIdefine\-tags\fR.  Enclose list of tags in quotes ("") and put
-spaces between tags. If access\-control\-tag is configured for a netblock that
-does not have an access\-control, an access\-control element with action
-\fIallow\fR is configured for this netblock.
-.TP
-.B access\-control\-tag\-action: \fI<IP netblock> <tag> <action>
-Set action for particular tag for given access control element. If you have
-multiple tag values, the tag used to lookup the action is the first tag match
-between access\-control\-tag and local\-zone\-tag where "first" comes from the
-order of the define-tag values.
-.TP
-.B access\-control\-tag\-data: \fI<IP netblock> <tag> <"resource record string">
+interface) is implicitly \fIallowed\fP, the rest is refused.
+The default is \fIrefused\fP, because that is protocol\-friendly.
+The DNS protocol is not designed to handle dropped packets due to policy,
+and dropping may result in (possibly excessive) retried queries.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B access\-control\-tag: \fI<IP netblock> \(dq<list of tags>\(dq\fP 
+Assign tags to \fI\%access\-control\fP
+elements.
+Clients using this access control element use localzones that are tagged
+with one of these tags.
+.sp
+Tags must be defined in \fI\%define\-tag\fP\&.
+Enclose list of tags in quotes (\fB\(dq\(dq\fP) and put spaces between tags.
+.sp
+If \fI\%access\-control\-tag\fP is
+configured for a netblock that does not have an
+\fI\%access\-control\fP, an access\-control
+element with action \fI\%allow\fP
+is configured for this netblock.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B access\-control\-tag\-action: \fI<IP netblock> <tag> <action>\fP 
+Set action for particular tag for given access control element.
+If you have multiple tag values, the tag used to lookup the action is the
+first tag match between
+\fI\%access\-control\-tag\fP and
+\fI\%local\-zone\-tag\fP where \(dqfirst\(dq comes
+from the order of the \fI\%define\-tag\fP values.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B access\-control\-tag\-data: \fI<IP netblock> <tag> \(dq<resource record string>\(dq\fP 
 Set redirect data for particular tag for given access control element.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B access\-control\-view: \fI<IP netblock> <view name>
+.B access\-control\-view: \fI<IP netblock> <view name>\fP 
 Set view for given access control element.
-.TP
-.B interface\-action: \fI<ip address or interface name [@port]> <action>
-Similar to \fBaccess\-control:\fR but for interfaces.
-.IP
-The action is the same as the ones defined under \fBaccess\-control:\fR.
-Interfaces are \fIrefuse\fRd by default.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B interface\-action: \fI<ip address or interface name [@port]> <action>\fP 
+Similar to \fI\%access\-control\fP but for
+interfaces.
+.sp
+The action is the same as the ones defined under
+\fI\%access\-control\fP\&.
+.sp
+Default action for interfaces is
+\fI\%refuse\fP\&.
 By default only localhost (the 127.0.0.0/8 IP netblock, not the loopback
-interface) is implicitly \fIallow\fRed through the default
-\fBaccess\-control:\fR behavior.
-This also means that any attempt to use the \fBinterface-*:\fR options for the
-loopback interface will not work as they will be overridden by the implicit
-default "\fBaccess\-control:\fR 127.0.0.0/8 allow" option.
-.IP
-Note that the interface needs to be already specified with \fBinterface:\fR
-and that any \fBaccess-control*:\fR setting overrides all \fBinterface-*:\fR
-settings for targeted clients.
-.TP
-.B interface\-tag: \fI<ip address or interface name [@port]> <"list of tags">
-Similar to \fBaccess\-control-tag:\fR but for interfaces.
-.IP
-Note that the interface needs to be already specified with \fBinterface:\fR
-and that any \fBaccess-control*:\fR setting overrides all \fBinterface-*:\fR
-settings for targeted clients.
-.TP
-.B interface\-tag\-action: \fI<ip address or interface name [@port]> <tag> <action>
-Similar to \fBaccess\-control-tag-action:\fR but for interfaces.
-.IP
-Note that the interface needs to be already specified with \fBinterface:\fR
-and that any \fBaccess-control*:\fR setting overrides all \fBinterface-*:\fR
-settings for targeted clients.
-.TP
-.B interface\-tag\-data: \fI<ip address or interface name [@port]> <tag> <"resource record string">
-Similar to \fBaccess\-control-tag-data:\fR but for interfaces.
-.IP
-Note that the interface needs to be already specified with \fBinterface:\fR
-and that any \fBaccess-control*:\fR setting overrides all \fBinterface-*:\fR
-settings for targeted clients.
-.TP
-.B interface\-view: \fI<ip address or interface name [@port]> <view name>
-Similar to \fBaccess\-control-view:\fR but for interfaces.
-.IP
-Note that the interface needs to be already specified with \fBinterface:\fR
-and that any \fBaccess-control*:\fR setting overrides all \fBinterface-*:\fR
-settings for targeted clients.
-.TP
-.B chroot: \fI<directory>
-If chroot is enabled, you should pass the configfile (from the
-commandline) as a full path from the original root. After the
-chroot has been performed the now defunct portion of the config
+interface) is implicitly allowed through the default
+\fI\%access\-control\fP behavior.
+This also means that any attempt to use the \fBinterface\-*:\fP options for
+the loopback interface will not work as they will be overridden by the
+implicit default \(dqaccess\-control: 127.0.0.0/8 allow\(dq option.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The interface needs to be already specified with
+\fI\%interface\fP and that any
+\fBaccess\-control*:\fP attribute overrides all \fBinterface\-*:\fP
+attributes for targeted clients.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B interface\-tag: \fI<ip address or interface name [@port]> <\(dqlist of tags\(dq>\fP 
+Similar to \fI\%access\-control\-tag\fP but
+for interfaces.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The interface needs to be already specified with
+\fI\%interface\fP and that any
+\fBaccess\-control*:\fP attribute overrides all \fBinterface\-*:\fP
+attributes for targeted clients.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B interface\-tag\-action: \fI<ip address or interface name [@port]> <tag> <action>\fP 
+Similar to
+\fI\%access\-control\-tag\-action\fP
+but for interfaces.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The interface needs to be already specified with
+\fI\%interface\fP and that any
+\fBaccess\-control*:\fP attribute overrides all \fBinterface\-*:\fP
+attributes for targeted clients.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B interface\-tag\-data: \fI<ip address or interface name [@port]> <tag> <\(dqresource record string\(dq>\fP 
+Similar to
+\fI\%access\-control\-tag\-data\fP but
+for interfaces.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The interface needs to be already specified with
+\fI\%interface\fP and that any
+\fBaccess\-control*:\fP attribute overrides all \fBinterface\-*:\fP
+attributes for targeted clients.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B interface\-view: \fI<ip address or interface name [@port]> <view name>\fP 
+Similar to \fI\%access\-control\-view\fP
+but for interfaces.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The interface needs to be already specified with
+\fI\%interface\fP and that any
+\fBaccess\-control*:\fP attribute overrides all \fBinterface\-*:\fP
+attributes for targeted clients.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B chroot: \fI<directory>\fP 
+If \fI\%chroot\fP is enabled, you should pass the
+configfile (from the commandline) as a full path from the original root.
+After the chroot has been performed the now defunct portion of the config
 file path is removed to be able to reread the config after a reload.
-.IP
-All other file paths (working dir, logfile, roothints, and
-key files) can be specified in several ways:
-as an absolute path relative to the new root,
-as a relative path to the working directory, or
-as an absolute path relative to the original root.
+.sp
+All other file paths (working dir, logfile, roothints, and key files) can
+be specified in several ways: as an absolute path relative to the new root,
+as a relative path to the working directory, or as an absolute path
+relative to the original root.
 In the last case the path is adjusted to remove the unused portion.
-.IP
-The pidfile can be either a relative path to the working directory, or
-an absolute path relative to the original root. It is written just prior
-to chroot and dropping permissions. This allows the pidfile to be
-/var/run/unbound.pid and the chroot to be /var/unbound, for example. Note that
-Unbound is not able to remove the pidfile after termination when it is located
-outside of the chroot directory.
-.IP
-Additionally, Unbound may need to access /dev/urandom (for entropy)
+.sp
+The pidfile can be either a relative path to the working directory, or an
+absolute path relative to the original root.
+It is written just prior to chroot and dropping permissions.
+This allows the pidfile to be \fB/var/run/unbound.pid\fP and the chroot
+to be \fB/var/unbound\fP, for example.
+Note that Unbound is not able to remove the pidfile after termination when
+it is located outside of the chroot directory.
+.sp
+Additionally, Unbound may need to access \fB/dev/urandom\fP (for entropy)
 from inside the chroot.
-.IP
-If given a chroot is done to the given directory. The chroot is by default 
-set to "@UNBOUND_CHROOT_DIR@". If you give "" no chroot is performed.
-.TP
-.B username: \fI<name>
-If given, after binding the port the user privileges are dropped. Default is
-"@UNBOUND_USERNAME@". If you give username: "" no user change is performed.
-.IP
-If this user is not capable of binding the
-port, reloads (by signal HUP) will still retain the opened ports.
+.sp
+If given, a \fIchroot(2)\fP is done to the given directory.
+If you give \fB\(dq\(dq\fP no \fIchroot(2)\fP is performed.
+.sp
+Default: @UNBOUND_CHROOT_DIR@
+.UNINDENT
+.INDENT 0.0
+.TP
+.B username: \fI<name>\fP 
+If given, after binding the port the user privileges are dropped.
+If you give username: \fB\(dq\(dq\fP no user change is performed.
+.sp
+If this user is not capable of binding the port, reloads (by signal HUP)
+will still retain the opened ports.
 If you change the port number in the config file, and that new port number
 requires privileges, then a reload will fail; a restart is needed.
-.TP
-.B directory: \fI<directory>
-Sets the working directory for the program. Default is "@UNBOUND_RUN_DIR@".
-On Windows the string "%EXECUTABLE%" tries to change to the directory
-that unbound.exe resides in.
-If you give a server: directory: dir before include: file statements
-then those includes can be relative to the working directory.
-.TP
-.B logfile: \fI<filename>
-If "" is given, logging goes to stderr, or nowhere once daemonized.
+.sp
+Default: @UNBOUND_USERNAME@
+.UNINDENT
+.INDENT 0.0
+.TP
+.B directory: \fI<directory>\fP 
+Sets the working directory for the program.
+On Windows the string \(dq%EXECUTABLE%\(dq tries to change to the directory that
+\fBunbound.exe\fP resides in.
+If you give a \fI\%server: directory:
+<directory>\fP before
+\fI\%include\fP file statements then those includes
+can be relative to the working directory.
+.sp
+Default: @UNBOUND_RUN_DIR@
+.UNINDENT
+.INDENT 0.0
+.TP
+.B logfile: \fI<filename>\fP 
+If \fB\(dq\(dq\fP is given, logging goes to stderr, or nowhere once daemonized.
 The logfile is appended to, in the following format:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
+.ft C
 [seconds since 1970] unbound[pid:tid]: type: message.
+.ft P
 .fi
-If this option is given, the use\-syslog is option is set to "no".
+.UNINDENT
+.UNINDENT
+.sp
+If this option is given, the \fI\%use\-syslog\fP
+attribute is internally set to \fBno\fP\&.
+.sp
 The logfile is reopened (for append) when the config file is reread, on
 SIGHUP.
-.TP
-.B use\-syslog: \fI<yes or no>
-Sets Unbound to send log messages to the syslogd, using
-\fIsyslog\fR(3).
-The log facility LOG_DAEMON is used, with identity "unbound".
-The logfile setting is overridden when use\-syslog is turned on.
-The default is to log to syslog.
-.TP
-.B log\-identity: \fI<string>
-If "" is given (default), then the name of the executable, usually "unbound"
-is used to report to the log.  Enter a string to override it
-with that, which is useful on systems that run more than one instance of
-Unbound, with different configurations, so that the logs can be easily
-distinguished against.
-.TP
-.B log\-time\-ascii: \fI<yes or no>
-Sets logfile lines to use a timestamp in UTC ascii. Default is no, which
-prints the seconds since 1970 in brackets. No effect if using syslog, in
-that case syslog formats the timestamp printed into the log files.
-.TP
-.B log\-time\-iso:\fR <yes or no>
-Log time in ISO8601 format, if \fBlog\-time\-ascii:\fR yes is also set.
-Default is no.
-.TP
-.B log\-queries: \fI<yes or no>
-Prints one line per query to the log, with the log timestamp and IP address,
-name, type and class.  Default is no.  Note that it takes time to print these
-lines which makes the server (significantly) slower.  Odd (nonprintable)
-characters in names are printed as '?'.
-.TP
-.B log\-replies: \fI<yes or no>
-Prints one line per reply to the log, with the log timestamp and IP address,
-name, type, class, return code, time to resolve, from cache and response size.
-Default is no.  Note that it takes time to print these
-lines which makes the server (significantly) slower.  Odd (nonprintable)
-characters in names are printed as '?'.
-.TP
-.B log\-tag\-queryreply: \fI<yes or no>
-Prints the word 'query' and 'reply' with log\-queries and log\-replies.
-This makes filtering logs easier.  The default is off (for backwards
-compatibility).
-.TP
-.B log\-destaddr: \fI<yes or no>
-Prints the destination address, port and type in the log\-replies output.
-This disambiguates what type of traffic, eg. udp or tcp, and to what local
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B use\-syslog: \fI<yes or no>\fP 
+Sets Unbound to send log messages to the syslogd, using \fIsyslog(3)\fP\&.
+The log facility LOG_DAEMON is used, with identity \(dqunbound\(dq.
+The logfile setting is overridden when
+\fI\%use\-syslog: yes\fP is set.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-identity: \fI<string>\fP 
+If \fB\(dq\(dq\fP is given, then the name of the executable, usually
+\(dqunbound\(dq is used to report to the log.
+Enter a string to override it with that, which is useful on systems that
+run more than one instance of Unbound, with different configurations, so
+that the logs can be easily distinguished against.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-time\-ascii: \fI<yes or no>\fP 
+Sets logfile lines to use a timestamp in UTC ASCII.
+No effect if using syslog, in that case syslog formats the timestamp
+printed into the log files.
+.sp
+Default: no (prints the seconds since 1970 in brackets)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-time\-iso: \fI<yes or no>\fP 
+Log time in ISO8601 format, if
+\fI\%log\-time\-ascii: yes\fP
+is also set.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-queries: \fI<yes or no>\fP 
+Prints one line per query to the log, with the log timestamp and IP
+address, name, type and class.
+Note that it takes time to print these lines which makes the server
+(significantly) slower.
+Odd (nonprintable) characters in names are printed as \fB\(aq?\(aq\fP\&.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-replies: \fI<yes or no>\fP 
+Prints one line per reply to the log, with the log timestamp and IP
+address, name, type, class, return code, time to resolve, from cache and
+response size.
+Note that it takes time to print these lines which makes the server
+(significantly) slower.
+Odd (nonprintable) characters in names are printed as \fB\(aq?\(aq\fP\&.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-tag\-queryreply: \fI<yes or no>\fP 
+Prints the word \(aqquery\(aq and \(aqreply\(aq with
+\fI\%log\-queries\fP and
+\fI\%log\-replies\fP\&.
+This makes filtering logs easier.
+.sp
+Default: no (backwards compatible)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-destaddr: \fI<yes or no>\fP 
+Prints the destination address, port and type in the
+\fI\%log\-replies\fP output.
+This disambiguates what type of traffic, eg. UDP or TCP, and to what local
 port the traffic was sent to.
-.TP
-.B log\-local\-actions: \fI<yes or no>
-Print log lines to inform about local zone actions.  These lines are like the
-local\-zone type inform prints out, but they are also printed for the other
-types of local zones.
-.TP
-.B log\-servfail: \fI<yes or no>
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-local\-actions: \fI<yes or no>\fP 
+Print log lines to inform about local zone actions.
+These lines are like the \fI\%local\-zone type
+inform\fP print outs, but they are also
+printed for the other types of local zones.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-servfail: \fI<yes or no>\fP 
 Print log lines that say why queries return SERVFAIL to clients.
 This is separate from the verbosity debug logs, much smaller, and printed
 at the error level, not the info level of debug info from verbosity.
-.TP
-.B pidfile: \fI<filename>
-The process id is written to the file. Default is "@UNBOUND_PIDFILE@".
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B pidfile: \fI<filename>\fP 
+The process id is written to the file.
+Default is \fB\(dq@UNBOUND_PIDFILE@\(dq\fP\&.
 So,
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-kill \-HUP `cat @UNBOUND_PIDFILE@`
+.ft C
+kill \-HUP \(gacat @UNBOUND_PIDFILE@\(ga
+.ft P
 .fi
+.UNINDENT
+.UNINDENT
+.sp
 triggers a reload,
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-kill \-TERM `cat @UNBOUND_PIDFILE@`
+.ft C
+kill \-TERM \(gacat @UNBOUND_PIDFILE@\(ga
+.ft P
 .fi
+.UNINDENT
+.UNINDENT
+.sp
 gracefully terminates.
-.TP
-.B root\-hints: \fI<filename>
-Read the root hints from this file. Default is nothing, using builtin hints
-for the IN class. The file has the format of zone files, with root
-nameserver names and addresses only. The default may become outdated,
-when servers change, therefore it is good practice to use a root\-hints file.
-.TP
-.B hide\-identity: \fI<yes or no>
-If enabled id.server and hostname.bind queries are refused.
-.TP
-.B identity: \fI<string>
-Set the identity to report. If set to "", the default, then the hostname
-of the server is returned.
-.TP
-.B hide\-version: \fI<yes or no>
-If enabled version.server and version.bind queries are refused.
-.TP
-.B version: \fI<string>
-Set the version to report. If set to "", the default, then the package
-version is returned.
-.TP
-.B hide\-http\-user\-agent: \fI<yes or no>
-If enabled the HTTP header User-Agent is not set. Use with caution as some
-webserver configurations may reject HTTP requests lacking this header.
+.sp
+Default: @UNBOUND_PIDFILE@
+.UNINDENT
+.INDENT 0.0
+.TP
+.B root\-hints: \fI<filename>\fP 
+Read the root hints from this file.
+Default is nothing, using builtin hints for the IN class.
+The file has the format of zone files, with root nameserver names and
+addresses only.
+The default may become outdated, when servers change, therefore it is good
+practice to use a root hints file.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B hide\-identity: \fI<yes or no>\fP 
+If enabled \(aqid.server\(aq and \(aqhostname.bind\(aq queries are REFUSED.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B identity: \fI<string>\fP 
+Set the identity to report.
+If set to \fB\(dq\(dq\fP, then the hostname of the server is returned.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B hide\-version: \fI<yes or no>\fP 
+If enabled \(aqversion.server\(aq and \(aqversion.bind\(aq queries are REFUSED.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B version: \fI<string>\fP 
+Set the version to report.
+If set to \fB\(dq\(dq\fP, then the package version is returned.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B hide\-http\-user\-agent: \fI<yes or no>\fP 
+If enabled the HTTP header User\-Agent is not set.
+Use with caution as some webserver configurations may reject HTTP requests
+lacking this header.
 If needed, it is better to explicitly set the
-.B http\-user\-agent
-below.
-.TP
-.B http\-user\-agent: \fI<string>
-Set the HTTP User-Agent header for outgoing HTTP requests. If set to "",
-the default, then the package name and version are used.
-.TP
-.B nsid:\fR <string>
-Add the specified nsid to the EDNS section of the answer when queried
-with an NSID EDNS enabled packet.  As a sequence of hex characters or
-with ascii_ prefix and then an ascii string.
-.TP
-.B hide\-trustanchor: \fI<yes or no>
-If enabled trustanchor.unbound queries are refused.
-.TP
-.B target\-fetch\-policy: \fI<"list of numbers">
+\fI\%http\-user\-agent\fP below.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B http\-user\-agent: \fI<string>\fP 
+Set the HTTP User\-Agent header for outgoing HTTP requests.
+If set to \fB\(dq\(dq\fP, then the package name and version are used.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B nsid: \fI<string>\fP 
+Add the specified nsid to the EDNS section of the answer when queried with
+an NSID EDNS enabled packet.
+As a sequence of hex characters or with \(aqascii_\(aq prefix and then an ASCII
+string.
+.sp
+Default: (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B hide\-trustanchor: \fI<yes or no>\fP 
+If enabled \(aqtrustanchor.unbound\(aq queries are REFUSED.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B target\-fetch\-policy: \fI<\(dqlist of numbers\(dq>\fP 
 Set the target fetch policy used by Unbound to determine if it should fetch
-nameserver target addresses opportunistically. The policy is described per
+nameserver target addresses opportunistically.
+The policy is described per dependency depth.
+.sp
+The number of values determines the maximum dependency depth that Unbound
+will pursue in answering a query.
+A value of \-1 means to fetch all targets opportunistically for that
 dependency depth.
-.IP
-The number of values determines the maximum dependency depth
-that Unbound will pursue in answering a query.
-A value of \-1 means to fetch all targets opportunistically for that dependency
-depth. A value of 0 means to fetch on demand only. A positive value fetches
-that many targets opportunistically.
-.IP
-Enclose the list between quotes ("") and put spaces between numbers.
-The default is "3 2 1 0 0". Setting all zeroes, "0 0 0 0 0" gives behaviour
-closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour
-rumoured to be closer to that of BIND 8.
-.TP
-.B harden\-short\-bufsize: \fI<yes or no>
-Very small EDNS buffer sizes from queries are ignored. Default is yes, as
-described in the standard.
-.TP
-.B harden\-large\-queries: \fI<yes or no>
-Very large queries are ignored. Default is no, since it is legal protocol
-wise to send these, and could be necessary for operation if TSIG or EDNS
-payload is very large.
-.TP
-.B harden\-glue: \fI<yes or no>
-Will trust glue only if it is within the servers authority. Default is yes.
-.TP
-.B harden\-unverified\-glue: \fI<yes or no>
-Will trust only in-zone glue. Will try to resolve all out of zone
-(\fI<unverfied>) glue. Will fallback to the original glue if unable to resolve.
-Default is no.
-.TP
-.B harden\-dnssec\-stripped: \fI<yes or no>
-Require DNSSEC data for trust\-anchored zones, if such data is absent,
-the zone becomes bogus. If turned off, and no DNSSEC data is received
-(or the DNSKEY data fails to validate), then the zone is made insecure,
-this behaves like there is no trust anchor. You could turn this off if
-you are sometimes behind an intrusive firewall (of some sort) that
-removes DNSSEC data from packets, or a zone changes from signed to
-unsigned to badly signed often. If turned off you run the risk of a
-downgrade attack that disables security for a zone. Default is yes.
-.TP
-.B harden\-below\-nxdomain: \fI<yes or no>
-From RFC 8020 (with title "NXDOMAIN: There Really Is Nothing Underneath"),
-returns nxdomain to queries for a name
-below another name that is already known to be nxdomain.  DNSSEC mandates
-noerror for empty nonterminals, hence this is possible.  Very old software
-might return nxdomain for empty nonterminals (that usually happen for reverse
-IP address lookups), and thus may be incompatible with this.  To try to avoid
-this only DNSSEC-secure nxdomains are used, because the old software does not
-have DNSSEC.  Default is yes.
-The nxdomain must be secure, this means nsec3 with optout is insufficient.
-.TP
-.B harden\-referral\-path: \fI<yes or no>
+A value of 0 means to fetch on demand only.
+A positive value fetches that many targets opportunistically.
+.sp
+Enclose the list between quotes (\fB\(dq\(dq\fP) and put spaces between numbers.
+Setting all zeroes, \(dq0 0 0 0 0\(dq gives behaviour closer to that of BIND 9,
+while setting \(dq\-1 \-1 \-1 \-1 \-1\(dq gives behaviour rumoured to be closer to
+that of BIND 8.
+.sp
+Default:  \(dq3 2 1 0 0\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-short\-bufsize: \fI<yes or no>\fP 
+Very small EDNS buffer sizes from queries are ignored.
+.sp
+Default: yes (as described in the standard)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-large\-queries: \fI<yes or no>\fP 
+Very large queries are ignored.
+Default is no, since it is legal protocol wise to send these, and could be
+necessary for operation if TSIG or EDNS payload is very large.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-glue: \fI<yes or no>\fP 
+Will trust glue only if it is within the servers authority.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-unverified\-glue: \fI<yes or no>\fP 
+Will trust only in\-zone glue.
+Will try to resolve all out of zone (\fIunverified\fP) glue.
+Will fallback to the original glue if unable to resolve.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-dnssec\-stripped: \fI<yes or no>\fP 
+Require DNSSEC data for trust\-anchored zones, if such data is absent, the
+zone becomes bogus.
+If turned off, and no DNSSEC data is received (or the DNSKEY data fails to
+validate), then the zone is made insecure, this behaves like there is no
+trust anchor.
+You could turn this off if you are sometimes behind an intrusive firewall
+(of some sort) that removes DNSSEC data from packets, or a zone changes
+from signed to unsigned to badly signed often.
+If turned off you run the risk of a downgrade attack that disables security
+for a zone.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-below\-nxdomain: \fI<yes or no>\fP 
+From \fI\%RFC 8020\fP (with title \(dqNXDOMAIN: There Really Is Nothing
+Underneath\(dq), returns NXDOMAIN to queries for a name below another name
+that is already known to be NXDOMAIN.
+DNSSEC mandates NOERROR for empty nonterminals, hence this is possible.
+Very old software might return NXDOMAIN for empty nonterminals (that
+usually happen for reverse IP address lookups), and thus may be
+incompatible with this.
+To try to avoid this only DNSSEC\-secure NXDOMAINs are used, because the old
+software does not have DNSSEC.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The NXDOMAIN must be secure, this means NSEC3 with optout is
+insufficient.
+.UNINDENT
+.UNINDENT
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-referral\-path: \fI<yes or no>\fP 
 Harden the referral path by performing additional queries for
-infrastructure data.  Validates the replies if trust anchors are configured
-and the zones are signed.  This enforces DNSSEC validation on nameserver
-NS sets and the nameserver addresses that are encountered on the referral
-path to the answer.
-Default no, because it burdens the authority servers, and it is
-not RFC standard, and could lead to performance problems because of the
-extra query load that is generated.  Experimental option.
-If you enable it consider adding more numbers after the target\-fetch\-policy
-to increase the max depth that is checked to.
-.TP
-.B harden\-algo\-downgrade: \fI<yes or no>
-Harden against algorithm downgrade when multiple algorithms are
-advertised in the DS record.
-This works by first choosing only the strongest DS digest type as per RFC 4509
-(Unbound treats the highest algorithm as the strongest) and then
-expecting signatures from all the advertised signing algorithms from the chosen
-DS(es) to be present.
-If no, allows any one supported algorithm to validate the zone, even if other advertised algorithms are broken.
-Default is no.
-RFC 6840 mandates that zone signers must produce zones signed with all
+infrastructure data.
+Validates the replies if trust anchors are configured and the zones are
+signed.
+This enforces DNSSEC validation on nameserver NS sets and the nameserver
+addresses that are encountered on the referral path to the answer.
+Default is off, because it burdens the authority servers, and it is not RFC
+standard, and could lead to performance problems because of the extra query
+load that is generated.
+Experimental option.
+If you enable it consider adding more numbers after the
+\fI\%target\-fetch\-policy\fP to increase
+the max depth that is checked to.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-algo\-downgrade: \fI<yes or no>\fP 
+Harden against algorithm downgrade when multiple algorithms are advertised
+in the DS record.
+This works by first choosing only the strongest DS digest type as per
+\fI\%RFC 4509\fP (Unbound treats the highest algorithm as the strongest) and
+then expecting signatures from all the advertised signing algorithms from
+the chosen DS(es) to be present.
+If no, allows any one supported algorithm to validate the zone, even if
+other advertised algorithms are broken.
+\fI\%RFC 6840\fP mandates that zone signers must produce zones signed with all
 advertised algorithms, but sometimes they do not.
-RFC 6840 also clarifies that this requirement is not for validators and
+\fI\%RFC 6840\fP also clarifies that this requirement is not for validators and
 validators should accept any single valid path.
-It should thus be explicitly noted that this option violates RFC 6840 for
-DNSSEC validation and should only be used to perform a signature
+It should thus be explicitly noted that this option violates \fI\%RFC 6840\fP
+for DNSSEC validation and should only be used to perform a signature
 completeness test to support troubleshooting.
-Using this option may break DNSSEC resolution with non-RFC6840-conforming
-signers and/or in multi-signer configurations that don't send all the
-advertised signatures.
-.TP
-.B harden\-unknown\-additional: \fI<yes or no>
+.sp
+\fBWARNING:\fP
+.INDENT 7.0
+.INDENT 3.5
+Using this option may break DNSSEC resolution with non \fI\%RFC 6840\fP
+conforming signers and/or in multi\-signer configurations that don\(aqt
+send all the advertised signatures.
+.UNINDENT
+.UNINDENT
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-unknown\-additional: \fI<yes or no>\fP 
 Harden against unknown records in the authority section and additional
-section. Default is no. If no, such records are copied from the upstream
-and presented to the client together with the answer. If yes, it could
-hamper future protocol developments that want to add records.
-.TP
-.B use\-caps\-for\-id: \fI<yes or no>
+section.
+If no, such records are copied from the upstream and presented to the
+client together with the answer.
+If yes, it could hamper future protocol developments that want to add
+records.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B use\-caps\-for\-id: \fI<yes or no>\fP 
 Use 0x20\-encoded random bits in the query to foil spoof attempts.
-This perturbs the lowercase and uppercase of query names sent to
-authority servers and checks if the reply still has the correct casing.
-Disabled by default.
+This perturbs the lowercase and uppercase of query names sent to authority
+servers and checks if the reply still has the correct casing.
 This feature is an experimental implementation of draft dns\-0x20.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
 .TP
-.B caps\-exempt: \fI<domain>
+.B caps\-exempt: \fI<domain>\fP 
 Exempt the domain so that it does not receive caps\-for\-id perturbed
-queries.  For domains that do not support 0x20 and also fail with fallback
-because they keep sending different answers, like some load balancers.
+queries.
+For domains that do not support 0x20 and also fail with fallback because
+they keep sending different answers, like some load balancers.
 Can be given multiple times, for different domains.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B caps\-whitelist: \fI<domain>
-Alternate syntax for \fBcaps\-exempt\fR.
+.B caps\-whitelist: \fI<domain>\fP 
+Alternate syntax for \fI\%caps\-exempt\fP\&.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B qname\-minimisation: \fI<yes or no>
+.B qname\-minimisation: \fI<yes or no>\fP 
 Send minimum amount of information to upstream servers to enhance privacy.
 Only send minimum required labels of the QNAME and set QTYPE to A when
-possible. Best effort approach; full QNAME and original QTYPE will be sent when
+possible.
+Best effort approach; full QNAME and original QTYPE will be sent when
 upstream replies with a RCODE other than NOERROR, except when receiving
-NXDOMAIN from a DNSSEC signed zone. Default is yes.
-.TP
-.B qname\-minimisation\-strict: \fI<yes or no>
-QNAME minimisation in strict mode. Do not fall-back to sending full QNAME to
-potentially broken nameservers. A lot of domains will not be resolvable when
-this option in enabled. Only use if you know what you are doing.
-This option only has effect when qname-minimisation is enabled. Default is no.
-.TP
-.B aggressive\-nsec: \fI<yes or no>
-Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN
-and other denials, using information from previous NXDOMAINs answers.
-Default is yes.  It helps to reduce the query rate towards targets that get
-a very high nonexistent name lookup rate.
-.TP
-.B private\-address: \fI<IP address or subnet>
-Give IPv4 of IPv6 addresses or classless subnets. These are addresses
-on your private network, and are not allowed to be returned for
-public internet names.  Any occurrence of such addresses are removed
-from DNS answers. Additionally, the DNSSEC validator may mark the
-answers bogus. This protects against so\-called DNS Rebinding, where
-a user browser is turned into a network proxy, allowing remote access
-through the browser to other parts of your private network.  Some names
-can be allowed to contain your private addresses, by default all the
-\fBlocal\-data\fR that you configured is allowed to, and you can specify
-additional names using \fBprivate\-domain\fR.  No private addresses are
-enabled by default.  We consider to enable this for the RFC1918 private
-IP address space by default in later releases. That would enable private
-addresses for 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16
-fd00::/8 and fe80::/10, since the RFC standards say these addresses
-should not be visible on the public internet.  Turning on 127.0.0.0/8
-would hinder many spamblocklists as they use that.  Adding ::ffff:0:0/96
-stops IPv4-mapped IPv6 addresses from bypassing the filter.
-.TP
-.B private\-domain: \fI<domain name>
+NXDOMAIN from a DNSSEC signed zone.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B qname\-minimisation\-strict: \fI<yes or no>\fP 
+QNAME minimisation in strict mode.
+Do not fall\-back to sending full QNAME to potentially broken nameservers.
+A lot of domains will not be resolvable when this option in enabled.
+Only use if you know what you are doing.
+This option only has effect when
+\fI\%qname\-minimisation\fP is enabled.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B aggressive\-nsec: \fI<yes or no>\fP 
+Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN and other
+denials, using information from previous NXDOMAINs answers.
+It helps to reduce the query rate towards targets that get a very high
+nonexistent name lookup rate.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B private\-address: \fI<IP address or subnet>\fP 
+Give IPv4 of IPv6 addresses or classless subnets.
+These are addresses on your private network, and are not allowed to be
+returned for public internet names.
+Any occurrence of such addresses are removed from DNS answers.
+Additionally, the DNSSEC validator may mark the answers bogus.
+This protects against so\-called DNS Rebinding, where a user browser is
+turned into a network proxy, allowing remote access through the browser to
+other parts of your private network.
+.sp
+Some names can be allowed to contain your private addresses, by default all
+the \fI\%local\-data\fP that you configured is
+allowed to, and you can specify additional names using
+\fI\%private\-domain\fP\&.
+No private addresses are enabled by default.
+.sp
+We consider to enable this for the \fI\%RFC 1918\fP private IP address space by
+default in later releases.
+That would enable private addresses for \fB10.0.0.0/8\fP, \fB172.16.0.0/12\fP,
+\fB192.168.0.0/16\fP, \fB169.254.0.0/16\fP, \fBfd00::/8\fP and \fBfe80::/10\fP,
+since the RFC standards say these addresses should not be visible on the
+public internet.
+.sp
+Turning on \fB127.0.0.0/8\fP would hinder many spamblocklists as they use
+that.
+Adding \fB::ffff:0:0/96\fP stops IPv4\-mapped IPv6 addresses from bypassing
+the filter.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B private\-domain: \fI<domain name>\fP 
 Allow this domain, and all its subdomains to contain private addresses.
 Give multiple times to allow multiple domain names to contain private
-addresses. Default is none.
-.TP
-.B unwanted\-reply\-threshold: \fI<number>
-If set, a total number of unwanted replies is kept track of in every thread.
-When it reaches the threshold, a defensive action is taken and a warning
-is printed to the log.  The defensive action is to clear the rrset and
-message caches, hopefully flushing away any poison.  A value of 10 million
-is suggested.  Default is 0 (turned off).
-.TP
-.B do\-not\-query\-address: \fI<IP address>
-Do not query the given IP address. Can be IP4 or IP6. Append /num to
-indicate a classless delegation netblock, for example like
-10.2.3.4/24 or 2001::11/64.
-.TP
-.B do\-not\-query\-localhost: \fI<yes or no>
-If yes, localhost is added to the do\-not\-query\-address entries, both
-IP6 ::1 and IP4 127.0.0.1/8. If no, then localhost can be used to send
-queries to. Default is yes.
-.TP
-.B prefetch: \fI<yes or no>
-If yes, cache hits on message cache elements that are on their last 10 percent
-of their TTL value trigger a prefetch to keep the cache up to date.
-Default is no.
-Turning it on gives about 10 percent more traffic and load on the machine, but
-popular items do not expire from the cache.
-.TP
-.B prefetch\-key: \fI<yes or no>
+addresses.
+.sp
+Default: (none)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B unwanted\-reply\-threshold: \fI<number>\fP 
+If set, a total number of unwanted replies is kept track of in every
+thread.
+When it reaches the threshold, a defensive action is taken and a warning is
+printed to the log.
+The defensive action is to clear the rrset and message caches, hopefully
+flushing away any poison.
+A value of 10 million is suggested.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B do\-not\-query\-address: \fI<IP address>\fP 
+Do not query the given IP address.
+Can be IPv4 or IPv6.
+Append /num to indicate a classless delegation netblock, for example like
+\fB10.2.3.4/24\fP or \fB2001::11/64\fP\&.
+.sp
+Default: (none)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B do\-not\-query\-localhost: \fI<yes or no>\fP 
+If yes, localhost is added to the
+\fI\%do\-not\-query\-address\fP entries,
+both IPv6 \fB::1\fP and IPv4 \fB127.0.0.1/8\fP\&.
+If no, then localhost can be used to send queries to.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B prefetch: \fI<yes or no>\fP 
+If yes, cache hits on message cache elements that are on their last 10
+percent of their TTL value trigger a prefetch to keep the cache up to date.
+Turning it on gives about 10 percent more traffic and load on the machine,
+but popular items do not expire from the cache.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B prefetch\-key: \fI<yes or no>\fP 
 If yes, fetch the DNSKEYs earlier in the validation process, when a DS
-record is encountered.  This lowers the latency of requests.  It does use
-a little more CPU.  Also if the cache is set to 0, it is no use. Default is no.
-.TP
-.B deny\-any: \fI<yes or no>
-If yes, deny queries of type ANY with an empty response.  Default is no.
+record is encountered.
+This lowers the latency of requests.
+It does use a little more CPU.
+Also if the cache is set to 0, it is no use.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B deny\-any: \fI<yes or no>\fP 
+If yes, deny queries of type ANY with an empty response.
 If disabled, Unbound responds with a short list of resource records if some
 can be found in the cache and makes the upstream type ANY query if there
 are none.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
 .TP
-.B rrset\-roundrobin: \fI<yes or no>
+.B rrset\-roundrobin: \fI<yes or no>\fP 
 If yes, Unbound rotates RRSet order in response (the random number is taken
-from the query ID, for speed and thread safety).  Default is yes.
+from the query ID, for speed and thread safety).
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
 .TP
-.B minimal-responses: \fI<yes or no>
+.B minimal\-responses: \fI<yes or no>\fP 
 If yes, Unbound does not insert authority/additional sections into response
-messages when those sections are not required.  This reduces response
-size significantly, and may avoid TCP fallback for some responses which may
-cause a slight speedup.  The default is yes, even though the DNS
-protocol RFCs mandate these sections, and the additional content could
-save roundtrips for clients that use the additional content.
+messages when those sections are not required.
+This reduces response size significantly, and may avoid TCP fallback for
+some responses which may cause a slight speedup.
+The default is yes, even though the DNS protocol RFCs mandate these
+sections, and the additional content could save roundtrips for clients that
+use the additional content.
 However these sections are hardly used by clients.
 Enabling prefetch can benefit clients that need the additional content
 by trying to keep that content fresh in the cache.
-.TP
-.B disable-dnssec-lame-check: \fI<yes or no>
-If true, disables the DNSSEC lameness check in the iterator.  This check
-sees if RRSIGs are present in the answer, when dnssec is expected,
-and retries another authority if RRSIGs are unexpectedly missing.
-The validator will insist in RRSIGs for DNSSEC signed domains regardless
-of this setting, if a trust anchor is loaded.
-.TP
-.B module\-config: \fI<"module names">
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B disable\-dnssec\-lame\-check: \fI<yes or no>\fP 
+If yes, disables the DNSSEC lameness check in the iterator.
+This check sees if RRSIGs are present in the answer, when DNSSEC is
+expected, and retries another authority if RRSIGs are unexpectedly missing.
+The validator will insist in RRSIGs for DNSSEC signed domains regardless of
+this setting, if a trust anchor is loaded.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B module\-config: \fI\(dq<module names>\(dq\fP 
 Module configuration, a list of module names separated by spaces, surround
-the string with quotes (""). The modules can be \fIrespip\fR,
-\fIvalidator\fR, or \fIiterator\fR (and possibly more, see below).
-Setting this to just "\fIiterator\fR" will result in a non\-validating
-server.
-Setting this to "\fIvalidator iterator\fR" will turn on DNSSEC validation.
-The ordering of the modules is significant, the order decides the
-order of processing.
-You must also set \fItrust\-anchors\fR for validation to be useful.
-Adding \fIrespip\fR to the front will cause RPZ processing to be done on
-all queries.
-The default is "\fIvalidator iterator\fR".
-.IP
+the string with quotes (\fB\(dq\(dq\fP).
+The modules can be \fBrespip\fP, \fBvalidator\fP, or \fBiterator\fP (and possibly
+more, see below).
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The ordering of the modules is significant, the order decides the order
+of processing.
+.UNINDENT
+.UNINDENT
+.sp
+Setting this to just \(dqiterator\(dq will result in a non\-validating server.
+Setting this to \(dqvalidator iterator\(dq will turn on DNSSEC validation.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+You must also set trust\-anchors for validation to be useful.
+.UNINDENT
+.UNINDENT
+.sp
+Adding \fBrespip\fP to the front will cause RPZ processing to be done on all
+queries.
+.sp
 Most modules that need to be listed here have to be listed at the beginning
-of the line.  The subnetcachedb module has to be listed just before
-the iterator.
-The python module can be listed in different places, it then processes the
-output of the module it is just before. The dynlib module can be listed pretty
-much anywhere, it is only a very thin wrapper that allows dynamic libraries to
-run in its place.
-.TP
-.B trust\-anchor\-file: \fI<filename>
-File with trusted keys for validation. Both DS and DNSKEY entries can appear
-in the file. The format of the file is the standard DNS Zone file format.
-Default is "", or no trust anchor file.
-.TP
-.B auto\-trust\-anchor\-file: \fI<filename>
-File with trust anchor for one zone, which is tracked with RFC5011 probes.
+of the line.
+.sp
+The \fBsubnetcache\fP module has to be listed just before the iterator.
+.sp
+The \fBpython\fP module can be listed in different places, it then processes
+the output of the module it is just before.
+.sp
+The \fBdynlib\fP module can be listed pretty much anywhere, it is only a very
+thin wrapper that allows dynamic libraries to run in its place.
+.sp
+Default: \(dqvalidator iterator\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B trust\-anchor\-file: \fI<filename>\fP 
+File with trusted keys for validation.
+Both DS and DNSKEY entries can appear in the file.
+The format of the file is the standard DNS Zone file format.
+.sp
+Default: \(dq\(dq (no trust anchor file)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B auto\-trust\-anchor\-file: \fI<filename>\fP 
+File with trust anchor for one zone, which is tracked with \fI\%RFC 5011\fP
+probes.
 The probes are run several times per month, thus the machine must be online
-frequently.  The initial file can be one with contents as described in
-\fBtrust\-anchor\-file\fR.  The file is written to when the anchor is updated,
-so the Unbound user must have write permission.  Write permission to the file,
-but also to the directory it is in (to create a temporary file, which is
-necessary to deal with filesystem full events), it must also be inside the
-chroot (if that is used).
-.TP
-.B trust\-anchor: \fI<"Resource Record">
-A DS or DNSKEY RR for a key to use for validation. Multiple entries can be
-given to specify multiple trusted keys, in addition to the trust\-anchor\-files.
-The resource record is entered in the same format as 'dig' or 'drill' prints
-them, the same format as in the zone file. Has to be on a single line, with
-"" around it. A TTL can be specified for ease of cut and paste, but is ignored.
+frequently.
+The initial file can be one with contents as described in
+\fI\%trust\-anchor\-file\fP\&.
+The file is written to when the anchor is updated, so the Unbound user must
+have write permission.
+Write permission to the file, but also to the directory it is in (to create
+a temporary file, which is necessary to deal with filesystem full events),
+it must also be inside the \fI\%chroot\fP (if that is
+used).
+.sp
+Default: \(dq\(dq (no auto trust anchor file)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B trust\-anchor: \fI\(dq<Resource Record>\(dq\fP 
+A DS or DNSKEY RR for a key to use for validation.
+Multiple entries can be given to specify multiple trusted keys, in addition
+to the \fI\%trust\-anchor\-file\fP\&.
+The resource record is entered in the same format as \fIdig(1)\fP or \fIdrill(1)\fP
+prints them, the same format as in the zone file.
+Has to be on a single line, with \fB\(dq\(dq\fP around it.
+A TTL can be specified for ease of cut and paste, but is ignored.
 A class can be specified, but class IN is default.
-.TP
-.B trusted\-keys\-file: \fI<filename>
-File with trusted keys for validation. Specify more than one file
-with several entries, one file per entry. Like \fBtrust\-anchor\-file\fR
-but has a different file format. Format is BIND\-9 style format,
-the trusted\-keys { name flag proto algo "key"; }; clauses are read.
+.sp
+Default: (none)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B trusted\-keys\-file: \fI<filename>\fP 
+File with trusted keys for validation.
+Specify more than one file with several entries, one file per entry.
+Like \fI\%trust\-anchor\-file\fP but has a
+different file format.
+Format is BIND\-9 style format, the \fBtrusted\-keys { name flag proto algo
+\(dqkey\(dq; };\fP clauses are read.
 It is possible to use wildcards with this statement, the wildcard is
 expanded on start and on reload.
-.TP
-.B trust\-anchor\-signaling: \fI<yes or no>
-Send RFC8145 key tag query after trust anchor priming. Default is yes.
-.TP
-.B root\-key\-sentinel: \fI<yes or no>
-Root key trust anchor sentinel. Default is yes.
-.TP
-.B domain\-insecure: \fI<domain name>
-Sets domain name to be insecure, DNSSEC chain of trust is ignored towards
-the domain name.  So a trust anchor above the domain name can not make the
-domain secure with a DS record, such a DS record is then ignored.
-Can be given multiple times
-to specify multiple domains that are treated as if unsigned.  If you set
-trust anchors for the domain they override this setting (and the domain
-is secured).
-.IP
+.sp
+Default: \(dq\(dq (no trusted keys file)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B trust\-anchor\-signaling: \fI<yes or no>\fP 
+Send \fI\%RFC 8145\fP key tag query after trust anchor priming.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B root\-key\-sentinel: \fI<yes or no>\fP 
+Root key trust anchor sentinel.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B domain\-insecure: \fI<domain name>\fP 
+Sets \fI<domain name>\fP to be insecure, DNSSEC chain of trust is ignored
+towards the \fI<domain name>\fP\&.
+So a trust anchor above the domain name can not make the domain secure with
+a DS record, such a DS record is then ignored.
+Can be given multiple times to specify multiple domains that are treated as
+if unsigned.
+If you set trust anchors for the domain they override this setting (and the
+domain is secured).
+.sp
 This can be useful if you want to make sure a trust anchor for external
-lookups does not affect an (unsigned) internal domain.  A DS record
-externally can create validation failures for that internal domain.
-.TP
-.B val\-override\-date: \fI<rrsig\-style date spec>
-Default is "" or "0", which disables this debugging feature. If enabled by
-giving a RRSIG style date, that date is used for verifying RRSIG inception
-and expiration dates, instead of the current date. Do not set this unless
-you are debugging signature inception and expiration. The value \-1 ignores
-the date altogether, useful for some special applications.
-.TP
-.B val\-sig\-skew\-min: \fI<seconds>
+lookups does not affect an (unsigned) internal domain.
+A DS record externally can create validation failures for that internal
+domain.
+.sp
+Default: (none)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B val\-override\-date: \fI<rrsig\-style date spec>\fP 
+.sp
+\fBWARNING:\fP
+.INDENT 7.0
+.INDENT 3.5
+Debugging feature!
+.UNINDENT
+.UNINDENT
+.sp
+If enabled by giving a RRSIG style date, that date is used for verifying
+RRSIG inception and expiration dates, instead of the current date.
+Do not set this unless you are debugging signature inception and
+expiration.
+The value \-1 ignores the date altogether, useful for some special
+applications.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B val\-sig\-skew\-min: \fI<seconds>\fP 
 Minimum number of seconds of clock skew to apply to validated signatures.
-A value of 10% of the signature lifetime (expiration \- inception) is
-used, capped by this setting.  Default is 3600 (1 hour) which allows for
-daylight savings differences.  Lower this value for more strict checking
-of short lived signatures.
-.TP
-.B val\-sig\-skew\-max: \fI<seconds>
+A value of 10% of the signature lifetime (expiration \- inception) is used,
+capped by this setting.
+Default is 3600 (1 hour) which allows for daylight savings differences.
+Lower this value for more strict checking of short lived signatures.
+.sp
+Default: 3600 (1 hour)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B val\-sig\-skew\-max: \fI<seconds>\fP 
 Maximum number of seconds of clock skew to apply to validated signatures.
-A value of 10% of the signature lifetime (expiration \- inception)
-is used, capped by this setting.  Default is 86400 (24 hours) which
-allows for timezone setting problems in stable domains.  Setting both
-min and max very low disables the clock skew allowances.  Setting both
-min and max very high makes the validator check the signature timestamps
-less strictly.
-.TP
-.B val\-max\-restart: \fI<number>
-The maximum number the validator should restart validation with
-another authority in case of failed validation. Default is 5.
-.TP
-.B val\-bogus\-ttl: \fI<number>
-The time to live for bogus data. This is data that has failed validation;
-due to invalid signatures or other checks. The TTL from that data cannot be
-trusted, and this value is used instead. The value is in seconds, default 60.
+A value of 10% of the signature lifetime (expiration \- inception) is used,
+capped by this setting.
+Default is 86400 (24 hours) which allows for timezone setting problems in
+stable domains.
+Setting both min and max very low disables the clock skew allowances.
+Setting both min and max very high makes the validator check the signature
+timestamps less strictly.
+.sp
+Default: 86400 (24 hours)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B val\-max\-restart: \fI<number>\fP 
+The maximum number the validator should restart validation with another
+authority in case of failed validation.
+.sp
+Default: 5
+.UNINDENT
+.INDENT 0.0
+.TP
+.B val\-bogus\-ttl: \fI<seconds>\fP 
+The time to live for bogus data.
+This is data that has failed validation; due to invalid signatures or other
+checks.
+The TTL from that data cannot be trusted, and this value is used instead.
 The time interval prevents repeated revalidation of bogus data.
+.sp
+Default: 60
+.UNINDENT
+.INDENT 0.0
 .TP
-.B val\-clean\-additional: \fI<yes or no>
+.B val\-clean\-additional: \fI<yes or no>\fP 
 Instruct the validator to remove data from the additional section of secure
-messages that are not signed properly. Messages that are insecure, bogus,
-indeterminate or unchecked are not affected. Default is yes. Use this setting
-to protect the users that rely on this validator for authentication from
-potentially bad data in the additional section.
-.TP
-.B val\-log\-level: \fI<number>
-Have the validator print validation failures to the log.  Regardless of
-the verbosity setting.  Default is 0, off.  At 1, for every user query
-that fails a line is printed to the logs.  This way you can monitor what
-happens with validation.  Use a diagnosis tool, such as dig or drill,
-to find out why validation is failing for these queries.  At 2, not only
-the query that failed is printed but also the reason why Unbound thought
-it was wrong and which server sent the faulty data.
-.TP
-.B val\-permissive\-mode: \fI<yes or no>
-Instruct the validator to mark bogus messages as indeterminate. The security
-checks are performed, but if the result is bogus (failed security), the
-reply is not withheld from the client with SERVFAIL as usual. The client
-receives the bogus data. For messages that are found to be secure the AD bit
-is set in replies. Also logging is performed as for full validation.
-The default value is "no".
-.TP
-.B ignore\-cd\-flag: \fI<yes or no>
-Instruct Unbound to ignore the CD flag from clients and refuse to
-return bogus answers to them.  Thus, the CD (Checking Disabled) flag
-does not disable checking any more.  This is useful if legacy (w2008)
-servers that set the CD flag but cannot validate DNSSEC themselves are
-the clients, and then Unbound provides them with DNSSEC protection.
-The default value is "no".
-.TP
-.B disable\-edns\-do: \fI<yes or no>
+messages that are not signed properly.
+Messages that are insecure, bogus, indeterminate or unchecked are not
+affected.
+Use this setting to protect the users that rely on this validator for
+authentication from potentially bad data in the additional section.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B val\-log\-level: \fI<number>\fP 
+Have the validator print validation failures to the log.
+Regardless of the verbosity setting.
+.sp
+At 1, for every user query that fails a line is printed to the logs.
+This way you can monitor what happens with validation.
+Use a diagnosis tool, such as dig or drill, to find out why validation is
+failing for these queries.
+.sp
+At 2, not only the query that failed is printed but also the reason why
+Unbound thought it was wrong and which server sent the faulty data.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B val\-permissive\-mode: \fI<yes or no>\fP 
+Instruct the validator to mark bogus messages as indeterminate.
+The security checks are performed, but if the result is bogus (failed
+security), the reply is not withheld from the client with SERVFAIL as
+usual.
+The client receives the bogus data.
+For messages that are found to be secure the AD bit is set in replies.
+Also logging is performed as for full validation.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ignore\-cd\-flag: \fI<yes or no>\fP 
+Instruct Unbound to ignore the CD flag from clients and refuse to return
+bogus answers to them.
+Thus, the CD (Checking Disabled) flag does not disable checking any more.
+This is useful if legacy (w2008) servers that set the CD flag but cannot
+validate DNSSEC themselves are the clients, and then Unbound provides them
+with DNSSEC protection.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B disable\-edns\-do: \fI<yes or no>\fP 
 Disable the EDNS DO flag in upstream requests.
-It breaks DNSSEC validation for Unbound's clients.
+It breaks DNSSEC validation for Unbound\(aqs clients.
 This results in the upstream name servers to not include DNSSEC records in
 their replies and could be helpful for devices that cannot handle DNSSEC
 information.
@@ -1399,1255 +2553,2196 @@ If this option is enabled but Unbound is already configured for DNSSEC
 validation (i.e., the validator module is enabled; default) this option is
 implicitly turned off with a warning as to not break DNSSEC validation in
 Unbound.
-Default is no.
-.TP
-.B serve\-expired: \fI<yes or no>
-If enabled, Unbound attempts to serve old responses from cache with a
-TTL of \fBserve\-expired\-reply\-ttl\fR in the response.
-By default the expired answer will be used after a resolution attempt errored
-out or is taking more than serve\-expired\-client\-timeout to resolve.
-Default is "no".
-.TP
-.B serve\-expired\-ttl: \fI<seconds>
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B serve\-expired: \fI<yes or no>\fP 
+If enabled, Unbound attempts to serve old responses from cache with a TTL
+of \fI\%serve\-expired\-reply\-ttl\fP in
+the response.
+By default the expired answer will be used after a resolution attempt
+errored out or is taking more than
+\fI\%serve\-expired\-client\-timeout\fP
+to resolve.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B serve\-expired\-ttl: \fI<seconds>\fP 
 Limit serving of expired responses to configured seconds after expiration.
-0 disables the limit.
-This option only applies when \fBserve\-expired\fR is enabled.
+\fB0\fP disables the limit.
+This option only applies when
+\fI\%serve\-expired\fP is enabled.
 A suggested value per RFC 8767 is between 86400 (1 day) and 259200 (3 days).
 The default is 86400.
-.TP
-.B serve\-expired\-ttl\-reset: \fI<yes or no>
-Set the TTL of expired records to the \fBserve\-expired\-ttl\fR value after a
-failed attempt to retrieve the record from upstream.  This makes sure that the
-expired records will be served as long as there are queries for it.  Default is
-"no".
-.TP
-.B serve\-expired\-reply\-ttl: \fI<seconds>
-TTL value to use when replying with expired data.  If
-\fBserve\-expired\-client\-timeout\fR is also used then it is RECOMMENDED to
-use 30 as the value (RFC 8767).  The default is 30.
-.TP
-.B serve\-expired\-client\-timeout: \fI<msec>
+.sp
+Default: 86400
+.UNINDENT
+.INDENT 0.0
+.TP
+.B serve\-expired\-ttl\-reset: \fI<yes or no>\fP 
+Set the TTL of expired records to the
+\fI\%serve\-expired\-ttl\fP value after a
+failed attempt to retrieve the record from upstream.
+This makes sure that the expired records will be served as long as there
+are queries for it.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B serve\-expired\-reply\-ttl: \fI<seconds>\fP 
+TTL value to use when replying with expired data.
+If
+\fI\%serve\-expired\-client\-timeout\fP
+is also used then it is RECOMMENDED to use 30 as the value (\fI\%RFC 8767\fP).
+.sp
+Default: 30
+.UNINDENT
+.INDENT 0.0
+.TP
+.B serve\-expired\-client\-timeout: \fI<msec>\fP 
 Time in milliseconds before replying to the client with expired data.
-This essentially enables the serve-stale behavior as specified in
-RFC 8767 that first tries to resolve before immediately
-responding with expired data.
-Setting this to 0 will disable this behavior and instead serve the expired
-record immediately from the cache before attempting to refresh it via
-resolution.
-Default is 1800.
-.TP
-.B serve\-original\-ttl: \fI<yes or no>
+This essentially enables the serve\-stale behavior as specified in
+\fI\%RFC 8767\fP that first tries to resolve before immediately responding with
+expired data.
+Setting this to \fB0\fP will disable this behavior and instead serve the
+expired record immediately from the cache before attempting to refresh it
+via resolution.
+.sp
+Default: 1800
+.UNINDENT
+.INDENT 0.0
+.TP
+.B serve\-original\-ttl: \fI<yes or no>\fP 
 If enabled, Unbound will always return the original TTL as received from
-the upstream name server rather than the decrementing TTL as
-stored in the cache.  This feature may be useful if Unbound serves as a
-front-end to a hidden authoritative name server. Enabling this feature does
-not impact cache expiry, it only changes the TTL Unbound embeds in responses to
-queries. Note that enabling this feature implicitly disables enforcement of
-the configured minimum and maximum TTL, as it is assumed users who enable this
-feature do not want Unbound to change the TTL obtained from an upstream server.
-Thus, the values set using \fBcache\-min\-ttl\fR and \fBcache\-max\-ttl\fR are
-ignored.
-Default is "no".
-.TP
-.B val\-nsec3\-keysize\-iterations: \fI<"list of values">
+the upstream name server rather than the decrementing TTL as stored in the
+cache.
+This feature may be useful if Unbound serves as a front\-end to a hidden
+authoritative name server.
+.sp
+Enabling this feature does not impact cache expiry, it only changes the TTL
+Unbound embeds in responses to queries.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+Enabling this feature implicitly disables enforcement of the configured
+minimum and maximum TTL, as it is assumed users who enable this feature
+do not want Unbound to change the TTL obtained from an upstream server.
+.UNINDENT
+.UNINDENT
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The values set using \fI\%cache\-min\-ttl\fP
+and \fI\%cache\-max\-ttl\fP are ignored.
+.UNINDENT
+.UNINDENT
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B val\-nsec3\-keysize\-iterations: <\(dqlist of values\(dq> 
 List of keysize and iteration count values, separated by spaces, surrounded
-by quotes. Default is "1024 150 2048 150 4096 150". This determines the
-maximum allowed NSEC3 iteration count before a message is simply marked
-insecure instead of performing the many hashing iterations. The list must
-be in ascending order and have at least one entry. If you set it to
-"1024 65535" there is no restriction to NSEC3 iteration values.
-This table must be kept short; a very long list could cause slower operation.
-.TP
-.B zonemd\-permissive\-mode: \fI<yes or no>
-If enabled the ZONEMD verification failures are only logged and do not cause
-the zone to be blocked and only return servfail.  Useful for testing out
-if it works, or if the operator only wants to be notified of a problem without
-disrupting service.  Default is no.
-.TP
-.B add\-holddown: \fI<seconds>
-Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011
-autotrust updates to add new trust anchors only after they have been
-visible for this time.  Default is 30 days as per the RFC.
-.TP
-.B del\-holddown: \fI<seconds>
-Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011
-autotrust updates to remove revoked trust anchors after they have been
-kept in the revoked list for this long.  Default is 30 days as per
-the RFC.
-.TP
-.B keep\-missing: \fI<seconds>
-Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011
-autotrust updates to remove missing trust anchors after they have been
-unseen for this long.  This cleans up the state file if the target zone
-does not perform trust anchor revocation, so this makes the auto probe
-mechanism work with zones that perform regular (non\-5011) rollovers.
-The default is 366 days.  The value 0 does not remove missing anchors,
-as per the RFC.
-.TP
-.B permit\-small\-holddown: \fI<yes or no>
-Debug option that allows the autotrust 5011 rollover timers to assume
-very small values.  Default is no.
-.TP
-.B key\-cache\-size: \fI<number>
-Number of bytes size of the key cache. Default is 4 megabytes.
-A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+by quotes.
+This determines the maximum allowed NSEC3 iteration count before a message
+is simply marked insecure instead of performing the many hashing
+iterations.
+The list must be in ascending order and have at least one entry.
+If you set it to \(dq1024 65535\(dq there is no restriction to NSEC3 iteration
+values.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+This table must be kept short; a very long list could cause slower
+operation.
+.UNINDENT
+.UNINDENT
+.sp
+Default: \(dq1024 150 2048 150 4096 150\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B zonemd\-permissive\-mode: \fI<yes or no>\fP 
+If enabled the ZONEMD verification failures are only logged and do not
+cause the zone to be blocked and only return servfail.
+Useful for testing out if it works, or if the operator only wants to be
+notified of a problem without disrupting service.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B add\-holddown: \fI<seconds>\fP 
+Instruct the
+\fI\%auto\-trust\-anchor\-file\fP probe
+mechanism for \fI\%RFC 5011\fP autotrust updates to add new trust anchors only
+after they have been visible for this time.
+.sp
+Default: 2592000 (30 days as per the RFC)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B del\-holddown: \fI<seconds>\fP 
+Instruct the
+\fI\%auto\-trust\-anchor\-file\fP probe
+mechanism for \fI\%RFC 5011\fP autotrust updates to remove revoked trust anchors
+after they have been kept in the revoked list for this long.
+.sp
+Default: 2592000 (30 days as per the RFC)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B keep\-missing: \fI<seconds>\fP 
+Instruct the
+\fI\%auto\-trust\-anchor\-file\fP probe
+mechanism for \fI\%RFC 5011\fP autotrust updates to remove missing trust anchors
+after they have been unseen for this long.
+This cleans up the state file if the target zone does not perform trust
+anchor revocation, so this makes the auto probe mechanism work with zones
+that perform regular (non\-5011) rollovers.
+The value 0 does not remove missing anchors, as per the RFC.
+.sp
+Default: 31622400 (366 days)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B permit\-small\-holddown: \fI<yes or no>\fP 
+Debug option that allows the autotrust 5011 rollover timers to assume very
+small values.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B key\-cache\-size: \fI<number>\fP 
+Number of bytes size of the key cache.
+A plain number is in bytes, append \(aqk\(aq, \(aqm\(aq or \(aqg\(aq for kilobytes, megabytes
 or gigabytes (1024*1024 bytes in a megabyte).
-.TP
-.B key\-cache\-slabs: \fI<number>
-Number of slabs in the key cache. Slabs reduce lock contention by threads.
-Must be set to a power of 2. Setting (close) to the number of cpus is a
-reasonable guess.
-.TP
-.B neg\-cache\-size: \fI<number>
-Number of bytes size of the aggressive negative cache. Default is 1 megabyte.
-A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B key\-cache\-slabs: \fI<number>\fP 
+Number of slabs in the key cache.
+Slabs reduce lock contention by threads.
+Must be set to a power of 2.
+Setting (close) to the number of cpus is a fairly good setting.
+If left unconfigured, it will be configured automatically to be a power of
+2 close to the number of configured threads in multi\-threaded environments.
+.sp
+Default: (unconfigured)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B neg\-cache\-size: \fI<number>\fP 
+Number of bytes size of the aggressive negative cache.
+A plain number is in bytes, append \(aqk\(aq, \(aqm\(aq or \(aqg\(aq for kilobytes, megabytes
 or gigabytes (1024*1024 bytes in a megabyte).
-.TP
-.B unblock\-lan\-zones: \fI<yes or no>
-Default is disabled.  If enabled, then for private address space,
-the reverse lookups are no longer filtered.  This allows Unbound when
-running as dns service on a host where it provides service for that host,
-to put out all of the queries for the 'lan' upstream.  When enabled,
-only localhost, 127.0.0.1 reverse and ::1 reverse zones are configured
-with default local zones.  Disable the option when Unbound is running
-as a (DHCP-) DNS network resolver for a group of machines, where such
-lookups should be filtered (RFC compliance), this also stops potential
-data leakage about the local network to the upstream DNS servers.
-.TP
-.B insecure\-lan\-zones: \fI<yes or no>
-Default is disabled.  If enabled, then reverse lookups in private
-address space are not validated.  This is usually required whenever
-\fIunblock\-lan\-zones\fR is used.
-.TP
-.B local\-zone: \fI<zone> <type>
-Configure a local zone. The type determines the answer to give if
-there is no match from local\-data. The types are deny, refuse, static,
-transparent, redirect, nodefault, typetransparent, inform, inform_deny,
-inform_redirect, always_transparent, block_a, always_refuse, always_nxdomain,
-always_null, noview, and are explained below. After that the default settings
-are listed. Use local\-data: to enter data into the local zone. Answers for
-local zones are authoritative DNS answers. By default the zones are class IN.
-.IP
-If you need more complicated authoritative data, with referrals, wildcards,
-CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for
-it as detailed in the stub zone section below. A stub\-zone can be used to
-have unbound send queries to another server, an authoritative server, to
-fetch the information. With a forward\-zone, unbound sends queries to a server
-that is a recursive server to fetch the information. With an auth\-zone a
-zone can be loaded from file and used, it can be used like a local\-zone
-for users downstream, or the auth\-zone information can be used to fetch
-information from when resolving like it is an upstream server. The
-forward\-zone and auth\-zone options are described in their sections below.
-If you want to perform filtering of the information that the users can fetch,
-the local\-zone and local\-data statements allow for this, but also the
-rpz functionality can be used, described in the RPZ section.
-.TP 10
-\h'5'\fIdeny\fR
+.sp
+Default: 1m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B unblock\-lan\-zones: \fI<yes or no>\fP 
+If enabled, then for private address space, the reverse lookups are no
+longer filtered.
+This allows Unbound when running as dns service on a host where it provides
+service for that host, to put out all of the queries for the \(aqlan\(aq
+upstream.
+When enabled, only localhost, \fB127.0.0.1\fP reverse and \fB::1\fP reverse
+zones are configured with default local zones.
+Disable the option when Unbound is running as a (DHCP\-) DNS network
+resolver for a group of machines, where such lookups should be filtered
+(RFC compliance), this also stops potential data leakage about the local
+network to the upstream DNS servers.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B insecure\-lan\-zones: \fI<yes or no>\fP 
+If enabled, then reverse lookups in private address space are not
+validated.
+This is usually required whenever
+\fI\%unblock\-lan\-zones\fP is used.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local\-zone: \fI<zone> <type>\fP 
+Configure a local zone.
+The type determines the answer to give if there is no match from
+\fI\%local\-data\fP\&.
+The types are
+\fI\%deny\fP,
+\fI\%refuse\fP,
+\fI\%static\fP,
+\fI\%transparent\fP,
+\fI\%redirect\fP,
+\fI\%nodefault\fP,
+\fI\%typetransparent\fP,
+\fI\%inform\fP,
+\fI\%inform_deny\fP,
+\fI\%inform_redirect\fP,
+\fI\%always_transparent\fP,
+\fI\%block_a\fP,
+\fI\%always_refuse\fP,
+\fI\%always_nxdomain\fP,
+\fI\%always_null\fP,
+\fI\%noview\fP,
+and are explained below.
+After that the default settings are listed.
+Use \fI\%local\-data\fP to enter data into the
+local zone.
+Answers for local zones are authoritative DNS answers.
+By default the zones are class IN.
+.sp
+If you need more complicated authoritative data, with referrals,
+wildcards, CNAME/DNAME support, or DNSSEC authoritative service,
+setup a \fI\%stub\-zone\fP for it as detailed in the
+stub zone section below.
+A \fI\%stub\-zone\fP can be used to have unbound
+send queries to another server, an authoritative server, to fetch the
+information.
+With a \fI\%forward\-zone\fP, unbound sends
+queries to a server that is a recursive server to fetch the information.
+With an \fI\%auth\-zone\fP a zone can be loaded from
+file and used, it can be used like a local zone for users downstream, or
+the \fI\%auth\-zone\fP information can be used to fetch
+information from when resolving like it is an upstream server.
+The \fI\%forward\-zone\fP and
+\fI\%auth\-zone\fP options are described in their
+sections below.
+If you want to perform filtering of the information that the users can
+fetch, the \fI\%local\-zone\fP and
+\fI\%local\-data\fP statements allow for this, but
+also the \fI\%rpz\fP functionality can be used, described
+in the RPZ section.
+.INDENT 7.0
+.TP
+.B deny 
 Do not send an answer, drop the query.
 If there is a match from local data, the query is answered.
-.TP 10
-\h'5'\fIrefuse\fR
+.UNINDENT
+.INDENT 7.0
+.TP
+.B refuse 
 Send an error message reply, with rcode REFUSED.
 If there is a match from local data, the query is answered.
-.TP 10
-\h'5'\fIstatic\fR
-If there is a match from local data, the query is answered.
-Otherwise, the query is answered with nodata or nxdomain.
-For a negative answer a SOA is included in the answer if present
-as local\-data for the zone apex domain.
-.TP 10
-\h'5'\fItransparent\fR
+.UNINDENT
+.INDENT 7.0
+.TP
+.B static 
 If there is a match from local data, the query is answered.
-Otherwise if the query has a different name, the query is resolved normally.
-If the query is for a name given in localdata but no such type of data is
-given in localdata, then a noerror nodata answer is returned.
-If no local\-zone is given local\-data causes a transparent zone
+Otherwise, the query is answered with NODATA or NXDOMAIN.
+For a negative answer a SOA is included in the answer if present as
+\fI\%local\-data\fP for the zone apex domain.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B transparent 
+If there is a match from \fI\%local\-data\fP,
+the query is answered.
+Otherwise if the query has a different name, the query is resolved
+normally.
+If the query is for a name given in
+\fI\%local\-data\fP but no such type of data is
+given in localdata, then a NOERROR NODATA answer is returned.
+If no \fI\%local\-zone\fP is given
+\fI\%local\-data\fP causes a transparent zone
 to be created by default.
-.TP 10
-\h'5'\fItypetransparent\fR
-If there is a match from local data, the query is answered.  If the query
-is for a different name, or for the same name but for a different type,
-the query is resolved normally.  So, similar to transparent but types
-that are not listed in local data are resolved normally, so if an A record
-is in the local data that does not cause a nodata reply for AAAA queries.
-.TP 10
-\h'5'\fIredirect\fR
+.UNINDENT
+.INDENT 7.0
+.TP
+.B typetransparent 
+If there is a match from local data, the query is answered.
+If the query is for a different name, or for the same name but for a
+different type, the query is resolved normally.
+So, similar to
+\fI\%transparent\fP but types
+that are not listed in local data are resolved normally, so if an A
+record is in the local data that does not cause a NODATA reply for AAAA
+queries.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B redirect 
 The query is answered from the local data for the zone name.
 There may be no local data beneath the zone name.
-This answers queries for the zone, and all subdomains of the zone
-with the local data for the zone.
-It can be used to redirect a domain to return a different address record
-to the end user, with
-local\-zone: "example.com." redirect and
-local\-data: "example.com. A 127.0.0.1"
-queries for www.example.com and www.foo.example.com are redirected, so
-that users with web browsers cannot access sites with suffix example.com.
-.TP 10
-\h'5'\fIinform\fR
-The query is answered normally, same as transparent.  The client IP
-address (@portnumber) is printed to the logfile.  The log message is:
-timestamp, unbound-pid, info: zonename inform IP@port queryname type
-class.  This option can be used for normal resolution, but machines
-looking up infected names are logged, eg. to run antivirus on them.
-.TP 10
-\h'5'\fIinform_deny\fR
-The query is dropped, like 'deny', and logged, like 'inform'.  Ie. find
-infected machines without answering the queries.
-.TP 10
-\h'5'\fIinform_redirect\fR
-The query is redirected, like 'redirect', and logged, like 'inform'.
+This answers queries for the zone, and all subdomains of the zone with
+the local data for the zone.
+It can be used to redirect a domain to return a different address
+record to the end user, with:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+local\-zone: \(dqexample.com.\(dq redirect
+local\-data: \(dqexample.com. A 127.0.0.1\(dq
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+queries for \fBwww.example.com\fP and \fBwww.foo.example.com\fP are
+redirected, so that users with web browsers cannot access sites with
+suffix example.com.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B inform 
+The query is answered normally, same as
+\fI\%transparent\fP\&.
+The client IP address (@portnumber) is printed to the logfile.
+The log message is:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+timestamp, unbound\-pid, info: zonename inform IP@port queryname type class.
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+This option can be used for normal resolution, but machines looking up
+infected names are logged, eg. to run antivirus on them.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B inform_deny 
+The query is dropped, like
+\fI\%deny\fP, and logged, like
+\fI\%inform\fP\&.
+Ie. find infected machines without answering the queries.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B inform_redirect 
+The query is redirected, like
+\fI\%redirect\fP, and logged,
+like \fI\%inform\fP\&.
 Ie. answer queries with fixed data and also log the machines that ask.
-.TP 10
-\h'5'\fIalways_transparent\fR
-Like transparent, but ignores local data and resolves normally.
-.TP 10
-\h'5'\fIblock_a\fR
-Like transparent, but ignores local data and resolves normally all query
-types excluding A. For A queries it unconditionally returns NODATA.
-Useful in cases when there is a need to explicitly force all apps to use
-IPv6 protocol and avoid any queries to IPv4.
-.TP 10
-\h'5'\fIalways_refuse\fR
-Like refuse, but ignores local data and refuses the query.
-.TP 10
-\h'5'\fIalways_nxdomain\fR
-Like static, but ignores local data and returns nxdomain for the query.
-.TP 10
-\h'5'\fIalways_nodata\fR
-Like static, but ignores local data and returns nodata for the query.
-.TP 10
-\h'5'\fIalways_deny\fR
-Like deny, but ignores local data and drops the query.
-.TP 10
-\h'5'\fIalways_null\fR
-Always returns 0.0.0.0 or ::0 for every name in the zone.  Like redirect
-with zero data for A and AAAA.  Ignores local data in the zone.  Used for
-some block lists.
-.TP 10
-\h'5'\fInoview\fR
-Breaks out of that view and moves towards the global local zones for answer
-to the query.  If the view first is no, it'll resolve normally.  If view first
-is enabled, it'll break perform that step and check the global answers.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B always_transparent 
+Like \fI\%transparent\fP, but
+ignores local data and resolves normally.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B block_a 
+Like \fI\%transparent\fP, but
+ignores local data and resolves normally all query types excluding A.
+For A queries it unconditionally returns NODATA.
+Useful in cases when there is a need to explicitly force all apps to
+use IPv6 protocol and avoid any queries to IPv4.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B always_refuse 
+Like \fI\%refuse\fP, but ignores
+local data and refuses the query.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B always_nxdomain 
+Like \fI\%static\fP, but ignores
+local data and returns NXDOMAIN for the query.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B always_nodata 
+Like \fI\%static\fP, but ignores
+local data and returns NODATA for the query.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B always_deny 
+Like \fI\%deny\fP, but ignores local
+data and drops the query.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B always_null 
+Always returns \fB0.0.0.0\fP or \fB::0\fP for every name in the zone.
+Like \fI\%redirect\fP with zero
+data for A and AAAA.
+Ignores local data in the zone.
+Used for some block lists.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B noview 
+Breaks out of that view and moves towards the global local zones for
+answer to the query.
+If the \fI\%view\-first\fP is no, it\(aqll
+resolve normally.
+If \fI\%view\-first\fP is enabled, it\(aqll
+break perform that step and check the global answers.
 For when the view has view specific overrides but some zone has to be
 answered from global local zone contents.
-.TP 10
-\h'5'\fInodefault\fR
-Used to turn off default contents for AS112 zones. The other types
-also turn off default contents for the zone. The 'nodefault' option
-has no other effect than turning off default contents for the
-given zone.  Use \fInodefault\fR if you use exactly that zone, if you want to
-use a subzone, use \fItransparent\fR.
-.P
-The default zones are localhost, reverse 127.0.0.1 and ::1, the home.arpa,
-the resolver.arpa, the service.arpa,
-the onion, test, invalid and the AS112 zones. The AS112 zones are reverse
-DNS zones for private use and reserved IP addresses for which the servers
-on the internet cannot provide correct answers. They are configured by
-default to give nxdomain (no reverse information) answers. The defaults
-can be turned off by specifying your own local\-zone of that name, or
-using the 'nodefault' type. Below is a list of the default zone contents.
-.TP 10
-\h'5'\fIlocalhost\fR
-The IP4 and IP6 localhost information is given. NS and SOA records are provided
-for completeness and to satisfy some DNS update tools. Default content:
+.UNINDENT
+.INDENT 7.0
+.TP
+.B nodefault 
+Used to turn off default contents for AS112 zones.
+The other types also turn off default contents for the zone.
+The \fI\%nodefault\fP option has
+no other effect than turning off default contents for the given zone.
+Use \fI\%nodefault\fP if you use
+exactly that zone, if you want to use a subzone, use
+\fI\%transparent\fP\&.
+.UNINDENT
+.sp
+The default zones are localhost, reverse \fB127.0.0.1\fP and \fB::1\fP, the
+\fBhome.arpa\fP, \fBresolver.arpa\fP, \fBservice.arpa\fP, \fBonion\fP, \fBtest\fP,
+\fBinvalid\fP and the AS112 zones.
+The AS112 zones are reverse DNS zones for private use and reserved IP
+addresses for which the servers on the internet cannot provide correct
+answers.
+They are configured by default to give NXDOMAIN (no reverse information)
+answers.
+.sp
+The defaults can be turned off by specifying your own
+\fI\%local\-zone\fP of that name, or using the
+\fI\%nodefault\fP type.
+Below is a list of the default zone contents.
+.INDENT 7.0
+.TP
+.B localhost 
+The IPv4 and IPv6 localhost information is given.
+NS and SOA records are provided for completeness and to satisfy some
+DNS update tools.
+Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "localhost." redirect
-local\-data: "localhost. 10800 IN NS localhost."
-local\-data: "localhost. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
-local\-data: "localhost. 10800 IN A 127.0.0.1"
-local\-data: "localhost. 10800 IN AAAA ::1"
+.ft C
+local\-zone: \(dqlocalhost.\(dq redirect
+local\-data: \(dqlocalhost. 10800 IN NS localhost.\(dq
+local\-data: \(dqlocalhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+local\-data: \(dqlocalhost. 10800 IN A 127.0.0.1\(dq
+local\-data: \(dqlocalhost. 10800 IN AAAA ::1\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fIreverse IPv4 loopback\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+.B reverse IPv4 loopback 
 Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "127.in\-addr.arpa." static
-local\-data: "127.in\-addr.arpa. 10800 IN NS localhost."
-local\-data: "127.in\-addr.arpa. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
-local\-data: "1.0.0.127.in\-addr.arpa. 10800 IN
-    PTR localhost."
+.ft C
+local\-zone: \(dq127.in\-addr.arpa.\(dq static
+local\-data: \(dq127.in\-addr.arpa. 10800 IN NS localhost.\(dq
+local\-data: \(dq127.in\-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+local\-data: \(dq1.0.0.127.in\-addr.arpa. 10800 IN PTR localhost.\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fIreverse IPv6 loopback\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+.B reverse IPv6 loopback 
 Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
-    0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." static
-local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
-    0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN
-    NS localhost."
-local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
-    0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
-local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
-    0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN
-    PTR localhost."
+.ft C
+local\-zone: \(dq1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.\(dq static
+local\-data: \(dq1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN NS localhost.\(dq
+local\-data: \(dq1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+local\-data: \(dq1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost.\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fIhome.arpa (RFC 8375)\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+home.arpa (\fI\%RFC 8375\fP) 
 Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "home.arpa." static
-local\-data: "home.arpa. 10800 IN NS localhost."
-local\-data: "home.arpa. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+.ft C
+local\-zone: \(dqhome.arpa.\(dq static
+local\-data: \(dqhome.arpa. 10800 IN NS localhost.\(dq
+local\-data: \(dqhome.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fIresolver.arpa (RFC 9462)\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+resolver.arpa (\fI\%RFC 9462\fP) 
 Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "resolver.arpa." static
-local\-data: "resolver.arpa. 10800 IN NS localhost."
-local\-data: "resolver.arpa. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+.ft C
+local\-zone: \(dqresolver.arpa.\(dq static
+local\-data: \(dqresolver.arpa. 10800 IN NS localhost.\(dq
+local\-data: \(dqresolver.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fIservice.arpa (draft-ietf-dnssd-srp-25)\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+.B service.arpa (draft\-ietf\-dnssd\-srp\-25) 
 Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "service.arpa." static
-local\-data: "service.arpa. 10800 IN NS localhost."
-local\-data: "service.arpa. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+.ft C
+local\-zone: \(dqservice.arpa.\(dq static
+local\-data: \(dqservice.arpa. 10800 IN NS localhost.\(dq
+local\-data: \(dqservice.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fIonion (RFC 7686)\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+onion (\fI\%RFC 7686\fP) 
 Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "onion." static
-local\-data: "onion. 10800 IN NS localhost."
-local\-data: "onion. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+.ft C
+local\-zone: \(dqonion.\(dq static
+local\-data: \(dqonion. 10800 IN NS localhost.\(dq
+local\-data: \(dqonion. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fItest (RFC 6761)\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+test (\fI\%RFC 6761\fP) 
 Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "test." static
-local\-data: "test. 10800 IN NS localhost."
-local\-data: "test. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+.ft C
+local\-zone: \(dqtest.\(dq static
+local\-data: \(dqtest. 10800 IN NS localhost.\(dq
+local\-data: \(dqtest. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fIinvalid (RFC 6761)\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+invalid (\fI\%RFC 6761\fP) 
 Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "invalid." static
-local\-data: "invalid. 10800 IN NS localhost."
-local\-data: "invalid. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+.ft C
+local\-zone: \(dqinvalid.\(dq static
+local\-data: \(dqinvalid. 10800 IN NS localhost.\(dq
+local\-data: \(dqinvalid. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fIreverse RFC1918 local use zones\fR
-Reverse data for zones 10.in\-addr.arpa, 16.172.in\-addr.arpa to
-31.172.in\-addr.arpa, 168.192.in\-addr.arpa.
-The \fBlocal\-zone:\fR is set static and as \fBlocal\-data:\fR SOA and NS
-records are provided.
-.TP 10
-\h'5'\fIreverse RFC3330 IP4 this, link\-local, testnet and broadcast\fR
-Reverse data for zones 0.in\-addr.arpa, 254.169.in\-addr.arpa,
-2.0.192.in\-addr.arpa (TEST NET 1), 100.51.198.in\-addr.arpa (TEST NET 2),
-113.0.203.in\-addr.arpa (TEST NET 3), 255.255.255.255.in\-addr.arpa.
-And from 64.100.in\-addr.arpa to 127.100.in\-addr.arpa (Shared Address Space).
-.TP 10
-\h'5'\fIreverse RFC4291 IP6 unspecified\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+reverse local use zones (\fI\%RFC 1918\fP) 
+Reverse data for zones \fB10.in\-addr.arpa\fP, \fB16.172.in\-addr.arpa\fP to
+\fB31.172.in\-addr.arpa\fP, \fB168.192.in\-addr.arpa\fP\&.
+The \fI\%local\-zone\fP is set static and as
+\fI\%local\-data\fP SOA and NS records are
+provided.
+.UNINDENT
+.INDENT 7.0
+.TP
+special\-use IPv4 Addresses (\fI\%RFC 3330\fP) 
+Reverse data for zones \fB0.in\-addr.arpa\fP (this), \fB254.169.in\-addr.arpa\fP (link\-local),
+\fB2.0.192.in\-addr.arpa\fP (TEST NET 1), \fB100.51.198.in\-addr.arpa\fP
+(TEST NET 2), \fB113.0.203.in\-addr.arpa\fP (TEST NET 3),
+\fB255.255.255.255.in\-addr.arpa\fP (broadcast).
+And from \fB64.100.in\-addr.arpa\fP to \fB127.100.in\-addr.arpa\fP (Shared
+Address Space).
+.UNINDENT
+.INDENT 7.0
+.TP
+reverse IPv6 unspecified (\fI\%RFC 4291\fP) 
 Reverse data for zone
+\fB0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.\fP
+.UNINDENT
+.INDENT 7.0
+.TP
+reverse IPv6 Locally Assigned Local Addresses (\fI\%RFC 4193\fP) 
+Reverse data for zone \fBD.F.ip6.arpa\fP\&.
+.UNINDENT
+.INDENT 7.0
+.TP
+reverse IPv6 Link Local Addresses (\fI\%RFC 4291\fP) 
+Reverse data for zones \fB8.E.F.ip6.arpa\fP to \fBB.E.F.ip6.arpa\fP\&.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B reverse IPv6 Example Prefix 
+Reverse data for zone \fB8.B.D.0.1.0.0.2.ip6.arpa\fP\&.
+This zone is used for tutorials and examples.
+You can remove the block on this zone with:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
-0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
-.fi
-.TP 10
-\h'5'\fIreverse RFC4193 IPv6 Locally Assigned Local Addresses\fR
-Reverse data for zone D.F.ip6.arpa.
-.TP 10
-\h'5'\fIreverse RFC4291 IPv6 Link Local Addresses\fR
-Reverse data for zones 8.E.F.ip6.arpa to B.E.F.ip6.arpa.
-.TP 10
-\h'5'\fIreverse IPv6 Example Prefix\fR
-Reverse data for zone 8.B.D.0.1.0.0.2.ip6.arpa. This zone is used for
-tutorials and examples. You can remove the block on this zone with:
-.nf
-  local\-zone: 8.B.D.0.1.0.0.2.ip6.arpa. nodefault
+.ft C
+local\-zone: 8.B.D.0.1.0.0.2.ip6.arpa. nodefault
+.ft P
 .fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.sp
 You can also selectively unblock a part of the zone by making that part
-transparent with a local\-zone statement.
+transparent with a \fI\%local\-zone\fP statement.
 This also works with the other default zones.
-.\" End of local-zone listing.
-.TP 5
-.B local\-data: \fI"<resource record string>"
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local\-data: \fI\(dq<resource record string>\(dq\fP 
 Configure local data, which is served in reply to queries for it.
-The query has to match exactly unless you configure the local\-zone as
-redirect. If not matched exactly, the local\-zone type determines
-further processing. If local\-data is configured that is not a subdomain of
-a local\-zone, a transparent local\-zone is configured.
-For record types such as TXT, use single quotes, as in
-local\-data: 'example. TXT "text"'.
-.IP
-If you need more complicated authoritative data, with referrals, wildcards,
-CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for
-it as detailed in the stub zone section below.
-.TP 5
-.B local\-data\-ptr: \fI"IPaddr name"
+The query has to match exactly unless you configure the
+\fI\%local\-zone\fP as redirect.
+If not matched exactly, the \fI\%local\-zone\fP
+type determines further processing.
+If \fI\%local\-data\fP is configured that is not a
+subdomain of a \fI\%local\-zone\fP, a
+\fI\%transparent local\-zone\fP is
+configured.
+For record types such as TXT, use single quotes, as in:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+local\-data: \(aqexample. TXT \(dqtext\(dq\(aq
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+If you need more complicated authoritative data, with referrals,
+wildcards, CNAME/DNAME support, or DNSSEC authoritative service, setup
+a \fI\%stub\-zone\fP for it as detailed in the stub
+zone section below.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local\-data\-ptr: \fI\(dqIPaddr name\(dq\fP 
 Configure local data shorthand for a PTR record with the reversed IPv4 or
-IPv6 address and the host name.  For example "192.0.2.4 www.example.com".
-TTL can be inserted like this: "2001:DB8::4 7200 www.example.com"
-.TP 5
-.B local\-zone\-tag: \fI<zone> <"list of tags">
-Assign tags to localzones. Tagged localzones will only be applied when the
-used access-control element has a matching tag. Tags must be defined in
-\fIdefine\-tags\fR.  Enclose list of tags in quotes ("") and put spaces between
-tags.  When there are multiple tags it checks if the intersection of the
-list of tags for the query and local\-zone\-tag is non-empty.
-.TP 5
-.B local\-zone\-override: \fI<zone> <IP netblock> <type>
-Override the localzone type for queries from addresses matching netblock.
-Use this localzone type, regardless the type configured for the local-zone
+IPv6 address and the host name.
+For example \fB\(dq192.0.2.4 www.example.com\(dq\fP\&.
+TTL can be inserted like this: \fB\(dq2001:DB8::4 7200 www.example.com\(dq\fP
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local\-zone\-tag: \fI<zone> <\(dqlist of tags\(dq>\fP 
+Assign tags to local zones.
+Tagged localzones will only be applied when the used
+\fI\%access\-control\fP element has a matching
+tag.
+Tags must be defined in \fI\%define\-tag\fP\&.
+Enclose list of tags in quotes (\fB\(dq\(dq\fP) and put spaces between tags.
+When there are multiple tags it checks if the intersection of the list of
+tags for the query and \fI\%local\-zone\-tag\fP
+is non\-empty.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local\-zone\-override: \fI<zone> <IP netblock> <type>\fP 
+Override the local zone type for queries from addresses matching netblock.
+Use this localzone type, regardless the type configured for the local zone
 (both tagged and untagged) and regardless the type configured using
-access\-control\-tag\-action.
-.TP 5
-.B response\-ip: \fI<IP-netblock> <action>
-This requires use of the "respip" module.
-.IP
-If the IP address in an AAAA or A RR in the answer section of a
-response matches the specified IP netblock, the specified action will
-apply.
-\fI<action>\fR has generally the same semantics as that for
-\fIaccess-control-tag-action\fR, but there are some exceptions.
-.IP
-Actions for \fIresponse-ip\fR are different from those for
-\fIlocal-zone\fR in that in case of the former there is no point of
-such conditions as "the query matches it but there is no local data".
-Because of this difference, the semantics of \fIresponse-ip\fR actions
-are modified or simplified as follows: The \fIstatic, refuse,
-transparent, typetransparent,\fR and \fInodefault\fR actions are
-invalid for \fIresponse-ip\fR.
-Using any of these will cause the configuration to be rejected as
-faulty. The \fIdeny\fR action is non-conditional, i.e. it always
-results in dropping the corresponding query.
-The resolution result before applying the deny action is still cached
-and can be used for other queries.
-.TP 5
-.B response-ip-data: \fI<IP-netblock> <"resource record string">
-This requires use of the "respip" module.
-.IP
-This specifies the action data for \fIresponse-ip\fR with action being
-to redirect as specified by "\fIresource record string\fR".  "Resource
-record string" is similar to that of \fIaccess-control-tag-action\fR,
+\fI\%access\-control\-tag\-action\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B response\-ip: \fI<IP\-netblock> <action>\fP 
+This requires use of the \fBrespip\fP module.
+.sp
+If the IP address in an AAAA or A RR in the answer section of a response
+matches the specified IP netblock, the specified action will apply.
+\fI<action>\fP has generally the same semantics as that for
+\fI\%access\-control\-tag\-action\fP,
+but there are some exceptions.
+.sp
+Actions for \fI\%response\-ip\fP are different
+from those for \fI\%local\-zone\fP in that in case
+of the former there is no point of such conditions as \(dqthe query matches it
+but there is no local data\(dq.
+Because of this difference, the semantics of
+\fI\%response\-ip\fP actions are modified or
+simplified as follows: The \fIstatic\fP, \fIrefuse\fP, \fItransparent\fP,
+\fItypetransparent\fP, and \fInodefault\fP actions are invalid for \fIresponse\-ip\fP\&.
+Using any of these will cause the configuration to be rejected as faulty.
+The \fIdeny\fP action is non\-conditional, i.e. it always results in dropping
+the corresponding query.
+The resolution result before applying the \fIdeny\fP action is still cached and
+can be used for other queries.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B response\-ip\-data: \fI<IP\-netblock> <\(dqresource record string\(dq>\fP 
+This requires use of the \fBrespip\fP module.
+.sp
+This specifies the action data for
+\fI\%response\-ip\fP with action being to redirect
+as specified by \fI<\(dqresource record string\(dq>\fP\&.
+\fI<\(dqResource record string\(dq>\fP is similar to that of
+\fI\%access\-control\-tag\-action\fP,
 but it must be of either AAAA, A or CNAME types.
-If the IP-netblock is an IPv6/IPv4 prefix, the record
-must be AAAA/A respectively, unless it is a CNAME (which can be used
-for both versions of IP netblocks).  If it is CNAME there must not be
-more than one \fIresponse-ip-data\fR for the same IP-netblock.
+If the \fI<IP\-netblock>\fP is an IPv6/IPv4 prefix, the record must be AAAA/A
+respectively, unless it is a CNAME (which can be used for both versions of
+IP netblocks).
+If it is CNAME there must not be more than one
+\fI\%response\-ip\-data\fP for the same
+\fI<IP\-netblock>\fP\&.
 Also, CNAME and other types of records must not coexist for the same
-IP-netblock, following the normal rules for CNAME records.
+\fI<IP\-netblock>\fP, following the normal rules for CNAME records.
 The textual domain name for the CNAME does not have to be explicitly
-terminated with a dot ("."); the root name is assumed to be the origin
+terminated with a dot (\fB\(dq.\(dq\fP); the root name is assumed to be the origin
 for the name.
-.TP 5
-.B response-ip-tag: \fI<IP-netblock> <"list of tags">
-This requires use of the "respip" module.
-.IP
-Assign tags to response IP-netblocks.  If the IP address in an AAAA or
-A RR in the answer section of a response matches the specified
-IP-netblock, the specified tags are assigned to the IP address.
-Then, if an \fIaccess-control-tag\fR is defined for the client and it
-includes one of the tags for the response IP, the corresponding
-\fIaccess-control-tag-action\fR will apply.
-Tag matching rule is the same as that for \fIaccess-control-tag\fR and
-\fIlocal-zones\fR.
-Unlike \fIlocal-zone-tag\fR, \fIresponse-ip-tag\fR can be defined for
-an IP-netblock even if no \fIresponse-ip\fR is defined for that
-netblock.
-If multiple \fIresponse-ip-tag\fR options are specified for the same
-IP-netblock in different statements, all but the first will be
-ignored.
-However, this will not be flagged as a configuration error, but the
-result is probably not what was intended.
-.IP
+.UNINDENT
+.INDENT 0.0
+.TP
+.B response\-ip\-tag: \fI<IP\-netblock> <\(dqlist of tags\(dq>\fP 
+This requires use of the \fBrespip\fP module.
+.sp
+Assign tags to response \fI<IP\-netblock>\fP\&.
+If the IP address in an AAAA or A RR in the answer section of a response
+matches the specified \fI<IP\-netblock>\fP, the specified tags are assigned to
+the IP address.
+Then, if an \fI\%access\-control\-tag\fP is
+defined for the client and it includes one of the tags for the response IP,
+the corresponding
+\fI\%access\-control\-tag\-action\fP
+will apply.
+Tag matching rule is the same as that for
+\fI\%access\-control\-tag\fP and
+\fI\%local\-zone\fP\&.
+Unlike \fI\%local\-zone\-tag\fP,
+\fI\%response\-ip\-tag\fP can be defined for an
+\fI<IP\-netblock>\fP even if no \fI\%response\-ip\fP is
+defined for that netblock.
+If multiple \fI\%response\-ip\-tag\fP options
+are specified for the same \fI<IP\-netblock>\fP in different statements, all but
+the first will be ignored.
+However, this will not be flagged as a configuration error, but the result
+is probably not what was intended.
+.sp
 Actions specified in an
-\fIaccess-control-tag-action\fR that has a matching tag with
-\fIresponse-ip-tag\fR can be those that are "invalid" for
-\fIresponse-ip\fR listed above, since \fIaccess-control-tag-action\fRs
+\fI\%access\-control\-tag\-action\fP
+that has a matching tag with
+\fI\%response\-ip\-tag\fP can be those that are
+\(dqinvalid\(dq for \fI\%response\-ip\fP listed above,
+since
+\fI\%access\-control\-tag\-action\fP
 can be shared with local zones.
-For these actions, if they behave differently depending on whether
-local data exists or not in case of local zones, the behavior for
-\fIresponse-ip-data\fR will generally result in NOERROR/NODATA instead
-of NXDOMAIN, since the \fIresponse-ip\fR data are inherently type
-specific, and non-existence of data does not indicate anything about
-the existence or non-existence of the qname itself.
-For example, if the matching tag action is \fIstatic\fR but there is
-no data for the corresponding \fIresponse-ip\fR configuration, then
-the result will be NOERROR/NODATA.
+For these actions, if they behave differently depending on whether local
+data exists or not in case of local zones, the behavior for
+\fI\%response\-ip\-data\fP will generally
+result in NOERROR/NODATA instead of NXDOMAIN, since the
+\fI\%response\-ip\fP data are inherently type
+specific, and non\-existence of data does not indicate anything about the
+existence or non\-existence of the qname itself.
+For example, if the matching tag action is static but there is no data for
+the corresponding \fI\%response\-ip\fP
+configuration, then the result will be NOERROR/NODATA.
 The only case where NXDOMAIN is returned is when an
-\fIalways_nxdomain\fR action applies.
-.TP 5
-.B ratelimit: \fI<number or 0>
+\fI\%always_nxdomain\fP
+action applies.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ratelimit: \fI<number or 0>\fP 
 Enable ratelimiting of queries sent to nameserver for performing recursion.
-If 0, the default, it is disabled.  This option is experimental at this time.
-The ratelimit is in queries per second that are allowed.  More queries are
-turned away with an error (servfail).  This stops recursive floods, eg. random
-query names, but not spoofed reflection floods.  Cached responses are not
-ratelimited by this setting.  The zone of the query is determined by examining
-the nameservers for it, the zone name is used to keep track of the rate.
+0 disables the feature.
+This option is experimental at this time.
+.sp
+The ratelimit is in queries per second that are allowed.
+More queries are turned away with an error (SERVFAIL).
+Cached responses are not ratelimited by this setting.
+.sp
+This stops recursive floods, eg. random query names, but not spoofed
+reflection floods.
+The zone of the query is determined by examining the nameservers for it,
+the zone name is used to keep track of the rate.
 For example, 1000 may be a suitable value to stop the server from being
-overloaded with random names, and keeps Unbound from sending traffic to the
-nameservers for those zones.  Configured forwarders are excluded from
-ratelimiting.
-.TP 5
-.B ratelimit\-size: \fI<memory size>
+overloaded with random names, and keeps unbound from sending traffic to the
+nameservers for those zones.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+Configured forwarders are excluded from ratelimiting.
+.UNINDENT
+.UNINDENT
+.sp
+Default: 0
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ratelimit\-size: \fI<memory size>\fP 
 Give the size of the data structure in which the current ongoing rates are
-kept track in.  Default 4m.  In bytes or use m(mega), k(kilo), g(giga).
-The ratelimit structure is small, so this data structure likely does
-not need to be large.
-.TP 5
-.B ratelimit\-slabs: \fI<number>
-Give power of 2 number of slabs, this is used to reduce lock contention
-in the ratelimit tracking data structure.  Close to the number of cpus is
-a fairly good setting.
-.TP 5
-.B ratelimit\-factor: \fI<number>
+kept track in.
+In bytes or use m(mega), k(kilo), g(giga).
+The ratelimit structure is small, so this data structure likely does not
+need to be large.
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ratelimit\-slabs: \fI<number>\fP 
+Number of slabs in the ratelimit tracking data structure.
+Slabs reduce lock contention by threads.
+Must be set to a power of 2.
+Setting (close) to the number of cpus is a fairly good setting.
+If left unconfigured, it will be configured automatically to be a power of
+2 close to the number of configured threads in multi\-threaded environments.
+.sp
+Default: (unconfigured)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ratelimit\-factor: \fI<number>\fP 
 Set the amount of queries to rate limit when the limit is exceeded.
 If set to 0, all queries are dropped for domains where the limit is
-exceeded.  If set to another value, 1 in that number is allowed through
-to complete.  Default is 10, allowing 1/10 traffic to flow normally.
-This can make ordinary queries complete (if repeatedly queried for),
-and enter the cache, whilst also mitigating the traffic flow by the
-factor given.
-.TP 5
-.B ratelimit\-backoff: \fI<yes or no>
-If enabled, the ratelimit is treated as a hard failure instead of the default
-maximum allowed constant rate.  When the limit is reached, traffic is
-ratelimited and demand continues to be kept track of for a 2 second rate
-window.  No traffic is allowed, except for ratelimit\-factor, until demand
-decreases below the configured ratelimit for a 2 second rate window.  Useful to
-set ratelimit to a suspicious rate to aggressively limit unusually high
-traffic.  Default is off.
-.TP 5
-.B ratelimit\-for\-domain: \fI<domain> <number qps or 0>
-Override the global ratelimit for an exact match domain name with the listed
-number.  You can give this for any number of names.  For example, for
-a top\-level\-domain you may want to have a higher limit than other names.
+exceeded.
+If set to another value, 1 in that number is allowed through to complete.
+Default is 10, allowing 1/10 traffic to flow normally.
+This can make ordinary queries complete (if repeatedly queried for), and
+enter the cache, whilst also mitigating the traffic flow by the factor
+given.
+.sp
+Default: 10
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ratelimit\-backoff: \fI<yes or no>\fP 
+If enabled, the ratelimit is treated as a hard failure instead of the
+default maximum allowed constant rate.
+When the limit is reached, traffic is ratelimited and demand continues to
+be kept track of for a 2 second rate window.
+No traffic is allowed, except for
+\fI\%ratelimit\-factor\fP, until demand
+decreases below the configured ratelimit for a 2 second rate window.
+Useful to set \fI\%ratelimit\fP to a suspicious
+rate to aggressively limit unusually high traffic.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ratelimit\-for\-domain: \fI<domain> <number qps or 0>\fP 
+Override the global \fI\%ratelimit\fP for an exact
+match domain name with the listed number.
+You can give this for any number of names.
+For example, for a top\-level\-domain you may want to have a higher limit
+than other names.
 A value of 0 will disable ratelimiting for that domain.
-.TP 5
-.B ratelimit\-below\-domain: \fI<domain> <number qps or 0>
-Override the global ratelimit for a domain name that ends in this name.
-You can give this multiple times, it then describes different settings
-in different parts of the namespace.  The closest matching suffix is used
-to determine the qps limit.  The rate for the exact matching domain name
-is not changed, use ratelimit\-for\-domain to set that, you might want
-to use different settings for a top\-level\-domain and subdomains.
-A value of 0 will disable ratelimiting for domain names that end in this name.
-.TP 5
-.B ip\-ratelimit: \fI<number or 0>
-Enable global ratelimiting of queries accepted per IP address.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ratelimit\-below\-domain: \fI<domain> <number qps or 0>\fP 
+Override the global \fI\%ratelimit\fP for a domain
+name that ends in this name.
+You can give this multiple times, it then describes different settings in
+different parts of the namespace.
+The closest matching suffix is used to determine the qps limit.
+The rate for the exact matching domain name is not changed, use
+\fI\%ratelimit\-for\-domain\fP to set
+that, you might want to use different settings for a top\-level\-domain and
+subdomains.
+A value of 0 will disable ratelimiting for domain names that end in this
+name.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-ratelimit: \fI<number or 0>\fP 
+Enable global ratelimiting of queries accepted per ip address.
 This option is experimental at this time.
-The ratelimit is in queries per second that are allowed.  More queries are
-completely dropped and will not receive a reply, SERVFAIL or otherwise.
-IP ratelimiting happens before looking in the cache. This may be useful for
-mitigating amplification attacks.
+The ratelimit is in queries per second that are allowed.
+More queries are completely dropped and will not receive a reply, SERVFAIL
+or otherwise.
+IP ratelimiting happens before looking in the cache.
+This may be useful for mitigating amplification attacks.
 Clients with a valid DNS Cookie will bypass the ratelimit.
-If a ratelimit for such clients is still needed, \fBip\-ratelimit\-cookie\fR
+If a ratelimit for such clients is still needed,
+\fI\%ip\-ratelimit\-cookie\fP
 can be used instead.
-Default is 0 (disabled).
-.TP 5
-.B ip\-ratelimit\-cookie: \fI<number or 0>
-Enable global ratelimiting of queries accepted per IP address with a valid DNS
-Cookie.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-ratelimit\-cookie: \fI<number or 0>\fP 
+Enable global ratelimiting of queries accepted per IP address with a valid
+DNS Cookie.
 This option is experimental at this time.
 The ratelimit is in queries per second that are allowed.
-More queries are completely dropped and will not receive a reply, SERVFAIL or
-otherwise.
+More queries are completely dropped and will not receive a reply, SERVFAIL
+or otherwise.
 IP ratelimiting happens before looking in the cache.
-This option could be useful in combination with \fIallow_cookie\fR in an
+This option could be useful in combination with
+\fI\%allow_cookie\fP, in an
 attempt to mitigate other amplification attacks than UDP reflections (e.g.,
-attacks targeting Unbound itself) which are already handled with DNS Cookies.
-If used, the value is suggested to be higher than \fBip\-ratelimit\fR e.g.,
-tenfold.
-Default is 0 (disabled).
-.TP 5
-.B ip\-ratelimit\-size: \fI<memory size>
+attacks targeting Unbound itself) which are already handled with DNS
+Cookies.
+If used, the value is suggested to be higher than
+\fI\%ip\-ratelimit\fP e.g., tenfold.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-ratelimit\-size: \fI<memory size>\fP 
 Give the size of the data structure in which the current ongoing rates are
-kept track in.  Default 4m.  In bytes or use m(mega), k(kilo), g(giga).
-The ip ratelimit structure is small, so this data structure likely does
-not need to be large.
-.TP 5
-.B ip\-ratelimit\-slabs: \fI<number>
-Give power of 2 number of slabs, this is used to reduce lock contention
-in the ip ratelimit tracking data structure.  Close to the number of cpus is
-a fairly good setting.
-.TP 5
-.B ip\-ratelimit\-factor: \fI<number>
+kept track in.
+In bytes or use m(mega), k(kilo), g(giga).
+The IP ratelimit structure is small, so this data structure likely does not
+need to be large.
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-ratelimit\-slabs: \fI<number>\fP 
+Number of slabs in the ip ratelimit tracking data structure.
+Slabs reduce lock contention by threads.
+Must be set to a power of 2.
+Setting (close) to the number of cpus is a fairly good setting.
+If left unconfigured, it will be configured automatically to be a power of
+2 close to the number of configured threads in multi\-threaded environments.
+.sp
+Default: (unconfigured)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-ratelimit\-factor: \fI<number>\fP 
 Set the amount of queries to rate limit when the limit is exceeded.
 If set to 0, all queries are dropped for addresses where the limit is
-exceeded.  If set to another value, 1 in that number is allowed through
-to complete.  Default is 10, allowing 1/10 traffic to flow normally.
-This can make ordinary queries complete (if repeatedly queried for),
-and enter the cache, whilst also mitigating the traffic flow by the
-factor given.
-.TP 5
-.B ip\-ratelimit\-backoff: \fI<yes or no>
-If enabled, the ratelimit is treated as a hard failure instead of the default
-maximum allowed constant rate.  When the limit is reached, traffic is
-ratelimited and demand continues to be kept track of for a 2 second rate
-window.  No traffic is allowed, except for ip\-ratelimit\-factor, until demand
-decreases below the configured ratelimit for a 2 second rate window.  Useful to
-set ip\-ratelimit to a suspicious rate to aggressively limit unusually high
-traffic.  Default is off.
-.TP 5
-.B outbound\-msg\-retry: \fI<number>
-The number of retries, per upstream nameserver in a delegation, that Unbound
-will attempt in case a throwaway response is received.
+exceeded.
+If set to another value, 1 in that number is allowed through to complete.
+Default is 10, allowing 1/10 traffic to flow normally.
+This can make ordinary queries complete (if repeatedly queried for), and
+enter the cache, whilst also mitigating the traffic flow by the factor
+given.
+.sp
+Default: 10
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-ratelimit\-backoff: \fI<yes or no>\fP 
+If enabled, the rate limit is treated as a hard failure instead of the
+default maximum allowed constant rate.
+When the limit is reached, traffic is ratelimited and demand continues to
+be kept track of for a 2 second rate window.
+No traffic is allowed, except for
+\fI\%ip\-ratelimit\-factor\fP, until demand
+decreases below the configured ratelimit for a 2 second rate window.
+Useful to set \fI\%ip\-ratelimit\fP to a
+suspicious rate to aggressively limit unusually high traffic.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B outbound\-msg\-retry: \fI<number>\fP 
+The number of retries, per upstream nameserver in a delegation, that
+Unbound will attempt in case a throwaway response is received.
 No response (timeout) contributes to the retry counter.
-If a forward/stub zone is used, this is the number of retries per nameserver in
-the zone.
-Default is 5.
-.TP 5
-.B max\-sent\-count: \fI<number>
-Hard limit on the number of outgoing queries Unbound will make while resolving
-a name, making sure large NS sets do not loop.
+If a forward/stub zone is used, this is the number of retries per
+nameserver in the zone.
+.sp
+Default: 5
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-sent\-count: \fI<number>\fP 
+Hard limit on the number of outgoing queries Unbound will make while
+resolving a name, making sure large NS sets do not loop.
 Results in SERVFAIL when reached.
 It resets on query restarts (e.g., CNAME) and referrals.
-Default is 32.
-.TP 5
-.B max\-query\-restarts: \fI<number>
-Hard limit on the number of times Unbound is allowed to restart a query upon
-encountering a CNAME record.
+.sp
+Default: 32
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-query\-restarts: \fI<number>\fP 
+Hard limit on the number of times Unbound is allowed to restart a query
+upon encountering a CNAME record.
 Results in SERVFAIL when reached.
 Changing this value needs caution as it can allow long CNAME chains to be
 accepted, where Unbound needs to verify (resolve) each link individually.
-Default is 11.
-.TP 5
-.B iter\-scrub\-ns: \fI<number>
+.sp
+Default: 11
+.UNINDENT
+.INDENT 0.0
+.TP
+.B iter\-scrub\-ns: \fI<number>\fP 
 Limit on the number of NS records allowed in an rrset of type NS, from the
-iterator scrubber. This protects the internals of the resolver from overly
-large NS sets. Default is 20.
-.TP 5
-.B iter\-scrub\-cname: \fI<number>
+iterator scrubber.
+This protects the internals of the resolver from overly large NS sets.
+.sp
+Default: 20
+.UNINDENT
+.INDENT 0.0
+.TP
+.B iter\-scrub\-cname: \fI<number>\fP 
 Limit on the number of CNAME, DNAME records in an answer, from the iterator
-scrubber. This protects the internals of the resolver from overly long
-indirection chains. Clips off the remainder of the reply packet at that point.
-Default is 11.
-.TP 5
-.B max\-global\-quota: \fI<number>
+scrubber.
+This protects the internals of the resolver from overly long indirection
+chains.
+Clips off the remainder of the reply packet at that point.
+.sp
+Default: 11
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-global\-quota: \fI<number>\fP 
 Limit on the number of upstream queries sent out for an incoming query and
-its subqueries from recursion. It is not reset during the resolution. When
-it is exceeded the query is failed and the lookup process stops.
-Default is 200.
-.TP 5
-.B fast\-server\-permil: \fI<number>
+its subqueries from recursion.
+It is not reset during the resolution.
+When it is exceeded the query is failed and the lookup process stops.
+.sp
+Default: 200
+.UNINDENT
+.INDENT 0.0
+.TP
+.B iter\-scrub\-promiscuous: \fI<yes or no>\fP 
+Should the iterator scrubber remove promiscuous NS from positive answers.
+This protects against poisonous contents, that could affect names in the
+same zone as a spoofed packet.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B fast\-server\-permil: \fI<number>\fP 
 Specify how many times out of 1000 to pick from the set of fastest servers.
-0 turns the feature off.  A value of 900 would pick from the fastest
-servers 90 percent of the time, and would perform normal exploration of random
-servers for the remaining time. When prefetch is enabled (or serve\-expired),
-such prefetches are not sped up, because there is no one waiting for it, and it
-presents a good moment to perform server exploration. The
-\fBfast\-server\-num\fR option can be used to specify the size of the fastest
-servers set. The default for fast\-server\-permil is 0.
-.TP 5
-.B fast\-server\-num: \fI<number>
-Set the number of servers that should be used for fast server selection. Only
-use the fastest specified number of servers with the fast\-server\-permil
-option, that turns this on or off. The default is to use the fastest 3 servers.
-.TP 5
-.B answer\-cookie: \fI<yes or no>
+0 turns the feature off.
+A value of 900 would pick from the fastest servers 90 percent of the time,
+and would perform normal exploration of random servers for the remaining
+time.
+When \fI\%prefetch\fP is enabled (or
+\fI\%serve\-expired\fP), such prefetches are not
+sped up, because there is no one waiting for it, and it presents a good
+moment to perform server exploration.
+The \fI\%fast\-server\-num\fP option can be
+used to specify the size of the fastest servers set.
+.sp
+Default: 0
+.UNINDENT
+.INDENT 0.0
+.TP
+.B fast\-server\-num: \fI<number>\fP 
+Set the number of servers that should be used for fast server selection.
+Only use the fastest specified number of servers with the
+\fI\%fast\-server\-permil\fP option, that
+turns this on or off.
+.sp
+Default: 3
+.UNINDENT
+.INDENT 0.0
+.TP
+.B answer\-cookie: \fI<yes or no>\fP 
 If enabled, Unbound will answer to requests containing DNS Cookies as
 specified in RFC 7873 and RFC 9018.
-Default is no.
-.TP 5
-.B cookie\-secret: \fI<128 bit hex string>
-Server's secret for DNS Cookie generation.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B cookie\-secret: \fI\(dq<128 bit hex string>\(dq\fP 
+Server\(aqs secret for DNS Cookie generation.
 Useful to explicitly set for servers in an anycast deployment that need to
-share the secret in order to verify each other's Server Cookies.
-An example hex string would be "000102030405060708090a0b0c0d0e0f".
-Default is a 128 bits random secret generated at startup time.
-This option is ignored if a \fBcookie\-secret\-file\fR is
-present.  In that case the secrets from that file are used in DNS Cookie
+share the secret in order to verify each other\(aqs Server Cookies.
+An example hex string would be \(dq000102030405060708090a0b0c0d0e0f\(dq.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+This option is ignored if a
+\fI\%cookie\-secret\-file\fP is present.
+In that case the secrets from that file are used in DNS Cookie
 calculations.
-.TP 5
-.B cookie\-secret\-file: \fI<filename>
-File from which the secrets are read used in DNS Cookie calculations. When this
-file exists, the secrets in this file are used and the secret specified by the
-\fBcookie-secret\fR option is ignored.
-Enable it by setting a filename, like "/usr/local/etc/unbound_cookiesecrets.txt".
-The content of this file must be manipulated with the \fBadd_cookie_secret\fR,
-\fBdrop_cookie_secret\fR and \fBactivate_cookie_secret\fR commands to the
-\fIunbound\-control\fR(8) tool. Please see that manpage on how to perform a
-safe cookie secret rollover.
-Default is "" (disabled).
-.TP 5
-.B edns\-client\-string: \fI<IP netblock> <string>
-Include an EDNS0 option containing configured ascii string in queries with
-destination address matching the configured IP netblock.  This configuration
-option can be used multiple times. The most specific match will be used.
-.TP 5
-.B edns\-client\-string\-opcode: \fI<opcode>
-EDNS0 option code for the \fIedns\-client\-string\fR option, from 0 to 65535.
-A value from the `Reserved for Local/Experimental` range (65001-65534) should
-be used.  Default is 65001.
-.TP 5
-.B ede: \fI<yes or no>
-If enabled, Unbound will respond with Extended DNS Error codes (RFC8914).
-These EDEs provide additional information with a response mainly for, but not
-limited to, DNS and DNSSEC errors.
-
-When the \fBval-log-level\fR option is also set to \fB2\fR, responses with
-Extended DNS Errors concerning DNSSEC failures will also contain a descriptive
-text message about the reason for the failure.
-Default is "no".
-.TP 5
-.B ede\-serve\-expired: \fI<yes or no>
-If enabled, Unbound will attach an Extended DNS Error (RFC8914) Code 3 - Stale
-Answer as EDNS0 option to the expired response.
-The \fBede\fR option needs to be enabled as well for this to work.
-Default is "no".
-.TP 5
-.B dns\-error\-reporting: \fI<yes or no>
-If enabled, Unbound will send DNS Error Reports (RFC9567).
-The name servers need to express support by attaching the Report-Channel EDNS0
-option on their replies specifying the reporting agent for the zone.
+.UNINDENT
+.UNINDENT
+.sp
+Default: 128 bits random secret generated at startup time
+.UNINDENT
+.INDENT 0.0
+.TP
+.B cookie\-secret\-file: \fI<filename>\fP 
+File from which the secrets are read used in DNS Cookie calculations.
+When this file exists, the secrets in this file are used and the secret
+specified by the
+\fI\%cookie\-secret\fP option is ignored.
+Enable it by setting a filename, like
+\(dq/usr/local/etc/unbound_cookiesecrets.txt\(dq.
+The content of this file must be manipulated with the
+\fI\%add_cookie_secret\fP,
+\fI\%drop_cookie_secret\fP and
+\fI\%activate_cookie_secret\fP
+commands to the \fI\%unbound\-control(8)\fP tool.
+Please see that manpage on how to perform a safe cookie secret rollover.
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B edns\-client\-string: \fI<IP netblock> <string>\fP 
+Include an EDNS0 option containing configured ASCII string in queries with
+destination address matching the configured \fI<IP netblock>\fP\&.
+This configuration option can be used multiple times.
+The most specific match will be used.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B edns\-client\-string\-opcode: \fI<opcode>\fP 
+EDNS0 option code for the
+\fI\%edns\-client\-string\fP option, from 0
+to 65535.
+A value from the \(aqReserved for Local/Experimental\(aq range (65001\-65534)
+should be used.
+.sp
+Default: 65001
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ede: \fI<yes or no>\fP 
+If enabled, Unbound will respond with Extended DNS Error codes
+(\fI\%RFC 8914\fP).
+These EDEs provide additional information with a response mainly for, but
+not limited to, DNS and DNSSEC errors.
+.sp
+When the \fI\%val\-log\-level\fP option is also
+set to \fB2\fP, responses with Extended DNS Errors concerning DNSSEC failures
+will also contain a descriptive text message about the reason for the
+failure.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ede\-serve\-expired: \fI<yes or no>\fP 
+If enabled, Unbound will attach an Extended DNS Error (\fI\%RFC 8914\fP) \fICode 3
+\- Stale Answer\fP as EDNS0 option to the expired response.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+\fI\%ede: yes\fP needs to be set as well for this to
+work.
+.UNINDENT
+.UNINDENT
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dns\-error\-reporting: \fI<yes or no>\fP 
+If enabled, Unbound will send DNS Error Reports (\fI\%RFC 9567\fP).
+The name servers need to express support by attaching the Report\-Channel
+EDNS0 option on their replies specifying the reporting agent for the zone.
 Any errors encountered during resolution that would result in Unbound
-generating an Extended DNS Error (RFC8914) will be reported to the zone's
-reporting agent.
-The \fBede\fR option does not need to be enabled for this to work.
-It is advised that the \fBqname\-minimisation\fR option is also enabled to
-increase privacy on the outgoing reports.
-Default is "no".
-.SS "Remote Control Options"
-In the
-.B remote\-control:
-clause are the declarations for the remote control facility.  If this is
-enabled, the \fIunbound\-control\fR(8) utility can be used to send
-commands to the running Unbound server.  The server uses these clauses
-to setup TLSv1 security for the connection.  The
-\fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR
-section for options.  To setup the correct self\-signed certificates use the
-\fIunbound\-control\-setup\fR(8) utility.
-.TP 5
-.B control\-enable: \fI<yes or no>
-The option is used to enable remote control, default is "no".
+generating an Extended DNS Error (\fI\%RFC 8914\fP) will be reported to the
+zone\(aqs reporting agent.
+.sp
+The \fI\%ede\fP option does not need to be enabled for
+this to work.
+.sp
+It is advised that the
+\fI\%qname\-minimisation\fP option is also
+enabled to increase privacy on the outgoing reports.
+.sp
+Default: no
+.UNINDENT
+.SS Remote Control Options
+.sp
+In the \fBremote\-control:\fP clause are the declarations for the remote control
+facility.
+If this is enabled, the \fI\%unbound\-control(8)\fP
+utility can be used to send commands to the running Unbound server.
+The server uses these clauses to setup TLSv1 security for the connection.
+The \fI\%unbound\-control(8)\fP utility also reads the
+\fBremote\-control:\fP section for options.
+To setup the correct self\-signed certificates use the
+\fIunbound\-control\-setup(8)\fP utility.
+.INDENT 0.0
+.TP
+.B control\-enable: \fI<yes or no>\fP 
+The option is used to enable remote control.
 If turned off, the server does not listen for control commands.
-.TP 5
-.B control\-interface: \fI<ip address or interface name or path>
-Give IPv4 or IPv6 addresses or local socket path to listen on for
-control commands.
-If an interface name is used instead of an ip address, the list of ip addresses
-on that interface are used.
-By default localhost (127.0.0.1 and ::1) is listened to.
-Use 0.0.0.0 and ::0 to listen to all interfaces.
-If you change this and permissions have been dropped, you must restart
-the server for the change to take effect.
-.IP
-If you set it to an absolute path, a unix domain socket is used. This socket
-does not use the certificates and keys, so those files need not be present.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B control\-interface: \fI<IP address or interface name or path>\fP 
+Give IPv4 or IPv6 addresses or local socket path to listen on for control
+commands.
+If an interface name is used instead of an IP address, the list of IP
+addresses on that interface are used.
+.sp
+By default localhost (\fB127.0.0.1\fP and \fB::1\fP) is listened to.
+Use \fB0.0.0.0\fP and \fB::0\fP to listen to all interfaces.
+If you change this and permissions have been dropped, you must restart the
+server for the change to take effect.
+.sp
+If you set it to an absolute path, a unix domain socket is used.
+This socket does not use the certificates and keys, so those files need not
+be present.
 To restrict access, Unbound sets permissions on the file to the user and
-group that is configured, the access bits are set to allow the group members
-to access the control socket file.  Put users that need to access the socket
-in the that group.  To restrict access further, create a directory to put
-the control socket in and restrict access to that directory.
-.TP 5
-.B control\-port: \fI<port number>
-The port number to listen on for IPv4 or IPv6 control interfaces,
-default is 8953.
+group that is configured, the access bits are set to allow the group
+members to access the control socket file.
+Put users that need to access the socket in the that group.
+To restrict access further, create a directory to put the control socket in
+and restrict access to that directory.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B control\-port: \fI<port number>\fP 
+The port number to listen on for IPv4 or IPv6 control interfaces.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
 If you change this and permissions have been dropped, you must restart
 the server for the change to take effect.
-.TP 5
-.B control\-use\-cert: \fI<yes or no>
-For localhost control-interface you can disable the use of TLS by setting
-this option to "no", default is "yes".  For local sockets, TLS is disabled
-and the value of this option is ignored.
-.TP 5
-.B server\-key\-file: \fI<private key file>
-Path to the server private key, by default unbound_server.key.
-This file is generated by the \fIunbound\-control\-setup\fR utility.
-This file is used by the Unbound server, but not by \fIunbound\-control\fR.
-.TP 5
-.B server\-cert\-file: \fI<certificate file.pem>
-Path to the server self signed certificate, by default unbound_server.pem.
-This file is generated by the \fIunbound\-control\-setup\fR utility.
-This file is used by the Unbound server, and also by \fIunbound\-control\fR.
-.TP 5
-.B control\-key\-file: \fI<private key file>
-Path to the control client private key, by default unbound_control.key.
-This file is generated by the \fIunbound\-control\-setup\fR utility.
-This file is used by \fIunbound\-control\fR.
-.TP 5
-.B control\-cert\-file: \fI<certificate file.pem>
-Path to the control client certificate, by default unbound_control.pem.
+.UNINDENT
+.UNINDENT
+.sp
+Default: 8953
+.UNINDENT
+.INDENT 0.0
+.TP
+.B control\-use\-cert: \fI<yes or no>\fP 
+For localhost
+\fI\%control\-interface\fP you can
+disable the use of TLS by setting this option to \(dqno\(dq.
+For local sockets, TLS is disabled and the value of this option is ignored.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B server\-key\-file: \fI<private key file>\fP 
+Path to the server private key.
+This file is generated by the
+\fI\%unbound\-control\-setup(8)\fP utility.
+This file is used by the Unbound server, but not by
+\fI\%unbound\-control(8)\fP\&.
+.sp
+Default: unbound_server.key
+.UNINDENT
+.INDENT 0.0
+.TP
+.B server\-cert\-file: \fI<certificate file.pem>\fP 
+Path to the server self signed certificate.
+This file is generated by the
+\fI\%unbound\-control\-setup(8)\fP utility.
+This file is used by the Unbound server, and also by
+\fI\%unbound\-control(8)\fP\&.
+.sp
+Default: unbound_server.pem
+.UNINDENT
+.INDENT 0.0
+.TP
+.B control\-key\-file: \fI<private key file>\fP 
+Path to the control client private key.
+This file is generated by the
+\fI\%unbound\-control\-setup(8)\fP utility.
+This file is used by \fI\%unbound\-control(8)\fP\&.
+.sp
+Default: unbound_control.key
+.UNINDENT
+.INDENT 0.0
+.TP
+.B control\-cert\-file: \fI<certificate file.pem>\fP 
+Path to the control client certificate.
 This certificate has to be signed with the server certificate.
-This file is generated by the \fIunbound\-control\-setup\fR utility.
-This file is used by \fIunbound\-control\fR.
-.SS "Stub Zone Options"
-.LP
-There may be multiple
-.B stub\-zone:
-clauses. Each with a name: and zero or more hostnames or IP addresses.
-For the stub zone this list of nameservers is used. Class IN is assumed.
-The servers should be authority servers, not recursors; Unbound performs
-the recursive processing itself for stub zones.
-.P
-The stub zone can be used to configure authoritative data to be used
-by the resolver that cannot be accessed using the public internet servers.
-This is useful for company\-local data or private zones. Setup an
-authoritative server on a different host (or different port). Enter a config
-entry for Unbound with
-.B stub\-addr:
-<ip address of host[@port]>.
-The Unbound resolver can then access the data, without referring to the
-public internet for it.
-.P
-This setup allows DNSSEC signed zones to be served by that
-authoritative server, in which case a trusted key entry with the public key
-can be put in config, so that Unbound can validate the data and set the AD
-bit on replies for the private zone (authoritative servers do not set the
-AD bit).  This setup makes Unbound capable of answering queries for the
-private zone, and can even set the AD bit ('authentic'), but the AA
-('authoritative') bit is not set on these replies.
-.P
-Consider adding \fBserver:\fR statements for \fBdomain\-insecure:\fR and
-for \fBlocal\-zone:\fI name nodefault\fR for the zone if it is a locally
-served zone.  The insecure clause stops DNSSEC from invalidating the
-zone.  The local zone nodefault (or \fItransparent\fR) clause makes the
-(reverse\-) zone bypass Unbound's filtering of RFC1918 zones.
-.TP
-.B name: \fI<domain name>
-Name of the stub zone. This is the full domain name of the zone.
-.TP
-.B stub\-host: \fI<domain name>
-Name of stub zone nameserver. Is itself resolved before it is used.
-To use a nondefault port for DNS communication append '@' with the port number.
-If tls is enabled, then you can append a '#' and a name, then it'll check the
-tls authentication certificates with that name.  If you combine the '@'
-and '#', the '@' comes first.  If only '#' is used the default port is the
-configured tls\-port.
-.TP
-.B stub\-addr: \fI<IP address>
-IP address of stub zone nameserver. Can be IP 4 or IP 6.
-To use a nondefault port for DNS communication append '@' with the port number.
-If tls is enabled, then you can append a '#' and a name, then it'll check the
-tls authentication certificates with that name.  If you combine the '@'
-and '#', the '@' comes first.  If only '#' is used the default port is the
-configured tls\-port.
-.TP
-.B stub\-prime: \fI<yes or no>
-This option is by default no.  If enabled it performs NS set priming,
-which is similar to root hints, where it starts using the list of nameservers
-currently published by the zone.  Thus, if the hint list is slightly outdated,
-the resolver picks up a correct list online.
-.TP
-.B stub\-first: \fI<yes or no>
+This file is generated by the
+\fI\%unbound\-control\-setup(8)\fP utility.
+This file is used by \fI\%unbound\-control(8)\fP\&.
+.sp
+Default: unbound_control.pem
+.UNINDENT
+.SS Stub Zone Options
+.sp
+There may be multiple \fBstub\-zone:\fP clauses.
+Each with a \fI\%name\fP and zero or more hostnames or
+IP addresses.
+For the stub zone this list of nameservers is used.
+Class IN is assumed.
+The servers should be authority servers, not recursors; Unbound performs the
+recursive processing itself for stub zones.
+.sp
+The stub zone can be used to configure authoritative data to be used by the
+resolver that cannot be accessed using the public internet servers.
+This is useful for company\-local data or private zones.
+Setup an authoritative server on a different host (or different port).
+Enter a config entry for Unbound with:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+stub\-addr: <ip address of host[@port]>
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The Unbound resolver can then access the data, without referring to the public
+internet for it.
+.sp
+This setup allows DNSSEC signed zones to be served by that authoritative
+server, in which case a trusted key entry with the public key can be put in
+config, so that Unbound can validate the data and set the AD bit on replies for
+the private zone (authoritative servers do not set the AD bit).
+This setup makes Unbound capable of answering queries for the private zone, and
+can even set the AD bit (\(aqauthentic\(aq), but the AA (\(aqauthoritative\(aq) bit is not
+set on these replies.
+.sp
+Consider adding \fI\%server\fP statements for
+\fI\%domain\-insecure\fP and for
+\fI\%local\-zone: <name> nodefault\fP
+for the zone if it is a locally served zone.
+The insecure clause stops DNSSEC from invalidating the zone.
+The \fI\%local\-zone: nodefault\fP (or
+\fI\%transparent\fP) clause makes the
+(reverse\-) zone bypass Unbound\(aqs filtering of \fI\%RFC 1918\fP zones.
+.INDENT 0.0
+.TP
+.B name: \fI<domain name>\fP 
+Name of the stub zone.
+This is the full domain name of the zone.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub\-host: \fI<domain name>\fP 
+Name of stub zone nameserver.
+Is itself resolved before it is used.
+.sp
+To use a non\-default port for DNS communication append \fB\(aq@\(aq\fP with the
+port number.
+.sp
+If TLS is enabled, then you can append a \fB\(aq#\(aq\fP and a name, then it\(aqll
+check the TLS authentication certificates with that name.
+.sp
+If you combine the \fB\(aq@\(aq\fP and \fB\(aq#\(aq\fP, the \fB\(aq@\(aq\fP comes first.
+If only \fB\(aq#\(aq\fP is used the default port is the configured
+\fI\%tls\-port\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub\-addr: \fI<IP address>\fP 
+IP address of stub zone nameserver.
+Can be IPv4 or IPv6.
+.sp
+To use a non\-default port for DNS communication append \fB\(aq@\(aq\fP with the
+port number.
+.sp
+If TLS is enabled, then you can append a \fB\(aq#\(aq\fP and a name, then it\(aqll
+check the tls authentication certificates with that name.
+.sp
+If you combine the \fB\(aq@\(aq\fP and \fB\(aq#\(aq\fP, the \fB\(aq@\(aq\fP comes first.
+If only \fB\(aq#\(aq\fP is used the default port is the configured
+\fI\%tls\-port\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub\-prime: \fI<yes or no>\fP 
+If enabled it performs NS set priming, which is similar to root hints,
+where it starts using the list of nameservers currently published by the
+zone.
+Thus, if the hint list is slightly outdated, the resolver picks up a
+correct list online.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub\-first: \fI<yes or no>\fP 
 If enabled, a query is attempted without the stub clause if it fails.
-The data could not be retrieved and would have caused SERVFAIL because
-the servers are unreachable, instead it is tried without this clause.
-The default is no.
-.TP
-.B stub\-tls\-upstream: \fI<yes or no>
+The data could not be retrieved and would have caused SERVFAIL because the
+servers are unreachable, instead it is tried without this clause.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub\-tls\-upstream: \fI<yes or no>\fP 
 Enabled or disable whether the queries to this stub use TLS for transport.
-Default is no.
-.TP
-.B stub\-ssl\-upstream: \fI<yes or no>
-Alternate syntax for \fBstub\-tls\-upstream\fR.
-.TP
-.B stub\-tcp\-upstream: \fI<yes or no>
-If it is set to "yes" then upstream queries use TCP only for transport regardless of global flag tcp-upstream.
-Default is no.
-.TP
-.B stub\-no\-cache: \fI<yes or no>
-Default is no.  If enabled, data inside the stub is not cached.  This is
-useful when you want immediate changes to be visible.
-.SS "Forward Zone Options"
-.LP
-There may be multiple
-.B forward\-zone:
-clauses. Each with a \fBname:\fR and zero or more hostnames or IP
-addresses.  For the forward zone this list of nameservers is used to
-forward the queries to. The servers listed as \fBforward\-host:\fR and
-\fBforward\-addr:\fR have to handle further recursion for the query.  Thus,
-those servers are not authority servers, but are (just like Unbound is)
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub\-ssl\-upstream: \fI<yes or no>\fP 
+Alternate syntax for
+\fI\%stub\-tls\-upstream\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub\-tcp\-upstream: \fI<yes or no>\fP 
+If it is set to \(dqyes\(dq then upstream queries use TCP only for transport
+regardless of global flag \fI\%tcp\-upstream\fP\&.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub\-no\-cache: \fI<yes or no>\fP 
+If enabled, data inside the stub is not cached.
+This is useful when you want immediate changes to be visible.
+.sp
+Default: no
+.UNINDENT
+.SS Forward Zone Options
+.sp
+There may be multiple \fBforward\-zone:\fP clauses.
+Each with a \fI\%name\fP and zero or more hostnames
+or IP addresses.
+For the forward zone this list of nameservers is used to forward the queries
+to.
+The servers listed as \fI\%forward\-host\fP
+and \fI\%forward\-addr\fP have to handle
+further recursion for the query.
+Thus, those servers are not authority servers, but are (just like Unbound is)
 recursive servers too; Unbound does not perform recursion itself for the
-forward zone, it lets the remote server do it.  Class IN is assumed.
-CNAMEs are chased by Unbound itself, asking the remote server for every
-name in the indirection chain, to protect the local cache from illegal
-indirect referenced items.
-A forward\-zone entry with name "." and a forward\-addr target will
-forward all queries to that other server (unless it can answer from
-the cache).
-.TP
-.B name: \fI<domain name>
-Name of the forward zone. This is the full domain name of the zone.
-.TP
-.B forward\-host: \fI<domain name>
-Name of server to forward to. Is itself resolved before it is used.
-To use a nondefault port for DNS communication append '@' with the port number.
-If tls is enabled, then you can append a '#' and a name, then it'll check the
-tls authentication certificates with that name.  If you combine the '@'
-and '#', the '@' comes first.  If only '#' is used the default port is the
-configured tls\-port.
-.TP
-.B forward\-addr: \fI<IP address>
-IP address of server to forward to. Can be IP 4 or IP 6.
-To use a nondefault port for DNS communication append '@' with the port number.
-If tls is enabled, then you can append a '#' and a name, then it'll check the
-tls authentication certificates with that name.  If you combine the '@'
-and '#', the '@' comes first.  If only '#' is used the default port is the
-configured tls\-port.
-.IP
+forward zone, it lets the remote server do it.
+Class IN is assumed.
+CNAMEs are chased by Unbound itself, asking the remote server for every name in
+the indirection chain, to protect the local cache from illegal indirect
+referenced items.
+A \fI\%forward\-zone\fP entry with name
+\fB\(dq.\(dq\fP and a \fI\%forward\-addr\fP target
+will forward all queries to that other server (unless it can answer from the
+cache).
+.INDENT 0.0
+.TP
+.B name: \fI<domain name>\fP 
+Name of the forward zone.
+This is the full domain name of the zone.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward\-host: \fI<domain name>\fP 
+Name of server to forward to.
+Is itself resolved before it is used.
+.sp
+To use a non\-default port for DNS communication append \fB\(aq@\(aq\fP with the
+port number.
+.sp
+If TLS is enabled, then you can append a \fB\(aq#\(aq\fP and a name, then it\(aqll
+check the TLS authentication certificates with that name.
+.sp
+If you combine the \fB\(aq@\(aq\fP and \fB\(aq#\(aq\fP, the \fB\(aq@\(aq\fP comes first.
+If only \fB\(aq#\(aq\fP is used the default port is the configured
+\fI\%tls\-port\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward\-addr: \fI<IP address>\fP 
+IP address of server to forward to.
+Can be IPv4 or IPv6.
+.sp
+To use a non\-default port for DNS communication append \fB\(aq@\(aq\fP with the
+port number.
+.sp
+If TLS is enabled, then you can append a \fB\(aq#\(aq\fP and a name, then it\(aqll
+check the tls authentication certificates with that name.
+.sp
+If you combine the \fB\(aq@\(aq\fP and \fB\(aq#\(aq\fP, the \fB\(aq@\(aq\fP comes first.
+If only \fB\(aq#\(aq\fP is used the default port is the configured
+\fI\%tls\-port\fP\&.
+.sp
 At high verbosity it logs the TLS certificate, with TLS enabled.
-If you leave out the '#' and auth name from the forward\-addr, any
-name is accepted.  The cert must also match a CA from the tls\-cert\-bundle.
-.TP
-.B forward\-first: \fI<yes or no>
+If you leave out the \fB\(aq#\(aq\fP and auth name from the
+\fI\%forward\-addr\fP, any name is
+accepted.
+The cert must also match a CA from the
+\fI\%tls\-cert\-bundle\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward\-first: \fI<yes or no>\fP 
 If a forwarded query is met with a SERVFAIL error, and this option is
 enabled, Unbound will fall back to normal recursive resolution for this
-query as if no query forwarding had been specified.  The default is "no".
-.TP
-.B forward\-tls\-upstream: \fI<yes or no>
-Enabled or disable whether the queries to this forwarder use TLS for transport.
-Default is no.
-If you enable this, also configure a tls\-cert\-bundle or use tls\-win\-cert to
-load CA certs, otherwise the connections cannot be authenticated.
-.TP
-.B forward\-ssl\-upstream: \fI<yes or no>
-Alternate syntax for \fBforward\-tls\-upstream\fR.
-.TP
-.B forward\-tcp\-upstream: \fI<yes or no>
-If it is set to "yes" then upstream queries use TCP only for transport regardless of global flag tcp-upstream.
-Default is no.
-.TP
-.B forward\-no\-cache: \fI<yes or no>
-Default is no.  If enabled, data inside the forward is not cached.  This is
-useful when you want immediate changes to be visible.
-.SS "Authority Zone Options"
-.LP
-Authority zones are configured with \fBauth\-zone:\fR, and each one must
-have a \fBname:\fR.  There can be multiple ones, by listing multiple auth\-zone clauses, each with a different name, pertaining to that part of the namespace.
+query as if no query forwarding had been specified.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward\-tls\-upstream: \fI<yes or no>\fP 
+Enabled or disable whether the queries to this forwarder use TLS for
+transport.
+If you enable this, also configure a
+\fI\%tls\-cert\-bundle\fP or use
+\fI\%tls\-win\-cert\fP to load CA certs, otherwise
+the connections cannot be authenticated.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward\-ssl\-upstream: \fI<yes or no>\fP 
+Alternate syntax for
+\fI\%forward\-tls\-upstream\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward\-tcp\-upstream: \fI<yes or no>\fP 
+If it is set to \(dqyes\(dq then upstream queries use TCP only for transport
+regardless of global flag \fI\%tcp\-upstream\fP\&.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward\-no\-cache: \fI<yes or no>\fP 
+If enabled, data inside the forward is not cached.
+This is useful when you want immediate changes to be visible.
+.sp
+Default: no
+.UNINDENT
+.SS Authority Zone Options
+.sp
+Authority zones are configured with \fBauth\-zone:\fP, and each one must have a
+\fI\%name\fP\&.
+There can be multiple ones, by listing multiple auth\-zone clauses, each with a
+different name, pertaining to that part of the namespace.
 The authority zone with the name closest to the name looked up is used.
-Authority zones can be processed on two distinct, non-exclusive, configurable
+Authority zones can be processed on two distinct, non\-exclusive, configurable
 stages.
-.LP
-With \fBfor\-downstream:\fR \fIyes\fR (default), authority zones are processed
-after \fBlocal\-zones\fR and before cache.
+.sp
+With \fI\%for\-downstream: yes\fP (default),
+authority zones are processed after \fBlocal\-zones\fP and before cache.
 When used in this manner, Unbound responds like an authority server with no
 further processing other than returning an answer from the zone contents.
 A notable example, in this case, is CNAME records which are returned verbatim
 to downstream clients without further resolution.
-.LP
-With \fBfor\-upstream:\fR \fIyes\fR (default), authority zones are processed
-after the cache lookup, just before going to the network to fetch
-information for recursion.
+.sp
+With \fI\%for\-upstream: yes\fP (default),
+authority zones are processed after the cache lookup, just before going to the
+network to fetch information for recursion.
 When used in this manner they provide a local copy of an authority server
 that speeds up lookups for that data during resolving.
-.LP
+.sp
 If both options are enabled (default), client queries for an authority zone are
 answered authoritatively from Unbound, while internal queries that require data
 from the authority zone consult the local zone data instead of going to the
 network.
-.LP
-An interesting configuration is \fBfor\-downstream:\fR \fIno\fR,
-\fBfor\-upstream:\fR \fIyes\fR that allows for hyperlocal behavior where both
-client and internal queries consult the local zone data while resolving.
+.sp
+An interesting configuration is
+\fI\%for\-downstream: no\fP,
+\fI\%for\-upstream: yes\fP
+that allows for hyperlocal behavior where both client and internal queries
+consult the local zone data while resolving.
 In this case, the aforementioned CNAME example will result in a thoroughly
 resolved answer.
-.LP
-Authority zones can be read from zonefile.  And can be kept updated via
-AXFR and IXFR.  After update the zonefile is rewritten.  The update mechanism
-uses the SOA timer values and performs SOA UDP queries to detect zone changes.
-.LP
+.sp
+Authority zones can be read from zonefile.
+And can be kept updated via AXFR and IXFR.
+After update the zonefile is rewritten.
+The update mechanism uses the SOA timer values and performs SOA UDP queries to
+detect zone changes.
+.sp
 If the update fetch fails, the timers in the SOA record are used to time
-another fetch attempt.  Until the SOA expiry timer is reached.  Then the
-zone is expired.  When a zone is expired, queries are SERVFAIL, and
-any new serial number is accepted from the primary (even if older), and if
-fallback is enabled, the fallback activates to fetch from the upstream instead
-of the SERVFAIL.
-.TP
-.B name: \fI<zone name>
+another fetch attempt.
+Until the SOA expiry timer is reached.
+Then the zone is expired.
+When a zone is expired, queries are SERVFAIL, and any new serial number is
+accepted from the primary (even if older), and if fallback is enabled, the
+fallback activates to fetch from the upstream instead of the SERVFAIL.
+.INDENT 0.0
+.TP
+.B name: \fI<zone name>\fP 
 Name of the authority zone.
-.TP
-.B primary: \fI<IP address or host name>
-Where to download a copy of the zone from, with AXFR and IXFR.  Multiple
-primaries can be specified.  They are all tried if one fails.
-To use a nondefault port for DNS communication append '@' with the port number.
-You can append a '#' and a name, then AXFR over TLS can be used and the tls authentication certificates will be checked with that name.  If you combine
-the '@' and '#', the '@' comes first.
-If you point it at another Unbound instance, it would not work because
-that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download
-the zonefile as a text file from a webserver that would work.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B primary: \fI<IP address or host name>\fP 
+Where to download a copy of the zone from, with AXFR and IXFR.
+Multiple primaries can be specified.
+They are all tried if one fails.
+.sp
+To use a non\-default port for DNS communication append \fB\(aq@\(aq\fP with the
+port number.
+.sp
+You can append a \fB\(aq#\(aq\fP and a name, then AXFR over TLS can be used and the
+TLS authentication certificates will be checked with that name.
+.sp
+If you combine the \fB\(aq@\(aq\fP and \fB\(aq#\(aq\fP, the \fB\(aq@\(aq\fP comes first.
+If you point it at another Unbound instance, it would not work because that
+does not support AXFR/IXFR for the zone, but if you used
+\fI\%url\fP to download the zonefile as a text file
+from a webserver that would work.
+.sp
 If you specify the hostname, you cannot use the domain from the zonefile,
 because it may not have that when retrieving that data, instead use a plain
 IP address to avoid a circular dependency on retrieving that IP address.
-.TP
-.B master: \fI<IP address or host name>
-Alternate syntax for \fBprimary\fR.
-.TP
-.B url: \fI<url to zonefile>
-Where to download a zonefile for the zone.  With http or https.  An example
-for the url is "http://www.example.com/example.org.zone".  Multiple url
-statements can be given, they are tried in turn.  If only urls are given
-the SOA refresh timer is used to wait for making new downloads.  If also
-primaries are listed, the primaries are first probed with UDP SOA queries to
-see if the SOA serial number has changed, reducing the number of downloads.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B master: \fI<IP address or host name>\fP 
+Alternate syntax for \fI\%primary\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B url: \fI<URL to zone file>\fP 
+Where to download a zonefile for the zone.
+With HTTP or HTTPS.
+An example for the url is:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+http://www.example.com/example.org.zone
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+Multiple url statements can be given, they are tried in turn.
+.sp
+If only urls are given the SOA refresh timer is used to wait for making new
+downloads.
+If also primaries are listed, the primaries are first probed with UDP SOA
+queries to see if the SOA serial number has changed, reducing the number of
+downloads.
 If none of the urls work, the primaries are tried with IXFR and AXFR.
-For https, the \fBtls\-cert\-bundle\fR and the hostname from the url are used
-to authenticate the connection.
+.sp
+For HTTPS, the \fI\%tls\-cert\-bundle\fP and
+the hostname from the url are used to authenticate the connection.
+.sp
 If you specify a hostname in the URL, you cannot use the domain from the
 zonefile, because it may not have that when retrieving that data, instead
 use a plain IP address to avoid a circular dependency on retrieving that IP
-address.  Avoid dependencies on name lookups by using a notation like
-"http://192.0.2.1/unbound-primaries/example.com.zone", with an explicit IP address.
-.TP
-.B allow\-notify: \fI<IP address or host name or netblockIP/prefix>
-With allow\-notify you can specify additional sources of notifies.
+address.
+.sp
+Avoid dependencies on name lookups by using a notation like
+\fB\(dqhttp://192.0.2.1/unbound\-primaries/example.com.zone\(dq\fP, with an explicit
+IP address.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B allow\-notify: \fI<IP address or host name or netblockIP/prefix>\fP 
+With \fI\%allow\-notify\fP you can specify
+additional sources of notifies.
 When notified, the server attempts to first probe and then zone transfer.
-If the notify is from a primary, it first attempts that primary.  Otherwise
-other primaries are attempted.  If there are no primaries, but only urls, the
-file is downloaded when notified.  The primaries from primary: and url:
-statements are allowed notify by default.
-.TP
-.B fallback\-enabled: \fI<yes or no>
-Default no.  If enabled, Unbound falls back to querying the internet as
-a resolver for this zone when lookups fail.  For example for DNSSEC
-validation failures.
-.TP
-.B for\-downstream: \fI<yes or no>
-Default yes.  If enabled, Unbound serves authority responses to
-downstream clients for this zone.  This option makes Unbound behave, for
-the queries with names in this zone, like one of the authority servers for
-that zone.  Turn it off if you want Unbound to provide recursion for the
-zone but have a local copy of zone data.  If for\-downstream is no and
-for\-upstream is yes, then Unbound will DNSSEC validate the contents of the
-zone before serving the zone contents to clients and store validation
-results in the cache.
-.TP
-.B for\-upstream: \fI<yes or no>
-Default yes.  If enabled, Unbound fetches data from this data collection
-for answering recursion queries.  Instead of sending queries over the internet
-to the authority servers for this zone, it'll fetch the data directly from
-the zone data.  Turn it on when you want Unbound to provide recursion for
-downstream clients, and use the zone data as a local copy to speed up lookups.
-.TP
-.B zonemd\-check: \fI<yes or no>
-Enable this option to check ZONEMD records in the zone. Default is disabled.
-The ZONEMD record is a checksum over the zone data. This includes glue in
-the zone and data from the zone file, and excludes comments from the zone file.
+If the notify is from a primary, it first attempts that primary.
+Otherwise other primaries are attempted.
+If there are no primaries, but only urls, the file is downloaded when
+notified.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The primaries from \fI\%primary\fP and
+\fI\%url\fP statements are allowed notify by
+default.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B fallback\-enabled: \fI<yes or no>\fP 
+If enabled, Unbound falls back to querying the internet as a resolver for
+this zone when lookups fail.
+For example for DNSSEC validation failures.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B for\-downstream: \fI<yes or no>\fP 
+If enabled, Unbound serves authority responses to downstream clients for
+this zone.
+This option makes Unbound behave, for the queries with names in this zone,
+like one of the authority servers for that zone.
+.sp
+Turn it off if you want Unbound to provide recursion for the zone but have
+a local copy of zone data.
+.sp
+If \fI\%for\-downstream: no\fP and
+\fI\%for\-upstream: yes\fP are set, then
+Unbound will DNSSEC validate the contents of the zone before serving the
+zone contents to clients and store validation results in the cache.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B for\-upstream: \fI<yes or no>\fP 
+If enabled, Unbound fetches data from this data collection for answering
+recursion queries.
+Instead of sending queries over the internet to the authority servers for
+this zone, it\(aqll fetch the data directly from the zone data.
+.sp
+Turn it on when you want Unbound to provide recursion for downstream
+clients, and use the zone data as a local copy to speed up lookups.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B zonemd\-check: \fI<yes or no>\fP 
+Enable this option to check ZONEMD records in the zone.
+The ZONEMD record is a checksum over the zone data.
+This includes glue in the zone and data from the zone file, and excludes
+comments from the zone file.
 When there is a DNSSEC chain of trust, DNSSEC signatures are checked too.
-.TP
-.B zonemd\-reject\-absence: \fI<yes or no>
-Enable this option to reject the absence of the ZONEMD record.  Without it,
-when zonemd is not there it is not checked.  It is useful to enable for a
-nonDNSSEC signed zone where the operator wants to require the verification
-of a ZONEMD, hence a missing ZONEMD is a failure.  The action upon
-failure is controlled by the \fBzonemd\-permissive\-mode\fR option, for
-log only or also block the zone.  The default is no.
-.IP
-Without the option absence of a ZONEMD is only a failure when the zone is
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B zonemd\-reject\-absence: \fI<yes or no>\fP 
+Enable this option to reject the absence of the ZONEMD record.
+Without it, when ZONEMD is not there it is not checked.
+.sp
+It is useful to enable for a non\-DNSSEC signed zone where the operator
+wants to require the verification of a ZONEMD, hence a missing ZONEMD is a
+failure.
+.sp
+The action upon failure is controlled by the
+\fI\%zonemd\-permissive\-mode\fP option,
+for log only or also block the zone.
+.sp
+Without the option, absence of a ZONEMD is only a failure when the zone is
 DNSSEC signed, and we have a trust anchor, and the DNSSEC verification of
-the absence of the ZONEMD fails.  With the option enabled, the absence of
-a ZONEMD is always a failure, also for nonDNSSEC signed zones.
-.TP
-.B zonefile: \fI<filename>
-The filename where the zone is stored.  If not given then no zonefile is used.
+the absence of the ZONEMD fails.
+With the option enabled, the absence of a ZONEMD is always a failure, also
+for nonDNSSEC signed zones.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B zonefile: \fI<filename>\fP 
+The filename where the zone is stored.
+If not given then no zonefile is used.
 If the file does not exist or is empty, Unbound will attempt to fetch zone
 data (eg. from the primary servers).
-.SS "View Options"
-.LP
-There may be multiple
-.B view:
-clauses. Each with a \fBname:\fR and zero or more \fBlocal\-zone\fR and
-\fBlocal\-data\fR elements. Views can also contain view\-first,
-response\-ip, response\-ip\-data and local\-data\-ptr elements.
-View can be mapped to requests by specifying the
-view name in an \fBaccess\-control\-view\fR element. Options from matching
-views will override global options. Global options will be used if no matching
-view is found, or when the matching view does not have the option specified.
-.TP
-.B name: \fI<view name>
-Name of the view. Must be unique. This name is used in access\-control\-view
-elements.
-.TP
-.B local\-zone: \fI<zone> <type>
-View specific local\-zone elements. Has the same types and behaviour as the
-global local\-zone elements. When there is at least one local\-zone specified
-and view\-first is no, the default local-zones will be added to this view.
-Defaults can be disabled using the nodefault type. When view\-first is yes or
-when a view does not have a local\-zone, the global local\-zone will be used
-including it's default zones.
-.TP
-.B local\-data: \fI"<resource record string>"
-View specific local\-data elements. Has the same behaviour as the global
-local\-data elements.
-.TP
-.B local\-data\-ptr: \fI"IPaddr name"
-View specific local\-data\-ptr elements. Has the same behaviour as the global
-local\-data\-ptr elements.
-.TP
-.B view\-first: \fI<yes or no>
-If enabled, it attempts to use the global local\-zone and local\-data if there
-is no match in the view specific options.
-The default is no.
-.SS "Python Module Options"
-.LP
-The
-.B python:
-clause gives the settings for the \fIpython\fR(1) script module.  This module
-acts like the iterator and validator modules do, on queries and answers.
-To enable the script module it has to be compiled into the daemon,
-and the word "python" has to be put in the \fBmodule\-config:\fR option
-(usually first, or between the validator and iterator). Multiple instances of
-the python module are supported by adding the word "python" more than once.
-.LP
-If the \fBchroot:\fR option is enabled, you should make sure Python's
-library directory structure is bind mounted in the new root environment, see
-\fImount\fR(8).  Also the \fBpython\-script:\fR path should be specified as an
-absolute path relative to the new root, or as a relative path to the working
+.UNINDENT
+.SS View Options
+.sp
+There may be multiple \fBview:\fP clauses.
+Each with a \fI\%name\fP and zero or more
+\fI\%local\-zone\fP and
+\fI\%local\-data\fP attributes.
+Views can also contain \fI\%view\-first\fP,
+\fI\%response\-ip\fP,
+\fI\%response\-ip\-data\fP and
+\fI\%local\-data\-ptr\fP attributes.
+View can be mapped to requests by specifying the view name in an
+\fI\%access\-control\-view\fP attribute.
+Options from matching views will override global options.
+Global options will be used if no matching view is found, or when the matching
+view does not have the option specified.
+.INDENT 0.0
+.TP
+.B name: \fI<view name>\fP 
+Name of the view.
+Must be unique.
+This name is used in the
+\fI\%access\-control\-view\fP attribute.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local\-zone: \fI<zone> <type>\fP 
+View specific local zone elements.
+Has the same types and behaviour as the global
+\fI\%local\-zone\fP elements.
+When there is at least one \fIlocal\-zone:\fP specified and \fI\%view\-first:
+no\fP is set, the default local\-zones will be
+added to this view.
+Defaults can be disabled using the nodefault type.
+When \fI\%view\-first: yes\fP is set or when a
+view does not have a \fI\%local\-zone\fP, the
+global \fI\%local\-zone\fP will be used including
+it\(aqs default zones.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local\-data: \fI\(dq<resource record string>\(dq\fP 
+View specific local data elements.
+Has the same behaviour as the global
+\fI\%local\-data\fP elements.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local\-data\-ptr: \fI\(dqIPaddr name\(dq\fP 
+View specific local\-data\-ptr elements.
+Has the same behaviour as the global
+\fI\%local\-data\-ptr\fP elements.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view\-first: \fI<yes or no>\fP 
+If enabled, it attempts to use the global
+\fI\%local\-zone\fP and
+\fI\%local\-data\fP if there is no match in the
+view specific options.
+.sp
+Default: no
+.UNINDENT
+.SS Python Module Options
+.sp
+The \fBpython:\fP clause gives the settings for the \fIpython(1)\fP script module.
+This module acts like the iterator and validator modules do, on queries and
+answers.
+To enable the script module it has to be compiled into the daemon, and the word
+\fBpython\fP has to be put in the
+\fI\%module\-config\fP option (usually first, or
+between the validator and iterator).
+Multiple instances of the python module are supported by adding the word
+\fBpython\fP more than once.
+.sp
+If the \fI\%chroot\fP option is enabled, you should make
+sure Python\(aqs library directory structure is bind mounted in the new root
+environment, see \fImount(8)\fP\&.
+Also the \fI\%python\-script\fP path should
+be specified as an absolute path relative to the new root, or as a relative
+path to the working directory.
+.INDENT 0.0
+.TP
+.B python\-script: \fI<python file>\fP 
+The script file to load.
+Repeat this option for every python module instance added to the
+\fI\%module\-config\fP option.
+.UNINDENT
+.SS Dynamic Library Module Options
+.sp
+The \fBdynlib:\fP clause gives the settings for the \fBdynlib\fP module.
+This module is only a very small wrapper that allows dynamic modules to be
+loaded on runtime instead of being compiled into the application.
+To enable the dynlib module it has to be compiled into the daemon, and the word
+\fBdynlib\fP has to be put in the
+\fI\%module\-config\fP attribute.
+Multiple instances of dynamic libraries are supported by adding the word
+\fBdynlib\fP more than once.
+.sp
+The \fI\%dynlib\-file\fP path should be
+specified as an absolute path relative to the new path set by
+\fI\%chroot\fP, or as a relative path to the working
 directory.
-.TP
-.B python\-script: \fI<python file>\fR
-The script file to load. Repeat this option for every python module instance
-added to the \fBmodule\-config:\fR option.
-.SS "Dynamic Library Module Options"
-.LP
-The
-.B dynlib:
-clause gives the settings for the \fIdynlib\fR module.  This module is only
-a very small wrapper that allows dynamic modules to be loaded on runtime
-instead of being compiled into the application. To enable the dynlib module it
-has to be compiled into the daemon, and the word "dynlib" has to be put in the
-\fBmodule\-config:\fR option. Multiple instances of dynamic libraries are
-supported by adding the word "dynlib" more than once.
-.LP
-The \fBdynlib\-file:\fR path should be specified as an absolute path relative
-to the new path set by \fBchroot:\fR option, or as a relative path to the
-working directory.
-.TP
-.B dynlib\-file: \fI<dynlib file>\fR
-The dynamic library file to load. Repeat this option for every dynlib module
-instance added to the \fBmodule\-config:\fR option.
-.SS "DNS64 Module Options"
-.LP
-The dns64 module must be configured in the \fBmodule\-config:\fR directive
-e.g., "dns64 validator iterator" and be compiled into the daemon to be
-enabled.  These settings go in the \fBserver:\fR section.
-.TP
-.B dns64\-prefix: \fI<IPv6 prefix>\fR
+.INDENT 0.0
+.TP
+.B dynlib\-file: \fI<dynlib file>\fP 
+The dynamic library file to load.
+Repeat this option for every dynlib module instance added to the
+\fI\%module\-config\fP option.
+.UNINDENT
+.SS DNS64 Module Options
+.sp
+The \fBdns64\fP module must be configured in the
+\fI\%module\-config\fP directive, e.g.:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+module\-config: \(dqdns64 validator iterator\(dq
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+and be compiled into the daemon to be enabled.
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+These settings go in the \fI\%server:\fP section.
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dns64\-prefix: \fI<IPv6 prefix>\fP 
 This sets the DNS64 prefix to use to synthesize AAAA records with.
-It must be /96 or shorter.  The default prefix is 64:ff9b::/96.
-.TP
-.B dns64\-synthall: \fI<yes or no>\fR
-Debug option, default no.  If enabled, synthesize all AAAA records
-despite the presence of actual AAAA records.
-.TP
-.B dns64\-ignore\-aaaa: \fI<name>\fR
-List domain for which the AAAA records are ignored and the A record is
-used by dns64 processing instead.  Can be entered multiple times, list a
-new domain for which it applies, one per line.  Applies also to names
-underneath the name given.
-.SS "NAT64 Operation"
-.LP
-NAT64 operation allows using a NAT64 prefix for outbound requests to IPv4-only
-servers.  It is controlled by two options in the \fBserver:\fR section:
-.TP
-.B do\-nat64: \fI<yes or no>\fR
-Use NAT64 to reach IPv4-only servers.
-Consider also enabling \fBprefer\-ip6\fR to prefer native IPv6 connections to
-nameservers.
-Default no.
-.TP
-.B nat64\-prefix: \fI<IPv6 prefix>\fR
-Use a specific NAT64 prefix to reach IPv4-only servers.  Defaults to using
-the prefix configured in \fBdns64\-prefix\fR, which in turn defaults to
-64:ff9b::/96.  The prefix length must be one of /32, /40, /48, /56, /64 or /96.
-.SS "DNSCrypt Options"
-.LP
-The
-.B dnscrypt:
-clause gives the settings of the dnscrypt channel. While those options are
-available, they are only meaningful if Unbound was compiled with
-\fB\-\-enable\-dnscrypt\fR.
+It must be /96 or shorter.
+.sp
+Default: 64:ff9b::/96
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dns64\-synthall: \fI<yes or no>\fP 
+.sp
+\fBWARNING:\fP
+.INDENT 7.0
+.INDENT 3.5
+Debugging feature!
+.UNINDENT
+.UNINDENT
+.sp
+If enabled, synthesize all AAAA records despite the presence of actual AAAA
+records.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dns64\-ignore\-aaaa: \fI<domain name>\fP 
+List domain for which the AAAA records are ignored and the A record is used
+by DNS64 processing instead.
+Can be entered multiple times, list a new domain for which it applies, one
+per line.
+Applies also to names underneath the name given.
+.UNINDENT
+.SS NAT64 Operation
+.sp
+NAT64 operation allows using a NAT64 prefix for outbound requests to IPv4\-only
+servers.
+It is controlled by two options in the
+\fI\%server:\fP section:
+.INDENT 0.0
+.TP
+.B do\-nat64: \fI<yes or no>\fP 
+Use NAT64 to reach IPv4\-only servers.
+Consider also enabling \fI\%prefer\-ip6\fP
+to prefer native IPv6 connections to nameservers.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B nat64\-prefix: \fI<IPv6 prefix>\fP 
+Use a specific NAT64 prefix to reach IPv4\-only servers.
+The prefix length must be one of /32, /40, /48, /56, /64 or /96.
+.sp
+Default: 64:ff9b::/96 (same as \fI\%dns64\-prefix\fP)
+.UNINDENT
+.SS DNSCrypt Options
+.sp
+The \fBdnscrypt:\fP clause gives the settings of the dnscrypt channel.
+While those options are available, they are only meaningful if Unbound was
+compiled with \fB\-\-enable\-dnscrypt\fP\&.
 Currently certificate and secret/public keys cannot be generated by Unbound.
-You can use dnscrypt-wrapper to generate those: https://github.com/cofyc/\
-dnscrypt-wrapper/blob/master/README.md#usage
-.TP
-.B dnscrypt\-enable: \fI<yes or no>\fR
-Whether or not the \fBdnscrypt\fR config should be enabled. You may define
-configuration but not activate it.
-The default is no.
-.TP
-.B dnscrypt\-port: \fI<port number>
-On which port should \fBdnscrypt\fR should be activated. Note that you should
-have a matching \fBinterface\fR option defined in the \fBserver\fR section for
-this port.
-.TP
-.B dnscrypt\-provider: \fI<provider name>\fR
-The provider name to use to distribute certificates. This is of the form:
-\fB2.dnscrypt-cert.example.com.\fR. The name \fIMUST\fR end with a dot.
-.TP
-.B dnscrypt\-secret\-key: \fI<path to secret key file>\fR
-Path to the time limited secret key file. This option may be specified multiple
-times.
-.TP
-.B dnscrypt\-provider\-cert: \fI<path to cert file>\fR
-Path to the certificate related to the \fBdnscrypt\-secret\-key\fRs.
+You can use dnscrypt\-wrapper to generate those:
+\fI\%https://github.com/cofyc/dnscrypt\-wrapper/blob/master/README.md#usage\fP
+.INDENT 0.0
+.TP
+.B dnscrypt\-enable: \fI<yes or no>\fP 
+Whether or not the dnscrypt config should be enabled.
+You may define configuration but not activate it.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt\-port: \fI<port number>\fP 
+On which port should dnscrypt should be activated.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+There should be a matching interface option defined in the
+\fI\%server:\fP section for this port.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt\-provider: \fI<provider name>\fP 
+The provider name to use to distribute certificates.
+This is of the form:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+2.dnscrypt\-cert.example.com.
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+\fBIMPORTANT:\fP
+.INDENT 7.0
+.INDENT 3.5
+The name \fIMUST\fP end with a dot.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt\-secret\-key: \fI<path to secret key file>\fP 
+Path to the time limited secret key file.
 This option may be specified multiple times.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B dnscrypt\-provider\-cert\-rotated: \fI<path to cert file>\fR
-Path to a certificate that we should be able to serve existing connection from
-but do not want to advertise over \fBdnscrypt\-provider\fR's TXT record certs
-distribution.
-A typical use case is when rotating certificates, existing clients may still use
-the client magic from the old cert in their queries until they fetch and update
-the new cert. Likewise, it would allow one to prime the new cert/key without
-distributing the new cert yet, this can be useful when using a network of
-servers using anycast and on which the configuration may not get updated at the
-exact same time. By priming the cert, the servers can handle both old and new
-certs traffic while distributing only one.
+.B dnscrypt\-provider\-cert: \fI<path to cert file>\fP 
+Path to the certificate related to the
+\fI\%dnscrypt\-secret\-key\fP\&.
 This option may be specified multiple times.
-.TP
-.B dnscrypt\-shared\-secret\-cache\-size: \fI<memory size>
-Give the size of the data structure in which the shared secret keys are kept
-in.  Default 4m.  In bytes or use m(mega), k(kilo), g(giga).
-The shared secret cache is used when a same client is making multiple queries
-using the same public key. It saves a substantial amount of CPU.
-.TP
-.B dnscrypt\-shared\-secret\-cache\-slabs: \fI<number>
-Give power of 2 number of slabs, this is used to reduce lock contention
-in the dnscrypt shared secrets cache.  Close to the number of cpus is
-a fairly good setting.
-.TP
-.B dnscrypt\-nonce\-cache\-size: \fI<memory size>
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt\-provider\-cert\-rotated: \fI<path to cert file>\fP 
+Path to a certificate that we should be able to serve existing connection
+from but do not want to advertise over
+\fI\%dnscrypt\-provider\fP \(aqs TXT
+record certs distribution.
+.sp
+A typical use case is when rotating certificates, existing clients may
+still use the client magic from the old cert in their queries until they
+fetch and update the new cert.
+Likewise, it would allow one to prime the new cert/key without distributing
+the new cert yet, this can be useful when using a network of servers using
+anycast and on which the configuration may not get updated at the exact
+same time.
+.sp
+By priming the cert, the servers can handle both old and new certs traffic
+while distributing only one.
+.sp
+This option may be specified multiple times.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt\-shared\-secret\-cache\-size: \fI<memory size>\fP 
+Give the size of the data structure in which the shared secret keys are
+kept in.
+In bytes or use m(mega), k(kilo), g(giga).
+The shared secret cache is used when a same client is making multiple
+queries using the same public key.
+It saves a substantial amount of CPU.
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt\-shared\-secret\-cache\-slabs: \fI<number>\fP 
+Number of slabs in the dnscrypt shared secrets cache.
+Slabs reduce lock contention by threads.
+Must be set to a power of 2.
+Setting (close) to the number of cpus is a fairly good setting.
+If left unconfigured, it will be configured automatically to be a power of
+2 close to the number of configured threads in multi\-threaded environments.
+.sp
+Default: (unconfigured)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt\-nonce\-cache\-size: \fI<memory size>\fP 
 Give the size of the data structure in which the client nonces are kept in.
-Default 4m. In bytes or use m(mega), k(kilo), g(giga).
-The nonce cache is used to prevent dnscrypt message replaying. Client nonce
-should be unique for any pair of client pk/server sk.
-.TP
-.B dnscrypt\-nonce\-cache\-slabs: \fI<number>
-Give power of 2 number of slabs, this is used to reduce lock contention
-in the dnscrypt nonce cache.  Close to the number of cpus is
-a fairly good setting.
-.SS "EDNS Client Subnet Module Options"
-.LP
-The ECS module must be configured in the \fBmodule\-config:\fR directive e.g.,
-"subnetcache validator iterator" and be compiled into the daemon to be
-enabled.  These settings go in the \fBserver:\fR section.
-.LP
+In bytes or use m(mega), k(kilo), g(giga).
+The nonce cache is used to prevent dnscrypt message replaying.
+Client nonce should be unique for any pair of client pk/server sk.
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt\-nonce\-cache\-slabs: \fI<number>\fP 
+Number of slabs in the dnscrypt nonce cache.
+Slabs reduce lock contention by threads.
+Must be set to a power of 2.
+Setting (close) to the number of cpus is a fairly good setting.
+If left unconfigured, it will be configured automatically to be a power of
+2 close to the number of configured threads in multi\-threaded environments.
+.sp
+Default: (unconfigured)
+.UNINDENT
+.SS EDNS Client Subnet Module Options
+.sp
+The ECS module must be configured in the
+\fI\%module\-config\fP directive, e.g.:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+module\-config: \(dqsubnetcache validator iterator\(dq
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+and be compiled into the daemon to be enabled.
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+These settings go in the \fI\%server:\fP section.
+.UNINDENT
+.UNINDENT
+.sp
 If the destination address is allowed in the configuration Unbound will add the
-EDNS0 option to the query containing the relevant part of the client's address.
-When an answer contains the ECS option the response and the option are placed in
-a specialized cache. If the authority indicated no support, the response is
-stored in the regular cache.
-.LP
+EDNS0 option to the query containing the relevant part of the client\(aqs address.
+When an answer contains the ECS option the response and the option are placed
+in a specialized cache.
+If the authority indicated no support, the response is stored in the regular
+cache.
+.sp
 Additionally, when a client includes the option in its queries, Unbound will
 forward the option when sending the query to addresses that are explicitly
-allowed in the configuration using \fBsend\-client\-subnet\fR. The option will
-always be forwarded, regardless the allowed addresses, if
-\fBclient\-subnet\-always\-forward\fR is set to yes. In this case the lookup in
-the regular cache is skipped.
-.LP
-The maximum size of the ECS cache is controlled by 'msg-cache-size' in the
-configuration file. On top of that, for each query only 100 different subnets
-are allowed to be stored for each address family. Exceeding that number, older
-entries will be purged from cache.
-.LP
+allowed in the configuration using
+\fI\%send\-client\-subnet\fP\&.
+The option will always be forwarded, regardless the allowed addresses, when
+\fI\%client\-subnet\-always\-forward: yes\fP
+is set.
+In this case the lookup in the regular cache is skipped.
+.sp
+The maximum size of the ECS cache is controlled by
+\fI\%msg\-cache\-size\fP in the configuration file.
+On top of that, for each query only 100 different subnets are allowed to be
+stored for each address family.
+Exceeding that number, older entries will be purged from cache.
+.sp
 Note that due to the nature of how EDNS Client Subnet works, by segregating the
 client IP space in order to try and have tailored responses for prefixes of
 unknown sizes, resolution and cache response performance are impacted as a
@@ -2656,416 +4751,706 @@ Usage of the subnetcache module should only be enabled in installations that
 require such functionality where the resolver and the clients belong to
 different networks.
 An example of that is an open resolver installation.
-.LP
-This module does not interact with the \fBserve\-expired*\fR and
-\fBprefetch:\fR options.
-.TP
-.B send\-client\-subnet: \fI<IP address>\fR
-Send client source address to this authority. Append /num to indicate a
-classless delegation netblock, for example like 10.2.3.4/24 or 2001::11/64. Can
-be given multiple times. Authorities not listed will not receive edns-subnet
-information, unless domain in query is specified in \fBclient\-subnet\-zone\fR.
-.TP
-.B client\-subnet\-zone: \fI<domain>\fR
-Send client source address in queries for this domain and its subdomains. Can be
-given multiple times. Zones not listed will not receive edns-subnet information,
-unless hosted by authority specified in \fBsend\-client\-subnet\fR.
-.TP
-.B client\-subnet\-always\-forward: \fI<yes or no>\fR
+.sp
+This module does not interact with the
+\fI\%serve\-expired*\fP and
+\fI\%prefetch\fP options.
+.INDENT 0.0
+.TP
+.B send\-client\-subnet: \fI<IP address>\fP 
+Send client source address to this authority.
+Append /num to indicate a classless delegation netblock, for example like
+\fB10.2.3.4/24\fP or \fB2001::11/64\fP\&.
+Can be given multiple times.
+Authorities not listed will not receive edns\-subnet information, unless
+domain in query is specified in
+\fI\%client\-subnet\-zone\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B client\-subnet\-zone: \fI<domain>\fP 
+Send client source address in queries for this domain and its subdomains.
+Can be given multiple times.
+Zones not listed will not receive edns\-subnet information, unless hosted by
+authority specified in
+\fI\%send\-client\-subnet\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B client\-subnet\-always\-forward: \fI<yes or no>\fP 
 Specify whether the ECS address check (configured using
-\fBsend\-client\-subnet\fR) is applied for all queries, even if the triggering
-query contains an ECS record, or only for queries for which the ECS record is
-generated using the querier address (and therefore did not contain ECS data in
-the client query). If enabled, the address check is skipped when the client
-query contains an ECS record. And the lookup in the regular cache is skipped.
-Default is no.
-.TP
-.B max\-client\-subnet\-ipv6: \fI<number>\fR
-Specifies the maximum prefix length of the client source address we are willing
-to expose to third parties for IPv6.  Defaults to 56.
-.TP
-.B max\-client\-subnet\-ipv4: \fI<number>\fR
-Specifies the maximum prefix length of the client source address we are willing
-to expose to third parties for IPv4. Defaults to 24.
-.TP
-.B min\-client\-subnet\-ipv6: \fI<number>\fR
-Specifies the minimum prefix length of the IPv6 source mask we are willing to
-accept in queries. Shorter source masks result in REFUSED answers. Source mask
-of 0 is always accepted. Default is 0.
-.TP
-.B min\-client\-subnet\-ipv4: \fI<number>\fR
-Specifies the minimum prefix length of the IPv4 source mask we are willing to
-accept in queries. Shorter source masks result in REFUSED answers. Source mask
-of 0 is always accepted. Default is 0.
-.TP
-.B max\-ecs\-tree\-size\-ipv4: \fI<number>\fR
-Specifies the maximum number of subnets ECS answers kept in the ECS radix tree.
-This number applies for each qname/qclass/qtype tuple. Defaults to 100.
-.TP
-.B max\-ecs\-tree\-size\-ipv6: \fI<number>\fR
-Specifies the maximum number of subnets ECS answers kept in the ECS radix tree.
-This number applies for each qname/qclass/qtype tuple. Defaults to 100.
-.SS "Opportunistic IPsec Support Module Options"
-.LP
-The IPsec module must be configured in the \fBmodule\-config:\fR directive
-e.g., "ipsecmod validator iterator" and be compiled into Unbound by using
-\fB\-\-enable\-ipsecmod\fR to be enabled.
-These settings go in the \fBserver:\fR section.
-.LP
+\fI\%send\-client\-subnet\fP) is applied
+for all queries, even if the triggering query contains an ECS record, or
+only for queries for which the ECS record is generated using the querier
+address (and therefore did not contain ECS data in the client query).
+If enabled, the address check is skipped when the client query contains an
+ECS record.
+And the lookup in the regular cache is skipped.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-client\-subnet\-ipv6: \fI<number>\fP 
+Specifies the maximum prefix length of the client source address we are
+willing to expose to third parties for IPv6.
+.sp
+Default: 56
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-client\-subnet\-ipv4: \fI<number>\fP 
+Specifies the maximum prefix length of the client source address we are
+willing to expose to third parties for IPv4.
+.sp
+Default: 24
+.UNINDENT
+.INDENT 0.0
+.TP
+.B min\-client\-subnet\-ipv6: \fI<number>\fP 
+Specifies the minimum prefix length of the IPv6 source mask we are willing
+to accept in queries.
+Shorter source masks result in REFUSED answers.
+Source mask of 0 is always accepted.
+.sp
+Default: 0
+.UNINDENT
+.INDENT 0.0
+.TP
+.B min\-client\-subnet\-ipv4: \fI<number>\fP 
+Specifies the minimum prefix length of the IPv4 source mask we are willing
+to accept in queries.
+Shorter source masks result in REFUSED answers.
+Source mask of 0 is always accepted.
+Default: 0
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-ecs\-tree\-size\-ipv4: \fI<number>\fP 
+Specifies the maximum number of subnets ECS answers kept in the ECS radix
+tree.
+This number applies for each qname/qclass/qtype tuple.
+.sp
+Default: 100
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-ecs\-tree\-size\-ipv6: \fI<number>\fP 
+Specifies the maximum number of subnets ECS answers kept in the ECS radix
+tree.
+This number applies for each qname/qclass/qtype tuple.
+.sp
+Default: 100
+.UNINDENT
+.SS Opportunistic IPsec Support Module Options
+.sp
+The IPsec module must be configured in the
+\fI\%module\-config\fP directive, e.g.:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+module\-config: \(dqipsecmod validator iterator\(dq
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+and be compiled into Unbound by using \fB\-\-enable\-ipsecmod\fP to be enabled.
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+These settings go in the \fI\%server:\fP section.
+.UNINDENT
+.UNINDENT
+.sp
 When Unbound receives an A/AAAA query that is not in the cache and finds a
 valid answer, it will withhold returning the answer and instead will generate
-an IPSECKEY subquery for the same domain name.  If an answer was found, Unbound
-will call an external hook passing the following arguments:
-.TP 10
-\h'5'\fIQNAME\fR
-Domain name of the A/AAAA and IPSECKEY query.  In string format.
-.TP 10
-\h'5'\fIIPSECKEY TTL\fR
+an IPSECKEY subquery for the same domain name.
+If an answer was found, Unbound will call an external hook passing the
+following arguments:
+.INDENT 0.0
+.TP
+.B QNAME
+Domain name of the A/AAAA and IPSECKEY query.
+In string format.
+.TP
+.B IPSECKEY TTL
 TTL of the IPSECKEY RRset.
-.TP 10
-\h'5'\fIA/AAAA\fR
-String of space separated IP addresses present in the A/AAAA RRset.  The IP
-addresses are in string format.
-.TP 10
-\h'5'\fIIPSECKEY\fR
-String of space separated IPSECKEY RDATA present in the IPSECKEY RRset.  The
-IPSECKEY RDATA are in DNS presentation format.
-.LP
-The A/AAAA answer is then cached and returned to the client.  If the external
-hook was called the TTL changes to ensure it doesn't surpass
-\fBipsecmod-max-ttl\fR.
-.LP
-The same procedure is also followed when \fBprefetch:\fR is used, but the
-A/AAAA answer is given to the client before the hook is called.
-\fBipsecmod-max-ttl\fR ensures that the A/AAAA answer given from cache is still
-relevant for opportunistic IPsec.
-.TP
-.B ipsecmod-enabled: \fI<yes or no>\fR
-Specifies whether the IPsec module is enabled or not.  The IPsec module still
-needs to be defined in the \fBmodule\-config:\fR directive.  This option
-facilitates turning on/off the module without restarting/reloading Unbound.
-Defaults to yes.
-.TP
-.B ipsecmod\-hook: \fI<filename>\fR
-Specifies the external hook that Unbound will call with \fIsystem\fR(3).  The
-file can be specified as an absolute/relative path.  The file needs the proper
-permissions to be able to be executed by the same user that runs Unbound.  It
-must be present when the IPsec module is defined in the \fBmodule\-config:\fR
-directive.
-.TP
-.B ipsecmod-strict: \fI<yes or no>\fR
-If enabled Unbound requires the external hook to return a success value of 0.
-Failing to do so Unbound will reply with SERVFAIL.  The A/AAAA answer will also
-not be cached.  Defaults to no.
-.TP
-.B ipsecmod\-max-ttl: \fI<seconds>\fR
-Time to live maximum for A/AAAA cached records after calling the external hook.
-Defaults to 3600.
-.TP
-.B ipsecmod-ignore-bogus: \fI<yes or no>\fR
-Specifies the behaviour of Unbound when the IPSECKEY answer is bogus.  If set
-to yes, the hook will be called and the A/AAAA answer will be returned to the
-client.  If set to no, the hook will not be called and the answer to the
-A/AAAA query will be SERVFAIL.  Mainly used for testing.  Defaults to no.
-.TP
-.B ipsecmod\-allow: \fI<domain>\fR
-Allow the ipsecmod functionality for the domain so that the module logic will be
-executed.  Can be given multiple times, for different domains.  If the option is
-not specified, all domains are treated as being allowed (default).
-.TP
-.B ipsecmod\-whitelist: \fI<domain>
-Alternate syntax for \fBipsecmod\-allow\fR.
-.SS "Cache DB Module Options"
-.LP
-The Cache DB module must be configured in the \fBmodule\-config:\fR directive
-e.g., "validator cachedb iterator" and be compiled into the daemon
-with \fB\-\-enable\-cachedb\fR.
-If this module is enabled and configured, the specified backend database
-works as a second level cache:
-When Unbound cannot find an answer to a query in its built-in in-memory
-cache, it consults the specified backend.
-If it finds a valid answer in the backend, Unbound uses it to respond
-to the query without performing iterative DNS resolution.
-If Unbound cannot even find an answer in the backend, it resolves the
-query as usual, and stores the answer in the backend.
-.P
-This module interacts with the \fBserve\-expired\-*\fR options and will reply
-with expired data if Unbound is configured for that.
-.P
-If Unbound was built with
-\fB\-\-with\-libhiredis\fR
-on a system that has installed the hiredis C client library of Redis,
-then the "redis" backend can be used.
-This backend communicates with the specified Redis server over a TCP
-connection to store and retrieve cache data.
-It can be used as a persistent and/or shared cache backend.
-It should be noted that Unbound never removes data stored in the Redis server,
-even if some data have expired in terms of DNS TTL or the Redis server has
-cached too much data;
-if necessary the Redis server must be configured to limit the cache size,
-preferably with some kind of least-recently-used eviction policy.
-Additionally, the \fBredis\-expire\-records\fR option can be used in order to
-set the relative DNS TTL of the message as timeout to the Redis records; keep
-in mind that some additional memory is used per key and that the expire
-information is stored as absolute Unix timestamps in Redis (computer time must
-be stable).
-This backend uses synchronous communication with the Redis server
-based on the assumption that the communication is stable and sufficiently
-fast.
-The thread waiting for a response from the Redis server cannot handle
-other DNS queries.
-Although the backend has the ability to reconnect to the server when
-the connection is closed unexpectedly and there is a configurable timeout
-in case the server is overly slow or hangs up, these cases are assumed
-to be very rare.
-If connection close or timeout happens too often, Unbound will be
-effectively unusable with this backend.
-It's the administrator's responsibility to make the assumption hold.
-.P
-The
-.B cachedb:
-clause gives custom settings of the cache DB module.
 .TP
-.B backend: \fI<backend name>\fR
+.B A/AAAA
+String of space separated IP addresses present in the A/AAAA RRset.
+The IP addresses are in string format.
+.TP
+.B IPSECKEY
+String of space separated IPSECKEY RDATA present in the IPSECKEY RRset.
+The IPSECKEY RDATA are in DNS presentation format.
+.UNINDENT
+.sp
+The A/AAAA answer is then cached and returned to the client.
+If the external hook was called the TTL changes to ensure it doesn\(aqt surpass
+\fI\%ipsecmod\-max\-ttl\fP\&.
+.sp
+The same procedure is also followed when
+\fI\%prefetch: yes\fP is set, but the A/AAAA answer is
+given to the client before the hook is called.
+\fI\%ipsecmod\-max\-ttl\fP ensures that the A/AAAA
+answer given from cache is still relevant for opportunistic IPsec.
+.INDENT 0.0
+.TP
+.B ipsecmod\-enabled: \fI<yes or no>\fP 
+Specifies whether the IPsec module is enabled or not.
+The IPsec module still needs to be defined in the
+\fI\%module\-config\fP directive.
+This option facilitates turning on/off the module without
+restarting/reloading Unbound.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ipsecmod\-hook: \fI<filename>\fP 
+Specifies the external hook that Unbound will call with \fIsystem(3)\fP\&.
+The file can be specified as an absolute/relative path.
+The file needs the proper permissions to be able to be executed by the same
+user that runs Unbound.
+It must be present when the IPsec module is defined in the
+\fI\%module\-config\fP directive.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ipsecmod\-strict: \fI<yes or no>\fP 
+If enabled Unbound requires the external hook to return a success value of
+0.
+Failing to do so Unbound will reply with SERVFAIL.
+The A/AAAA answer will also not be cached.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ipsecmod\-max\-ttl: \fI<seconds>\fP 
+Time to live maximum for A/AAAA cached records after calling the external
+hook.
+.sp
+Default: 3600
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ipsecmod\-ignore\-bogus: \fI<yes or no>\fP 
+Specifies the behaviour of Unbound when the IPSECKEY answer is bogus.
+If set to yes, the hook will be called and the A/AAAA answer will be
+returned to the client.
+If set to no, the hook will not be called and the answer to the A/AAAA
+query will be SERVFAIL.
+Mainly used for testing.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ipsecmod\-allow: \fI<domain>\fP 
+Allow the IPsec module functionality for the domain so that the module
+logic will be executed.
+Can be given multiple times, for different domains.
+If the option is not specified, all domains are treated as being allowed
+(default).
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ipsecmod\-whitelist: \fI<domain>\fP 
+Alternate syntax for \fI\%ipsecmod\-allow\fP\&.
+.UNINDENT
+.SS Cache DB Module Options
+.sp
+The Cache DB module must be configured in the
+\fI\%module\-config\fP directive, e.g.:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+module\-config: \(dqvalidator cachedb iterator\(dq
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+and be compiled into the daemon with \fB\-\-enable\-cachedb\fP\&.
+.sp
+If this module is enabled and configured, the specified backend database works
+as a second level cache; when Unbound cannot find an answer to a query in its
+built\-in in\-memory cache, it consults the specified backend.
+If it finds a valid answer in the backend, Unbound uses it to respond to the
+query without performing iterative DNS resolution.
+If Unbound cannot even find an answer in the backend, it resolves the query as
+usual, and stores the answer in the backend.
+.sp
+This module interacts with the \fIserve\-expired\-*\fP options and will reply with
+expired data if Unbound is configured for that.
+.sp
+If Unbound was built with \fB\-\-with\-libhiredis\fP on a system that has installed
+the hiredis C client library of Redis, then the \fBredis\fP backend can be used.
+This backend communicates with the specified Redis server over a TCP connection
+to store and retrieve cache data.
+It can be used as a persistent and/or shared cache backend.
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+Unbound never removes data stored in the Redis server, even if some data
+have expired in terms of DNS TTL or the Redis server has cached too much
+data; if necessary the Redis server must be configured to limit the cache
+size, preferably with some kind of least\-recently\-used eviction policy.
+.UNINDENT
+.UNINDENT
+.sp
+Additionally, the
+\fI\%redis\-expire\-records\fP option
+can be used in order to set the relative DNS TTL of the message as timeout to
+the Redis records; keep in mind that some additional memory is used per key and
+that the expire information is stored as absolute Unix timestamps in Redis
+(computer time must be stable).
+.sp
+This backend uses synchronous communication with the Redis server based on the
+assumption that the communication is stable and sufficiently fast.
+The thread waiting for a response from the Redis server cannot handle other DNS
+queries.
+Although the backend has the ability to reconnect to the server when the
+connection is closed unexpectedly and there is a configurable timeout in case
+the server is overly slow or hangs up, these cases are assumed to be very rare.
+If connection close or timeout happens too often, Unbound will be effectively
+unusable with this backend.
+It\(aqs the administrator\(aqs responsibility to make the assumption hold.
+.sp
+The \fBcachedb:\fP clause gives custom settings of the cache DB module.
+.INDENT 0.0
+.TP
+.B backend: \fI<backend name>\fP 
 Specify the backend database name.
-The default database is the in-memory backend named "testframe", which,
+The default database is the in\-memory backend named \fBtestframe\fP, which,
 as the name suggests, is not of any practical use.
-Depending on the build-time configuration, "redis" backend may also be
+Depending on the build\-time configuration, \fBredis\fP backend may also be
 used as described above.
+.sp
+Default: testframe
+.UNINDENT
+.INDENT 0.0
 .TP
-.B secret-seed: \fI<"secret string">\fR
+.B secret\-seed: \fI\(dq<secret string>\(dq\fP 
 Specify a seed to calculate a hash value from query information.
 This value will be used as the key of the corresponding answer for the
-backend database and can be customized if the hash should not be predictable
-operationally.
-If the backend database is shared by multiple Unbound instances,
-all instances must use the same secret seed.
-This option defaults to "default".
-.TP
-.B cachedb-no-store: \fI<yes or no>\fR
-If the backend should be read from, but not written to. This makes this
-instance not store dns messages in the backend. But if data is available it
-is retrieved. The default is no.
-.TP
-.B cachedb-check-when-serve-expired: \fI<yes or no>\fR
+backend database and can be customized if the hash should not be
+predictable operationally.
+If the backend database is shared by multiple Unbound instances, all
+instances must use the same secret seed.
+.sp
+Default: \(dqdefault\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B cachedb\-no\-store: \fI<yes or no>\fP 
+If the backend should be read from, but not written to.
+This makes this instance not store dns messages in the backend.
+But if data is available it is retrieved.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B cachedb\-check\-when\-serve\-expired: \fI<yes or no>\fP 
 If enabled, the cachedb is checked before an expired response is returned.
-When \fBserve\-expired\fR is enabled, without \fBserve\-expired\-client\-timeout\fR, it then
-does not immediately respond with an expired response from cache, but instead
-first checks the cachedb for valid contents, and if so returns it. If the
-cachedb also has no valid contents, the serve expired response is sent.
-If also \fBserve\-expired\-client\-timeout\fR is enabled, the expired response
-is delayed until the timeout expires. Unless the lookup succeeds within the
-timeout. The default is yes.
-.P
-The following
-.B cachedb
-options are specific to the redis backend.
-.TP
-.B redis-server-host: \fI<server address or name>\fR
+When
+\fI\%serve\-expired\fP
+is enabled, without
+\fI\%serve\-expired\-client\-timeout\fP
+, it then does not immediately respond with an expired response from cache,
+but instead first checks the cachedb for valid contents, and if so returns it.
+If the cachedb also has no valid contents, the serve expired response is sent.
+If also
+\fI\%serve\-expired\-client\-timeout\fP
+is enabled, the expired response is delayed until the timeout expires.
+Unless the lookup succeeds within the timeout.
+.sp
+Default: yes
+.UNINDENT
+.sp
+The following \fBcachedb:\fP options are specific to the \fBredis\fP backend.
+.INDENT 0.0
+.TP
+.B redis\-server\-host: \fI<server address or name>\fP 
 The IP (either v6 or v4) address or domain name of the Redis server.
-In general an IP address should be specified as otherwise Unbound will have to
-resolve the name of the server every time it establishes a connection
-to the server.
-This option defaults to "127.0.0.1".
-.TP
-.B redis-server-port: \fI<port number>\fR
+In general an IP address should be specified as otherwise Unbound will have
+to resolve the name of the server every time it establishes a connection to
+the server.
+.sp
+Default: 127.0.0.1
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-server\-port: \fI<port number>\fP 
 The TCP port number of the Redis server.
-This option defaults to 6379.
-.TP
-.B redis-server-path: \fI<unix socket path>\fR
-The unix socket path to connect to the Redis server. Off by default, and it
-can be set to "" to turn this off. Unix sockets may have better throughput
-than the IP address option.
-.TP
-.B redis-server-password: \fI"<password>"\fR
+.sp
+Default: 6379
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-server\-path: \fI<unix socket path>\fP 
+The unix socket path to connect to the Redis server.
+Unix sockets may have better throughput than the IP address option.
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-server\-password: \fI\(dq<password>\(dq\fP 
 The Redis AUTH password to use for the Redis server.
 Only relevant if Redis is configured for client password authorisation.
-Off by default, and it can be set to "" to turn this off.
-.TP
-.B redis-timeout: \fI<msec>\fR
-The period until when Unbound waits for a response from the Redis sever.
-If this timeout expires Unbound closes the connection, treats it as
-if the Redis server does not have the requested data, and will try to
-re-establish a new connection later.
-This option defaults to 100 milliseconds.
-.TP
-.B redis-command-timeout: \fI<msec>\fR
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-timeout: \fI<msec>\fP 
+The period until when Unbound waits for a response from the Redis server.
+If this timeout expires Unbound closes the connection, treats it as if the
+Redis server does not have the requested data, and will try to re\-establish
+a new connection later.
+.sp
+Default: 100
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-command\-timeout: \fI<msec>\fP 
 The timeout to use for Redis commands, in milliseconds.
-If 0, it uses the \fBredis\-timeout\fR value.
-The default is 0.
-.TP
-.B redis-connect-timeout: \fI<msec>\fR
+If \fB0\fP, it uses the
+\fI\%redis\-timeout\fP
+value.
+.sp
+Default: 0
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-connect\-timeout: \fI<msec>\fP 
 The timeout to use for Redis connection set up, in milliseconds.
-If 0, it uses the \fBredis\-timeout\fR value.
-The default is 0.
-.TP
-.B redis-expire-records: \fI<yes or no>
-If Redis record expiration is enabled.  If yes, Unbound sets timeout for Redis
-records so that Redis can evict keys that have expired automatically.  If
-Unbound is configured with \fBserve-expired\fR and \fBserve-expired-ttl\fR is 0,
-this option is internally reverted to "no".  Redis SETEX support is required
-for this option (Redis >= 2.0.0).
-This option defaults to no.
-.TP
-.B redis-logical-db: \fI<logical database index>
+If \fB0\fP, it uses the
+\fI\%redis\-timeout\fP
+value.
+.sp
+Default: 0
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-expire\-records: \fI<yes or no>\fP 
+If Redis record expiration is enabled.
+If yes, Unbound sets timeout for Redis records so that Redis can evict keys
+that have expired automatically.
+If Unbound is configured with
+\fI\%serve\-expired\fP and
+\fI\%serve\-expired\-ttl: 0\fP, this option is
+internally reverted to \(dqno\(dq.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+Redis \(dqSET ... EX\(dq support is required for this option (Redis >= 2.6.12).
+.UNINDENT
+.UNINDENT
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-logical\-db: \fI<logical database index>\fP 
 The logical database in Redis to use.
-These are databases in the same Redis instance sharing the same configuration
-and persisted in the same RDB/AOF file.
+These are databases in the same Redis instance sharing the same
+configuration and persisted in the same RDB/AOF file.
 If unsure about using this option, Redis documentation
-(https://redis.io/commands/select/) suggests not to use a single Redis instance
-for multiple unrelated applications.
+(\fI\%https://redis.io/commands/select/\fP) suggests not to use a single Redis
+instance for multiple unrelated applications.
 The default database in Redis is 0 while other logical databases need to be
-explicitly SELECT'ed upon connecting.
-This option defaults to 0.
-.TP
-.B redis-replica-server-host: \fI<server address or name>\fR
-The IP (either v6 or v4) address or domain name of the Redis replica server.
-In general an IP address should be specified as otherwise Unbound will have to
-resolve the name of the server every time it establishes a connection
-to the server.
-This server is treated as a read-only replica server
-(https://redis.io/docs/management/replication/#read-only-replica).
-If specified, all Redis read commands will go to this replica server, while
-the write commands will go to the \fBredis-server-host\fR.
-This option defaults to "" (disabled).
+explicitly SELECT\(aqed upon connecting.
+.sp
+Default: 0
+.UNINDENT
+.INDENT 0.0
 .TP
-.B redis-replica-server-port: \fI<port number>\fR
+.B redis\-replica\-server\-host: \fI<server address or name>\fP 
+The IP (either v6 or v4) address or domain name of the Redis server.
+In general an IP address should be specified as otherwise Unbound will have
+to resolve the name of the server every time it establishes a connection to
+the server.
+.sp
+This server is treated as a read\-only replica server
+(\fI\%https://redis.io/docs/management/replication/#read\-only\-replica\fP).
+If specified, all Redis read commands will go to this replica server, while
+the write commands will go to the
+\fI\%redis\-server\-host\fP\&.
+.sp
+Default: \(dq\(dq (disabled).
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-replica\-server\-port: \fI<port number>\fP 
 The TCP port number of the Redis replica server.
-This option defaults to 6379.
-.TP
-.B redis-replica-server-path: \fI<unix socket path>\fR
-The unix socket path to connect to the Redis server. Off by default, and it
-can be set to "" to turn this off. Unix sockets may have better throughput
-than the IP address option.
-.TP
-.B redis-replica-server-password: \fI"<password>"\fR
-The Redis AUTH password to use for the Redis replica server.
+.sp
+Default: 6379
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-replica\-server\-path: \fI<unix socket path>\fP 
+The unix socket path to connect to the Redis replica server.
+Unix sockets may have better throughput than the IP address option.
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-replica\-server\-password: \fI\(dq<password>\(dq\fP 
+The Redis AUTH password to use for the Redis server.
 Only relevant if Redis is configured for client password authorisation.
-Off by default, and it can be set to "" to turn this off.
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
 .TP
-.B redis-replica-timeout: \fI<msec>\fR
-The period until when Unbound waits for a response from the Redis replica sever.
-If this timeout expires Unbound closes the connection, treats it as
-if the Redis replica server does not have the requested data, and will try to
-re-establish a new connection later.
-This option defaults to 100 milliseconds.
-.TP
-.B redis-replica-command-timeout: \fI<msec>\fR
+.B redis\-replica\-timeout: \fI<msec>\fP 
+The period until when Unbound waits for a response from the Redis replica
+server.
+If this timeout expires Unbound closes the connection, treats it as if the
+Redis server does not have the requested data, and will try to re\-establish
+a new connection later.
+.sp
+Default: 100
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-replica\-command\-timeout: \fI<msec>\fP 
 The timeout to use for Redis replica commands, in milliseconds.
-If 0, it uses the \fBredis\-replica\-timeout\fR value.
-The default is 0.
-.TP
-.B redis-replica-connect-timeout: \fI<msec>\fR
+If \fB0\fP, it uses the
+\fI\%redis\-replica\-timeout\fP
+value.
+.sp
+Default: 0
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-replica\-connect\-timeout: \fI<msec>\fP 
 The timeout to use for Redis replica connection set up, in milliseconds.
-If 0, it uses the \fBredis\-replica\-timeout\fR value.
-The default is 0.
-.TP
-.B redis-replica-logical-db: \fI<logical database index>
-Same as \fBredis-logical-db\fR but for the Redis replica server.
-This option defaults to 0.
+If \fB0\fP, it uses the
+\fI\%redis\-replica\-timeout\fP
+value.
+.sp
+Default: 0
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-replica\-logical\-db: \fI<logical database index>\fP 
+Same as \fI\%redis\-logical\-db\fP but
+for the Redis replica server.
+.sp
+Default: 0
+.UNINDENT
 .SS DNSTAP Logging Options
-DNSTAP support, when compiled in by using \fB\-\-enable\-dnstap\fR, is enabled
-in the \fBdnstap:\fR section.
-This starts an extra thread (when compiled with threading) that writes
-the log information to the destination.  If Unbound is compiled without
-threading it does not spawn a thread, but connects per-process to the
-destination.
-.TP
-.B dnstap-enable: \fI<yes or no>
-If dnstap is enabled.  Default no.  If yes, it connects to the dnstap server
-and if any of the dnstap-log-..-messages options is enabled it sends logs
-for those messages to the server.
-.TP
-.B dnstap-bidirectional: \fI<yes or no>
-Use frame streams in bidirectional mode to transfer DNSTAP messages. Default is
-yes.
-.TP
-.B dnstap-socket-path: \fI<file name>
+.sp
+DNSTAP support, when compiled in by using \fB\-\-enable\-dnstap\fP, is enabled in
+the \fBdnstap:\fP section.
+This starts an extra thread (when compiled with threading) that writes the log
+information to the destination.
+If Unbound is compiled without threading it does not spawn a thread, but
+connects per\-process to the destination.
+.INDENT 0.0
+.TP
+.B dnstap\-enable: \fI<yes or no>\fP 
+If dnstap is enabled.
+If yes, it connects to the DNSTAP server and if any of the
+\fIdnstap\-log\-..\-messages:\fP options is enabled it sends logs for those
+messages to the server.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-bidirectional: \fI<yes or no>\fP 
+Use frame streams in bidirectional mode to transfer DNSTAP messages.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-socket\-path: \fI<file name>\fP 
 Sets the unix socket file name for connecting to the server that is
-listening on that socket.  Default is "@DNSTAP_SOCKET_PATH@".
-.TP
-.B dnstap-ip: \fI<IPaddress[@port]>
-If "", the unix socket is used, if set with an IP address (IPv4 or IPv6)
-that address is used to connect to the server.
-.TP
-.B dnstap-tls: \fI<yes or no>
-Set this to use TLS to connect to the server specified in \fBdnstap-ip\fR.
-The default is yes.  If set to no, TCP is used to connect to the server.
-.TP
-.B dnstap-tls-server-name: \fI<name of TLS authentication>
-The TLS server name to authenticate the server with.  Used when \fBdnstap-tls\fR is enabled.  If "" it is ignored, default "".
-.TP
-.B dnstap-tls-cert-bundle: \fI<file name of cert bundle>
-The pem file with certs to verify the TLS server certificate. If "" the
-server default cert bundle is used, or the windows cert bundle on windows.
-Default is "".
-.TP
-.B dnstap-tls-client-key-file: \fI<file name>
-The client key file for TLS client authentication. If "" client
-authentication is not used.  Default is "".
-.TP
-.B dnstap-tls-client-cert-file: \fI<file name>
-The client cert file for TLS client authentication.  Default is "".
-.TP
-.B dnstap-send-identity: \fI<yes or no>
+listening on that socket.
+.sp
+Default: @DNSTAP_SOCKET_PATH@
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-ip: \fI<IPaddress[@port]>\fP 
+If \fB\(dq\(dq\fP, the unix socket is used, if set with an IP address (IPv4 or
+IPv6) that address is used to connect to the server.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-tls: \fI<yes or no>\fP 
+Set this to use TLS to connect to the server specified in
+\fI\%dnstap\-ip\fP\&.
+If set to no, TCP is used to connect to the server.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-tls\-server\-name: \fI<name of TLS authentication>\fP 
+The TLS server name to authenticate the server with.
+Used when \fI\%dnstap\-tls: yes\fP is set.
+If \fB\(dq\(dq\fP it is ignored.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-tls\-cert\-bundle: \fI<file name of cert bundle>\fP 
+The pem file with certs to verify the TLS server certificate.
+If \fB\(dq\(dq\fP the server default cert bundle is used, or the windows cert
+bundle on windows.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-tls\-client\-key\-file: \fI<file name>\fP 
+The client key file for TLS client authentication.
+If \fB\(dq\(dq\fP client authentication is not used.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-tls\-client\-cert\-file: \fI<file name>\fP 
+The client cert file for TLS client authentication.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-send\-identity: \fI<yes or no>\fP 
 If enabled, the server identity is included in the log messages.
-Default is no.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
 .TP
-.B dnstap-send-version: \fI<yes or no>
+.B dnstap\-send\-version: \fI<yes or no>\fP 
 If enabled, the server version if included in the log messages.
-Default is no.
-.TP
-.B dnstap-identity: \fI<string>
-The identity to send with messages, if "" the hostname is used.
-Default is "".
-.TP
-.B dnstap-version: \fI<string>
-The version to send with messages, if "" the package version is used.
-Default is "".
-.TP
-.B dnstap-sample-rate: \fI<number>
-The sample rate for log of messages, it logs only 1/N messages. With 0 it
-is disabled. Default is 0. This is useful in a high volume environment,
-where log functionality would otherwise not be reliable. For example 10
-would spend only 1/10th time on logging, and 100 would only spend a
-hundredth of the time on logging.
-.TP
-.B dnstap-log-resolver-query-messages: \fI<yes or no>
-Enable to log resolver query messages.  Default is no.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-identity: \fI<string>\fP 
+The identity to send with messages, if \fB\(dq\(dq\fP the hostname is used.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-version: \fI<string>\fP 
+The version to send with messages, if \fB\(dq\(dq\fP the package version is used.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-sample\-rate: \fI<number>\fP 
+The sample rate for log of messages, it logs only 1/N messages.
+With 0 it is disabled.
+This is useful in a high volume environment, where log functionality would
+otherwise not be reliable.
+For example 10 would spend only 1/10th time on logging, and 100 would only
+spend a hundredth of the time on logging.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-log\-resolver\-query\-messages: \fI<yes or no>\fP 
+Enable to log resolver query messages.
 These are messages from Unbound to upstream servers.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
 .TP
-.B dnstap-log-resolver-response-messages: \fI<yes or no>
-Enable to log resolver response messages.  Default is no.
+.B dnstap\-log\-resolver\-response\-messages: \fI<yes or no>\fP 
+Enable to log resolver response messages.
 These are replies from upstream servers to Unbound.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
 .TP
-.B dnstap-log-client-query-messages: \fI<yes or no>
-Enable to log client query messages.  Default is no.
+.B dnstap\-log\-client\-query\-messages: \fI<yes or no>\fP 
+Enable to log client query messages.
 These are client queries to Unbound.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
 .TP
-.B dnstap-log-client-response-messages: \fI<yes or no>
-Enable to log client response messages.  Default is no.
+.B dnstap\-log\-client\-response\-messages: \fI<yes or no>\fP 
+Enable to log client response messages.
 These are responses from Unbound to clients.
-.TP
-.B dnstap-log-forwarder-query-messages: \fI<yes or no>
-Enable to log forwarder query messages.  Default is no.
-.TP
-.B dnstap-log-forwarder-response-messages: \fI<yes or no>
-Enable to log forwarder response messages.  Default is no.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-log\-forwarder\-query\-messages: \fI<yes or no>\fP 
+Enable to log forwarder query messages.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-log\-forwarder\-response\-messages: \fI<yes or no>\fP 
+Enable to log forwarder response messages.
+.sp
+Default: no
+.UNINDENT
 .SS Response Policy Zone Options
-.LP
-Response Policy Zones are configured with \fBrpz:\fR, and each one must have a
-\fBname:\fR. There can be multiple ones, by listing multiple RPZ clauses, each
-with a different name. RPZ clauses are applied in order of configuration and
-any match from an earlier RPZ zone will terminate the RPZ lookup. Note that a
-PASSTHRU action is still considered a match.
-The \fBrespip\fR module needs to be added to the \fBmodule-config\fR, e.g.:
-\fBmodule-config: "respip validator iterator"\fR.
-.P
+.sp
+Response Policy Zones are configured with \fBrpz:\fP, and each one must have a
+\fI\%name\fP attribute.
+There can be multiple ones, by listing multiple RPZ clauses, each with a
+different name.
+RPZ clauses are applied in order of configuration and any match from an earlier
+RPZ zone will terminate the RPZ lookup.
+Note that a PASSTHRU action is still considered a match.
+The respip module needs to be added to the
+\fI\%module\-config\fP, e.g.:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+module\-config: \(dqrespip validator iterator\(dq
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
 QNAME, Response IP Address, nsdname, nsip and clientip triggers are supported.
 Supported actions are: NXDOMAIN, NODATA, PASSTHRU, DROP, Local Data, tcp\-only
-and drop.  RPZ QNAME triggers are applied after \fBlocal\-zones\fR and
-before \fBauth\-zones\fR.
-.P
+and drop.
+RPZ QNAME triggers are applied after any
+\fI\%local\-zone\fP and before any
+\fI\%auth\-zone\fP\&.
+.sp
 The RPZ zone is a regular DNS zone formatted with a SOA start record as usual.
 The items in the zone are entries, that specify what to act on (the trigger)
 and what to do (the action).
@@ -3073,167 +5458,278 @@ The trigger to act on is recorded in the name, the action to do is recorded as
 the resource record.
 The names all end in the zone name, so you could type the trigger names without
 a trailing dot in the zonefile.
-.P
-An example RPZ record, that answers example.com with NXDOMAIN
+.sp
+An example RPZ record, that answers \fBexample.com\fP with \fBNXDOMAIN\fP:
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-	example.com CNAME .
+.ft C
+example.com CNAME .
+.ft P
 .fi
-.P
+.UNINDENT
+.UNINDENT
+.sp
 The triggers are encoded in the name on the left
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-	name                          query name
-	netblock.rpz-client-ip        client IP address
-	netblock.rpz-ip               response IP address in the answer
-	name.rpz-nsdname              nameserver name
-	netblock.rpz-nsip             nameserver IP address
+.ft C
+name                          query name
+netblock.rpz\-client\-ip        client IP address
+netblock.rpz\-ip               response IP address in the answer
+name.rpz\-nsdname              nameserver name
+netblock.rpz\-nsip             nameserver IP address
+.ft P
 .fi
-The netblock is written as <netblocklen>.<ip address in reverse>.
-For IPv6 use 'zz' for '::'.  Specify individual addresses with scope length
-of 32 or 128.  For example, 24.10.100.51.198.rpz-ip is 198.51.100.10/24 and
-32.10.zz.db8.2001.rpz-ip is 2001:db8:0:0:0:0:0:10/32.
-.P
+.UNINDENT
+.UNINDENT
+.sp
+The netblock is written as \fB<netblocklen>.<ip address in reverse>\fP\&.
+For IPv6 use \fB\(aqzz\(aq\fP for \fB\(aq::\(aq\fP\&.
+Specify individual addresses with scope length of 32 or 128.
+For example, \fB24.10.100.51.198.rpz\-ip\fP is \fB198.51.100.10/24\fP and
+\fB32.10.zz.db8.2001.rpz\-ip\fP is \fB2001:db8:0:0:0:0:0:10/32\fP\&.
+.sp
 The actions are specified with the record on the right
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-	CNAME .                      nxdomain reply
-	CNAME *.                     nodata reply
-	CNAME rpz-passthru.          do nothing, allow to continue
-	CNAME rpz-drop.              the query is dropped
-	CNAME rpz-tcp-only.          answer over TCP
-	A 192.0.2.1                  answer with this IP address
+.ft C
+CNAME .                      nxdomain reply
+CNAME *.                     nodata reply
+CNAME rpz\-passthru.          do nothing, allow to continue
+CNAME rpz\-drop.              the query is dropped
+CNAME rpz\-tcp\-only.          answer over TCP
+A 192.0.2.1                  answer with this IP address
+.ft P
 .fi
-Other records like AAAA, TXT and other CNAMEs (not rpz-..) can also be used to
+.UNINDENT
+.UNINDENT
+.sp
+Other records like AAAA, TXT and other CNAMEs (not rpz\-..) can also be used to
 answer queries with that content.
-.P
-The RPZ zones can be configured in the config file with these settings in the \fBrpz:\fR block.
+.sp
+The RPZ zones can be configured in the config file with these settings in the
+\fBrpz:\fP block.
+.INDENT 0.0
 .TP
-.B name: \fI<zone name>
+.B name: \fI<zone name>\fP 
 Name of the authority zone.
-.TP
-.B primary: \fI<IP address or host name>
-Where to download a copy of the zone from, with AXFR and IXFR.  Multiple
-primaries can be specified.  They are all tried if one fails.
-To use a nondefault port for DNS communication append '@' with the port number.
-You can append a '#' and a name, then AXFR over TLS can be used and the tls authentication certificates will be checked with that name.  If you combine
-the '@' and '#', the '@' comes first.
-If you point it at another Unbound instance, it would not work because
-that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download
-the zonefile as a text file from a webserver that would work.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B primary: \fI<IP address or host name>\fP 
+Where to download a copy of the zone from, with AXFR and IXFR.
+Multiple primaries can be specified.
+They are all tried if one fails.
+.sp
+To use a non\-default port for DNS communication append \fB\(aq@\(aq\fP with the
+port number.
+.sp
+You can append a \fB\(aq#\(aq\fP and a name, then AXFR over TLS can be used and the
+TLS authentication certificates will be checked with that name.
+.sp
+If you combine the \fB\(aq@\(aq\fP and \fB\(aq#\(aq\fP, the \fB\(aq@\(aq\fP comes first.
+If you point it at another Unbound instance, it would not work because that
+does not support AXFR/IXFR for the zone, but if you used
+\fI\%url\fP to download the zonefile as a text file
+from a webserver that would work.
+.sp
 If you specify the hostname, you cannot use the domain from the zonefile,
 because it may not have that when retrieving that data, instead use a plain
 IP address to avoid a circular dependency on retrieving that IP address.
-.TP
-.B master: \fI<IP address or host name>
-Alternate syntax for \fBprimary\fR.
-.TP
-.B url: \fI<url to zonefile>
-Where to download a zonefile for the zone.  With http or https.  An example
-for the url is "http://www.example.com/example.org.zone".  Multiple url
-statements can be given, they are tried in turn.  If only urls are given
-the SOA refresh timer is used to wait for making new downloads.  If also
-primaries are listed, the primaries are first probed with UDP SOA queries to
-see if the SOA serial number has changed, reducing the number of downloads.
-If none of the urls work, the primaries are tried with IXFR and AXFR.
-For https, the \fBtls\-cert\-bundle\fR and the hostname from the url are used
-to authenticate the connection.
-.TP
-.B allow\-notify: \fI<IP address or host name or netblockIP/prefix>
-With allow\-notify you can specify additional sources of notifies.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B master: \fI<IP address or host name>\fP 
+Alternate syntax for \fI\%primary\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B url: \fI<url to zonefile>\fP 
+Where to download a zonefile for the zone.
+With HTTP or HTTPS.
+An example for the url is:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+http://www.example.com/example.org.zone
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+Multiple url statements can be given, they are tried in turn.
+.sp
+If only urls are given the SOA refresh timer is used to wait for making new
+downloads.
+If also primaries are listed, the primaries are first probed with UDP SOA
+queries to see if the SOA serial number has changed, reducing the number of
+downloads.
+If none of the URLs work, the primaries are tried with IXFR and AXFR.
+.sp
+For HTTPS, the \fI\%tls\-cert\-bundle\fP and
+the hostname from the url are used to authenticate the connection.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B allow\-notify: \fI<IP address or host name or netblockIP/prefix>\fP 
+With \fI\%allow\-notify\fP you can specify
+additional sources of notifies.
 When notified, the server attempts to first probe and then zone transfer.
-If the notify is from a primary, it first attempts that primary.  Otherwise
-other primaries are attempted.  If there are no primaries, but only urls, the
-file is downloaded when notified.  The primaries from primary: and url:
-statements are allowed notify by default.
-.TP
-.B zonefile: \fI<filename>
-The filename where the zone is stored.  If not given then no zonefile is used.
+If the notify is from a primary, it first attempts that primary.
+Otherwise other primaries are attempted.
+If there are no primaries, but only urls, the file is downloaded when
+notified.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The primaries from \fI\%primary\fP and
+\fI\%url\fP statements are allowed notify by
+default.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B zonefile: \fI<filename>\fP 
+The filename where the zone is stored.
+If not given then no zonefile is used.
 If the file does not exist or is empty, Unbound will attempt to fetch zone
 data (eg. from the primary servers).
+.UNINDENT
+.INDENT 0.0
 .TP
-.B rpz\-action\-override: \fI<action>
-Always use this RPZ action for matching triggers from this zone. Possible action
-are: nxdomain, nodata, passthru, drop, disabled and cname.
+.B rpz\-action\-override: \fI<action>\fP 
+Always use this RPZ action for matching triggers from this zone.
+Possible actions are: \fInxdomain\fP, \fInodata\fP, \fIpassthru\fP, \fIdrop\fP, \fIdisabled\fP
+and \fIcname\fP\&.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B rpz\-cname\-override: \fI<domain>
+.B rpz\-cname\-override: \fI<domain>\fP 
 The CNAME target domain to use if the cname action is configured for
-\fBrpz\-action\-override\fR.
-.TP
-.B rpz\-log: \fI<yes or no>
-Log all applied RPZ actions for this RPZ zone. Default is no.
-.TP
-.B rpz\-log\-name: \fI<name>
+\fI\%rpz\-action\-override\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B rpz\-log: \fI<yes or no>\fP 
+Log all applied RPZ actions for this RPZ zone.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B rpz\-log\-name: \fI<name>\fP 
 Specify a string to be part of the log line, for easy referencing.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B rpz\-signal\-nxdomain\-ra: \fI<yes or no>
-Signal when a query is blocked by the RPZ with NXDOMAIN with an unset RA flag.
+.B rpz\-signal\-nxdomain\-ra: \fI<yes or no>\fP 
+Signal when a query is blocked by the RPZ with NXDOMAIN with an unset RA
+flag.
 This allows certain clients, like dnsmasq, to infer that the domain is
-externally blocked. Default is no.
+externally blocked.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
 .TP
-.B for\-downstream: \fI<yes or no>
+.B for\-downstream: \fI<yes or no>\fP 
 If enabled the zone is authoritatively answered for and queries for the RPZ
-zone information are answered to downstream clients. This is useful for
-monitoring scripts, that can then access the SOA information to check if
-the RPZ information is up to date. Default is no.
-.TP
-.B tags: \fI<list of tags>
-Limit the policies from this RPZ clause to clients with a matching tag. Tags
-need to be defined in \fBdefine\-tag\fR and can be assigned to client addresses
-using \fBaccess\-control\-tag\fR. Enclose list of tags in quotes ("") and put
-spaces between tags. If no tags are specified the policies from this clause will
-be applied for all clients.
-.SH "MEMORY CONTROL EXAMPLE"
-In the example config settings below memory usage is reduced. Some service
-levels are lower, notable very large data and a high TCP load are no longer
-supported. Very large data and high TCP loads are exceptional for the DNS.
+zone information are answered to downstream clients.
+This is useful for monitoring scripts, that can then access the SOA
+information to check if the RPZ information is up to date.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tags: \fI\(dq<list of tags>\(dq\fP 
+Limit the policies from this RPZ clause to clients with a matching tag.
+.sp
+Tags need to be defined in \fI\%define\-tag\fP and
+can be assigned to client addresses using
+\fI\%access\-control\-tag\fP or
+\fI\%interface\-tag\fP\&.
+Enclose list of tags in quotes (\fB\(dq\(dq\fP) and put spaces between tags.
+.sp
+If no tags are specified the policies from this clause will be applied for
+all clients.
+.UNINDENT
+.SH MEMORY CONTROL EXAMPLE
+.sp
+In the example config settings below memory usage is reduced.
+Some service levels are lower, notable very large data and a high TCP load are
+no longer supported.
+Very large data and high TCP loads are exceptional for the DNS.
 DNSSEC validation is enabled, just add trust anchors.
-If you do not have to worry about programs using more than 3 Mb of memory,
-the below example is not for you. Use the defaults to receive full service,
-which on BSD\-32bit tops out at 30\-40 Mb after heavy usage.
-.P
+If you do not have to worry about programs using more than 3 Mb of memory, the
+below example is not for you.
+Use the defaults to receive full service, which on BSD\-32bit tops out at 30\-40
+Mb after heavy usage.
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
+.ft C
 # example settings that reduce memory usage
 server:
-	num\-threads: 1
-	outgoing\-num\-tcp: 1	# this limits TCP service, uses less buffers.
-	incoming\-num\-tcp: 1
-	outgoing\-range: 60	# uses less memory, but less performance.
-	msg\-buffer\-size: 8192   # note this limits service, 'no huge stuff'.
-	msg\-cache\-size: 100k
-	msg\-cache\-slabs: 1
-	rrset\-cache\-size: 100k
-	rrset\-cache\-slabs: 1
-	infra\-cache\-numhosts: 200
-	infra\-cache\-slabs: 1
-	key\-cache\-size: 100k
-	key\-cache\-slabs: 1
-	neg\-cache\-size: 10k
-	num\-queries\-per\-thread: 30
-	target\-fetch\-policy: "2 1 0 0 0 0"
-	harden\-large\-queries: "yes"
-	harden\-short\-bufsize: "yes"
+    num\-threads: 1
+    outgoing\-num\-tcp: 1 # this limits TCP service, uses less buffers.
+    incoming\-num\-tcp: 1
+    outgoing\-range: 60  # uses less memory, but less performance.
+    msg\-buffer\-size: 8192   # note this limits service, \(aqno huge stuff\(aq.
+    msg\-cache\-size: 100k
+    msg\-cache\-slabs: 1
+    rrset\-cache\-size: 100k
+    rrset\-cache\-slabs: 1
+    infra\-cache\-numhosts: 200
+    infra\-cache\-slabs: 1
+    key\-cache\-size: 100k
+    key\-cache\-slabs: 1
+    neg\-cache\-size: 10k
+    num\-queries\-per\-thread: 30
+    target\-fetch\-policy: \(dq2 1 0 0 0 0\(dq
+    harden\-large\-queries: \(dqyes\(dq
+    harden\-short\-bufsize: \(dqyes\(dq
+.ft P
 .fi
-.SH "FILES"
+.UNINDENT
+.UNINDENT
+.SH FILES
+.INDENT 0.0
 .TP
-.I @UNBOUND_RUN_DIR@
+.B @UNBOUND_RUN_DIR@
 default Unbound working directory.
 .TP
-.I @UNBOUND_CHROOT_DIR@
-default
-\fIchroot\fR(2)
-location.
+.B @UNBOUND_CHROOT_DIR@
+default \fIchroot(2)\fP location.
 .TP
-.I @ub_conf_file@
+.B @ub_conf_file@
 Unbound configuration file.
 .TP
-.I @UNBOUND_PIDFILE@
+.B @UNBOUND_PIDFILE@
 default Unbound pidfile with process ID of the running daemon.
 .TP
-.I unbound.log
-Unbound log file. default is to log to
-\fIsyslog\fR(3).
-.SH "SEE ALSO"
-\fIunbound\fR(8),
-\fIunbound\-checkconf\fR(8).
-.SH "AUTHORS"
-.B Unbound
-was written by NLnet Labs. Please see CREDITS file
-in the distribution for further details.
+.B unbound.log
+Unbound log file.
+Default is to log to \fIsyslog(3)\fP\&.
+.UNINDENT
+.SH SEE ALSO
+.sp
+\fI\%unbound(8)\fP,
+\fI\%unbound\-checkonf(8)\fP\&.
+.SH AUTHOR
+Unbound developers are mentioned in the CREDITS file in the distribution.
+.SH COPYRIGHT
+1999-2025, NLnet Labs
+.\" Generated by docutils manpage writer.
+.
diff --git a/contrib/unbound/doc/unbound.conf.rst b/contrib/unbound/doc/unbound.conf.rst
new file mode 100644
index 000000000000..d83816c6f468
--- /dev/null
+++ b/contrib/unbound/doc/unbound.conf.rst
@@ -0,0 +1,5005 @@
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+unbound.conf(5)
+===============
+
+Synopsis
+--------
+
+**unbound.conf**
+
+Description
+-----------
+
+**unbound.conf** is used to configure :doc:`unbound(8)</manpages/unbound>`.
+The file format has attributes and values.
+Some attributes have attributes inside them.
+The notation is: ``attribute: value``.
+
+Comments start with ``#`` and last to the end of line.
+Empty lines are ignored as is whitespace at the beginning of a line.
+
+The utility :doc:`unbound-checkconf(8)</manpages/unbound-checkconf>` can be
+used to check ``unbound.conf`` prior to usage.
+
+Example
+-------
+
+An example config file is shown below.
+Copy this to :file:`/etc/unbound/unbound.conf` and start the server with:
+
+.. code-block:: text
+
+    $ unbound -c /etc/unbound/unbound.conf
+
+Most settings are the defaults.
+Stop the server with:
+
+.. code-block:: text
+
+    $ kill `cat /etc/unbound/unbound.pid`
+
+Below is a minimal config file.
+The source distribution contains an extensive :file:`example.conf` file with
+all the options.
+
+.. code-block:: text
+
+    # unbound.conf(5) config file for unbound(8).
+    server:
+        directory: "/etc/unbound"
+        username: unbound
+        # make sure unbound can access entropy from inside the chroot.
+        # e.g. on linux the use these commands (on BSD, devfs(8) is used):
+        #      mount --bind -n /dev/urandom /etc/unbound/dev/urandom
+        # and  mount --bind -n /dev/log /etc/unbound/dev/log
+        chroot: "/etc/unbound"
+        # logfile: "/etc/unbound/unbound.log"  #uncomment to use logfile.
+        pidfile: "/etc/unbound/unbound.pid"
+        # verbosity: 1      # uncomment and increase to get more logging.
+        # listen on all interfaces, answer queries from the local subnet.
+        interface: 0.0.0.0
+        interface: ::0
+        access-control: 10.0.0.0/8 allow
+        access-control: 2001:DB8::/64 allow
+
+File Format
+-----------
+
+There must be whitespace between keywords.
+Attribute keywords end with a colon ``':'``.
+An attribute is followed by a value, or its containing attributes in which case
+it is referred to as a clause.
+Clauses can be repeated throughout the file (or included files) to group
+attributes under the same clause.
+
+.. _unbound.conf.include:
+
+Files can be included using the **include:** directive.
+It can appear anywhere, it accepts a single file name as argument.
+Processing continues as if the text from the included file was copied into the
+config file at that point.
+If also using :ref:`chroot<unbound.conf.chroot>`, using full path names for
+the included files works, relative pathnames for the included names work if the
+directory where the daemon is started equals its chroot/working directory or is
+specified before the include statement with :ref:`directory:
+dir<unbound.conf.directory>`.
+Wildcards can be used to include multiple files, see *glob(7)*.
+
+.. _unbound.conf.include-toplevel:
+
+For a more structural include option, the **include-toplevel:** directive can
+be used.
+This closes whatever clause is currently active (if any) and forces the use of
+clauses in the included files and right after this directive.
+
+.. _unbound.conf.server:
+
+Server Options
+^^^^^^^^^^^^^^
+
+These options are part of the **server:** clause.
+
+
+@@UAHL@unbound.conf@verbosity@@: *<number>*
+    The verbosity level.
+
+    Level 0
+        No verbosity, only errors.
+
+    Level 1
+        Gives operational information.
+
+    Level 2
+        Gives detailed operational information including short information per
+        query.
+
+    Level 3
+        Gives query level information, output per query.
+
+    Level 4
+        Gives algorithm level information.
+
+    Level 5
+        Logs client identification for cache misses.
+
+    The verbosity can also be increased from the command line and during run
+    time via remote control. See :doc:`unbound(8)</manpages/unbound>` and
+    :doc:`unbound-control(8)</manpages/unbound-control>` respectively.
+
+    Default: 1
+
+
+@@UAHL@unbound.conf@statistics-interval@@: *<seconds>*
+    The number of seconds between printing statistics to the log for every
+    thread.
+    Disable with value ``0`` or ``""``.
+    The histogram statistics are only printed if replies were sent during the
+    statistics interval, requestlist statistics are printed for every interval
+    (but can be 0).
+    This is because the median calculation requires data to be present.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@statistics-cumulative@@: *<yes or no>*
+    If enabled, statistics are cumulative since starting Unbound, without
+    clearing the statistics counters after logging the statistics.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@extended-statistics@@: *<yes or no>*
+    If enabled, extended statistics are printed from
+    :doc:`unbound-control(8)</manpages/unbound-control>`.
+    The counters are listed in
+    :doc:`unbound-control(8)</manpages/unbound-control>`.
+    Keeping track of more statistics takes time.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@statistics-inhibit-zero@@: *<yes or no>*
+    If enabled, selected extended statistics with a value of 0 are inhibited
+    from printing with
+    :doc:`unbound-control(8)</manpages/unbound-control>`.
+    These are query types, query classes, query opcodes, answer rcodes
+    (except NOERROR, FORMERR, SERVFAIL, NXDOMAIN, NOTIMPL, REFUSED)
+    and PRZ actions.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@num-threads@@: *<number>*
+    The number of threads to create to serve clients. Use 1 for no threading.
+
+    Default: 1
+
+
+@@UAHL@unbound.conf@port@@: *<port number>*
+    The port number on which the server responds to queries.
+
+    Default: 53
+
+
+@@UAHL@unbound.conf@interface@@: *<IP address or interface name[@port]>*
+    Interface to use to connect to the network.
+    This interface is listened to for queries from clients, and answers to
+    clients are given from it.
+    Can be given multiple times to work on several interfaces.
+    If none are given the default is to listen on localhost.
+
+    If an interface name is used instead of an IP address, the list of IP
+    addresses on that interface are used.
+    The interfaces are not changed on a reload (``kill -HUP``) but only on
+    restart.
+
+    A port number can be specified with @port (without spaces between interface
+    and port number), if not specified the default port (from
+    :ref:`port<unbound.conf.port>`) is used.
+
+
+@@UAHL@unbound.conf@ip-address@@: *<IP address or interface name[@port]>*
+    Same as :ref:`interface<unbound.conf.interface>` (for ease of
+    compatibility with :external+nsd:doc:`manpages/nsd.conf`).
+
+
+@@UAHL@unbound.conf@interface-automatic@@: *<yes or no>*
+    Listen on all addresses on all (current and future) interfaces, detect the
+    source interface on UDP queries and copy them to replies.
+    This is a lot like :ref:`ip-transparent<unbound.conf.ip-transparent>`, but
+    this option services all interfaces whilst with
+    :ref:`ip-transparent<unbound.conf.ip-transparent>` you can select which
+    (future) interfaces Unbound provides service on.
+    This feature is experimental, and needs support in your OS for particular
+    socket options.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@interface-automatic-ports@@: *"<string>"*
+    List the port numbers that
+    :ref:`interface-automatic<unbound.conf.interface-automatic>` listens on.
+    If empty, the default port is listened on.
+    The port numbers are separated by spaces in the string.
+
+    This can be used to have interface automatic to deal with the interface,
+    and listen on the normal port number, by including it in the list, and
+    also HTTPS or DNS-over-TLS port numbers by putting them in the list as
+    well.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@outgoing-interface@@: *<IPv4/IPv6 address or IPv6 netblock>*
+    Interface to use to connect to the network.
+    This interface is used to send queries to authoritative servers and receive
+    their replies.
+    Can be given multiple times to work on several interfaces.
+    If none are given the default (all) is used.
+    You can specify the same interfaces in
+    :ref:`interface<unbound.conf.interface>` and
+    :ref:`outgoing-interface<unbound.conf.outgoing-interface>` lines, the
+    interfaces are then used for both purposes.
+    Outgoing queries are sent via a random outgoing interface to counter
+    spoofing.
+
+    If an IPv6 netblock is specified instead of an individual IPv6 address,
+    outgoing UDP queries will use a randomised source address taken from the
+    netblock to counter spoofing.
+    Requires the IPv6 netblock to be routed to the host running Unbound, and
+    requires OS support for unprivileged non-local binds (currently only
+    supported on Linux).
+    Several netblocks may be specified with multiple
+    :ref:`outgoing-interface<unbound.conf.outgoing-interface>` options, but do
+    not specify both an individual IPv6 address and an IPv6 netblock, or the
+    randomisation will be compromised.
+    Consider combining with :ref:`prefer-ip6: yes<unbound.conf.prefer-ip6>` to
+    increase the likelihood of IPv6 nameservers being selected for queries.
+    On Linux you need these two commands to be able to use the freebind socket
+    option to receive traffic for the ip6 netblock:
+
+    .. code-block:: text
+
+        ip -6 addr add mynetblock/64 dev lo && \
+        ip -6 route add local mynetblock/64 dev lo
+
+
+@@UAHL@unbound.conf@outgoing-range@@: *<number>*
+    Number of ports to open.
+    This number of file descriptors can be opened per thread.
+    Must be at least 1.
+    Default depends on compile options.
+    Larger numbers need extra resources from the operating system.
+    For performance a very large value is best, use libevent to make this
+    possible.
+
+    Default: 4096 (libevent) / 960 (minievent) / 48 (windows)
+
+
+@@UAHL@unbound.conf@outgoing-port-permit@@: *<port number or range>*
+    Permit Unbound to open this port or range of ports for use to send queries.
+    A larger number of permitted outgoing ports increases resilience against
+    spoofing attempts.
+    Make sure these ports are not needed by other daemons.
+    By default only ports above 1024 that have not been assigned by IANA are
+    used.
+    Give a port number or a range of the form "low-high", without spaces.
+
+    The :ref:`outgoing-port-permit<unbound.conf.outgoing-port-permit>` and
+    :ref:`outgoing-port-avoid<unbound.conf.outgoing-port-avoid>` statements
+    are processed in the line order of the config file, adding the permitted
+    ports and subtracting the avoided ports from the set of allowed ports.
+    The processing starts with the non IANA allocated ports above 1024 in the
+    set of allowed ports.
+
+
+@@UAHL@unbound.conf@outgoing-port-avoid@@: *<port number or range>*
+    Do not permit Unbound to open this port or range of ports for use to send
+    queries.
+    Use this to make sure Unbound does not grab a port that another daemon
+    needs.
+    The port is avoided on all outgoing interfaces, both IPv4 and IPv6.
+    By default only ports above 1024 that have not been assigned by IANA are
+    used.
+    Give a port number or a range of the form "low-high", without spaces.
+
+
+@@UAHL@unbound.conf@outgoing-num-tcp@@: *<number>*
+    Number of outgoing TCP buffers to allocate per thread.
+    If set to 0, or if :ref:`do-tcp: no<unbound.conf.do-tcp>` is set, no TCP
+    queries to authoritative servers are done.
+    For larger installations increasing this value is a good idea.
+
+    Default: 10
+
+
+@@UAHL@unbound.conf@incoming-num-tcp@@: *<number>*
+    Number of incoming TCP buffers to allocate per thread.
+    If set to 0, or if :ref:`do-tcp: no<unbound.conf.do-tcp>` is set, no TCP
+    queries from clients are accepted.
+    For larger installations increasing this value is a good idea.
+
+    Default: 10
+
+
+@@UAHL@unbound.conf@edns-buffer-size@@: *<number>*
+    Number of bytes size to advertise as the EDNS reassembly buffer size.
+    This is the value put into datagrams over UDP towards peers.
+    The actual buffer size is determined by
+    :ref:`msg-buffer-size<unbound.conf.msg-buffer-size>` (both for TCP and
+    UDP).
+    Do not set higher than that value.
+    Setting to 512 bypasses even the most stringent path MTU problems, but is
+    seen as extreme, since the amount of TCP fallback generated is excessive
+    (probably also for this resolver, consider tuning
+    :ref:`outgoing-num-tcp<unbound.conf.outgoing-num-tcp>`).
+
+    Default: 1232 (`DNS Flag Day 2020 recommendation
+    <https://dnsflagday.net/2020/>`__)
+
+
+@@UAHL@unbound.conf@max-udp-size@@: *<number>*
+    Maximum UDP response size (not applied to TCP response).
+    65536 disables the UDP response size maximum, and uses the choice from the
+    client, always.
+    Suggested values are 512 to 4096.
+
+    Default: 1232 (same as :ref:`edns-buffer-size<unbound.conf.edns-buffer-size>`)
+
+
+@@UAHL@unbound.conf@stream-wait-size@@: *<number>*
+    Number of bytes size maximum to use for waiting stream buffers.
+    A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+    or gigabytes (1024*1024 bytes in a megabyte).
+    As TCP and TLS streams queue up multiple results, the amount of memory used
+    for these buffers does not exceed this number, otherwise the responses are
+    dropped.
+    This manages the total memory usage of the server (under heavy use), the
+    number of requests that can be queued up per connection is also limited,
+    with further requests waiting in TCP buffers.
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@msg-buffer-size@@: *<number>*
+    Number of bytes size of the message buffers.
+    Default is 65552 bytes, enough for 64 Kb packets, the maximum DNS message
+    size.
+    No message larger than this can be sent or received.
+    Can be reduced to use less memory, but some requests for DNS data, such as
+    for huge resource records, will result in a SERVFAIL reply to the client.
+
+    Default: 65552
+
+
+@@UAHL@unbound.conf@msg-cache-size@@: *<number>*
+    Number of bytes size of the message cache.
+    A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+    or gigabytes (1024*1024 bytes in a megabyte).
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@msg-cache-slabs@@: *<number>*
+    Number of slabs in the message cache.
+    Slabs reduce lock contention by threads.
+    Must be set to a power of 2.
+    Setting (close) to the number of cpus is a fairly good setting.
+    If left unconfigured, it will be configured automatically to be a power of
+    2 close to the number of configured threads in multi-threaded environments.
+
+    Default: (unconfigured)
+
+
+@@UAHL@unbound.conf@num-queries-per-thread@@: *<number>*
+    The number of queries that every thread will service simultaneously.
+    If more queries arrive that need servicing, and no queries can be jostled
+    out (see :ref:`jostle-timeout<unbound.conf.jostle-timeout>`), then the
+    queries are dropped.
+    This forces the client to resend after a timeout; allowing the server time
+    to work on the existing queries.
+    Default depends on compile options.
+
+    Default: 2048 (libevent) / 512 (minievent) / 24 (windows)
+
+
+@@UAHL@unbound.conf@jostle-timeout@@: *<msec>*
+    Timeout used when the server is very busy.
+    Set to a value that usually results in one roundtrip to the authority
+    servers.
+
+    If too many queries arrive, then 50% of the queries are allowed to run to
+    completion, and the other 50% are replaced with the new incoming query if
+    they have already spent more than their allowed time.
+    This protects against denial of service by slow queries or high query
+    rates.
+
+    The effect is that the qps for long-lasting queries is about:
+
+    .. code-block:: text
+
+        (num-queries-per-thread / 2) / (average time for such long queries) qps
+
+    The qps for short queries can be about:
+
+    .. code-block:: text
+
+        (num-queries-per-thread / 2) / (jostle-timeout in whole seconds) qps per thread
+
+    about (2048/2)*5 = 5120 qps by default.
+
+    Default: 200
+
+
+@@UAHL@unbound.conf@delay-close@@: *<msec>*
+    Extra delay for timeouted UDP ports before they are closed, in msec.
+    This prevents very delayed answer packets from the upstream (recursive)
+    servers from bouncing against closed ports and setting off all sort of
+    close-port counters, with eg. 1500 msec.
+    When timeouts happen you need extra sockets, it checks the ID and remote IP
+    of packets, and unwanted packets are added to the unwanted packet counter.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@udp-connect@@: *<yes or no>*
+    Perform *connect(2)* for UDP sockets that mitigates ICMP side channel
+    leakage.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@unknown-server-time-limit@@: *<msec>*
+    The wait time in msec for waiting for an unknown server to reply.
+    Increase this if you are behind a slow satellite link, to eg. 1128.
+    That would then avoid re-querying every initial query because it times out.
+
+    Default: 376
+
+
+@@UAHL@unbound.conf@discard-timeout@@: *<msec>*
+    The wait time in msec where recursion requests are dropped.
+    This is to stop a large number of replies from accumulating.
+    They receive no reply, the work item continues to recurse.
+    It is nice to be a bit larger than
+    :ref:`serve-expired-client-timeout<unbound.conf.serve-expired-client-timeout>`
+    if that is enabled.
+    A value of ``1900`` msec is suggested.
+    The value ``0`` disables it.
+
+    Default: 1900
+
+
+@@UAHL@unbound.conf@wait-limit@@: *<number>*
+    The number of replies that can wait for recursion, for an IP address.
+    This makes a ratelimit per IP address of waiting replies for recursion.
+    It stops very large amounts of queries waiting to be returned to one
+    destination.
+    The value ``0`` disables wait limits.
+
+    Default: 1000
+
+
+@@UAHL@unbound.conf@wait-limit-cookie@@: *<number>*
+    The number of replies that can wait for recursion, for an IP address
+    that sent the query with a valid DNS Cookie.
+    Since the cookie validates the client address, this limit can be higher.
+
+    Default: 10000
+
+
+@@UAHL@unbound.conf@wait-limit-netblock@@: *<netblock>* *<number>*
+    The wait limit for the netblock.
+    If not given the
+    :ref:`wait-limit<unbound.conf.wait-limit>`
+    value is used.
+    The most specific netblock is used to determine the limit.
+    Useful for overriding the default for a specific, group or individual,
+    server.
+    The value ``-1`` disables wait limits for the netblock.
+    By default the loopback has a wait limit netblock of ``-1``, it is not
+    limited, because it is separated from the rest of network for spoofed
+    packets.
+    The loopback addresses ``127.0.0.0/8`` and ``::1/128`` are default at ``-1``.
+
+    Default: (none)
+
+
+@@UAHL@unbound.conf@wait-limit-cookie-netblock@@: *<netblock>* *<number>*
+    The wait limit for the netblock, when the query has a DNS Cookie.
+    If not given, the
+    :ref:`wait-limit-cookie<unbound.conf.wait-limit-cookie>`
+    value is used.
+    The value ``-1`` disables wait limits for the netblock.
+    The loopback addresses ``127.0.0.0/8`` and ``::1/128`` are default at ``-1``.
+
+    Default: (none)
+
+
+@@UAHL@unbound.conf@so-rcvbuf@@: *<number>*
+    If not 0, then set the SO_RCVBUF socket option to get more buffer space on
+    UDP port 53 incoming queries.
+    So that short spikes on busy servers do not drop packets (see counter in
+    ``netstat -su``).
+    Otherwise, the number of bytes to ask for, try "4m" on a busy server.
+
+    The OS caps it at a maximum, on linux Unbound needs root permission to
+    bypass the limit, or the admin can use ``sysctl net.core.rmem_max``.
+
+    On BSD change ``kern.ipc.maxsockbuf`` in ``/etc/sysctl.conf``.
+
+    On OpenBSD change header and recompile kernel.
+
+    On Solaris ``ndd -set /dev/udp udp_max_buf 8388608``.
+
+    Default: 0 (use system value)
+
+
+@@UAHL@unbound.conf@so-sndbuf@@: *<number>*
+    If not 0, then set the SO_SNDBUF socket option to get more buffer space on
+    UDP port 53 outgoing queries.
+    This for very busy servers handles spikes in answer traffic, otherwise:
+
+    .. code-block:: text
+
+        send: resource temporarily unavailable
+
+    can get logged, the buffer overrun is also visible by ``netstat -su``.
+    If set to 0 it uses the system value.
+    Specify the number of bytes to ask for, try "8m" on a very busy server.
+
+    It needs some space to be able to deal with packets that wait for local
+    address resolution, from like ARP and NDP discovery, before they are sent
+    out, hence it is elevated above the system default by default.
+
+    The OS caps it at a maximum, on linux Unbound needs root permission to
+    bypass the limit, or the admin can use ``sysctl net.core.wmem_max``.
+
+    On BSD, Solaris changes are similar to
+    :ref:`so-rcvbuf<unbound.conf.so-rcvbuf>`.
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@so-reuseport@@: *<yes or no>*
+    If yes, then open dedicated listening sockets for incoming queries for each
+    thread and try to set the SO_REUSEPORT socket option on each socket.
+    May distribute incoming queries to threads more evenly.
+
+    On Linux it is supported in kernels >= 3.9.
+
+    On other systems, FreeBSD, OSX it may also work.
+
+    You can enable it (on any platform and kernel), it then attempts to open
+    the port and passes the option if it was available at compile time, if that
+    works it is used, if it fails, it continues silently (unless verbosity 3)
+    without the option.
+
+    At extreme load it could be better to turn it off to distribute the queries
+    evenly, reported for Linux systems (4.4.x).
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@ip-transparent@@: *<yes or no>*
+    If yes, then use IP_TRANSPARENT socket option on sockets where Unbound is
+    listening for incoming traffic.
+    Allows you to bind to non-local interfaces.
+    For example for non-existent IP addresses that are going to exist later on,
+    with host failover configuration.
+
+    This is a lot like
+    :ref:`interface-automatic<unbound.conf.interface-automatic>`, but that one
+    services all interfaces and with this option you can select which (future)
+    interfaces Unbound provides service on.
+
+    This option needs Unbound to be started with root permissions on some
+    systems.
+    The option uses IP_BINDANY on FreeBSD systems and SO_BINDANY on OpenBSD
+    systems.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@ip-freebind@@: *<yes or no>*
+    If yes, then use IP_FREEBIND socket option on sockets where Unbound is
+    listening to incoming traffic.
+    Allows you to bind to IP addresses that are nonlocal or do not exist, like
+    when the network interface or IP address is down.
+
+    Exists only on Linux, where the similar
+    :ref:`ip-transparent<unbound.conf.ip-transparent>` option is also
+    available.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@ip-dscp@@: *<number>*
+    The value of the Differentiated Services Codepoint (DSCP) in the
+    differentiated services field (DS) of the outgoing IP packet headers.
+    The field replaces the outdated IPv4 Type-Of-Service field and the IPv6
+    traffic class field.
+
+
+@@UAHL@unbound.conf@rrset-cache-size@@: *<number>*
+    Number of bytes size of the RRset cache.
+    A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+    or gigabytes (1024*1024 bytes in a megabyte).
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@rrset-cache-slabs@@: *<number>*
+    Number of slabs in the RRset cache.
+    Slabs reduce lock contention by threads.
+    Must be set to a power of 2.
+    Setting (close) to the number of cpus is a fairly good setting.
+    If left unconfigured, it will be configured automatically to be a power of
+    2 close to the number of configured threads in multi-threaded environments.
+
+    Default: (unconfigured)
+
+
+@@UAHL@unbound.conf@cache-max-ttl@@: *<seconds>*
+    Time to live maximum for RRsets and messages in the cache.
+    When the TTL expires, the cache item has expired.
+    Can be set lower to force the resolver to query for data often, and not
+    trust (very large) TTL values.
+    Downstream clients also see the lower TTL.
+
+
+    Default: 86400 (1 day)
+
+
+@@UAHL@unbound.conf@cache-min-ttl@@: *<seconds>*
+    Time to live minimum for RRsets and messages in the cache.
+    If the minimum kicks in, the data is cached for longer than the domain
+    owner intended, and thus less queries are made to look up the data.
+    Zero makes sure the data in the cache is as the domain owner intended,
+    higher values, especially more than an hour or so, can lead to trouble as
+    the data in the cache does not match up with the actual data any more.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@cache-max-negative-ttl@@: *<seconds>*
+    Time to live maximum for negative responses, these have a SOA in the
+    authority section that is limited in time.
+    This applies to NXDOMAIN and NODATA answers.
+
+    Default: 3600
+
+
+@@UAHL@unbound.conf@cache-min-negative-ttl@@: *<seconds>*
+    Time to live minimum for negative responses, these have a SOA in the
+    authority section that is limited in time.
+    If this is disabled and
+    :ref:`cache-min-ttl<unbound.conf.cache-min-ttl>`
+    is configured, it will take effect instead.
+    In that case you can set this to ``1`` to honor the upstream TTL.
+    This applies to NXDOMAIN and NODATA answers.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@infra-host-ttl@@: *<seconds>*
+    Time to live for entries in the host cache.
+    The host cache contains roundtrip timing, lameness and EDNS support
+    information.
+
+    Default: 900
+
+
+@@UAHL@unbound.conf@infra-cache-slabs@@: *<number>*
+    Number of slabs in the infrastructure cache.
+    Slabs reduce lock contention by threads.
+    Must be set to a power of 2.
+    Setting (close) to the number of cpus is a fairly good setting.
+    If left unconfigured, it will be configured automatically to be a power of
+    2 close to the number of configured threads in multi-threaded environments.
+
+    Default: (unconfigured)
+
+
+@@UAHL@unbound.conf@infra-cache-numhosts@@: *<number>*
+    Number of hosts for which information is cached.
+
+    Default: 10000
+
+
+@@UAHL@unbound.conf@infra-cache-min-rtt@@: *<msec>*
+    Lower limit for dynamic retransmit timeout calculation in infrastructure
+    cache.
+    Increase this value if using forwarders needing more time to do recursive
+    name resolution.
+
+    Default: 50
+
+
+@@UAHL@unbound.conf@infra-cache-max-rtt@@: *<msec>*
+    Upper limit for dynamic retransmit timeout calculation in infrastructure
+    cache.
+
+    Default: 120000 (2 minutes)
+
+
+@@UAHL@unbound.conf@infra-keep-probing@@: *<yes or no>*
+    If enabled the server keeps probing hosts that are down, in the one probe
+    at a time regime.
+    Hosts that are down, eg. they did not respond during the one probe at a
+    time period, are marked as down and it may take
+    :ref:`infra-host-ttl<unbound.conf.infra-host-ttl>` time to get probed
+    again.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@define-tag@@: *"<list of tags>"*
+    Define the tags that can be used with
+    :ref:`local-zone<unbound.conf.local-zone>` and
+    :ref:`access-control<unbound.conf.access-control>`.
+    Enclose the list between quotes (``""``) and put spaces between tags.
+
+
+@@UAHL@unbound.conf@do-ip4@@: *<yes or no>*
+    Enable or disable whether IPv4 queries are answered or issued.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@do-ip6@@: *<yes or no>*
+    Enable or disable whether IPv6 queries are answered or issued.
+    If disabled, queries are not answered on IPv6, and queries are not sent on
+    IPv6 to the internet nameservers.
+    With this option you can disable the IPv6 transport for sending DNS
+    traffic, it does not impact the contents of the DNS traffic, which may have
+    IPv4 (A) and IPv6 (AAAA) addresses in it.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@prefer-ip4@@: *<yes or no>*
+    If enabled, prefer IPv4 transport for sending DNS queries to internet
+    nameservers.
+    Useful if the IPv6 netblock the server has, the entire /64 of that is not
+    owned by one operator and the reputation of the netblock /64 is an issue,
+    using IPv4 then uses the IPv4 filters that the upstream servers have.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@prefer-ip6@@: *<yes or no>*
+    If enabled, prefer IPv6 transport for sending DNS queries to internet
+    nameservers.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@do-udp@@: *<yes or no>*
+    Enable or disable whether UDP queries are answered or issued.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@do-tcp@@: *<yes or no>*
+    Enable or disable whether TCP queries are answered or issued.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@tcp-mss@@: *<number>*
+    Maximum segment size (MSS) of TCP socket on which the server responds to
+    queries.
+    Value lower than common MSS on Ethernet (1220 for example) will address
+    path MTU problem.
+    Note that not all platform supports socket option to set MSS (TCP_MAXSEG).
+    Default is system default MSS determined by interface MTU and negotiation
+    between server and client.
+
+
+@@UAHL@unbound.conf@outgoing-tcp-mss@@: *<number>*
+    Maximum segment size (MSS) of TCP socket for outgoing queries (from Unbound
+    to other servers).
+    Value lower than common MSS on Ethernet (1220 for example) will address
+    path MTU problem.
+    Note that not all platform supports socket option to set MSS (TCP_MAXSEG).
+    Default is system default MSS determined by interface MTU and negotiation
+    between Unbound and other servers.
+
+
+@@UAHL@unbound.conf@tcp-idle-timeout@@: *<msec>*
+    The period Unbound will wait for a query on a TCP connection.
+    If this timeout expires Unbound closes the connection.
+    When the number of free incoming TCP buffers falls below 50% of the total
+    number configured, the option value used is progressively reduced, first to
+    1% of the configured value, then to 0.2% of the configured value if the
+    number of free buffers falls below 35% of the total number configured, and
+    finally to 0 if the number of free buffers falls below 20% of the total
+    number configured.
+    A minimum timeout of 200 milliseconds is observed regardless of the option
+    value used.
+    It will be overridden by
+    :ref:`edns-tcp-keepalive-timeout<unbound.conf.edns-tcp-keepalive-timeout>`
+    if
+    :ref:`edns-tcp-keepalive<unbound.conf.edns-tcp-keepalive>`
+    is enabled.
+
+    Default: 30000 (30 seconds)
+
+
+@@UAHL@unbound.conf@tcp-reuse-timeout@@: *<msec>*
+    The period Unbound will keep TCP persistent connections open to authority
+    servers.
+
+    Default: 60000 (60 seconds)
+
+
+@@UAHL@unbound.conf@max-reuse-tcp-queries@@: *<number>*
+    The maximum number of queries that can be sent on a persistent TCP
+    connection.
+
+    Default: 200
+
+
+@@UAHL@unbound.conf@tcp-auth-query-timeout@@: *<number>*
+    Timeout in milliseconds for TCP queries to auth servers.
+
+    Default: 3000 (3 seconds)
+
+
+@@UAHL@unbound.conf@edns-tcp-keepalive@@: *<yes or no>*
+    Enable or disable EDNS TCP Keepalive.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@edns-tcp-keepalive-timeout@@: *<msec>*
+    Overrides
+    :ref:`tcp-idle-timeout<unbound.conf.tcp-idle-timeout>`
+    when
+    :ref:`edns-tcp-keepalive<unbound.conf.edns-tcp-keepalive>`
+    is enabled.
+    If the client supports the EDNS TCP Keepalive option,
+    If the client supports the EDNS TCP Keepalive option, Unbound sends the
+    timeout value to the client to encourage it to close the connection before
+    the server times out.
+
+    Default: 120000 (2 minutes)
+
+
+@@UAHL@unbound.conf@sock-queue-timeout@@: *<sec>*
+    UDP queries that have waited in the socket buffer for a long time can be
+    dropped.
+    The time is set in seconds, 3 could be a good value to ignore old queries
+    that likely the client does not need a reply for any more.
+    This could happen if the host has not been able to service the queries for
+    a while, i.e. Unbound is not running, and then is enabled again.
+    It uses timestamp socket options.
+    The socket option is available on the Linux and FreeBSD platforms.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@tcp-upstream@@: *<yes or no>*
+    Enable or disable whether the upstream queries use TCP only for transport.
+    Useful in tunneling scenarios.
+    If set to no you can specify TCP transport only for selected forward or
+    stub zones using
+    :ref:`forward-tcp-upstream<unbound.conf.forward.forward-tcp-upstream>` or
+    :ref:`stub-tcp-upstream<unbound.conf.stub.stub-tcp-upstream>`
+    respectively.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@udp-upstream-without-downstream@@: *<yes or no>*
+    Enable UDP upstream even if :ref:`do-udp: no<unbound.conf.do-udp>` is set.
+    Useful for TLS service providers, that want no UDP downstream but use UDP
+    to fetch data upstream.
+
+    Default: no (no changes)
+
+
+@@UAHL@unbound.conf@tls-upstream@@: *<yes or no>*
+    Enabled or disable whether the upstream queries use TLS only for transport.
+    Useful in tunneling scenarios.
+    The TLS contains plain DNS in TCP wireformat.
+    The other server must support this (see
+    :ref:`tls-service-key<unbound.conf.tls-service-key>`).
+
+    If you enable this, also configure a
+    :ref:`tls-cert-bundle<unbound.conf.tls-cert-bundle>` or use
+    :ref:`tls-win-cert<unbound.conf.tls-win-cert>` or
+    :ref:`tls-system-cert<unbound.conf.tls-system-cert>` to load CA certs,
+    otherwise the connections cannot be authenticated.
+
+    This option enables TLS for all of them, but if you do not set this you can
+    configure TLS specifically for some forward zones with
+    :ref:`forward-tls-upstream<unbound.conf.forward.forward-tls-upstream>`.
+    And also with
+    :ref:`stub-tls-upstream<unbound.conf.stub.stub-tls-upstream>`.
+    If the
+    :ref:`tls-upstream<unbound.conf.tls-upstream>`
+    option is enabled, it is for all the forwards and stubs, where the
+    :ref:`forward-tls-upstream<unbound.conf.forward.forward-tls-upstream>`
+    and
+    :ref:`stub-tls-upstream<unbound.conf.stub.stub-tls-upstream>`
+    options are ignored, as if they had been set to yes.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@ssl-upstream@@: *<yes or no>*
+    Alternate syntax for :ref:`tls-upstream<unbound.conf.tls-upstream>`.
+    If both are present in the config file the last is used.
+
+
+@@UAHL@unbound.conf@tls-service-key@@: *<file>*
+    If enabled, the server provides DNS-over-TLS or DNS-over-HTTPS service on
+    the TCP ports marked implicitly or explicitly for these services with
+    :ref:`tls-port<unbound.conf.tls-port>` or
+    :ref:`https-port<unbound.conf.https-port>`.
+    The file must contain the private key for the TLS session, the public
+    certificate is in the :ref:`tls-service-pem<unbound.conf.tls-service-pem>`
+    file and it must also be specified if
+    :ref:`tls-service-key<unbound.conf.tls-service-key>` is specified.
+    Enabling or disabling this service requires a restart (a reload is not
+    enough), because the key is read while root permissions are held and before
+    chroot (if any).
+    The ports enabled implicitly or explicitly via
+    :ref:`tls-port<unbound.conf.tls-port>` and
+    :ref:`https-port<unbound.conf.https-port>` do not provide normal DNS TCP
+    service.
+
+    .. note::
+        Unbound needs to be compiled with libnghttp2 in order to provide
+        DNS-over-HTTPS.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf@ssl-service-key@@: *<file>*
+    Alternate syntax for :ref:`tls-service-key<unbound.conf.tls-service-key>`.
+
+
+@@UAHL@unbound.conf@tls-service-pem@@: *<file>*
+    The public key certificate pem file for the tls service.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf@ssl-service-pem@@: *<file>*
+    Alternate syntax for :ref:`tls-service-pem<unbound.conf.tls-service-pem>`.
+
+
+@@UAHL@unbound.conf@tls-port@@: *<number>*
+    The port number on which to provide TCP TLS service.
+    Only interfaces configured with that port number as @number get the TLS
+    service.
+
+    Default: 853
+
+
+@@UAHL@unbound.conf@ssl-port@@: *<number>*
+    Alternate syntax for :ref:`tls-port<unbound.conf.tls-port>`.
+
+
+@@UAHL@unbound.conf@tls-cert-bundle@@: *<file>*
+    If null or ``""``, no file is used.
+    Set it to the certificate bundle file, for example
+    :file:`/etc/pki/tls/certs/ca-bundle.crt`.
+    These certificates are used for authenticating connections made to outside
+    peers.
+    For example :ref:`auth-zone urls<unbound.conf.auth.url>`, and also
+    DNS-over-TLS connections.
+    It is read at start up before permission drop and chroot.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf@ssl-cert-bundle@@: *<file>*
+    Alternate syntax for :ref:`tls-cert-bundle<unbound.conf.tls-cert-bundle>`.
+
+
+@@UAHL@unbound.conf@tls-win-cert@@: *<yes or no>*
+    Add the system certificates to the cert bundle certificates for
+    authentication.
+    If no cert bundle, it uses only these certificates.
+    On windows this option uses the certificates from the cert store.
+    Use the :ref:`tls-cert-bundle<unbound.conf.tls-cert-bundle>` option on
+    other systems.
+    On other systems, this option enables the system certificates.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@tls-system-cert@@: *<yes or no>*
+    This the same attribute as the
+    :ref:`tls-win-cert<unbound.conf.tls-win-cert>` attribute, under a
+    different name.
+    Because it is not windows specific.
+
+
+@@UAHL@unbound.conf@tls-additional-port@@: *<portnr>*
+    List port numbers as
+    :ref:`tls-additional-port<unbound.conf.tls-additional-port>`, and when
+    interfaces are defined, eg. with the @port suffix, as this port number,
+    they provide DNS-over-TLS service.
+    Can list multiple, each on a new statement.
+
+
+@@UAHL@unbound.conf@tls-session-ticket-keys@@: *<file>*
+    If not ``""``, lists files with 80 bytes of random contents that are used
+    to perform TLS session resumption for clients using the Unbound server.
+    These files contain the secret key for the TLS session tickets.
+    First key use to encrypt and decrypt TLS session tickets.
+    Other keys use to decrypt only.
+
+    With this you can roll over to new keys, by generating a new first file and
+    allowing decrypt of the old file by listing it after the first file for
+    some time, after the wait clients are not using the old key any more and
+    the old key can be removed.
+    One way to create the file is:
+
+    .. code-block:: text
+
+        dd if=/dev/random bs=1 count=80 of=ticket.dat
+
+    The first 16 bytes should be different from the old one if you create a
+    second key, that is the name used to identify the key.
+    Then there is 32 bytes random data for an AES key and then 32 bytes random
+    data for the HMAC key.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@tls-ciphers@@: *<string with cipher list>*
+    Set the list of ciphers to allow when serving TLS.
+    Use ``""`` for default ciphers.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@tls-ciphersuites@@: *<string with ciphersuites list>*
+    Set the list of ciphersuites to allow when serving TLS.
+    This is for newer TLS 1.3 connections.
+    Use ``""`` for default ciphersuites.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@pad-responses@@: *<yes or no>*
+    If enabled, TLS serviced queries that contained an EDNS Padding option will
+    cause responses padded to the closest multiple of the size specified in
+    :ref:`pad-responses-block-size<unbound.conf.pad-responses-block-size>`.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@pad-responses-block-size@@: *<number>*
+    The block size with which to pad responses serviced over TLS.
+    Only responses to padded queries will be padded.
+
+    Default: 468
+
+
+@@UAHL@unbound.conf@pad-queries@@: *<yes or no>*
+    If enabled, all queries sent over TLS upstreams will be padded to the
+    closest multiple of the size specified in
+    :ref:`pad-queries-block-size<unbound.conf.pad-queries-block-size>`.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@pad-queries-block-size@@: *<number>*
+    The block size with which to pad queries sent over TLS upstreams.
+
+    Default: 128
+
+
+@@UAHL@unbound.conf@tls-use-sni@@: *<yes or no>*
+    Enable or disable sending the SNI extension on TLS connections.
+
+    .. note:: Changing the value requires a reload.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@https-port@@: *<number>*
+    The port number on which to provide DNS-over-HTTPS service.
+    Only interfaces configured with that port number as @number get the HTTPS
+    service.
+
+    Default: 443
+
+
+@@UAHL@unbound.conf@http-endpoint@@: *<endpoint string>*
+    The HTTP endpoint to provide DNS-over-HTTPS service on.
+
+    Default: /dns-query
+
+
+@@UAHL@unbound.conf@http-max-streams@@: *<number of streams>*
+    Number used in the SETTINGS_MAX_CONCURRENT_STREAMS parameter in the HTTP/2
+    SETTINGS frame for DNS-over-HTTPS connections.
+
+    Default: 100
+
+
+@@UAHL@unbound.conf@http-query-buffer-size@@: *<size in bytes>*
+    Maximum number of bytes used for all HTTP/2 query buffers combined.
+    These buffers contain (partial) DNS queries waiting for request stream
+    completion.
+    An RST_STREAM frame will be send to streams exceeding this limit.
+    A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+    or gigabytes (1024*1024 bytes in a megabyte).
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@http-response-buffer-size@@: *<size in bytes>*
+    Maximum number of bytes used for all HTTP/2 response buffers combined.
+    These buffers contain DNS responses waiting to be written back to the
+    clients.
+    An RST_STREAM frame will be send to streams exceeding this limit.
+    A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+    or gigabytes (1024*1024 bytes in a megabyte).
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@http-nodelay@@: *<yes or no>*
+    Set TCP_NODELAY socket option on sockets used to provide DNS-over-HTTPS
+    service.
+    Ignored if the option is not available.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@http-notls-downstream@@: *<yes or no>*
+    Disable use of TLS for the downstream DNS-over-HTTP connections.
+    Useful for local back end servers.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@proxy-protocol-port@@: *<portnr>*
+    List port numbers as
+    :ref:`proxy-protocol-port<unbound.conf.proxy-protocol-port>`, and when
+    interfaces are defined, eg. with the @port suffix, as this port number,
+    they support and expect PROXYv2.
+
+    In this case the proxy address will only be used for the network
+    communication and initial ACL (check if the proxy itself is denied/refused
+    by configuration).
+
+    The proxied address (if any) will then be used as the true client address
+    and will be used where applicable for logging, ACL, DNSTAP, RPZ and IP
+    ratelimiting.
+
+    PROXYv2 is supported for UDP and TCP/TLS listening interfaces.
+
+    There is no support for PROXYv2 on a DoH, DoQ or DNSCrypt listening interface.
+
+    Can list multiple, each on a new statement.
+
+
+@@UAHL@unbound.conf@quic-port@@: *<number>*
+    The port number on which to provide DNS-over-QUIC service.
+    Only interfaces configured with that port number as @number get the QUIC
+    service.
+    The interface uses QUIC for the UDP traffic on that port number.
+
+    Default: 853
+
+
+@@UAHL@unbound.conf@quic-size@@: *<size in bytes>*
+    Maximum number of bytes for all QUIC buffers and data combined.
+    A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+    or gigabytes (1024*1024 bytes in a megabyte).
+    New connections receive connection refused when the limit is exceeded.
+    New streams are reset when the limit is exceeded.
+
+    Default: 8m
+
+
+@@UAHL@unbound.conf@use-systemd@@: *<yes or no>*
+    Enable or disable systemd socket activation.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@do-daemonize@@: *<yes or no>*
+    Enable or disable whether the Unbound server forks into the background as a
+    daemon.
+    Set the value to no when Unbound runs as systemd service.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@tcp-connection-limit@@: *<IP netblock> <limit>*
+    Allow up to limit simultaneous TCP connections from the given netblock.
+    When at the limit, further connections are accepted but closed immediately.
+    This option is experimental at this time.
+
+    Default: (disabled)
+
+
+@@UAHL@unbound.conf@access-control@@: *<IP netblock> <action>*
+    Specify treatment of incoming queries from their originating IP address.
+    Queries can be allowed to have access to this server that gives DNS
+    answers, or refused, with other actions possible.
+    The IP address range can be specified as a netblock, it is possible to give
+    the statement several times in order to specify the treatment of different
+    netblocks.
+    The netblock is given as an IPv4 or IPv6 address with /size appended for a
+    classless network block.
+    The most specific netblock match is used, if none match
+    :ref:`refuse<unbound.conf.access-control.action.refuse>` is used.
+    The order of the access-control statements therefore does not matter.
+    The action can be
+    :ref:`deny<unbound.conf.access-control.action.deny>`,
+    :ref:`refuse<unbound.conf.access-control.action.refuse>`,
+    :ref:`allow<unbound.conf.access-control.action.allow>`,
+    :ref:`allow_setrd<unbound.conf.access-control.action.allow_setrd>`,
+    :ref:`allow_snoop<unbound.conf.access-control.action.allow_snoop>`,
+    :ref:`allow_cookie<unbound.conf.access-control.action.allow_cookie>`,
+    :ref:`deny_non_local<unbound.conf.access-control.action.deny_non_local>` or
+    :ref:`refuse_non_local<unbound.conf.access-control.action.refuse_non_local>`.
+
+
+    @@UAHL@unbound.conf.access-control.action@deny@@
+        Stops queries from hosts from that netblock.
+
+    @@UAHL@unbound.conf.access-control.action@refuse@@
+        Stops queries too, but sends a DNS rcode REFUSED error message back.
+
+    @@UAHL@unbound.conf.access-control.action@allow@@
+        Gives access to clients from that netblock.
+        It gives only access for recursion clients (which is what almost all
+        clients need).
+        Non-recursive queries are refused.
+
+        The :ref:`allow<unbound.conf.access-control.action.allow>` action does
+        allow non-recursive queries to access the local-data that is
+        configured.
+        The reason is that this does not involve the Unbound server recursive
+        lookup algorithm, and static data is served in the reply.
+        This supports normal operations where non-recursive queries are made
+        for the authoritative data.
+        For non-recursive queries any replies from the dynamic cache are
+        refused.
+
+    @@UAHL@unbound.conf.access-control.action@allow_setrd@@
+        Ignores the recursion desired (RD) bit and treats all requests as if
+        the recursion desired bit is set.
+
+        Note that this behavior violates :rfc:`1034` which states that a name
+        server should never perform recursive service unless asked via the RD
+        bit since this interferes with trouble shooting of name servers and
+        their databases.
+        This prohibited behavior may be useful if another DNS server must
+        forward requests for specific zones to a resolver DNS server, but only
+        supports stub domains and sends queries to the resolver DNS server with
+        the RD bit cleared.
+
+    @@UAHL@unbound.conf.access-control.action@allow_snoop@@
+        Gives non-recursive access too.
+        This gives both recursive and non recursive access.
+        The name *allow_snoop* refers to cache snooping, a technique to use
+        non-recursive queries to examine the cache contents (for malicious
+        acts).
+        However, non-recursive queries can also be a valuable debugging tool
+        (when you want to examine the cache contents).
+
+        In that case use
+        :ref:`allow_snoop<unbound.conf.access-control.action.allow_snoop>` for
+        your administration host.
+
+    @@UAHL@unbound.conf.access-control.action@allow_cookie@@
+        Allows access only to UDP queries that contain a valid DNS Cookie as
+        specified in RFC 7873 and RFC 9018, when the
+        :ref:`answer-cookie<unbound.conf.answer-cookie>` option is enabled.
+        UDP queries containing only a DNS Client Cookie and no Server Cookie,
+        or an invalid DNS Cookie, will receive a BADCOOKIE response including a
+        newly generated DNS Cookie, allowing clients to retry with that DNS
+        Cookie.
+        The *allow_cookie* action will also accept requests over stateful
+        transports, regardless of the presence of an DNS Cookie and regardless
+        of the :ref:`answer-cookie<unbound.conf.answer-cookie>` setting.
+        UDP queries without a DNS Cookie receive REFUSED responses with the TC
+        flag set, that may trigger fall back to TCP for those clients.
+
+    @@UAHL@unbound.conf.access-control.action@deny_non_local@@
+        The
+        :ref:`deny_non_local<unbound.conf.access-control.action.deny_non_local>`
+        action is for hosts that are only allowed to query for the
+        authoritative :ref:`local-data<unbound.conf.local-data>`, they are not
+        allowed full recursion but only the static data.
+        Messages that are disallowed are dropped.
+
+    @@UAHL@unbound.conf.access-control.action@refuse_non_local@@
+        The
+        :ref:`refuse_non_local<unbound.conf.access-control.action.refuse_non_local>`
+        action is for hosts that are only allowed to query for the
+        authoritative :ref:`local-data<unbound.conf.local-data>`, they are not
+        allowed full recursion but only the static data.
+        Messages that are disallowed receive error code REFUSED.
+
+
+    By default only localhost (the 127.0.0.0/8 IP netblock, not the loopback
+    interface) is implicitly *allowed*, the rest is refused.
+    The default is *refused*, because that is protocol-friendly.
+    The DNS protocol is not designed to handle dropped packets due to policy,
+    and dropping may result in (possibly excessive) retried queries.
+
+
+@@UAHL@unbound.conf@access-control-tag@@: *<IP netblock> "<list of tags>"*
+    Assign tags to :ref:`access-control<unbound.conf.access-control>`
+    elements.
+    Clients using this access control element use localzones that are tagged
+    with one of these tags.
+
+    Tags must be defined in :ref:`define-tag<unbound.conf.define-tag>`.
+    Enclose list of tags in quotes (``""``) and put spaces between tags.
+
+    If :ref:`access-control-tag<unbound.conf.access-control-tag>` is
+    configured for a netblock that does not have an
+    :ref:`access-control<unbound.conf.access-control>`, an access-control
+    element with action :ref:`allow<unbound.conf.access-control.action.allow>`
+    is configured for this netblock.
+
+
+@@UAHL@unbound.conf@access-control-tag-action@@: *<IP netblock> <tag> <action>*
+    Set action for particular tag for given access control element.
+    If you have multiple tag values, the tag used to lookup the action is the
+    first tag match between
+    :ref:`access-control-tag<unbound.conf.access-control-tag>` and
+    :ref:`local-zone-tag<unbound.conf.local-zone-tag>` where "first" comes
+    from the order of the :ref:`define-tag<unbound.conf.define-tag>` values.
+
+
+@@UAHL@unbound.conf@access-control-tag-data@@: *<IP netblock> <tag> "<resource record string>"*
+    Set redirect data for particular tag for given access control element.
+
+
+@@UAHL@unbound.conf@access-control-view@@: *<IP netblock> <view name>*
+    Set view for given access control element.
+
+
+@@UAHL@unbound.conf@interface-action@@: *<ip address or interface name [@port]> <action>*
+    Similar to :ref:`access-control<unbound.conf.access-control>` but for
+    interfaces.
+
+    The action is the same as the ones defined under
+    :ref:`access-control<unbound.conf.access-control>`.
+
+    Default action for interfaces is
+    :ref:`refuse<unbound.conf.access-control.action.refuse>`.
+    By default only localhost (the 127.0.0.0/8 IP netblock, not the loopback
+    interface) is implicitly allowed through the default
+    :ref:`access-control<unbound.conf.access-control>` behavior.
+    This also means that any attempt to use the **interface-\*:** options for
+    the loopback interface will not work as they will be overridden by the
+    implicit default "access-control: 127.0.0.0/8 allow" option.
+
+    .. note::
+        The interface needs to be already specified with
+        :ref:`interface<unbound.conf.interface>` and that any
+        **access-control\*:** attribute overrides all **interface-\*:**
+        attributes for targeted clients.
+
+
+@@UAHL@unbound.conf@interface-tag@@: *<ip address or interface name [@port]> <"list of tags">*
+    Similar to :ref:`access-control-tag<unbound.conf.access-control-tag>` but
+    for interfaces.
+
+    .. note::
+        The interface needs to be already specified with
+        :ref:`interface<unbound.conf.interface>` and that any
+        **access-control\*:** attribute overrides all **interface-\*:**
+        attributes for targeted clients.
+
+
+@@UAHL@unbound.conf@interface-tag-action@@: *<ip address or interface name [@port]> <tag> <action>*
+    Similar to
+    :ref:`access-control-tag-action<unbound.conf.access-control-tag-action>`
+    but for interfaces.
+
+    .. note::
+        The interface needs to be already specified with
+        :ref:`interface<unbound.conf.interface>` and that any
+        **access-control\*:** attribute overrides all **interface-\*:**
+        attributes for targeted clients.
+
+
+@@UAHL@unbound.conf@interface-tag-data@@: *<ip address or interface name [@port]> <tag> <"resource record string">*
+    Similar to
+    :ref:`access-control-tag-data<unbound.conf.access-control-tag-data>` but
+    for interfaces.
+
+    .. note::
+        The interface needs to be already specified with
+        :ref:`interface<unbound.conf.interface>` and that any
+        **access-control\*:** attribute overrides all **interface-\*:**
+        attributes for targeted clients.
+
+
+@@UAHL@unbound.conf@interface-view@@: *<ip address or interface name [@port]> <view name>*
+    Similar to :ref:`access-control-view<unbound.conf.access-control-view>`
+    but for interfaces.
+
+    .. note::
+        The interface needs to be already specified with
+        :ref:`interface<unbound.conf.interface>` and that any
+        **access-control\*:** attribute overrides all **interface-\*:**
+        attributes for targeted clients.
+
+
+@@UAHL@unbound.conf@chroot@@: *<directory>*
+    If :ref:`chroot<unbound.conf.chroot>` is enabled, you should pass the
+    configfile (from the commandline) as a full path from the original root.
+    After the chroot has been performed the now defunct portion of the config
+    file path is removed to be able to reread the config after a reload.
+
+    All other file paths (working dir, logfile, roothints, and key files) can
+    be specified in several ways: as an absolute path relative to the new root,
+    as a relative path to the working directory, or as an absolute path
+    relative to the original root.
+    In the last case the path is adjusted to remove the unused portion.
+
+    The pidfile can be either a relative path to the working directory, or an
+    absolute path relative to the original root.
+    It is written just prior to chroot and dropping permissions.
+    This allows the pidfile to be :file:`/var/run/unbound.pid` and the chroot
+    to be :file:`/var/unbound`, for example.
+    Note that Unbound is not able to remove the pidfile after termination when
+    it is located outside of the chroot directory.
+
+    Additionally, Unbound may need to access :file:`/dev/urandom` (for entropy)
+    from inside the chroot.
+
+    If given, a *chroot(2)* is done to the given directory.
+    If you give ``""`` no *chroot(2)* is performed.
+
+    Default: @UNBOUND_CHROOT_DIR@
+
+
+@@UAHL@unbound.conf@username@@: *<name>*
+    If given, after binding the port the user privileges are dropped.
+    If you give username: ``""`` no user change is performed.
+
+    If this user is not capable of binding the port, reloads (by signal HUP)
+    will still retain the opened ports.
+    If you change the port number in the config file, and that new port number
+    requires privileges, then a reload will fail; a restart is needed.
+
+    Default: @UNBOUND_USERNAME@
+
+
+@@UAHL@unbound.conf@directory@@: *<directory>*
+    Sets the working directory for the program.
+    On Windows the string "%EXECUTABLE%" tries to change to the directory that
+    :command:`unbound.exe` resides in.
+    If you give a :ref:`server: directory:
+    \<directory\><unbound.conf.directory>` before
+    :ref:`include<unbound.conf.include>` file statements then those includes
+    can be relative to the working directory.
+
+    Default: @UNBOUND_RUN_DIR@
+
+
+@@UAHL@unbound.conf@logfile@@: *<filename>*
+    If ``""`` is given, logging goes to stderr, or nowhere once daemonized.
+    The logfile is appended to, in the following format:
+
+    .. code-block:: text
+
+        [seconds since 1970] unbound[pid:tid]: type: message.
+
+    If this option is given, the :ref:`use-syslog<unbound.conf.use-syslog>`
+    attribute is internally set to ``no``.
+
+    The logfile is reopened (for append) when the config file is reread, on
+    SIGHUP.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf@use-syslog@@: *<yes or no>*
+    Sets Unbound to send log messages to the syslogd, using *syslog(3)*.
+    The log facility LOG_DAEMON is used, with identity "unbound".
+    The logfile setting is overridden when
+    :ref:`use-syslog: yes<unbound.conf.use-syslog>` is set.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@log-identity@@: *<string>*
+    If ``""`` is given, then the name of the executable, usually
+    "unbound" is used to report to the log.
+    Enter a string to override it with that, which is useful on systems that
+    run more than one instance of Unbound, with different configurations, so
+    that the logs can be easily distinguished against.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@log-time-ascii@@: *<yes or no>*
+    Sets logfile lines to use a timestamp in UTC ASCII.
+    No effect if using syslog, in that case syslog formats the timestamp
+    printed into the log files.
+
+    Default: no (prints the seconds since 1970 in brackets)
+
+
+@@UAHL@unbound.conf@log-time-iso@@: *<yes or no>*
+    Log time in ISO8601 format, if
+    :ref:`log-time-ascii: yes<unbound.conf.log-time-ascii>`
+    is also set.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@log-queries@@: *<yes or no>*
+    Prints one line per query to the log, with the log timestamp and IP
+    address, name, type and class.
+    Note that it takes time to print these lines which makes the server
+    (significantly) slower.
+    Odd (nonprintable) characters in names are printed as ``'?'``.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@log-replies@@: *<yes or no>*
+    Prints one line per reply to the log, with the log timestamp and IP
+    address, name, type, class, return code, time to resolve, from cache and
+    response size.
+    Note that it takes time to print these lines which makes the server
+    (significantly) slower.
+    Odd (nonprintable) characters in names are printed as ``'?'``.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@log-tag-queryreply@@: *<yes or no>*
+    Prints the word 'query' and 'reply' with
+    :ref:`log-queries<unbound.conf.log-queries>` and
+    :ref:`log-replies<unbound.conf.log-replies>`.
+    This makes filtering logs easier.
+
+    Default: no (backwards compatible)
+
+
+@@UAHL@unbound.conf@log-destaddr@@: *<yes or no>*
+    Prints the destination address, port and type in the
+    :ref:`log-replies<unbound.conf.log-replies>` output.
+    This disambiguates what type of traffic, eg. UDP or TCP, and to what local
+    port the traffic was sent to.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@log-local-actions@@: *<yes or no>*
+    Print log lines to inform about local zone actions.
+    These lines are like the :ref:`local-zone type
+    inform<unbound.conf.local-zone.type.inform>` print outs, but they are also
+    printed for the other types of local zones.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@log-servfail@@: *<yes or no>*
+    Print log lines that say why queries return SERVFAIL to clients.
+    This is separate from the verbosity debug logs, much smaller, and printed
+    at the error level, not the info level of debug info from verbosity.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@pidfile@@: *<filename>*
+    The process id is written to the file.
+    Default is :file:`"@UNBOUND_PIDFILE@"`.
+    So,
+
+    .. code-block:: text
+
+        kill -HUP `cat @UNBOUND_PIDFILE@`
+
+    triggers a reload,
+
+    .. code-block:: text
+
+        kill -TERM `cat @UNBOUND_PIDFILE@`
+
+    gracefully terminates.
+
+    Default: @UNBOUND_PIDFILE@
+
+
+@@UAHL@unbound.conf@root-hints@@: *<filename>*
+    Read the root hints from this file.
+    Default is nothing, using builtin hints for the IN class.
+    The file has the format of zone files, with root nameserver names and
+    addresses only.
+    The default may become outdated, when servers change, therefore it is good
+    practice to use a root hints file.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@hide-identity@@: *<yes or no>*
+    If enabled 'id.server' and 'hostname.bind' queries are REFUSED.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@identity@@: *<string>*
+    Set the identity to report.
+    If set to ``""``, then the hostname of the server is returned.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@hide-version@@: *<yes or no>*
+    If enabled 'version.server' and 'version.bind' queries are REFUSED.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@version@@: *<string>*
+    Set the version to report.
+    If set to ``""``, then the package version is returned.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@hide-http-user-agent@@: *<yes or no>*
+    If enabled the HTTP header User-Agent is not set.
+    Use with caution as some webserver configurations may reject HTTP requests
+    lacking this header.
+    If needed, it is better to explicitly set the
+    :ref:`http-user-agent<unbound.conf.http-user-agent>` below.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@http-user-agent@@: *<string>*
+    Set the HTTP User-Agent header for outgoing HTTP requests.
+    If set to ``""``, then the package name and version are used.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@nsid@@: *<string>*
+    Add the specified nsid to the EDNS section of the answer when queried with
+    an NSID EDNS enabled packet.
+    As a sequence of hex characters or with 'ascii\_' prefix and then an ASCII
+    string.
+
+    Default: (disabled)
+
+
+@@UAHL@unbound.conf@hide-trustanchor@@: *<yes or no>*
+    If enabled 'trustanchor.unbound' queries are REFUSED.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@target-fetch-policy@@: *<"list of numbers">*
+    Set the target fetch policy used by Unbound to determine if it should fetch
+    nameserver target addresses opportunistically.
+    The policy is described per dependency depth.
+
+    The number of values determines the maximum dependency depth that Unbound
+    will pursue in answering a query.
+    A value of -1 means to fetch all targets opportunistically for that
+    dependency depth.
+    A value of 0 means to fetch on demand only.
+    A positive value fetches that many targets opportunistically.
+
+    Enclose the list between quotes (``""``) and put spaces between numbers.
+    Setting all zeroes, "0 0 0 0 0" gives behaviour closer to that of BIND 9,
+    while setting "-1 -1 -1 -1 -1" gives behaviour rumoured to be closer to
+    that of BIND 8.
+
+    Default:  "3 2 1 0 0"
+
+
+@@UAHL@unbound.conf@harden-short-bufsize@@: *<yes or no>*
+    Very small EDNS buffer sizes from queries are ignored.
+
+    Default: yes (as described in the standard)
+
+
+@@UAHL@unbound.conf@harden-large-queries@@: *<yes or no>*
+    Very large queries are ignored.
+    Default is no, since it is legal protocol wise to send these, and could be
+    necessary for operation if TSIG or EDNS payload is very large.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@harden-glue@@: *<yes or no>*
+    Will trust glue only if it is within the servers authority.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@harden-unverified-glue@@: *<yes or no>*
+    Will trust only in-zone glue.
+    Will try to resolve all out of zone (*unverified*) glue.
+    Will fallback to the original glue if unable to resolve.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@harden-dnssec-stripped@@: *<yes or no>*
+    Require DNSSEC data for trust-anchored zones, if such data is absent, the
+    zone becomes bogus.
+    If turned off, and no DNSSEC data is received (or the DNSKEY data fails to
+    validate), then the zone is made insecure, this behaves like there is no
+    trust anchor.
+    You could turn this off if you are sometimes behind an intrusive firewall
+    (of some sort) that removes DNSSEC data from packets, or a zone changes
+    from signed to unsigned to badly signed often.
+    If turned off you run the risk of a downgrade attack that disables security
+    for a zone.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@harden-below-nxdomain@@: *<yes or no>*
+    From :rfc:`8020` (with title "NXDOMAIN: There Really Is Nothing
+    Underneath"), returns NXDOMAIN to queries for a name below another name
+    that is already known to be NXDOMAIN.
+    DNSSEC mandates NOERROR for empty nonterminals, hence this is possible.
+    Very old software might return NXDOMAIN for empty nonterminals (that
+    usually happen for reverse IP address lookups), and thus may be
+    incompatible with this.
+    To try to avoid this only DNSSEC-secure NXDOMAINs are used, because the old
+    software does not have DNSSEC.
+
+    .. note::
+        The NXDOMAIN must be secure, this means NSEC3 with optout is
+        insufficient.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@harden-referral-path@@: *<yes or no>*
+    Harden the referral path by performing additional queries for
+    infrastructure data.
+    Validates the replies if trust anchors are configured and the zones are
+    signed.
+    This enforces DNSSEC validation on nameserver NS sets and the nameserver
+    addresses that are encountered on the referral path to the answer.
+    Default is off, because it burdens the authority servers, and it is not RFC
+    standard, and could lead to performance problems because of the extra query
+    load that is generated.
+    Experimental option.
+    If you enable it consider adding more numbers after the
+    :ref:`target-fetch-policy<unbound.conf.target-fetch-policy>` to increase
+    the max depth that is checked to.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@harden-algo-downgrade@@: *<yes or no>*
+    Harden against algorithm downgrade when multiple algorithms are advertised
+    in the DS record.
+    This works by first choosing only the strongest DS digest type as per
+    :rfc:`4509` (Unbound treats the highest algorithm as the strongest) and
+    then expecting signatures from all the advertised signing algorithms from
+    the chosen DS(es) to be present.
+    If no, allows any one supported algorithm to validate the zone, even if
+    other advertised algorithms are broken.
+    :rfc:`6840` mandates that zone signers must produce zones signed with all
+    advertised algorithms, but sometimes they do not.
+    :rfc:`6840` also clarifies that this requirement is not for validators and
+    validators should accept any single valid path.
+    It should thus be explicitly noted that this option violates :rfc:`6840`
+    for DNSSEC validation and should only be used to perform a signature
+    completeness test to support troubleshooting.
+
+    .. warning::
+        Using this option may break DNSSEC resolution with non :rfc:`6840`
+        conforming signers and/or in multi-signer configurations that don't
+        send all the advertised signatures.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@harden-unknown-additional@@: *<yes or no>*
+    Harden against unknown records in the authority section and additional
+    section.
+    If no, such records are copied from the upstream and presented to the
+    client together with the answer.
+    If yes, it could hamper future protocol developments that want to add
+    records.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@use-caps-for-id@@: *<yes or no>*
+    Use 0x20-encoded random bits in the query to foil spoof attempts.
+    This perturbs the lowercase and uppercase of query names sent to authority
+    servers and checks if the reply still has the correct casing.
+    This feature is an experimental implementation of draft dns-0x20.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@caps-exempt@@: *<domain>*
+    Exempt the domain so that it does not receive caps-for-id perturbed
+    queries.
+    For domains that do not support 0x20 and also fail with fallback because
+    they keep sending different answers, like some load balancers.
+    Can be given multiple times, for different domains.
+
+
+@@UAHL@unbound.conf@caps-whitelist@@: *<domain>*
+    Alternate syntax for :ref:`caps-exempt<unbound.conf.caps-exempt>`.
+
+
+@@UAHL@unbound.conf@qname-minimisation@@: *<yes or no>*
+    Send minimum amount of information to upstream servers to enhance privacy.
+    Only send minimum required labels of the QNAME and set QTYPE to A when
+    possible.
+    Best effort approach; full QNAME and original QTYPE will be sent when
+    upstream replies with a RCODE other than NOERROR, except when receiving
+    NXDOMAIN from a DNSSEC signed zone.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@qname-minimisation-strict@@: *<yes or no>*
+    QNAME minimisation in strict mode.
+    Do not fall-back to sending full QNAME to potentially broken nameservers.
+    A lot of domains will not be resolvable when this option in enabled.
+    Only use if you know what you are doing.
+    This option only has effect when
+    :ref:`qname-minimisation<unbound.conf.qname-minimisation>` is enabled.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@aggressive-nsec@@: *<yes or no>*
+    Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN and other
+    denials, using information from previous NXDOMAINs answers.
+    It helps to reduce the query rate towards targets that get a very high
+    nonexistent name lookup rate.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@private-address@@: *<IP address or subnet>*
+    Give IPv4 of IPv6 addresses or classless subnets.
+    These are addresses on your private network, and are not allowed to be
+    returned for public internet names.
+    Any occurrence of such addresses are removed from DNS answers.
+    Additionally, the DNSSEC validator may mark the answers bogus.
+    This protects against so-called DNS Rebinding, where a user browser is
+    turned into a network proxy, allowing remote access through the browser to
+    other parts of your private network.
+
+    Some names can be allowed to contain your private addresses, by default all
+    the :ref:`local-data<unbound.conf.local-data>` that you configured is
+    allowed to, and you can specify additional names using
+    :ref:`private-domain<unbound.conf.private-domain>`.
+    No private addresses are enabled by default.
+
+    We consider to enable this for the :rfc:`1918` private IP address space by
+    default in later releases.
+    That would enable private addresses for ``10.0.0.0/8``, ``172.16.0.0/12``,
+    ``192.168.0.0/16``, ``169.254.0.0/16``, ``fd00::/8`` and ``fe80::/10``,
+    since the RFC standards say these addresses should not be visible on the
+    public internet.
+
+    Turning on ``127.0.0.0/8`` would hinder many spamblocklists as they use
+    that.
+    Adding ``::ffff:0:0/96`` stops IPv4-mapped IPv6 addresses from bypassing
+    the filter.
+
+
+@@UAHL@unbound.conf@private-domain@@: *<domain name>*
+    Allow this domain, and all its subdomains to contain private addresses.
+    Give multiple times to allow multiple domain names to contain private
+    addresses.
+
+    Default: (none)
+
+
+@@UAHL@unbound.conf@unwanted-reply-threshold@@: *<number>*
+    If set, a total number of unwanted replies is kept track of in every
+    thread.
+    When it reaches the threshold, a defensive action is taken and a warning is
+    printed to the log.
+    The defensive action is to clear the rrset and message caches, hopefully
+    flushing away any poison.
+    A value of 10 million is suggested.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@do-not-query-address@@: *<IP address>*
+    Do not query the given IP address.
+    Can be IPv4 or IPv6.
+    Append /num to indicate a classless delegation netblock, for example like
+    ``10.2.3.4/24`` or ``2001::11/64``.
+
+    Default: (none)
+
+
+@@UAHL@unbound.conf@do-not-query-localhost@@: *<yes or no>*
+    If yes, localhost is added to the
+    :ref:`do-not-query-address<unbound.conf.do-not-query-address>` entries,
+    both IPv6 ``::1`` and IPv4 ``127.0.0.1/8``.
+    If no, then localhost can be used to send queries to.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@prefetch@@: *<yes or no>*
+    If yes, cache hits on message cache elements that are on their last 10
+    percent of their TTL value trigger a prefetch to keep the cache up to date.
+    Turning it on gives about 10 percent more traffic and load on the machine,
+    but popular items do not expire from the cache.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@prefetch-key@@: *<yes or no>*
+    If yes, fetch the DNSKEYs earlier in the validation process, when a DS
+    record is encountered.
+    This lowers the latency of requests.
+    It does use a little more CPU.
+    Also if the cache is set to 0, it is no use.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@deny-any@@: *<yes or no>*
+    If yes, deny queries of type ANY with an empty response.
+    If disabled, Unbound responds with a short list of resource records if some
+    can be found in the cache and makes the upstream type ANY query if there
+    are none.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@rrset-roundrobin@@: *<yes or no>*
+    If yes, Unbound rotates RRSet order in response (the random number is taken
+    from the query ID, for speed and thread safety).
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@minimal-responses@@: *<yes or no>*
+    If yes, Unbound does not insert authority/additional sections into response
+    messages when those sections are not required.
+    This reduces response size significantly, and may avoid TCP fallback for
+    some responses which may cause a slight speedup.
+    The default is yes, even though the DNS protocol RFCs mandate these
+    sections, and the additional content could save roundtrips for clients that
+    use the additional content.
+    However these sections are hardly used by clients.
+    Enabling prefetch can benefit clients that need the additional content
+    by trying to keep that content fresh in the cache.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@disable-dnssec-lame-check@@: *<yes or no>*
+    If yes, disables the DNSSEC lameness check in the iterator.
+    This check sees if RRSIGs are present in the answer, when DNSSEC is
+    expected, and retries another authority if RRSIGs are unexpectedly missing.
+    The validator will insist in RRSIGs for DNSSEC signed domains regardless of
+    this setting, if a trust anchor is loaded.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@module-config@@: *"<module names>"*
+    Module configuration, a list of module names separated by spaces, surround
+    the string with quotes (``""``).
+    The modules can be ``respip``, ``validator``, or ``iterator`` (and possibly
+    more, see below).
+
+    .. note::
+        The ordering of the modules is significant, the order decides the order
+        of processing.
+
+    Setting this to just "iterator" will result in a non-validating server.
+    Setting this to "validator iterator" will turn on DNSSEC validation.
+
+    .. note::
+        You must also set trust-anchors for validation to be useful.
+
+    Adding ``respip`` to the front will cause RPZ processing to be done on all
+    queries.
+
+    Most modules that need to be listed here have to be listed at the beginning
+    of the line.
+
+    The ``subnetcache`` module has to be listed just before the iterator.
+
+    The ``python`` module can be listed in different places, it then processes
+    the output of the module it is just before.
+
+    The ``dynlib`` module can be listed pretty much anywhere, it is only a very
+    thin wrapper that allows dynamic libraries to run in its place.
+
+    Default: "validator iterator"
+
+
+@@UAHL@unbound.conf@trust-anchor-file@@: *<filename>*
+    File with trusted keys for validation.
+    Both DS and DNSKEY entries can appear in the file.
+    The format of the file is the standard DNS Zone file format.
+
+    Default: "" (no trust anchor file)
+
+
+@@UAHL@unbound.conf@auto-trust-anchor-file@@: *<filename>*
+    File with trust anchor for one zone, which is tracked with :rfc:`5011`
+    probes.
+    The probes are run several times per month, thus the machine must be online
+    frequently.
+    The initial file can be one with contents as described in
+    :ref:`trust-anchor-file<unbound.conf.trust-anchor-file>`.
+    The file is written to when the anchor is updated, so the Unbound user must
+    have write permission.
+    Write permission to the file, but also to the directory it is in (to create
+    a temporary file, which is necessary to deal with filesystem full events),
+    it must also be inside the :ref:`chroot<unbound.conf.chroot>` (if that is
+    used).
+
+    Default: "" (no auto trust anchor file)
+
+
+@@UAHL@unbound.conf@trust-anchor@@: *"<Resource Record>"*
+    A DS or DNSKEY RR for a key to use for validation.
+    Multiple entries can be given to specify multiple trusted keys, in addition
+    to the :ref:`trust-anchor-file<unbound.conf.trust-anchor-file>`.
+    The resource record is entered in the same format as *dig(1)* or *drill(1)*
+    prints them, the same format as in the zone file.
+    Has to be on a single line, with ``""`` around it.
+    A TTL can be specified for ease of cut and paste, but is ignored.
+    A class can be specified, but class IN is default.
+
+    Default: (none)
+
+
+@@UAHL@unbound.conf@trusted-keys-file@@: *<filename>*
+    File with trusted keys for validation.
+    Specify more than one file with several entries, one file per entry.
+    Like :ref:`trust-anchor-file<unbound.conf.trust-anchor-file>` but has a
+    different file format.
+    Format is BIND-9 style format, the ``trusted-keys { name flag proto algo
+    "key"; };`` clauses are read.
+    It is possible to use wildcards with this statement, the wildcard is
+    expanded on start and on reload.
+
+    Default: "" (no trusted keys file)
+
+
+@@UAHL@unbound.conf@trust-anchor-signaling@@: *<yes or no>*
+    Send :rfc:`8145` key tag query after trust anchor priming.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@root-key-sentinel@@: *<yes or no>*
+    Root key trust anchor sentinel.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@domain-insecure@@: *<domain name>*
+    Sets *<domain name>* to be insecure, DNSSEC chain of trust is ignored
+    towards the *<domain name>*.
+    So a trust anchor above the domain name can not make the domain secure with
+    a DS record, such a DS record is then ignored.
+    Can be given multiple times to specify multiple domains that are treated as
+    if unsigned.
+    If you set trust anchors for the domain they override this setting (and the
+    domain is secured).
+
+    This can be useful if you want to make sure a trust anchor for external
+    lookups does not affect an (unsigned) internal domain.
+    A DS record externally can create validation failures for that internal
+    domain.
+
+    Default: (none)
+
+
+@@UAHL@unbound.conf@val-override-date@@: *<rrsig-style date spec>*
+    .. warning:: Debugging feature!
+
+    If enabled by giving a RRSIG style date, that date is used for verifying
+    RRSIG inception and expiration dates, instead of the current date.
+    Do not set this unless you are debugging signature inception and
+    expiration.
+    The value -1 ignores the date altogether, useful for some special
+    applications.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@val-sig-skew-min@@: *<seconds>*
+    Minimum number of seconds of clock skew to apply to validated signatures.
+    A value of 10% of the signature lifetime (expiration - inception) is used,
+    capped by this setting.
+    Default is 3600 (1 hour) which allows for daylight savings differences.
+    Lower this value for more strict checking of short lived signatures.
+
+    Default: 3600 (1 hour)
+
+
+@@UAHL@unbound.conf@val-sig-skew-max@@: *<seconds>*
+    Maximum number of seconds of clock skew to apply to validated signatures.
+    A value of 10% of the signature lifetime (expiration - inception) is used,
+    capped by this setting.
+    Default is 86400 (24 hours) which allows for timezone setting problems in
+    stable domains.
+    Setting both min and max very low disables the clock skew allowances.
+    Setting both min and max very high makes the validator check the signature
+    timestamps less strictly.
+
+    Default: 86400 (24 hours)
+
+
+@@UAHL@unbound.conf@val-max-restart@@: *<number>*
+    The maximum number the validator should restart validation with another
+    authority in case of failed validation.
+
+    Default: 5
+
+
+@@UAHL@unbound.conf@val-bogus-ttl@@: *<seconds>*
+    The time to live for bogus data.
+    This is data that has failed validation; due to invalid signatures or other
+    checks.
+    The TTL from that data cannot be trusted, and this value is used instead.
+    The time interval prevents repeated revalidation of bogus data.
+
+    Default: 60
+
+
+@@UAHL@unbound.conf@val-clean-additional@@: *<yes or no>*
+    Instruct the validator to remove data from the additional section of secure
+    messages that are not signed properly.
+    Messages that are insecure, bogus, indeterminate or unchecked are not
+    affected.
+    Use this setting to protect the users that rely on this validator for
+    authentication from potentially bad data in the additional section.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@val-log-level@@: *<number>*
+    Have the validator print validation failures to the log.
+    Regardless of the verbosity setting.
+
+    At 1, for every user query that fails a line is printed to the logs.
+    This way you can monitor what happens with validation.
+    Use a diagnosis tool, such as dig or drill, to find out why validation is
+    failing for these queries.
+
+    At 2, not only the query that failed is printed but also the reason why
+    Unbound thought it was wrong and which server sent the faulty data.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@val-permissive-mode@@: *<yes or no>*
+    Instruct the validator to mark bogus messages as indeterminate.
+    The security checks are performed, but if the result is bogus (failed
+    security), the reply is not withheld from the client with SERVFAIL as
+    usual.
+    The client receives the bogus data.
+    For messages that are found to be secure the AD bit is set in replies.
+    Also logging is performed as for full validation.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@ignore-cd-flag@@: *<yes or no>*
+    Instruct Unbound to ignore the CD flag from clients and refuse to return
+    bogus answers to them.
+    Thus, the CD (Checking Disabled) flag does not disable checking any more.
+    This is useful if legacy (w2008) servers that set the CD flag but cannot
+    validate DNSSEC themselves are the clients, and then Unbound provides them
+    with DNSSEC protection.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@disable-edns-do@@: *<yes or no>*
+    Disable the EDNS DO flag in upstream requests.
+    It breaks DNSSEC validation for Unbound's clients.
+    This results in the upstream name servers to not include DNSSEC records in
+    their replies and could be helpful for devices that cannot handle DNSSEC
+    information.
+    When the option is enabled, clients that set the DO flag receive no EDNS
+    record in the response to indicate the lack of support to them.
+    If this option is enabled but Unbound is already configured for DNSSEC
+    validation (i.e., the validator module is enabled; default) this option is
+    implicitly turned off with a warning as to not break DNSSEC validation in
+    Unbound.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@serve-expired@@: *<yes or no>*
+    If enabled, Unbound attempts to serve old responses from cache with a TTL
+    of :ref:`serve-expired-reply-ttl<unbound.conf.serve-expired-reply-ttl>` in
+    the response.
+    By default the expired answer will be used after a resolution attempt
+    errored out or is taking more than
+    :ref:`serve-expired-client-timeout<unbound.conf.serve-expired-client-timeout>`
+    to resolve.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@serve-expired-ttl@@: *<seconds>*
+    Limit serving of expired responses to configured seconds after expiration.
+    ``0`` disables the limit.
+    This option only applies when
+    :ref:`serve-expired<unbound.conf.serve-expired>` is enabled.
+    A suggested value per RFC 8767 is between 86400 (1 day) and 259200 (3 days).
+    The default is 86400.
+
+    Default: 86400
+
+
+@@UAHL@unbound.conf@serve-expired-ttl-reset@@: *<yes or no>*
+    Set the TTL of expired records to the
+    :ref:`serve-expired-ttl<unbound.conf.serve-expired-ttl>` value after a
+    failed attempt to retrieve the record from upstream.
+    This makes sure that the expired records will be served as long as there
+    are queries for it.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@serve-expired-reply-ttl@@: *<seconds>*
+    TTL value to use when replying with expired data.
+    If
+    :ref:`serve-expired-client-timeout<unbound.conf.serve-expired-client-timeout>`
+    is also used then it is RECOMMENDED to use 30 as the value (:rfc:`8767`).
+
+    Default: 30
+
+
+@@UAHL@unbound.conf@serve-expired-client-timeout@@: *<msec>*
+    Time in milliseconds before replying to the client with expired data.
+    This essentially enables the serve-stale behavior as specified in
+    :rfc:`8767` that first tries to resolve before immediately responding with
+    expired data.
+    Setting this to ``0`` will disable this behavior and instead serve the
+    expired record immediately from the cache before attempting to refresh it
+    via resolution.
+
+    Default: 1800
+
+
+@@UAHL@unbound.conf@serve-original-ttl@@: *<yes or no>*
+    If enabled, Unbound will always return the original TTL as received from
+    the upstream name server rather than the decrementing TTL as stored in the
+    cache.
+    This feature may be useful if Unbound serves as a front-end to a hidden
+    authoritative name server.
+
+    Enabling this feature does not impact cache expiry, it only changes the TTL
+    Unbound embeds in responses to queries.
+
+    .. note::
+        Enabling this feature implicitly disables enforcement of the configured
+        minimum and maximum TTL, as it is assumed users who enable this feature
+        do not want Unbound to change the TTL obtained from an upstream server.
+
+    .. note::
+        The values set using :ref:`cache-min-ttl<unbound.conf.cache-min-ttl>`
+        and :ref:`cache-max-ttl<unbound.conf.cache-max-ttl>` are ignored.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@val-nsec3-keysize-iterations@@: <"list of values">
+    List of keysize and iteration count values, separated by spaces, surrounded
+    by quotes.
+    This determines the maximum allowed NSEC3 iteration count before a message
+    is simply marked insecure instead of performing the many hashing
+    iterations.
+    The list must be in ascending order and have at least one entry.
+    If you set it to "1024 65535" there is no restriction to NSEC3 iteration
+    values.
+
+    .. note::
+        This table must be kept short; a very long list could cause slower
+        operation.
+
+    Default: "1024 150 2048 150 4096 150"
+
+
+@@UAHL@unbound.conf@zonemd-permissive-mode@@: *<yes or no>*
+    If enabled the ZONEMD verification failures are only logged and do not
+    cause the zone to be blocked and only return servfail.
+    Useful for testing out if it works, or if the operator only wants to be
+    notified of a problem without disrupting service.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@add-holddown@@: *<seconds>*
+    Instruct the
+    :ref:`auto-trust-anchor-file<unbound.conf.auto-trust-anchor-file>` probe
+    mechanism for :rfc:`5011` autotrust updates to add new trust anchors only
+    after they have been visible for this time.
+
+    Default: 2592000 (30 days as per the RFC)
+
+
+@@UAHL@unbound.conf@del-holddown@@: *<seconds>*
+    Instruct the
+    :ref:`auto-trust-anchor-file<unbound.conf.auto-trust-anchor-file>` probe
+    mechanism for :rfc:`5011` autotrust updates to remove revoked trust anchors
+    after they have been kept in the revoked list for this long.
+
+    Default: 2592000 (30 days as per the RFC)
+
+
+@@UAHL@unbound.conf@keep-missing@@: *<seconds>*
+    Instruct the
+    :ref:`auto-trust-anchor-file<unbound.conf.auto-trust-anchor-file>` probe
+    mechanism for :rfc:`5011` autotrust updates to remove missing trust anchors
+    after they have been unseen for this long.
+    This cleans up the state file if the target zone does not perform trust
+    anchor revocation, so this makes the auto probe mechanism work with zones
+    that perform regular (non-5011) rollovers.
+    The value 0 does not remove missing anchors, as per the RFC.
+
+    Default: 31622400 (366 days)
+
+
+@@UAHL@unbound.conf@permit-small-holddown@@: *<yes or no>*
+    Debug option that allows the autotrust 5011 rollover timers to assume very
+    small values.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@key-cache-size@@: *<number>*
+    Number of bytes size of the key cache.
+    A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+    or gigabytes (1024*1024 bytes in a megabyte).
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@key-cache-slabs@@: *<number>*
+    Number of slabs in the key cache.
+    Slabs reduce lock contention by threads.
+    Must be set to a power of 2.
+    Setting (close) to the number of cpus is a fairly good setting.
+    If left unconfigured, it will be configured automatically to be a power of
+    2 close to the number of configured threads in multi-threaded environments.
+
+    Default: (unconfigured)
+
+
+@@UAHL@unbound.conf@neg-cache-size@@: *<number>*
+    Number of bytes size of the aggressive negative cache.
+    A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+    or gigabytes (1024*1024 bytes in a megabyte).
+
+    Default: 1m
+
+
+@@UAHL@unbound.conf@unblock-lan-zones@@: *<yes or no>*
+    If enabled, then for private address space, the reverse lookups are no
+    longer filtered.
+    This allows Unbound when running as dns service on a host where it provides
+    service for that host, to put out all of the queries for the 'lan'
+    upstream.
+    When enabled, only localhost, ``127.0.0.1`` reverse and ``::1`` reverse
+    zones are configured with default local zones.
+    Disable the option when Unbound is running as a (DHCP-) DNS network
+    resolver for a group of machines, where such lookups should be filtered
+    (RFC compliance), this also stops potential data leakage about the local
+    network to the upstream DNS servers.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@insecure-lan-zones@@: *<yes or no>*
+    If enabled, then reverse lookups in private address space are not
+    validated.
+    This is usually required whenever
+    :ref:`unblock-lan-zones<unbound.conf.unblock-lan-zones>` is used.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@local-zone@@: *<zone> <type>*
+    Configure a local zone.
+    The type determines the answer to give if there is no match from
+    :ref:`local-data<unbound.conf.local-data>`.
+    The types are
+    :ref:`deny<unbound.conf.local-zone.type.deny>`,
+    :ref:`refuse<unbound.conf.local-zone.type.refuse>`,
+    :ref:`static<unbound.conf.local-zone.type.static>`,
+    :ref:`transparent<unbound.conf.local-zone.type.transparent>`,
+    :ref:`redirect<unbound.conf.local-zone.type.redirect>`,
+    :ref:`nodefault<unbound.conf.local-zone.type.nodefault>`,
+    :ref:`typetransparent<unbound.conf.local-zone.type.typetransparent>`,
+    :ref:`inform<unbound.conf.local-zone.type.inform>`,
+    :ref:`inform_deny<unbound.conf.local-zone.type.inform_deny>`,
+    :ref:`inform_redirect<unbound.conf.local-zone.type.inform_redirect>`,
+    :ref:`always_transparent<unbound.conf.local-zone.type.always_transparent>`,
+    :ref:`block_a<unbound.conf.local-zone.type.block_a>`,
+    :ref:`always_refuse<unbound.conf.local-zone.type.always_refuse>`,
+    :ref:`always_nxdomain<unbound.conf.local-zone.type.always_nxdomain>`,
+    :ref:`always_null<unbound.conf.local-zone.type.always_null>`,
+    :ref:`noview<unbound.conf.local-zone.type.noview>`,
+    and are explained below.
+    After that the default settings are listed.
+    Use :ref:`local-data<unbound.conf.local-data>` to enter data into the
+    local zone.
+    Answers for local zones are authoritative DNS answers.
+    By default the zones are class IN.
+
+    If you need more complicated authoritative data, with referrals,
+    wildcards, CNAME/DNAME support, or DNSSEC authoritative service,
+    setup a :ref:`stub-zone<unbound.conf.stub>` for it as detailed in the
+    stub zone section below.
+    A :ref:`stub-zone<unbound.conf.stub>` can be used to have unbound
+    send queries to another server, an authoritative server, to fetch the
+    information.
+    With a :ref:`forward-zone<unbound.conf.forward>`, unbound sends
+    queries to a server that is a recursive server to fetch the information.
+    With an :ref:`auth-zone<unbound.conf.auth>` a zone can be loaded from
+    file and used, it can be used like a local zone for users downstream, or
+    the :ref:`auth-zone<unbound.conf.auth>` information can be used to fetch
+    information from when resolving like it is an upstream server.
+    The :ref:`forward-zone<unbound.conf.forward>` and
+    :ref:`auth-zone<unbound.conf.auth>` options are described in their
+    sections below.
+    If you want to perform filtering of the information that the users can
+    fetch, the :ref:`local-zone<unbound.conf.local-zone>` and
+    :ref:`local-data<unbound.conf.local-data>` statements allow for this, but
+    also the :ref:`rpz<unbound.conf.rpz>` functionality can be used, described
+    in the RPZ section.
+
+    @@UAHL@unbound.conf.local-zone.type@deny@@
+        Do not send an answer, drop the query.
+        If there is a match from local data, the query is answered.
+
+    @@UAHL@unbound.conf.local-zone.type@refuse@@
+        Send an error message reply, with rcode REFUSED.
+        If there is a match from local data, the query is answered.
+
+    @@UAHL@unbound.conf.local-zone.type@static@@
+        If there is a match from local data, the query is answered.
+        Otherwise, the query is answered with NODATA or NXDOMAIN.
+        For a negative answer a SOA is included in the answer if present as
+        :ref:`local-data<unbound.conf.local-data>` for the zone apex domain.
+
+    @@UAHL@unbound.conf.local-zone.type@transparent@@
+        If there is a match from :ref:`local-data<unbound.conf.local-data>`,
+        the query is answered.
+        Otherwise if the query has a different name, the query is resolved
+        normally.
+        If the query is for a name given in
+        :ref:`local-data<unbound.conf.local-data>` but no such type of data is
+        given in localdata, then a NOERROR NODATA answer is returned.
+        If no :ref:`local-zone<unbound.conf.local-zone>` is given
+        :ref:`local-data<unbound.conf.local-data>` causes a transparent zone
+        to be created by default.
+
+    @@UAHL@unbound.conf.local-zone.type@typetransparent@@
+        If there is a match from local data, the query is answered.
+        If the query is for a different name, or for the same name but for a
+        different type, the query is resolved normally.
+        So, similar to
+        :ref:`transparent<unbound.conf.local-zone.type.transparent>` but types
+        that are not listed in local data are resolved normally, so if an A
+        record is in the local data that does not cause a NODATA reply for AAAA
+        queries.
+
+    @@UAHL@unbound.conf.local-zone.type@redirect@@
+        The query is answered from the local data for the zone name.
+        There may be no local data beneath the zone name.
+        This answers queries for the zone, and all subdomains of the zone with
+        the local data for the zone.
+        It can be used to redirect a domain to return a different address
+        record to the end user, with:
+
+        .. code-block:: text
+
+            local-zone: "example.com." redirect
+            local-data: "example.com. A 127.0.0.1"
+
+        queries for ``www.example.com`` and ``www.foo.example.com`` are
+        redirected, so that users with web browsers cannot access sites with
+        suffix example.com.
+
+    @@UAHL@unbound.conf.local-zone.type@inform@@
+        The query is answered normally, same as
+        :ref:`transparent<unbound.conf.local-zone.type.transparent>`.
+        The client IP address (@portnumber) is printed to the logfile.
+        The log message is:
+
+        .. code-block:: text
+
+            timestamp, unbound-pid, info: zonename inform IP@port queryname type class.
+
+        This option can be used for normal resolution, but machines looking up
+        infected names are logged, eg. to run antivirus on them.
+
+    @@UAHL@unbound.conf.local-zone.type@inform_deny@@
+        The query is dropped, like
+        :ref:`deny<unbound.conf.local-zone.type.deny>`, and logged, like
+        :ref:`inform<unbound.conf.local-zone.type.inform>`.
+        Ie. find infected machines without answering the queries.
+
+    @@UAHL@unbound.conf.local-zone.type@inform_redirect@@
+        The query is redirected, like
+        :ref:`redirect<unbound.conf.local-zone.type.redirect>`, and logged,
+        like :ref:`inform<unbound.conf.local-zone.type.inform>`.
+        Ie. answer queries with fixed data and also log the machines that ask.
+
+    @@UAHL@unbound.conf.local-zone.type@always_transparent@@
+        Like :ref:`transparent<unbound.conf.local-zone.type.transparent>`, but
+        ignores local data and resolves normally.
+
+    @@UAHL@unbound.conf.local-zone.type@block_a@@
+        Like :ref:`transparent<unbound.conf.local-zone.type.transparent>`, but
+        ignores local data and resolves normally all query types excluding A.
+        For A queries it unconditionally returns NODATA.
+        Useful in cases when there is a need to explicitly force all apps to
+        use IPv6 protocol and avoid any queries to IPv4.
+
+    @@UAHL@unbound.conf.local-zone.type@always_refuse@@
+        Like :ref:`refuse<unbound.conf.local-zone.type.refuse>`, but ignores
+        local data and refuses the query.
+
+    @@UAHL@unbound.conf.local-zone.type@always_nxdomain@@
+        Like :ref:`static<unbound.conf.local-zone.type.static>`, but ignores
+        local data and returns NXDOMAIN for the query.
+
+    @@UAHL@unbound.conf.local-zone.type@always_nodata@@
+        Like :ref:`static<unbound.conf.local-zone.type.static>`, but ignores
+        local data and returns NODATA for the query.
+
+    @@UAHL@unbound.conf.local-zone.type@always_deny@@
+        Like :ref:`deny<unbound.conf.local-zone.type.deny>`, but ignores local
+        data and drops the query.
+
+    @@UAHL@unbound.conf.local-zone.type@always_null@@
+        Always returns ``0.0.0.0`` or ``::0`` for every name in the zone.
+        Like :ref:`redirect<unbound.conf.local-zone.type.redirect>` with zero
+        data for A and AAAA.
+        Ignores local data in the zone.
+        Used for some block lists.
+
+    @@UAHL@unbound.conf.local-zone.type@noview@@
+        Breaks out of that view and moves towards the global local zones for
+        answer to the query.
+        If the :ref:`view-first<unbound.conf.view.view-first>` is no, it'll
+        resolve normally.
+        If :ref:`view-first<unbound.conf.view.view-first>` is enabled, it'll
+        break perform that step and check the global answers.
+        For when the view has view specific overrides but some zone has to be
+        answered from global local zone contents.
+
+    @@UAHL@unbound.conf.local-zone.type@nodefault@@
+        Used to turn off default contents for AS112 zones.
+        The other types also turn off default contents for the zone.
+        The :ref:`nodefault<unbound.conf.local-zone.type.nodefault>` option has
+        no other effect than turning off default contents for the given zone.
+        Use :ref:`nodefault<unbound.conf.local-zone.type.nodefault>` if you use
+        exactly that zone, if you want to use a subzone, use
+        :ref:`transparent<unbound.conf.local-zone.type.transparent>`.
+
+    The default zones are localhost, reverse ``127.0.0.1`` and ``::1``, the
+    ``home.arpa``, ``resolver.arpa``, ``service.arpa``, ``onion``, ``test``,
+    ``invalid`` and the AS112 zones.
+    The AS112 zones are reverse DNS zones for private use and reserved IP
+    addresses for which the servers on the internet cannot provide correct
+    answers.
+    They are configured by default to give NXDOMAIN (no reverse information)
+    answers.
+
+    The defaults can be turned off by specifying your own
+    :ref:`local-zone<unbound.conf.local-zone>` of that name, or using the
+    :ref:`nodefault<unbound.conf.local-zone.type.nodefault>` type.
+    Below is a list of the default zone contents.
+
+    @@UAHL@unbound.conf.local-zone.defaults@localhost@@
+        The IPv4 and IPv6 localhost information is given.
+        NS and SOA records are provided for completeness and to satisfy some
+        DNS update tools.
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "localhost." redirect
+            local-data: "localhost. 10800 IN NS localhost."
+            local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+            local-data: "localhost. 10800 IN A 127.0.0.1"
+            local-data: "localhost. 10800 IN AAAA ::1"
+
+    @@UAHL@unbound.conf.local-zone.defaults@reverse IPv4 loopback@@
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "127.in-addr.arpa." static
+            local-data: "127.in-addr.arpa. 10800 IN NS localhost."
+            local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+            local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
+
+    @@UAHL@unbound.conf.local-zone.defaults@reverse IPv6 loopback@@
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." static
+            local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN NS localhost."
+            local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+            local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost."
+
+    @@UAHL@unbound.conf.local-zone.defaults@home.arpa@@ (:rfc:`8375`)
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "home.arpa." static
+            local-data: "home.arpa. 10800 IN NS localhost."
+            local-data: "home.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+
+    @@UAHL@unbound.conf.local-zone.defaults@resolver.arpa@@ (:rfc:`9462`)
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "resolver.arpa." static
+            local-data: "resolver.arpa. 10800 IN NS localhost."
+            local-data: "resolver.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+
+    @@UAHL@unbound.conf.local-zone.defaults@service.arpa@@ (draft-ietf-dnssd-srp-25)
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "service.arpa." static
+            local-data: "service.arpa. 10800 IN NS localhost."
+            local-data: "service.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+
+    @@UAHL@unbound.conf.local-zone.defaults@onion@@ (:rfc:`7686`)
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "onion." static
+            local-data: "onion. 10800 IN NS localhost."
+            local-data: "onion. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+
+    @@UAHL@unbound.conf.local-zone.defaults@test@@ (:rfc:`6761`)
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "test." static
+            local-data: "test. 10800 IN NS localhost."
+            local-data: "test. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+
+    @@UAHL@unbound.conf.local-zone.defaults@invalid@@ (:rfc:`6761`)
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "invalid." static
+            local-data: "invalid. 10800 IN NS localhost."
+            local-data: "invalid. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+
+    @@UAHL@unbound.conf.local-zone.defaults@reverse local use zones@@ (:rfc:`1918`)
+        Reverse data for zones ``10.in-addr.arpa``, ``16.172.in-addr.arpa`` to
+        ``31.172.in-addr.arpa``, ``168.192.in-addr.arpa``.
+        The :ref:`local-zone<unbound.conf.local-zone>` is set static and as
+        :ref:`local-data<unbound.conf.local-data>` SOA and NS records are
+        provided.
+
+    @@UAHL@unbound.conf.local-zone.defaults@special-use IPv4 Addresses@@ (:rfc:`3330`)
+        Reverse data for zones ``0.in-addr.arpa`` (this), ``254.169.in-addr.arpa`` (link-local),
+        ``2.0.192.in-addr.arpa`` (TEST NET 1), ``100.51.198.in-addr.arpa``
+        (TEST NET 2), ``113.0.203.in-addr.arpa`` (TEST NET 3),
+        ``255.255.255.255.in-addr.arpa`` (broadcast).
+        And from ``64.100.in-addr.arpa`` to ``127.100.in-addr.arpa`` (Shared
+        Address Space).
+
+    @@UAHL@unbound.conf.local-zone.defaults@reverse IPv6 unspecified@@ (:rfc:`4291`)
+        Reverse data for zone
+        ``0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.``
+
+    @@UAHL@unbound.conf.local-zone.defaults@reverse IPv6 Locally Assigned Local Addresses@@ (:rfc:`4193`)
+        Reverse data for zone ``D.F.ip6.arpa``.
+
+    @@UAHL@unbound.conf.local-zone.defaults@reverse IPv6 Link Local Addresses@@ (:rfc:`4291`)
+        Reverse data for zones ``8.E.F.ip6.arpa`` to ``B.E.F.ip6.arpa``.
+
+    @@UAHL@unbound.conf.local-zone.defaults@reverse IPv6 Example Prefix@@
+        Reverse data for zone ``8.B.D.0.1.0.0.2.ip6.arpa``.
+        This zone is used for tutorials and examples.
+        You can remove the block on this zone with:
+
+        .. code-block:: text
+
+            local-zone: 8.B.D.0.1.0.0.2.ip6.arpa. nodefault
+
+    You can also selectively unblock a part of the zone by making that part
+    transparent with a :ref:`local-zone<unbound.conf.local-zone>` statement.
+    This also works with the other default zones.
+
+
+@@UAHL@unbound.conf@local-data@@: *"<resource record string>"*
+    Configure local data, which is served in reply to queries for it.
+    The query has to match exactly unless you configure the
+    :ref:`local-zone<unbound.conf.local-zone>` as redirect.
+    If not matched exactly, the :ref:`local-zone<unbound.conf.local-zone>`
+    type determines further processing.
+    If :ref:`local-data<unbound.conf.local-data>` is configured that is not a
+    subdomain of a :ref:`local-zone<unbound.conf.local-zone>`, a
+    :ref:`transparent local-zone<unbound.conf.local-zone.type.transparent>` is
+    configured.
+    For record types such as TXT, use single quotes, as in:
+
+    .. code-block:: text
+
+        local-data: 'example. TXT "text"'
+
+    .. note::
+        If you need more complicated authoritative data, with referrals,
+        wildcards, CNAME/DNAME support, or DNSSEC authoritative service, setup
+        a :ref:`stub-zone<unbound.conf.stub>` for it as detailed in the stub
+        zone section below.
+
+
+@@UAHL@unbound.conf@local-data-ptr@@: *"IPaddr name"*
+    Configure local data shorthand for a PTR record with the reversed IPv4 or
+    IPv6 address and the host name.
+    For example ``"192.0.2.4 www.example.com"``.
+    TTL can be inserted like this: ``"2001:DB8::4 7200 www.example.com"``
+
+
+@@UAHL@unbound.conf@local-zone-tag@@: *<zone> <"list of tags">*
+    Assign tags to local zones.
+    Tagged localzones will only be applied when the used
+    :ref:`access-control<unbound.conf.access-control>` element has a matching
+    tag.
+    Tags must be defined in :ref:`define-tag<unbound.conf.define-tag>`.
+    Enclose list of tags in quotes (``""``) and put spaces between tags.
+    When there are multiple tags it checks if the intersection of the list of
+    tags for the query and :ref:`local-zone-tag<unbound.conf.local-zone-tag>`
+    is non-empty.
+
+
+@@UAHL@unbound.conf@local-zone-override@@: *<zone> <IP netblock> <type>*
+    Override the local zone type for queries from addresses matching netblock.
+    Use this localzone type, regardless the type configured for the local zone
+    (both tagged and untagged) and regardless the type configured using
+    :ref:`access-control-tag-action<unbound.conf.access-control-tag-action>`.
+
+
+@@UAHL@unbound.conf@response-ip@@: *<IP-netblock> <action>*
+    This requires use of the ``respip`` module.
+
+    If the IP address in an AAAA or A RR in the answer section of a response
+    matches the specified IP netblock, the specified action will apply.
+    *<action>* has generally the same semantics as that for
+    :ref:`access-control-tag-action<unbound.conf.access-control-tag-action>`,
+    but there are some exceptions.
+
+    Actions for :ref:`response-ip<unbound.conf.response-ip>` are different
+    from those for :ref:`local-zone<unbound.conf.local-zone>` in that in case
+    of the former there is no point of such conditions as "the query matches it
+    but there is no local data".
+    Because of this difference, the semantics of
+    :ref:`response-ip<unbound.conf.response-ip>` actions are modified or
+    simplified as follows: The *static*, *refuse*, *transparent*,
+    *typetransparent*, and *nodefault* actions are invalid for *response-ip*.
+    Using any of these will cause the configuration to be rejected as faulty.
+    The *deny* action is non-conditional, i.e. it always results in dropping
+    the corresponding query.
+    The resolution result before applying the *deny* action is still cached and
+    can be used for other queries.
+
+
+@@UAHL@unbound.conf@response-ip-data@@: *<IP-netblock> <"resource record string">*
+    This requires use of the ``respip`` module.
+
+    This specifies the action data for
+    :ref:`response-ip<unbound.conf.response-ip>` with action being to redirect
+    as specified by *<"resource record string">*.
+    *<"Resource record string">* is similar to that of
+    :ref:`access-control-tag-action<unbound.conf.access-control-tag-action>`,
+    but it must be of either AAAA, A or CNAME types.
+    If the *<IP-netblock>* is an IPv6/IPv4 prefix, the record must be AAAA/A
+    respectively, unless it is a CNAME (which can be used for both versions of
+    IP netblocks).
+    If it is CNAME there must not be more than one
+    :ref:`response-ip-data<unbound.conf.response-ip-data>` for the same
+    *<IP-netblock>*.
+    Also, CNAME and other types of records must not coexist for the same
+    *<IP-netblock>*, following the normal rules for CNAME records.
+    The textual domain name for the CNAME does not have to be explicitly
+    terminated with a dot (``"."``); the root name is assumed to be the origin
+    for the name.
+
+
+@@UAHL@unbound.conf@response-ip-tag@@: *<IP-netblock> <"list of tags">*
+    This requires use of the ``respip`` module.
+
+    Assign tags to response *<IP-netblock>*.
+    If the IP address in an AAAA or A RR in the answer section of a response
+    matches the specified *<IP-netblock>*, the specified tags are assigned to
+    the IP address.
+    Then, if an :ref:`access-control-tag<unbound.conf.access-control-tag>` is
+    defined for the client and it includes one of the tags for the response IP,
+    the corresponding
+    :ref:`access-control-tag-action<unbound.conf.access-control-tag-action>`
+    will apply.
+    Tag matching rule is the same as that for
+    :ref:`access-control-tag<unbound.conf.access-control-tag>` and
+    :ref:`local-zone<unbound.conf.local-zone>`.
+    Unlike :ref:`local-zone-tag<unbound.conf.local-zone-tag>`,
+    :ref:`response-ip-tag<unbound.conf.response-ip-tag>` can be defined for an
+    *<IP-netblock>* even if no :ref:`response-ip<unbound.conf.response-ip>` is
+    defined for that netblock.
+    If multiple :ref:`response-ip-tag<unbound.conf.response-ip-tag>` options
+    are specified for the same *<IP-netblock>* in different statements, all but
+    the first will be ignored.
+    However, this will not be flagged as a configuration error, but the result
+    is probably not what was intended.
+
+    Actions specified in an
+    :ref:`access-control-tag-action<unbound.conf.access-control-tag-action>`
+    that has a matching tag with
+    :ref:`response-ip-tag<unbound.conf.response-ip-tag>` can be those that are
+    "invalid" for :ref:`response-ip<unbound.conf.response-ip>` listed above,
+    since
+    :ref:`access-control-tag-action<unbound.conf.access-control-tag-action>`
+    can be shared with local zones.
+    For these actions, if they behave differently depending on whether local
+    data exists or not in case of local zones, the behavior for
+    :ref:`response-ip-data<unbound.conf.response-ip-data>` will generally
+    result in NOERROR/NODATA instead of NXDOMAIN, since the
+    :ref:`response-ip<unbound.conf.response-ip>` data are inherently type
+    specific, and non-existence of data does not indicate anything about the
+    existence or non-existence of the qname itself.
+    For example, if the matching tag action is static but there is no data for
+    the corresponding :ref:`response-ip<unbound.conf.response-ip>`
+    configuration, then the result will be NOERROR/NODATA.
+    The only case where NXDOMAIN is returned is when an
+    :ref:`always_nxdomain<unbound.conf.local-zone.type.always_nxdomain>`
+    action applies.
+
+
+@@UAHL@unbound.conf@ratelimit@@: *<number or 0>*
+    Enable ratelimiting of queries sent to nameserver for performing recursion.
+    0 disables the feature.
+    This option is experimental at this time.
+
+    The ratelimit is in queries per second that are allowed.
+    More queries are turned away with an error (SERVFAIL).
+    Cached responses are not ratelimited by this setting.
+
+    This stops recursive floods, eg. random query names, but not spoofed
+    reflection floods.
+    The zone of the query is determined by examining the nameservers for it,
+    the zone name is used to keep track of the rate.
+    For example, 1000 may be a suitable value to stop the server from being
+    overloaded with random names, and keeps unbound from sending traffic to the
+    nameservers for those zones.
+
+    .. note:: Configured forwarders are excluded from ratelimiting.
+
+    Default: 0
+
+
+@@UAHL@unbound.conf@ratelimit-size@@: *<memory size>*
+    Give the size of the data structure in which the current ongoing rates are
+    kept track in.
+    In bytes or use m(mega), k(kilo), g(giga).
+    The ratelimit structure is small, so this data structure likely does not
+    need to be large.
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@ratelimit-slabs@@: *<number>*
+    Number of slabs in the ratelimit tracking data structure.
+    Slabs reduce lock contention by threads.
+    Must be set to a power of 2.
+    Setting (close) to the number of cpus is a fairly good setting.
+    If left unconfigured, it will be configured automatically to be a power of
+    2 close to the number of configured threads in multi-threaded environments.
+
+    Default: (unconfigured)
+
+
+@@UAHL@unbound.conf@ratelimit-factor@@: *<number>*
+    Set the amount of queries to rate limit when the limit is exceeded.
+    If set to 0, all queries are dropped for domains where the limit is
+    exceeded.
+    If set to another value, 1 in that number is allowed through to complete.
+    Default is 10, allowing 1/10 traffic to flow normally.
+    This can make ordinary queries complete (if repeatedly queried for), and
+    enter the cache, whilst also mitigating the traffic flow by the factor
+    given.
+
+    Default: 10
+
+
+@@UAHL@unbound.conf@ratelimit-backoff@@: *<yes or no>*
+    If enabled, the ratelimit is treated as a hard failure instead of the
+    default maximum allowed constant rate.
+    When the limit is reached, traffic is ratelimited and demand continues to
+    be kept track of for a 2 second rate window.
+    No traffic is allowed, except for
+    :ref:`ratelimit-factor<unbound.conf.ratelimit-factor>`, until demand
+    decreases below the configured ratelimit for a 2 second rate window.
+    Useful to set :ref:`ratelimit<unbound.conf.ratelimit>` to a suspicious
+    rate to aggressively limit unusually high traffic.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@ratelimit-for-domain@@: *<domain> <number qps or 0>*
+    Override the global :ref:`ratelimit<unbound.conf.ratelimit>` for an exact
+    match domain name with the listed number.
+    You can give this for any number of names.
+    For example, for a top-level-domain you may want to have a higher limit
+    than other names.
+    A value of 0 will disable ratelimiting for that domain.
+
+
+@@UAHL@unbound.conf@ratelimit-below-domain@@: *<domain> <number qps or 0>*
+    Override the global :ref:`ratelimit<unbound.conf.ratelimit>` for a domain
+    name that ends in this name.
+    You can give this multiple times, it then describes different settings in
+    different parts of the namespace.
+    The closest matching suffix is used to determine the qps limit.
+    The rate for the exact matching domain name is not changed, use
+    :ref:`ratelimit-for-domain<unbound.conf.ratelimit-for-domain>` to set
+    that, you might want to use different settings for a top-level-domain and
+    subdomains.
+    A value of 0 will disable ratelimiting for domain names that end in this
+    name.
+
+
+@@UAHL@unbound.conf@ip-ratelimit@@: *<number or 0>*
+    Enable global ratelimiting of queries accepted per ip address.
+    This option is experimental at this time.
+    The ratelimit is in queries per second that are allowed.
+    More queries are completely dropped and will not receive a reply, SERVFAIL
+    or otherwise.
+    IP ratelimiting happens before looking in the cache.
+    This may be useful for mitigating amplification attacks.
+    Clients with a valid DNS Cookie will bypass the ratelimit.
+    If a ratelimit for such clients is still needed,
+    :ref:`ip-ratelimit-cookie<unbound.conf.ip-ratelimit-cookie>`
+    can be used instead.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@ip-ratelimit-cookie@@: *<number or 0>*
+    Enable global ratelimiting of queries accepted per IP address with a valid
+    DNS Cookie.
+    This option is experimental at this time.
+    The ratelimit is in queries per second that are allowed.
+    More queries are completely dropped and will not receive a reply, SERVFAIL
+    or otherwise.
+    IP ratelimiting happens before looking in the cache.
+    This option could be useful in combination with
+    :ref:`allow_cookie<unbound.conf.access-control.action.allow_cookie>`, in an
+    attempt to mitigate other amplification attacks than UDP reflections (e.g.,
+    attacks targeting Unbound itself) which are already handled with DNS
+    Cookies.
+    If used, the value is suggested to be higher than
+    :ref:`ip-ratelimit<unbound.conf.ip-ratelimit>` e.g., tenfold.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@ip-ratelimit-size@@: *<memory size>*
+    Give the size of the data structure in which the current ongoing rates are
+    kept track in.
+    In bytes or use m(mega), k(kilo), g(giga).
+    The IP ratelimit structure is small, so this data structure likely does not
+    need to be large.
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@ip-ratelimit-slabs@@: *<number>*
+    Number of slabs in the ip ratelimit tracking data structure.
+    Slabs reduce lock contention by threads.
+    Must be set to a power of 2.
+    Setting (close) to the number of cpus is a fairly good setting.
+    If left unconfigured, it will be configured automatically to be a power of
+    2 close to the number of configured threads in multi-threaded environments.
+
+    Default: (unconfigured)
+
+
+@@UAHL@unbound.conf@ip-ratelimit-factor@@: *<number>*
+    Set the amount of queries to rate limit when the limit is exceeded.
+    If set to 0, all queries are dropped for addresses where the limit is
+    exceeded.
+    If set to another value, 1 in that number is allowed through to complete.
+    Default is 10, allowing 1/10 traffic to flow normally.
+    This can make ordinary queries complete (if repeatedly queried for), and
+    enter the cache, whilst also mitigating the traffic flow by the factor
+    given.
+
+    Default: 10
+
+
+@@UAHL@unbound.conf@ip-ratelimit-backoff@@: *<yes or no>*
+    If enabled, the rate limit is treated as a hard failure instead of the
+    default maximum allowed constant rate.
+    When the limit is reached, traffic is ratelimited and demand continues to
+    be kept track of for a 2 second rate window.
+    No traffic is allowed, except for
+    :ref:`ip-ratelimit-factor<unbound.conf.ip-ratelimit-factor>`, until demand
+    decreases below the configured ratelimit for a 2 second rate window.
+    Useful to set :ref:`ip-ratelimit<unbound.conf.ip-ratelimit>` to a
+    suspicious rate to aggressively limit unusually high traffic.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@outbound-msg-retry@@: *<number>*
+    The number of retries, per upstream nameserver in a delegation, that
+    Unbound will attempt in case a throwaway response is received.
+    No response (timeout) contributes to the retry counter.
+    If a forward/stub zone is used, this is the number of retries per
+    nameserver in the zone.
+
+    Default: 5
+
+
+@@UAHL@unbound.conf@max-sent-count@@: *<number>*
+    Hard limit on the number of outgoing queries Unbound will make while
+    resolving a name, making sure large NS sets do not loop.
+    Results in SERVFAIL when reached.
+    It resets on query restarts (e.g., CNAME) and referrals.
+
+    Default: 32
+
+
+@@UAHL@unbound.conf@max-query-restarts@@: *<number>*
+    Hard limit on the number of times Unbound is allowed to restart a query
+    upon encountering a CNAME record.
+    Results in SERVFAIL when reached.
+    Changing this value needs caution as it can allow long CNAME chains to be
+    accepted, where Unbound needs to verify (resolve) each link individually.
+
+    Default: 11
+
+
+@@UAHL@unbound.conf@iter-scrub-ns@@: *<number>*
+    Limit on the number of NS records allowed in an rrset of type NS, from the
+    iterator scrubber.
+    This protects the internals of the resolver from overly large NS sets.
+
+    Default: 20
+
+
+@@UAHL@unbound.conf@iter-scrub-cname@@: *<number>*
+    Limit on the number of CNAME, DNAME records in an answer, from the iterator
+    scrubber.
+    This protects the internals of the resolver from overly long indirection
+    chains.
+    Clips off the remainder of the reply packet at that point.
+
+    Default: 11
+
+
+@@UAHL@unbound.conf@max-global-quota@@: *<number>*
+    Limit on the number of upstream queries sent out for an incoming query and
+    its subqueries from recursion.
+    It is not reset during the resolution.
+    When it is exceeded the query is failed and the lookup process stops.
+
+    Default: 200
+
+
+@@UAHL@unbound.conf@iter-scrub-promiscuous@@: *<yes or no>*
+    Should the iterator scrubber remove promiscuous NS from positive answers.
+    This protects against poisonous contents, that could affect names in the
+    same zone as a spoofed packet.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@fast-server-permil@@: *<number>*
+    Specify how many times out of 1000 to pick from the set of fastest servers.
+    0 turns the feature off.
+    A value of 900 would pick from the fastest servers 90 percent of the time,
+    and would perform normal exploration of random servers for the remaining
+    time.
+    When :ref:`prefetch<unbound.conf.prefetch>` is enabled (or
+    :ref:`serve-expired<unbound.conf.serve-expired>`), such prefetches are not
+    sped up, because there is no one waiting for it, and it presents a good
+    moment to perform server exploration.
+    The :ref:`fast-server-num<unbound.conf.fast-server-num>` option can be
+    used to specify the size of the fastest servers set.
+
+    Default: 0
+
+
+@@UAHL@unbound.conf@fast-server-num@@: *<number>*
+    Set the number of servers that should be used for fast server selection.
+    Only use the fastest specified number of servers with the
+    :ref:`fast-server-permil<unbound.conf.fast-server-permil>` option, that
+    turns this on or off.
+
+    Default: 3
+
+
+@@UAHL@unbound.conf@answer-cookie@@: *<yes or no>*
+    If enabled, Unbound will answer to requests containing DNS Cookies as
+    specified in RFC 7873 and RFC 9018.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@cookie-secret@@: *"<128 bit hex string>"*
+    Server's secret for DNS Cookie generation.
+    Useful to explicitly set for servers in an anycast deployment that need to
+    share the secret in order to verify each other's Server Cookies.
+    An example hex string would be "000102030405060708090a0b0c0d0e0f".
+
+    .. note::
+        This option is ignored if a
+        :ref:`cookie-secret-file<unbound.conf.cookie-secret-file>` is present.
+        In that case the secrets from that file are used in DNS Cookie
+        calculations.
+
+    Default: 128 bits random secret generated at startup time
+
+
+@@UAHL@unbound.conf@cookie-secret-file@@: *<filename>*
+    File from which the secrets are read used in DNS Cookie calculations.
+    When this file exists, the secrets in this file are used and the secret
+    specified by the
+    :ref:`cookie-secret<unbound.conf.cookie-secret>` option is ignored.
+    Enable it by setting a filename, like
+    "/usr/local/etc/unbound_cookiesecrets.txt".
+    The content of this file must be manipulated with the
+    :ref:`add_cookie_secret<unbound-control.commands.add_cookie_secret>`,
+    :ref:`drop_cookie_secret<unbound-control.commands.drop_cookie_secret>` and
+    :ref:`activate_cookie_secret<unbound-control.commands.activate_cookie_secret>`
+    commands to the :doc:`unbound-control(8)</manpages/unbound-control>` tool.
+    Please see that manpage on how to perform a safe cookie secret rollover.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf@edns-client-string@@: *<IP netblock> <string>*
+    Include an EDNS0 option containing configured ASCII string in queries with
+    destination address matching the configured *<IP netblock>*.
+    This configuration option can be used multiple times.
+    The most specific match will be used.
+
+
+@@UAHL@unbound.conf@edns-client-string-opcode@@: *<opcode>*
+    EDNS0 option code for the
+    :ref:`edns-client-string<unbound.conf.edns-client-string>` option, from 0
+    to 65535.
+    A value from the 'Reserved for Local/Experimental' range (65001-65534)
+    should be used.
+
+    Default: 65001
+
+
+@@UAHL@unbound.conf@ede@@: *<yes or no>*
+    If enabled, Unbound will respond with Extended DNS Error codes
+    (:rfc:`8914`).
+    These EDEs provide additional information with a response mainly for, but
+    not limited to, DNS and DNSSEC errors.
+
+    When the :ref:`val-log-level<unbound.conf.val-log-level>` option is also
+    set to ``2``, responses with Extended DNS Errors concerning DNSSEC failures
+    will also contain a descriptive text message about the reason for the
+    failure.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@ede-serve-expired@@: *<yes or no>*
+    If enabled, Unbound will attach an Extended DNS Error (:rfc:`8914`) *Code 3
+    - Stale Answer* as EDNS0 option to the expired response.
+
+    .. note::
+        :ref:`ede: yes<unbound.conf.ede>` needs to be set as well for this to
+        work.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@dns-error-reporting@@: *<yes or no>*
+    If enabled, Unbound will send DNS Error Reports (:rfc:`9567`).
+    The name servers need to express support by attaching the Report-Channel
+    EDNS0 option on their replies specifying the reporting agent for the zone.
+    Any errors encountered during resolution that would result in Unbound
+    generating an Extended DNS Error (:rfc:`8914`) will be reported to the
+    zone's reporting agent.
+
+    The :ref:`ede<unbound.conf.ede>` option does not need to be enabled for
+    this to work.
+
+    It is advised that the
+    :ref:`qname-minimisation<unbound.conf.qname-minimisation>` option is also
+    enabled to increase privacy on the outgoing reports.
+
+    Default: no
+
+.. _unbound.conf.remote:
+
+Remote Control Options
+^^^^^^^^^^^^^^^^^^^^^^
+
+In the **remote-control:** clause are the declarations for the remote control
+facility.
+If this is enabled, the :doc:`unbound-control(8)</manpages/unbound-control>`
+utility can be used to send commands to the running Unbound server.
+The server uses these clauses to setup TLSv1 security for the connection.
+The :doc:`unbound-control(8)</manpages/unbound-control>` utility also reads the
+**remote-control:** section for options.
+To setup the correct self-signed certificates use the
+*unbound-control-setup(8)* utility.
+
+
+@@UAHL@unbound.conf.remote@control-enable@@: *<yes or no>*
+    The option is used to enable remote control.
+    If turned off, the server does not listen for control commands.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.remote@control-interface@@: *<IP address or interface name or path>*
+    Give IPv4 or IPv6 addresses or local socket path to listen on for control
+    commands.
+    If an interface name is used instead of an IP address, the list of IP
+    addresses on that interface are used.
+
+    By default localhost (``127.0.0.1`` and ``::1``) is listened to.
+    Use ``0.0.0.0`` and ``::0`` to listen to all interfaces.
+    If you change this and permissions have been dropped, you must restart the
+    server for the change to take effect.
+
+    If you set it to an absolute path, a unix domain socket is used.
+    This socket does not use the certificates and keys, so those files need not
+    be present.
+    To restrict access, Unbound sets permissions on the file to the user and
+    group that is configured, the access bits are set to allow the group
+    members to access the control socket file.
+    Put users that need to access the socket in the that group.
+    To restrict access further, create a directory to put the control socket in
+    and restrict access to that directory.
+
+
+@@UAHL@unbound.conf.remote@control-port@@: *<port number>*
+    The port number to listen on for IPv4 or IPv6 control interfaces.
+
+    .. note::
+        If you change this and permissions have been dropped, you must restart
+        the server for the change to take effect.
+
+    Default: 8953
+
+
+@@UAHL@unbound.conf.remote@control-use-cert@@: *<yes or no>*
+    For localhost
+    :ref:`control-interface<unbound.conf.remote.control-interface>` you can
+    disable the use of TLS by setting this option to "no".
+    For local sockets, TLS is disabled and the value of this option is ignored.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf.remote@server-key-file@@: *<private key file>*
+    Path to the server private key.
+    This file is generated by the
+    :doc:`unbound-control-setup(8)</manpages/unbound-control>` utility.
+    This file is used by the Unbound server, but not by
+    :doc:`unbound-control(8)</manpages/unbound-control>`.
+
+    Default: unbound_server.key
+
+
+@@UAHL@unbound.conf.remote@server-cert-file@@: *<certificate file.pem>*
+    Path to the server self signed certificate.
+    This file is generated by the
+    :doc:`unbound-control-setup(8)</manpages/unbound-control>` utility.
+    This file is used by the Unbound server, and also by
+    :doc:`unbound-control(8)</manpages/unbound-control>`.
+
+    Default: unbound_server.pem
+
+
+@@UAHL@unbound.conf.remote@control-key-file@@: *<private key file>*
+    Path to the control client private key.
+    This file is generated by the
+    :doc:`unbound-control-setup(8)</manpages/unbound-control>` utility.
+    This file is used by :doc:`unbound-control(8)</manpages/unbound-control>`.
+
+    Default: unbound_control.key
+
+
+@@UAHL@unbound.conf.remote@control-cert-file@@: *<certificate file.pem>*
+    Path to the control client certificate.
+    This certificate has to be signed with the server certificate.
+    This file is generated by the
+    :doc:`unbound-control-setup(8)</manpages/unbound-control>` utility.
+    This file is used by :doc:`unbound-control(8)</manpages/unbound-control>`.
+
+    Default: unbound_control.pem
+
+.. _unbound.conf.stub:
+
+Stub Zone Options
+^^^^^^^^^^^^^^^^^
+
+There may be multiple **stub-zone:** clauses.
+Each with a :ref:`name<unbound.conf.stub.name>` and zero or more hostnames or
+IP addresses.
+For the stub zone this list of nameservers is used.
+Class IN is assumed.
+The servers should be authority servers, not recursors; Unbound performs the
+recursive processing itself for stub zones.
+
+The stub zone can be used to configure authoritative data to be used by the
+resolver that cannot be accessed using the public internet servers.
+This is useful for company-local data or private zones.
+Setup an authoritative server on a different host (or different port).
+Enter a config entry for Unbound with:
+
+.. code-block:: text
+
+   stub-addr: <ip address of host[@port]>
+
+The Unbound resolver can then access the data, without referring to the public
+internet for it.
+
+This setup allows DNSSEC signed zones to be served by that authoritative
+server, in which case a trusted key entry with the public key can be put in
+config, so that Unbound can validate the data and set the AD bit on replies for
+the private zone (authoritative servers do not set the AD bit).
+This setup makes Unbound capable of answering queries for the private zone, and
+can even set the AD bit ('authentic'), but the AA ('authoritative') bit is not
+set on these replies.
+
+Consider adding :ref:`server<unbound.conf.server>` statements for
+:ref:`domain-insecure<unbound.conf.domain-insecure>` and for
+:ref:`local-zone: \<name\> nodefault<unbound.conf.local-zone.type.nodefault>`
+for the zone if it is a locally served zone.
+The insecure clause stops DNSSEC from invalidating the zone.
+The :ref:`local-zone: nodefault<unbound.conf.local-zone.type.nodefault>` (or
+:ref:`transparent<unbound.conf.local-zone.type.transparent>`) clause makes the
+(reverse-) zone bypass Unbound's filtering of :rfc:`1918` zones.
+
+
+@@UAHL@unbound.conf.stub@name@@: *<domain name>*
+    Name of the stub zone.
+    This is the full domain name of the zone.
+
+
+@@UAHL@unbound.conf.stub@stub-host@@: *<domain name>*
+    Name of stub zone nameserver.
+    Is itself resolved before it is used.
+
+    To use a non-default port for DNS communication append ``'@'`` with the
+    port number.
+
+    If TLS is enabled, then you can append a ``'#'`` and a name, then it'll
+    check the TLS authentication certificates with that name.
+
+    If you combine the ``'@'`` and ``'#'``, the ``'@'`` comes first.
+    If only ``'#'`` is used the default port is the configured
+    :ref:`tls-port<unbound.conf.tls-port>`.
+
+
+@@UAHL@unbound.conf.stub@stub-addr@@: *<IP address>*
+    IP address of stub zone nameserver.
+    Can be IPv4 or IPv6.
+
+    To use a non-default port for DNS communication append ``'@'`` with the
+    port number.
+
+    If TLS is enabled, then you can append a ``'#'`` and a name, then it'll
+    check the tls authentication certificates with that name.
+
+    If you combine the ``'@'`` and ``'#'``, the ``'@'`` comes first.
+    If only ``'#'`` is used the default port is the configured
+    :ref:`tls-port<unbound.conf.tls-port>`.
+
+
+@@UAHL@unbound.conf.stub@stub-prime@@: *<yes or no>*
+    If enabled it performs NS set priming, which is similar to root hints,
+    where it starts using the list of nameservers currently published by the
+    zone.
+    Thus, if the hint list is slightly outdated, the resolver picks up a
+    correct list online.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.stub@stub-first@@: *<yes or no>*
+    If enabled, a query is attempted without the stub clause if it fails.
+    The data could not be retrieved and would have caused SERVFAIL because the
+    servers are unreachable, instead it is tried without this clause.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.stub@stub-tls-upstream@@: *<yes or no>*
+    Enabled or disable whether the queries to this stub use TLS for transport.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.stub@stub-ssl-upstream@@: *<yes or no>*
+    Alternate syntax for
+    :ref:`stub-tls-upstream<unbound.conf.stub.stub-tls-upstream>`.
+
+
+@@UAHL@unbound.conf.stub@stub-tcp-upstream@@: *<yes or no>*
+    If it is set to "yes" then upstream queries use TCP only for transport
+    regardless of global flag :ref:`tcp-upstream<unbound.conf.tcp-upstream>`.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.stub@stub-no-cache@@: *<yes or no>*
+    If enabled, data inside the stub is not cached.
+    This is useful when you want immediate changes to be visible.
+
+    Default: no
+
+.. _unbound.conf.forward:
+
+Forward Zone Options
+^^^^^^^^^^^^^^^^^^^^
+
+There may be multiple **forward-zone:** clauses.
+Each with a :ref:`name<unbound.conf.forward.name>` and zero or more hostnames
+or IP addresses.
+For the forward zone this list of nameservers is used to forward the queries
+to.
+The servers listed as :ref:`forward-host<unbound.conf.forward.forward-host>`
+and :ref:`forward-addr<unbound.conf.forward.forward-addr>` have to handle
+further recursion for the query.
+Thus, those servers are not authority servers, but are (just like Unbound is)
+recursive servers too; Unbound does not perform recursion itself for the
+forward zone, it lets the remote server do it.
+Class IN is assumed.
+CNAMEs are chased by Unbound itself, asking the remote server for every name in
+the indirection chain, to protect the local cache from illegal indirect
+referenced items.
+A :ref:`forward-zone<unbound.conf.forward>` entry with name
+``"."`` and a :ref:`forward-addr<unbound.conf.forward.forward-addr>` target
+will forward all queries to that other server (unless it can answer from the
+cache).
+
+
+@@UAHL@unbound.conf.forward@name@@: *<domain name>*
+    Name of the forward zone.
+    This is the full domain name of the zone.
+
+
+@@UAHL@unbound.conf.forward@forward-host@@: *<domain name>*
+    Name of server to forward to.
+    Is itself resolved before it is used.
+
+    To use a non-default port for DNS communication append ``'@'`` with the
+    port number.
+
+    If TLS is enabled, then you can append a ``'#'`` and a name, then it'll
+    check the TLS authentication certificates with that name.
+
+    If you combine the ``'@'`` and ``'#'``, the ``'@'`` comes first.
+    If only ``'#'`` is used the default port is the configured
+    :ref:`tls-port<unbound.conf.tls-port>`.
+
+
+@@UAHL@unbound.conf.forward@forward-addr@@: *<IP address>*
+    IP address of server to forward to.
+    Can be IPv4 or IPv6.
+
+    To use a non-default port for DNS communication append ``'@'`` with the
+    port number.
+
+    If TLS is enabled, then you can append a ``'#'`` and a name, then it'll
+    check the tls authentication certificates with that name.
+
+    If you combine the ``'@'`` and ``'#'``, the ``'@'`` comes first.
+    If only ``'#'`` is used the default port is the configured
+    :ref:`tls-port<unbound.conf.tls-port>`.
+
+    At high verbosity it logs the TLS certificate, with TLS enabled.
+    If you leave out the ``'#'`` and auth name from the
+    :ref:`forward-addr<unbound.conf.forward.forward-addr>`, any name is
+    accepted.
+    The cert must also match a CA from the
+    :ref:`tls-cert-bundle<unbound.conf.tls-cert-bundle>`.
+
+
+@@UAHL@unbound.conf.forward@forward-first@@: *<yes or no>*
+    If a forwarded query is met with a SERVFAIL error, and this option is
+    enabled, Unbound will fall back to normal recursive resolution for this
+    query as if no query forwarding had been specified.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.forward@forward-tls-upstream@@: *<yes or no>*
+    Enabled or disable whether the queries to this forwarder use TLS for
+    transport.
+    If you enable this, also configure a
+    :ref:`tls-cert-bundle<unbound.conf.tls-cert-bundle>` or use
+    :ref:`tls-win-cert<unbound.conf.tls-win-cert>` to load CA certs, otherwise
+    the connections cannot be authenticated.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.forward@forward-ssl-upstream@@: *<yes or no>*
+    Alternate syntax for
+    :ref:`forward-tls-upstream<unbound.conf.forward.forward-tls-upstream>`.
+
+
+@@UAHL@unbound.conf.forward@forward-tcp-upstream@@: *<yes or no>*
+    If it is set to "yes" then upstream queries use TCP only for transport
+    regardless of global flag :ref:`tcp-upstream<unbound.conf.tcp-upstream>`.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.forward@forward-no-cache@@: *<yes or no>*
+    If enabled, data inside the forward is not cached.
+    This is useful when you want immediate changes to be visible.
+
+    Default: no
+
+.. _unbound.conf.auth:
+
+Authority Zone Options
+^^^^^^^^^^^^^^^^^^^^^^
+
+Authority zones are configured with **auth-zone:**, and each one must have a
+:ref:`name<unbound.conf.auth.name>`.
+There can be multiple ones, by listing multiple auth-zone clauses, each with a
+different name, pertaining to that part of the namespace.
+The authority zone with the name closest to the name looked up is used.
+Authority zones can be processed on two distinct, non-exclusive, configurable
+stages.
+
+With :ref:`for-downstream: yes<unbound.conf.auth.for-downstream>` (default),
+authority zones are processed after **local-zones** and before cache.
+When used in this manner, Unbound responds like an authority server with no
+further processing other than returning an answer from the zone contents.
+A notable example, in this case, is CNAME records which are returned verbatim
+to downstream clients without further resolution.
+
+With :ref:`for-upstream: yes<unbound.conf.auth.for-upstream>` (default),
+authority zones are processed after the cache lookup, just before going to the
+network to fetch information for recursion.
+When used in this manner they provide a local copy of an authority server
+that speeds up lookups for that data during resolving.
+
+If both options are enabled (default), client queries for an authority zone are
+answered authoritatively from Unbound, while internal queries that require data
+from the authority zone consult the local zone data instead of going to the
+network.
+
+An interesting configuration is
+:ref:`for-downstream: no<unbound.conf.auth.for-downstream>`,
+:ref:`for-upstream: yes<unbound.conf.auth.for-upstream>`
+that allows for hyperlocal behavior where both client and internal queries
+consult the local zone data while resolving.
+In this case, the aforementioned CNAME example will result in a thoroughly
+resolved answer.
+
+Authority zones can be read from zonefile.
+And can be kept updated via AXFR and IXFR.
+After update the zonefile is rewritten.
+The update mechanism uses the SOA timer values and performs SOA UDP queries to
+detect zone changes.
+
+If the update fetch fails, the timers in the SOA record are used to time
+another fetch attempt.
+Until the SOA expiry timer is reached.
+Then the zone is expired.
+When a zone is expired, queries are SERVFAIL, and any new serial number is
+accepted from the primary (even if older), and if fallback is enabled, the
+fallback activates to fetch from the upstream instead of the SERVFAIL.
+
+
+@@UAHL@unbound.conf.auth@name@@: *<zone name>*
+    Name of the authority zone.
+
+
+@@UAHL@unbound.conf.auth@primary@@: *<IP address or host name>*
+    Where to download a copy of the zone from, with AXFR and IXFR.
+    Multiple primaries can be specified.
+    They are all tried if one fails.
+
+    To use a non-default port for DNS communication append ``'@'`` with the
+    port number.
+
+    You can append a ``'#'`` and a name, then AXFR over TLS can be used and the
+    TLS authentication certificates will be checked with that name.
+
+    If you combine the ``'@'`` and ``'#'``, the ``'@'`` comes first.
+    If you point it at another Unbound instance, it would not work because that
+    does not support AXFR/IXFR for the zone, but if you used
+    :ref:`url<unbound.conf.auth.url>` to download the zonefile as a text file
+    from a webserver that would work.
+
+    If you specify the hostname, you cannot use the domain from the zonefile,
+    because it may not have that when retrieving that data, instead use a plain
+    IP address to avoid a circular dependency on retrieving that IP address.
+
+
+@@UAHL@unbound.conf.auth@master@@: *<IP address or host name>*
+    Alternate syntax for :ref:`primary<unbound.conf.auth.primary>`.
+
+
+@@UAHL@unbound.conf.auth@url@@: *<URL to zone file>*
+    Where to download a zonefile for the zone.
+    With HTTP or HTTPS.
+    An example for the url is:
+
+    .. code-block:: text
+
+        http://www.example.com/example.org.zone
+
+    Multiple url statements can be given, they are tried in turn.
+
+    If only urls are given the SOA refresh timer is used to wait for making new
+    downloads.
+    If also primaries are listed, the primaries are first probed with UDP SOA
+    queries to see if the SOA serial number has changed, reducing the number of
+    downloads.
+    If none of the urls work, the primaries are tried with IXFR and AXFR.
+
+    For HTTPS, the :ref:`tls-cert-bundle<unbound.conf.tls-cert-bundle>` and
+    the hostname from the url are used to authenticate the connection.
+
+    If you specify a hostname in the URL, you cannot use the domain from the
+    zonefile, because it may not have that when retrieving that data, instead
+    use a plain IP address to avoid a circular dependency on retrieving that IP
+    address.
+
+    Avoid dependencies on name lookups by using a notation like
+    ``"http://192.0.2.1/unbound-primaries/example.com.zone"``, with an explicit
+    IP address.
+
+
+@@UAHL@unbound.conf.auth@allow-notify@@: *<IP address or host name or netblockIP/prefix>*
+    With :ref:`allow-notify<unbound.conf.auth.allow-notify>` you can specify
+    additional sources of notifies.
+    When notified, the server attempts to first probe and then zone transfer.
+    If the notify is from a primary, it first attempts that primary.
+    Otherwise other primaries are attempted.
+    If there are no primaries, but only urls, the file is downloaded when
+    notified.
+
+    .. note::
+        The primaries from :ref:`primary<unbound.conf.auth.primary>` and
+        :ref:`url<unbound.conf.auth.url>` statements are allowed notify by
+        default.
+
+
+@@UAHL@unbound.conf.auth@fallback-enabled@@: *<yes or no>*
+    If enabled, Unbound falls back to querying the internet as a resolver for
+    this zone when lookups fail.
+    For example for DNSSEC validation failures.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.auth@for-downstream@@: *<yes or no>*
+    If enabled, Unbound serves authority responses to downstream clients for
+    this zone.
+    This option makes Unbound behave, for the queries with names in this zone,
+    like one of the authority servers for that zone.
+
+    Turn it off if you want Unbound to provide recursion for the zone but have
+    a local copy of zone data.
+
+    If :ref:`for-downstream: no<unbound.conf.auth.for-downstream>` and
+    :ref:`for-upstream: yes<unbound.conf.auth.for-upstream>` are set, then
+    Unbound will DNSSEC validate the contents of the zone before serving the
+    zone contents to clients and store validation results in the cache.
+
+    Default: yes
+
+
+
+@@UAHL@unbound.conf.auth@for-upstream@@: *<yes or no>*
+    If enabled, Unbound fetches data from this data collection for answering
+    recursion queries.
+    Instead of sending queries over the internet to the authority servers for
+    this zone, it'll fetch the data directly from the zone data.
+
+    Turn it on when you want Unbound to provide recursion for downstream
+    clients, and use the zone data as a local copy to speed up lookups.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf.auth@zonemd-check@@: *<yes or no>*
+    Enable this option to check ZONEMD records in the zone.
+    The ZONEMD record is a checksum over the zone data.
+    This includes glue in the zone and data from the zone file, and excludes
+    comments from the zone file.
+    When there is a DNSSEC chain of trust, DNSSEC signatures are checked too.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.auth@zonemd-reject-absence@@: *<yes or no>*
+    Enable this option to reject the absence of the ZONEMD record.
+    Without it, when ZONEMD is not there it is not checked.
+
+    It is useful to enable for a non-DNSSEC signed zone where the operator
+    wants to require the verification of a ZONEMD, hence a missing ZONEMD is a
+    failure.
+
+    The action upon failure is controlled by the
+    :ref:`zonemd-permissive-mode<unbound.conf.zonemd-permissive-mode>` option,
+    for log only or also block the zone.
+
+    Without the option, absence of a ZONEMD is only a failure when the zone is
+    DNSSEC signed, and we have a trust anchor, and the DNSSEC verification of
+    the absence of the ZONEMD fails.
+    With the option enabled, the absence of a ZONEMD is always a failure, also
+    for nonDNSSEC signed zones.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.auth@zonefile@@: *<filename>*
+    The filename where the zone is stored.
+    If not given then no zonefile is used.
+    If the file does not exist or is empty, Unbound will attempt to fetch zone
+    data (eg. from the primary servers).
+
+.. _unbound.conf.view:
+
+View Options
+^^^^^^^^^^^^
+
+There may be multiple **view:** clauses.
+Each with a :ref:`name<unbound.conf.view.name>` and zero or more
+:ref:`local-zone<unbound.conf.view.local-zone>` and
+:ref:`local-data<unbound.conf.view.local-data>` attributes.
+Views can also contain :ref:`view-first<unbound.conf.view.view-first>`,
+:ref:`response-ip<unbound.conf.response-ip>`,
+:ref:`response-ip-data<unbound.conf.response-ip-data>` and
+:ref:`local-data-ptr<unbound.conf.view.local-data-ptr>` attributes.
+View can be mapped to requests by specifying the view name in an
+:ref:`access-control-view<unbound.conf.access-control-view>` attribute.
+Options from matching views will override global options.
+Global options will be used if no matching view is found, or when the matching
+view does not have the option specified.
+
+
+@@UAHL@unbound.conf.view@name@@: *<view name>*
+    Name of the view.
+    Must be unique.
+    This name is used in the
+    :ref:`access-control-view<unbound.conf.access-control-view>` attribute.
+
+
+@@UAHL@unbound.conf.view@local-zone@@: *<zone> <type>*
+    View specific local zone elements.
+    Has the same types and behaviour as the global
+    :ref:`local-zone<unbound.conf.local-zone>` elements.
+    When there is at least one *local-zone:* specified and :ref:`view-first:
+    no<unbound.conf.view.view-first>` is set, the default local-zones will be
+    added to this view.
+    Defaults can be disabled using the nodefault type.
+    When :ref:`view-first: yes<unbound.conf.view.view-first>` is set or when a
+    view does not have a :ref:`local-zone<unbound.conf.view.local-zone>`, the
+    global :ref:`local-zone<unbound.conf.local-zone>` will be used including
+    it's default zones.
+
+
+@@UAHL@unbound.conf.view@local-data@@: *"<resource record string>"*
+    View specific local data elements.
+    Has the same behaviour as the global
+    :ref:`local-data<unbound.conf.local-data>` elements.
+
+
+@@UAHL@unbound.conf.view@local-data-ptr@@: *"IPaddr name"*
+    View specific local-data-ptr elements.
+    Has the same behaviour as the global
+    :ref:`local-data-ptr<unbound.conf.local-data-ptr>` elements.
+
+
+@@UAHL@unbound.conf.view@view-first@@: *<yes or no>*
+    If enabled, it attempts to use the global
+    :ref:`local-zone<unbound.conf.local-zone>` and
+    :ref:`local-data<unbound.conf.local-data>` if there is no match in the
+    view specific options.
+
+    Default: no
+
+Python Module Options
+^^^^^^^^^^^^^^^^^^^^^
+
+The **python:** clause gives the settings for the *python(1)* script module.
+This module acts like the iterator and validator modules do, on queries and
+answers.
+To enable the script module it has to be compiled into the daemon, and the word
+``python`` has to be put in the
+:ref:`module-config<unbound.conf.module-config>` option (usually first, or
+between the validator and iterator).
+Multiple instances of the python module are supported by adding the word
+``python`` more than once.
+
+If the :ref:`chroot<unbound.conf.chroot>` option is enabled, you should make
+sure Python's library directory structure is bind mounted in the new root
+environment, see *mount(8)*.
+Also the :ref:`python-script<unbound.conf.python.python-script>` path should
+be specified as an absolute path relative to the new root, or as a relative
+path to the working directory.
+
+
+@@UAHL@unbound.conf.python@python-script@@: *<python file>*
+    The script file to load.
+    Repeat this option for every python module instance added to the
+    :ref:`module-config<unbound.conf.module-config>` option.
+
+Dynamic Library Module Options
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The **dynlib:** clause gives the settings for the ``dynlib`` module.
+This module is only a very small wrapper that allows dynamic modules to be
+loaded on runtime instead of being compiled into the application.
+To enable the dynlib module it has to be compiled into the daemon, and the word
+``dynlib`` has to be put in the
+:ref:`module-config<unbound.conf.module-config>` attribute.
+Multiple instances of dynamic libraries are supported by adding the word
+``dynlib`` more than once.
+
+The :ref:`dynlib-file<unbound.conf.dynlib.dynlib-file>` path should be
+specified as an absolute path relative to the new path set by
+:ref:`chroot<unbound.conf.chroot>`, or as a relative path to the working
+directory.
+
+
+@@UAHL@unbound.conf.dynlib@dynlib-file@@: *<dynlib file>*
+    The dynamic library file to load.
+    Repeat this option for every dynlib module instance added to the
+    :ref:`module-config<unbound.conf.module-config>` option.
+
+DNS64 Module Options
+^^^^^^^^^^^^^^^^^^^^
+
+The ``dns64`` module must be configured in the
+:ref:`module-config<unbound.conf.module-config>` directive, e.g.:
+
+.. code-block:: text
+
+    module-config: "dns64 validator iterator"
+
+and be compiled into the daemon to be enabled.
+
+.. note::
+    These settings go in the :ref:`server:<unbound.conf.server>` section.
+
+
+@@UAHL@unbound.conf.dns64@dns64-prefix@@: *<IPv6 prefix>*
+    This sets the DNS64 prefix to use to synthesize AAAA records with.
+    It must be /96 or shorter.
+
+    Default: 64:ff9b::/96
+
+
+@@UAHL@unbound.conf.dns64@dns64-synthall@@: *<yes or no>*
+    .. warning:: Debugging feature!
+
+    If enabled, synthesize all AAAA records despite the presence of actual AAAA
+    records.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dns64@dns64-ignore-aaaa@@: *<domain name>*
+    List domain for which the AAAA records are ignored and the A record is used
+    by DNS64 processing instead.
+    Can be entered multiple times, list a new domain for which it applies, one
+    per line.
+    Applies also to names underneath the name given.
+
+NAT64 Operation
+^^^^^^^^^^^^^^^
+
+NAT64 operation allows using a NAT64 prefix for outbound requests to IPv4-only
+servers.
+It is controlled by two options in the
+:ref:`server:<unbound.conf.server>` section:
+
+
+@@UAHL@unbound.conf.nat64@do-nat64@@: *<yes or no>*
+    Use NAT64 to reach IPv4-only servers.
+    Consider also enabling :ref:`prefer-ip6<unbound.conf.prefer-ip6>`
+    to prefer native IPv6 connections to nameservers.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.nat64@nat64-prefix@@: *<IPv6 prefix>*
+    Use a specific NAT64 prefix to reach IPv4-only servers.
+    The prefix length must be one of /32, /40, /48, /56, /64 or /96.
+
+    Default: 64:ff9b::/96 (same as :ref:`dns64-prefix<unbound.conf.dns64.dns64-prefix>`)
+
+DNSCrypt Options
+^^^^^^^^^^^^^^^^
+
+The **dnscrypt:** clause gives the settings of the dnscrypt channel.
+While those options are available, they are only meaningful if Unbound was
+compiled with ``--enable-dnscrypt``.
+Currently certificate and secret/public keys cannot be generated by Unbound.
+You can use dnscrypt-wrapper to generate those:
+https://github.com/cofyc/dnscrypt-wrapper/blob/master/README.md#usage
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-enable@@: *<yes or no>*
+    Whether or not the dnscrypt config should be enabled.
+    You may define configuration but not activate it.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-port@@: *<port number>*
+    On which port should dnscrypt should be activated.
+
+    .. note::
+        There should be a matching interface option defined in the
+        :ref:`server:<unbound.conf.server>` section for this port.
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-provider@@: *<provider name>*
+    The provider name to use to distribute certificates.
+    This is of the form:
+
+    .. code-block:: text
+
+        2.dnscrypt-cert.example.com.
+
+    .. important:: The name *MUST* end with a dot.
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-secret-key@@: *<path to secret key file>*
+    Path to the time limited secret key file.
+    This option may be specified multiple times.
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-provider-cert@@: *<path to cert file>*
+    Path to the certificate related to the
+    :ref:`dnscrypt-secret-key<unbound.conf.dnscrypt.dnscrypt-secret-key>`.
+    This option may be specified multiple times.
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-provider-cert-rotated@@: *<path to cert file>*
+    Path to a certificate that we should be able to serve existing connection
+    from but do not want to advertise over
+    :ref:`dnscrypt-provider<unbound.conf.dnscrypt.dnscrypt-provider>` 's TXT
+    record certs distribution.
+
+    A typical use case is when rotating certificates, existing clients may
+    still use the client magic from the old cert in their queries until they
+    fetch and update the new cert.
+    Likewise, it would allow one to prime the new cert/key without distributing
+    the new cert yet, this can be useful when using a network of servers using
+    anycast and on which the configuration may not get updated at the exact
+    same time.
+
+    By priming the cert, the servers can handle both old and new certs traffic
+    while distributing only one.
+
+    This option may be specified multiple times.
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-shared-secret-cache-size@@: *<memory size>*
+    Give the size of the data structure in which the shared secret keys are
+    kept in.
+    In bytes or use m(mega), k(kilo), g(giga).
+    The shared secret cache is used when a same client is making multiple
+    queries using the same public key.
+    It saves a substantial amount of CPU.
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-shared-secret-cache-slabs@@: *<number>*
+    Number of slabs in the dnscrypt shared secrets cache.
+    Slabs reduce lock contention by threads.
+    Must be set to a power of 2.
+    Setting (close) to the number of cpus is a fairly good setting.
+    If left unconfigured, it will be configured automatically to be a power of
+    2 close to the number of configured threads in multi-threaded environments.
+
+    Default: (unconfigured)
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-nonce-cache-size@@: *<memory size>*
+    Give the size of the data structure in which the client nonces are kept in.
+    In bytes or use m(mega), k(kilo), g(giga).
+    The nonce cache is used to prevent dnscrypt message replaying.
+    Client nonce should be unique for any pair of client pk/server sk.
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-nonce-cache-slabs@@: *<number>*
+    Number of slabs in the dnscrypt nonce cache.
+    Slabs reduce lock contention by threads.
+    Must be set to a power of 2.
+    Setting (close) to the number of cpus is a fairly good setting.
+    If left unconfigured, it will be configured automatically to be a power of
+    2 close to the number of configured threads in multi-threaded environments.
+
+    Default: (unconfigured)
+
+EDNS Client Subnet Module Options
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The ECS module must be configured in the
+:ref:`module-config<unbound.conf.module-config>` directive, e.g.:
+
+.. code-block:: text
+
+    module-config: "subnetcache validator iterator"
+
+and be compiled into the daemon to be enabled.
+
+.. note::
+    These settings go in the :ref:`server:<unbound.conf.server>` section.
+
+If the destination address is allowed in the configuration Unbound will add the
+EDNS0 option to the query containing the relevant part of the client's address.
+When an answer contains the ECS option the response and the option are placed
+in a specialized cache.
+If the authority indicated no support, the response is stored in the regular
+cache.
+
+Additionally, when a client includes the option in its queries, Unbound will
+forward the option when sending the query to addresses that are explicitly
+allowed in the configuration using
+:ref:`send-client-subnet<unbound.conf.ecs.send-client-subnet>`.
+The option will always be forwarded, regardless the allowed addresses, when
+:ref:`client-subnet-always-forward: yes<unbound.conf.ecs.client-subnet-always-forward>`
+is set.
+In this case the lookup in the regular cache is skipped.
+
+The maximum size of the ECS cache is controlled by
+:ref:`msg-cache-size<unbound.conf.msg-cache-size>` in the configuration file.
+On top of that, for each query only 100 different subnets are allowed to be
+stored for each address family.
+Exceeding that number, older entries will be purged from cache.
+
+Note that due to the nature of how EDNS Client Subnet works, by segregating the
+client IP space in order to try and have tailored responses for prefixes of
+unknown sizes, resolution and cache response performance are impacted as a
+result.
+Usage of the subnetcache module should only be enabled in installations that
+require such functionality where the resolver and the clients belong to
+different networks.
+An example of that is an open resolver installation.
+
+This module does not interact with the
+:ref:`serve-expired\*<unbound.conf.serve-expired>` and
+:ref:`prefetch<unbound.conf.prefetch>` options.
+
+
+@@UAHL@unbound.conf.ecs@send-client-subnet@@: *<IP address>*
+    Send client source address to this authority.
+    Append /num to indicate a classless delegation netblock, for example like
+    ``10.2.3.4/24`` or ``2001::11/64``.
+    Can be given multiple times.
+    Authorities not listed will not receive edns-subnet information, unless
+    domain in query is specified in
+    :ref:`client-subnet-zone<unbound.conf.ecs.client-subnet-zone>`.
+
+
+@@UAHL@unbound.conf.ecs@client-subnet-zone@@: *<domain>*
+    Send client source address in queries for this domain and its subdomains.
+    Can be given multiple times.
+    Zones not listed will not receive edns-subnet information, unless hosted by
+    authority specified in
+    :ref:`send-client-subnet<unbound.conf.ecs.send-client-subnet>`.
+
+
+@@UAHL@unbound.conf.ecs@client-subnet-always-forward@@: *<yes or no>*
+    Specify whether the ECS address check (configured using
+    :ref:`send-client-subnet<unbound.conf.ecs.send-client-subnet>`) is applied
+    for all queries, even if the triggering query contains an ECS record, or
+    only for queries for which the ECS record is generated using the querier
+    address (and therefore did not contain ECS data in the client query).
+    If enabled, the address check is skipped when the client query contains an
+    ECS record.
+    And the lookup in the regular cache is skipped.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.ecs@max-client-subnet-ipv6@@: *<number>*
+    Specifies the maximum prefix length of the client source address we are
+    willing to expose to third parties for IPv6.
+
+    Default: 56
+
+
+@@UAHL@unbound.conf.ecs@max-client-subnet-ipv4@@: *<number>*
+    Specifies the maximum prefix length of the client source address we are
+    willing to expose to third parties for IPv4.
+
+    Default: 24
+
+
+@@UAHL@unbound.conf.ecs@min-client-subnet-ipv6@@: *<number>*
+    Specifies the minimum prefix length of the IPv6 source mask we are willing
+    to accept in queries.
+    Shorter source masks result in REFUSED answers.
+    Source mask of 0 is always accepted.
+
+    Default: 0
+
+
+@@UAHL@unbound.conf.ecs@min-client-subnet-ipv4@@: *<number>*
+    Specifies the minimum prefix length of the IPv4 source mask we are willing
+    to accept in queries.
+    Shorter source masks result in REFUSED answers.
+    Source mask of 0 is always accepted.
+    Default: 0
+
+
+@@UAHL@unbound.conf.ecs@max-ecs-tree-size-ipv4@@: *<number>*
+    Specifies the maximum number of subnets ECS answers kept in the ECS radix
+    tree.
+    This number applies for each qname/qclass/qtype tuple.
+
+    Default: 100
+
+
+@@UAHL@unbound.conf.ecs@max-ecs-tree-size-ipv6@@: *<number>*
+    Specifies the maximum number of subnets ECS answers kept in the ECS radix
+    tree.
+    This number applies for each qname/qclass/qtype tuple.
+
+    Default: 100
+
+Opportunistic IPsec Support Module Options
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The IPsec module must be configured in the
+:ref:`module-config<unbound.conf.module-config>` directive, e.g.:
+
+.. code-block:: text
+
+    module-config: "ipsecmod validator iterator"
+
+and be compiled into Unbound by using ``--enable-ipsecmod`` to be enabled.
+
+.. note::
+    These settings go in the :ref:`server:<unbound.conf.server>` section.
+
+When Unbound receives an A/AAAA query that is not in the cache and finds a
+valid answer, it will withhold returning the answer and instead will generate
+an IPSECKEY subquery for the same domain name.
+If an answer was found, Unbound will call an external hook passing the
+following arguments:
+
+QNAME
+    Domain name of the A/AAAA and IPSECKEY query.
+    In string format.
+
+IPSECKEY TTL
+    TTL of the IPSECKEY RRset.
+
+A/AAAA
+    String of space separated IP addresses present in the A/AAAA RRset.
+    The IP addresses are in string format.
+
+IPSECKEY
+    String of space separated IPSECKEY RDATA present in the IPSECKEY RRset.
+    The IPSECKEY RDATA are in DNS presentation format.
+
+The A/AAAA answer is then cached and returned to the client.
+If the external hook was called the TTL changes to ensure it doesn't surpass
+:ref:`ipsecmod-max-ttl<unbound.conf.ipsecmod-max-ttl>`.
+
+The same procedure is also followed when
+:ref:`prefetch: yes<unbound.conf.prefetch>` is set, but the A/AAAA answer is
+given to the client before the hook is called.
+:ref:`ipsecmod-max-ttl<unbound.conf.ipsecmod-max-ttl>` ensures that the A/AAAA
+answer given from cache is still relevant for opportunistic IPsec.
+
+
+@@UAHL@unbound.conf@ipsecmod-enabled@@: *<yes or no>*
+    Specifies whether the IPsec module is enabled or not.
+    The IPsec module still needs to be defined in the
+    :ref:`module-config<unbound.conf.module-config>` directive.
+    This option facilitates turning on/off the module without
+    restarting/reloading Unbound.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@ipsecmod-hook@@: *<filename>*
+    Specifies the external hook that Unbound will call with *system(3)*.
+    The file can be specified as an absolute/relative path.
+    The file needs the proper permissions to be able to be executed by the same
+    user that runs Unbound.
+    It must be present when the IPsec module is defined in the
+    :ref:`module-config<unbound.conf.module-config>` directive.
+
+
+@@UAHL@unbound.conf@ipsecmod-strict@@: *<yes or no>*
+    If enabled Unbound requires the external hook to return a success value of
+    0.
+    Failing to do so Unbound will reply with SERVFAIL.
+    The A/AAAA answer will also not be cached.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@ipsecmod-max-ttl@@: *<seconds>*
+    Time to live maximum for A/AAAA cached records after calling the external
+    hook.
+
+    Default: 3600
+
+
+@@UAHL@unbound.conf@ipsecmod-ignore-bogus@@: *<yes or no>*
+    Specifies the behaviour of Unbound when the IPSECKEY answer is bogus.
+    If set to yes, the hook will be called and the A/AAAA answer will be
+    returned to the client.
+    If set to no, the hook will not be called and the answer to the A/AAAA
+    query will be SERVFAIL.
+    Mainly used for testing.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@ipsecmod-allow@@: *<domain>*
+    Allow the IPsec module functionality for the domain so that the module
+    logic will be executed.
+    Can be given multiple times, for different domains.
+    If the option is not specified, all domains are treated as being allowed
+    (default).
+
+
+@@UAHL@unbound.conf@ipsecmod-whitelist@@: *<domain>*
+    Alternate syntax for :ref:`ipsecmod-allow<unbound.conf.ipsecmod-allow>`.
+
+Cache DB Module Options
+^^^^^^^^^^^^^^^^^^^^^^^
+
+The Cache DB module must be configured in the
+:ref:`module-config<unbound.conf.module-config>` directive, e.g.:
+
+.. code-block:: text
+
+    module-config: "validator cachedb iterator"
+
+and be compiled into the daemon with ``--enable-cachedb``.
+
+If this module is enabled and configured, the specified backend database works
+as a second level cache; when Unbound cannot find an answer to a query in its
+built-in in-memory cache, it consults the specified backend.
+If it finds a valid answer in the backend, Unbound uses it to respond to the
+query without performing iterative DNS resolution.
+If Unbound cannot even find an answer in the backend, it resolves the query as
+usual, and stores the answer in the backend.
+
+This module interacts with the *serve-expired-\** options and will reply with
+expired data if Unbound is configured for that.
+
+If Unbound was built with ``--with-libhiredis`` on a system that has installed
+the hiredis C client library of Redis, then the ``redis`` backend can be used.
+This backend communicates with the specified Redis server over a TCP connection
+to store and retrieve cache data.
+It can be used as a persistent and/or shared cache backend.
+
+.. note::
+    Unbound never removes data stored in the Redis server, even if some data
+    have expired in terms of DNS TTL or the Redis server has cached too much
+    data; if necessary the Redis server must be configured to limit the cache
+    size, preferably with some kind of least-recently-used eviction policy.
+
+Additionally, the
+:ref:`redis-expire-records<unbound.conf.cachedb.redis-expire-records>` option
+can be used in order to set the relative DNS TTL of the message as timeout to
+the Redis records; keep in mind that some additional memory is used per key and
+that the expire information is stored as absolute Unix timestamps in Redis
+(computer time must be stable).
+
+This backend uses synchronous communication with the Redis server based on the
+assumption that the communication is stable and sufficiently fast.
+The thread waiting for a response from the Redis server cannot handle other DNS
+queries.
+Although the backend has the ability to reconnect to the server when the
+connection is closed unexpectedly and there is a configurable timeout in case
+the server is overly slow or hangs up, these cases are assumed to be very rare.
+If connection close or timeout happens too often, Unbound will be effectively
+unusable with this backend.
+It's the administrator's responsibility to make the assumption hold.
+
+The **cachedb:** clause gives custom settings of the cache DB module.
+
+
+@@UAHL@unbound.conf.cachedb@backend@@: *<backend name>*
+    Specify the backend database name.
+    The default database is the in-memory backend named ``testframe``, which,
+    as the name suggests, is not of any practical use.
+    Depending on the build-time configuration, ``redis`` backend may also be
+    used as described above.
+
+    Default: testframe
+
+
+@@UAHL@unbound.conf.cachedb@secret-seed@@: *"<secret string>"*
+    Specify a seed to calculate a hash value from query information.
+    This value will be used as the key of the corresponding answer for the
+    backend database and can be customized if the hash should not be
+    predictable operationally.
+    If the backend database is shared by multiple Unbound instances, all
+    instances must use the same secret seed.
+
+    Default: "default"
+
+
+@@UAHL@unbound.conf.cachedb@cachedb-no-store@@: *<yes or no>*
+    If the backend should be read from, but not written to.
+    This makes this instance not store dns messages in the backend.
+    But if data is available it is retrieved.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.cachedb@cachedb-check-when-serve-expired@@: *<yes or no>*
+    If enabled, the cachedb is checked before an expired response is returned.
+    When
+    :ref:`serve-expired<unbound.conf.serve-expired>`
+    is enabled, without
+    :ref:`serve-expired-client-timeout<unbound.conf.serve-expired-client-timeout>`
+    , it then does not immediately respond with an expired response from cache,
+    but instead first checks the cachedb for valid contents, and if so returns it.
+    If the cachedb also has no valid contents, the serve expired response is sent.
+    If also
+    :ref:`serve-expired-client-timeout<unbound.conf.serve-expired-client-timeout>`
+    is enabled, the expired response is delayed until the timeout expires.
+    Unless the lookup succeeds within the timeout.
+
+    Default: yes
+
+The following **cachedb:** options are specific to the ``redis`` backend.
+
+
+@@UAHL@unbound.conf.cachedb@redis-server-host@@: *<server address or name>*
+    The IP (either v6 or v4) address or domain name of the Redis server.
+    In general an IP address should be specified as otherwise Unbound will have
+    to resolve the name of the server every time it establishes a connection to
+    the server.
+
+    Default: 127.0.0.1
+
+
+@@UAHL@unbound.conf.cachedb@redis-server-port@@: *<port number>*
+    The TCP port number of the Redis server.
+
+    Default: 6379
+
+
+@@UAHL@unbound.conf.cachedb@redis-server-path@@: *<unix socket path>*
+    The unix socket path to connect to the Redis server.
+    Unix sockets may have better throughput than the IP address option.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf.cachedb@redis-server-password@@: *"<password>"*
+    The Redis AUTH password to use for the Redis server.
+    Only relevant if Redis is configured for client password authorisation.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf.cachedb@redis-timeout@@: *<msec>*
+    The period until when Unbound waits for a response from the Redis server.
+    If this timeout expires Unbound closes the connection, treats it as if the
+    Redis server does not have the requested data, and will try to re-establish
+    a new connection later.
+
+    Default: 100
+
+
+@@UAHL@unbound.conf.cachedb@redis-command-timeout@@: *<msec>*
+    The timeout to use for Redis commands, in milliseconds.
+    If ``0``, it uses the
+    :ref:`redis-timeout<unbound.conf.cachedb.redis-timeout>`
+    value.
+
+    Default: 0
+
+
+@@UAHL@unbound.conf.cachedb@redis-connect-timeout@@: *<msec>*
+    The timeout to use for Redis connection set up, in milliseconds.
+    If ``0``, it uses the
+    :ref:`redis-timeout<unbound.conf.cachedb.redis-timeout>`
+    value.
+
+    Default: 0
+
+
+@@UAHL@unbound.conf.cachedb@redis-expire-records@@: *<yes or no>*
+    If Redis record expiration is enabled.
+    If yes, Unbound sets timeout for Redis records so that Redis can evict keys
+    that have expired automatically.
+    If Unbound is configured with
+    :ref:`serve-expired<unbound.conf.serve-expired>` and
+    :ref:`serve-expired-ttl: 0<unbound.conf.serve-expired-ttl>`, this option is
+    internally reverted to "no".
+
+    .. note::
+        Redis "SET ... EX" support is required for this option (Redis >= 2.6.12).
+
+    Default: no
+
+
+@@UAHL@unbound.conf.cachedb@redis-logical-db@@: *<logical database index>*
+    The logical database in Redis to use.
+    These are databases in the same Redis instance sharing the same
+    configuration and persisted in the same RDB/AOF file.
+    If unsure about using this option, Redis documentation
+    (https://redis.io/commands/select/) suggests not to use a single Redis
+    instance for multiple unrelated applications.
+    The default database in Redis is 0 while other logical databases need to be
+    explicitly SELECT'ed upon connecting.
+
+    Default: 0
+
+
+@@UAHL@unbound.conf.cachedb@redis-replica-server-host@@: *<server address or name>*
+    The IP (either v6 or v4) address or domain name of the Redis server.
+    In general an IP address should be specified as otherwise Unbound will have
+    to resolve the name of the server every time it establishes a connection to
+    the server.
+
+    This server is treated as a read-only replica server
+    (https://redis.io/docs/management/replication/#read-only-replica).
+    If specified, all Redis read commands will go to this replica server, while
+    the write commands will go to the
+    :ref:`redis-server-host<unbound.conf.cachedb.redis-server-host>`.
+
+    Default: "" (disabled).
+
+
+@@UAHL@unbound.conf.cachedb@redis-replica-server-port@@: *<port number>*
+    The TCP port number of the Redis replica server.
+
+    Default: 6379
+
+
+@@UAHL@unbound.conf.cachedb@redis-replica-server-path@@: *<unix socket path>*
+    The unix socket path to connect to the Redis replica server.
+    Unix sockets may have better throughput than the IP address option.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf.cachedb@redis-replica-server-password@@: *"<password>"*
+    The Redis AUTH password to use for the Redis server.
+    Only relevant if Redis is configured for client password authorisation.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf.cachedb@redis-replica-timeout@@: *<msec>*
+    The period until when Unbound waits for a response from the Redis replica
+    server.
+    If this timeout expires Unbound closes the connection, treats it as if the
+    Redis server does not have the requested data, and will try to re-establish
+    a new connection later.
+
+    Default: 100
+
+
+@@UAHL@unbound.conf.cachedb@redis-replica-command-timeout@@: *<msec>*
+    The timeout to use for Redis replica commands, in milliseconds.
+    If ``0``, it uses the
+    :ref:`redis-replica-timeout<unbound.conf.cachedb.redis-replica-timeout>`
+    value.
+
+    Default: 0
+
+
+@@UAHL@unbound.conf.cachedb@redis-replica-connect-timeout@@: *<msec>*
+    The timeout to use for Redis replica connection set up, in milliseconds.
+    If ``0``, it uses the
+    :ref:`redis-replica-timeout<unbound.conf.cachedb.redis-replica-timeout>`
+    value.
+
+    Default: 0
+
+
+@@UAHL@unbound.conf.cachedb@redis-replica-logical-db@@: *<logical database index>*
+    Same as :ref:`redis-logical-db<unbound.conf.cachedb.redis-logical-db>` but
+    for the Redis replica server.
+
+    Default: 0
+
+
+.. _unbound.conf.dnstap:
+
+DNSTAP Logging Options
+^^^^^^^^^^^^^^^^^^^^^^
+
+DNSTAP support, when compiled in by using ``--enable-dnstap``, is enabled in
+the **dnstap:** section.
+This starts an extra thread (when compiled with threading) that writes the log
+information to the destination.
+If Unbound is compiled without threading it does not spawn a thread, but
+connects per-process to the destination.
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-enable@@: *<yes or no>*
+    If dnstap is enabled.
+    If yes, it connects to the DNSTAP server and if any of the
+    *dnstap-log-..-messages:* options is enabled it sends logs for those
+    messages to the server.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-bidirectional@@: *<yes or no>*
+    Use frame streams in bidirectional mode to transfer DNSTAP messages.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-socket-path@@: *<file name>*
+    Sets the unix socket file name for connecting to the server that is
+    listening on that socket.
+
+    Default: @DNSTAP_SOCKET_PATH@
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-ip@@: *<IPaddress[@port]>*
+    If ``""``, the unix socket is used, if set with an IP address (IPv4 or
+    IPv6) that address is used to connect to the server.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-tls@@: *<yes or no>*
+    Set this to use TLS to connect to the server specified in
+    :ref:`dnstap-ip<unbound.conf.dnstap.dnstap-ip>`.
+    If set to no, TCP is used to connect to the server.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-tls-server-name@@: *<name of TLS authentication>*
+    The TLS server name to authenticate the server with.
+    Used when :ref:`dnstap-tls: yes<unbound.conf.dnstap.dnstap-tls>` is set.
+    If ``""`` it is ignored.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-tls-cert-bundle@@: *<file name of cert bundle>*
+    The pem file with certs to verify the TLS server certificate.
+    If ``""`` the server default cert bundle is used, or the windows cert
+    bundle on windows.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-tls-client-key-file@@: *<file name>*
+    The client key file for TLS client authentication.
+    If ``""`` client authentication is not used.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-tls-client-cert-file@@: *<file name>*
+    The client cert file for TLS client authentication.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-send-identity@@: *<yes or no>*
+    If enabled, the server identity is included in the log messages.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-send-version@@: *<yes or no>*
+    If enabled, the server version if included in the log messages.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-identity@@: *<string>*
+    The identity to send with messages, if ``""`` the hostname is used.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-version@@: *<string>*
+    The version to send with messages, if ``""`` the package version is used.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-sample-rate@@: *<number>*
+    The sample rate for log of messages, it logs only 1/N messages.
+    With 0 it is disabled.
+    This is useful in a high volume environment, where log functionality would
+    otherwise not be reliable.
+    For example 10 would spend only 1/10th time on logging, and 100 would only
+    spend a hundredth of the time on logging.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-log-resolver-query-messages@@: *<yes or no>*
+    Enable to log resolver query messages.
+    These are messages from Unbound to upstream servers.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-log-resolver-response-messages@@: *<yes or no>*
+    Enable to log resolver response messages.
+    These are replies from upstream servers to Unbound.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-log-client-query-messages@@: *<yes or no>*
+    Enable to log client query messages.
+    These are client queries to Unbound.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-log-client-response-messages@@: *<yes or no>*
+    Enable to log client response messages.
+    These are responses from Unbound to clients.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-log-forwarder-query-messages@@: *<yes or no>*
+    Enable to log forwarder query messages.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-log-forwarder-response-messages@@: *<yes or no>*
+    Enable to log forwarder response messages.
+
+    Default: no
+
+.. _unbound.conf.rpz:
+
+Response Policy Zone Options
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Response Policy Zones are configured with **rpz:**, and each one must have a
+:ref:`name<unbound.conf.rpz.name>` attribute.
+There can be multiple ones, by listing multiple RPZ clauses, each with a
+different name.
+RPZ clauses are applied in order of configuration and any match from an earlier
+RPZ zone will terminate the RPZ lookup.
+Note that a PASSTHRU action is still considered a match.
+The respip module needs to be added to the
+:ref:`module-config<unbound.conf.module-config>`, e.g.:
+
+.. code-block:: text
+
+    module-config: "respip validator iterator"
+
+QNAME, Response IP Address, nsdname, nsip and clientip triggers are supported.
+Supported actions are: NXDOMAIN, NODATA, PASSTHRU, DROP, Local Data, tcp-only
+and drop.
+RPZ QNAME triggers are applied after any
+:ref:`local-zone<unbound.conf.local-zone>` and before any
+:ref:`auth-zone<unbound.conf.auth>`.
+
+The RPZ zone is a regular DNS zone formatted with a SOA start record as usual.
+The items in the zone are entries, that specify what to act on (the trigger)
+and what to do (the action).
+The trigger to act on is recorded in the name, the action to do is recorded as
+the resource record.
+The names all end in the zone name, so you could type the trigger names without
+a trailing dot in the zonefile.
+
+An example RPZ record, that answers ``example.com`` with ``NXDOMAIN``:
+
+.. code-block:: text
+
+    example.com CNAME .
+
+The triggers are encoded in the name on the left
+
+.. code-block:: text
+
+    name                          query name
+    netblock.rpz-client-ip        client IP address
+    netblock.rpz-ip               response IP address in the answer
+    name.rpz-nsdname              nameserver name
+    netblock.rpz-nsip             nameserver IP address
+
+The netblock is written as ``<netblocklen>.<ip address in reverse>``.
+For IPv6 use ``'zz'`` for ``'::'``.
+Specify individual addresses with scope length of 32 or 128.
+For example, ``24.10.100.51.198.rpz-ip`` is ``198.51.100.10/24`` and
+``32.10.zz.db8.2001.rpz-ip`` is ``2001:db8:0:0:0:0:0:10/32``.
+
+The actions are specified with the record on the right
+
+.. code-block:: text
+
+    CNAME .                      nxdomain reply
+    CNAME *.                     nodata reply
+    CNAME rpz-passthru.          do nothing, allow to continue
+    CNAME rpz-drop.              the query is dropped
+    CNAME rpz-tcp-only.          answer over TCP
+    A 192.0.2.1                  answer with this IP address
+
+Other records like AAAA, TXT and other CNAMEs (not rpz-..) can also be used to
+answer queries with that content.
+
+The RPZ zones can be configured in the config file with these settings in the
+**rpz:** block.
+
+
+@@UAHL@unbound.conf.rpz@name@@: *<zone name>*
+    Name of the authority zone.
+
+
+@@UAHL@unbound.conf.rpz@primary@@: *<IP address or host name>*
+    Where to download a copy of the zone from, with AXFR and IXFR.
+    Multiple primaries can be specified.
+    They are all tried if one fails.
+
+    To use a non-default port for DNS communication append ``'@'`` with the
+    port number.
+
+    You can append a ``'#'`` and a name, then AXFR over TLS can be used and the
+    TLS authentication certificates will be checked with that name.
+
+    If you combine the ``'@'`` and ``'#'``, the ``'@'`` comes first.
+    If you point it at another Unbound instance, it would not work because that
+    does not support AXFR/IXFR for the zone, but if you used
+    :ref:`url<unbound.conf.rpz.url>` to download the zonefile as a text file
+    from a webserver that would work.
+
+    If you specify the hostname, you cannot use the domain from the zonefile,
+    because it may not have that when retrieving that data, instead use a plain
+    IP address to avoid a circular dependency on retrieving that IP address.
+
+
+@@UAHL@unbound.conf.rpz@master@@: *<IP address or host name>*
+    Alternate syntax for :ref:`primary<unbound.conf.rpz.primary>`.
+
+
+@@UAHL@unbound.conf.rpz@url@@: *<url to zonefile>*
+    Where to download a zonefile for the zone.
+    With HTTP or HTTPS.
+    An example for the url is:
+
+    .. code-block:: text
+
+        http://www.example.com/example.org.zone
+
+    Multiple url statements can be given, they are tried in turn.
+
+    If only urls are given the SOA refresh timer is used to wait for making new
+    downloads.
+    If also primaries are listed, the primaries are first probed with UDP SOA
+    queries to see if the SOA serial number has changed, reducing the number of
+    downloads.
+    If none of the URLs work, the primaries are tried with IXFR and AXFR.
+
+    For HTTPS, the :ref:`tls-cert-bundle<unbound.conf.tls-cert-bundle>` and
+    the hostname from the url are used to authenticate the connection.
+
+
+@@UAHL@unbound.conf.rpz@allow-notify@@: *<IP address or host name or netblockIP/prefix>*
+    With :ref:`allow-notify<unbound.conf.rpz.allow-notify>` you can specify
+    additional sources of notifies.
+    When notified, the server attempts to first probe and then zone transfer.
+    If the notify is from a primary, it first attempts that primary.
+    Otherwise other primaries are attempted.
+    If there are no primaries, but only urls, the file is downloaded when
+    notified.
+
+    .. note::
+        The primaries from :ref:`primary<unbound.conf.rpz.primary>` and
+        :ref:`url<unbound.conf.rpz.url>` statements are allowed notify by
+        default.
+
+
+@@UAHL@unbound.conf.rpz@zonefile@@: *<filename>*
+    The filename where the zone is stored.
+    If not given then no zonefile is used.
+    If the file does not exist or is empty, Unbound will attempt to fetch zone
+    data (eg. from the primary servers).
+
+
+@@UAHL@unbound.conf.rpz@rpz-action-override@@: *<action>*
+    Always use this RPZ action for matching triggers from this zone.
+    Possible actions are: *nxdomain*, *nodata*, *passthru*, *drop*, *disabled*
+    and *cname*.
+
+
+@@UAHL@unbound.conf.rpz@rpz-cname-override@@: *<domain>*
+    The CNAME target domain to use if the cname action is configured for
+    :ref:`rpz-action-override<unbound.conf.rpz.rpz-action-override>`.
+
+
+@@UAHL@unbound.conf.rpz@rpz-log@@: *<yes or no>*
+    Log all applied RPZ actions for this RPZ zone.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.rpz@rpz-log-name@@: *<name>*
+    Specify a string to be part of the log line, for easy referencing.
+
+
+@@UAHL@unbound.conf.rpz@rpz-signal-nxdomain-ra@@: *<yes or no>*
+    Signal when a query is blocked by the RPZ with NXDOMAIN with an unset RA
+    flag.
+    This allows certain clients, like dnsmasq, to infer that the domain is
+    externally blocked.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.rpz@for-downstream@@: *<yes or no>*
+    If enabled the zone is authoritatively answered for and queries for the RPZ
+    zone information are answered to downstream clients.
+    This is useful for monitoring scripts, that can then access the SOA
+    information to check if the RPZ information is up to date.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.rpz@tags@@: *"<list of tags>"*
+    Limit the policies from this RPZ clause to clients with a matching tag.
+
+    Tags need to be defined in :ref:`define-tag<unbound.conf.define-tag>` and
+    can be assigned to client addresses using
+    :ref:`access-control-tag<unbound.conf.access-control-tag>` or
+    :ref:`interface-tag<unbound.conf.interface-tag>`.
+    Enclose list of tags in quotes (``""``) and put spaces between tags.
+
+    If no tags are specified the policies from this clause will be applied for
+    all clients.
+
+Memory Control Example
+----------------------
+
+In the example config settings below memory usage is reduced.
+Some service levels are lower, notable very large data and a high TCP load are
+no longer supported.
+Very large data and high TCP loads are exceptional for the DNS.
+DNSSEC validation is enabled, just add trust anchors.
+If you do not have to worry about programs using more than 3 Mb of memory, the
+below example is not for you.
+Use the defaults to receive full service, which on BSD-32bit tops out at 30-40
+Mb after heavy usage.
+
+.. code-block:: text
+
+        # example settings that reduce memory usage
+        server:
+            num-threads: 1
+            outgoing-num-tcp: 1 # this limits TCP service, uses less buffers.
+            incoming-num-tcp: 1
+            outgoing-range: 60  # uses less memory, but less performance.
+            msg-buffer-size: 8192   # note this limits service, 'no huge stuff'.
+            msg-cache-size: 100k
+            msg-cache-slabs: 1
+            rrset-cache-size: 100k
+            rrset-cache-slabs: 1
+            infra-cache-numhosts: 200
+            infra-cache-slabs: 1
+            key-cache-size: 100k
+            key-cache-slabs: 1
+            neg-cache-size: 10k
+            num-queries-per-thread: 30
+            target-fetch-policy: "2 1 0 0 0 0"
+            harden-large-queries: "yes"
+            harden-short-bufsize: "yes"
+
+Files
+-----
+
+@UNBOUND_RUN_DIR@
+    default Unbound working directory.
+
+@UNBOUND_CHROOT_DIR@
+    default *chroot(2)* location.
+
+@ub_conf_file@
+    Unbound configuration file.
+
+@UNBOUND_PIDFILE@
+    default Unbound pidfile with process ID of the running daemon.
+
+unbound.log
+    Unbound log file.
+    Default is to log to *syslog(3)*.
+
+See Also
+--------
+
+:doc:`unbound(8)</manpages/unbound>`,
+:doc:`unbound-checkonf(8)</manpages/unbound-checkconf>`.
diff --git a/contrib/unbound/doc/unbound.rst b/contrib/unbound/doc/unbound.rst
new file mode 100644
index 000000000000..eb36aa0cad3b
--- /dev/null
+++ b/contrib/unbound/doc/unbound.rst
@@ -0,0 +1,119 @@
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+.. program:: unbound
+
+unbound(8)
+==========
+
+Synopsis
+--------
+
+**unbound** [``-hdpv``] [``-c <cfgfile>``]
+
+Description
+-----------
+
+``unbound`` is a caching DNS resolver.
+
+It uses a built in list of authoritative nameservers for the root zone (``.``),
+the so called root hints.
+On receiving a DNS query it will ask the root nameservers for an answer and
+will in almost all cases receive a delegation to a top level domain (TLD)
+authoritative nameserver.
+It will then ask that nameserver for an answer.
+It will recursively continue until an answer is found or no answer is available
+(NXDOMAIN).
+For performance and efficiency reasons that answer is cached for a certain time
+(the answer's time-to-live or TTL).
+A second query for the same name will then be answered from the cache.
+Unbound can also do DNSSEC validation.
+
+To use a locally running Unbound for resolving put:
+
+.. code-block:: text
+
+   nameserver 127.0.0.1
+
+into *resolv.conf(5)*.
+
+If authoritative DNS is needed as well using :external+nsd:doc:`manpages/nsd`,
+careful setup is required because authoritative nameservers and resolvers are
+using the same port number (53).
+
+The available options are:
+
+.. option:: -h
+
+ Show the version number and commandline option help, and exit.
+
+.. option:: -c <cfgfile>
+
+   Set the config file with settings for unbound to read instead of reading the
+   file at the default location, :file:`@ub_conf_file@`.
+   The syntax is described in :doc:`unbound.conf(5)</manpages/unbound.conf>`.
+
+.. option:: -d
+
+   Debug flag: do not fork into the background, but stay attached to the
+   console.
+   This flag will also delay writing to the log file until the thread-spawn
+   time, so that most config and setup errors appear on stderr.
+   If given twice or more, logging does not switch to the log file or to
+   syslog, but the log messages are printed to stderr all the time.
+
+.. option:: -p
+
+   Don't use a pidfile.
+   This argument should only be used by supervision systems which can ensure
+   that only one instance of Unbound will run concurrently.
+
+.. option:: -v
+
+   Increase verbosity.
+   If given multiple times, more information is logged.
+   This is in addition to the verbosity (if any) from the config file.
+
+.. option:: -V
+
+   Show the version number and build options, and exit.
+
+See Also
+--------
+
+:doc:`unbound.conf(5)</manpages/unbound.conf>`,
+:doc:`unbound-checkconf(8)</manpages/unbound-checkconf>`,
+:external+nsd:doc:`manpages/nsd`.
diff --git a/contrib/unbound/edns-subnet/addrtree.h b/contrib/unbound/edns-subnet/addrtree.h
index 0bc1837cdb80..2be530423db4 100644
--- a/contrib/unbound/edns-subnet/addrtree.h
+++ b/contrib/unbound/edns-subnet/addrtree.h
@@ -116,7 +116,7 @@ struct addredge {
 	addrlen_t len;
 	/** child node this edge is connected to */
 	struct addrnode *node;
-	/** Parent node this ege is connected to */
+	/** Parent node this edge is connected to */
 	struct addrnode *parent_node;
 	/** Index of this edge in parent_node */
 	int parent_index;
diff --git a/contrib/unbound/edns-subnet/subnetmod.c b/contrib/unbound/edns-subnet/subnetmod.c
index c5e215b8b684..88310a785d7a 100644
--- a/contrib/unbound/edns-subnet/subnetmod.c
+++ b/contrib/unbound/edns-subnet/subnetmod.c
@@ -154,6 +154,21 @@ int ecs_whitelist_check(struct query_info* qinfo,
 		return 1;
 	sn_env = (struct subnet_env*)qstate->env->modinfo[id];
 
+	if(sq->is_subquery_nonsubnet) {
+		if(sq->is_subquery_scopezero) {
+			/* Check if the result can be stored in the global cache,
+			 * this is okay if the address and name are not configured
+			 * as subnet address and subnet zone. */
+			if(!ecs_is_whitelisted(sn_env->whitelist,
+				addr, addrlen, qinfo->qname, qinfo->qname_len,
+				qinfo->qclass)) {
+				verbose(VERB_ALGO, "subnet store subquery global, name and addr have no subnet treatment.");
+				qstate->no_cache_store = 0;
+			}
+		}
+		return 1;
+	}
+
 	/* Cache by default, might be disabled after parsing EDNS option
 	 * received from nameserver. */
 	if(!iter_stub_fwd_no_cache(qstate, &qstate->qinfo, NULL, NULL, NULL, 0)
@@ -234,13 +249,13 @@ subnetmod_init(struct module_env *env, int id)
 		HASH_DEFAULT_STARTARRAY, env->cfg->msg_cache_size,
 		msg_cache_sizefunc, query_info_compare, query_entry_delete,
 		subnet_data_delete, NULL);
-	slabhash_setmarkdel(sn_env->subnet_msg_cache, &subnet_markdel);
 	if(!sn_env->subnet_msg_cache) {
 		log_err("subnetcache: could not create cache");
 		free(sn_env);
 		env->modinfo[id] = NULL;
 		return 0;
 	}
+	slabhash_setmarkdel(sn_env->subnet_msg_cache, &subnet_markdel);
 	/* whitelist for edns subnet capable servers */
 	sn_env->whitelist = ecs_whitelist_create();
 	if(!sn_env->whitelist ||
@@ -527,11 +542,12 @@ common_prefix(uint8_t *a, uint8_t *b, uint8_t net)
 /**
  * Create sub request that looks up the query.
  * @param qstate: query state
+ * @param id: module id.
  * @param sq: subnet qstate
  * @return false on failure.
  */
 static int
-generate_sub_request(struct module_qstate *qstate, struct subnet_qstate* sq)
+generate_sub_request(struct module_qstate *qstate, int id, struct subnet_qstate* sq)
 {
 	struct module_qstate* subq = NULL;
 	uint16_t qflags = 0; /* OPCODE QUERY, no flags */
@@ -557,10 +573,22 @@ generate_sub_request(struct module_qstate *qstate, struct subnet_qstate* sq)
 	}
 	if(subq) {
 		/* It is possible to access the subquery module state. */
+		struct subnet_qstate* subsq;
+		if(!subnet_new_qstate(subq, id)) {
+			verbose(VERB_ALGO, "Could not allocate new subnet qstate");
+			return 0;
+		}
+		subsq = (struct subnet_qstate*)subq->minfo[id];
+		subsq->is_subquery_nonsubnet = 1;
+
+		/* When the client asks 0.0.0.0/0 and the name is not treated
+		 * as subnet, it is to be stored in the global cache.
+		 * Store that the client asked for that, if so. */
 		if(sq->ecs_client_in.subnet_source_mask == 0 &&
 			edns_opt_list_find(qstate->edns_opts_front_in,
 				qstate->env->cfg->client_subnet_opcode)) {
 			subq->no_cache_store = 1;
+			subsq->is_subquery_scopezero = 1;
 		}
 	}
 	return 1;
@@ -569,17 +597,18 @@ generate_sub_request(struct module_qstate *qstate, struct subnet_qstate* sq)
 /**
  * Perform the query without subnet
  * @param qstate: query state
+ * @param id: module id.
  * @param sq: subnet qstate
  * @return module state
  */
 static enum module_ext_state
-generate_lookup_without_subnet(struct module_qstate *qstate,
+generate_lookup_without_subnet(struct module_qstate *qstate, int id,
 	struct subnet_qstate* sq)
 {
 	verbose(VERB_ALGO, "subnetcache: make subquery to look up without subnet");
-	if(!generate_sub_request(qstate, sq)) {
+	if(!generate_sub_request(qstate, id, sq)) {
 		verbose(VERB_ALGO, "Could not generate sub query");
-		qstate->return_rcode = LDNS_RCODE_FORMERR;
+		qstate->return_rcode = LDNS_RCODE_SERVFAIL;
 		qstate->return_msg = NULL;
 		return module_finished;
 	}
@@ -622,7 +651,7 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq)
 		 * is still useful to put it in the edns subnet cache for
 		 * when a client explicitly asks for subnet specific answer. */
 		verbose(VERB_QUERY, "subnetcache: Authority indicates no support");
-		return generate_lookup_without_subnet(qstate, sq);
+		return generate_lookup_without_subnet(qstate, id, sq);
 	}
 
 	/* Purposefully there was no sent subnet, and there is consequently
@@ -654,7 +683,7 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq)
 			qstate->env->cfg->client_subnet_opcode);
 		sq->subnet_sent = 0;
 		sq->subnet_sent_no_subnet = 0;
-		return generate_lookup_without_subnet(qstate, sq);
+		return generate_lookup_without_subnet(qstate, id, sq);
 	}
 
 	lock_rw_wrlock(&sne->biglock);
@@ -945,7 +974,7 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event,
 				/* aggregated this deaggregated state */
 				qstate->ext_state[id] =
 					generate_lookup_without_subnet(
-					qstate, sq);
+					qstate, id, sq);
 				return;
 			}
 			verbose(VERB_ALGO, "subnetcache: pass to next module");
@@ -993,7 +1022,7 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event,
 				qstate->env->cfg->client_subnet_opcode)) {
 			/* client asked for resolution without edns subnet */
 			qstate->ext_state[id] = generate_lookup_without_subnet(
-				qstate, sq);
+				qstate, id, sq);
 			return;
 		}
 		
diff --git a/contrib/unbound/edns-subnet/subnetmod.h b/contrib/unbound/edns-subnet/subnetmod.h
index 3893820fabaf..d2d9e957f0f2 100644
--- a/contrib/unbound/edns-subnet/subnetmod.h
+++ b/contrib/unbound/edns-subnet/subnetmod.h
@@ -106,6 +106,10 @@ struct subnet_qstate {
 	int wait_subquery;
 	/** The subquery waited for is done. */
 	int wait_subquery_done;
+	/** The subnet state is a subquery state for nonsubnet lookup. */
+	int is_subquery_nonsubnet;
+	/** This is a subquery, and it is made due to a scope zero request. */
+	int is_subquery_scopezero;
 };
 
 void subnet_data_delete(void* d, void* ATTR_UNUSED(arg));
diff --git a/contrib/unbound/install-sh b/contrib/unbound/install-sh
index ea4c8234c41a..f3a50b3064ed 100755
--- a/contrib/unbound/install-sh
+++ b/contrib/unbound/install-sh
@@ -1,7 +1,7 @@
 #!/usr/bin/sh
 # install - install a program, script, or datafile
 
-scriptversion=2013-12-25.23; # UTC
+scriptversion=2024-06-19.01; # UTC
 
 # This originates from X11R5 (mit/util/scripts/install.sh), which was
 # later released in X11R6 (xc/config/util/install.sh) with the
@@ -69,6 +69,11 @@ posix_mkdir=
 # Desired mode of installed file.
 mode=0755
 
+# Create dirs (including intermediate dirs) using mode 755.
+# This is like GNU 'install' as of coreutils 8.32 (2020).
+mkdir_umask=22
+
+backupsuffix=
 chgrpcmd=
 chmodcmd=$chmodprog
 chowncmd=
@@ -99,19 +104,29 @@ Options:
      --version  display version info and exit.
 
   -c            (ignored)
-  -C            install only if different (preserve the last data modification time)
+  -C            install only if different (preserve data modification time)
   -d            create directories instead of installing files.
   -g GROUP      $chgrpprog installed files to GROUP.
   -m MODE       $chmodprog installed files to MODE.
   -o USER       $chownprog installed files to USER.
+  -p            pass -p to $cpprog.
   -s            $stripprog installed files.
+  -S SUFFIX     attempt to back up existing files, with suffix SUFFIX.
   -t DIRECTORY  install into DIRECTORY.
   -T            report an error if DSTFILE is a directory.
 
 Environment variables override the default commands:
   CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
   RMPROG STRIPPROG
-"
+
+By default, rm is invoked with -f; when overridden with RMPROG,
+it's up to you to specify -f if you want it.
+
+If -S is not specified, no backups are attempted.
+
+Report bugs to <bug-automake@gnu.org>.
+GNU Automake home page: <https://www.gnu.org/software/automake/>.
+General help using GNU software: <https://www.gnu.org/gethelp/>."
 
 while test $# -ne 0; do
   case $1 in
@@ -137,8 +152,13 @@ while test $# -ne 0; do
     -o) chowncmd="$chownprog $2"
         shift;;
 
+    -p) cpprog="$cpprog -p";;
+
     -s) stripcmd=$stripprog;;
 
+    -S) backupsuffix="$2"
+        shift;;
+
     -t)
         is_target_a_directory=always
         dst_arg=$2
@@ -150,7 +170,7 @@ while test $# -ne 0; do
 
     -T) is_target_a_directory=never;;
 
-    --version) echo "$0 $scriptversion"; exit $?;;
+    --version) echo "$0 (GNU Automake) $scriptversion"; exit $?;;
 
     --) shift
         break;;
@@ -255,6 +275,10 @@ do
     dstdir=$dst
     test -d "$dstdir"
     dstdir_status=$?
+    # Don't chown directories that already exist.
+    if test $dstdir_status = 0; then
+      chowncmd=""
+    fi
   else
 
     # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
@@ -271,15 +295,18 @@ do
     fi
     dst=$dst_arg
 
-    # If destination is a directory, append the input filename; won't work
-    # if double slashes aren't ignored.
+    # If destination is a directory, append the input filename.
     if test -d "$dst"; then
       if test "$is_target_a_directory" = never; then
         echo "$0: $dst_arg: Is a directory" >&2
         exit 1
       fi
       dstdir=$dst
-      dst=$dstdir/`basename "$src"`
+      dstbase=`basename "$src"`
+      case $dst in
+	*/) dst=$dst$dstbase;;
+	*)  dst=$dst/$dstbase;;
+      esac
       dstdir_status=0
     else
       dstdir=`dirname "$dst"`
@@ -288,27 +315,16 @@ do
     fi
   fi
 
+  case $dstdir in
+    */) dstdirslash=$dstdir;;
+    *)  dstdirslash=$dstdir/;;
+  esac
+
   obsolete_mkdir_used=false
 
   if test $dstdir_status != 0; then
     case $posix_mkdir in
       '')
-        # Create intermediate dirs using mode 755 as modified by the umask.
-        # This is like FreeBSD 'install' as of 1997-10-28.
-        umask=`umask`
-        case $stripcmd.$umask in
-          # Optimize common cases.
-          *[2367][2367]) mkdir_umask=$umask;;
-          .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
-
-          *[0-7])
-            mkdir_umask=`expr $umask + 22 \
-              - $umask % 100 % 40 + $umask % 20 \
-              - $umask % 10 % 4 + $umask % 2
-            `;;
-          *) mkdir_umask=$umask,go-w;;
-        esac
-
         # With -d, create the new directory with the user-specified mode.
         # Otherwise, rely on $mkdir_umask.
         if test -n "$dir_arg"; then
@@ -318,43 +334,49 @@ do
         fi
 
         posix_mkdir=false
-        case $umask in
-          *[123567][0-7][0-7])
-            # POSIX mkdir -p sets u+wx bits regardless of umask, which
-            # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
-            ;;
-          *)
-            tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
-            trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
-
-            if (umask $mkdir_umask &&
-                exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
-            then
-              if test -z "$dir_arg" || {
-                   # Check for POSIX incompatibilities with -m.
-                   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
-                   # other-writable bit of parent directory when it shouldn't.
-                   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
-                   ls_ld_tmpdir=`ls -ld "$tmpdir"`
-                   case $ls_ld_tmpdir in
-                     d????-?r-*) different_mode=700;;
-                     d????-?--*) different_mode=755;;
-                     *) false;;
-                   esac &&
-                   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
-                     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
-                     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
-                   }
-                 }
-              then posix_mkdir=:
-              fi
-              rmdir "$tmpdir/d" "$tmpdir"
-            else
-              # Remove any dirs left behind by ancient mkdir implementations.
-              rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
-            fi
-            trap '' 0;;
-        esac;;
+	# The $RANDOM variable is not portable (e.g., dash).  Use it
+	# here however when possible just to lower collision chance.
+	tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+
+	trap '
+	  ret=$?
+	  rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null
+	  exit $ret
+	' 0
+
+	# Because "mkdir -p" follows existing symlinks and we likely work
+	# directly in world-writable /tmp, make sure that the '$tmpdir'
+	# directory is successfully created first before we actually test
+	# 'mkdir -p'.
+	if (umask $mkdir_umask &&
+	    $mkdirprog $mkdir_mode "$tmpdir" &&
+	    exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
+	then
+	  if test -z "$dir_arg" || {
+	       # Check for POSIX incompatibility with -m.
+	       # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+	       # other-writable bit of parent directory when it shouldn't.
+	       # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+	       test_tmpdir="$tmpdir/a"
+	       ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
+	       case $ls_ld_tmpdir in
+		 d????-?r-*) different_mode=700;;
+		 d????-?--*) different_mode=755;;
+		 *) false;;
+	       esac &&
+	       $mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
+		 ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
+		 test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+	       }
+	     }
+	  then posix_mkdir=:
+	  fi
+	  rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
+	else
+	  # Remove any dirs left behind by ancient mkdir implementations.
+	  rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
+	fi
+	trap '' 0;;
     esac
 
     if
@@ -365,7 +387,7 @@ do
     then :
     else
 
-      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # mkdir does not conform to POSIX,
       # or it failed possibly due to a race condition.  Create the
       # directory the slow way, step by step, checking for races as we go.
 
@@ -394,7 +416,7 @@ do
           prefixes=
         else
           if $posix_mkdir; then
-            (umask=$mkdir_umask &&
+            (umask $mkdir_umask &&
              $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
             # Don't fail if two instances are running concurrently.
             test -d "$prefix" || exit 1
@@ -427,14 +449,25 @@ do
   else
 
     # Make a couple of temp file names in the proper directory.
-    dsttmp=$dstdir/_inst.$$_
-    rmtmp=$dstdir/_rm.$$_
+    dsttmp=${dstdirslash}_inst.$$_
+    rmtmp=${dstdirslash}_rm.$$_
 
     # Trap to clean up those temp files at exit.
     trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
 
     # Copy the file name to the temp name.
-    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+    (umask $cp_umask &&
+     { test -z "$stripcmd" || {
+	 # Create $dsttmp read-write so that cp doesn't create it read-only,
+	 # which would cause strip to fail.
+	 if test -z "$doit"; then
+	   : >"$dsttmp" # No need to fork-exec 'touch'.
+	 else
+	   $doit touch "$dsttmp"
+	 fi
+       }
+     } &&
+     $doit_exec $cpprog "$src" "$dsttmp") &&
 
     # and set any options; do chmod last to preserve setuid bits.
     #
@@ -460,6 +493,13 @@ do
     then
       rm -f "$dsttmp"
     else
+      # If $backupsuffix is set, and the file being installed
+      # already exists, attempt a backup.  Don't worry if it fails,
+      # e.g., if mv doesn't support -f.
+      if test -n "$backupsuffix" && test -f "$dst"; then
+        $doit $mvcmd -f "$dst" "$dst$backupsuffix" 2>/dev/null
+      fi
+
       # Rename the file to the real destination.
       $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
 
@@ -474,9 +514,9 @@ do
         # file should still install successfully.
         {
           test ! -f "$dst" ||
-          $doit $rmcmd -f "$dst" 2>/dev/null ||
+          $doit $rmcmd "$dst" 2>/dev/null ||
           { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
-            { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+            { $doit $rmcmd "$rmtmp" 2>/dev/null; :; }
           } ||
           { echo "$0: cannot unlink or rename $dst" >&2
             (exit 1); exit 1
@@ -493,9 +533,9 @@ do
 done
 
 # Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
 # time-stamp-start: "scriptversion="
 # time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
 # time-stamp-end: "; # UTC"
 # End:
diff --git a/contrib/unbound/iterator/iter_delegpt.h b/contrib/unbound/iterator/iter_delegpt.h
index 49f6f6b8130f..287bf92134d2 100644
--- a/contrib/unbound/iterator/iter_delegpt.h
+++ b/contrib/unbound/iterator/iter_delegpt.h
@@ -79,6 +79,16 @@ struct delegpt {
 	 * Also true if the delegationpoint was created from a delegation
 	 * message and thus contains the parent-side-info already. */
 	uint8_t has_parent_side_NS;
+	/** if true, the delegation point has reached last resort processing
+	 *  and the parent side information has been possibly added to the
+	 *  delegation point.
+	 *  For now this signals that further target lookups will ignore
+	 *  the configured target-fetch-policy and only resolve on
+	 *  demand to try and avoid triggering limits at this stage (.i.e, it
+	 *  is very likely that the A/AAAA queries for the newly added name
+	 *  servers will not yield new IP addresses and trigger NXNS
+	 *  countermeasures. */
+	uint8_t fallback_to_parent_side_NS;
 	/** for assertions on type of delegpt */
 	uint8_t dp_type_mlc;
 	/** use SSL for upstream query */
diff --git a/contrib/unbound/iterator/iter_fwd.c b/contrib/unbound/iterator/iter_fwd.c
index 5c104a0a3217..5d70c6664862 100644
--- a/contrib/unbound/iterator/iter_fwd.c
+++ b/contrib/unbound/iterator/iter_fwd.c
@@ -139,6 +139,17 @@ forwards_insert_data(struct iter_forwards* fwd, uint16_t c, uint8_t* nm,
 	return 1;
 }
 
+static struct iter_forward_zone*
+fwd_zone_find(struct iter_forwards* fwd, uint16_t c, uint8_t* nm)
+{
+	struct iter_forward_zone key;
+	key.node.key = &key;
+	key.dclass = c;
+	key.name = nm;
+	key.namelabs = dname_count_size_labels(nm, &key.namelen);
+	return (struct iter_forward_zone*)rbtree_search(fwd->tree, &key);
+}
+
 /** insert new info into forward structure given dp */
 static int
 forwards_insert(struct iter_forwards* fwd, uint16_t c, struct delegpt* dp)
@@ -321,6 +332,11 @@ make_stub_holes(struct iter_forwards* fwd, struct config_file* cfg)
 			log_err("cannot parse stub name '%s'", s->name);
 			return 0;
 		}
+		if(fwd_zone_find(fwd, LDNS_RR_CLASS_IN, dname) != NULL) {
+			/* Already a forward zone there. */
+			free(dname);
+			continue;
+		}
 		if(!fwd_add_stub_hole(fwd, LDNS_RR_CLASS_IN, dname)) {
 			free(dname);
 			log_err("out of memory");
@@ -345,6 +361,11 @@ make_auth_holes(struct iter_forwards* fwd, struct config_file* cfg)
 			log_err("cannot parse auth name '%s'", a->name);
 			return 0;
 		}
+		if(fwd_zone_find(fwd, LDNS_RR_CLASS_IN, dname) != NULL) {
+			/* Already a forward zone there. */
+			free(dname);
+			continue;
+		}
 		if(!fwd_add_stub_hole(fwd, LDNS_RR_CLASS_IN, dname)) {
 			free(dname);
 			log_err("out of memory");
@@ -537,17 +558,6 @@ forwards_get_mem(struct iter_forwards* fwd)
 	return s;
 }
 
-static struct iter_forward_zone*
-fwd_zone_find(struct iter_forwards* fwd, uint16_t c, uint8_t* nm)
-{
-	struct iter_forward_zone key;
-	key.node.key = &key;
-	key.dclass = c;
-	key.name = nm;
-	key.namelabs = dname_count_size_labels(nm, &key.namelen);
-	return (struct iter_forward_zone*)rbtree_search(fwd->tree, &key);
-}
-
 int 
 forwards_add_zone(struct iter_forwards* fwd, uint16_t c, struct delegpt* dp,
 	int nolock)
diff --git a/contrib/unbound/iterator/iter_scrub.c b/contrib/unbound/iterator/iter_scrub.c
index 49a5f5da19c2..553d3655f0e3 100644
--- a/contrib/unbound/iterator/iter_scrub.c
+++ b/contrib/unbound/iterator/iter_scrub.c
@@ -634,6 +634,22 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg,
 					"RRset:", pkt, msg, prev, &rrset);
 				continue;
 			}
+			/* If the NS set is a promiscuous NS set, scrub that
+			 * to remove potential for poisonous contents that
+			 * affects other names in the same zone. Remove
+			 * promiscuous NS sets in positive answers, that
+			 * thus have records in the answer section. Nodata
+			 * and nxdomain promiscuous NS sets have been removed
+			 * already. Since the NS rrset is scrubbed, its
+			 * address records are also not marked to be allowed
+			 * and are removed later. */
+			if(FLAGS_GET_RCODE(msg->flags) == LDNS_RCODE_NOERROR &&
+				msg->an_rrsets != 0 &&
+				env->cfg->iter_scrub_promiscuous) {
+				remove_rrset("normalize: removing promiscuous "
+					"RRset:", pkt, msg, prev, &rrset);
+				continue;
+			}
 			if(nsset == NULL) {
 				nsset = rrset;
 			} else {
diff --git a/contrib/unbound/iterator/iterator.c b/contrib/unbound/iterator/iterator.c
index e64dfa61ba2d..71e64655f6d0 100644
--- a/contrib/unbound/iterator/iterator.c
+++ b/contrib/unbound/iterator/iterator.c
@@ -2152,6 +2152,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
 		verbose(VERB_QUERY, "configured stub or forward servers failed -- returning SERVFAIL");
 		return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL);
 	}
+	iq->dp->fallback_to_parent_side_NS = 1;
 	if(qstate->env->cfg->harden_unverified_glue) {
 		if(!cache_fill_missing(qstate->env, iq->qchase.qclass,
 			qstate->region, iq->dp, PACKED_RRSET_UNVERIFIED_GLUE))
@@ -2180,6 +2181,10 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
 					a->lame, a->tls_auth_name, -1, NULL);
 			}
 			lock_rw_unlock(&qstate->env->hints->lock);
+			/* copy over some configuration since we update the
+			 * delegation point in place */
+			iq->dp->tcp_upstream = dp->tcp_upstream;
+			iq->dp->ssl_upstream = dp->ssl_upstream;
 		}
 		iq->dp->has_parent_side_NS = 1;
 	} else if(!iq->dp->has_parent_side_NS) {
@@ -2768,7 +2773,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
 	}
 	/* if the mesh query list is full, then do not waste cpu and sockets to
 	 * fetch promiscuous targets. They can be looked up when needed. */
-	if(can_do_promisc && !mesh_jostle_exceeded(qstate->env->mesh)) {
+	if(!iq->dp->fallback_to_parent_side_NS && can_do_promisc
+		&& !mesh_jostle_exceeded(qstate->env->mesh)) {
 		tf_policy = ie->target_fetch_policy[iq->depth];
 	}
 
@@ -3247,13 +3253,19 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
 		}
 	}
 	if(type == RESPONSE_TYPE_CNAME &&
-		iq->qchase.qtype == LDNS_RR_TYPE_CNAME &&
+		(iq->qchase.qtype == LDNS_RR_TYPE_CNAME ||
+		  iq->qchase.qtype == LDNS_RR_TYPE_ANY) &&
 		iq->minimisation_state == MINIMISE_STATE &&
 		query_dname_compare(iq->qchase.qname, iq->qinfo_out.qname) == 0) {
 		/* The minimised query for full QTYPE and hidden QTYPE can be
 		 * classified as CNAME response type, even when the original
 		 * QTYPE=CNAME. This should be treated as answer response type.
 		 */
+		/* For QTYPE=ANY, it is also considered the response, that
+		 * is what the classifier would say, if it saw qtype ANY,
+		 * and this same response was returned for that. The response
+		 * can already be treated as such an answer, without having
+		 * to send another query with a new qtype. */
 		type = RESPONSE_TYPE_ANSWER;
 	}
 
@@ -3510,6 +3522,15 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
 			iq->num_target_queries = 0;
 			return processDSNSFind(qstate, iq, id);
 		}
+		if(iq->minimisation_state == MINIMISE_STATE &&
+			query_dname_compare(iq->qchase.qname,
+			iq->qinfo_out.qname) != 0) {
+			verbose(VERB_ALGO, "continue query minimisation, "
+				"downwards, after CNAME response for "
+				"intermediate label");
+			/* continue query minimisation, downwards */
+			return next_state(iq, QUERYTARGETS_STATE);
+		}
 		/* Process the CNAME response. */
 		if(!handle_cname_response(qstate, iq, iq->response, 
 			&sname, &snamelen)) {
@@ -3572,10 +3593,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
 		iq->auth_zone_response = 0;
 		iq->sent_count = 0;
 		iq->dp_target_count = 0;
-		if(iq->minimisation_state != MINIMISE_STATE)
-			/* Only count as query restart when it is not an extra
-			 * query as result of qname minimisation. */
-			iq->query_restart_count++;
+		iq->query_restart_count++;
 		if(qstate->env->cfg->qname_minimisation)
 			iq->minimisation_state = INIT_MINIMISE_STATE;
 
@@ -4147,7 +4165,7 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
 		/* store message with the finished prepended items,
 		 * but only if we did recursion. The nonrecursion referral
 		 * from cache does not need to be stored in the msg cache. */
-		if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) {
+		if(!qstate->no_cache_store && (qstate->query_flags&BIT_RD)) {
 			iter_dns_store(qstate->env, &qstate->qinfo, 
 				iq->response->rep, 0, qstate->prefetch_leeway,
 				iq->dp&&iq->dp->has_parent_side_NS,
diff --git a/contrib/unbound/libunbound/libworker.c b/contrib/unbound/libunbound/libworker.c
index f0496452b521..6e7244c03fee 100644
--- a/contrib/unbound/libunbound/libworker.c
+++ b/contrib/unbound/libunbound/libworker.c
@@ -630,8 +630,9 @@ int libworker_fg(struct ub_ctx* ctx, struct ctx_query* q)
 		free(qinfo.qname);
 		return UB_NOERROR;
 	}
-	if(ctx->env->auth_zones && auth_zones_answer(ctx->env->auth_zones,
-		w->env, &qinfo, &edns, NULL, w->back->udp_buff, w->env->scratch)) {
+	if(ctx->env->auth_zones && auth_zones_downstream_answer(
+		ctx->env->auth_zones, w->env, &qinfo, &edns, NULL,
+		w->back->udp_buff, w->env->scratch)) {
 		regional_free_all(w->env->scratch);
 		libworker_fillup_fg(q, LDNS_RCODE_NOERROR, 
 			w->back->udp_buff, sec_status_insecure, NULL, 0);
@@ -709,8 +710,9 @@ int libworker_attach_mesh(struct ub_ctx* ctx, struct ctx_query* q,
 			w->back->udp_buff, sec_status_insecure, NULL, 0);
 		return UB_NOERROR;
 	}
-	if(ctx->env->auth_zones && auth_zones_answer(ctx->env->auth_zones,
-		w->env, &qinfo, &edns, NULL, w->back->udp_buff, w->env->scratch)) {
+	if(ctx->env->auth_zones && auth_zones_downstream_answer(
+		ctx->env->auth_zones, w->env, &qinfo, &edns, NULL,
+		w->back->udp_buff, w->env->scratch)) {
 		regional_free_all(w->env->scratch);
 		free(qinfo.qname);
 		libworker_event_done_cb(q, LDNS_RCODE_NOERROR,
@@ -847,8 +849,9 @@ handle_newq(struct libworker* w, uint8_t* buf, uint32_t len)
 		free(qinfo.qname);
 		return;
 	}
-	if(w->ctx->env->auth_zones && auth_zones_answer(w->ctx->env->auth_zones,
-		w->env, &qinfo, &edns, NULL, w->back->udp_buff, w->env->scratch)) {
+	if(w->ctx->env->auth_zones && auth_zones_downstream_answer(
+		w->ctx->env->auth_zones, w->env, &qinfo, &edns, NULL,
+		w->back->udp_buff, w->env->scratch)) {
 		regional_free_all(w->env->scratch);
 		q->msg_security = sec_status_insecure;
 		add_bg_result(w, q, w->back->udp_buff, UB_NOERROR, NULL, 0);
diff --git a/contrib/unbound/libunbound/unbound.h b/contrib/unbound/libunbound/unbound.h
index bdcf4edeca5f..c274f80ab897 100644
--- a/contrib/unbound/libunbound/unbound.h
+++ b/contrib/unbound/libunbound/unbound.h
@@ -772,6 +772,8 @@ struct ub_server_stats {
 	long long ans_bogus;
 	/** rrsets marked bogus by validator */
 	long long rrset_bogus;
+	/** number of signature validation operations performed by validator */
+	long long val_ops;
 	/** number of queries that have been ratelimited by domain recursion. */
 	long long queries_ratelimited;
 	/** unwanted traffic received on server-facing ports */
diff --git a/contrib/unbound/ltmain.sh b/contrib/unbound/ltmain.sh
index 3e6a3db3a5a1..ff2d73a65880 100644
--- a/contrib/unbound/ltmain.sh
+++ b/contrib/unbound/ltmain.sh
@@ -2720,17 +2720,10 @@ libtool_validate_options ()
     # preserve --debug
     test : = "$debug_cmd" || func_append preserve_args " --debug"
 
-    case $host_os in
-      # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452
-      # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788
-      cygwin* | mingw* | windows* | pw32* | cegcc* | solaris2* | os2*)
-        # don't eliminate duplications in $postdeps and $predeps
-        opt_duplicate_compiler_generated_deps=:
-        ;;
-      *)
-        opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps
-        ;;
-    esac
+    # Keeping compiler generated duplicates in $postdeps and $predeps is not
+    # harmful, and is necessary in a majority of systems that use it to satisfy
+    # symbol dependencies.
+    opt_duplicate_compiler_generated_deps=:
 
     $opt_help || {
       # Sanity checks first:
diff --git a/contrib/unbound/respip/respip.h b/contrib/unbound/respip/respip.h
index 6469854c53cb..83b6414737f7 100644
--- a/contrib/unbound/respip/respip.h
+++ b/contrib/unbound/respip/respip.h
@@ -276,7 +276,7 @@ void respip_inform_print(struct respip_action_info* respip_actinfo,
  * @param addrlen: length of addr.
  * @param net: netblock to lookup.
  * @param create: create node if it does not exist when 1.
- * @param ipstr: human redable ip string, for logging.
+ * @param ipstr: human readable ip string, for logging.
  * @return newly created of found node, not holding lock.
  */
 struct resp_addr*
diff --git a/contrib/unbound/services/authzone.c b/contrib/unbound/services/authzone.c
index 3c3dc9ad05d9..60ccc8698748 100644
--- a/contrib/unbound/services/authzone.c
+++ b/contrib/unbound/services/authzone.c
@@ -2413,14 +2413,12 @@ az_find_wildcard(struct auth_zone* z, struct query_info* qinfo,
 	if(!dname_subdomain_c(nm, z->name))
 		return NULL; /* out of zone */
 	while((node=az_find_wildcard_domain(z, nm, nmlen))==NULL) {
-		/* see if we can go up to find the wildcard */
 		if(nmlen == z->namelen)
 			return NULL; /* top of zone reached */
 		if(ce && nmlen == ce->namelen)
 			return NULL; /* ce reached */
-		if(dname_is_root(nm))
-			return NULL; /* cannot go up */
-		dname_remove_label(&nm, &nmlen);
+		if(!dname_remove_label_limit_len(&nm, &nmlen, z->namelen))
+			return NULL; /* can't go up */
 	}
 	return node;
 }
@@ -2442,9 +2440,8 @@ az_find_candidate_ce(struct auth_zone* z, struct query_info* qinfo,
 	n = az_find_name(z, nm, nmlen);
 	/* delete labels and go up on name */
 	while(!n) {
-		if(dname_is_root(nm))
-			return NULL; /* cannot go up */
-		dname_remove_label(&nm, &nmlen);
+		if(!dname_remove_label_limit_len(&nm, &nmlen, z->namelen))
+			return NULL; /* can't go up */
 		n = az_find_name(z, nm, nmlen);
 	}
 	return n;
@@ -2456,8 +2453,7 @@ az_domain_go_up(struct auth_zone* z, struct auth_data* n)
 {
 	uint8_t* nm = n->name;
 	size_t nmlen = n->namelen;
-	while(!dname_is_root(nm)) {
-		dname_remove_label(&nm, &nmlen);
+	while(dname_remove_label_limit_len(&nm, &nmlen, z->namelen)) {
 		if((n=az_find_name(z, nm, nmlen)) != NULL)
 			return n;
 	}
@@ -2771,26 +2767,23 @@ az_change_dnames(struct dns_msg* msg, uint8_t* oldname, uint8_t* newname,
 	}
 }
 
-/** find NSEC record covering the query */
+/** find NSEC record covering the query, with the given node in the zone */
 static struct auth_rrset*
 az_find_nsec_cover(struct auth_zone* z, struct auth_data** node)
 {
-	uint8_t* nm = (*node)->name;
-	size_t nmlen = (*node)->namelen;
+	uint8_t* nm;
+	size_t nmlen;
 	struct auth_rrset* rrset;
+	log_assert(*node); /* we already have a node when calling this */
+	nm = (*node)->name;
+	nmlen = (*node)->namelen;
 	/* find the NSEC for the smallest-or-equal node */
-	/* if node == NULL, we did not find a smaller name.  But the zone
-	 * name is the smallest name and should have an NSEC. So there is
-	 * no NSEC to return (for a properly signed zone) */
-	/* for empty nonterminals, the auth-data node should not exist,
-	 * and thus we don't need to go rbtree_previous here to find
-	 * a domain with an NSEC record */
-	/* but there could be glue, and if this is node, then it has no NSEC.
+	/* But there could be glue, and then it has no NSEC.
 	 * Go up to find nonglue (previous) NSEC-holding nodes */
 	while((rrset=az_domain_rrset(*node, LDNS_RR_TYPE_NSEC)) == NULL) {
-		if(dname_is_root(nm)) return NULL;
 		if(nmlen == z->namelen) return NULL;
-		dname_remove_label(&nm, &nmlen);
+		if(!dname_remove_label_limit_len(&nm, &nmlen, z->namelen))
+			return NULL; /* can't go up */
 		/* adjust *node for the nsec rrset to find in */
 		*node = az_find_name(z, nm, nmlen);
 	}
@@ -3018,12 +3011,9 @@ az_nsec3_find_ce(struct auth_zone* z, uint8_t** cenm, size_t* cenmlen,
 	struct auth_data* node;
 	while((node = az_nsec3_find_exact(z, *cenm, *cenmlen,
 		algo, iter, salt, saltlen)) == NULL) {
-		if(*cenmlen == z->namelen) {
-			/* next step up would take us out of the zone. fail */
-			return NULL;
-		}
+		if(!dname_remove_label_limit_len(cenm, cenmlen, z->namelen))
+			return NULL; /* can't go up */
 		*no_exact_ce = 1;
-		dname_remove_label(cenm, cenmlen);
 	}
 	return node;
 }
@@ -3340,7 +3330,8 @@ az_generate_wildcard_answer(struct auth_zone* z, struct query_info* qinfo,
 	} else if(ce) {
 		uint8_t* wildup = wildcard->name;
 		size_t wilduplen= wildcard->namelen;
-		dname_remove_label(&wildup, &wilduplen);
+		if(!dname_remove_label_limit_len(&wildup, &wilduplen, z->namelen))
+			return 0; /* can't go up */
 		if(!az_add_nsec3_proof(z, region, msg, wildup,
 			wilduplen, msg->qinfo.qname,
 			msg->qinfo.qname_len, 0, insert_ce, 1, 0))
@@ -3399,7 +3390,7 @@ az_generate_answer_with_node(struct auth_zone* z, struct query_info* qinfo,
 }
 
 /** Generate answer without an existing-node that we can use.
- * So it'll be a referral, DNAME or nxdomain */
+ * So it'll be a referral, DNAME, notype, wildcard or nxdomain */
 static int
 az_generate_answer_nonexistnode(struct auth_zone* z, struct query_info* qinfo,
 	struct regional* region, struct dns_msg* msg, struct auth_data* ce,
@@ -3565,14 +3556,17 @@ auth_error_encode(struct query_info* qinfo, struct module_env* env,
 		sldns_buffer_read_u16_at(buf, 2), edns);
 }
 
-int auth_zones_answer(struct auth_zones* az, struct module_env* env,
+int auth_zones_downstream_answer(struct auth_zones* az, struct module_env* env,
 	struct query_info* qinfo, struct edns_data* edns,
-	struct comm_reply* repinfo, struct sldns_buffer* buf, struct regional* temp)
+	struct comm_reply* repinfo, struct sldns_buffer* buf,
+	struct regional* temp)
 {
 	struct dns_msg* msg = NULL;
 	struct auth_zone* z;
 	int r;
 	int fallback = 0;
+	/* Copy the qinfo in case of cname aliasing from local-zone */
+	struct query_info zqinfo = *qinfo;
 
 	lock_rw_rdlock(&az->lock);
 	if(!az->have_downstream) {
@@ -3580,6 +3574,7 @@ int auth_zones_answer(struct auth_zones* az, struct module_env* env,
 		lock_rw_unlock(&az->lock);
 		return 0;
 	}
+
 	if(qinfo->qtype == LDNS_RR_TYPE_DS) {
 		uint8_t* delname = qinfo->qname;
 		size_t delnamelen = qinfo->qname_len;
@@ -3587,8 +3582,14 @@ int auth_zones_answer(struct auth_zones* az, struct module_env* env,
 		z = auth_zones_find_zone(az, delname, delnamelen,
 			qinfo->qclass);
 	} else {
-		z = auth_zones_find_zone(az, qinfo->qname, qinfo->qname_len,
-			qinfo->qclass);
+		if(zqinfo.local_alias && !local_alias_shallow_copy_qname(
+			zqinfo.local_alias, &zqinfo.qname,
+			&zqinfo.qname_len)) {
+			lock_rw_unlock(&az->lock);
+			return 0;
+		}
+		z = auth_zones_find_zone(az, zqinfo.qname, zqinfo.qname_len,
+			zqinfo.qclass);
 	}
 	if(!z) {
 		/* no zone above it */
@@ -3614,7 +3615,7 @@ int auth_zones_answer(struct auth_zones* az, struct module_env* env,
 	}
 
 	/* answer it from zone z */
-	r = auth_zone_generate_answer(z, qinfo, temp, &msg, &fallback);
+	r = auth_zone_generate_answer(z, &zqinfo, temp, &msg, &fallback);
 	lock_rw_unlock(&z->lock);
 	if(!r && fallback) {
 		/* fallback to regular answering (recursive) */
@@ -5023,6 +5024,7 @@ apply_axfr(struct auth_xfer* xfr, struct auth_zone* z,
 
 	xfr->have_zone = 0;
 	xfr->serial = 0;
+	xfr->soa_zone_acquired = 0;
 
 	/* insert all RRs in to the zone */
 	/* insert the SOA only once, skip the last one */
@@ -5124,6 +5126,7 @@ apply_http(struct auth_xfer* xfr, struct auth_zone* z,
 
 	xfr->have_zone = 0;
 	xfr->serial = 0;
+	xfr->soa_zone_acquired = 0;
 
 	chunk = xfr->task_transfer->chunks_first;
 	chunk_pos = 0;
@@ -5334,6 +5337,8 @@ xfr_process_chunk_list(struct auth_xfer* xfr, struct module_env* env,
 			" (or malformed RR)", xfr->task_transfer->master->host);
 		return 0;
 	}
+	z->soa_zone_acquired = *env->now;
+	xfr->soa_zone_acquired = *env->now;
 
 	/* release xfr lock while verifying zonemd because it may have
 	 * to spawn lookups in the state machines */
@@ -7003,13 +7008,23 @@ xfr_set_timeout(struct auth_xfer* xfr, struct module_env* env,
 	comm_timer_set(xfr->task_nextprobe->timer, &tv);
 }
 
+void auth_zone_pickup_initial_zone(struct auth_zone* z, struct module_env* env)
+{
+	/* Set the time, because we now have timestamp in env,
+	 * (not earlier during startup and apply_cfg), and this
+	 * notes the start time when the data was acquired. */
+	z->soa_zone_acquired = *env->now;
+}
+
 void auth_xfer_pickup_initial_zone(struct auth_xfer* x, struct module_env* env)
 {
 	/* set lease_time, because we now have timestamp in env,
 	 * (not earlier during startup and apply_cfg), and this
 	 * notes the start time when the data was acquired */
-	if(x->have_zone)
+	if(x->have_zone) {
 		x->lease_time = *env->now;
+		x->soa_zone_acquired = *env->now;
+	}
 	if(x->task_nextprobe && x->task_nextprobe->worker == NULL) {
 		xfr_set_timeout(x, env, 0, 1);
 	}
@@ -7020,7 +7035,13 @@ void
 auth_xfer_pickup_initial(struct auth_zones* az, struct module_env* env)
 {
 	struct auth_xfer* x;
+	struct auth_zone* z;
 	lock_rw_wrlock(&az->lock);
+	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
+		lock_rw_wrlock(&z->lock);
+		auth_zone_pickup_initial_zone(z, env);
+		lock_rw_unlock(&z->lock);
+	}
 	RBTREE_FOR(x, struct auth_xfer*, &az->xtree) {
 		lock_basic_lock(&x->lock);
 		auth_xfer_pickup_initial_zone(x, env);
@@ -7105,6 +7126,7 @@ auth_xfer_new(struct auth_zone* z)
 	lock_protect(&xfr->lock, &xfr->notify_serial, sizeof(xfr->notify_serial));
 	lock_protect(&xfr->lock, &xfr->zone_expired, sizeof(xfr->zone_expired));
 	lock_protect(&xfr->lock, &xfr->have_zone, sizeof(xfr->have_zone));
+	lock_protect(&xfr->lock, &xfr->soa_zone_acquired, sizeof(xfr->soa_zone_acquired));
 	lock_protect(&xfr->lock, &xfr->serial, sizeof(xfr->serial));
 	lock_protect(&xfr->lock, &xfr->retry, sizeof(xfr->retry));
 	lock_protect(&xfr->lock, &xfr->refresh, sizeof(xfr->refresh));
diff --git a/contrib/unbound/services/authzone.h b/contrib/unbound/services/authzone.h
index 722781a063a8..d38cf9d26622 100644
--- a/contrib/unbound/services/authzone.h
+++ b/contrib/unbound/services/authzone.h
@@ -118,6 +118,8 @@ struct auth_zone {
 	char* zonefile;
 	/** fallback to the internet on failure or ttl-expiry of auth zone */
 	int fallback_enabled;
+	/** the time when zone was transferred from upstream */
+	time_t soa_zone_acquired;
 	/** the zone has expired (enabled by the xfer worker), fallback
 	 * happens if that option is enabled. */
 	int zone_expired;
@@ -261,6 +263,8 @@ struct auth_xfer {
 	int zone_expired;
 	/** do we have a zone (if 0, no zone data at all) */
 	int have_zone;
+	/** the time when zone was transferred from upstream */
+	time_t soa_zone_acquired;
 
 	/** current serial (from SOA), if we have no zone, 0 */
 	uint32_t serial;
@@ -550,9 +554,10 @@ int auth_zones_lookup(struct auth_zones* az, struct query_info* qinfo,
  * @param temp: temporary storage region.
  * @return false if not answered
  */
-int auth_zones_answer(struct auth_zones* az, struct module_env* env,
+int auth_zones_downstream_answer(struct auth_zones* az, struct module_env* env,
 	struct query_info* qinfo, struct edns_data* edns,
-	struct comm_reply* repinfo, struct sldns_buffer* buf, struct regional* temp);
+	struct comm_reply* repinfo, struct sldns_buffer* buf,
+	struct regional* temp);
 
 /** 
  * Find the auth zone that is above the given qname.
@@ -800,6 +805,14 @@ void auth_xfer_pickup_initial_zone(struct auth_xfer* x,
 	struct module_env* env);
 
 /**
+ * Initial pick up of the auth zone, it sets the acquired time.
+ * @param z: the zone, write locked by caller.
+ * @param env: environment of the worker, with current time.
+ */
+void auth_zone_pickup_initial_zone(struct auth_zone* z,
+	struct module_env* env);
+
+/**
  * Delete auth xfer structure
  * @param xfr: delete this xfer and its tasks.
  */
diff --git a/contrib/unbound/services/cache/rrset.c b/contrib/unbound/services/cache/rrset.c
index a05ae5a56b78..6d5c24f8053e 100644
--- a/contrib/unbound/services/cache/rrset.c
+++ b/contrib/unbound/services/cache/rrset.c
@@ -68,6 +68,8 @@ struct rrset_cache* rrset_cache_create(struct config_file* cfg,
 	struct rrset_cache *r = (struct rrset_cache*)slabhash_create(slabs,
 		startarray, maxmem, ub_rrset_sizefunc, ub_rrset_compare,
 		ub_rrset_key_delete, rrset_data_delete, alloc);
+	if(!r)
+		return NULL;
 	slabhash_setmarkdel(&r->table, &rrset_markdel);
 	return r;
 }
diff --git a/contrib/unbound/services/listen_dnsport.c b/contrib/unbound/services/listen_dnsport.c
index 26efadc151a1..f7fcca194b40 100644
--- a/contrib/unbound/services/listen_dnsport.c
+++ b/contrib/unbound/services/listen_dnsport.c
@@ -90,10 +90,13 @@
 #ifdef HAVE_NGTCP2
 #include <ngtcp2/ngtcp2.h>
 #include <ngtcp2/ngtcp2_crypto.h>
-#ifdef HAVE_NGTCP2_NGTCP2_CRYPTO_QUICTLS_H
+#ifdef HAVE_NGTCP2_NGTCP2_CRYPTO_OSSL_H
+#include <ngtcp2/ngtcp2_crypto_ossl.h>
+#elif defined(HAVE_NGTCP2_NGTCP2_CRYPTO_QUICTLS_H)
 #include <ngtcp2/ngtcp2_crypto_quictls.h>
-#else
+#elif defined(HAVE_NGTCP2_NGTCP2_CRYPTO_OPENSSL_H)
 #include <ngtcp2/ngtcp2_crypto_openssl.h>
+#define MAKE_QUIC_METHOD 1
 #endif
 #endif
 
@@ -447,7 +450,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
 		 * /proc/sys/net/core/wmem_max or sysctl net.core.wmem_max */
 		if(setsockopt(s, SOL_SOCKET, SO_SNDBUFFORCE, (void*)&snd,
 			(socklen_t)sizeof(snd)) < 0) {
-			if(errno != EPERM) {
+			if(errno != EPERM && errno != ENOBUFS) {
 				log_err("setsockopt(..., SO_SNDBUFFORCE, "
 					"...) failed: %s", sock_strerror(errno));
 				sock_close(s);
@@ -455,15 +458,23 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
 				*inuse = 0;
 				return -1;
 			}
+			if(errno != EPERM) {
+				verbose(VERB_ALGO, "setsockopt(..., SO_SNDBUFFORCE, "
+					"...) was not granted: %s", sock_strerror(errno));
+			}
 #  endif /* SO_SNDBUFFORCE */
 			if(setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&snd,
 				(socklen_t)sizeof(snd)) < 0) {
-				log_err("setsockopt(..., SO_SNDBUF, "
-					"...) failed: %s", sock_strerror(errno));
-				sock_close(s);
-				*noproto = 0;
-				*inuse = 0;
-				return -1;
+				if(errno != ENOSYS && errno != ENOBUFS) {
+					log_err("setsockopt(..., SO_SNDBUF, "
+						"...) failed: %s", sock_strerror(errno));
+					sock_close(s);
+					*noproto = 0;
+					*inuse = 0;
+					return -1;
+				}
+				log_warn("setsockopt(..., SO_SNDBUF, "
+					"...) was not granted: %s", sock_strerror(errno));
 			}
 			/* check if we got the right thing or if system
 			 * reduced to some system max.  Warn if so */
@@ -473,7 +484,8 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
 					"Got %u. To fix: start with "
 					"root permissions(linux) or sysctl "
 					"bigger net.core.wmem_max(linux) or "
-					"kern.ipc.maxsockbuf(bsd) values.",
+					"kern.ipc.maxsockbuf(bsd) values. or "
+					"set so-sndbuf: 0 (use system value).",
 					(unsigned)snd, (unsigned)got);
 			}
 #  ifdef SO_SNDBUFFORCE
@@ -902,7 +914,7 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
 	   against IP spoofing attacks as suggested in RFC7413 */
 #ifdef __APPLE__
 	/* OS X implementation only supports qlen of 1 via this call. Actual
-	   value is configured by the net.inet.tcp.fastopen_backlog kernel parm. */
+	   value is configured by the net.inet.tcp.fastopen_backlog kernel param. */
 	qlen = 1;
 #else
 	/* 5 is recommended on linux */
@@ -1179,6 +1191,15 @@ set_recvtimestamp(int s)
 		return 0;
 	}
 	return 1;
+#elif defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP)
+	int on = 1;
+	/* FreeBSD and also Linux. */
+	if (setsockopt(s, SOL_SOCKET, SO_TIMESTAMP, (void*)&on, (socklen_t)sizeof(on)) < 0) {
+		log_err("setsockopt(..., SO_TIMESTAMP, ...) failed: %s",
+			strerror(errno));
+		return 0;
+	}
+	return 1;
 #else
 	log_err("packets timestamping is not supported on this platform");
 	(void)s;
@@ -1598,7 +1619,7 @@ listen_create(struct comm_base* base, struct listen_port* ports,
 				front->udp_buff, ports->pp2_enabled, cb,
 				cb_arg, ports->socket);
 #else
-			log_warn("This system does not support UDP ancilliary data.");
+			log_warn("This system does not support UDP ancillary data.");
 #endif
 		}
 		if(!cp) {
@@ -3099,7 +3120,7 @@ static int http2_req_header_cb(nghttp2_session* session,
 		return 0;
 	}
 	/* Content type is a SHOULD (rfc7231#section-3.1.1.5) when using POST,
-	 * and not needed when using GET. Don't enfore.
+	 * and not needed when using GET. Don't enforce.
 	 * If set only allow lowercase "application/dns-message".
 	 *
 	 * Clients SHOULD (rfc8484#section-4.1) set an accept header, but MUST
@@ -3161,7 +3182,7 @@ static int http2_req_data_chunk_recv_cb(nghttp2_session* ATTR_UNUSED(session),
 			qlen = h2_stream->content_length;
 		} else if(len <= h2_session->c->http2_stream_max_qbuffer_size) {
 			/* setting this to msg-buffer-size can result in a lot
-			 * of memory consuption. Most queries should fit in a
+			 * of memory consumption. Most queries should fit in a
 			 * single DATA frame, and most POST queries will
 			 * contain content-length which does not impose this
 			 * limit. */
@@ -3187,7 +3208,7 @@ static int http2_req_data_chunk_recv_cb(nghttp2_session* ATTR_UNUSED(session),
 
 	if(!h2_stream->qbuffer ||
 		sldns_buffer_remaining(h2_stream->qbuffer) < len) {
-		verbose(VERB_ALGO, "http2 data_chunck_recv failed. Not enough "
+		verbose(VERB_ALGO, "http2 data_chunk_recv failed. Not enough "
 			"buffer space for POST query. Can happen on multi "
 			"frame requests without content-length header");
 		h2_stream->query_too_large = 1;
@@ -3257,6 +3278,21 @@ doq_table_create(struct config_file* cfg, struct ub_randstate* rnd)
 	struct doq_table* table = calloc(1, sizeof(*table));
 	if(!table)
 		return NULL;
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	/* Initialize the ossl crypto, it is harmless to call twice,
+	 * and this is before use of doq connections. */
+	if(ngtcp2_crypto_ossl_init() != 0) {
+		log_err("ngtcp2_crypto_oss_init failed");
+		free(table);
+		return NULL;
+	}
+#elif defined(HAVE_NGTCP2_CRYPTO_QUICTLS_INIT)
+	if(ngtcp2_crypto_quictls_init() != 0) {
+		log_err("ngtcp2_crypto_quictls_init failed");
+		free(table);
+		return NULL;
+	}
+#endif
 	table->idle_timeout = ((uint64_t)cfg->tcp_idle_timeout)*
 		NGTCP2_MILLISECONDS;
 	table->sv_scidlen = 16;
@@ -3596,12 +3632,18 @@ doq_conn_delete(struct doq_conn* conn, struct doq_table* table)
 	lock_rw_wrlock(&conn->table->conid_lock);
 	doq_conn_clear_conids(conn);
 	lock_rw_unlock(&conn->table->conid_lock);
-	ngtcp2_conn_del(conn->conn);
+	/* Remove the app data from ngtcp2 before SSL_free of conn->ssl,
+	 * because the ngtcp2 conn is deleted. */
+	SSL_set_app_data(conn->ssl, NULL);
 	if(conn->stream_tree.count != 0) {
 		traverse_postorder(&conn->stream_tree, stream_tree_del, table);
 	}
 	free(conn->key.dcid);
 	SSL_free(conn->ssl);
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	ngtcp2_crypto_ossl_ctx_del(conn->ossl_ctx);
+#endif
+	ngtcp2_conn_del(conn->conn);
 	free(conn->close_pkt);
 	free(conn);
 }
@@ -4459,7 +4501,7 @@ doq_log_printf_cb(void* ATTR_UNUSED(user_data), const char* fmt, ...)
 	va_end(ap);
 }
 
-#ifndef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT
+#ifdef MAKE_QUIC_METHOD
 /** the doq application tx key callback, false on failure */
 static int
 doq_application_tx_key_cb(struct doq_conn* conn)
@@ -4493,7 +4535,9 @@ doq_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL ossl_level,
 	ngtcp2_crypto_level
 #endif
 		level =
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_FROM_OSSL_ENCRYPTION_LEVEL
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+		ngtcp2_crypto_ossl_from_ossl_encryption_level(ossl_level);
+#elif defined(HAVE_NGTCP2_CRYPTO_QUICTLS_FROM_OSSL_ENCRYPTION_LEVEL)
 		ngtcp2_crypto_quictls_from_ossl_encryption_level(ossl_level);
 #else
 		ngtcp2_crypto_openssl_from_ossl_encryption_level(ossl_level);
@@ -4539,7 +4583,9 @@ doq_add_handshake_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL ossl_level,
 	ngtcp2_crypto_level
 #endif
 		level =
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_FROM_OSSL_ENCRYPTION_LEVEL
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+		ngtcp2_crypto_ossl_from_ossl_encryption_level(ossl_level);
+#elif defined(HAVE_NGTCP2_CRYPTO_QUICTLS_FROM_OSSL_ENCRYPTION_LEVEL)
 		ngtcp2_crypto_quictls_from_ossl_encryption_level(ossl_level);
 #else
 		ngtcp2_crypto_openssl_from_ossl_encryption_level(ossl_level);
@@ -4574,7 +4620,7 @@ doq_send_alert(SSL *ssl, enum ssl_encryption_level_t ATTR_UNUSED(level),
 	doq_conn->tls_alert = alert;
 	return 1;
 }
-#endif /* HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT */
+#endif /* MAKE_QUIC_METHOD */
 
 /** ALPN select callback for the doq SSL context */
 static int
@@ -4596,7 +4642,7 @@ void* quic_sslctx_create(char* key, char* pem, char* verifypem)
 {
 #ifdef HAVE_NGTCP2
 	char* sid_ctx = "unbound server";
-#ifndef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT
+#ifdef MAKE_QUIC_METHOD
 	SSL_QUIC_METHOD* quic_method;
 #endif
 	SSL_CTX* ctx = SSL_CTX_new(TLS_server_method());
@@ -4669,7 +4715,7 @@ void* quic_sslctx_create(char* key, char* pem, char* verifypem)
 		SSL_CTX_free(ctx);
 		return NULL;
 	}
-#else /* HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT */
+#elif defined(MAKE_QUIC_METHOD)
 	/* The quic_method needs to remain valid during the SSL_CTX
 	 * lifetime, so we allocate it. It is freed with the
 	 * doq_server_socket. */
@@ -4704,12 +4750,29 @@ static ngtcp2_conn* doq_conn_ref_get_conn(ngtcp2_crypto_conn_ref* conn_ref)
 static SSL*
 doq_ssl_server_setup(SSL_CTX* ctx, struct doq_conn* conn)
 {
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	int ret;
+#endif
 	SSL* ssl = SSL_new(ctx);
 	if(!ssl) {
 		log_crypto_err("doq: SSL_new failed");
 		return NULL;
 	}
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	if((ret=ngtcp2_crypto_ossl_ctx_new(&conn->ossl_ctx, NULL)) != 0) {
+		log_err("doq: ngtcp2_crypto_ossl_ctx_new failed: %s",
+			ngtcp2_strerror(ret));
+		SSL_free(ssl);
+		return NULL;
+	}
+	ngtcp2_crypto_ossl_ctx_set_ssl(conn->ossl_ctx, ssl);
+	if(ngtcp2_crypto_ossl_configure_server_session(ssl) != 0) {
+		log_err("doq: ngtcp2_crypto_ossl_configure_server_session failed");
+		SSL_free(ssl);
+		return NULL;
+	}
+#endif
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT)
 	conn->conn_ref.get_conn = &doq_conn_ref_get_conn;
 	conn->conn_ref.user_data = conn;
 	SSL_set_app_data(ssl, &conn->conn_ref);
@@ -4717,7 +4780,11 @@ doq_ssl_server_setup(SSL_CTX* ctx, struct doq_conn* conn)
 	SSL_set_app_data(ssl, conn);
 #endif
 	SSL_set_accept_state(ssl);
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	SSL_set_quic_tls_early_data_enabled(ssl, 1);
+#else
 	SSL_set_quic_early_data_enabled(ssl, 1);
+#endif
 	return ssl;
 }
 
@@ -4838,7 +4905,11 @@ doq_conn_setup(struct doq_conn* conn, uint8_t* scid, size_t scidlen,
 		log_err("doq_ssl_server_setup failed");
 		return 0;
 	}
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	ngtcp2_conn_set_tls_native_handle(conn->conn, conn->ossl_ctx);
+#else
 	ngtcp2_conn_set_tls_native_handle(conn->conn, conn->ssl);
+#endif
 	doq_conn_write_enable(conn);
 	return 1;
 }
diff --git a/contrib/unbound/services/listen_dnsport.h b/contrib/unbound/services/listen_dnsport.h
index f6275f805fba..963595a1ccc5 100644
--- a/contrib/unbound/services/listen_dnsport.h
+++ b/contrib/unbound/services/listen_dnsport.h
@@ -52,6 +52,9 @@
 #ifdef HAVE_NGTCP2
 #include <ngtcp2/ngtcp2.h>
 #include <ngtcp2/ngtcp2_crypto.h>
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+struct ngtcp2_crypto_ossl_ctx;
+#endif
 #endif
 struct listen_list;
 struct config_file;
@@ -606,10 +609,14 @@ struct doq_conn {
 	uint8_t tls_alert;
 	/** the ssl context, SSL* */
 	void* ssl;
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT)
 	/** the connection reference for ngtcp2_conn and userdata in ssl */
 	struct ngtcp2_crypto_conn_ref conn_ref;
 #endif
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	/** the per-connection state for ngtcp2_crypto_ossl */
+	struct ngtcp2_crypto_ossl_ctx* ossl_ctx;
+#endif
 	/** closure packet, if any */
 	uint8_t* close_pkt;
 	/** length of closure packet. */
diff --git a/contrib/unbound/services/mesh.c b/contrib/unbound/services/mesh.c
index 8a52fe4a6466..3212a6abf4c6 100644
--- a/contrib/unbound/services/mesh.c
+++ b/contrib/unbound/services/mesh.c
@@ -2265,6 +2265,7 @@ mesh_stats_clear(struct mesh_area* mesh)
 	timehist_clear(mesh->histogram);
 	mesh->ans_secure = 0;
 	mesh->ans_bogus = 0;
+	mesh->val_ops = 0;
 	mesh->ans_expired = 0;
 	mesh->ans_cachedb = 0;
 	memset(&mesh->ans_rcode[0], 0, sizeof(size_t)*UB_STATS_RCODE_NUM);
diff --git a/contrib/unbound/services/mesh.h b/contrib/unbound/services/mesh.h
index fd17c05da6d4..f19f423a8cd3 100644
--- a/contrib/unbound/services/mesh.h
+++ b/contrib/unbound/services/mesh.h
@@ -131,6 +131,8 @@ struct mesh_area {
 	size_t ans_secure;
 	/** (extended stats) bogus replies */
 	size_t ans_bogus;
+	/** (extended stats) number of validation operations */
+	size_t val_ops;
 	/** (extended stats) rcodes in replies */
 	size_t ans_rcode[UB_STATS_RCODE_NUM];
 	/** (extended stats) rcode nodata in replies */
diff --git a/contrib/unbound/services/modstack.c b/contrib/unbound/services/modstack.c
index fa68cc71d2ff..2bc79c4adfd7 100644
--- a/contrib/unbound/services/modstack.c
+++ b/contrib/unbound/services/modstack.c
@@ -138,8 +138,8 @@ modstack_config(struct module_stack* stack, const char* module_conf)
 			if(strchr(s, ' ')) *(strchr(s, ' ')) = 0;
 			if(strchr(s, '\t')) *(strchr(s, '\t')) = 0;
 			log_err("Unknown value in module-config, module: '%s'."
-				" This module is not present (not compiled in),"
-				" See the list of linked modules with unbound -V", s);
+				" This module is not present (not compiled in);"
+				" see the list of linked modules with unbound -V", s);
 			return 0;
 		}
 	}
diff --git a/contrib/unbound/services/modstack.h b/contrib/unbound/services/modstack.h
index 5674aefdd018..03a4c82c40cd 100644
--- a/contrib/unbound/services/modstack.h
+++ b/contrib/unbound/services/modstack.h
@@ -67,7 +67,7 @@ void modstack_init(struct module_stack* stack);
 void modstack_free(struct module_stack* stack);
 
 /**
- * Initialises modules and assignes ids. Calls module_startup().
+ * Initialises modules and assigns ids. Calls module_startup().
  * @param stack: Expected empty, filled according to module_conf
  * @param module_conf: string what modules to initialize
  * @param env: module environment which is inited by the modules.
diff --git a/contrib/unbound/services/outside_network.c b/contrib/unbound/services/outside_network.c
index 0d7ec890573b..2b7f7d0a2f21 100644
--- a/contrib/unbound/services/outside_network.c
+++ b/contrib/unbound/services/outside_network.c
@@ -2827,7 +2827,7 @@ serviced_perturb_qname(struct ub_randstate* rnd, uint8_t* qbuf, size_t len)
 					random = ub_random(rnd);
 					bits = 30;
 				}
-				if(random & 0x1) {
+				if((random & 0x1)) {
 					*d = (uint8_t)toupper((unsigned char)*d);
 				} else {
 					*d = (uint8_t)tolower((unsigned char)*d);
@@ -2890,9 +2890,9 @@ serviced_encode(struct serviced_query* sq, sldns_buffer* buff, int with_edns)
 		edns.opt_list_inplace_cb_out = NULL;
 		edns.udp_size = serviced_query_udp_size(sq, sq->status);
 		edns.bits = 0;
-		if(sq->dnssec & EDNS_DO)
+		if((sq->dnssec & EDNS_DO))
 			edns.bits = EDNS_DO;
-		if(sq->dnssec & BIT_CD)
+		if((sq->dnssec & BIT_CD))
 			LDNS_CD_SET(sldns_buffer_begin(buff));
 		if (sq->ssl_upstream && sq->padding_block_size) {
 			padding_option.opt_code = LDNS_EDNS_PADDING;
diff --git a/contrib/unbound/services/rpz.c b/contrib/unbound/services/rpz.c
index df39e75b0596..f45cf65420d7 100644
--- a/contrib/unbound/services/rpz.c
+++ b/contrib/unbound/services/rpz.c
@@ -2121,8 +2121,17 @@ rpz_synthesize_nsdname_localdata(struct rpz* r, struct module_qstate* ms,
 	rpz_log_dname("nsdname local data", key.name, key.namelen);
 
 	ld = (struct local_data*)rbtree_search(&z->data, &key.node);
+	if(ld == NULL && dname_is_wild(z->name)) {
+		key.name = z->name;
+		key.namelen = z->namelen;
+		key.namelabs = z->namelabs;
+		ld = (struct local_data*)rbtree_search(&z->data, &key.node);
+		/* rpz_synthesize_localdata_from_rrset is going to make
+		 * the rrset source name equal to the query name. So no need
+		 * to make the wildcard rrset here. */
+	}
 	if(ld == NULL) {
-		verbose(VERB_ALGO, "rpz: nsdname: impossible: qname not found");
+		verbose(VERB_ALGO, "rpz: nsdname: qname not found");
 		return NULL;
 	}
 
@@ -2148,6 +2157,15 @@ rpz_synthesize_qname_localdata_msg(struct rpz* r, struct module_qstate* ms,
 	key.namelen = qinfo->qname_len;
 	key.namelabs = dname_count_labels(qinfo->qname);
 	ld = (struct local_data*)rbtree_search(&z->data, &key.node);
+	if(ld == NULL && dname_is_wild(z->name)) {
+		key.name = z->name;
+		key.namelen = z->namelen;
+		key.namelabs = z->namelabs;
+		ld = (struct local_data*)rbtree_search(&z->data, &key.node);
+		/* rpz_synthesize_localdata_from_rrset is going to make
+		 * the rrset source name equal to the query name. So no need
+		 * to make the wildcard rrset here. */
+	}
 	if(ld == NULL) {
 		verbose(VERB_ALGO, "rpz: qname: name not found");
 		return NULL;
diff --git a/contrib/unbound/sldns/keyraw.c b/contrib/unbound/sldns/keyraw.c
index 90a6e85337c2..42a9262a30da 100644
--- a/contrib/unbound/sldns/keyraw.c
+++ b/contrib/unbound/sldns/keyraw.c
@@ -124,7 +124,7 @@ uint16_t sldns_calc_keytag_raw(uint8_t* key, size_t keysize)
 		size_t i;
 		uint32_t ac32 = 0;
 		for (i = 0; i < keysize; ++i) {
-			ac32 += (i & 1) ? key[i] : key[i] << 8;
+			ac32 += ((i & 1)) ? key[i] : key[i] << 8;
 		}
 		ac32 += (ac32 >> 16) & 0xFFFF;
 		return (uint16_t) (ac32 & 0xFFFF);
@@ -272,7 +272,7 @@ sldns_key_buf2dsa_raw(unsigned char* key, size_t len)
 		return NULL;
 	}
 	if (!DSA_set0_key(dsa, Y, NULL)) {
-		/* QPG attached, cleaned up by DSA_fre() */
+		/* QPG attached, cleaned up by DSA_free() */
 		DSA_free(dsa);
 		BN_free(Y);
 		return NULL;
diff --git a/contrib/unbound/sldns/str2wire.c b/contrib/unbound/sldns/str2wire.c
index becd6d3855c9..392fc8f1d32a 100644
--- a/contrib/unbound/sldns/str2wire.c
+++ b/contrib/unbound/sldns/str2wire.c
@@ -857,7 +857,7 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len,
 		while (rdata_len && *rdata != 0) {
 			uint8_t label_len;
 
-			if (*rdata & 0xC0)
+			if ((*rdata & 0xC0))
 				return LDNS_WIREPARSE_ERR_OK;
 
 			label_len = *rdata + 1;
diff --git a/contrib/unbound/sldns/wire2str.h b/contrib/unbound/sldns/wire2str.h
index 772268b249c9..36c58b8b064d 100644
--- a/contrib/unbound/sldns/wire2str.h
+++ b/contrib/unbound/sldns/wire2str.h
@@ -262,7 +262,7 @@ int sldns_wire2str_rdata_unknown_scan(uint8_t** data, size_t* data_len,
  * @param pkt: packet for decompression, if NULL no decompression.
  * @param pktlen: length of packet buffer.
  * @param comprloop: inout bool, that is set true if compression loop failure
- * 	happens.  Pass in 0, if passsed in as true, a lower bound is set
+ * 	happens.  Pass in 0, if passed in as true, a lower bound is set
  * 	on compression loops to stop arbitrary long packet parse times.
  * 	This is meant so you can set it to 0 at the start of a list of dnames,
  * 	and then scan all of them in sequence, if a loop happens, it becomes
diff --git a/contrib/unbound/smallapp/unbound-anchor.c b/contrib/unbound/smallapp/unbound-anchor.c
index 708731a09dd8..55d363da70bb 100644
--- a/contrib/unbound/smallapp/unbound-anchor.c
+++ b/contrib/unbound/smallapp/unbound-anchor.c
@@ -382,7 +382,7 @@ read_cert_file(const char* file)
 	STACK_OF(X509)* sk;
 	FILE* in;
 	int content = 0;
-	char buf[128];
+	long flen;
 	if(file == NULL || strcmp(file, "") == 0) {
 		return NULL;
 	}
@@ -399,6 +399,11 @@ read_cert_file(const char* file)
 #endif
 		return NULL;
 	}
+	if(fseek(in, 0, SEEK_END) < 0)
+		printf("%s fseek: %s\n", file, strerror(errno));
+	flen = ftell(in);
+	if(fseek(in, 0, SEEK_SET) < 0)
+		printf("%s fseek: %s\n", file, strerror(errno));
 	while(!feof(in)) {
 		X509* x = PEM_read_X509(in, NULL, NULL, NULL);
 		if(x == NULL) {
@@ -414,8 +419,9 @@ read_cert_file(const char* file)
 			exit(0);
 		}
 		content = 1;
-		/* read away newline after --END CERT-- */
-		if(!fgets(buf, (int)sizeof(buf), in))
+		/* feof may not be true yet, but if the position is
+		 * at end of file, stop reading more certificates. */
+		if(ftell(in) == flen)
 			break;
 	}
 	fclose(in);
diff --git a/contrib/unbound/smallapp/unbound-checkconf.c b/contrib/unbound/smallapp/unbound-checkconf.c
index 8fd821396025..b3c57fd2a52c 100644
--- a/contrib/unbound/smallapp/unbound-checkconf.c
+++ b/contrib/unbound/smallapp/unbound-checkconf.c
@@ -294,7 +294,8 @@ view_and_respipchecks(struct config_file* cfg)
 {
 	struct views* views = NULL;
 	struct respip_set* respip = NULL;
-	int ignored = 0;
+	int have_view_respip_cfg = 0;
+	int use_response_ip = 0;
 	if(!(views = views_create()))
 		fatal_exit("Could not create views: out of memory");
 	if(!(respip = respip_set_create()))
@@ -303,8 +304,11 @@ view_and_respipchecks(struct config_file* cfg)
 		fatal_exit("Could not set up views");
 	if(!respip_global_apply_cfg(respip, cfg))
 		fatal_exit("Could not setup respip set");
-	if(!respip_views_apply_cfg(views, cfg, &ignored))
+	if(!respip_views_apply_cfg(views, cfg, &have_view_respip_cfg))
 		fatal_exit("Could not setup per-view respip sets");
+	use_response_ip = !respip_set_is_empty(respip) || have_view_respip_cfg;
+	if(use_response_ip && !strstr(cfg->module_conf, "respip"))
+		fatal_exit("response-ip options require respip module");
 	acl_view_tag_checks(cfg, views);
 	views_delete(views);
 	respip_set_delete(respip);
@@ -450,6 +454,39 @@ ifautomaticportschecks(char* ifautomaticports)
 	}
 }
 
+/** check control interface strings */
+static void
+controlinterfacechecks(struct config_file* cfg)
+{
+	struct config_strlist* p;
+	for(p = cfg->control_ifs.first; p; p = p->next) {
+		struct sockaddr_storage a;
+		socklen_t alen;
+		char** rcif = NULL;
+		int i, num_rcif = 0;
+		/* See if it is a local socket, starts with a '/'. */
+		if(p->str && p->str[0] == '/')
+			continue;
+		if(!resolve_interface_names(&p->str, 1, NULL, &rcif,
+			&num_rcif)) {
+			fatal_exit("could not resolve interface names, for control-interface: %s",
+				p->str);
+		}
+		for(i=0; i<num_rcif; i++) {
+			if(!extstrtoaddr(rcif[i], &a, &alen,
+				cfg->control_port)) {
+				if(strcmp(p->str, rcif[i])!=0)
+					fatal_exit("cannot parse control-interface address '%s' from the control-interface specified as '%s'",
+						rcif[i], p->str);
+				else
+					fatal_exit("cannot parse control-interface specified as '%s'",
+						p->str);
+			}
+		}
+		config_del_strarray(rcif, num_rcif);
+	}
+}
+
 /** check acl ips */
 static void
 aclchecks(struct config_file* cfg)
@@ -636,8 +673,10 @@ check_modules_exist(const char* module_conf)
 				}
 				n[j] = s[j];
 			}
-			fatal_exit("module_conf lists module '%s' but that "
-				"module is not available.", n);
+			fatal_exit("Unknown value in module-config, module: "
+				"'%s'. This module is not present (not "
+				"compiled in); see the list of linked modules "
+				"with unbound -V", n);
 		}
 		s += strlen(names[i]);
 	}
@@ -926,6 +965,8 @@ morechecks(struct config_file* cfg)
 			fatal_exit("control-cert-file: \"%s\" does not exist",
 				cfg->control_cert_file);
 	}
+	if(cfg->remote_control_enable)
+		controlinterfacechecks(cfg);
 
 	donotquerylocalhostcheck(cfg);
 	localzonechecks(cfg);
@@ -966,6 +1007,8 @@ check_auth(struct config_file* cfg)
 	if(!az || !auth_zones_apply_cfg(az, cfg, 0, &is_rpz, NULL, NULL)) {
 		fatal_exit("Could not setup authority zones");
 	}
+	if(is_rpz && !strstr(cfg->module_conf, "respip"))
+		fatal_exit("RPZ requires the respip module");
 	auth_zones_delete(az);
 }
 
diff --git a/contrib/unbound/smallapp/unbound-control.c b/contrib/unbound/smallapp/unbound-control.c
index cf5abe7eb29d..b7e9d98a27b9 100644
--- a/contrib/unbound/smallapp/unbound-control.c
+++ b/contrib/unbound/smallapp/unbound-control.c
@@ -143,6 +143,8 @@ usage(void)
 	printf("  load_cache			load cache from stdin\n");
 	printf("				(not supported in remote unbounds in\n");
 	printf("				multi-process operation)\n");
+	printf("  cache_lookup [+t] <names>	print rrsets and msgs at or under the names\n");
+	printf("		+t		allow tld and root names.\n");
 	printf("  lookup <name>			print nameservers for name\n");
 	printf("  flush [+c] <name>			flushes common types for name from cache\n");
 	printf("  				types:  A, AAAA, MX, PTR, NS,\n");
@@ -409,6 +411,7 @@ static void print_extended(struct ub_stats_info* s, int inhibit_zero)
 	PR_UL("num.answer.secure", s->svr.ans_secure);
 	PR_UL("num.answer.bogus", s->svr.ans_bogus);
 	PR_UL("num.rrset.bogus", s->svr.rrset_bogus);
+	PR_UL("num.valops", s->svr.val_ops);
 	PR_UL("num.query.aggressive.NOERROR", s->svr.num_neg_cache_noerror);
 	PR_UL("num.query.aggressive.NXDOMAIN", s->svr.num_neg_cache_nxdomain);
 	/* threat detection */
diff --git a/contrib/unbound/testcode/doqclient.c b/contrib/unbound/testcode/doqclient.c
index e6f63a761f35..238a9380306d 100644
--- a/contrib/unbound/testcode/doqclient.c
+++ b/contrib/unbound/testcode/doqclient.c
@@ -48,10 +48,13 @@
 #ifdef HAVE_NGTCP2
 #include <ngtcp2/ngtcp2.h>
 #include <ngtcp2/ngtcp2_crypto.h>
-#ifdef HAVE_NGTCP2_NGTCP2_CRYPTO_QUICTLS_H
+#ifdef HAVE_NGTCP2_NGTCP2_CRYPTO_OSSL_H
+#include <ngtcp2/ngtcp2_crypto_ossl.h>
+#elif defined(HAVE_NGTCP2_NGTCP2_CRYPTO_QUICTLS_H)
 #include <ngtcp2/ngtcp2_crypto_quictls.h>
-#else
+#elif defined(HAVE_NGTCP2_NGTCP2_CRYPTO_OPENSSL_H)
 #include <ngtcp2/ngtcp2_crypto_openssl.h>
+#define MAKE_QUIC_METHOD 1
 #endif
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
@@ -107,10 +110,14 @@ struct doq_client_data {
 	SSL_CTX* ctx;
 	/** SSL object */
 	SSL* ssl;
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT)
 	/** the connection reference for ngtcp2_conn and userdata in ssl */
 	struct ngtcp2_crypto_conn_ref conn_ref;
 #endif
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	/** the per-connection state for ngtcp2_crypto_ossl */
+	struct ngtcp2_crypto_ossl_ctx* ossl_ctx;
+#endif
 	/** the quic version to use */
 	uint32_t quic_version;
 	/** the last error */
@@ -197,11 +204,12 @@ struct doq_client_stream {
 	int query_is_done;
 };
 
-#ifndef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#ifdef MAKE_QUIC_METHOD
 /** the quic method struct, must remain valid during the QUIC connection. */
 static SSL_QUIC_METHOD quic_method;
 #endif
 
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT)
 /** Get the connection ngtcp2_conn from the ssl app data
  * ngtcp2_crypto_conn_ref */
 static ngtcp2_conn* conn_ref_get_conn(ngtcp2_crypto_conn_ref* conn_ref)
@@ -210,11 +218,12 @@ static ngtcp2_conn* conn_ref_get_conn(ngtcp2_crypto_conn_ref* conn_ref)
 		conn_ref->user_data;
 	return data->conn;
 }
+#endif
 
 static void
 set_app_data(SSL* ssl, struct doq_client_data* data)
 {
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT)
 	data->conn_ref.get_conn = &conn_ref_get_conn;
 	data->conn_ref.user_data = data;
 	SSL_set_app_data(ssl, &data->conn_ref);
@@ -227,7 +236,7 @@ static struct doq_client_data*
 get_app_data(SSL* ssl)
 {
 	struct doq_client_data* data;
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT)
 	data = (struct doq_client_data*)((struct ngtcp2_crypto_conn_ref*)
 		SSL_get_app_data(ssl))->user_data;
 #else
@@ -893,7 +902,7 @@ handshake_completed(ngtcp2_conn* ATTR_UNUSED(conn), void* user_data)
 			verbose(1, "early data was accepted by the server");
 		}
 	}
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT)
 	if(data->transport_file) {
 		early_data_write_transport(data);
 	}
@@ -1207,7 +1216,7 @@ early_data_write_transport(struct doq_client_data* data)
 #endif
 }
 
-#ifndef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#ifdef MAKE_QUIC_METHOD
 /** applicatation rx key callback, this is where the rx key is set,
  * and streams can be opened, like http3 unidirectional streams, like
  * the http3 control and http3 qpack encode and decoder streams. */
@@ -1317,7 +1326,7 @@ send_alert(SSL *ssl, enum ssl_encryption_level_t ATTR_UNUSED(level),
 	data->tls_alert = alert;
 	return 1;
 }
-#endif /* HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT */
+#endif /* MAKE_QUIC_METHOD */
 
 /** new session callback. We can write it to file for resumption later. */
 static int
@@ -1357,7 +1366,7 @@ ctx_client_setup(void)
 		log_err("ngtcp2_crypto_quictls_configure_client_context failed");
 		exit(1);
 	}
-#else
+#elif defined(MAKE_QUIC_METHOD)
 	memset(&quic_method, 0, sizeof(quic_method));
 	quic_method.set_encryption_secrets = &set_encryption_secrets;
 	quic_method.add_handshake_data = &add_handshake_data;
@@ -1373,22 +1382,39 @@ ctx_client_setup(void)
 static SSL*
 ssl_client_setup(struct doq_client_data* data)
 {
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	int ret;
+#endif
 	SSL* ssl = SSL_new(data->ctx);
 	if(!ssl) {
 		log_crypto_err("Could not SSL_new");
 		exit(1);
 	}
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	if((ret=ngtcp2_crypto_ossl_ctx_new(&data->ossl_ctx, NULL)) != 0) {
+		log_err("ngtcp2_crypto_ossl_ctx_new failed: %s",
+			ngtcp2_strerror(ret));
+		exit(1);
+	}
+	ngtcp2_crypto_ossl_ctx_set_ssl(data->ossl_ctx, ssl);
+	if(ngtcp2_crypto_ossl_configure_client_session(ssl) != 0) {
+		log_err("ngtcp2_crypto_ossl_configure_client_session failed");
+		exit(1);
+	}
+#endif
 	set_app_data(ssl, data);
 	SSL_set_connect_state(ssl);
 	if(!SSL_set_fd(ssl, data->fd)) {
 		log_crypto_err("Could not SSL_set_fd");
 		exit(1);
 	}
+#ifndef USE_NGTCP2_CRYPTO_OSSL
 	if((data->quic_version & 0xff000000) == 0xff000000) {
 		SSL_set_quic_use_legacy_codepoint(ssl, 1);
 	} else {
 		SSL_set_quic_use_legacy_codepoint(ssl, 0);
 	}
+#endif
 	SSL_set_alpn_protos(ssl, (const unsigned char *)"\x03""doq", 4);
 	/* send the SNI host name */
 	SSL_set_tlsext_host_name(ssl, "localhost");
@@ -2072,7 +2098,11 @@ early_data_setup_session(struct doq_client_data* data)
 		SSL_SESSION_free(session);
 		return 0;
 	}
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	SSL_set_quic_tls_early_data_enabled(data->ssl, 1);
+#else
 	SSL_set_quic_early_data_enabled(data->ssl, 1);
+#endif
 	SSL_SESSION_free(session);
 	return 1;
 }
@@ -2221,6 +2251,15 @@ create_doq_client_data(const char* svr, int port, struct ub_event_base* base,
 	data = calloc(1, sizeof(*data));
 	if(!data) fatal_exit("calloc failed: out of memory");
 	data->base = base;
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	/* Initialize the ossl crypto, it is harmless to call twice,
+	 * and this is before use of doq connections. */
+	if(ngtcp2_crypto_ossl_init() != 0)
+		fatal_exit("ngtcp2_crypto_oss_init failed");
+#elif defined(HAVE_NGTCP2_CRYPTO_QUICTLS_INIT)
+	if(ngtcp2_crypto_quictls_init() != 0)
+		fatal_exit("ngtcp2_crypto_quictls_init failed");
+#endif
 	data->rnd = ub_initstate(NULL);
 	if(!data->rnd) fatal_exit("ub_initstate failed: out of memory");
 	data->svr = svr;
@@ -2255,7 +2294,11 @@ create_doq_client_data(const char* svr, int port, struct ub_event_base* base,
 		SSL_CTX_sess_set_new_cb(data->ctx, new_session_cb);
 	}
 	data->ssl = ssl_client_setup(data);
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	ngtcp2_conn_set_tls_native_handle(data->conn, data->ossl_ctx);
+#else
 	ngtcp2_conn_set_tls_native_handle(data->conn, data->ssl);
+#endif
 	if(data->early_data_enabled)
 		early_data_setup(data);
 
@@ -2301,8 +2344,14 @@ delete_doq_client_data(struct doq_client_data* data)
 		}
 	}
 #endif
-	ngtcp2_conn_del(data->conn);
+	/* Remove the app data from ngtcp2 before SSL_free of conn->ssl,
+	 * because the ngtcp2 conn is deleted. */
+	SSL_set_app_data(data->ssl, NULL);
 	SSL_free(data->ssl);
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	ngtcp2_crypto_ossl_ctx_del(data->ossl_ctx);
+#endif
+	ngtcp2_conn_del(data->conn);
 	sldns_buffer_free(data->pkt_buf);
 	sldns_buffer_free(data->blocked_pkt);
 	if(data->fd != -1)
diff --git a/contrib/unbound/testcode/fake_event.c b/contrib/unbound/testcode/fake_event.c
index f7f3210790eb..ce439edd1294 100644
--- a/contrib/unbound/testcode/fake_event.c
+++ b/contrib/unbound/testcode/fake_event.c
@@ -188,6 +188,22 @@ delete_replay_answer(struct replay_answer* a)
 	free(a);
 }
 
+/** Log the packet for a reply_packet from testpkts. */
+static void
+log_testpkt_reply_pkt(const char* txt, struct reply_packet* reppkt)
+{
+	if(!reppkt) {
+		log_info("%s <null>", txt);
+		return;
+	}
+	if(reppkt->reply_from_hex) {
+		log_pkt(txt, sldns_buffer_begin(reppkt->reply_from_hex),
+			sldns_buffer_limit(reppkt->reply_from_hex));
+		return;
+	}
+	log_pkt(txt, reppkt->reply_pkt, reppkt->reply_len);
+}
+
 /**
  * return: true if pending query matches the now event.
  */
@@ -240,9 +256,8 @@ pending_find_match(struct replay_runtime* runtime, struct entry** entry,
 				p->start_step, p->end_step, (*entry)->lineno);
 			if(p->addrlen != 0)
 				log_addr(0, "matched ip", &p->addr, p->addrlen);
-			log_pkt("matched pkt: ",
-				(*entry)->reply_list->reply_pkt,
-				(*entry)->reply_list->reply_len);
+			log_testpkt_reply_pkt("matched pkt: ",
+				(*entry)->reply_list);
 			return 1;
 		}
 		p = p->next_range;
@@ -330,7 +345,7 @@ fill_buffer_with_reply(sldns_buffer* buffer, struct entry* entry, uint8_t* q,
 		while(reppkt && i--)
 			reppkt = reppkt->next;
 		if(!reppkt) fatal_exit("extra packet read from TCP stream but none is available");
-		log_pkt("extra_packet ", reppkt->reply_pkt, reppkt->reply_len);
+		log_testpkt_reply_pkt("extra packet ", reppkt);
 	}
 	if(reppkt->reply_from_hex) {
 		c = sldns_buffer_begin(reppkt->reply_from_hex);
@@ -462,8 +477,7 @@ fake_front_query(struct replay_runtime* runtime, struct replay_moment *todo)
 		repinfo.c->type = comm_udp;
 	fill_buffer_with_reply(repinfo.c->buffer, todo->match, NULL, 0, 0);
 	log_info("testbound: incoming QUERY");
-	log_pkt("query pkt", todo->match->reply_list->reply_pkt,
-		todo->match->reply_list->reply_len);
+	log_testpkt_reply_pkt("query pkt ", todo->match->reply_list);
 	/* call the callback for incoming queries */
 	if((*runtime->callback_query)(repinfo.c, runtime->cb_arg,
 		NETEVENT_NOERROR, &repinfo)) {
@@ -900,8 +914,10 @@ run_scenario(struct replay_runtime* runtime)
 			runtime->now->evt_type == repevt_front_reply) {
 			answer_check_it(runtime);
 			advance_moment(runtime);
-		} else if(pending_matches_range(runtime, &entry, &pending)) {
-			answer_callback_from_entry(runtime, entry, pending);
+		} else if(runtime->now && pending_matches_range(runtime,
+			&entry, &pending)) {
+			if(entry)
+				answer_callback_from_entry(runtime, entry, pending);
 		} else {
 			do_moment_and_advance(runtime);
 		}
@@ -1254,7 +1270,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
 	struct query_info* qinfo, uint16_t flags, int dnssec,
 	int ATTR_UNUSED(want_dnssec), int ATTR_UNUSED(nocaps),
 	int ATTR_UNUSED(check_ratelimit),
-	int ATTR_UNUSED(tcp_upstream), int ATTR_UNUSED(ssl_upstream),
+	int tcp_upstream, int ATTR_UNUSED(ssl_upstream),
 	char* ATTR_UNUSED(tls_auth_name), struct sockaddr_storage* addr,
 	socklen_t addrlen, uint8_t* zone, size_t zonelen,
 	struct module_qstate* qstate, comm_point_callback_type* callback,
@@ -1274,7 +1290,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
 		(flags&~(BIT_RD|BIT_CD))?" MORE":"", (dnssec)?" DO":"");
 
 	/* create packet with EDNS */
-	pend->buffer = sldns_buffer_new(512);
+	pend->buffer = sldns_buffer_new(4096);
 	log_assert(pend->buffer);
 	sldns_buffer_write_u16(pend->buffer, 0); /* id */
 	sldns_buffer_write_u16(pend->buffer, flags);
@@ -1334,7 +1350,13 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
 		edns.opt_list_in = NULL;
 		edns.opt_list_out = per_upstream_opt_list;
 		edns.opt_list_inplace_cb_out = NULL;
-		attach_edns_record(pend->buffer, &edns);
+		if(sldns_buffer_capacity(pend->buffer) >=
+			sldns_buffer_limit(pend->buffer)
+			+calc_edns_field_size(&edns)) {
+			attach_edns_record(pend->buffer, &edns);
+		} else {
+			verbose(VERB_ALGO, "edns field too large to fit");
+		}
 	}
 	memcpy(&pend->addr, addr, addrlen);
 	pend->addrlen = addrlen;
@@ -1345,7 +1367,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
 	pend->callback = callback;
 	pend->cb_arg = callback_arg;
 	pend->timeout = UDP_AUTH_QUERY_TIMEOUT/1000;
-	pend->transport = transport_udp; /* pretend UDP */
+	pend->transport = tcp_upstream?transport_tcp:transport_udp;
 	pend->pkt = NULL;
 	pend->runtime = runtime;
 	pend->serviced = 1;
diff --git a/contrib/unbound/testcode/testbound.c b/contrib/unbound/testcode/testbound.c
index 6da4ceaf2ebf..063037df4e80 100644
--- a/contrib/unbound/testcode/testbound.c
+++ b/contrib/unbound/testcode/testbound.c
@@ -293,6 +293,16 @@ setup_config(FILE* in, int* lineno, int* pass_argc, char* pass_argv[])
 			fclose(cfg);
 			return;
 		}
+		if(strncmp(parse, "fake-sha1: yes", 14) == 0) {
+			/* Allow the use of SHA1 signatures for the test,
+			 * in case that OpenSSL disallows use of RSASHA1
+			 * with rh-allow-sha1-signatures disabled. */
+#ifndef UB_ON_WINDOWS
+			setenv("OPENSSL_ENABLE_SHA1_SIGNATURES", "1", 0);
+#else
+			_putenv("OPENSSL_ENABLE_SHA1_SIGNATURES=1");
+#endif
+		}
 		fputs(line, cfg);
 	}
 	fatal_exit("No CONFIG_END in input file");
@@ -333,6 +343,35 @@ static void remove_configfile(void)
 	cfgfiles = NULL;
 }
 
+/** perform the playback on the playback_file with the args. */
+static int
+perform_playback(char* playback_file, int pass_argc, char** pass_argv)
+{
+	struct replay_scenario* scen = NULL;
+	int c, res;
+
+	/* setup test environment */
+	scen = setup_playback(playback_file, &pass_argc, pass_argv);
+	/* init fake event backend */
+	fake_event_init(scen);
+
+	pass_argv[pass_argc] = NULL;
+	echo_cmdline(pass_argc, pass_argv);
+
+	/* run the normal daemon */
+	res = daemon_main(pass_argc, pass_argv);
+
+	fake_event_cleanup();
+	for(c=1; c<pass_argc; c++)
+		free(pass_argv[c]);
+	return res;
+}
+
+/* For fuzzing the main routine is replaced with
+ * LLVMFuzzerTestOneInput. */
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+#define main dummy_main
+#endif
 /**
  * Main fake event test program. Setup, teardown and report errors.
  * @param argc: arg count.
@@ -348,7 +387,6 @@ main(int argc, char* argv[])
 	char* playback_file = NULL;
 	int init_optind = optind;
 	char* init_optarg = optarg;
-	struct replay_scenario* scen = NULL;
 
 	/* we do not want the test to depend on the timezone */
 	(void)putenv("TZ=UTC");
@@ -456,24 +494,11 @@ main(int argc, char* argv[])
 	if(atexit(&remove_configfile) != 0)
 		fatal_exit("atexit() failed: %s", strerror(errno));
 
-	/* setup test environment */
-	scen = setup_playback(playback_file, &pass_argc, pass_argv);
-	/* init fake event backend */
-	fake_event_init(scen);
-
-	pass_argv[pass_argc] = NULL;
-	echo_cmdline(pass_argc, pass_argv);
-
 	/* reset getopt processing */
 	optind = init_optind;
 	optarg = init_optarg;
 
-	/* run the normal daemon */
-	res = daemon_main(pass_argc, pass_argv);
-
-	fake_event_cleanup();
-	for(c=1; c<pass_argc; c++)
-		free(pass_argv[c]);
+	res = perform_playback(playback_file, pass_argc, pass_argv);
 	if(res == 0) {
 		log_info("Testbound Exit Success\n");
 		/* remove configfile from here, the atexit() is for when
@@ -493,6 +518,101 @@ main(int argc, char* argv[])
 	return res;
 }
 
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+static int delete_file(const char *pathname) {
+  int ret = unlink(pathname);
+  free((void *)pathname);
+  return ret;
+}
+
+static char *buf_to_file(const uint8_t *buf, size_t size) {
+  int fd;
+  size_t pos;
+  char *pathname = strdup("/tmp/fuzz-XXXXXX");
+  if (pathname == NULL)
+    return NULL;
+
+  fd = mkstemp(pathname);
+  if (fd == -1) {
+    log_err("mkstemp of file %s failed: %s", pathname, strerror(errno));
+    free(pathname);
+    return NULL;
+  }
+  pos = 0;
+  while (pos < size) {
+    int nbytes = write(fd, &buf[pos], size - pos);
+    if (nbytes <= 0) {
+      if (nbytes == -1 && errno == EINTR)
+             continue;
+      log_err("write to file %s failed: %s", pathname, strerror(errno));
+      goto err;
+    }
+    pos += nbytes;
+  }
+
+  if (close(fd) == -1) {
+    log_err("close of file %s failed: %s", pathname, strerror(errno));
+    goto err;
+  }
+
+  return pathname;
+err:
+  delete_file(pathname);
+  return NULL;
+}
+
+/* based on main() above, but with: hard-coded passed args, file created from fuzz input */
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+       int c, res;
+       int pass_argc = 0;
+       char* pass_argv[MAXARG];
+       char* playback_file = NULL;
+
+       /* we do not want the test to depend on the timezone */
+       (void)putenv("TZ=UTC");
+       memset(pass_argv, 0, sizeof(pass_argv));
+#ifdef HAVE_SYSTEMD
+       /* we do not want the test to use systemd daemon startup notification*/
+       (void)unsetenv("NOTIFY_SOCKET");
+#endif /* HAVE_SYSTEMD */
+
+       checklock_start();
+       log_init(NULL, 0, NULL);
+       /* determine commandline options for the daemon */
+       pass_argc = 1;
+       pass_argv[0] = "unbound";
+       add_opts("-d", &pass_argc, pass_argv);
+
+       playback_file = buf_to_file(Data, Size);
+       if (playback_file) {
+               log_info("Start of %s testbound program.", PACKAGE_STRING);
+
+               res = perform_playback(playback_file, pass_argc, pass_argv);
+               if(res == 0) {
+                       log_info("Testbound Exit Success\n");
+                       /* remove configfile from here, the atexit() is for when
+                        * there is a crash to remove the tmpdir file.
+                        * This one removes the file while alloc and log locks are
+                        * still valid, and can be logged (for memory calculation),
+                        * it leaves the ptr NULL so the atexit does nothing. */
+                       remove_configfile();
+#ifdef HAVE_PTHREAD
+                       /* dlopen frees its thread state (dlopen of gost engine) */
+                       pthread_exit(NULL);
+#endif
+               }
+
+               delete_file(playback_file);
+       }
+
+       if(log_get_lock()) {
+               lock_basic_destroy((lock_basic_type*)log_get_lock());
+       }
+       return res;
+}
+#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
+
 /* fake remote control */
 struct listen_port* daemon_remote_open_ports(struct config_file* 
 	ATTR_UNUSED(cfg))
diff --git a/contrib/unbound/testcode/unitdname.c b/contrib/unbound/testcode/unitdname.c
index 08a2dbad774d..95c6e1fda705 100644
--- a/contrib/unbound/testcode/unitdname.c
+++ b/contrib/unbound/testcode/unitdname.c
@@ -45,6 +45,7 @@
 #include "util/data/dname.h"
 #include "sldns/sbuffer.h"
 #include "sldns/str2wire.h"
+#include "sldns/wire2str.h"
 
 /** put dname into buffer */
 static sldns_buffer*
@@ -476,6 +477,23 @@ dname_test_removelabel(void)
 	unit_assert( l == 1 );
 }
 
+/** test dname_remove_label_limit_len */
+static void
+dname_test_removelabellimitlen(void)
+{
+	uint8_t* orig = (uint8_t*)"\007example\003com\000";
+	uint8_t* n = orig;
+	size_t l = 13;
+	size_t lenlimit = 5; /* com.*/
+	unit_show_func("util/data/dname.c", "dname_remove_label_limit_len");
+	unit_assert(dname_remove_label_limit_len(&n, &l, lenlimit) == 1);
+	unit_assert( n == orig+8 );
+	unit_assert( l == 5 );
+	unit_assert(dname_remove_label_limit_len(&n, &l, lenlimit) == 0);
+	unit_assert( n == orig+8 );
+	unit_assert( l == 5 );
+}
+
 /** test dname_signame_label_count */
 static void
 dname_test_sigcount(void)
@@ -859,6 +877,262 @@ dname_setup_bufs(sldns_buffer* loopbuf, sldns_buffer* boundbuf)
 	sldns_buffer_flip(boundbuf);
 }
 
+/* Test strings for the test_long_names test. */
+/* Each label begins with the length of the label including the length octet. */
+
+char desc_1[] = "Domain is 1 octet too long.";
+
+uint8_t wire_dom_1[] = { /* Bad: Domain: (8x)0031abcdefghijklmnopqrstuvwxyz.0007ab. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+			    0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+			    0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+			    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+			    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Bad: */ 0x06, 0x30, 0x30, 0x30, 0x37, 0x61, 0x62, 0x00
+};
+
+char desc_2[] = "Domain has the maximum allowed length (255).";
+
+uint8_t wire_dom_2[] = { /* Good: Domain: (8x)0031abcdefghijklmnopqrstuvwxyz.00076a. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+			    0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+			    0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+			    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+			    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Good: */ 0x05, 0x30, 0x30, 0x30, 0x36, 0x61, 0x00
+};
+
+char desc_3[] = "Domain has a length one label in the 255th position for a total of 257.";
+
+uint8_t wire_dom_3[] = { /* Bad: Domain: (8x(0031abcdefghijklmnopqrstuvwxyz.0006ab.1. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+			    0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+			    0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+			    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+			    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Bad: */ 0x05, 0x30, 0x30, 0x30, 0x36, 0x61, 0x01, 0x32, 0x00
+};
+
+char desc_4[] = "Domain has the maximum allowed length (255).";
+
+uint8_t wire_dom_4[] = { /* Good: Domain: (8x)0031abcdefghijklmnopqrstuvwxyz.03.03. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+			    0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+			    0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+			    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+			    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Good: */ 0x02, 0x30, 0x33, 0x02, 0x30, 0x33, 0x00
+};
+
+char desc_5[] = "Domain has a maximum length label (63) in the 255th position.";
+
+uint8_t wire_dom_5[] = { /* Bad: Domain: (8x)0031abcdefghijklmnopqrstuvwxyz.03.03.65abc...zab...zab...ghi. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+			    0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+			    0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+			    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+			    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Bad: */ 0x02, 0x30, 0x33, 0x02, 0x30, 0x33, 0x3f, 0x36,
+			    0x33, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65,
+			    0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75,
+			    0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x00
+};
+
+char desc_6[] = "Domain has a too long label (65) in the 255th position.";
+
+uint8_t wire_dom_6[] = { /* Bad: Domain: (8x)0031abcdefghijklmnopqrstuvwxyz.03.03.66abc...zab...zab...ijk. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+			    0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+			    0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+			    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+			    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Bad: */ 0x02, 0x30, 0x33, 0x02, 0x30, 0x33, 0x41, 0x36,
+			    0x36, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65,
+			    0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75,
+			    0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x00
+};
+
+char desc_7[] = "Domain has a too long label (65) in the 187th position.";
+
+uint8_t wire_dom_7[] = { /* Bad: Domain: (6x)0031abcdefghijklmnopqrstuvwxyz.65abc..zab...zab...ijk. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a,
+			    /* Bad: */  0x41, 0x36,
+			    0x36, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65,
+			    0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75,
+			    0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x00
+};
+
+char desc_8[] = "Domains has the maximum allowed length and ends with a maximum length label.";
+
+uint8_t wire_dom_8[] = { /* Good: Domain: (6x)0031abcdefghijklmnopqrstuvwxyz.0004.0064abc..zab...zabcdefg. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x03, 0x30, 0x30, 0x34 ,/* Good: */ 0x3f, 0x30,
+			    0x30, 0x36, 0x34, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63,
+			    0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73,
+			    0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x00
+};
+
+char desc_9[] = "Domains has 254 octets, one less than the maximum allowed length.";
+
+uint8_t wire_dom_9[] = { /* Good: Domain: (6x)0031abcdefghijklmnopqrstuvwxyz.0004.0064abc..zab...zabcdef. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x03, 0x30, 0x30, 0x34 ,/* Good: */ 0x3e, 0x30,
+			    0x30, 0x35, 0x34, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63,
+			    0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73,
+			    0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x00
+};
+
+ /** Test dname to string with long domain names. */
+static void
+test_long_names(void)
+{
+	/* Set to 1 for verbose output, 0 turns it off. */
+	int verbtest = 0;
+
+	uint8_t* wire_doms[] = {wire_dom_1, wire_dom_2, wire_dom_3,
+		wire_dom_4, wire_dom_5, wire_dom_6, wire_dom_7, wire_dom_8,
+		wire_dom_9, 0};
+	char* descs[] = {desc_1, desc_2, desc_3, desc_4, desc_5, desc_6,
+		desc_7, desc_8, desc_9, 0};
+
+	int n;
+	char string_domain[260];
+	uint8_t** wd = wire_doms;
+	int di = 0;
+	int skip = 5; /* 0..6 */
+
+	while (*wd) {
+
+		if(verbtest)
+			printf("Test: %s\n", descs[di++]);
+
+		memset(string_domain, 0xff, sizeof(string_domain));
+		dname_str(*wd, string_domain);
+		for (n = 0 ; n < (int)sizeof(string_domain); ++n) {
+			if ((uint8_t)string_domain[n] == 0xff)
+			break;
+		}
+		if(verbtest)
+			printf("dname_str: L=%d, S=Skipping %d labels...%s\n",
+				n, skip, string_domain + skip*31);
+		unit_assert(n <= 255);
+
+		memset(string_domain, 0xff, sizeof(string_domain));
+		sldns_wire2str_dname_buf(*wd,
+			strlen((char*)*wd)+1 /* strlen works with these test strings */,
+			string_domain,
+			255 /* for comparable result to dname_str */ );
+		for (n = 0 ; n < (int)sizeof(string_domain); ++n) {
+			if ((uint8_t)string_domain[n] == 0xff)
+			break;
+		}
+		if(verbtest)
+			printf("sldns_wire2str_dname_buf: L=%d, S=Skipping %d labels...%s\n",
+				n, skip, string_domain + skip*31);
+		unit_assert(n <= 255);
+
+		++wd;
+	}
+}
+
 static void
 dname_test_str(sldns_buffer* buff)
 {
@@ -1002,6 +1276,8 @@ dname_test_str(sldns_buffer* buff)
 			unit_assert(0);
 		}
 	}
+
+	test_long_names();
 }
 
 void dname_test(void)
@@ -1024,6 +1300,7 @@ void dname_test(void)
 	dname_test_subdomain();
 	dname_test_isroot();
 	dname_test_removelabel();
+	dname_test_removelabellimitlen();
 	dname_test_sigcount();
 	dname_test_iswild();
 	dname_test_canoncmp();
diff --git a/contrib/unbound/testcode/unitinfra.c b/contrib/unbound/testcode/unitinfra.c
index 6834c51eeab8..91a88f6ae8a9 100644
--- a/contrib/unbound/testcode/unitinfra.c
+++ b/contrib/unbound/testcode/unitinfra.c
@@ -131,6 +131,7 @@ void infra_test(void)
 	unit_show_feature("infra cache");
 	unit_assert(ipstrtoaddr("127.0.0.1", 53, &one, &onelen));
 
+	config_auto_slab_values(cfg);
 	slab = infra_create(cfg);
 	/* insert new record */
 	unit_assert( infra_host(slab, &one, onelen, zone, zonelen, now,
diff --git a/contrib/unbound/testcode/unitmain.c b/contrib/unbound/testcode/unitmain.c
index 334c1af93033..07c016d7ba74 100644
--- a/contrib/unbound/testcode/unitmain.c
+++ b/contrib/unbound/testcode/unitmain.c
@@ -205,6 +205,8 @@ net_test(void)
 		unit_assert(memcmp(&a6.sin6_addr, "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\000", 16) == 0);
 		addr_mask((struct sockaddr_storage*)&a6, l6, 64);
 		unit_assert(memcmp(&a6.sin6_addr, "\377\377\377\377\377\377\377\377\000\000\000\000\000\000\000\000", 16) == 0);
+		/* Check that negative value in net is not problematic. */
+		addr_mask((struct sockaddr_storage*)&a6, l6, -100);
 		addr_mask((struct sockaddr_storage*)&a6, l6, 0);
 		unit_assert(memcmp(&a6.sin6_addr, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 16) == 0);
 	}
@@ -266,6 +268,28 @@ net_test(void)
 				(struct sockaddr_storage*)&b6, i, l6) == i);
 		}
 	}
+	/* test netblockstrtoaddr */
+	unit_show_func("util/net_help.c", "netblockstrtoaddr");
+	if(1) {
+		struct sockaddr_storage a;
+		socklen_t alen = 0;
+		int net = 0, res;
+		char astr[128];
+		memset(&a, 0, sizeof(a));
+
+		res = netblockstrtoaddr("1.2.3.0/24", 53, &a, &alen, &net);
+		unit_assert(res!=0 && net == 24);
+		addr_to_str(&a, alen, astr, sizeof(astr));
+		unit_assert(strcmp(astr, "1.2.3.0") == 0);
+		unit_assert(ntohs(((struct sockaddr_in*)&a)->sin_port)==53);
+
+		res = netblockstrtoaddr("2001:DB8:33:44::/64", 53,
+			&a, &alen, &net);
+		unit_assert(res!=0 && net == 64);
+		addr_to_str(&a, alen, astr, sizeof(astr));
+		unit_assert(strcmp(astr, "2001:db8:33:44::") == 0);
+		unit_assert(ntohs(((struct sockaddr_in6*)&a)->sin6_port)==53);
+	}
 	/* test sockaddr_cmp_addr */
 	unit_show_func("util/net_help.c", "sockaddr_cmp_addr");
 	if(1) {
diff --git a/contrib/unbound/testcode/unitverify.c b/contrib/unbound/testcode/unitverify.c
index 81c8b13c6d65..12d5205b07da 100644
--- a/contrib/unbound/testcode/unitverify.c
+++ b/contrib/unbound/testcode/unitverify.c
@@ -61,6 +61,12 @@
 #include "sldns/str2wire.h"
 #include "sldns/wire2str.h"
 
+#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL_ERR_H
+#include <openssl/err.h>
+#endif
+#endif
+
 /** verbose signature test */
 static int vsig = 0;
 
@@ -509,10 +515,137 @@ nsec3_hash_test(const char* fname)
 
 #define SRCDIRSTR xstr(SRCDIR)
 
+#if defined(HAVE_SSL) && defined(USE_SHA1)
+/* Detect if openssl is configured to disable RSASHA1 signatures,
+ * with the rh-allow-sha1-signatures disabled. */
+static int
+rh_allow_sha1_signatures_disabled(void)
+{
+	EVP_MD_CTX* ctx;
+	EVP_PKEY* evp_key;
+	/* This key is rdata from nlnetlabs.nl DNSKEY from 20250424005001,
+	 * with id=50602 (ksk), size=2048b.
+	 * A 2048 bit key is taken to avoid key too small errors. */
+	unsigned char key[] = {
+		0x03, 0x01, 0x00, 0x01, 0xBC, 0x0B, 0xE8, 0xBB,
+		0x97, 0x4C, 0xB5, 0xED, 0x6F, 0x6D, 0xC2, 0xB1,
+		0x78, 0x69, 0x93, 0x1C, 0x72, 0x19, 0xB1, 0x05,
+		0x51, 0x13, 0xA1, 0xFC, 0xBF, 0x01, 0x58, 0x0D,
+		0x44, 0x10, 0x5F, 0x0B, 0x75, 0x0E, 0x11, 0x9A,
+		0xC8, 0xF8, 0x0F, 0x90, 0xFC, 0xB8, 0x09, 0xD1,
+		0x14, 0x39, 0x0D, 0x84, 0xCE, 0x97, 0x88, 0x82,
+		0x3D, 0xC5, 0xCB, 0x1A, 0xBF, 0x00, 0x46, 0x37,
+		0x01, 0xF1, 0xCD, 0x46, 0xA2, 0x8F, 0x83, 0x19,
+		0x42, 0xED, 0x6F, 0xAF, 0x37, 0x1F, 0x18, 0x82,
+		0x4B, 0x70, 0x2D, 0x50, 0xA5, 0xA6, 0x66, 0x48,
+		0x7F, 0x56, 0xA8, 0x86, 0x05, 0x41, 0xC8, 0xBE,
+		0x4F, 0x8B, 0x38, 0x51, 0xF0, 0xEB, 0xAD, 0x2F,
+		0x7A, 0xC0, 0xEF, 0xC7, 0xD2, 0x72, 0x6F, 0x16,
+		0x66, 0xAF, 0x59, 0x55, 0xFF, 0xEE, 0x9D, 0x50,
+		0xE9, 0xDB, 0xF4, 0x02, 0xBC, 0x33, 0x5C, 0xC5,
+		0xDA, 0x1C, 0x6A, 0xD1, 0x55, 0xD1, 0x20, 0x2B,
+		0x63, 0x03, 0x4B, 0x77, 0x45, 0x46, 0x78, 0x31,
+		0xE4, 0x90, 0xB9, 0x7F, 0x00, 0xFB, 0x62, 0x7C,
+		0x07, 0xD3, 0xC1, 0x00, 0xA0, 0x54, 0x63, 0x74,
+		0x0A, 0x17, 0x7B, 0xE7, 0xAD, 0x38, 0x07, 0x86,
+		0x68, 0xE4, 0xFD, 0x20, 0x68, 0xD5, 0x33, 0x92,
+		0xCA, 0x90, 0xDD, 0xA4, 0xE9, 0xF2, 0x11, 0xBD,
+		0x9D, 0xA5, 0xF5, 0xEB, 0xB9, 0xFE, 0x8F, 0xA1,
+		0xE4, 0xBF, 0xA4, 0xA4, 0x34, 0x5C, 0x6A, 0x95,
+		0xB6, 0x42, 0x22, 0xF6, 0xD6, 0x10, 0x9C, 0x9B,
+		0x0A, 0x56, 0xE7, 0x42, 0xE5, 0x7F, 0x1F, 0x4E,
+		0xBE, 0x4F, 0x8C, 0xED, 0x30, 0x63, 0xA7, 0x88,
+		0x93, 0xED, 0x37, 0x3C, 0x80, 0xBC, 0xD1, 0x66,
+		0xBD, 0xB8, 0x2E, 0x65, 0xC4, 0xC8, 0x00, 0x5B,
+		0xE7, 0x85, 0x96, 0xDD, 0xAA, 0x05, 0xE6, 0x4F,
+		0x03, 0x64, 0xFA, 0x2D, 0xF6, 0x88, 0x14, 0x8F,
+		0x15, 0x4D, 0xFD, 0xD3
+	};
+	size_t keylen = 260;
+
+#ifdef HAVE_EVP_MD_CTX_NEW
+	ctx = EVP_MD_CTX_new();
+#else
+	ctx = (EVP_MD_CTX*)malloc(sizeof(*ctx));
+	if(ctx) EVP_MD_CTX_init(ctx);
+#endif
+	if(!ctx) return 0;
+
+	evp_key = sldns_key_rsa2pkey_raw(key, keylen);
+	if(!evp_key) {
+#ifdef HAVE_EVP_MD_CTX_NEW
+		EVP_MD_CTX_destroy(ctx);
+#else
+		EVP_MD_CTX_cleanup(ctx);
+		free(ctx);
+#endif
+		return 0;
+	}
+
+#ifndef HAVE_EVP_DIGESTVERIFY
+	(void)evp_key; /* not used */
+	if(EVP_DigestInit(ctx, EVP_sha1()) == 0)
+#else
+	if(EVP_DigestVerifyInit(ctx, NULL, EVP_sha1(), NULL, evp_key) == 0)
+#endif
+	{
+		unsigned long e = ERR_get_error();
+#ifdef EVP_R_INVALID_DIGEST
+		if (ERR_GET_LIB(e) == ERR_LIB_EVP &&
+			ERR_GET_REASON(e) == EVP_R_INVALID_DIGEST) {
+			/* rh-allow-sha1-signatures makes use of sha1 invalid. */
+			if(vsig)
+				printf("Detected that rh-allow-sha1-signatures is off, and disables SHA1 signatures\n");
+#ifdef HAVE_EVP_MD_CTX_NEW
+			EVP_MD_CTX_destroy(ctx);
+#else
+			EVP_MD_CTX_cleanup(ctx);
+			free(ctx);
+#endif
+			EVP_PKEY_free(evp_key);
+			return 1;
+		}
+#endif /* EVP_R_INVALID_DIGEST */
+		/* The signature verify failed for another reason. */
+		log_crypto_err_code("EVP_DigestVerifyInit", e);
+#ifdef HAVE_EVP_MD_CTX_NEW
+		EVP_MD_CTX_destroy(ctx);
+#else
+		EVP_MD_CTX_cleanup(ctx);
+		free(ctx);
+#endif
+		EVP_PKEY_free(evp_key);
+		return 0;
+	}
+#ifdef HAVE_EVP_MD_CTX_NEW
+	EVP_MD_CTX_destroy(ctx);
+#else
+	EVP_MD_CTX_cleanup(ctx);
+	free(ctx);
+#endif
+	EVP_PKEY_free(evp_key);
+	return 0;
+}
+#endif /* HAVE_SSL && USE_SHA1 */
+
 void 
 verify_test(void)
 {
 	unit_show_feature("signature verify");
+
+#if defined(HAVE_SSL) && defined(USE_SHA1)
+	if(rh_allow_sha1_signatures_disabled()) {
+		/* Allow the use of SHA1 signatures for the test,
+		 * in case that OpenSSL disallows use of RSASHA1
+		 * with rh-allow-sha1-signatures disabled. */
+#ifndef UB_ON_WINDOWS
+		setenv("OPENSSL_ENABLE_SHA1_SIGNATURES", "1", 0);
+#else
+		_putenv("OPENSSL_ENABLE_SHA1_SIGNATURES=1");
+#endif
+	}
+#endif
+
 #ifdef USE_SHA1
 	verifytest_file(SRCDIRSTR "/testdata/test_signatures.1", "20070818005004");
 #endif
diff --git a/contrib/unbound/testcode/unitzonemd.c b/contrib/unbound/testcode/unitzonemd.c
index 63dc13edab33..0420b0361590 100644
--- a/contrib/unbound/testcode/unitzonemd.c
+++ b/contrib/unbound/testcode/unitzonemd.c
@@ -267,6 +267,7 @@ static void zonemd_verify_test(char* zname, char* zfile, char* tastr,
 	env.cfg = config_create();
 	if(!env.cfg)
 		fatal_exit("out of memory");
+	config_auto_slab_values(env.cfg);
 	env.now = &now;
 	env.cfg->val_date_override = cfg_convert_timeval(date_override);
 	if(!env.cfg->val_date_override)
diff --git a/contrib/unbound/testdata/09-unbound-control.tdir/09-unbound-control.conf b/contrib/unbound/testdata/09-unbound-control.tdir/09-unbound-control.conf
deleted file mode 100644
index be65336eaf5e..000000000000
--- a/contrib/unbound/testdata/09-unbound-control.tdir/09-unbound-control.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-server:
-	verbosity: 5
-	num-threads: 1  # This is dynamically handled by the test when needed
-	interface: 127.0.0.1@@PORT@
-	use-syslog: no
-	directory: ""
-	pidfile: "unbound.pid"
-	chroot: ""
-	username: ""
-	do-not-query-localhost: no
-	access-control: 127.0.0.1 allow_snoop
-	access-control-view: 127.0.0.1 testview
-	msg-cache-size: 4m
-	rrset-cache-size: 4m
-	minimal-responses: yes
-	trust-anchor: "always.empty.    3600    IN      DS       50602 8 2 FA8EE175C47325F4BD46D8A4083C3EBEB11C977D689069F2B41F1A29 B22446B1"  # This is nonsense, just to kick the validator
-view:
-	name: testview
-	view-first: yes  # Allow falling back to global local data
-remote-control:
-	control-enable: yes
-	control-interface: 127.0.0.1
-	# control-interface: ::1
-	control-port: @CONTROL_PORT@
-	server-key-file: "unbound_server.key"
-	server-cert-file: "unbound_server.pem"
-	control-key-file: "unbound_control.key"
-	control-cert-file: "unbound_control.pem"
-forward-zone:
-	name: "."
-	forward-addr: "127.0.0.1@@TOPORT@"
diff --git a/contrib/unbound/testdata/09-unbound-control.tdir/09-unbound-control.test b/contrib/unbound/testdata/09-unbound-control.tdir/09-unbound-control.test
deleted file mode 100644
index da284c2c0ccd..000000000000
--- a/contrib/unbound/testdata/09-unbound-control.tdir/09-unbound-control.test
+++ /dev/null
@@ -1,493 +0,0 @@
-# #-- 09-unbound-control.test --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-PRE="../.."
-. ../common.sh
-
-# End the test
-# $1: exit value
-end () {
-	echo "> cat logfiles"
-	cat fwd.log 
-	cat unbound.log
-	exit $1
-}
-
-# Expect a given exit value of the previous command
-# $1: the expected exit value
-# $2: optional text to print when failing
-expect_exit_value () {
-	if test $? -ne $1; then
-		if test -z "$2"; then
-			if test $1 -eq 1; then
-				msg="on error"
-			else
-				msg="after success"
-			fi
-		else
-			msg="$2"
-		fi
-		echo "wrong exit value $msg"
-		end 1
-	fi
-}
-
-# Helper function for quering
-# $@: at least the domain name to query and optional dig arguments
-query () {
-	echo "> dig $@"
-	dig @127.0.0.1 -p $UNBOUND_PORT $@ | tee outfile
-}
-
-# Expect something in the answer
-# $1: expected regular expression
-expect_answer () {
-	echo "> check answer for \"$1\""
-	if grep "$1" outfile; then
-		echo "OK"
-	else
-		echo "Not OK"
-		end 1
-	fi
-}
-
-# Fail the test for unexpected answers
-# $1: unexpected regular expression
-fail_answer () {
-	echo "> \"$1\" should not be in answer"
-	if grep "$1" outfile; then
-		echo "Not OK"
-		end 1
-	else
-		echo "OK"
-	fi
-}
-
-# Issue an unbound-control command
-# $@: command arguments
-control_command() {
-	echo "$PRE/unbound-control $@"
-	$PRE/unbound-control $@ > outfile
-	exitstatus=$?
-	cat outfile
-	return $exitstatus
-}
-
-# Reload the server and check the reload has finished processing
-# when a lot of debug is enabled, a lot of log needs to be printed.
-control_reload () {
-	prelines=`wc -l unbound.log | awk '{print $1;}'`
-	cmd="$1"
-	if test -z "$cmd"; then cmd="reload"; fi
-	control_command -c ub.conf $cmd
-	expect_exit_value 0
-	# see if the reload has completed.
-	lines1=`wc -l unbound.log | awk '{print $1;}'`
-	count=0
-	lines2=`wc -l unbound.log | awk '{print $1;}'`
-	# See if the log finishes up without sleeping too long.
-	while test "$lines1" -ne "$lines2"; do
-		lines1=`wc -l unbound.log | awk '{print $1;}'`
-		# There is no sleep here. The add and compare are a
-		# brief wait.
-		count=`expr "$count" + 1`
-		if test "$count" -gt 30; then
-			break;
-		fi
-		lines2=`wc -l unbound.log | awk '{print $1;}'`
-	done
-	if test "$lines1" -ne "$lines2"; then
-		count=0
-		while test "$lines1" -ne "$lines2"; do
-			tail -1 unbound.log
-			lines1=`wc -l unbound.log | awk '{print $1;}'`
-			sleep 1
-			count=`expr "$count" + 1`
-			if test "$count" -gt 30; then
-				echo "reload is taking too long"
-				exit 1
-			fi
-			lines2=`wc -l unbound.log | awk '{print $1;}'`
-		done
-		if test "$count" -ne "0"; then
-			echo "reload done with $count sec"
-		fi
-	fi
-}
-
-# Reload the server for a clean state
-clean_reload () {
-	echo "> Reloading the server for a clean state"
-	cp main.conf ub.conf
-	control_reload
-}
-
-# Reload the server for a clean state and populate the cache
-clean_reload_and_fill_cache () {
-	clean_reload
-	echo "> Populating the cache"
-	query www.example.com
-	expect_answer "10.20.30.40"
-	if test "$have_threads" = "no"; then
-		# Try to get the answer in all processes' cache.
-		for (( try=0 ; try < num_threads * 2 * 2 ; try++ )) ; do
-			query www.example.com
-			expect_answer "10.20.30.40"
-		done
-	fi
-}
-
-# Dump the cache contents
-# $@: optional options to unbound-control
-cache_dump () {
-	echo "$PRE/unbound-control $@ dump_cache > cache.dump"
-	$PRE/unbound-control $@ dump_cache > cache.dump
-}
-
-# Load cache contents
-# $@: optional options to unbound-control
-cache_load () {
-	echo "$PRE/unbound-control $@ load_cache < cache.dump"
-	$PRE/unbound-control $@ load_cache < cache.dump
-}
-
-# Expect an entry in the cache dump
-# $1: expected regular expression
-expect_in_cache_dump () {
-	echo "> check cache dump for \"$1\""
-	if grep "$1" cache.dump; then
-		echo "OK cache dump"
-	else
-		echo "Not OK cache dump"
-		end 1
-	fi
-}
-
-# Fail the test for unexpected entry in the cache dump
-# $1: unexpected regular expression
-fail_in_cache_dump () {
-	echo "> \"$1\" should not be in cache dump"
-	if grep "$1" cache.dump; then
-		echo "Not OK cache dump"
-		end 1
-	else
-		echo "OK cache dump"
-	fi
-}
-
-# Check if multi-threading or multi-process environment
-have_threads="no"
-if grep "define HAVE_PTHREAD 1" $PRE/config.h; then have_threads="yes"; fi
-if grep "define HAVE_SOLARIS_THREADS 1" $PRE/config.h; then have_threads="yes"; fi
-if grep "define HAVE_WINDOWS_THREADS 1" $PRE/config.h; then have_threads="yes"; fi
-
-# start the test; keep the original conf file around
-cp ub.conf orig.conf
-
-
-# START - thread configuration
-# Do both single thread/process and multi thread/process runs.
-# The number of threads can only go up from the initial configuration between
-# reloads so starting with 1.
-for num_threads in 1 4; do
-
-cp orig.conf ub.conf
-echo "> setting num-threads: $num_threads"
-echo "server: num-threads: $num_threads" >> ub.conf
-cp ub.conf main.conf
-clean_reload
-
-
-teststep "exit value is 1 on usage"
-control_command -h
-expect_exit_value 1 "for usage"
-
-# use lock-verify if possible
-
-teststep "test if the server is up"
-query www.example.com.
-expect_answer "10.20.30.40"
-
-teststep "exit value is 1 when a bad command is given"
-control_command -c ub.conf blablargh
-expect_exit_value 1
-
-# reload the server. test if the server came up by putting a new
-# local-data element in the server.
-teststep "reload the server"
-echo "server: local-data: 'afterreload. IN A 5.6.7.8'" >> ub.conf
-control_reload
-query afterreload.
-expect_answer "5.6.7.8"
-
-teststep "must have had at least 1 query since reload"
-control_command -c ub.conf stats
-expect_exit_value 0
-expect_answer "^total.num.queries=[1-9][0-9]*$"
-
-teststep "check verbosity"
-control_command -c ub.conf verbosity 2
-expect_exit_value 0
-
-teststep "check syntax error in parse"
-control_command -c ub.conf verbosity jkdf
-expect_exit_value 1
-
-teststep "check bad credentials"
-cp ub.conf bad.conf
-cat conf.bad_credentials >> bad.conf
-control_command -c bad.conf verbosity 2
-expect_exit_value 1
-
-teststep "check spoofed client credentials"
-rm -f bad.conf
-cp ub.conf bad.conf
-cat conf.spoofed_credentials >> bad.conf
-control_command -c bad.conf verbosity 2
-expect_exit_value 1
-
-teststep "clean reload"
-clean_reload
-
-# The flush negative only works if the server is either on 1 thread,
-# or there is threading enabled. Multiple processes does not work for the
-# test, since the printout does not have the stats of a global cache.
-if test $num_threads -le 1 -o "$have_threads" = "yes"; then
-teststep "Check negative flushing"
-query always.empty.
-expect_answer "SERVFAIL"
-query always.empty. DNSKEY
-expect_answer "SERVFAIL"
-control_command -c ub.conf flush_negative
-expect_exit_value 0
-expect_answer "^ok removed .*, 3 messages and 1 key entries"
-control_command -c ub.conf flush_negative
-expect_exit_value 0
-expect_answer "^ok removed .*, 0 messages and 0 key entries"
-else
-	echo "> skip Check negative flushing, because no threads"
-fi
-
-teststep "create a new local zone"
-control_command -c ub.conf local_zone example.net static
-expect_exit_value 0
-control_command -c ub.conf local_data www.example.net A 192.0.2.1
-expect_exit_value 0
-
-teststep "check that www.example.net exists"
-query www.example.net.
-expect_answer "192.0.2.1"
-
-teststep "check that mail.example.net has nxdomain"
-query mail.example.net.
-expect_answer "NXDOMAIN"
-
-teststep "remove www.example.net - check it gets nxdomain"
-control_command -c ub.conf local_data_remove www.example.net
-expect_exit_value 0
-query www.example.net.
-expect_answer "NXDOMAIN"
-
-teststep "remove nonexistent name - check bug#287(segfault) does not happen"
-control_command -c ub.conf local_data_remove test.example.net
-# if crash then then we get: error: could not SSL_read from unbound-control
-expect_exit_value 0
-
-teststep "remove example.net - check its gone"
-control_command -c ub.conf local_zone_remove example.net
-expect_exit_value 0
-query www.example.net.
-expect_answer "SERVFAIL"
-
-teststep "load local-zones from file"
-control_command -c ub.conf local_zones < local_zones
-expect_exit_value 0
-query localzonefromfile
-expect_answer "REFUSED"
-if test "$have_threads" = "no"; then
-	# Try to see if a process other than the first one
-	# has updated data from stdin.
-	for (( try=0 ; try < num_threads * 2 ; try++ )) ; do
-		query localzonefromfile
-		expect_answer "REFUSED"
-	done
-fi
-
-teststep "load local-data from file"
-control_command -c ub.conf local_datas < local_data
-expect_exit_value 0
-query -t txt localdatafromfile
-expect_answer "local data from file OK"
-if test "$have_threads" = "no"; then
-	# Try to see if a process other than the first one
-	# has updated data from stdin.
-	for (( try=0 ; try < num_threads * 2 ; try++ )) ; do
-		query -t txt localdatafromfile
-		expect_answer "local data from file OK"
-	done
-fi
-
-teststep "load view-local-data from file"
-control_command -c ub.conf view_local_datas testview < view_local_data
-expect_exit_value 0
-control_command -c ub.conf view_list_local_zones testview
-query -t txt viewlocaldatafromfile
-expect_answer "view local data from file OK"
-if test "$have_threads" = "no"; then
-	# Try to see if a process other than the first one
-	# has updated data from stdin.
-	for (( try=0 ; try < num_threads * 2 ; try++ )) ; do
-		query -t txt viewlocaldatafromfile
-		expect_answer "view local data from file OK"
-	done
-fi
-
-teststep "remove local-zone, local-data and view-local-data from file"
-control_command -c ub.conf local_zones_remove < local_zones_remove
-expect_exit_value 0
-control_command -c ub.conf local_datas_remove < local_data_remove
-expect_exit_value 0
-control_command -c ub.conf view_local_datas_remove testview < view_local_data_remove
-expect_exit_value 0
-control_command -c ub.conf list_local_zones
-fail_answer "localzonefromfile"
-fail_answer "local data from file OK"
-expect_answer "otherlocalzone"
-control_command -c ub.conf view_list_local_data testview
-fail_answer "viewlocaldatafromfile"
-
-teststep "flushing"
-control_command -c ub.conf flush www.example.net
-expect_exit_value 0
-control_command -c ub.conf flush_type www.example.net TXT
-expect_exit_value 0
-control_command -c ub.conf flush_zone example.net
-expect_exit_value 0
-
-# START - single thread/process tests only
-if test $num_threads -le 1; then
-
-clean_reload_and_fill_cache
-
-teststep "dump the cache"
-query www.example.com.
-cache_dump -c ub.conf
-expect_exit_value 0
-cat cache.dump
-expect_in_cache_dump "10.20.30.40"
-
-control_command -c ub.conf lookup www.example.com
-expect_exit_value 0
-# answer to lookup is meaningless because of use a forwarder, oh well.
-
-teststep "load the cache dump"
-cache_load -c ub.conf
-expect_exit_value 0
-query www.example.com. +nordflag
-expect_answer "10.20.30.40"
-
-else
-	echo ""
-	echo "> skip test parts that need single thread/process"
-fi
-# END - single thread/process tests only
-
-clean_reload_and_fill_cache
-
-teststep "reload and check cache - should be empty"
-control_reload
-query www.example.com +nordflag
-fail_answer "10.20.30.40"
-
-clean_reload_and_fill_cache
-
-teststep "reload_keep_cache and check cache - should not be empty"
-control_reload reload_keep_cache
-query www.example.com +nordflag
-expect_answer "10.20.30.40"
-
-clean_reload_and_fill_cache
-
-teststep "change msg-cache-size and reload_keep_cache - should be empty"
-echo "server: msg-cache-size: 2m" >> ub.conf
-control_reload reload_keep_cache
-query www.example.com +nordflag
-fail_answer "10.20.30.40"
-
-clean_reload_and_fill_cache
-
-teststep "change rrset-cache-size and reload_keep_cache - should be empty"
-echo "server: rrset-cache-size: 2m" >> ub.conf
-control_reload reload_keep_cache
-query www.example.com +nordflag
-fail_answer "10.20.30.40"
-
-# START - have_threads tests
-# This part of the test needs threads for combined output.
-if test "$have_threads" = "yes"; then
-
-clean_reload_and_fill_cache
-
-teststep "change num-threads and reload_keep_cache - should be empty"
-echo "server: num-threads: 2" >> ub.conf
-control_reload reload_keep_cache
-query www.example.com +nordflag
-fail_answer "10.20.30.40"
-
-clean_reload_and_fill_cache
-
-teststep "change minimal-responses and reload_keep_cache - should not be empty"
-echo "server: minimal-responses: no" >> ub.conf
-control_reload reload_keep_cache
-query www.example.com +nordflag
-expect_answer "10.20.30.40"
-
-else
-	echo ""
-	echo "> skip test parts that need threads, have_threads=no"
-fi
-# END - have_threads tests
-
-done
-# END - thread configuration
-
-teststep "now stop the server"
-control_command -c ub.conf stop
-expect_exit_value 0
-
-teststep "see if the server has really exited"
-TRY_MAX=20
-for (( try=0 ; try <= $TRY_MAX ; try++ )) ; do
-	if kill -0 $UNBOUND_PID 2>&1 | tee tmp.$$; then
-		echo "not stopped yet, waiting"
-		sleep 1
-	else
-		echo "stopped OK; break"
-		break;
-	fi
-	if grep "No such process" tmp.$$; then
-		echo "stopped OK; break"
-		break;
-	fi
-done
-if kill -0 $UNBOUND_PID; then
-	echo "still up!"
-	echo "not stopped, failure"
-	end 1
-else
-	echo "stopped OK"
-
-        if test -f ublocktrace.0; then
-		if $PRE/lock-verify ublocktrace.*; then
-			echo "lock-verify test worked."
-		else
-			echo "lock-verify test failed."
-			end 1
-		fi
-	fi
-fi
-
-end 0
diff --git a/contrib/unbound/testdata/09-unbound-control.tdir/09-unbound-control.testns b/contrib/unbound/testdata/09-unbound-control.tdir/09-unbound-control.testns
deleted file mode 100644
index 311af0f7e771..000000000000
--- a/contrib/unbound/testdata/09-unbound-control.tdir/09-unbound-control.testns
+++ /dev/null
@@ -1,44 +0,0 @@
-; nameserver test file
-$TTL 3600
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-www.example.com.	IN	A
-SECTION ANSWER
-www.example.com.	IN	A	10.20.30.40
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA SERVFAIL
-ADJUST copy_id
-SECTION QUESTION
-www.example.net.	IN	A
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-always.empty.	IN	A
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-always.empty.	IN	DNSKEY
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-_ta-c5aa.always.empty.	IN	NULL
-ENTRY_END
diff --git a/contrib/unbound/testdata/acl_interface.tdir/acl_interface.conf b/contrib/unbound/testdata/acl_interface.tdir/acl_interface.conf
deleted file mode 100644
index b1d94857317f..000000000000
--- a/contrib/unbound/testdata/acl_interface.tdir/acl_interface.conf
+++ /dev/null
@@ -1,198 +0,0 @@
-server:
-	verbosity: 7
-	use-syslog: no
-	directory: ""
-	pidfile: "unbound.pid"
-	chroot: ""
-	username: ""
-	module-config: "respip validator iterator"  # respip for the RPZ part
-	do-not-query-localhost: no
-	use-caps-for-id: no
-	define-tag: "one two refuse rpz-one rpz-two rpz-nx"
-
-# Interface configuration for IPv4
-	interface: @IPV4_ADDR@@@PORT_ALLOW@
-	interface: @IPV4_ADDR@@@PORT_DENY@
-	interface: @IPV4_ADDR@@@PORT_REFUSE@
-	interface: @IPV4_ADDR@@@PORT_TAG_1@
-	interface: @IPV4_ADDR@@@PORT_TAG_2@
-	interface: @IPV4_ADDR@@@PORT_TAG_3@
-	interface: @IPV4_ADDR@@@PORT_RPZ_1@
-	interface: @IPV4_ADDR@@@PORT_RPZ_2@
-	interface: @IPV4_ADDR@@@PORT_RPZ_NX@
-	interface: @IPV4_ADDR@@@PORT_VIEW_INT@
-	interface: @IPV4_ADDR@@@PORT_VIEW_EXT@
-	interface: @IPV4_ADDR@@@PORT_VIEW_INTEXT@
-
-	interface-action: @IPV4_ADDR@@@PORT_ALLOW@ allow
-	interface-action: @IPV4_ADDR@@@PORT_DENY@ deny
-	# interface-action: @IPV4_ADDR@@@PORT_REFUSE@ refuse  # This is the default action
-	interface-action: @IPV4_ADDR@@@PORT_TAG_1@ allow
-	interface-action: @IPV4_ADDR@@@PORT_TAG_2@ allow
-	interface-action: @IPV4_ADDR@@@PORT_TAG_3@ allow
-	interface-action: @IPV4_ADDR@@@PORT_RPZ_1@ allow
-	interface-action: @IPV4_ADDR@@@PORT_RPZ_2@ allow
-	interface-action: @IPV4_ADDR@@@PORT_RPZ_NX@ allow
-	interface-action: @IPV4_ADDR@@@PORT_VIEW_INT@ allow
-	interface-action: @IPV4_ADDR@@@PORT_VIEW_EXT@ allow
-	interface-action: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ allow
-
-	interface-tag: @IPV4_ADDR@@@PORT_TAG_1@ "one"
-	interface-tag: @IPV4_ADDR@@@PORT_TAG_2@ "two"
-	interface-tag: @IPV4_ADDR@@@PORT_TAG_3@ "refuse"
-	interface-tag: @IPV4_ADDR@@@PORT_RPZ_1@ "rpz-one"
-	interface-tag: @IPV4_ADDR@@@PORT_RPZ_2@ "rpz-two"
-	interface-tag: @IPV4_ADDR@@@PORT_RPZ_NX@ "rpz-nx"
-	interface-tag-action: @IPV4_ADDR@@@PORT_TAG_1@ one redirect
-	interface-tag-data: @IPV4_ADDR@@@PORT_TAG_1@ one "A 1.1.1.1"
-	interface-tag-action: @IPV4_ADDR@@@PORT_TAG_2@ two redirect
-	interface-tag-data: @IPV4_ADDR@@@PORT_TAG_2@ two "A 2.2.2.2"
-	interface-tag-action: @IPV4_ADDR@@@PORT_TAG_3@ refuse always_refuse
-
-	interface-view: @IPV4_ADDR@@@PORT_VIEW_INT@ "int"
-	interface-view: @IPV4_ADDR@@@PORT_VIEW_EXT@ "ext"
-	interface-view: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ "intext"
-
-# Mirrored interface configuration for IPv6
-	interface: @IPV6_ADDR@@@PORT_ALLOW@
-	interface: @IPV6_ADDR@@@PORT_DENY@
-	interface: @IPV6_ADDR@@@PORT_REFUSE@
-	interface: @IPV6_ADDR@@@PORT_TAG_1@
-	interface: @IPV6_ADDR@@@PORT_TAG_2@
-	interface: @IPV6_ADDR@@@PORT_TAG_3@
-	interface: @IPV6_ADDR@@@PORT_RPZ_1@
-	interface: @IPV6_ADDR@@@PORT_RPZ_2@
-	interface: @IPV6_ADDR@@@PORT_RPZ_NX@
-	interface: @IPV6_ADDR@@@PORT_VIEW_INT@
-	interface: @IPV6_ADDR@@@PORT_VIEW_EXT@
-	interface: @IPV6_ADDR@@@PORT_VIEW_INTEXT@
-
-	interface-action: @IPV6_ADDR@@@PORT_ALLOW@ allow
-	interface-action: @IPV6_ADDR@@@PORT_DENY@ deny
-	# interface-action: @IPV6_ADDR@@@PORT_REFUSE@ refuse  # This is the default action
-	interface-action: @IPV6_ADDR@@@PORT_TAG_1@ allow
-	interface-action: @IPV6_ADDR@@@PORT_TAG_2@ allow
-	interface-action: @IPV6_ADDR@@@PORT_TAG_3@ allow
-	interface-action: @IPV6_ADDR@@@PORT_RPZ_1@ allow
-	interface-action: @IPV6_ADDR@@@PORT_RPZ_2@ allow
-	interface-action: @IPV6_ADDR@@@PORT_RPZ_NX@ allow
-	interface-action: @IPV6_ADDR@@@PORT_VIEW_INT@ allow
-	interface-action: @IPV6_ADDR@@@PORT_VIEW_EXT@ allow
-	interface-action: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ allow
-
-	interface-tag: @IPV6_ADDR@@@PORT_TAG_1@ "one"
-	interface-tag: @IPV6_ADDR@@@PORT_TAG_2@ "two"
-	interface-tag: @IPV6_ADDR@@@PORT_TAG_3@ "refuse"
-	interface-tag: @IPV6_ADDR@@@PORT_RPZ_1@ "rpz-one"
-	interface-tag: @IPV6_ADDR@@@PORT_RPZ_2@ "rpz-two"
-	interface-tag: @IPV6_ADDR@@@PORT_RPZ_NX@ "rpz-nx"
-	interface-tag-action: @IPV6_ADDR@@@PORT_TAG_1@ one redirect
-	interface-tag-data: @IPV6_ADDR@@@PORT_TAG_1@ one "A 1.1.1.1"
-	interface-tag-action: @IPV6_ADDR@@@PORT_TAG_2@ two redirect
-	interface-tag-data: @IPV6_ADDR@@@PORT_TAG_2@ two "A 2.2.2.2"
-	interface-tag-action: @IPV6_ADDR@@@PORT_TAG_3@ refuse always_refuse
-
-	interface-view: @IPV6_ADDR@@@PORT_VIEW_INT@ "int"
-	interface-view: @IPV6_ADDR@@@PORT_VIEW_EXT@ "ext"
-	interface-view: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ "intext"
-
-# Mirrored interface configuration for interface name
-	interface: @INTERFACE@@@PORT_ALLOW@
-	interface: @INTERFACE@@@PORT_DENY@
-	interface: @INTERFACE@@@PORT_REFUSE@
-	interface: @INTERFACE@@@PORT_TAG_1@
-	interface: @INTERFACE@@@PORT_TAG_2@
-	interface: @INTERFACE@@@PORT_TAG_3@
-	interface: @INTERFACE@@@PORT_RPZ_1@
-	interface: @INTERFACE@@@PORT_RPZ_2@
-	interface: @INTERFACE@@@PORT_RPZ_NX@
-	interface: @INTERFACE@@@PORT_VIEW_INT@
-	interface: @INTERFACE@@@PORT_VIEW_EXT@
-	interface: @INTERFACE@@@PORT_VIEW_INTEXT@
-
-	interface-action: @INTERFACE@@@PORT_ALLOW@ allow
-	interface-action: @INTERFACE@@@PORT_DENY@ deny
-	# interface-action: @INTERFACE@@@PORT_REFUSE@ refuse  # This is the default action
-	interface-action: @INTERFACE@@@PORT_TAG_1@ allow
-	interface-action: @INTERFACE@@@PORT_TAG_2@ allow
-	interface-action: @INTERFACE@@@PORT_TAG_3@ allow
-	interface-action: @INTERFACE@@@PORT_RPZ_1@ allow
-	interface-action: @INTERFACE@@@PORT_RPZ_2@ allow
-	interface-action: @INTERFACE@@@PORT_RPZ_NX@ allow
-	interface-action: @INTERFACE@@@PORT_VIEW_INT@ allow
-	interface-action: @INTERFACE@@@PORT_VIEW_EXT@ allow
-	interface-action: @INTERFACE@@@PORT_VIEW_INTEXT@ allow
-
-	interface-tag: @INTERFACE@@@PORT_TAG_1@ "one"
-	interface-tag: @INTERFACE@@@PORT_TAG_2@ "two"
-	interface-tag: @INTERFACE@@@PORT_TAG_3@ "refuse"
-	interface-tag: @INTERFACE@@@PORT_RPZ_1@ "rpz-one"
-	interface-tag: @INTERFACE@@@PORT_RPZ_2@ "rpz-two"
-	interface-tag: @INTERFACE@@@PORT_RPZ_NX@ "rpz-nx"
-	interface-tag-action: @INTERFACE@@@PORT_TAG_1@ one redirect
-	interface-tag-data: @INTERFACE@@@PORT_TAG_1@ one "A 1.1.1.1"
-	interface-tag-action: @INTERFACE@@@PORT_TAG_2@ two redirect
-	interface-tag-data: @INTERFACE@@@PORT_TAG_2@ two "A 2.2.2.2"
-	interface-tag-action: @INTERFACE@@@PORT_TAG_3@ refuse always_refuse
-
-	interface-view: @INTERFACE@@@PORT_VIEW_INT@ "int"
-	interface-view: @INTERFACE@@@PORT_VIEW_EXT@ "ext"
-	interface-view: @INTERFACE@@@PORT_VIEW_INTEXT@ "intext"
-
-# Interface with scope_id
-	interface: @INTERFACE@vlan50@@PORT_ALLOW@
-	interface: @INTERFACE@vlan51@@PORT_ALLOW@
-	interface-tag: @INTERFACE@vlan50@@PORT_ALLOW@ "one"
-	interface-tag: @INTERFACE@vlan51@@PORT_ALLOW@ "two"
-	interface-action: @INTERFACE@vlan50@@PORT_ALLOW@ allow
-	interface-action: @INTERFACE@vlan51@@PORT_ALLOW@ allow
-	local-zone: one.vtest. static
-	local-data: "one.vtest. A 1.1.1.1"
-	local-zone-tag: one.vtest. "one"
-	local-zone: two.vtest. static
-	local-data: "two.vtest. A 2.2.2.2"
-	local-zone-tag: two.vtest. "two"
-
-# Local zones configuration
-	local-zone: local. transparent
-	local-data: "local. A 0.0.0.0"
-	local-zone-tag: local. "one two refuse"
-
-# Views configuration
-view:
-	name: "int"
-	view-first: yes
-	local-zone: "." refuse
-	local-zone: "internal" transparent
-view:
-	name: "ext"
-	view-first: yes
-	local-zone: "internal" refuse
-view:
-	name: "intext"
-	view-first: yes
-
-# RPZ configuration
-rpz:
-	name: "rpz-one"
-	zonefile: "rpz-one.zone"
-	tags: "rpz-one"
-
-rpz:
-	name: "rpz-two"
-	zonefile: "rpz-two.zone"
-	tags: "rpz-two"
-
-rpz:
-	name: "rpz-nx"
-	zonefile: "rpz-nx.zone"
-	tags: "rpz-nx"
-
-# Stubs configuration
-forward-zone:
-	name: "."
-	forward-addr: @IPV4_ADDR@@@FORWARD_PORT@
-
-stub-zone:
-	name: "internal"
-	stub-addr: @IPV4_ADDR@@@STUB_PORT@
diff --git a/contrib/unbound/testdata/acl_interface.tdir/acl_interface.test.scenario b/contrib/unbound/testdata/acl_interface.tdir/acl_interface.test.scenario
deleted file mode 100644
index 6348d2ef4a1a..000000000000
--- a/contrib/unbound/testdata/acl_interface.tdir/acl_interface.test.scenario
+++ /dev/null
@@ -1,268 +0,0 @@
-# #-- acl_interface.test.scenario --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-PRE="../.."
-. ../common.sh
-
-ip addr add $IPV4_ADDR dev lo
-ip addr add $IPV6_ADDR dev lo
-ip link set lo up
-
-ip link add $INTERFACE type dummy
-ip addr add $INTERFACE_ADDR_1 dev $INTERFACE
-ip addr add $INTERFACE_ADDR_2 dev $INTERFACE
-ip addr add $INTERFACE_ADDR_3 dev $INTERFACE
-ip addr add $INTERFACE_ADDR_4 dev $INTERFACE
-ip link set $INTERFACE up
-
-ip link add ${INTERFACE}vlan50 type dummy
-ip addr add fe80::2/64 dev ${INTERFACE}vlan50
-ip link add ${INTERFACE}vlan51 type dummy
-ip addr add fe80::2/64 dev ${INTERFACE}vlan51
-ip link set ${INTERFACE}vlan50 up
-ip link set ${INTERFACE}vlan51 up
-
-ip addr show
-
-# start the forwarder in the background
-get_ldns_testns
-$LDNS_TESTNS -p $FORWARD_PORT acl_interface.testns >fwd.log 2>&1 &
-FWD_PID=$!
-echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
-
-# start the stub in the background
-$LDNS_TESTNS -p $STUB_PORT acl_interface.testns2 >fwd2.log 2>&1 &
-STUB_PID=$!
-echo "STUB_PID=$STUB_PID" >> .tpkg.var.test
-
-# start unbound in the background
-$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
-UNBOUND_PID=$!
-echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
-
-cat .tpkg.var.test
-wait_ldns_testns_up fwd.log
-wait_ldns_testns_up fwd2.log
-wait_unbound_up unbound.log
-
-end () {
-	echo "> cat logfiles"
-	cat fwd.log
-	cat fwd2.log
-	cat unbound.log
-	exit $1
-}
-
-# Query for the given domain to the given port
-# $1: address family [4, 6]
-# $2: port
-# $3: dname
-query () {
-	addr=$IPV4_ADDR
-	if test "$1" -eq 6; then
-		addr=$IPV6_ADDR
-	fi
-	echo "> dig -p $2 $3"
-	dig @"$addr" -p $2 $3 | tee outfile
-}
-
-# Query for the given domain to the given port
-# $1: address
-# $2: port
-# $3: dname
-query_addr () {
-	echo "> dig @$1 -p $2 $3"
-	dig @"$1" -p $2 $3 | tee outfile
-}
-
-expect_refused () {
-	echo "> check answer for REFUSED"
-	if grep "REFUSED" outfile; then
-		echo "OK"
-	else
-		echo "Not OK"
-		end 1
-	fi
-}
-
-expect_nx_answer () {
-	echo "> check answer for NXDOMAIN"
-	if grep "NXDOMAIN" outfile; then
-		echo "OK"
-	else
-		echo "Not OK"
-		end 1
-	fi
-}
-
-expect_external_answer () {
-	echo "> check external answer"
-	if grep "1.2.3.4" outfile; then
-		echo "OK"
-	else
-		echo "Not OK"
-		end 1
-	fi
-}
-
-expect_internal_answer () {
-	echo "> check internal answer"
-	if grep "10.20.30.40" outfile; then
-		echo "OK"
-	else
-		echo "Not OK"
-		end 1
-	fi
-}
-
-expect_tag_one_answer () {
-	echo "> check tag 'one' answer"
-	if grep "1.1.1.1" outfile; then
-		echo "OK"
-	else
-		echo "Not OK"
-		end 1
-	fi
-}
-
-expect_tag_two_answer () {
-	echo "> check tag 'two' answer"
-	if grep "2.2.2.2" outfile; then
-		echo "OK"
-	else
-		echo "Not OK"
-		end 1
-	fi
-}
-
-expect_rpz_one_answer () {
-	echo "> check tag 'one' answer"
-	if grep "11.11.11.11" outfile; then
-		echo "OK"
-	else
-		echo "Not OK"
-		end 1
-	fi
-}
-
-expect_rpz_two_answer () {
-	echo "> check tag 'two' answer"
-	if grep "22.22.22.22" outfile; then
-		echo "OK"
-	else
-		echo "Not OK"
-		end 1
-	fi
-}
-
-# do the test
-
-for i in 4 6; do
-	query $i $PORT_REFUSE "www.external"
-	expect_refused
-
-	query $i $PORT_REFUSE "www.internal"
-	expect_refused
-
-	query $i $PORT_ALLOW "www.external"
-	expect_external_answer
-
-	query $i $PORT_ALLOW "www.internal"
-	expect_internal_answer
-
-	query $i $PORT_TAG_1 "local"
-	expect_tag_one_answer
-
-	query $i $PORT_TAG_2 "local"
-	expect_tag_two_answer
-
-	query $i $PORT_TAG_3 "local"
-	expect_refused
-
-	query $i $PORT_RPZ_1 "local"
-	expect_rpz_one_answer
-
-	query $i $PORT_RPZ_2 "local"
-	expect_rpz_two_answer
-
-	query $i $PORT_RPZ_NX "local"
-	expect_nx_answer
-
-	query $i $PORT_VIEW_INT "www.internal"
-	expect_internal_answer
-
-	query $i $PORT_VIEW_INT "www.external"
-	expect_refused
-
-	query $i $PORT_VIEW_EXT "www.internal"
-	expect_refused
-
-	query $i $PORT_VIEW_EXT "www.external"
-	expect_external_answer
-
-	query $i $PORT_VIEW_INTEXT "www.internal"
-	expect_internal_answer
-
-	query $i $PORT_VIEW_INTEXT "www.external"
-	expect_external_answer
-done
-
-for addr in $INTERFACE_ADDR_1 $INTERFACE_ADDR_2 $INTERFACE_ADDR_3 $INTERFACE_ADDR_4; do
-	query_addr $addr $PORT_REFUSE "www.external"
-	expect_refused
-
-	query_addr $addr $PORT_REFUSE "www.internal"
-	expect_refused
-
-	query_addr $addr $PORT_ALLOW "www.external"
-	expect_external_answer
-
-	query_addr $addr $PORT_ALLOW "www.internal"
-	expect_internal_answer
-
-	query_addr $addr $PORT_TAG_1 "local"
-	expect_tag_one_answer
-
-	query_addr $addr $PORT_TAG_2 "local"
-	expect_tag_two_answer
-
-	query_addr $addr $PORT_TAG_3 "local"
-	expect_refused
-
-	query_addr $addr $PORT_RPZ_1 "local"
-	expect_rpz_one_answer
-
-	query_addr $addr $PORT_RPZ_2 "local"
-	expect_rpz_two_answer
-
-	query_addr $addr $PORT_RPZ_NX "local"
-	expect_nx_answer
-
-	query_addr $addr $PORT_VIEW_INT "www.internal"
-	expect_internal_answer
-
-	query_addr $addr $PORT_VIEW_INT "www.external"
-	expect_refused
-
-	query_addr $addr $PORT_VIEW_EXT "www.internal"
-	expect_refused
-
-	query_addr $addr $PORT_VIEW_EXT "www.external"
-	expect_external_answer
-
-	query_addr $addr $PORT_VIEW_INTEXT "www.internal"
-	expect_internal_answer
-
-	query_addr $addr $PORT_VIEW_INTEXT "www.external"
-	expect_external_answer
-done
-
-query_addr fe80::2%${INTERFACE}vlan50 $PORT_ALLOW "one.vtest."
-expect_tag_one_answer
-
-query_addr fe80::2%${INTERFACE}vlan51 $PORT_ALLOW "two.vtest."
-expect_tag_two_answer
-
-end 0
diff --git a/contrib/unbound/testdata/auth_tls.tdir/auth_tls.pre b/contrib/unbound/testdata/auth_tls.tdir/auth_tls.pre
deleted file mode 100644
index cf652b1dc541..000000000000
--- a/contrib/unbound/testdata/auth_tls.tdir/auth_tls.pre
+++ /dev/null
@@ -1,48 +0,0 @@
-# #-- auth_tls.pre--#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-. ../common.sh
-#skip_test "Skip test due to no UDP service for SOA query"
-PRE="../.."
-if test -n "$NSD"; then
-	:
-else
-	if `which nsd >/dev/null 2>&1`; then
-		# need nsd >= 4.2.0
-		NSD="nsd"
-	else
-		if test -f $PRE/../nsd/nsd; then
-			NSD="$PRE/../nsd/nsd"
-		else
-			skip_test "need nsd"
-		fi
-	fi
-fi
-echo "NSD=$NSD"
-
-get_random_port 2
-UNBOUND_PORT=$RND_PORT
-NSD_PORT=$(($RND_PORT + 1))
-echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
-echo "NSD_PORT=$NSD_PORT" >> .tpkg.var.test
-
-# make config file
-sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls.ub.conf > ub.conf
-sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls.nsd.conf > nsd.conf
-
-# start nsd
-$NSD -d -c nsd.conf >nsd.log 2>&1 &
-NSD_PID=$!
-echo "NSD_PID=$NSD_PID" >> .tpkg.var.test
-
-# start unbound in the background
-$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
-UNBOUND_PID=$!
-echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
-
-cat .tpkg.var.test
-wait_nsd_up nsd.log
-wait_unbound_up unbound.log
diff --git a/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.pre b/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.pre
deleted file mode 100644
index 56da4af739e4..000000000000
--- a/contrib/unbound/testdata/auth_tls_failcert.tdir/auth_tls_failcert.pre
+++ /dev/null
@@ -1,48 +0,0 @@
-# #-- auth_tls_failcert.pre--#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-. ../common.sh
-#skip_test "Skip test due to no UDP service for SOA query"
-PRE="../.."
-if test -n "$NSD"; then
-	:
-else
-	if `which nsd >/dev/null 2>&1`; then
-		# need nsd >= 4.2.0
-		NSD="nsd"
-	else
-		if test -f $PRE/../nsd/nsd; then
-			NSD="$PRE/../nsd/nsd"
-		else
-			skip_test "need nsd"
-		fi
-	fi
-fi
-echo "NSD=$NSD"
-
-get_random_port 2
-UNBOUND_PORT=$RND_PORT
-NSD_PORT=$(($RND_PORT + 1))
-echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
-echo "NSD_PORT=$NSD_PORT" >> .tpkg.var.test
-
-# make config file
-sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls_failcert.ub.conf > ub.conf
-sed -e 's/@UNBOUND_PORT\@/'$UNBOUND_PORT'/' -e 's/@NSD_PORT\@/'$NSD_PORT'/' < auth_tls_failcert.nsd.conf > nsd.conf
-
-# start nsd
-$NSD -d -c nsd.conf >nsd.log 2>&1 &
-NSD_PID=$!
-echo "NSD_PID=$NSD_PID" >> .tpkg.var.test
-
-# start unbound in the background
-$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
-UNBOUND_PID=$!
-echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
-
-cat .tpkg.var.test
-wait_nsd_up nsd.log
-wait_unbound_up unbound.log
diff --git a/contrib/unbound/testdata/cachedb_expired.crpl b/contrib/unbound/testdata/cachedb_expired.crpl
deleted file mode 100644
index d3bf06fe1a1b..000000000000
--- a/contrib/unbound/testdata/cachedb_expired.crpl
+++ /dev/null
@@ -1,325 +0,0 @@
-; config options
-server:
-	target-fetch-policy: "0 0 0 0 0"
-	qname-minimisation: no
-	minimal-responses: no
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	module-config: "cachedb iterator"
-
-cachedb:
-	backend: "testframe"
-	secret-seed: "testvalue"
-	cachedb-check-when-serve-expired: yes
-
-stub-zone:
-	name: "."
-	stub-addr: 193.0.14.129
-CONFIG_END
-
-SCENARIO_BEGIN Test cachedb and serve expired.
-
-; K.ROOT-SERVERS.NET.
-RANGE_BEGIN 0 400
-	ADDRESS 193.0.14.129
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-. IN NS
-SECTION ANSWER
-. IN NS K.ROOT-SERVERS.NET.
-SECTION ADDITIONAL
-K.ROOT-SERVERS.NET.     IN      A       193.0.14.129
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-com. IN NS
-SECTION AUTHORITY
-com. IN NS a.gtld-servers.net.
-SECTION ADDITIONAL
-a.gtld-servers.net.	IN	A	192.5.6.30
-ENTRY_END
-RANGE_END
-
-; a.gtld-servers.net.
-RANGE_BEGIN 0 400
-	ADDRESS 192.5.6.30
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-example.com. IN NS
-SECTION AUTHORITY
-example.com. IN NS ns2.example.com.
-SECTION ADDITIONAL
-ns2.example.com.	IN	A	1.2.3.5
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-foo.com. IN NS
-SECTION AUTHORITY
-foo.com. IN NS ns.example.com.
-ENTRY_END
-RANGE_END
-
-; ns2.example.com.
-RANGE_BEGIN 0 400
-	ADDRESS 1.2.3.5
-ENTRY_BEGIN
-MATCH opcode qname qtype
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qname qtype
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.example.com. IN A
-SECTION ANSWER
-www2.example.com. 10 IN A 1.2.3.5
-ENTRY_END
-RANGE_END
-
-; Get an entry in cache, to make it expired.
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; get the answer for it
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-; Get another query in cache to make it expired.
-STEP 20 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www2.example.com. IN A
-ENTRY_END
-
-; get the answer for it
-STEP 30 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www2.example.com. IN A
-SECTION ANSWER
-www2.example.com. 10 IN A 1.2.3.5
-ENTRY_END
-
-; it is now expired
-STEP 40 TIME_PASSES ELAPSE 20
-
-; cache is expired, and cachedb is expired.
-STEP 50 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www2.example.com. IN A
-ENTRY_END
-
-STEP 60 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www2.example.com. IN A
-SECTION ANSWER
-www2.example.com. 30 IN A 1.2.3.5
-ENTRY_END
-
-; cache is expired, cachedb has no answer
-STEP 70 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 80 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 30 IN A 1.2.3.4
-ENTRY_END
-
-STEP 90 TRAFFIC
-; the entry should be refreshed in cache now.
-; cache is valid and cachedb is valid.
-STEP 100 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 110 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-; flush the entry from cache
-STEP 120 FLUSH_MESSAGE www.example.com. IN A
-
-; cache has no answer, cachedb valid
-STEP 130 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 140 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-; it is now expired
-STEP 150 TIME_PASSES ELAPSE 20
-; flush the entry from cache
-STEP 160 FLUSH_MESSAGE www.example.com. IN A
-
-; cache has no answer, cachedb is expired
-STEP 170 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 180 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 30 IN A 1.2.3.4
-ENTRY_END
-
-STEP 190 TRAFFIC
-; the expired message is updated.
-
-; cache is valid, cachedb is valid
-STEP 200 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 210 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-; expire the entry in cache
-STEP 220 EXPIRE_MESSAGE www.example.com. IN A
-
-; cache is expired, cachedb valid
-STEP 230 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 240 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-; it is now expired
-STEP 250 TIME_PASSES ELAPSE 20
-; expire the entry in cache
-STEP 260 EXPIRE_MESSAGE www.example.com. IN A
-
-; cache is expired, cachedb is expired
-STEP 270 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 280 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 30 IN A 1.2.3.4
-ENTRY_END
-
-STEP 290 TRAFFIC
-; the expired message is updated.
-
-; cache is valid, cachedb is valid
-STEP 300 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 310 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/cachedb_expired_reply_ttl.crpl b/contrib/unbound/testdata/cachedb_expired_reply_ttl.crpl
deleted file mode 100644
index 03fd01add476..000000000000
--- a/contrib/unbound/testdata/cachedb_expired_reply_ttl.crpl
+++ /dev/null
@@ -1,260 +0,0 @@
-; config options
-server:
-	target-fetch-policy: "0 0 0 0 0"
-	qname-minimisation: no
-	minimal-responses: no
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	serve-expired-reply-ttl: 30
-	module-config: "cachedb iterator"
-
-cachedb:
-	backend: "testframe"
-	secret-seed: "testvalue"
-	cachedb-check-when-serve-expired: yes
-
-stub-zone:
-	name: "."
-	stub-addr: 193.0.14.129
-CONFIG_END
-
-SCENARIO_BEGIN Test cachedb and serve-expired-reply-ttl.
-
-; K.ROOT-SERVERS.NET.
-RANGE_BEGIN 0 400
-	ADDRESS 193.0.14.129
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-. IN NS
-SECTION ANSWER
-. IN NS K.ROOT-SERVERS.NET.
-SECTION ADDITIONAL
-K.ROOT-SERVERS.NET.     IN      A       193.0.14.129
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-com. IN NS
-SECTION AUTHORITY
-com. IN NS a.gtld-servers.net.
-SECTION ADDITIONAL
-a.gtld-servers.net.	IN	A	192.5.6.30
-ENTRY_END
-RANGE_END
-
-; a.gtld-servers.net.
-RANGE_BEGIN 0 400
-	ADDRESS 192.5.6.30
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-example.com. IN NS
-SECTION AUTHORITY
-example.com. IN NS ns2.example.com.
-SECTION ADDITIONAL
-ns2.example.com.	IN	A	1.2.3.5
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-foo.com. IN NS
-SECTION AUTHORITY
-foo.com. IN NS ns.example.com.
-ENTRY_END
-RANGE_END
-
-; ns2.example.com.
-RANGE_BEGIN 0 400
-	ADDRESS 1.2.3.5
-ENTRY_BEGIN
-MATCH opcode qname qtype
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qname qtype
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.example.com. IN A
-SECTION ANSWER
-www2.example.com. 10 IN A 1.2.3.5
-ENTRY_END
-RANGE_END
-
-; make time not 0
-STEP 2 TIME_PASSES ELAPSE 212
-
-; Get an entry in cache, to make it expired.
-STEP 4 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; get the answer for it
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-; Get another query in cache to make it expired.
-STEP 20 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www2.example.com. IN A
-ENTRY_END
-
-; get the answer for it
-STEP 30 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www2.example.com. IN A
-SECTION ANSWER
-www2.example.com. 10 IN A 1.2.3.5
-ENTRY_END
-
-; it is now expired
-STEP 40 TIME_PASSES ELAPSE 20
-
-; cache is expired, and cachedb is expired.
-STEP 50 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www2.example.com. IN A
-ENTRY_END
-
-STEP 60 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www2.example.com. IN A
-SECTION ANSWER
-www2.example.com. 30 IN A 1.2.3.5
-ENTRY_END
-
-; got an answer from upstream
-STEP 61 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www2.example.com. IN A
-ENTRY_END
-
-STEP 62 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www2.example.com. IN A
-SECTION ANSWER
-www2.example.com. 10 IN A 1.2.3.5
-ENTRY_END
-
-; cache is expired, cachedb has no answer
-STEP 70 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 80 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 30 IN A 1.2.3.4
-ENTRY_END
-
-STEP 90 TRAFFIC
-; the entry should be refreshed in cache now.
-; cache is valid and cachedb is valid.
-STEP 100 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 110 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-; make both cache and cachedb expired.
-STEP 120 TIME_PASSES ELAPSE 20
-STEP 130 FLUSH_MESSAGE www.example.com. IN A
-
-; cache has no entry and cachedb is expired.
-STEP 140 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 150 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 30 IN A 1.2.3.4
-ENTRY_END
-
-; the name is resolved
-STEP 160 TRAFFIC
-
-; the resolve name has been updated.
-STEP 170 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 180 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/cachedb_servfail_cname.crpl b/contrib/unbound/testdata/cachedb_servfail_cname.crpl
deleted file mode 100644
index 99b3d51f9135..000000000000
--- a/contrib/unbound/testdata/cachedb_servfail_cname.crpl
+++ /dev/null
@@ -1,181 +0,0 @@
-; config options
-server:
-	target-fetch-policy: "0 0 0 0 0"
-	qname-minimisation: no
-	minimal-responses: no
-	serve-expired: no
-	module-config: "cachedb iterator"
-
-cachedb:
-	backend: "testframe"
-	secret-seed: "testvalue"
-
-stub-zone:
-	name: "."
-	stub-addr: 193.0.14.129
-CONFIG_END
-
-SCENARIO_BEGIN Test cachedb store and servfail reply from cname.
-; the servfail reply should not overwrite the cache contents.
-
-; K.ROOT-SERVERS.NET.
-RANGE_BEGIN 0 100
-	ADDRESS 193.0.14.129
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-. IN NS
-SECTION ANSWER
-. IN NS K.ROOT-SERVERS.NET.
-SECTION ADDITIONAL
-K.ROOT-SERVERS.NET.     IN      A       193.0.14.129
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-com. IN NS
-SECTION AUTHORITY
-com. IN NS a.gtld-servers.net.
-SECTION ADDITIONAL
-a.gtld-servers.net.	IN	A	192.5.6.30
-ENTRY_END
-RANGE_END
-
-; a.gtld-servers.net.
-RANGE_BEGIN 0 100
-	ADDRESS 192.5.6.30
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-example.com. IN NS
-SECTION AUTHORITY
-example.com. IN NS ns2.example.com.
-SECTION ADDITIONAL
-ns2.example.com.	IN	A	1.2.3.5
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-foo.com. IN NS
-SECTION AUTHORITY
-foo.com. IN NS ns.example.com.
-ENTRY_END
-RANGE_END
-
-; ns2.example.com.
-RANGE_BEGIN 0 20
-	ADDRESS 1.2.3.5
-ENTRY_BEGIN
-MATCH opcode qname qtype
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-RANGE_END
-
-; ns2.example.com., now failing
-RANGE_BEGIN 20 100
-	ADDRESS 1.2.3.5
-ENTRY_BEGIN
-MATCH opcode qname qtype
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN CNAME foo.example.com.
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qname qtype
-REPLY QR AA SERVFAIL
-SECTION QUESTION
-foo.example.com. IN A
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qname qtype
-REPLY QR AA SERVFAIL
-SECTION QUESTION
-ns2.example.com. IN A
-SECTION ANSWER
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qname qtype
-REPLY QR AA SERVFAIL
-SECTION QUESTION
-ns2.example.com. IN AAAA
-SECTION ANSWER
-ENTRY_END
-RANGE_END
-
-; get and entry in cache, to make it expired.
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; get the answer for it
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-; it is now expired
-STEP 20 TIME_PASSES ELAPSE 20
-
-; get a servfail in cache for the destination
-STEP 30 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-foo.example.com. IN A
-ENTRY_END
-
-STEP 40 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA SERVFAIL
-SECTION QUESTION
-foo.example.com. IN A
-ENTRY_END
-
-; the query is now a CNAME to servfail.
-; there is a valid, but expired, entry in cache.
-STEP 50 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 60 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA SERVFAIL
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN CNAME foo.example.com.
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/cachedb_val_expired.crpl b/contrib/unbound/testdata/cachedb_val_expired.crpl
deleted file mode 100644
index 741445ce8515..000000000000
--- a/contrib/unbound/testdata/cachedb_val_expired.crpl
+++ /dev/null
@@ -1,328 +0,0 @@
-; config options
-server:
-	target-fetch-policy: "0 0 0 0 0"
-	qname-minimisation: no
-	minimal-responses: yes
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	;module-config: "subnetcache validator cachedb iterator"
-	module-config: "validator cachedb iterator"
-
-cachedb:
-	backend: "testframe"
-	secret-seed: "testvalue"
-	cachedb-check-when-serve-expired: yes
-
-stub-zone:
-	name: "."
-	stub-addr: 193.0.14.129
-CONFIG_END
-
-SCENARIO_BEGIN Test cachedb, validator and serve expired.
-
-; K.ROOT-SERVERS.NET.
-RANGE_BEGIN 0 400
-	ADDRESS 193.0.14.129
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-. IN NS
-SECTION ANSWER
-. IN NS K.ROOT-SERVERS.NET.
-SECTION ADDITIONAL
-K.ROOT-SERVERS.NET.     IN      A       193.0.14.129
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-com. IN NS
-SECTION AUTHORITY
-com. IN NS a.gtld-servers.net.
-SECTION ADDITIONAL
-a.gtld-servers.net.	IN	A	192.5.6.30
-ENTRY_END
-RANGE_END
-
-; a.gtld-servers.net.
-RANGE_BEGIN 0 400
-	ADDRESS 192.5.6.30
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-example.com. IN NS
-SECTION AUTHORITY
-example.com. IN NS ns2.example.com.
-SECTION ADDITIONAL
-ns2.example.com.	IN	A	1.2.3.5
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-foo.com. IN NS
-SECTION AUTHORITY
-foo.com. IN NS ns.example.com.
-ENTRY_END
-RANGE_END
-
-; ns2.example.com.
-RANGE_BEGIN 0 400
-	ADDRESS 1.2.3.5
-ENTRY_BEGIN
-MATCH opcode qname qtype
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qname qtype
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.example.com. IN A
-SECTION ANSWER
-www2.example.com. 10 IN A 1.2.3.5
-ENTRY_END
-RANGE_END
-
-; Get an entry in cache, to make it expired.
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; get the answer for it
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-; Get another query in cache to make it expired.
-STEP 20 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www2.example.com. IN A
-ENTRY_END
-
-; get the answer for it
-STEP 30 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www2.example.com. IN A
-SECTION ANSWER
-www2.example.com. 10 IN A 1.2.3.5
-ENTRY_END
-
-; it is now expired
-STEP 40 TIME_PASSES ELAPSE 20
-
-; cache is expired, and cachedb is expired.
-; The expired reply, from cachedb, needs a validation status,
-; because the validator module set that validation is needed.
-STEP 50 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www2.example.com. IN A
-ENTRY_END
-
-STEP 60 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www2.example.com. IN A
-SECTION ANSWER
-www2.example.com. 30 IN A 1.2.3.5
-ENTRY_END
-
-; cache is expired, cachedb has no answer
-STEP 70 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 80 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 30 IN A 1.2.3.4
-ENTRY_END
-
-STEP 90 TRAFFIC
-; the entry should be refreshed in cache now.
-; cache is valid and cachedb is valid.
-STEP 100 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 110 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-; flush the entry from cache
-STEP 120 FLUSH_MESSAGE www.example.com. IN A
-
-; cache has no answer, cachedb valid
-STEP 130 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 140 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-; it is now expired
-STEP 150 TIME_PASSES ELAPSE 20
-; flush the entry from cache
-STEP 160 FLUSH_MESSAGE www.example.com. IN A
-
-; cache has no answer, cachedb is expired
-STEP 170 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 180 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 30 IN A 1.2.3.4
-ENTRY_END
-
-STEP 190 TRAFFIC
-; the expired message is updated.
-
-; cache is valid, cachedb is valid
-STEP 200 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 210 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-; expire the entry in cache
-STEP 220 EXPIRE_MESSAGE www.example.com. IN A
-
-; cache is expired, cachedb valid
-STEP 230 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 240 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-; it is now expired
-STEP 250 TIME_PASSES ELAPSE 20
-; expire the entry in cache
-STEP 260 EXPIRE_MESSAGE www.example.com. IN A
-
-; cache is expired, cachedb is expired
-STEP 270 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 280 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 30 IN A 1.2.3.4
-ENTRY_END
-
-STEP 290 TRAFFIC
-; the expired message is updated.
-
-; cache is valid, cachedb is valid
-STEP 300 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 310 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/common.sh b/contrib/unbound/testdata/common.sh
deleted file mode 100644
index 48b8204d2c51..000000000000
--- a/contrib/unbound/testdata/common.sh
+++ /dev/null
@@ -1,394 +0,0 @@
-# common.sh - an include file for commonly used functions for test code.
-# BSD licensed (see LICENSE file).
-#
-# Version 7
-# 2025-04-04: speed up kill_pid.
-# 2023-12-06: list wait_for_soa_serial in overview
-# 2023-12-06: get_ldns_notify, skip_test and teststep, and previous changes
-# also included are wait_logfile, cpu_count, process_cpu_list, and
-# kill_from_pidfile, and use HOME variable for HOME/bin.
-# 2011-04-06: tpk wait_logfile to wait (with timeout) for a logfile line to appear
-# 2011-02-23: get_pcat for PCAT, PCAT_DIFF and PCAT_PRINT defines.
-# 2011-02-18: ports check on BSD,Solaris. wait_nsd_up.
-# 2011-02-11: first version.
-#
-# include this file from a tdir script with
-#   . ../common.sh
-#
-# overview of functions available:
-# error x		: print error and exit
-# info x		: print info
-# test_tool_avail x	: see if program in path and complain, exit if not.
-# get_ldns_testns	: set LDNS_TESTNS to executable ldns-testns
-# get_ldns_notify	: set LDNS_NOTIFY to executable ldns-notify
-# get_make		: set MAKE to gmake or make tool.
-# get_gcc		: set cc or gcc in CC
-# get_pcat		: set PCAT, PCAT_DIFF and PCAT_PRINT executables.
-# set_doxygen_path	: set doxygen path
-# skip_if_in_list	: set SKIP=1 if name in list and tool not available.
-# get_random_port x	: get RND_PORT a sequence of free random port numbers.
-# wait_logfile		: wait on logfile to see entry.
-# wait_server_up	: wait on logfile to see when server comes up.
-# wait_ldns_testns_up   : wait for ldns-testns to come up.
-# wait_unbound_up	: wait for unbound to come up.
-# wait_petal_up		: wait for petal to come up.
-# wait_nsd_up		: wait for nsd to come up.
-# wait_server_up_or_fail: wait for server to come up or print a failure string
-# wait_for_soa_serial	: wait and dig at server for serial.
-# skip_test x		: print message and skip test (must be called in .pre)
-# kill_pid		: kill a server, make sure and wait for it to go down.
-# cpu_count		: get number of cpus in system
-# process_cpu_list	: get cpu affinity list for process
-# kill_from_pidfile     : kill the pid in the given pid file
-# teststep		: print the current test step in the output
-
-
-# print error and exit
-# $0: name of program
-# $1: error to printout.
-error () {
-	echo "$0: error: $1" >&2
-	exit 1
-}
-
-# print info
-# $0: name of program
-# $1: to printout.
-info () {
-	echo "$0: info: $1"
-}
-
-# test if 'tool' is available in path and complain otherwise.
-# $1: tool
-test_tool_avail () {
-	if test ! -x "`which $1 2>&1`"; then
-		echo No "$1" in path
-		exit 1
-	fi
-}
-
-# get ldns-testns tool in LDNS_TESTNS variable.
-get_ldns_testns () {
-	if test -x "`which ldns-testns 2>&1`"; then
-		LDNS_TESTNS=ldns-testns
-	else
-		LDNS_TESTNS=$HOME/bin/ldns-testns
-	fi
-}
-
-# get ldns-notify tool in LDNS_NOTIFY variable.
-get_ldns_notify () {
-	if test -x "`which ldns-notify 2>&1`"; then
-		LDNS_NOTIFY=ldns-notify
-	else
-		LDNS_NOTIFY=$HOME/bin/ldns-notify
-	fi
-}
-
-# get make tool in MAKE variable, gmake is used if present.
-get_make () {
-	if test -x "`which gmake 2>&1`"; then
-		MAKE=gmake
-	else
-		MAKE=make
-	fi
-}
-
-# get cc tool in CC variable, gcc is used if present.
-get_gcc () {
-	if test -x "`which gcc 2>&1`"; then
-		CC=gcc
-	else
-		CC=cc
-	fi
-}
-
-# get pcat, pcat-print and pcat-diff
-get_pcat () {
-	PCAT=`which pcat`
-	PCAT_PRINT=`which pcat-print`
-	PCAT_DIFF=`which pcat-diff`
-}
-
-# set SKIP=1 if the name is in list and tool is not available.
-# $1: name of package to check.
-# $2: list of packages that need the tool.
-# #3: name of the tool required.
-skip_if_in_list () {
-	if echo $2 | grep $1 >/dev/null; then
-		if test ! -x "`which $3 2>&1`"; then
-			SKIP=1;
-		fi
-	fi
-}
-
-# Print a message and skip the test. Must be called in the .pre file.
-# $1: message to print.
-skip_test () {
-	echo "$1"
-	exit 3
-}
-
-# function to get a number of random port numbers.
-# $1: number of random ports.
-# RND_PORT is returned as the starting port number
-get_random_port () {
-	local plist
-	local cont
-	local collisions
-	local i
-	local MAXCOLLISION=1000
-	cont=1
-	collisions=0
-	while test "$cont" = 1; do
-		#netstat -n -A ip -A ip6 -a | sed -e "s/^.*:\([0-9]*\) .*$/\1/"
-		RND_PORT=$(( $RANDOM + 5354 ))
-		# depending on uname try to check for collisions in port numbers
-		case "`uname`" in
-		linux|Linux)
-			plist=`netstat -n -A ip -A ip6 -a 2>/dev/null | sed -e 's/^.*:\([0-9]*\) .*$/\1/'`
-		;;
-		FreeBSD|freebsd|NetBSD|netbsd|OpenBSD|openbsd)
-			plist=`netstat -n -a | grep "^[ut][dc]p[46] " | sed -e 's/^.*\.\([0-9]*\) .*$/\1/'`
-		;;
-		Solaris|SunOS)
-			plist=`netstat -n -a | sed -e 's/^.*\.\([0-9]*\) .*$/\1/' | grep '^[0-9]*$'`
-		;;
-		*)
-			plist=""
-		;;
-		esac
-		cont=0
-		for (( i=0 ; i < $1 ; i++ )); do
-			if echo "$plist" | grep '^'`expr $i + $RND_PORT`'$' >/dev/null 2>&1; then
-				cont=1;
-				collisions=`expr $collisions + 1`
-			fi
-		done
-		if test $collisions = $MAXCOLLISION; then
-			error "too many collisions getting random port number"
-		fi
-	done
-}
-
-# wait for  a logfile line to appear, with a timeout.
-# pass <logfilename> <string to watch> <timeout>
-# $1 : logfilename
-# $2 : string to watch for.
-# $3 : timeout in seconds.
-# exits with failure if it times out
-wait_logfile () {
-	local WAIT_THRES=30
-	local MAX_UP_TRY=`expr $3 + $WAIT_THRES`
-	local try
-	for (( try=0 ; try <= $MAX_UP_TRY ; try++ )) ; do
-		if test -f $1 && grep -F "$2" $1 >/dev/null; then
-			#echo "done on try $try"
-			break;
-		fi
-		if test $try -eq $MAX_UP_TRY; then
-			echo "Logfile in $1 did not get $2!"
-			cat $1
-			exit 1;
-		fi
-		if test $try -ge $WAIT_THRES; then
-			sleep 1
-		fi
-	done
-}
-
-# wait for server to go up, pass <logfilename> <string to watch>
-# $1 : logfilename
-# $2 : string to watch for.
-# exits with failure if it does not come up
-wait_server_up () {
-	local WAIT_THRES=30
-	local MAX_UP_TRY=120
-	local try
-	for (( try=0 ; try <= $MAX_UP_TRY ; try++ )) ; do
-		if test -f $1 && grep -F "$2" $1 >/dev/null; then
-			#echo "done on try $try"
-			break;
-		fi
-		if test $try -eq $MAX_UP_TRY; then
-			echo "Server in $1 did not go up!"
-			cat $1
-			exit 1;
-		fi
-		if test $try -ge $WAIT_THRES; then
-			sleep 1
-		fi
-	done
-}
-
-# wait for ldns-testns to come up
-# $1 : logfilename that is watched.
-wait_ldns_testns_up () {
-	wait_server_up "$1" "Listening on port"
-}
-
-# wait for unbound to come up
-# string 'Start of service' in log.
-# $1 : logfilename that is watched.
-wait_unbound_up () {
-	wait_server_up "$1" "start of service"
-}
-
-# wait for petal to come up
-# string 'petal start' in log.
-# $1 : logfilename that is watched.
-wait_petal_up () {
-	wait_server_up "$1" "petal start"
-}
-
-# wait for nsd to come up
-# string nsd start in log.
-# $1 : logfilename that is watched.
-wait_nsd_up () {
-	wait_server_up "$1" " started (NSD "
-}
-
-# wait for server to go up, pass <logfilename> <string to watch> <badstr>
-# $1 : logfile
-# $2 : success string
-# $3 : failure string
-wait_server_up_or_fail () {
-	local MAX_UP_TRY=120
-	local WAIT_THRES=30
-	local try
-	for (( try=0 ; try <= $MAX_UP_TRY ; try++ )) ; do
-		if test -f $1 && grep -F "$2" $1 >/dev/null; then
-			echo "done on try $try"
-			break;
-		fi
-		if test -f $1 && grep -F "$3" $1 >/dev/null; then
-			echo "failed on try $try"
-			break;
-		fi
-		if test $try -eq $MAX_UP_TRY; then
-			echo "Server in $1 did not go up!"
-			cat $1
-			exit 1;
-		fi
-		if test $try -ge $WAIT_THRES; then
-			sleep 1
-		fi
-	done
-}
-
-# $1: zone
-# $2: serial to be expected
-# $3: server to query
-# $4: port
-# $5: # times to try (# seconds dig is ran)
-wait_for_soa_serial () {
-	TS_START=`date +%s`
-	for i in `seq 1 $5`
-	do
-		SERIAL=`dig -p $4 @$3 $1 SOA +short | awk '{ print $3 }'`
-		if test "$?" != "0"
-		then
-			echo "** \"dig -p $4 @$3 $1 SOA +short\" failed!"
-			return 1
-		fi
-		if test "$SERIAL" = "$2"
-		then
-			TS_END=`date +%s`
-			echo "*** Serial $2 was seen in $i tries (`expr $TS_END - $TS_START`) seconds"
-			return 0
-		fi
-		sleep 1
-	done
-	echo "** Serial $2 was not seen in $5 tries (did see: $SERIAL)"
-	return 1
-}
-
-# kill a pid, make sure and wait for it to go down.
-# $1 : pid to kill
-kill_pid () {
-	local MAX_DOWN_TRY=120
-	local WAIT_THRES=30
-	local try
-	kill $1
-	sleep .001
-	for (( try=0 ; try <= $MAX_DOWN_TRY ; try++ )) ; do
-		if kill -0 $1 >/dev/null 2>&1; then
-			:
-		else
-			#echo "done on try $try"
-			break;
-		fi
-		if test $try -eq $MAX_DOWN_TRY; then
-			echo "Server in $1 did not go down! Send SIGKILL"
-			kill -9 $1 >/dev/null 2>&1
-		fi
-		if test $try -ge $WAIT_THRES; then
-			sleep 1
-		else
-			sleep .01
-		fi
-		# re-send the signal
-		kill $1 >/dev/null 2>&1
-	done
-	return 0
-}
-
-# set doxygen path, so that make doc can find doxygen
-set_doxygen_path () {
-	if test -x '$HOME/bin/doxygen'; then
-	        export PATH="$HOME/bin:$PATH"
-	fi
-}
-
-# get number of cpus in system
-cpu_count()
-{
-  local sys=$(uname -s)
-  if [ "${sys}" = "Linux" ]; then
-    nproc
-  elif [ "${sys}" = "FreeBSD" ]; then
-    sysctl -n hw.ncpu
-  fi
-}
-
-# get cpu affinity list for process
-# $1 : pid
-process_cpu_list() {
-  local pid=${1}
-  local sys=$(uname -s)
-
-  if [ "${sys}" = "Linux" ]; then
-    local defl=$(taskset -pc ${pid} | sed -n -e 's/^.*: //p' | head -n 1)
-  elif [ "${sys}" = "FreeBSD" ]; then
-    local defl=$(cpuset -g -p ${pid} | sed -n -e 's/^.*: //p' | head -n 1)
-  fi
-
-  if [ -n "${defl}" ]; then
-    local infl
-    defl=$(echo "${defl}" | sed -e 's/,/ /g')
-    for i in ${defl}; do
-      rng=$(echo "${i}-${i}" | sed -e 's/^\([0-9]*\)-\([0-9]*\).*$/\1 \2/')
-      infl="${infl} $(seq -s ' ' ${rng})"
-    done
-    infl=$(echo ${infl} | sed -e 's/ */ /' -e 's/^ *//')
-    echo "${infl}"
-  fi
-}
-
-#
-#
-kill_from_pidfile() {
-  local pidfile="$1"
-  if test -f "$pidfile"; then
-    local pid=`head -n 1 "$pidfile"`
-    if test ! -z "$pid"; then
-      kill_pid "$pid"
-    fi
-  fi
-}
-
-# Print the current test step in the output
-teststep () {
-	echo
-	echo "STEP [ $1 ]"
-}
diff --git a/contrib/unbound/testdata/dns_error_reporting.rpl b/contrib/unbound/testdata/dns_error_reporting.rpl
deleted file mode 100644
index f1fac12a2284..000000000000
--- a/contrib/unbound/testdata/dns_error_reporting.rpl
+++ /dev/null
@@ -1,200 +0,0 @@
-; Test DNS Error Reporting.
-
-server:
-	module-config: "validator iterator"
-	trust-anchor-signaling: no
-	target-fetch-policy: "0 0 0 0 0"
-	verbosity: 4
-	qname-minimisation: no
-	minimal-responses: no
-	rrset-roundrobin: no
-	trust-anchor: "a.domain DS 50602 8 2 FA8EE175C47325F4BD46D8A4083C3EBEB11C977D689069F2B41F1A29B22446B1"
-	ede: no  # It is not needed for dns-error-reporting; only for clients to receive EDEs
-	dns-error-reporting: yes
-	do-ip6: no
-
-stub-zone:
-	name: domain
-	stub-addr: 0.0.0.0
-stub-zone:
-	name: an.agent
-	stub-addr: 0.0.0.2
-CONFIG_END
-
-SCENARIO_BEGIN Test DNS Error Reporting
-
-; domain
-RANGE_BEGIN 0 100
-	ADDRESS 0.0.0.0
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			a.domain. IN A
-		SECTION AUTHORITY
-			a.domain. IN NS ns.a.domain.
-		SECTION ADDITIONAL
-			ns.a.domain. IN A 0.0.0.1
-			HEX_EDNSDATA_BEGIN
-				00 12				; opt-code (Report-Channel)
-				00 0A				; opt-len
-				02 61 6E 05 61 67 65 6E 74 00	; an.agent.
-			HEX_EDNSDATA_END
-	ENTRY_END
-RANGE_END
-
-; a.domain
-RANGE_BEGIN 0 9
-	ADDRESS 0.0.0.1
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			a.domain. IN DNSKEY
-	ENTRY_END
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			a.domain. IN A
-		SECTION ANSWER
-			a.domain. 5 IN A   0.0.0.0
-			; No RRSIG to trigger validation error (and EDE)
-		SECTION ADDITIONAL
-			; No Report-Channel here
-	ENTRY_END
-RANGE_END
-
-; a.domain
-RANGE_BEGIN 10 100
-	ADDRESS 0.0.0.1
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			a.domain. IN DNSKEY
-	ENTRY_END
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			a.domain. IN A
-		SECTION ANSWER
-			a.domain. 5 IN A   0.0.0.0
-			; No RRSIG to trigger validator error and EDE
-		SECTION ADDITIONAL
-			HEX_EDNSDATA_BEGIN
-				00 12				; opt-code (Report-Channel)
-				00 0A				; opt-len
-				02 61 6E 05 61 67 65 6E 74 00	; an.agent.
-			HEX_EDNSDATA_END
-	ENTRY_END
-RANGE_END
-
-; an.agent
-RANGE_BEGIN 10 20
-	ADDRESS 0.0.0.2
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			_er.1.a.domain.9._er.an.agent. IN TXT
-		SECTION ANSWER
-			_er.1.a.domain.9._er.an.agent. IN TXT "OK"
-	ENTRY_END
-RANGE_END
-
-; Query
-STEP 0 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-a.domain. IN A
-ENTRY_END
-
-; Check that validation failed (no DNS error reporting at this state;
-; 'domain' did give an error reporting agent, but the latest upstream
-; 'a.domain' did not)
-STEP 1 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA SERVFAIL
-SECTION QUESTION
-a.domain.	IN A
-ENTRY_END
-
-; Wait for the a.domain query to expire (TTL 5)
-STEP 3 TIME_PASSES ELAPSE 6
-
-; Query again
-STEP 10 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-a.domain. IN A
-ENTRY_END
-
-; Check that validation failed
-; (a DNS Error Report query should have been generated)
-STEP 11 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA SERVFAIL
-SECTION QUESTION
-a.domain.	IN A
-ENTRY_END
-
-; Check explicitly that the DNS Error Report query is cached.
-STEP 20 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-_er.1.a.domain.9._er.an.agent. IN TXT
-ENTRY_END
-
-; At this range there are no configured agents to answer this.
-; If the DNS Error Report query is not answered from the cache the test will
-; fail with pending messages.
-STEP 21 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY RD QR RA NOERROR
-SECTION QUESTION
-_er.1.a.domain.9._er.an.agent. IN TXT
-SECTION ANSWER
-_er.1.a.domain.9._er.an.agent. IN TXT "OK"
-ENTRY_END
-
-; Wait for the a.domain query to expire (5 TTL).
-; The DNS Error Report query should still be cached (SOA negative).
-STEP 30 TIME_PASSES ELAPSE 6
-
-; Force a DNS Error Report query generation again.
-STEP 31 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-a.domain. IN A
-ENTRY_END
-
-; Check that validation failed
-STEP 32 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA SERVFAIL
-SECTION QUESTION
-a.domain.	IN A
-ENTRY_END
-
-; The same DNS Error Report query will be generated as above.
-; No agent is configured at this range to answer the DNS Error Report query.
-; If the DNS Error Report query is not used from the cache the test will fail
-; with pending messages.
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/dnstap.tdir/dnstap.conf b/contrib/unbound/testdata/dnstap.tdir/dnstap.conf
deleted file mode 100644
index b5497bfebe86..000000000000
--- a/contrib/unbound/testdata/dnstap.tdir/dnstap.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-server:
-	verbosity: 2
-	num-threads: 3
-	outgoing-range: 16
-	interface: 127.0.0.1
-	port: @PORT@
-	use-syslog: no
-	directory: ""
-	pidfile: "unbound.pid"
-	chroot: ""
-	username: ""
-	do-not-query-localhost: no
-	local-zone: "example.net." redirect
-	local-data: "example.net. IN A 10.20.30.41"
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	serve-expired-reply-ttl: 30
-remote-control:
-	control-enable: yes
-	control-interface: 127.0.0.1
-	# control-interface: ::1
-	control-port: @CONTROL_PORT@
-	server-key-file: "unbound_server.key"
-	server-cert-file: "unbound_server.pem"
-	control-key-file: "unbound_control.key"
-	control-cert-file: "unbound_control.pem"
-forward-zone:
-	name: "."
-	forward-addr: "127.0.0.1@@TOPORT@"
-dnstap:
-	dnstap-enable: yes 
-	dnstap-socket-path: "dnstap.socket"
-	dnstap-send-identity: yes
-	dnstap-send-version: yes
-	#dnstap-identity
-	#dnstap-version
-	dnstap-log-resolver-query-messages: yes
-	dnstap-log-resolver-response-messages: yes
-	dnstap-log-client-query-messages: yes
-	dnstap-log-client-response-messages: yes
-	dnstap-log-forwarder-query-messages: yes
-	dnstap-log-forwarder-response-messages: yes
-
diff --git a/contrib/unbound/testdata/fast_reload_fwd.tdir/auth1.zone b/contrib/unbound/testdata/fast_reload_fwd.tdir/auth1.zone
deleted file mode 100644
index b6b551a42dd5..000000000000
--- a/contrib/unbound/testdata/fast_reload_fwd.tdir/auth1.zone
+++ /dev/null
@@ -1,2 +0,0 @@
-@ SOA ns root 1 3600 300 7200 3600
-www A 1.2.3.4
diff --git a/contrib/unbound/testdata/fast_reload_fwd.tdir/auth2.zone b/contrib/unbound/testdata/fast_reload_fwd.tdir/auth2.zone
deleted file mode 100644
index fc59810c9a85..000000000000
--- a/contrib/unbound/testdata/fast_reload_fwd.tdir/auth2.zone
+++ /dev/null
@@ -1,2 +0,0 @@
-@ SOA ns root 1 3600 300 7200 3600
-www A 1.2.3.5
diff --git a/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.conf b/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.conf
deleted file mode 100644
index dca76342f172..000000000000
--- a/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.conf
+++ /dev/null
@@ -1,107 +0,0 @@
-server:
-	verbosity: 4
-	num-threads: 1
-	interface: 127.0.0.1
-	port: @PORT@
-	use-syslog: no
-	directory: ""
-	pidfile: "unbound.pid"
-	chroot: ""
-	username: ""
-	do-not-query-localhost: no
-	trust-anchor: "ta1.example.com DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
-	trust-anchor: "ta2.example.com DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
-	trust-anchor: "ta3.example.com DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
-	domain-insecure: "insec1.ta1.example.com"
-	domain-insecure: "insec2.ta1.example.com"
-	domain-insecure: "insec3.ta1.example.com"
-
-forward-zone:
-	name: "."
-	forward-addr: "127.0.0.1@12345"
-
-remote-control:
-	control-enable: yes
-	control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@
-	control-use-cert: no
-
-forward-zone:
-	name: "example1.org"
-	forward-addr: "127.0.0.1@@NS1_PORT@"
-
-forward-zone:
-	name: "example2.org"
-	forward-addr: "127.0.0.1@@NS1_PORT@"
-
-forward-zone:
-	name: "example3.org"
-	forward-addr: "127.0.0.1@@NS1_PORT@"
-
-forward-zone:
-	name: "example4.org"
-	forward-addr: "127.0.0.1@@NS2_PORT@"
-
-forward-zone:
-	name: "example5.org"
-	forward-addr: "127.0.0.1@@NS2_PORT@"
-
-forward-zone:
-	name: "example6.org"
-	forward-addr: "127.0.0.1@@NS2_PORT@"
-
-stub-zone:
-	name: "stub1.org"
-	stub-addr: "127.0.0.1@@NS1_PORT@"
-	stub-prime: no
-
-stub-zone:
-	name: "stub2.org"
-	stub-addr: "127.0.0.1@@NS1_PORT@"
-	stub-prime: no
-
-stub-zone:
-	name: "stub3.org"
-	stub-addr: "127.0.0.1@@NS1_PORT@"
-	stub-prime: no
-
-stub-zone:
-	name: "stub4.org"
-	stub-addr: "127.0.0.1@@NS2_PORT@"
-	stub-prime: no
-
-stub-zone:
-	name: "stub5.org"
-	stub-addr: "127.0.0.1@@NS2_PORT@"
-	stub-prime: no
-
-stub-zone:
-	name: "stub6.org"
-	stub-addr: "127.0.0.1@@NS2_PORT@"
-	stub-prime: no
-
-auth-zone:
-	name: "auth1.org"
-	zonefile: "auth1.zone"
-
-auth-zone:
-	name: "auth2.org"
-	zonefile: "auth1.zone"
-
-auth-zone:
-	name: "auth3.org"
-	zonefile: "auth1.zone"
-
-auth-zone:
-	name: "auth5.org"
-	zonefile: "auth5.zone"
-	primary: 127.0.0.1@@NS1_PORT@
-
-auth-zone:
-	name: "auth6.org"
-	zonefile: "auth6.zone"
-	primary: 127.0.0.1@@NS1_PORT@
-
-auth-zone:
-	name: "auth7.org"
-	zonefile: "auth7.zone"
-	primary: 127.0.0.1@@NS1_PORT@
diff --git a/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.conf2 b/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.conf2
deleted file mode 100644
index dbe6e4ffa821..000000000000
--- a/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.conf2
+++ /dev/null
@@ -1,108 +0,0 @@
-server:
-	verbosity: 4
-	num-threads: 1
-	interface: 127.0.0.1
-	port: @PORT@
-	use-syslog: no
-	directory: ""
-	pidfile: "unbound.pid"
-	chroot: ""
-	username: ""
-	do-not-query-localhost: no
-	trust-anchor: "ta1.example.com DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
-	trust-anchor: "ta3.example.com DS 55567 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
-	trust-anchor: "ta4.example.com DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
-	domain-insecure: "insec1.ta1.example.com"
-	domain-insecure: "insec3.ta1.example.com"
-	domain-insecure: "insec4.ta1.example.com"
-
-forward-zone:
-	name: "."
-	# No addresses makes the server return SERVFAIL for deleted zones.
-	#forward-addr: "127.0.0.1@12345"
-
-remote-control:
-	control-enable: yes
-	control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@
-	control-use-cert: no
-
-forward-zone:
-	name: "example1.org"
-	forward-addr: "127.0.0.1@@NS2_PORT@"
-
-forward-zone:
-	name: "example2.org"
-	forward-addr: "127.0.0.1@@NS1_PORT@"
-
-forward-zone:
-	name: "example3.org"
-	forward-addr: "127.0.0.1@@NS2_PORT@"
-
-forward-zone:
-	name: "example4.org"
-	forward-addr: "127.0.0.1@@NS1_PORT@"
-
-forward-zone:
-	name: "example5.org"
-	forward-addr: "127.0.0.1@@NS2_PORT@"
-
-forward-zone:
-	name: "example6.org"
-	forward-addr: "127.0.0.1@@NS1_PORT@"
-
-stub-zone:
-	name: "stub1.org"
-	stub-addr: "127.0.0.1@@NS2_PORT@"
-	stub-prime: no
-
-stub-zone:
-	name: "stub2.org"
-	stub-addr: "127.0.0.1@@NS1_PORT@"
-	stub-prime: no
-
-stub-zone:
-	name: "stub3.org"
-	stub-addr: "127.0.0.1@@NS2_PORT@"
-	stub-prime: no
-
-stub-zone:
-	name: "stub4.org"
-	stub-addr: "127.0.0.1@@NS1_PORT@"
-	stub-prime: no
-
-stub-zone:
-	name: "stub5.org"
-	stub-addr: "127.0.0.1@@NS2_PORT@"
-	stub-prime: no
-
-stub-zone:
-	name: "stub6.org"
-	stub-addr: "127.0.0.1@@NS1_PORT@"
-	stub-prime: no
-
-auth-zone:
-	name: "auth1.org"
-	zonefile: "auth1.zone"
-
-auth-zone:
-	name: "auth3.org"
-	zonefile: "auth2.zone"
-
-auth-zone:
-	name: "auth4.org"
-	zonefile: "auth2.zone"
-
-auth-zone:
-	name: "auth5.org"
-	zonefile: "auth5.zone"
-	primary: 127.0.0.1@@NS1_PORT@
-
-auth-zone:
-	name: "auth7.org"
-	zonefile: "auth7.zone"
-	primary: 127.0.0.1@@NS2_PORT@
-
-auth-zone:
-	name: "auth8.org"
-	zonefile: "auth8.zone"
-	primary: 127.0.0.1@@NS1_PORT@
diff --git a/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.dsc b/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.dsc
deleted file mode 100644
index 422cdee4660c..000000000000
--- a/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.dsc
+++ /dev/null
@@ -1,16 +0,0 @@
-BaseName: fast_reload_fwd
-Version: 1.0
-Description: Test fast reload change of forwards and stubs.
-CreationDate: Thu Jan 22 11:55:55 CET 2024
-Maintainer: dr. W.C.A. Wijngaards
-Category:
-Component:
-CmdDepends:
-Depends:
-Help:
-Pre: fast_reload_fwd.pre
-Post: fast_reload_fwd.post
-Test: fast_reload_fwd.test
-AuxFiles:
-Passed:
-Failure:
diff --git a/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.ns1 b/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.ns1
deleted file mode 100644
index d9644414b8e7..000000000000
--- a/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.ns1
+++ /dev/null
@@ -1,339 +0,0 @@
-; match A records and return a reply indicating it is this server.
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example1.org. IN A
-SECTION ANSWER
-www.example1.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example2.org. IN A
-SECTION ANSWER
-www.example2.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example3.org. IN A
-SECTION ANSWER
-www.example3.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example4.org. IN A
-SECTION ANSWER
-www.example4.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example5.org. IN A
-SECTION ANSWER
-www.example5.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example6.org. IN A
-SECTION ANSWER
-www.example6.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.example1.org. IN A
-SECTION ANSWER
-www2.example1.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.example2.org. IN A
-SECTION ANSWER
-www2.example2.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.example3.org. IN A
-SECTION ANSWER
-www2.example3.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.example4.org. IN A
-SECTION ANSWER
-www2.example4.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.example5.org. IN A
-SECTION ANSWER
-www2.example5.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.example6.org. IN A
-SECTION ANSWER
-www2.example6.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.stub1.org. IN A
-SECTION ANSWER
-www.stub1.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.stub2.org. IN A
-SECTION ANSWER
-www.stub2.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.stub3.org. IN A
-SECTION ANSWER
-www.stub3.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.stub4.org. IN A
-SECTION ANSWER
-www.stub4.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.stub5.org. IN A
-SECTION ANSWER
-www.stub5.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.stub6.org. IN A
-SECTION ANSWER
-www.stub6.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.stub1.org. IN A
-SECTION ANSWER
-www2.stub1.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.stub2.org. IN A
-SECTION ANSWER
-www2.stub2.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.stub3.org. IN A
-SECTION ANSWER
-www2.stub3.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.stub4.org. IN A
-SECTION ANSWER
-www2.stub4.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.stub5.org. IN A
-SECTION ANSWER
-www2.stub5.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.stub6.org. IN A
-SECTION ANSWER
-www2.stub6.org. IN A 1.2.3.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-auth5.org. IN SOA
-SECTION ANSWER
-auth5.org. SOA ns root 1 3600 300 7200 3600
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-auth5.org. IN AXFR
-SECTION ANSWER
-auth5.org. SOA ns root 1 3600 300 7200 3600
-www.auth5.org. A 1.2.3.4
-auth5.org. SOA ns root 1 3600 300 7200 3600
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-auth6.org. IN SOA
-SECTION ANSWER
-auth6.org. SOA ns root 1 3600 300 7200 3600
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-auth6.org. IN AXFR
-SECTION ANSWER
-auth6.org. SOA ns root 1 3600 300 7200 3600
-www.auth6.org. A 1.2.3.4
-auth6.org. SOA ns root 1 3600 300 7200 3600
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-auth7.org. IN SOA
-SECTION ANSWER
-auth7.org. SOA ns root 1 3600 300 7200 3600
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-auth7.org. IN AXFR
-SECTION ANSWER
-auth7.org. SOA ns root 1 3600 300 7200 3600
-www.auth7.org. A 1.2.3.4
-auth7.org. SOA ns root 1 3600 300 7200 3600
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-auth8.org. IN SOA
-SECTION ANSWER
-auth8.org. SOA ns root 1 3600 300 7200 3600
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-auth8.org. IN AXFR
-SECTION ANSWER
-auth8.org. SOA ns root 1 3600 300 7200 3600
-www.auth8.org. A 1.2.3.4
-auth8.org. SOA ns root 1 3600 300 7200 3600
-ENTRY_END
-
-; match anything and return a reply
-ENTRY_BEGIN
-MATCH opcode
-ADJUST copy_id copy_query
-REPLY QR AA NOERROR
-SECTION QUESTION
-example.org. IN SOA
-SECTION AUTHORITY
-example.org. IN SOA ns1.example.org. hostmaster.example.org. 1 3600 900 86400 3600
-ENTRY_END
diff --git a/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.ns2 b/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.ns2
deleted file mode 100644
index 8e7eb60c81e5..000000000000
--- a/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.ns2
+++ /dev/null
@@ -1,285 +0,0 @@
-; match A records and return a reply indicating it is this server.
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example1.org. IN A
-SECTION ANSWER
-www.example1.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example2.org. IN A
-SECTION ANSWER
-www.example2.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example3.org. IN A
-SECTION ANSWER
-www.example3.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example4.org. IN A
-SECTION ANSWER
-www.example4.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example5.org. IN A
-SECTION ANSWER
-www.example5.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example6.org. IN A
-SECTION ANSWER
-www.example6.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.example1.org. IN A
-SECTION ANSWER
-www2.example1.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.example2.org. IN A
-SECTION ANSWER
-www2.example2.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.example3.org. IN A
-SECTION ANSWER
-www2.example3.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.example4.org. IN A
-SECTION ANSWER
-www2.example4.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.example5.org. IN A
-SECTION ANSWER
-www2.example5.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.example6.org. IN A
-SECTION ANSWER
-www2.example6.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.stub1.org. IN A
-SECTION ANSWER
-www.stub1.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.stub2.org. IN A
-SECTION ANSWER
-www.stub2.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.stub3.org. IN A
-SECTION ANSWER
-www.stub3.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.stub4.org. IN A
-SECTION ANSWER
-www.stub4.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.stub5.org. IN A
-SECTION ANSWER
-www.stub5.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.stub6.org. IN A
-SECTION ANSWER
-www.stub6.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.stub1.org. IN A
-SECTION ANSWER
-www2.stub1.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.stub2.org. IN A
-SECTION ANSWER
-www2.stub2.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.stub3.org. IN A
-SECTION ANSWER
-www2.stub3.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.stub4.org. IN A
-SECTION ANSWER
-www2.stub4.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.stub5.org. IN A
-SECTION ANSWER
-www2.stub5.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.stub6.org. IN A
-SECTION ANSWER
-www2.stub6.org. IN A 1.2.3.2
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-auth7.org. IN SOA
-SECTION ANSWER
-auth7.org. SOA ns root 2 3600 300 7200 3600
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-auth7.org. IN AXFR
-SECTION ANSWER
-auth7.org. SOA ns root 2 3600 300 7200 3600
-www.auth7.org. A 1.2.3.5
-auth7.org. SOA ns root 2 3600 300 7200 3600
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-auth7.org. IN IXFR
-SECTION ANSWER
-auth7.org. SOA ns root 2 3600 300 7200 3600
-www.auth7.org. A 1.2.3.5
-auth7.org. SOA ns root 2 3600 300 7200 3600
-ENTRY_END
-
-; match anything and return a reply
-ENTRY_BEGIN
-MATCH opcode
-ADJUST copy_id copy_query
-REPLY QR AA NOERROR
-SECTION QUESTION
-example.org. IN SOA
-SECTION AUTHORITY
-example.org. IN SOA ns1.example.org. hostmaster.example.org. 1 3600 900 86400 3600
-ENTRY_END
diff --git a/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.post b/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.post
deleted file mode 100644
index 969d0080df63..000000000000
--- a/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.post
+++ /dev/null
@@ -1,27 +0,0 @@
-# #-- fast_reload_fwd.post --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# source the test var file when it's there
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-#
-# do your teardown here
-PRE="../.."
-. ../common.sh
-kill_pid $NS1_PID
-kill_pid $NS2_PID
-if test -f unbound.pid; then
-	if kill -0 $UNBOUND_PID >/dev/null 2>&1; then
-		kill_pid $UNBOUND_PID
-	fi
-fi
-rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID
-echo
-echo "> ns1.log"
-cat ns1.log
-echo
-echo "> ns2.log"
-cat ns2.log
-echo
-echo "> unbound.log"
-cat unbound.log
-exit 0
diff --git a/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.pre b/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.pre
deleted file mode 100644
index 42e680d8f041..000000000000
--- a/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.pre
+++ /dev/null
@@ -1,56 +0,0 @@
-# #-- fast_reload_fwd.pre--#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-PRE="../.."
-. ../common.sh
-# if no threads; exit
-if grep -e "define HAVE_PTHREAD 1" -e "define HAVE_SOLARIS_THREADS 1" -e "define HAVE_WINDOWS_THREADS 1" $PRE/config.h; then
-	echo "have threads"
-else
-	skip_test "no threads"
-fi
-if grep -e "define ENABLE_LOCK_CHECKS 1" $PRE/config.h; then
-	get_make
-	echo "> (cd $PRE ; $MAKE lock-verify)"
-	(cd $PRE ; $MAKE lock-verify)
-fi
-
-get_random_port 3
-UNBOUND_PORT=$RND_PORT
-NS1_PORT=$(($RND_PORT + 1))
-NS2_PORT=$(($RND_PORT + 2))
-echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
-echo "NS1_PORT=$NS1_PORT" >> .tpkg.var.test
-echo "NS2_PORT=$NS2_PORT" >> .tpkg.var.test
-
-# make config files
-CONTROL_PATH=/tmp
-CONTROL_PID=$$
-sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@NS1_PORT\@/'$NS1_PORT'/' -e 's/@NS2_PORT\@/'$NS2_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < fast_reload_fwd.conf > ub.conf
-sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@NS1_PORT\@/'$NS1_PORT'/' -e 's/@NS2_PORT\@/'$NS2_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < fast_reload_fwd.conf2 > ub.conf2
-
-# start forwarders
-get_ldns_testns
-$LDNS_TESTNS -p $NS1_PORT fast_reload_fwd.ns1 >ns1.log 2>&1 &
-NS1_PID=$!
-echo "NS1_PID=$NS1_PID" >> .tpkg.var.test
-
-$LDNS_TESTNS -p $NS2_PORT fast_reload_fwd.ns2 >ns2.log 2>&1 &
-NS2_PID=$!
-echo "NS2_PID=$NS2_PID" >> .tpkg.var.test
-
-# start unbound in the background
-PRE="../.."
-$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
-UNBOUND_PID=$!
-echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
-echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test
-echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test
-
-cat .tpkg.var.test
-wait_ldns_testns_up ns1.log
-wait_ldns_testns_up ns2.log
-wait_unbound_up unbound.log
diff --git a/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.test b/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.test
deleted file mode 100644
index 9248593c75b2..000000000000
--- a/contrib/unbound/testdata/fast_reload_fwd.tdir/fast_reload_fwd.test
+++ /dev/null
@@ -1,320 +0,0 @@
-# #-- fast_reload_fwd.test --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-PRE="../.."
-. ../common.sh
-
-echo "> unbound-control status"
-$PRE/unbound-control -c ub.conf status
-if test $? -ne 0; then
-	echo "wrong exit value."
-	exit 1
-else
-	echo "exit value: OK"
-fi
-
-# test that the forwards and stubs point to the right upstream.
-for x in example1.org example2.org example3.org stub1.org stub2.org stub3.org; do
-	echo ""
-	echo "dig www.$x [upstream is NS1]"
-	dig @127.0.0.1 -p $UNBOUND_PORT www.$x A 2>&1 | tee outfile
-	if grep "1.2.3.1" outfile; then
-		echo "response OK"
-	else
-		echo "www.$x got the wrong answer"
-		exit 1
-	fi
-done
-
-for x in example4.org example5.org example6.org stub4.org stub5.org stub6.org; do
-	echo ""
-	echo "dig www.$x [upstream is NS2]"
-	dig @127.0.0.1 -p $UNBOUND_PORT www.$x A 2>&1 | tee outfile
-	if grep "1.2.3.2" outfile; then
-		echo "response OK"
-	else
-		echo "www.$x got the wrong answer"
-		exit 1
-	fi
-done
-
-for x in auth1.org auth2.org auth3.org auth5.org auth6.org auth7.org; do
-	echo ""
-	echo "dig www.$x [auth is 1.2.3.4]"
-	dig @127.0.0.1 -p $UNBOUND_PORT www.$x A 2>&1 | tee outfile
-	if grep "1.2.3.4" outfile; then
-		echo "response OK"
-	else
-		echo "www.$x got the wrong answer"
-		exit 1
-	fi
-done
-
-echo ""
-echo "> list_insecure"
-$PRE/unbound-control -c ub.conf list_insecure 2>&1 | tee output
-if test $? -ne 0; then
-	echo "wrong exit value."
-	exit 1
-fi
-if grep "insec1.ta1.example.com" output >/dev/null; then :; else
-	echo "wrong output"
-	exit 1
-fi
-if grep "insec2.ta1.example.com" output >/dev/null; then :; else
-	echo "wrong output"
-	exit 1
-fi
-if grep "insec3.ta1.example.com" output >/dev/null; then :; else
-	echo "wrong output"
-	exit 1
-fi
-echo ""
-echo "> trustanchor.unbound"
-dig @127.0.0.1 -p $UNBOUND_PORT trustanchor.unbound CH TXT 2>&1 | tee outfile
-if grep "ta1.example.com. 55566" outfile >/dev/null; then :; else
-	echo "wrong output ta1"
-	exit 1
-fi
-if grep "ta2.example.com. 55566" outfile >/dev/null; then :; else
-	echo "wrong output"
-	exit 1
-fi
-if grep "ta3.example.com. 55566" outfile >/dev/null; then :; else
-	echo "wrong output"
-	exit 1
-fi
-
-echo ""
-echo "> replace config file ub.conf"
-mv ub.conf ub.conf.orig
-mv ub.conf2 ub.conf
-echo ""
-echo "> unbound-control fast_reload"
-$PRE/unbound-control -c ub.conf fast_reload +vv 2>&1 | tee output
-if test $? -ne 0; then
-	echo "wrong exit value."
-	exit 1
-else
-	echo "exit value: OK"
-fi
-
-# for the previous digs to www.x the cached value should remain the same
-# but for new lookups, to www2.x the new upstream should be used.
-for x in example1.org example2.org example3.org stub1.org stub2.org stub3.org; do
-	echo ""
-	echo "dig www.$x [upstream is NS1]"
-	dig @127.0.0.1 -p $UNBOUND_PORT www.$x A 2>&1 | tee outfile
-	if grep "1.2.3.1" outfile; then
-		echo "response OK"
-	else
-		echo "www.$x got the wrong answer"
-		exit 1
-	fi
-done
-
-for x in example4.org example5.org example6.org stub4.org stub5.org stub6.org; do
-	echo ""
-	echo "dig www.$x [upstream is NS2]"
-	dig @127.0.0.1 -p $UNBOUND_PORT www.$x A 2>&1 | tee outfile
-	if grep "1.2.3.2" outfile; then
-		echo "response OK"
-	else
-		echo "www.$x got the wrong answer"
-		exit 1
-	fi
-done
-
-# new lookups for www2 go to the upstream.
-for x in example2.org example4.org example6.org stub2.org stub4.org stub6.org; do
-	echo ""
-	echo "dig www2.$x [upstream is NS1]"
-	dig @127.0.0.1 -p $UNBOUND_PORT www2.$x A 2>&1 | tee outfile
-	if grep "1.2.3.1" outfile; then
-		echo "response OK"
-	else
-		echo "www2.$x got the wrong answer"
-		exit 1
-	fi
-done
-
-for x in example1.org example3.org example5.org stub1.org stub3.org stub5.org; do
-	echo ""
-	echo "dig www2.$x [upstream is NS2]"
-	dig @127.0.0.1 -p $UNBOUND_PORT www2.$x A 2>&1 | tee outfile
-	if grep "1.2.3.2" outfile; then
-		echo "response OK"
-	else
-		echo "www2.$x got the wrong answer"
-		exit 1
-	fi
-done
-
-# auth is unchanged, or at ns1.
-for x in auth1.org auth5.org auth8.org; do
-	echo ""
-	echo "dig www.$x [auth is 1.2.3.4]"
-	dig @127.0.0.1 -p $UNBOUND_PORT www.$x A 2>&1 | tee outfile
-	if grep "1.2.3.4" outfile; then
-		echo "response OK"
-	else
-		echo "www.$x got the wrong answer"
-		exit 1
-	fi
-done
-
-# deleted auth
-for x in auth2.org auth6.org; do
-	echo ""
-	echo "dig www.$x [auth is deleted]"
-	dig @127.0.0.1 -p $UNBOUND_PORT www.$x A 2>&1 | tee outfile
-	if grep "SERVFAIL" outfile; then
-		echo "response OK"
-	else
-		echo "www.$x got the wrong answer"
-		exit 1
-	fi
-done
-
-# changed and added auth
-for x in auth3.org auth4.org auth7.org; do
-	echo ""
-	echo "dig www.$x [auth is 1.2.3.5]"
-	dig @127.0.0.1 -p $UNBOUND_PORT www.$x A 2>&1 | tee outfile
-	if grep "1.2.3.5" outfile; then
-		echo "response OK"
-	else
-		echo "www.$x got the wrong answer"
-		exit 1
-	fi
-done
-
-echo ""
-echo "> list_insecure"
-$PRE/unbound-control -c ub.conf list_insecure 2>&1 | tee output
-if test $? -ne 0; then
-	echo "wrong exit value."
-	exit 1
-fi
-if grep "insec1.ta1.example.com" output >/dev/null; then :; else
-	echo "wrong output"
-	exit 1
-fi
-if grep "insec2.ta1.example.com" output >/dev/null; then
-	echo "wrong output"
-	exit 1
-fi
-if grep "insec3.ta1.example.com" output >/dev/null; then :; else
-	echo "wrong output"
-	exit 1
-fi
-if grep "insec4.ta1.example.com" output >/dev/null; then :; else
-	echo "wrong output"
-	exit 1
-fi
-echo ""
-echo "> trustanchor.unbound"
-dig @127.0.0.1 -p $UNBOUND_PORT trustanchor.unbound CH TXT 2>&1 | tee outfile
-if grep "ta1.example.com. 55566" outfile >/dev/null; then :; else
-	echo "wrong output"
-	exit 1
-fi
-if grep "ta2.example.com. 55566" outfile >/dev/null; then
-	echo "wrong output"
-	exit 1
-fi
-if grep "ta3.example.com. 55566" outfile >/dev/null; then
-	echo "wrong output"
-	exit 1
-fi
-if grep "ta3.example.com. 55567" outfile >/dev/null; then :; else
-	echo "wrong output"
-	exit 1
-fi
-if grep "ta4.example.com. 55566" outfile >/dev/null; then :; else
-	echo "wrong output"
-	exit 1
-fi
-
-echo ""
-echo "> test change: add tag1 tag2"
-cp ub.conf ub.conf.orig2
-echo "server:" >> ub.conf
-echo '	define-tag: "tag1 tag2"' >> ub.conf
-echo "> unbound-control fast_reload"
-$PRE/unbound-control -c ub.conf fast_reload +vv 2>&1 | tee output
-if test $? -ne 0; then
-	echo "wrong exit value."
-	exit 1
-else
-	echo "exit value: OK"
-fi
-
-echo ""
-echo "> test change: change to tag2 tag3"
-cp ub.conf.orig2 ub.conf
-echo "server:" >> ub.conf
-echo '	define-tag: "tag2 tag3"' >> ub.conf
-echo "> unbound-control fast_reload"
-$PRE/unbound-control -c ub.conf fast_reload +vv 2>&1 | tee output
-if test $? -ne 0; then
-	echo "wrong exit value."
-	exit 1
-else
-	echo "exit value: OK"
-fi
-if grep "tags have changed" output; then
-	echo "output OK"
-else
-	echo "wrong output"
-	exit 1
-fi
-
-echo ""
-echo "> test change: change cache size"
-cp ub.conf.orig2 ub.conf
-echo "server:" >> ub.conf
-echo "	msg-cache-size: 10m" >> ub.conf
-echo "	rrset-cache-size: 5m" >> ub.conf
-echo "> unbound-control fast_reload"
-$PRE/unbound-control -c ub.conf fast_reload +vv 2>&1 | tee output
-if test $? -ne 0; then
-	echo "wrong exit value."
-	exit 1
-else
-	echo "exit value: OK"
-fi
-
-echo ""
-echo "> test change: change nothing, +p too"
-$PRE/unbound-control -c ub.conf fast_reload +vv +p 2>&1 | tee output
-if test $? -ne 0; then
-	echo "wrong exit value."
-	exit 1
-else
-	echo "exit value: OK"
-fi
-
-echo ""
-echo "> stop unbound"
-kill_pid $UNBOUND_PID
-if test -f unbound.pid; then sleep 1; fi
-if test -f unbound.pid; then sleep 1; fi
-if test -f unbound.pid; then sleep 1; fi
-if test -f unbound.pid; then echo "unbound.pid still there"; fi
-# check the locks.
-function locktest() {
-	if test -x $PRE/lock-verify -a -f ublocktrace.0; then
-		$PRE/lock-verify ublocktrace.*
-		if test $? -ne 0; then
-			echo "lock-verify error"
-			exit 1
-		fi
-	fi
-}
-locktest
-
-exit 0
diff --git a/contrib/unbound/testdata/fast_reload_most_options.tdir/auth.nlnetlabs.nl.zone b/contrib/unbound/testdata/fast_reload_most_options.tdir/auth.nlnetlabs.nl.zone
deleted file mode 100644
index 55b8d34a9e4e..000000000000
--- a/contrib/unbound/testdata/fast_reload_most_options.tdir/auth.nlnetlabs.nl.zone
+++ /dev/null
@@ -1,3 +0,0 @@
-$ORIGIN auth.nlnetlabs.nl.
-$TTL 60
-@ IN SOA a b 1 2 3 4 5
diff --git a/contrib/unbound/testdata/fast_reload_most_options.tdir/fast_reload_most_options.conf b/contrib/unbound/testdata/fast_reload_most_options.tdir/fast_reload_most_options.conf
deleted file mode 100644
index eda3d6763a41..000000000000
--- a/contrib/unbound/testdata/fast_reload_most_options.tdir/fast_reload_most_options.conf
+++ /dev/null
@@ -1,143 +0,0 @@
-# Try to define values for options that don't have "default" options that would
-# trigger fast-reload functionality.
-server:
-	verbosity: 4
-	num-threads: 4
-	interface: 127.0.0.1
-	interface: lo
-	port: @PORT@
-	interface-action: lo allow
-	use-syslog: no
-	directory: ""
-	pidfile: "unbound.pid"
-	chroot: ""
-	username: ""
-	do-not-query-localhost: no
-
-	module-config: "respip validator iterator"
-
-	outgoing-interface: 127.0.0.1
-	outgoing-port-avoid: "3200-3208"
-
-	define-tag: "tag1 tag2 tag3"
-
-	do-nat64: yes
-	nat64-prefix: 64:ff9b::0/96
-	dns64-prefix: 64:ff9b::0/96
-	dns64-ignore-aaaa: "ignore-aaaa.nlnetlabs.nl"
-
-	edns-tcp-keepalive: yes
-
-	response-ip: 192.0.2.0 always_refuse
-	access-control: 127.0.0.0/8 allow
-	access-control: ::1 allow
-	access-control-tag: 192.0.2.0/24 "tag2 tag3"
-	interface-tag: lo "tag2 tag3"
-	access-control-tag-action: 192.0.2.0/24 tag3 always_refuse
-	interface-tag-action: lo tag3 always_refuse
-	access-control-tag-data: 192.0.2.0/24 tag2 "A 127.0.0.1"
-	interface-tag-data: lo tag2 "A 127.0.0.1"
-	access-control-view: 192.0.2.0/24 viewname
-	interface-view: lo viewname
-
-	nsid: "ascii_something"
-
-	http-user-agent: "httpuseragent"
-
-	caps-exempt: "nlnetlabs.nl"
-
-	private-address: 10.0.0.0/8
-	private-address: 172.16.0.0/12
-	private-address: 192.168.0.0/16
-	private-address: 169.254.0.0/16
-	private-address: fd00::/8
-	private-address: fe80::/10
-	private-address: ::ffff:0:0/96
-
-	private-domain: "nlnetlabs.nl"
-
-	unwanted-reply-threshold: 10000000
-
-	do-not-query-address: 1.1.1.1
-	do-not-query-address: 8.8.8.8
-	do-not-query-address: 9.9.9.9
-
-	do-not-query-localhost: no
-
-	trust-anchor: "jelte.nlnetlabs.nl. DS 42860 5 1 14D739EB566D2B1A5E216A0BA4D17FA9B038BE4A"
-
-	domain-insecure: "nlnetlabs.nl"
-
-	serve-expired: yes
-	serve-expired-client-timeout: 1800
-
-	val-log-level: 2
-
-	local-zone: refuse.nlnetlabs.nl. refuse
-	local-zone: override.nlnetlabs.nl. deny
-	local-zone: tag.nlnetlabs.nl. transparent
-	local-data: "data.nlnetlabs.nl. TXT localdata"
-	local-data-ptr: "192.0.2.3 reverse.nlnetlabs.nl."
-	local-zone-tag: "tag.nlnetlabs.nl" "tag2 tag3"
-	local-zone-override: "override.nlnetlabs.nl" 192.0.2.0/24 refuse
-
-
-	ratelimit: 100
-	ratelimit-below-domain: ratelimit.nlnetlabs.nl 1000
-	ip-ratelimit: 100
-
-	tcp-connection-limit: 192.0.2.0/24 12
-
-	answer-cookie: yes
-	cookie-secret:  "000102030405060708090a0b0c0d0e0f"
-
-	ede: yes
-	ede-serve-expired: yes
-
-remote-control:
-	control-enable: yes
-	control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@
-	control-use-cert: no
-
-stub-zone:
-	name: "stub.nlnetlabs.nl"
-	stub-addr: 192.0.2.68
-	stub-prime: no
-	stub-first: no
-	stub-tcp-upstream: no
-	stub-tls-upstream: no
-	stub-no-cache: no
-
-forward-zone:
-	name: "forward.nlnetlabs.nl"
-	forward-addr: 192.0.2.68
-	forward-first: no
-	forward-tcp-upstream: no
-	forward-tls-upstream: no
-	forward-no-cache: no
-
-auth-zone:
-	name: "auth.nlnetlabs.nl"
-	for-downstream: yes
-	for-upstream: yes
-	zonemd-check: no
-	zonemd-reject-absence: no
-	zonefile: "auth.nlnetlabs.nl.zone"
-
-view:
-	name: "viewname"
-	local-zone: "view.nlnetlabs.nl" redirect
-	local-data: "view.nlnetlabs.nl A 192.0.2.3"
-	local-data-ptr: "192.0.2.3 view.nlnetlabs.nl"
-	view-first: no
-
-rpz:
-	name: "rpz.nlnetlabs.nl"
-	zonefile: "rpz.nlnetlabs.nl.zone"
-	rpz-action-override: cname
-	rpz-cname-override: www.example.org
-	rpz-log: yes
-	rpz-log-name: "example policy"
-	rpz-signal-nxdomain-ra: no
-	for-downstream: no
-	tags: "tag3"
diff --git a/contrib/unbound/testdata/fast_reload_most_options.tdir/fast_reload_most_options.dsc b/contrib/unbound/testdata/fast_reload_most_options.tdir/fast_reload_most_options.dsc
deleted file mode 100644
index e0e8e9fd206e..000000000000
--- a/contrib/unbound/testdata/fast_reload_most_options.tdir/fast_reload_most_options.dsc
+++ /dev/null
@@ -1,16 +0,0 @@
-BaseName: fast_reload_most_options
-Version: 1.0
-Description: Test fast reload on high verbosity with most options.
-CreationDate: Fri 28 Feb 2025 15:55:15 CET
-Maintainer: Yorgos Thessalonikefs
-Category:
-Component:
-CmdDepends:
-Depends:
-Help:
-Pre: fast_reload_most_options.pre
-Post: fast_reload_most_options.post
-Test: fast_reload_most_options.test
-AuxFiles:
-Passed:
-Failure:
diff --git a/contrib/unbound/testdata/fast_reload_most_options.tdir/fast_reload_most_options.post b/contrib/unbound/testdata/fast_reload_most_options.tdir/fast_reload_most_options.post
deleted file mode 100644
index 7fd25e3648d0..000000000000
--- a/contrib/unbound/testdata/fast_reload_most_options.tdir/fast_reload_most_options.post
+++ /dev/null
@@ -1,11 +0,0 @@
-# #-- fast_reload_most_options.post --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# source the test var file when it's there
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-#
-# do your teardown here
-. ../common.sh
-kill_pid $UNBOUND_PID
-rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID
-cat unbound.log
diff --git a/contrib/unbound/testdata/fast_reload_most_options.tdir/fast_reload_most_options.pre b/contrib/unbound/testdata/fast_reload_most_options.tdir/fast_reload_most_options.pre
deleted file mode 100644
index 47e3642c65c4..000000000000
--- a/contrib/unbound/testdata/fast_reload_most_options.tdir/fast_reload_most_options.pre
+++ /dev/null
@@ -1,33 +0,0 @@
-# #-- fast_reload_most_options.pre--#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-PRE="../.."
-. ../common.sh
-# if no threads; exit
-if grep -e "define HAVE_PTHREAD 1" -e "define HAVE_SOLARIS_THREADS 1" -e "define HAVE_WINDOWS_THREADS 1" $PRE/config.h; then
-	echo "have threads"
-else
-	skip_test "no threads"
-fi
-
-get_random_port 1
-UNBOUND_PORT=$RND_PORT
-echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
-
-# make config file
-CONTROL_PATH=/tmp
-CONTROL_PID=$$
-sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < fast_reload_most_options.conf > ub.conf
-# start unbound in the background
-PRE="../.."
-$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
-UNBOUND_PID=$!
-echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
-echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test
-echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test
-
-cat .tpkg.var.test
-wait_unbound_up unbound.log
diff --git a/contrib/unbound/testdata/fast_reload_most_options.tdir/fast_reload_most_options.test b/contrib/unbound/testdata/fast_reload_most_options.tdir/fast_reload_most_options.test
deleted file mode 100644
index 20799986071a..000000000000
--- a/contrib/unbound/testdata/fast_reload_most_options.tdir/fast_reload_most_options.test
+++ /dev/null
@@ -1,42 +0,0 @@
-# #-- fast_reload_most_options.test --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-PRE="../.."
-. ../common.sh
-
-echo "> unbound-control status"
-$PRE/unbound-control -c ub.conf status
-if test $? -ne 0; then
-	echo "wrong exit value."
-	exit 1
-else
-	echo "exit value: OK"
-fi
-
-for i in {1..10}
-do
-
-	echo "> unbound-control fast_reload +vvdp ($i)"
-	$PRE/unbound-control -c ub.conf fast_reload +vvdp 2>&1 | tee output
-	if test $? -ne 0; then
-		echo "wrong exit value."
-		exit 1
-	else
-		echo "exit value: OK"
-	fi
-	wait_logfile unbound.log "start fast reload thread" 60
-	wait_logfile unbound.log "stop fast reload thread" 60
-	wait_logfile unbound.log "joined with fastreload thread" 60
-
-	if grep "ok" output; then
-		echo "OK"
-	else
-		echo "output not correct"
-		exit 1
-	fi
-done
-
-exit 0
diff --git a/contrib/unbound/testdata/fast_reload_most_options.tdir/rpz.nlnetlabs.nl.zone b/contrib/unbound/testdata/fast_reload_most_options.tdir/rpz.nlnetlabs.nl.zone
deleted file mode 100644
index 71b37150692e..000000000000
--- a/contrib/unbound/testdata/fast_reload_most_options.tdir/rpz.nlnetlabs.nl.zone
+++ /dev/null
@@ -1,5 +0,0 @@
-$ORIGIN rpz.nlnetlabs.nl.
-$TTL 60
-@ IN SOA a b 1 2 3 4 5
-nxdomain.nlnetlabs.nl IN CNAME .
-rpzdata.nlnetlabs.nl IN A 0.0.0.0
diff --git a/contrib/unbound/testdata/fast_reload_thread.tdir/fast_reload_thread.conf b/contrib/unbound/testdata/fast_reload_thread.tdir/fast_reload_thread.conf
deleted file mode 100644
index 719f4a00eaab..000000000000
--- a/contrib/unbound/testdata/fast_reload_thread.tdir/fast_reload_thread.conf
+++ /dev/null
@@ -1,20 +0,0 @@
-server:
-	verbosity: 4
-	num-threads: 1
-	interface: 127.0.0.1
-	port: @PORT@
-	use-syslog: no
-	directory: ""
-	pidfile: "unbound.pid"
-	chroot: ""
-	username: ""
-	do-not-query-localhost: no
-
-forward-zone:
-	name: "."
-	forward-addr: "127.0.0.1@12345"
-
-remote-control:
-	control-enable: yes
-	control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@
-	control-use-cert: no
diff --git a/contrib/unbound/testdata/fast_reload_thread.tdir/fast_reload_thread.dsc b/contrib/unbound/testdata/fast_reload_thread.tdir/fast_reload_thread.dsc
deleted file mode 100644
index ec3437b695c0..000000000000
--- a/contrib/unbound/testdata/fast_reload_thread.tdir/fast_reload_thread.dsc
+++ /dev/null
@@ -1,16 +0,0 @@
-BaseName: fast_reload_thread
-Version: 1.0
-Description: Test fast reload thread output.
-CreationDate: Thu Jan 4 09:25:55 CET 2024
-Maintainer: dr. W.C.A. Wijngaards
-Category: 
-Component:
-CmdDepends: 
-Depends: 
-Help:
-Pre: fast_reload_thread.pre
-Post: fast_reload_thread.post
-Test: fast_reload_thread.test
-AuxFiles: 
-Passed:
-Failure:
diff --git a/contrib/unbound/testdata/fast_reload_thread.tdir/fast_reload_thread.post b/contrib/unbound/testdata/fast_reload_thread.tdir/fast_reload_thread.post
deleted file mode 100644
index 569a17f852ba..000000000000
--- a/contrib/unbound/testdata/fast_reload_thread.tdir/fast_reload_thread.post
+++ /dev/null
@@ -1,11 +0,0 @@
-# #-- fast_reload_thread.post --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# source the test var file when it's there
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-#
-# do your teardown here
-. ../common.sh
-kill_pid $UNBOUND_PID
-rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID
-cat unbound.log
diff --git a/contrib/unbound/testdata/fast_reload_thread.tdir/fast_reload_thread.pre b/contrib/unbound/testdata/fast_reload_thread.tdir/fast_reload_thread.pre
deleted file mode 100644
index 5521742fa318..000000000000
--- a/contrib/unbound/testdata/fast_reload_thread.tdir/fast_reload_thread.pre
+++ /dev/null
@@ -1,34 +0,0 @@
-# #-- fast_reload_thread.pre--#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-PRE="../.."
-. ../common.sh
-# if no threads; exit
-if grep -e "define HAVE_PTHREAD 1" -e "define HAVE_SOLARIS_THREADS 1" -e "define HAVE_WINDOWS_THREADS 1" $PRE/config.h; then
-	echo "have threads"
-else
-	skip_test "no threads"
-fi
-
-get_random_port 1
-UNBOUND_PORT=$RND_PORT
-echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
-
-# make config file
-CONTROL_PATH=/tmp
-CONTROL_PID=$$
-sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < fast_reload_thread.conf > ub.conf
-# start unbound in the background
-PRE="../.."
-$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
-UNBOUND_PID=$!
-echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
-echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test
-echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test
-
-cat .tpkg.var.test
-wait_unbound_up unbound.log
-
diff --git a/contrib/unbound/testdata/fast_reload_thread.tdir/fast_reload_thread.test b/contrib/unbound/testdata/fast_reload_thread.tdir/fast_reload_thread.test
deleted file mode 100644
index d2ef258802f7..000000000000
--- a/contrib/unbound/testdata/fast_reload_thread.tdir/fast_reload_thread.test
+++ /dev/null
@@ -1,38 +0,0 @@
-# #-- fast_reload_thread.test --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-PRE="../.."
-. ../common.sh
-
-echo "> unbound-control status"
-$PRE/unbound-control -c ub.conf status
-if test $? -ne 0; then
-	echo "wrong exit value."
-	exit 1
-else
-	echo "exit value: OK"
-fi
-
-echo "> unbound-control fast_reload"
-$PRE/unbound-control -c ub.conf fast_reload 2>&1 | tee output
-if test $? -ne 0; then
-	echo "wrong exit value."
-	exit 1
-else
-	echo "exit value: OK"
-fi
-wait_logfile unbound.log "start fast reload thread" 60
-wait_logfile unbound.log "stop fast reload thread" 60
-wait_logfile unbound.log "joined with fastreload thread" 60
-
-if grep "ok" output; then
-	echo "OK"
-else
-	echo "output not correct"
-	exit 1
-fi
-
-exit 0
diff --git a/contrib/unbound/testdata/fwd_0ttlservfail.rpl b/contrib/unbound/testdata/fwd_0ttlservfail.rpl
deleted file mode 100644
index d50d386d4137..000000000000
--- a/contrib/unbound/testdata/fwd_0ttlservfail.rpl
+++ /dev/null
@@ -1,87 +0,0 @@
-; This is a comment.
-; config options go here.
-server:
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	prefetch: yes
-forward-zone: name: "." forward-addr: 216.0.0.1
-CONFIG_END
-
-SCENARIO_BEGIN Zero ttl answer needs to override servfail in cache.
-RANGE_BEGIN 0 100
-	ENTRY_BEGIN
-	MATCH opcode qtype qname
-	ADJUST copy_id
-	REPLY QR RD RA SERVFAIL
-	SECTION QUESTION
-www.example.com. IN A
-	SECTION ANSWER
-	ENTRY_END
-RANGE_END
-RANGE_BEGIN 200 300
-	ENTRY_BEGIN
-	MATCH opcode qtype qname
-	ADJUST copy_id
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-www.example.com. IN A
-	SECTION ANSWER
-www.example.com. 0 IN A 10.20.30.40
-	ENTRY_END
-RANGE_END
-
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA SERVFAIL
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-ENTRY_END
-
-; enough to pass by the TTL of the servfail answer in cache
-STEP 50 TIME_PASSES ELAPSE 5
-
-; this query triggers a prefetch
-STEP 210 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 220 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA SERVFAIL
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-ENTRY_END
-
-; this query gets the 0ttl answer
-STEP 230 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 240 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 0 IN A 10.20.30.40
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/iter_failreply.rpl b/contrib/unbound/testdata/iter_failreply.rpl
deleted file mode 100644
index e8ad4dd26e31..000000000000
--- a/contrib/unbound/testdata/iter_failreply.rpl
+++ /dev/null
@@ -1,131 +0,0 @@
-; config options
-server:
-	target-fetch-policy: "0 0 0 0 0"
-	qname-minimisation: "no"
-	minimal-responses: no
-
-stub-zone:
-	name: "."
-	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
-CONFIG_END
-
-SCENARIO_BEGIN Test iterator fail_reply report
-
-; K.ROOT-SERVERS.NET.
-RANGE_BEGIN 0 100
-	ADDRESS 193.0.14.129 
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-. IN NS
-SECTION ANSWER
-. IN NS	K.ROOT-SERVERS.NET.
-SECTION ADDITIONAL
-K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-example.com. IN NS
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-example.com.	IN NS	ns2.example.net.
-SECTION ADDITIONAL
-ns.example.com. IN A 1.2.3.4
-ns.example.com. IN AAAA ::1
-ns2.example.net. IN AAAA ::1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-ns2.example.net. IN A
-SECTION ANSWER
-ns2.example.net. IN A 1.2.3.5
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-ns2.example.net. IN AAAA
-SECTION ANSWER
-ns2.example.net. IN AAAA ::1
-ENTRY_END
-
-RANGE_END
-
-RANGE_END
-
-; ns.example.com.
-RANGE_BEGIN 0 100
-	ADDRESS 1.2.3.4
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR SERVFAIL
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR SERVFAIL
-SECTION QUESTION
-ns.example.com. IN A
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR SERVFAIL
-SECTION QUESTION
-ns.example.com. IN AAAA
-ENTRY_END
-RANGE_END
-
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 20 CHECK_OUT_QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 21 TIMEOUT
-STEP 22 TIMEOUT
-STEP 23 TIMEOUT
-STEP 24 TIMEOUT
-STEP 25 TIMEOUT
-
-STEP 31 TIMEOUT
-STEP 32 TIMEOUT
-STEP 33 TIMEOUT
-STEP 34 TIMEOUT
-
-; recursion happens here.
-STEP 50 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA SERVFAIL
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/iter_fwdstubauth.rpl b/contrib/unbound/testdata/iter_fwdstubauth.rpl
deleted file mode 100644
index fefb6369c864..000000000000
--- a/contrib/unbound/testdata/iter_fwdstubauth.rpl
+++ /dev/null
@@ -1,155 +0,0 @@
-; config options
-server:
-	target-fetch-policy: "0 0 0 0 0"
-
-auth-zone:
-	name: "example.tld."
-	for-upstream: yes
-	for-downstream: no
-	fallback-enabled: no
-	## this line generates zonefile: "/tmp/xxx.example.tld"
-	zonefile:
-TEMPFILE_NAME example.tld
-	## this is the inline file /tmp/xxx.example.tld
-	## the tempfiles are deleted when the testrun is over.
-TEMPFILE_CONTENTS example.tld
-$ORIGIN tld.
-example	3600	IN	SOA	a b 1 2 3 4 5
-	3600	IN	NS	ns.example.tld.
-$ORIGIN example.tld.
-ns	3600	IN	A	1.2.3.4
-www	3600	IN	A	3.3.3.3
-more	3600	IN	NS	ns.more.tld.
-TEMPFILE_END
-
-forward-zone:
-	name: "."
-	forward-addr: 9.9.9.9
-
-stub-zone:
-	name: "tld"
-	stub-addr: 2.3.4.5
-stub-zone:
-	name: "more.example.tld"
-	stub-addr: 2.3.4.7
-CONFIG_END
-
-SCENARIO_BEGIN Test iterator's ability to route the request to the correct, configured delegation point
-; Preference should be auth-zone > stub-zone > forward-zone
-; But configuration-wise, since everything is an entry on the forwards tree
-; (or a hole in the case of stub/auth), forwards cannot be replaced by
-; stubs/auth.
-; Also stub/auth zones end the part of the tree that gets forwarded, e.g.,
-; delegations from an auth/stub cannot be caught by a higher forwarder, it will
-; be recursively resolved instead.
-
-; '.' forwarder
-RANGE_BEGIN 0 100
-	ADDRESS 9.9.9.9
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-www.deleg.tld. IN A
-SECTION ANSWER
-www.deleg.tld. IN A 3.3.3.3
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-www.more.example.tld. IN A
-SECTION ANSWER
-www.more.example.tld. IN A 3.3.3.3
-ENTRY_END
-RANGE_END
-
-; 'tld.' stub server
-RANGE_BEGIN 0 100
-	ADDRESS 2.3.4.5
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.tld. IN A
-SECTION ANSWER
-www.tld. IN A 3.3.3.3
-ENTRY_END
-RANGE_END
-
-; 'more.example.tld.' stub server
-RANGE_BEGIN 0 100
-	ADDRESS 2.3.4.7
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.more.example.tld. IN A
-SECTION ANSWER
-www.more.example.tld. IN A 3.3.3.3
-ENTRY_END
-RANGE_END
-
-; query www.tld ...
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.tld. IN A
-ENTRY_END
-
-; ... answer should come from 'tld.' stub zone
-STEP 2 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.tld. IN A
-SECTION ANSWER
-www.tld. IN A 3.3.3.3
-ENTRY_END
-
-; query www.example.tld ...
-STEP 3 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.tld. IN A
-ENTRY_END
-
-; ... answer should come from 'example.tld.' auth zone
-STEP 4 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.tld. IN A
-SECTION ANSWER
-www.example.tld. IN A 3.3.3.3
-ENTRY_END
-
-; query www.more.example.tld ...
-STEP 5 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.more.example.tld. IN A
-ENTRY_END
-
-; ... answer should come from 'more.example.tld.' stub zone
-STEP 6 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.more.example.tld. IN A
-SECTION ANSWER
-www.more.example.tld. IN A 3.3.3.3
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/iter_scrub_rr_length.rpl b/contrib/unbound/testdata/iter_scrub_rr_length.rpl
deleted file mode 100644
index ee7579f9c246..000000000000
--- a/contrib/unbound/testdata/iter_scrub_rr_length.rpl
+++ /dev/null
@@ -1,297 +0,0 @@
-; config options
-server:
-	target-fetch-policy: "0 0 0 0 0"
-	qname-minimisation: "no"
-	minimal-responses: no
-	rrset-roundrobin: no
-	ede: yes
-
-stub-zone:
-	name: "."
-	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
-CONFIG_END
-
-SCENARIO_BEGIN Test scrub of RRs of inappropriate length
-
-; K.ROOT-SERVERS.NET.
-RANGE_BEGIN 0 200
-	ADDRESS 193.0.14.129 
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-. IN NS
-SECTION ANSWER
-. IN NS	K.ROOT-SERVERS.NET.
-SECTION ADDITIONAL
-K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION AUTHORITY
-com.	IN NS	a.gtld-servers.net.
-SECTION ADDITIONAL
-a.gtld-servers.net.	IN 	A	192.5.6.30
-ENTRY_END
-RANGE_END
-
-; a.gtld-servers.net.
-RANGE_BEGIN 0 200
-	ADDRESS 192.5.6.30
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-com. IN NS
-SECTION ANSWER
-com.	IN NS	a.gtld-servers.net.
-SECTION ADDITIONAL
-a.gtld-servers.net.	IN 	A	192.5.6.30
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.4
-ENTRY_END
-RANGE_END
-
-; ns.example.com.
-RANGE_BEGIN 0 200
-	ADDRESS 1.2.3.4
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-example.com. IN NS
-SECTION ANSWER
-example.com.	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.4
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. IN A	10.20.30.40
-www.example.com. IN A \# 3 030405
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.4
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example.com. IN AAAA
-SECTION ANSWER
-www.example.com. IN AAAA	2001:db8::1234
-www.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.4
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-broken1.example.com. IN A
-SECTION ANSWER
-broken1.example.com. IN A \# 3 030405
-broken1.example.com. IN A \# 3 030406
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.4
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-broken1.example.com. IN AAAA
-SECTION ANSWER
-broken1.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F
-broken1.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E30
-broken1.example.com. IN AAAA \# 48 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E31
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.4
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-broken2.example.com. IN A
-SECTION ANSWER
-broken2.example.com. IN A 1.2.3.4
-broken2.example.com. IN A \# 3 030405
-broken2.example.com. IN A 1.2.3.5
-broken2.example.com. IN A \# 3 030406
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com. IN A \# 3 030407
-ns.example.com.		IN 	A	1.2.3.6
-ns.example.com. IN A \# 3 030408
-ns.example.com. IN A \# 3 030409
-ns.example.com.		IN 	A	1.2.3.7
-ENTRY_END
-RANGE_END
-
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. IN A	10.20.30.40
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.4
-ENTRY_END
-
-STEP 20 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN AAAA
-ENTRY_END
-
-STEP 30 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN AAAA
-SECTION ANSWER
-www.example.com. IN AAAA	2001:db8::1234
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.4
-ENTRY_END
-
-STEP 40 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-broken1.example.com. IN A
-ENTRY_END
-
-STEP 50 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-broken1.example.com. IN A
-SECTION ANSWER
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.4
-ENTRY_END
-
-STEP 60 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-broken1.example.com. IN AAAA
-ENTRY_END
-
-STEP 70 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-broken1.example.com. IN AAAA
-SECTION ANSWER
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.4
-ENTRY_END
-
-STEP 80 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-broken2.example.com. IN A
-ENTRY_END
-
-STEP 90 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-broken2.example.com. IN A
-SECTION ANSWER
-broken2.example.com. IN A 1.2.3.4
-broken2.example.com. IN A 1.2.3.5
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.6
-ns.example.com.		IN 	A	1.2.3.7
-ENTRY_END
-
-STEP 100 QUERY
-ENTRY_BEGIN
-REPLY RD CD DO
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-STEP 110 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ede=0
-REPLY QR RD CD RA DO NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. IN A	10.20.30.40
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.6
-ns.example.com.		IN 	A	1.2.3.7
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/log_servfail.tdir/log_servfail.conf b/contrib/unbound/testdata/log_servfail.tdir/log_servfail.conf
deleted file mode 100644
index 2d7c34e68c84..000000000000
--- a/contrib/unbound/testdata/log_servfail.tdir/log_servfail.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-server:
-	verbosity: 0
-	use-syslog: no
-	directory: ""
-	pidfile: "unbound.pid"
-	chroot: ""
-	username: ""
-	do-not-query-localhost: no
-	use-caps-for-id: no
-	port: @SERVER_PORT@
-	interface: 127.0.0.1
-	outbound-msg-retry: 0
-
-        log-servfail: yes
-
-forward-zone:
-	name: "a.servfail"
-	forward-addr: 127.0.0.1@@SERVER_PORT@
-
-forward-zone:
-	name: "b.servfail"
-	forward-addr: 127.0.0.1@@SERVER_PORT@
-
-remote-control:
-	control-enable: yes
-	control-port: @CONTROL_PORT@
-	control-use-cert: no
diff --git a/contrib/unbound/testdata/log_servfail.tdir/log_servfail.dsc b/contrib/unbound/testdata/log_servfail.tdir/log_servfail.dsc
deleted file mode 100644
index cf4f455aadf4..000000000000
--- a/contrib/unbound/testdata/log_servfail.tdir/log_servfail.dsc
+++ /dev/null
@@ -1,16 +0,0 @@
-BaseName: log_servfail
-Version: 1.0
-Description: Check the log_servfail option
-CreationDate: Fri 29 Nov 11:00:00 CEST 2024
-Maintainer:
-Category:
-Component:
-CmdDepends:
-Depends:
-Help:
-Pre: log_servfail.pre
-Post: log_servfail.post
-Test: log_servfail.test
-AuxFiles:
-Passed:
-Failure:
diff --git a/contrib/unbound/testdata/log_servfail.tdir/log_servfail.post b/contrib/unbound/testdata/log_servfail.tdir/log_servfail.post
deleted file mode 100644
index a7bd0e88f4bb..000000000000
--- a/contrib/unbound/testdata/log_servfail.tdir/log_servfail.post
+++ /dev/null
@@ -1,10 +0,0 @@
-# #-- log_servfail.post --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# source the test var file when it's there
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-#
-# do your teardown here
-. ../common.sh
-kill_from_pidfile "unbound.pid"
-cat unbound.log
diff --git a/contrib/unbound/testdata/log_servfail.tdir/log_servfail.pre b/contrib/unbound/testdata/log_servfail.tdir/log_servfail.pre
deleted file mode 100644
index 54059480824d..000000000000
--- a/contrib/unbound/testdata/log_servfail.tdir/log_servfail.pre
+++ /dev/null
@@ -1,21 +0,0 @@
-# #-- log_servfail.pre--#
-PRE="../.."
-. ../common.sh
-
-get_random_port 2
-SERVER_PORT=$RND_PORT
-CONTROL_PORT=$(($RND_PORT + 1))
-echo "SERVER_PORT=$SERVER_PORT" >> .tpkg.var.test
-echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test
-
-# make config file
-sed \
-	-e 's/@SERVER_PORT\@/'$SERVER_PORT'/' \
-	-e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' \
-	< log_servfail.conf > ub.conf
-
-# start unbound in the background
-$PRE/unbound -d -c ub.conf > unbound.log 2>&1 &
-
-cat .tpkg.var.test
-wait_unbound_up unbound.log
diff --git a/contrib/unbound/testdata/log_servfail.tdir/log_servfail.test b/contrib/unbound/testdata/log_servfail.tdir/log_servfail.test
deleted file mode 100644
index 1d19e5ca3b22..000000000000
--- a/contrib/unbound/testdata/log_servfail.tdir/log_servfail.test
+++ /dev/null
@@ -1,47 +0,0 @@
-# #-- log_servfail.test --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-PRE="../.."
-. ../common.sh
-
-outfile=dig.out
-
-teststep "Check if log-servfail logs to output for iterator error"
-dig a.servfail @127.0.0.1 -p $SERVER_PORT > $outfile
-if ! grep "SERVFAIL" $outfile
-then
-	cat $outfile
-	echo "Did not get a SERVFAIL response"
-	exit 1
-fi
-if ! grep "SERVFAIL <a\.servfail\. "  unbound.log
-then
-        echo "No log-servfail in output"
-        exit 1
-fi
-
-teststep "Enable serve expired"
-$PRE/unbound-control -c ub.conf set_option serve-expired: yes
-if test $? -ne 0
-then
-	echo "unbound-control command exited with non-zero error code"
-	exit 1
-fi
-
-teststep "Check if log-servfail logs to output for iterator error (with serve-expired)"
-dig b.servfail @127.0.0.1 -p $SERVER_PORT > $outfile
-if ! grep "SERVFAIL" $outfile
-then
-	cat $outfile
-	echo "Did not get a SERVFAIL response"
-	exit 1
-fi
-if ! grep "SERVFAIL <b\.servfail\. "  unbound.log
-then
-        echo "No log-servfail in output"
-        exit 1
-fi
-
-exit 0
diff --git a/contrib/unbound/testdata/redis_replica.tdir/after.zone b/contrib/unbound/testdata/redis_replica.tdir/after.zone
deleted file mode 100644
index 11c268f81497..000000000000
--- a/contrib/unbound/testdata/redis_replica.tdir/after.zone
+++ /dev/null
@@ -1,2 +0,0 @@
-redis.com. IN SOA server. ma.il 1 2 3 4 5
-redis.com. IN A 2.2.2.2
diff --git a/contrib/unbound/testdata/redis_replica.tdir/before.zone b/contrib/unbound/testdata/redis_replica.tdir/before.zone
deleted file mode 100644
index 8e50c6267516..000000000000
--- a/contrib/unbound/testdata/redis_replica.tdir/before.zone
+++ /dev/null
@@ -1,2 +0,0 @@
-redis.com. IN SOA server. ma.il 1 2 3 4 5
-redis.com. IN A 1.1.1.1
diff --git a/contrib/unbound/testdata/redis_replica.tdir/redis.conf b/contrib/unbound/testdata/redis_replica.tdir/redis.conf
deleted file mode 100644
index 3b80736e2438..000000000000
--- a/contrib/unbound/testdata/redis_replica.tdir/redis.conf
+++ /dev/null
@@ -1,583 +0,0 @@
-###
-###  Settings for this test ###################################################
-###
-
-# Accept connections on the specified port, default is 6379 (IANA #815344).
-# If port 0 is specified Redis will not listen on a TCP socket.
-port 0
-
-# Unix socket.
-#
-# Specify the path for the Unix socket that will be used to listen for
-# incoming connections. There is no default, so Redis will not listen
-# on a unix socket when not specified.
-#
-unixsocket @SOCKET@
-# unixsocketperm 700
-
-# By default Redis does not run as a daemon. Use 'yes' if you need it.
-# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
-# When Redis is supervised by upstart or systemd, this parameter has no impact.
-daemonize no
-
-# Specify the server verbosity level.
-# This can be one of:
-# debug (a lot of information, useful for development/testing)
-# verbose (many rarely useful info, but not a mess like the debug level)
-# notice (moderately verbose, what you want in production probably)
-# warning (only very important / critical messages are logged)
-# nothing (nothing is logged)
-loglevel notice
-
-# Specify the log file name. Also the empty string can be used to force
-# Redis to log on the standard output. Note that if you use standard
-# output for logging but daemonize, logs will be sent to /dev/null
-logfile @LOGFILE@
-
-# To enable logging to the system logger, just set 'syslog-enabled' to yes,
-# and optionally update the other syslog parameters to suit your needs.
-syslog-enabled no
-
-# Set the number of databases. The default database is DB 0, you can select
-# a different one on a per-connection basis using SELECT <dbid> where
-# dbid is a number between 0 and 'databases'-1
-databases 2
-
-# Snapshotting can be completely disabled with a single empty string argument
-# as in following example:
-#
-save ""
-
-# The working directory.
-#
-# The DB will be written inside this directory, with the filename specified
-# above using the 'dbfilename' configuration directive.
-#
-# The Append Only File will also be created inside this directory.
-#
-# Note that you must specify a directory here, not a file name.
-dir .
-
-###
-###  Rest of the default Redis settings #######################################
-###
-
-bind 127.0.0.1 -::1
-
-# When protected mode is on and the default user has no password, the server
-# only accepts local connections from the IPv4 address (127.0.0.1), IPv6 address
-# (::1) or Unix domain sockets.
-protected-mode yes
-
-# TCP listen() backlog.
-#
-# In high requests-per-second environments you need a high backlog in order
-# to avoid slow clients connection issues. Note that the Linux kernel
-# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
-# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
-# in order to get the desired effect.
-tcp-backlog 511
-
-# Close the connection after a client is idle for N seconds (0 to disable)
-timeout 0
-
-# TCP keepalive.
-# A reasonable value for this option is 300 seconds, which is the new
-# Redis default starting with Redis 3.2.1.
-tcp-keepalive 300
-
-# By default Redis shows an ASCII art logo only when started to log to the
-# standard output and if the standard output is a TTY and syslog logging is
-# disabled. Basically this means that normally a logo is displayed only in
-# interactive sessions.
-#
-# However it is possible to force the pre-4.0 behavior and always show a
-# ASCII art logo in startup logs by setting the following option to yes.
-always-show-logo no
-
-# By default, Redis modifies the process title (as seen in 'top' and 'ps') to
-# provide some runtime information. It is possible to disable this and leave
-# the process name as executed by setting the following to no.
-set-proc-title yes
-
-# When changing the process title, Redis uses the following template to construct
-# the modified title.
-#
-# Template variables are specified in curly brackets. The following variables are
-# supported:
-#
-# {title}           Name of process as executed if parent, or type of child process.
-# {listen-addr}     Bind address or '*' followed by TCP or TLS port listening on, or
-#                   Unix socket if only that's available.
-# {server-mode}     Special mode, i.e. "[sentinel]" or "[cluster]".
-# {port}            TCP port listening on, or 0.
-# {tls-port}        TLS port listening on, or 0.
-# {unixsocket}      Unix domain socket listening on, or "".
-# {config-file}     Name of configuration file used.
-#
-proc-title-template "{title} {listen-addr} {server-mode}"
-
-# Set the local environment which is used for string comparison operations, and
-# also affect the performance of Lua scripts. Empty String indicates the locale
-# is derived from the environment variables.
-#locale-collate ""
-
-# By default Redis will stop accepting writes if RDB snapshots are enabled
-# (at least one save point) and the latest background save failed.
-# This will make the user aware (in a hard way) that data is not persisting
-# on disk properly, otherwise chances are that no one will notice and some
-# disaster will happen.
-#
-# If the background saving process will start working again Redis will
-# automatically allow writes again.
-#
-# However if you have setup your proper monitoring of the Redis server
-# and persistence, you may want to disable this feature so that Redis will
-# continue to work as usual even if there are problems with disk,
-# permissions, and so forth.
-stop-writes-on-bgsave-error yes
-
-# Compress string objects using LZF when dump .rdb databases?
-# By default compression is enabled as it's almost always a win.
-# If you want to save some CPU in the saving child set it to 'no' but
-# the dataset will likely be bigger if you have compressible values or keys.
-rdbcompression yes
-
-# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
-# This makes the format more resistant to corruption but there is a performance
-# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
-# for maximum performances.
-#
-# RDB files created with checksum disabled have a checksum of zero that will
-# tell the loading code to skip the check.
-rdbchecksum yes
-
-# The filename where to dump the DB
-dbfilename redis.rdb
-
-# Remove RDB files used by replication in instances without persistence
-# enabled. By default this option is disabled, however there are environments
-# where for regulations or other security concerns, RDB files persisted on
-# disk by masters in order to feed replicas, or stored on disk by replicas
-# in order to load them for the initial synchronization, should be deleted
-# ASAP. Note that this option ONLY WORKS in instances that have both AOF
-# and RDB persistence disabled, otherwise is completely ignored.
-#
-# An alternative (and sometimes better) way to obtain the same effect is
-# to use diskless replication on both master and replicas instances. However
-# in the case of replicas, diskless is not always an option.
-rdb-del-sync-files no
-
-# When a replica loses its connection with the master, or when the replication
-# is still in progress, the replica can act in two different ways:
-#
-# 1) if replica-serve-stale-data is set to 'yes' (the default) the replica will
-#    still reply to client requests, possibly with out of date data, or the
-#    data set may just be empty if this is the first synchronization.
-#
-# 2) If replica-serve-stale-data is set to 'no' the replica will reply with error
-#    "MASTERDOWN Link with MASTER is down and replica-serve-stale-data is set to 'no'"
-#    to all data access commands, excluding commands such as:
-#    INFO, REPLICAOF, AUTH, SHUTDOWN, REPLCONF, ROLE, CONFIG, SUBSCRIBE,
-#    UNSUBSCRIBE, PSUBSCRIBE, PUNSUBSCRIBE, PUBLISH, PUBSUB, COMMAND, POST,
-#    HOST and LATENCY.
-#
-replica-serve-stale-data yes
-
-# You can configure a replica instance to accept writes or not. Writing against
-# a replica instance may be useful to store some ephemeral data (because data
-# written on a replica will be easily deleted after resync with the master) but
-# may also cause problems if clients are writing to it because of a
-# misconfiguration.
-#
-# Since Redis 2.6 by default replicas are read-only.
-#
-# Note: read only replicas are not designed to be exposed to untrusted clients
-# on the internet. It's just a protection layer against misuse of the instance.
-# Still a read only replica exports by default all the administrative commands
-# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve
-# security of read only replicas using 'rename-command' to shadow all the
-# administrative / dangerous commands.
-replica-read-only yes
-
-# Replication SYNC strategy: disk or socket.
-#
-# New replicas and reconnecting replicas that are not able to continue the
-# replication process just receiving differences, need to do what is called a
-# "full synchronization". An RDB file is transmitted from the master to the
-# replicas.
-#
-# The transmission can happen in two different ways:
-#
-# 1) Disk-backed: The Redis master creates a new process that writes the RDB
-#                 file on disk. Later the file is transferred by the parent
-#                 process to the replicas incrementally.
-# 2) Diskless: The Redis master creates a new process that directly writes the
-#              RDB file to replica sockets, without touching the disk at all.
-#
-# With disk-backed replication, while the RDB file is generated, more replicas
-# can be queued and served with the RDB file as soon as the current child
-# producing the RDB file finishes its work. With diskless replication instead
-# once the transfer starts, new replicas arriving will be queued and a new
-# transfer will start when the current one terminates.
-#
-# When diskless replication is used, the master waits a configurable amount of
-# time (in seconds) before starting the transfer in the hope that multiple
-# replicas will arrive and the transfer can be parallelized.
-#
-# With slow disks and fast (large bandwidth) networks, diskless replication
-# works better.
-repl-diskless-sync yes
-
-# When diskless replication is enabled, it is possible to configure the delay
-# the server waits in order to spawn the child that transfers the RDB via socket
-# to the replicas.
-#
-# This is important since once the transfer starts, it is not possible to serve
-# new replicas arriving, that will be queued for the next RDB transfer, so the
-# server waits a delay in order to let more replicas arrive.
-#
-# The delay is specified in seconds, and by default is 5 seconds. To disable
-# it entirely just set it to 0 seconds and the transfer will start ASAP.
-repl-diskless-sync-delay 5
-
-# When diskless replication is enabled with a delay, it is possible to let
-# the replication start before the maximum delay is reached if the maximum
-# number of replicas expected have connected. Default of 0 means that the
-# maximum is not defined and Redis will wait the full delay.
-#repl-diskless-sync-max-replicas 0
-
-# -----------------------------------------------------------------------------
-# WARNING: Since in this setup the replica does not immediately store an RDB on
-# disk, it may cause data loss during failovers. RDB diskless load + Redis
-# modules not handling I/O reads may cause Redis to abort in case of I/O errors
-# during the initial synchronization stage with the master.
-# -----------------------------------------------------------------------------
-#
-# Replica can load the RDB it reads from the replication link directly from the
-# socket, or store the RDB to a file and read that file after it was completely
-# received from the master.
-#
-# In many cases the disk is slower than the network, and storing and loading
-# the RDB file may increase replication time (and even increase the master's
-# Copy on Write memory and replica buffers).
-# However, when parsing the RDB file directly from the socket, in order to avoid
-# data loss it's only safe to flush the current dataset when the new dataset is
-# fully loaded in memory, resulting in higher memory usage.
-# For this reason we have the following options:
-#
-# "disabled"    - Don't use diskless load (store the rdb file to the disk first)
-# "swapdb"      - Keep current db contents in RAM while parsing the data directly
-#                 from the socket. Replicas in this mode can keep serving current
-#                 dataset while replication is in progress, except for cases where
-#                 they can't recognize master as having a data set from same
-#                 replication history.
-#                 Note that this requires sufficient memory, if you don't have it,
-#                 you risk an OOM kill.
-# "on-empty-db" - Use diskless load only when current dataset is empty. This is
-#                 safer and avoid having old and new dataset loaded side by side
-#                 during replication.
-repl-diskless-load disabled
-
-# Master send PINGs to its replicas in a predefined interval. It's possible to
-# change this interval with the repl_ping_replica_period option. The default
-# value is 10 seconds.
-#
-# repl-ping-replica-period 10
-
-# The following option sets the replication timeout for:
-#
-# 1) Bulk transfer I/O during SYNC, from the point of view of replica.
-# 2) Master timeout from the point of view of replicas (data, pings).
-# 3) Replica timeout from the point of view of masters (REPLCONF ACK pings).
-#
-# It is important to make sure that this value is greater than the value
-# specified for repl-ping-replica-period otherwise a timeout will be detected
-# every time there is low traffic between the master and the replica. The default
-# value is 60 seconds.
-#
-# repl-timeout 60
-
-# Disable TCP_NODELAY on the replica socket after SYNC?
-#
-# If you select "yes" Redis will use a smaller number of TCP packets and
-# less bandwidth to send data to replicas. But this can add a delay for
-# the data to appear on the replica side, up to 40 milliseconds with
-# Linux kernels using a default configuration.
-#
-# If you select "no" the delay for data to appear on the replica side will
-# be reduced but more bandwidth will be used for replication.
-#
-# By default we optimize for low latency, but in very high traffic conditions
-# or when the master and replicas are many hops away, turning this to "yes" may
-# be a good idea.
-repl-disable-tcp-nodelay no
-
-# The replica priority is an integer number published by Redis in the INFO
-# output. It is used by Redis Sentinel in order to select a replica to promote
-# into a master if the master is no longer working correctly.
-#
-# A replica with a low priority number is considered better for promotion, so
-# for instance if there are three replicas with priority 10, 100, 25 Sentinel
-# will pick the one with priority 10, that is the lowest.
-#
-# However a special priority of 0 marks the replica as not able to perform the
-# role of master, so a replica with priority of 0 will never be selected by
-# Redis Sentinel for promotion.
-#
-# By default the priority is 100.
-replica-priority 100
-
-# ACL LOG
-#
-# The ACL Log tracks failed commands and authentication events associated
-# with ACLs. The ACL Log is useful to troubleshoot failed commands blocked
-# by ACLs. The ACL Log is stored in memory. You can reclaim memory with
-# ACL LOG RESET. Define the maximum entry length of the ACL Log below.
-acllog-max-len 128
-
-lazyfree-lazy-eviction no
-lazyfree-lazy-expire no
-lazyfree-lazy-server-del no
-replica-lazy-flush no
-
-# It is also possible, for the case when to replace the user code DEL calls
-# with UNLINK calls is not easy, to modify the default behavior of the DEL
-# command to act exactly like UNLINK, using the following configuration
-# directive:
-lazyfree-lazy-user-del no
-
-# FLUSHDB, FLUSHALL, SCRIPT FLUSH and FUNCTION FLUSH support both asynchronous and synchronous
-# deletion, which can be controlled by passing the [SYNC|ASYNC] flags into the
-# commands. When neither flag is passed, this directive will be used to determine
-# if the data should be deleted asynchronously.
-lazyfree-lazy-user-flush no
-
-# On Linux, it is possible to hint the kernel OOM killer on what processes
-# should be killed first when out of memory.
-#
-# Enabling this feature makes Redis actively control the oom_score_adj value
-# for all its processes, depending on their role. The default scores will
-# attempt to have background child processes killed before all others, and
-# replicas killed before masters.
-#
-# Redis supports these options:
-#
-# no:       Don't make changes to oom-score-adj (default).
-# yes:      Alias to "relative" see below.
-# absolute: Values in oom-score-adj-values are written as is to the kernel.
-# relative: Values are used relative to the initial value of oom_score_adj when
-#           the server starts and are then clamped to a range of -1000 to 1000.
-#           Because typically the initial value is 0, they will often match the
-#           absolute values.
-oom-score-adj no
-
-# When oom-score-adj is used, this directive controls the specific values used
-# for master, replica and background child processes. Values range -2000 to
-# 2000 (higher means more likely to be killed).
-#
-# Unprivileged processes (not root, and without CAP_SYS_RESOURCE capabilities)
-# can freely increase their value, but not decrease it below its initial
-# settings. This means that setting oom-score-adj to "relative" and setting the
-# oom-score-adj-values to positive values will always succeed.
-oom-score-adj-values 0 200 800
-
-# Usually the kernel Transparent Huge Pages control is set to "madvise" or
-# or "never" by default (/sys/kernel/mm/transparent_hugepage/enabled), in which
-# case this config has no effect. On systems in which it is set to "always",
-# redis will attempt to disable it specifically for the redis process in order
-# to avoid latency problems specifically with fork(2) and CoW.
-# If for some reason you prefer to keep it enabled, you can set this config to
-# "no" and the kernel global to "always".
-disable-thp yes
-
-# By default Redis asynchronously dumps the dataset on disk. This mode is
-# good enough in many applications, but an issue with the Redis process or
-# a power outage may result into a few minutes of writes lost (depending on
-# the configured save points).
-#
-# The Append Only File is an alternative persistence mode that provides
-# much better durability. For instance using the default data fsync policy
-# (see later in the config file) Redis can lose just one second of writes in a
-# dramatic event like a server power outage, or a single write if something
-# wrong with the Redis process itself happens, but the operating system is
-# still running correctly.
-#
-# AOF and RDB persistence can be enabled at the same time without problems.
-# If the AOF is enabled on startup Redis will load the AOF, that is the file
-# with the better durability guarantees.
-#
-# Please check https://redis.io/topics/persistence for more information.
-appendonly no
-
-# The following time is expressed in microseconds, so 1000000 is equivalent
-# to one second. Note that a negative number disables the slow log, while
-# a value of zero forces the logging of every command.
-slowlog-log-slower-than 10000
-
-# There is no limit to this length. Just be aware that it will consume memory.
-# You can reclaim memory used by the slow log with SLOWLOG RESET.
-slowlog-max-len 128
-
-# By default latency monitoring is disabled since it is mostly not needed
-# if you don't have latency issues, and collecting data has a performance
-# impact, that while very small, can be measured under big load. Latency
-# monitoring can easily be enabled at runtime using the command
-# "CONFIG SET latency-monitor-threshold <milliseconds>" if needed.
-latency-monitor-threshold 0
-
-#  By default all notifications are disabled because most users don't need
-#  this feature and the feature has some overhead. Note that if you don't
-#  specify at least one of K or E, no events will be delivered.
-notify-keyspace-events ""
-
-# Hashes are encoded using a memory efficient data structure when they have a
-# small number of entries, and the biggest entry does not exceed a given
-# threshold. These thresholds can be configured using the following directives.
-#hash-max-listpack-entries 512
-#hash-max-listpack-value 64
-
-# Lists are also encoded in a special way to save a lot of space.
-# The number of entries allowed per internal list node can be specified
-# as a fixed maximum size or a maximum number of elements.
-# For a fixed maximum size, use -5 through -1, meaning:
-# -5: max size: 64 Kb  <-- not recommended for normal workloads
-# -4: max size: 32 Kb  <-- not recommended
-# -3: max size: 16 Kb  <-- probably not recommended
-# -2: max size: 8 Kb   <-- good
-# -1: max size: 4 Kb   <-- good
-# Positive numbers mean store up to _exactly_ that number of elements
-# per list node.
-# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size),
-# but if your use case is unique, adjust the settings as necessary.
-#list-max-listpack-size -2
-
-# Lists may also be compressed.
-# Compress depth is the number of quicklist ziplist nodes from *each* side of
-# the list to *exclude* from compression.  The head and tail of the list
-# are always uncompressed for fast push/pop operations.  Settings are:
-# 0: disable all list compression
-# 1: depth 1 means "don't start compressing until after 1 node into the list,
-#    going from either the head or tail"
-#    So: [head]->node->node->...->node->[tail]
-#    [head], [tail] will always be uncompressed; inner nodes will compress.
-# 2: [head]->[next]->node->node->...->node->[prev]->[tail]
-#    2 here means: don't compress head or head->next or tail->prev or tail,
-#    but compress all nodes between them.
-# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail]
-# etc.
-list-compress-depth 0
-
-# Sets have a special encoding when a set is composed
-# of just strings that happen to be integers in radix 10 in the range
-# of 64 bit signed integers.
-# The following configuration setting sets the limit in the size of the
-# set in order to use this special memory saving encoding.
-set-max-intset-entries 512
-
-# Sets containing non-integer values are also encoded using a memory efficient
-# data structure when they have a small number of entries, and the biggest entry
-# does not exceed a given threshold. These thresholds can be configured using
-# the following directives.
-#set-max-listpack-entries 128
-#set-max-listpack-value 64
-
-# Similarly to hashes and lists, sorted sets are also specially encoded in
-# order to save a lot of space. This encoding is only used when the length and
-# elements of a sorted set are below the following limits:
-#zset-max-listpack-entries 128
-#zset-max-listpack-value 64
-
-# HyperLogLog sparse representation bytes limit. The limit includes the
-# 16 bytes header. When a HyperLogLog using the sparse representation crosses
-# this limit, it is converted into the dense representation.
-#
-# A value greater than 16000 is totally useless, since at that point the
-# dense representation is more memory efficient.
-#
-# The suggested value is ~ 3000 in order to have the benefits of
-# the space efficient encoding without slowing down too much PFADD,
-# which is O(N) with the sparse encoding. The value can be raised to
-# ~ 10000 when CPU is not a concern, but space is, and the data set is
-# composed of many HyperLogLogs with cardinality in the 0 - 15000 range.
-hll-sparse-max-bytes 3000
-
-# Streams macro node max size / items. The stream data structure is a radix
-# tree of big nodes that encode multiple items inside. Using this configuration
-# it is possible to configure how big a single node can be in bytes, and the
-# maximum number of items it may contain before switching to a new node when
-# appending new stream entries. If any of the following settings are set to
-# zero, the limit is ignored, so for instance it is possible to set just a
-# max entries limit by setting max-bytes to 0 and max-entries to the desired
-# value.
-stream-node-max-bytes 4096
-stream-node-max-entries 100
-
-# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
-# order to help rehashing the main Redis hash table (the one mapping top-level
-# keys to values). The hash table implementation Redis uses (see dict.c)
-# performs a lazy rehashing: the more operation you run into a hash table
-# that is rehashing, the more rehashing "steps" are performed, so if the
-# server is idle the rehashing is never complete and some more memory is used
-# by the hash table.
-#
-# The default is to use this millisecond 10 times every second in order to
-# actively rehash the main dictionaries, freeing memory when possible.
-#
-# If unsure:
-# use "activerehashing no" if you have hard latency requirements and it is
-# not a good thing in your environment that Redis can reply from time to time
-# to queries with 2 milliseconds delay.
-#
-# use "activerehashing yes" if you don't have such hard requirements but
-# want to free memory asap when possible.
-activerehashing yes
-
-# The client output buffer limits can be used to force disconnection of clients
-# that are not reading data from the server fast enough for some reason (a
-# common reason is that a Pub/Sub client can't consume messages as fast as the
-# publisher can produce them).
-#
-# Both the hard or the soft limit can be disabled by setting them to zero.
-client-output-buffer-limit normal 0 0 0
-client-output-buffer-limit replica 256mb 64mb 60
-client-output-buffer-limit pubsub 32mb 8mb 60
-
-# Redis calls an internal function to perform many background tasks, like
-# closing connections of clients in timeout, purging expired keys that are
-# never requested, and so forth.
-#
-# Not all tasks are performed with the same frequency, but Redis checks for
-# tasks to perform according to the specified "hz" value.
-#
-# By default "hz" is set to 10. Raising the value will use more CPU when
-# Redis is idle, but at the same time will make Redis more responsive when
-# there are many keys expiring at the same time, and timeouts may be
-# handled with more precision.
-#
-# The range is between 1 and 500, however a value over 100 is usually not
-# a good idea. Most users should use the default of 10 and raise this up to
-# 100 only in environments where very low latency is required.
-hz 10
-
-# When dynamic HZ is enabled, the actual configured HZ will be used
-# as a baseline, but multiples of the configured HZ value will be actually
-# used as needed once more clients are connected. In this way an idle
-# instance will use very little CPU time while a busy instance will be
-# more responsive.
-dynamic-hz yes
-
-# When a child rewrites the AOF file, if the following option is enabled
-# the file will be fsync-ed every 4 MB of data generated. This is useful
-# in order to commit the file to the disk more incrementally and avoid
-# big latency spikes.
-aof-rewrite-incremental-fsync yes
-
-# When redis saves RDB file, if the following option is enabled
-# the file will be fsync-ed every 4 MB of data generated. This is useful
-# in order to commit the file to the disk more incrementally and avoid
-# big latency spikes.
-rdb-save-incremental-fsync yes
-
-# Jemalloc background thread for purging will be enabled by default
-jemalloc-bg-thread yes
diff --git a/contrib/unbound/testdata/redis_replica.tdir/redis_replica.conf b/contrib/unbound/testdata/redis_replica.tdir/redis_replica.conf
deleted file mode 100644
index 3a558e2337b8..000000000000
--- a/contrib/unbound/testdata/redis_replica.tdir/redis_replica.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-server:
-	verbosity: 7
-	num-threads: 1
-	interface: 127.0.0.1
-	port: @PORT@
-	use-syslog: no
-	directory: ""
-	pidfile: "unbound.pid"
-	chroot: ""
-	username: ""
-	module-config: "cachedb iterator"
-	root-key-sentinel: no
-	trust-anchor-signaling: no
-cachedb:
-        backend: redis
-        redis-server-path: @REDIS_SOCKET@
-        redis-replica-server-path: @REDIS_REPLICA_SOCKET@
-auth-zone:
-	name: "redis.com"
-	for-upstream: yes
-	for-downstream: no
-	zonefile: "redis.zone"
-remote-control:
-	control-enable: yes
-	control-interface: 127.0.0.1
-	# control-interface: ::1
-	control-port: @CONTROL_PORT@
-	server-key-file: "unbound_server.key"
-	server-cert-file: "unbound_server.pem"
-	control-key-file: "unbound_control.key"
-	control-cert-file: "unbound_control.pem"
diff --git a/contrib/unbound/testdata/redis_replica.tdir/redis_replica.dsc b/contrib/unbound/testdata/redis_replica.tdir/redis_replica.dsc
deleted file mode 100644
index 03321f11b2b4..000000000000
--- a/contrib/unbound/testdata/redis_replica.tdir/redis_replica.dsc
+++ /dev/null
@@ -1,16 +0,0 @@
-BaseName: redis_replica
-Version: 1.0
-Description: Test redis replica operation
-CreationDate: Fri 01 Mar 15:29:09 CET 2024
-Maintainer: Yorgos Thessalonikefs
-Category:
-Component:
-CmdDepends:
-Depends:
-Help:
-Pre: redis_replica.pre
-Post: redis_replica.post
-Test: redis_replica.test
-AuxFiles:
-Passed:
-Failure:
diff --git a/contrib/unbound/testdata/redis_replica.tdir/redis_replica.post b/contrib/unbound/testdata/redis_replica.tdir/redis_replica.post
deleted file mode 100644
index 35f11651808f..000000000000
--- a/contrib/unbound/testdata/redis_replica.tdir/redis_replica.post
+++ /dev/null
@@ -1,18 +0,0 @@
-# #-- redis_replica.post --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# source the test var file when it's there
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-#
-# do your teardown here
-. ../common.sh
-kill_pid $REDIS_PID
-kill_pid $REDIS_REPLICA_PID
-kill_pid $UNBOUND_PID
-echo "> cat logfiles"
-echo "redis server.log"
-cat server.log
-echo "redis replica.log"
-cat replica.log
-echo "unbound.log"
-cat unbound.log
diff --git a/contrib/unbound/testdata/redis_replica.tdir/redis_replica.pre b/contrib/unbound/testdata/redis_replica.tdir/redis_replica.pre
deleted file mode 100644
index 28ccd7b86d6c..000000000000
--- a/contrib/unbound/testdata/redis_replica.tdir/redis_replica.pre
+++ /dev/null
@@ -1,46 +0,0 @@
-# #-- redis_replica.pre--#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-PRE="../.."
-. ../common.sh
-
-if grep "define USE_REDIS 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi
-
-get_random_port 2
-UNBOUND_PORT=$RND_PORT
-CONTROL_PORT=$(($RND_PORT + 1))
-echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
-echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test
-
-REDIS_SOCKET=server.sock
-REDIS_REPLICA_SOCKET=replica.sock
-echo "REDIS_SOCKET=$REDIS_SOCKET" >> .tpkg.var.test
-echo "REDIS_REPLICA_SOCKET=$REDIS_REPLICA_SOCKET" >> .tpkg.var.test
-
-# start redis
-sed -e 's/@SOCKET\@/'$REDIS_SOCKET'/' -e 's/@LOGFILE\@/server.log/' < redis.conf > server.conf
-redis-server server.conf &
-REDIS_PID=$!
-echo "REDIS_PID=$REDIS_PID" >> .tpkg.var.test
-
-# start redis replica
-sed -e 's/@SOCKET\@/'$REDIS_REPLICA_SOCKET'/' -e 's/@LOGFILE\@/replica.log/' < redis.conf > replica.conf
-redis-server replica.conf &
-REDIS_REPLICA_PID=$!
-echo "REDIS_REPLICA_PID=$REDIS_REPLICA_PID" >> .tpkg.var.test
-
-# Copy initial zonefile
-cp before.zone redis.zone
-
-# make config file
-sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@REDIS_SOCKET\@/'$REDIS_SOCKET'/' -e 's/@REDIS_REPLICA_SOCKET\@/'$REDIS_REPLICA_SOCKET'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < redis_replica.conf > ub.conf
-# start unbound in the background
-$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
-UNBOUND_PID=$!
-echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
-
-cat .tpkg.var.test
-wait_unbound_up unbound.log
diff --git a/contrib/unbound/testdata/redis_replica.tdir/redis_replica.test b/contrib/unbound/testdata/redis_replica.tdir/redis_replica.test
deleted file mode 100644
index a9f15b8094f8..000000000000
--- a/contrib/unbound/testdata/redis_replica.tdir/redis_replica.test
+++ /dev/null
@@ -1,78 +0,0 @@
-# #-- redis_replica.test --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-PRE="../.."
-# do the test
-
-# Check number of keys in the db
-# $1: socket to connect to
-# $2: expected number of keys
-redis_cli_check_keys () {
-	echo "> redis-cli connecting to $1 to check number of keys; expecting $2"
-	keys=$(redis-cli --no-raw -s $1 keys "*" | grep -vF empty | wc -l)
-	if test $keys -ne $2
-	then
-		echo "Expected $2 keys, got $keys"
-		exit 1
-	fi
-	echo "OK"
-}
-
-# Query and check the expected result
-# $1: query
-# $2: expected answer
-expect_answer () {
-	echo "> dig @127.0.0.1 -p $UNBOUND_PORT $1"
-	dig @127.0.0.1 -p $UNBOUND_PORT $1 > tmp.answer
-	if ! grep -F $2 tmp.answer
-	then
-		echo "Expected $2 in the answer, got:"
-		cat tmp.answer
-		exit 1
-	fi
-	echo "OK"
-}
-
-# Start test
-
-# check Redis server has no keys
-redis_cli_check_keys $REDIS_SOCKET 0
-
-# check Redis replica server has no keys
-redis_cli_check_keys $REDIS_REPLICA_SOCKET 0
-
-# query and check answer
-expect_answer redis.com 1.1.1.1
-
-# check Redis server has 1 key
-redis_cli_check_keys $REDIS_SOCKET 1
-
-# check Redis replica server has no keys
-redis_cli_check_keys $REDIS_REPLICA_SOCKET 0
-
-# change auth zone and reload
-cp after.zone redis.zone
-echo "$PRE/unbound-control -c ub.conf reload"
-$PRE/unbound-control -c ub.conf reload
-if test $? -ne 0; then
-	echo "wrong exit value after success"
-	exit 1
-fi
-
-# query and check answer
-# we are writing to server but reading from replica; which is not actually
-# replicating so the new answer will come through while overwriting the record
-# in the server.
-expect_answer redis.com 2.2.2.2
-
-# check Redis server has 1 key
-redis_cli_check_keys $REDIS_SOCKET 1
-
-# check Redis replica server has no keys
-redis_cli_check_keys $REDIS_REPLICA_SOCKET 0
-
-echo "> OK"
-exit 0
diff --git a/contrib/unbound/testdata/redis_replica.tdir/unbound_control.key b/contrib/unbound/testdata/redis_replica.tdir/unbound_control.key
deleted file mode 100644
index 753a4ef6162e..000000000000
--- a/contrib/unbound/testdata/redis_replica.tdir/unbound_control.key
+++ /dev/null
@@ -1,39 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA
-1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ
-F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR
-ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm
-vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb
-IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL
-cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr
-lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov
-15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf
-LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+
-Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57
-YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9
-whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c
-lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax
-tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ
-U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9
-Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc
-Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3
-ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+
-1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN
-b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz
-ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C
-TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF
-tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y
-aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0
-A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU
-LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U
-R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy
-7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj
-7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw
-jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1
-BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar
-kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR
-qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3
-VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9
-MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa
-C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g=
------END RSA PRIVATE KEY-----
diff --git a/contrib/unbound/testdata/redis_replica.tdir/unbound_control.pem b/contrib/unbound/testdata/redis_replica.tdir/unbound_control.pem
deleted file mode 100644
index a1edf7017f1d..000000000000
--- a/contrib/unbound/testdata/redis_replica.tdir/unbound_control.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx
-EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw
-WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA
-A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv
-OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj
-1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl
-NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht
-A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/
-Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB
-TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/
-nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My
-+i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj
-4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83
-hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU
-9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn
-ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ
-pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD
-72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ
-muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP
-uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte
------END CERTIFICATE-----
diff --git a/contrib/unbound/testdata/redis_replica.tdir/unbound_server.key b/contrib/unbound/testdata/redis_replica.tdir/unbound_server.key
deleted file mode 100644
index 370a7bbb2f22..000000000000
--- a/contrib/unbound/testdata/redis_replica.tdir/unbound_server.key
+++ /dev/null
@@ -1,39 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
-0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
-GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
-uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
-WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
-FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
-q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
-A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
-7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
-XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
-iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
-2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
-MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
-WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
-O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
-IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
-qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
-dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
-bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
-YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
-7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
-gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
-5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
-ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
-oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
-s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
-zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
-ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
-oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
-BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
-mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
-kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
-7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
-RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
-jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
-O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
-MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
------END RSA PRIVATE KEY-----
diff --git a/contrib/unbound/testdata/redis_replica.tdir/unbound_server.pem b/contrib/unbound/testdata/redis_replica.tdir/unbound_server.pem
deleted file mode 100644
index 986807310f2b..000000000000
--- a/contrib/unbound/testdata/redis_replica.tdir/unbound_server.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
-EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
-WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
-igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
-a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
-4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
-aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
-TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
-uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
-+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
-XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
-dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
-84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
-JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
-fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
-XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
-qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
-sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
-yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
-CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
------END CERTIFICATE-----
diff --git a/contrib/unbound/testdata/rpz_nsdname.rpl b/contrib/unbound/testdata/rpz_nsdname.rpl
deleted file mode 100644
index 661f5da2c345..000000000000
--- a/contrib/unbound/testdata/rpz_nsdname.rpl
+++ /dev/null
@@ -1,471 +0,0 @@
-; config options
-server:
-	module-config: "respip validator iterator"
-	target-fetch-policy: "0 0 0 0 0"
-	qname-minimisation: no
-  access-control: 192.0.0.0/8 allow
-
-rpz:
-	name: "rpz.example.com."
-	rpz-log: yes
-	rpz-log-name: "rpz.example.com"
-	zonefile:
-TEMPFILE_NAME rpz.example.com
-TEMPFILE_CONTENTS rpz.example.com
-$ORIGIN example.com.
-rpz	3600	IN	SOA	ns1.rpz.example.com. hostmaster.rpz.example.com. (
-		1379078166 28800 7200 604800 7200 )
-	3600	IN	NS	ns1.rpz.example.com.
-	3600	IN	NS	ns2.rpz.example.com.
-$ORIGIN rpz.example.com.
-ns1.gotham.aa.rpz-nsdname CNAME .
-ns1.gotham.bb.rpz-nsdname CNAME *.
-ns1.gotham.cc.rpz-nsdname CNAME rpz-drop.
-ns1.gotham.com.rpz-nsdname CNAME rpz-passthru.
-ns1.gotham.dd.rpz-nsdname CNAME rpz-tcp-only.
-ns1.gotham.ff.rpz-nsdname A 127.0.0.1
-ns1.gotham.ff.rpz-nsdname TXT "42"
-TEMPFILE_END
-
-stub-zone:
-	name: "."
-	stub-addr: 1.1.1.1
-CONFIG_END
-
-SCENARIO_BEGIN Test RPZ nsdname triggers
-
-; . --------------------------------------------------------------------------
-RANGE_BEGIN 0 100
-	ADDRESS 1.1.1.1
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-. IN NS
-SECTION ANSWER
-. IN NS ns.root.
-SECTION ADDITIONAL
-ns.root IN A 1.1.1.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-com. IN A
-SECTION AUTHORITY
-com. IN NS ns1.com.
-SECTION ADDITIONAL
-ns1.com. IN A 8.8.8.8
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-aa. IN A
-SECTION AUTHORITY
-aa. IN NS ns1.aa.
-SECTION ADDITIONAL
-ns1.aa. IN A 8.8.0.8
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-bb. IN A
-SECTION AUTHORITY
-bb. IN NS ns1.bb.
-SECTION ADDITIONAL
-ns1.bb. IN A 8.8.1.8
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-cc. IN A
-SECTION AUTHORITY
-cc. IN NS ns1.cc.
-SECTION ADDITIONAL
-ns1.cc. IN A 8.8.2.8
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-dd. IN A
-SECTION AUTHORITY
-dd. IN NS ns1.dd.
-SECTION ADDITIONAL
-ns1.dd. IN A 8.8.3.8
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-ee. IN A
-SECTION AUTHORITY
-ee. IN NS ns1.ee.
-SECTION ADDITIONAL
-ns1.ee. IN A 8.8.5.8
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-ff. IN A
-SECTION AUTHORITY
-ff. IN NS ns1.ff.
-SECTION ADDITIONAL
-ns1.ff. IN A 8.8.6.8
-ENTRY_END
-
-RANGE_END
-
-; com. -----------------------------------------------------------------------
-RANGE_BEGIN 0 100
-	ADDRESS 8.8.8.8
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-com. IN NS
-SECTION ANSWER
-com. IN NS ns1.com.
-SECTION ADDITIONAL
-ns1.com. IN A 8.8.8.8
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-gotham.com. IN A
-SECTION AUTHORITY
-gotham.com.	IN NS	ns1.gotham.com.
-SECTION ADDITIONAL
-ns1.gotham.com. IN A 192.0.6.1
-ENTRY_END
-
-RANGE_END
-
-; aa. ------------------------------------------------------------------------
-RANGE_BEGIN 0 100
-	ADDRESS 8.8.0.8
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-aa. IN NS
-SECTION ANSWER
-aa. IN NS ns1.aa.
-SECTION ADDITIONAL
-ns1.aa. IN A 8.8.0.8
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-gotham.aa. IN A
-SECTION AUTHORITY
-gotham.aa.	IN NS	ns1.gotham.aa.
-SECTION ADDITIONAL
-ns1.gotham.aa. IN A 192.0.0.1
-ENTRY_END
-
-RANGE_END
-
-; bb. ------------------------------------------------------------------------
-RANGE_BEGIN 0 100
-	ADDRESS 8.8.1.8
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-bb. IN NS
-SECTION ANSWER
-bb. IN NS ns1.bb.
-SECTION ADDITIONAL
-ns1.bb. IN A 8.8.1.8
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-gotham.bb. IN A
-SECTION AUTHORITY
-gotham.bb.	IN NS	ns1.gotham.bb.
-SECTION ADDITIONAL
-ns1.gotham.bb. IN A 192.0.1.1
-ENTRY_END
-
-RANGE_END
-
-; dd. ------------------------------------------------------------------------
-RANGE_BEGIN 0 100
-	ADDRESS 8.8.3.8
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-dd. IN NS
-SECTION ANSWER
-dd. IN NS ns1.dd.
-SECTION ADDITIONAL
-ns1.dd. IN A 8.8.3.8
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-gotham.dd. IN A
-SECTION AUTHORITY
-gotham.dd.	IN NS	ns1.gotham.dd.
-SECTION ADDITIONAL
-ns1.gotham.dd. IN A 192.0.3.1
-ENTRY_END
-
-RANGE_END
-
-; ff. ------------------------------------------------------------------------
-RANGE_BEGIN 0 100
-	ADDRESS 8.8.6.8
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-ff. IN NS
-SECTION ANSWER
-ff. IN NS ns1.ff.
-SECTION ADDITIONAL
-ns1.ff. IN A 8.8.6.8
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-gotham.ff. IN A
-SECTION AUTHORITY
-gotham.ff. IN NS ns1.gotham.ff.
-SECTION ADDITIONAL
-ns1.gotham.ff. IN A 192.0.5.1
-ENTRY_END
-
-RANGE_END
-
-; ns1.gotham.com. ------------------------------------------------------------
-RANGE_BEGIN 0 100
-	ADDRESS 192.0.6.1
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-gotham.com. IN A
-SECTION ANSWER
-gotham.com. IN A 192.0.6.2
-ENTRY_END
-
-RANGE_END
-
-; ns1.gotham.aa. -------------------------------------------------------------
-RANGE_BEGIN 0 100
-	ADDRESS 192.0.0.1
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-gotham.aa. IN A
-SECTION ANSWER
-gotham.aa. IN A 192.0.0.2
-ENTRY_END
-
-RANGE_END
-
-; ns1.gotham.bb. -------------------------------------------------------------
-RANGE_BEGIN 0 100
-	ADDRESS 192.0.1.1
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-gotham.bb. IN A
-SECTION ANSWER
-gotham.bb. IN A 192.0.1.2
-ENTRY_END
-
-RANGE_END
-
-; ns1.gotham.dd. -------------------------------------------------------------
-RANGE_BEGIN 0 100
-	ADDRESS 192.0.3.1
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-gotham.dd. IN A
-SECTION ANSWER
-gotham.dd. IN A 192.0.3.2
-ENTRY_END
-
-RANGE_END
-
-; ns1.gotham.ff. -------------------------------------------------------------
-RANGE_BEGIN 0 100
-	ADDRESS 192.0.5.1
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-gotham.ff. IN A
-SECTION ANSWER
-gotham.ff. IN A 192.0.5.2
-ENTRY_END
-
-RANGE_END
-
-; ----------------------------------------------------------------------------
-
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-gotham.com. IN A
-ENTRY_END
-
-STEP 2 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-gotham.com. IN A
-SECTION ANSWER
-gotham.com. IN A 192.0.6.2
-ENTRY_END
-
-STEP 10 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-gotham.aa. IN A
-ENTRY_END
-
-STEP 11 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR AA RD RA NXDOMAIN
-SECTION QUESTION
-gotham.aa. IN A
-SECTION ANSWER
-ENTRY_END
-
-STEP 20 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-gotham.bb. IN A
-ENTRY_END
-
-STEP 21 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA AA NOERROR
-SECTION QUESTION
-gotham.bb. IN A
-SECTION ANSWER
-ENTRY_END
-
-STEP 30 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-gotham.ff. IN A
-ENTRY_END
-
-STEP 31 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA AA NOERROR
-SECTION QUESTION
-gotham.ff. IN A
-SECTION ANSWER
-gotham.ff. IN A 127.0.0.1
-ENTRY_END
-
-STEP 40 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-gotham.dd. IN A
-ENTRY_END
-
-; should come back truncated because TCP is required.
-STEP 41 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA TC NOERROR
-SECTION QUESTION
-gotham.dd. IN A
-SECTION ANSWER
-ENTRY_END
-
-STEP 42 QUERY
-ENTRY_BEGIN
-MATCH TCP
-REPLY RD
-SECTION QUESTION
-gotham.dd. IN A
-ENTRY_END
-
-STEP 43 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all TCP
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-gotham.dd. IN A
-SECTION ANSWER
-gotham.dd. IN A 192.0.3.2
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/rpz_val_block.rpl b/contrib/unbound/testdata/rpz_val_block.rpl
deleted file mode 100644
index d2cd897e09e7..000000000000
--- a/contrib/unbound/testdata/rpz_val_block.rpl
+++ /dev/null
@@ -1,642 +0,0 @@
-; config options
-server:
-	module-config: "respip validator iterator"
-	target-fetch-policy: "0 0 0 0 0"
-	qname-minimisation: no
-	trust-anchor: "org. DS 1444 8 2 5224fb17d630a2e3efdc863a05a4032c5db415b5de3f32472ee9abed42e10146"
-	val-override-date: "20070916134226"
-	trust-anchor-signaling: no
-	val-log-level: 2
-	ede: yes
-
-stub-zone:
-        name: "."
-        stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
-
-rpz:
-        name: "rpz.example.com."
-        rpz-log: yes
-        rpz-log-name: "rpz.example.com"
-        zonefile:
-TEMPFILE_NAME rpz.example.com
-TEMPFILE_CONTENTS rpz.example.com
-$ORIGIN example.com.
-rpz     3600    IN      SOA     ns1.rpz.example.com. hostmaster.rpz.example.com. (
-                1379078166 28800 7200 604800 7200 )
-        3600    IN      NS      ns1.rpz.example.com.
-        3600    IN      NS      ns2.rpz.example.com.
-$ORIGIN rpz.example.com.
-foo.org CNAME .
-foo2.org CNAME .
-foo3.org CNAME .
-bok.foo4.org A 4.0.5.5
-www.foo5.org CNAME alt.foo5.org.
-TEMPFILE_END
-
-CONFIG_END
-
-SCENARIO_BEGIN Test RPZ with validator handles blocked zone.
-; The DNSKEY and DS lookups are stopped.
-
-; K.ROOT-SERVERS.NET.
-RANGE_BEGIN 0 1000
-	ADDRESS 193.0.14.129
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-. IN NS
-SECTION ANSWER
-. IN NS K.ROOT-SERVERS.NET.
-SECTION ADDITIONAL
-K.ROOT-SERVERS.NET. IN A 193.0.14.129
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-org. IN NS
-SECTION AUTHORITY
-org.    IN NS  ns1.servers.org.
-SECTION ADDITIONAL
-ns1.servers.org. IN A 1.2.3.51
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-com. IN NS
-SECTION AUTHORITY
-com.    IN NS  ns1.servers.com.
-SECTION ADDITIONAL
-ns1.servers.com. IN A 1.2.3.52
-ENTRY_END
-RANGE_END
-
-; ns1.servers.org for .org
-RANGE_BEGIN 0 1000
-	ADDRESS 1.2.3.51
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-org. IN NS
-SECTION ANSWER
-org.	3600	IN	NS	ns1.servers.org.
-org.	3600	IN	RRSIG	NS 8 1 3600 20070926134150 20070829134150 1444 org. arkVLr3b2Ip4bkWpjPTywYWzoVqay11KLB+ZygfoIWtq7mKW20SjRGI+AzIviHHWPv8iibzA8nwcTehuSmqIuRTmZXYj58hpi/AxrqqzJNiwE60swi1dKn3ti0SZKZaLMRnxrrAv7yu3PR6zGt7CD7gJgxfMfQMc6QryQJQbiyM=
-SECTION ADDITIONAL
-ns1.servers.org.	3600	IN	A	1.2.3.51
-ns1.servers.org.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 1444 org. k+9JSbFm5GWSzEbVckC9bVXvzQYwbLvMbHMYmL5tIjt8RMhVhbkyqu+XER5m8xUFL0nrUqJ8ad6SKI9X/8FYGk1iSegpAjIh4bHGzea7vvM7CWw0HfTmmwDhS569IvUfxHyjH4TjSVlM1x9o/d8NGSLAa7h34b0s+NXLEEjNNbI=
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-org. IN DNSKEY
-SECTION ANSWER
-org.	3600	IN	DNSKEY	257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
-org.	3600	IN	RRSIG	DNSKEY 8 1 3600 20070926134150 20070829134150 1444 org. pJVKrXD3veTg0qOB2PSQAWdeTEyFFzSbMHJ2F9J9WyxVuMMIDj119aJrkHtkXTmLT7wdOd9RZxDfG0A1H30lQeQdvaJoymaVUgWLXfiwIAYg+4Uk7vZrP7UzHJO2BgDnGdf42h2vgBoboyP9szNMHTGGQdpUk7VkhtE6djonzwg=
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-foo.org. IN NS
-SECTION AUTHORITY
-foo.org.	3600	IN	DS	29332 8 2 d38b124648bd7e32033a7fe9fd94ceab56e971ea9e61b3365566ccc028c15c98
-foo.org.	3600	IN	RRSIG	DS 8 2 3600 20070926134150 20070829134150 1444 org. BE2cR03ecUYk/nRsJNMcNfsOWnSoOfkwx4zmF9eEqwoRn/i5QzsrRBEUdorfBsFjpdKqB2R6jSu53CTQAGv392w8AE0cRANPBxcDUiWaRyFZ7CaqspKorPijOJCKEtgztEfFgC9YXab3xvRkJVUZzZRJ4nCrpmNIGzvmf7LlCTg=
-foo.org. IN NS  ns.foo.org.
-SECTION ADDITIONAL
-ns.foo.org. IN A 1.2.3.53
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-foo2.org. IN NS
-SECTION AUTHORITY
-foo2.org.	3600	IN	NSEC	foo3.org. NS RRSIG NSEC
-foo2.org.	3600	IN	RRSIG	NSEC 8 2 3600 20070926134150 20070829134150 1444 org. RfkRfmLeyLYtdDKrLBaXTk/KXTkUn9/4dMZtm3Kl5k5oa9/LkbPmnPb0z+zZ/3aBBKZu0QIevS7w++fdYWfIQiK+DIgG9hhp+lNxakLKp4M5SiWuh+zlTjwbRzlf4abWe/c/FR4bjesgObUdLnaIoM4h3aQUS1KsjyGFmLOCUGM=
-foo2.org. IN NS  ns.foo2.org.
-SECTION ADDITIONAL
-ns.foo2.org. IN A 1.2.3.54
-ENTRY_END
-
-; for this entry the org zone is suddenly resigned with NSEC3.
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-foo3.org. IN NS
-SECTION AUTHORITY
-; org. NSEC3PARAM 1 0 0 -
-; org. -> mvnq25j8mo8ge527pikocn5rl72s2o0s.
-; foo3.org. -> n3dm0vverfek5tl6klsp0k0gduj0gk92.
-mvnq25j8mo8ge527pikocn5rl72s2o0s.org. IN NSEC3 1 0 0 - mvnq25j8mo8ge527pikocn5rl72s2o0t NS SOA RRSIG DNSKEY
-mvnq25j8mo8ge527pikocn5rl72s2o0s.org.	3600	IN	RRSIG	NSEC3 8 2 3600 20070926134150 20070829134150 1444 org. MBmDCmjCeXShkwoDI/I04KK7w33FkNs7vci+SKoR5uWS24E3yt2AVgfkwFkKh42+MgqZnBUJEdRPOfATc80XDwxDhdymB3Ff4W1KAVFpJAkU42ii3bdiyYr+YPWVWdCYG2EfSpLcJiD6E21mW2DNRR7Lj9/W89WmndeUEgpjALA=
-n3dm0vverfek5tl6klsp0k0gduj0gk91.org. IN NSEC3 1 0 0 - n3dm0vverfek5tl6klsp0k0gduj0gk93 NS DS RRSIG
-n3dm0vverfek5tl6klsp0k0gduj0gk91.org.	3600	IN	RRSIG	NSEC3 8 2 3600 20070926134150 20070829134150 1444 org. H5aeeVc6k8fTSwUYDA9BW4ScHazb2b3NfvdQwRbKYj97tlJnJa+cojgOnyvP3qW9YoqO0aRT8rzUjFPJajOIRoS/6XVWCZ3ymDNQIi8oW6vT8qQYA2ldmoWDvFK9fHSgiwqJzQiKXtNGdqTfj2HEyVKVbFTv/Cgxh5jLcB6r9jM=
-foo3.org. IN NS  ns.foo3.org.
-SECTION ADDITIONAL
-ns.foo3.org. IN A 1.2.3.55
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-foo4.org. IN NS
-SECTION AUTHORITY
-foo4.org.	3600	IN	DS	55567 8 2 db658962fbd0a03e81f1a68c33bb53eef3bc30e980040cb476fb191b24dfdd5a
-foo4.org.	3600	IN	RRSIG	DS 8 2 3600 20070926134150 20070829134150 1444 org. kO2d+9du+9y0HcAUq056qnqBoXLwT+/EN82lEocJjCE7lx9qxv4YpwfNd1Sr3J9lwvZbfEm5uRPmSwtrythlI4+qmlsEWE90mfUntH+JqlXj7t2E514AZ/SZPSUd6h6AKPlB/DIhHuI/fAEKB+S263NnvVMccaHh8ScJMsY9nGI=
-foo4.org. IN NS  ns.foo4.org.
-SECTION ADDITIONAL
-ns.foo4.org. IN A 1.2.3.56
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-foo5.org. IN NS
-SECTION AUTHORITY
-foo5.org.	3600	IN	DS	55567 8 2 4046e908302813cad9b4448cd4c243be118b7c18f8414b820bce0a1eab6f6889
-foo5.org.	3600	IN	RRSIG	DS 8 2 3600 20070926134150 20070829134150 1444 org. e0+FRSrwoSeQxd35dcvsEFGQIO9nz+H6p52LAwPDUTOSwFcbR+q+x4OKX+eG8dbFXK7MGztdGdpPji95HzlezXRTt/66sXqYeDM61NezxVM6N/OjPIOL3VTGeyG4nvDj4ycvBbgjJqdhmev6aWYmTQwFa0+6Nxrlsldrl5/chW4=
-foo5.org. IN NS  ns.foo5.org.
-SECTION ADDITIONAL
-ns.foo5.org. IN A 1.2.3.57
-ENTRY_END
-RANGE_END
-
-; ns1.servers.com for .com
-RANGE_BEGIN 0 1000
-	ADDRESS 1.2.3.52
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-com. IN NS
-SECTION ANSWER
-com.    IN NS  ns1.servers.com.
-SECTION ADDITIONAL
-ns1.servers.com. IN A 1.2.3.52
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-foo.com. IN TXT
-SECTION ANSWER
-foo.com. IN CNAME www.foo.org.
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-foo2.com. IN TXT
-SECTION ANSWER
-foo2.com. IN CNAME www.foo2.org.
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-foo4.com. IN A
-SECTION ANSWER
-foo4.com. IN CNAME www.foo4.org.
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-foo5.com. IN A
-SECTION ANSWER
-foo5.com. IN CNAME www.foo5.org.
-ENTRY_END
-RANGE_END
-
-; ns.foo.org for foo.org
-RANGE_BEGIN 0 1000
-	ADDRESS 1.2.3.53
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-foo.org. IN NS
-SECTION ANSWER
-foo.org.	3600	IN	NS	ns.foo.org.
-foo.org.	3600	IN	RRSIG	NS 8 2 3600 20070926134150 20070829134150 29332 foo.org. WfSshqIf/LdScUjw5uyB10t3yoF36aOc+lkhTQsAiR7gat14Un+F1s8bQiG3gU8mnMirsu7M1aMBeQlbJncFhLu4av6ZkkI5L/qvojBAL0AF7Rj0gUWKbMc2NsAeAKY8ySzDXqF7ol9YEskHWW35aL+r5DB91u4joZVsANSqeAfLWAhm47hDGlWgzQ1us72dWOPxPqNBG0sx48xaFxiZJjowXVs/zbRQ1TyIFPeKztayc6HL2gaOPPUoOuHp/AEecySqjamXI28mqBBs8MGJoArFaJ05wIuWEdOzsfc+BcYnmuCaTVgEHUvZMbNvi2CYCY4l0jcl1UD7i4FzPhC4jQ==
-SECTION ADDITIONAL
-ns.foo.org.	3600	IN	A	1.2.3.53
-ns.foo.org.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 29332 foo.org. pScBuh9fyXazJLV4yPGQsDKAnNgAGe5G5712sQ46V9CA4Rv+STTI9p6JDyqu1EWVJupLwbL7dqqypSwcSy8CpCO1nH/n/yBnT/9txduEpzvr4OtVJnRZS1LMMlpb4NrT+QPpzxXZH5Zlc+Axevbxj7FVeFIAUq9Fh2+yO6lYXffIy9BW85VOZa1S08/O/2ZyZwPh6pdxB7HRGe/KuD86TMjfjVsveYL4w7UFC+wk1XGQA+zuXOIm+9MQC+UzM/cVR38nW/7Oj1hY2iAgvevFrT75tesf+H927uaHaPrWqSVJLPRIfm4O5wT5K1bgvfYDSlpU/YLf7vaCtJ+kKSOpJw==
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-foo.org. IN DNSKEY
-SECTION ANSWER
-foo.org.	3600	IN	DNSKEY	257 3 8 AwEAAb4WMOTBLTFvmBra5m6SK4VfViOzmvyUAU0qv861ZQXeEFvwlndqNU9rwRsMxrSWAYs5nHErKDn49usC/HyxxW1477iGFHhfgL4mjNreJm9zft2QFB1VLbRbEPYdDMLCn4co0qnG7/KG8W2i8Pym1L7f+aREwbLo+/716AS2PbaKMhfWLKLiq5wnBcUClQMNzCiwhqxDJp1oePqfkVdeUgXOtgi0dYRIKyQFhJ5VWJ22npoi/Gif0XLCADAlAwRLKc8o/yJkCxskzgpHpw5Cki1lclg0aq4ssOuPRQ+ne6IHYCz9D2mwzulblhLFamKdq7aHzNt4NlyxhpANVFiKLD8= ;{id = 29332 (ksk), size = 2048b}
-foo.org.	3600	IN	RRSIG	DNSKEY 8 2 3600 20070926134150 20070829134150 29332 foo.org. qlZQpZG+prXK6vsd+zObdHj8DbPBCpjB16B7UgTwsgmVxGRX9nSBnkqUqcIrnszJMHvEwu7VPWjegPX3E8LESgz2Slepa5T8hWmcoega2vWakIzIRNtDxH9PXDy804Dmduk/fxBzMlbbFLfsSrG5+cK5PhingjjxNbEuG3V124xTjFUGHKu4NM6kMfPcHOwjTTQLt6azJ10i6CeyaUXCSYz5xGE7Z4PSLYAstlLsM64EtLTGQHAZIEr2Dq6C23u23sRrj/0qcMFo0Nv8E3rjnkfJIo+RYuqqAznFsLMqfveX42ElWBl5YVLQHSo+kFbXcvgX7gzL8X9u4Z6MJ9zUkw==
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-foo.org. IN TXT
-SECTION ANSWER
-foo.org.	3600	IN	TXT	"a.b.c."
-foo.org.	3600	IN	RRSIG	TXT 8 2 3600 20070926134150 20070829134150 29332 foo.org. UW/T+M0crcfzQ6PVM/0o1ZtXF2o26VTm/V/9/+F873aQnDwfRLH+tzYSC+yfWZ/0niuif6fv9FYWisE8CyAIIMZ8mrxM7M4JgEZ0/vFOC2sN0qnmqSoZoZaeOEjJIAS6F2om+L6AAFtAH2Khbm0wkHc0jBWj3vK8HoXO38iLe1pPnuBK6BhE2+tyDIcUCoABFrycT0E5NBKFERQL+CzYMEzMUS/joSeWloFw1AB1X9Z94ezgmD+g2MnbW78DR6TRZXGD4DWXuxYNswRnfp4VENSOsSbhX9ixtuxwGn1fhiZeTxN84zE/ERiLK59Yo1bQ3TFjOY0cCvj+c2NulTAr9w==
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.foo.org. IN TXT
-SECTION ANSWER
-www.foo.org.	3600	IN	TXT	"a.b.d."
-www.foo.org.	3600	IN	RRSIG	TXT 8 3 3600 20070926134150 20070829134150 29332 foo.org. EjFHdpJdlFFLDWabiMsMzUPE1+brzq/0ecRG39bpPuU/6MW4HCQs4rlLlZNmmJP/vj+kLTGfguSrKyLQt8n9Tf1fKbvD6NUOIOwiVUOE4kb54JghbiBhWeCnRLmUQwi7DKy0UEw8niX3SY6WwJxO/e7+leQJY7Gpg3S00vKskTAjnKeDYiHcrO69Dpyc0l/qtR1Bb98xcs4vMsh6//BBklSlPTMKBcu2uK6sK7G2ZR1lOtShoginq5UHa+EZWR6Pxn8pLkfQGOXTjGq5WaTeEdcinBlvXYBGhAPKWXHwcEtEjClkWi1ZXOnSgwHu9dRxgSk/jcfSmjBFzw2bycq2Lg==
-ENTRY_END
-RANGE_END
-
-; ns.foo2.org for foo2.org
-RANGE_BEGIN 0 1000
-	ADDRESS 1.2.3.54
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-foo2.org. IN NS
-SECTION ANSWER
-foo2.org. IN NS  ns.foo2.org.
-SECTION ADDITIONAL
-ns.foo2.org. IN A 1.2.3.54
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.foo2.org. IN TXT
-SECTION ANSWER
-www.foo2.org. IN TXT "a.b.e."
-ENTRY_END
-RANGE_END
-
-; ns.foo3.org for foo3.org
-RANGE_BEGIN 0 1000
-	ADDRESS 1.2.3.55
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-foo3.org. IN NS
-SECTION ANSWER
-foo3.org. IN NS  ns.foo3.org.
-SECTION ADDITIONAL
-ns.foo3.org. IN A 1.2.3.55
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-ns.foo3.org. IN A
-SECTION ANSWER
-ns.foo3.org. IN A 1.2.3.55
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-ns.foo3.org. IN AAAA
-SECTION AUTHORITY
-foo3.org. IN SOA ns.foo3.org. host.foo3.org. 2007090422 3600 300 604800 3600
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.foo3.org. IN TXT
-SECTION ANSWER
-www.foo3.org. IN TXT "a.b.f."
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www2.foo3.org. IN TXT
-SECTION ANSWER
-www2.foo3.org. IN TXT "a.b.g."
-ENTRY_END
-RANGE_END
-
-; ns.foo4.org for foo4.org
-RANGE_BEGIN 0 1000
-	ADDRESS 1.2.3.56
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-foo4.org. IN NS
-SECTION ANSWER
-foo4.org.	3600	IN	NS	ns.foo4.org.
-foo4.org.	3600	IN	RRSIG	NS 8 2 3600 20070926134150 20070829134150 55567 foo4.org. FXwXqJ8EW2XZDzHiMSiqiUpkk6tHGsJdlH1pfuOO6yPsmAmg6sSnyE9UsIDeW1bGwanYxbZGiD4YR9ED/NzdlMUrCI0fs4c0fa0yJjcF5WY0yZCL9OZbyn/dPIcqZ3D6UWjVVMW6EhZSPqzuz5gWYEiXkBDEc1s2BEjIYSwZo4g=
-SECTION ADDITIONAL
-ns.foo4.org.	3600	IN	A	1.2.3.56
-ns.foo4.org.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 55567 foo4.org. MgKROh4mE6pUyp0ik2CHTZuf7n9M4WaDvTLdI9qb+AvvpJJiwA1+7/v004A3PADvohsUytQttldYKwK6J9+c8R48lpieT+e/WzeyoCM1ieFhbP73By32Bl/akH+8cOUxfqqLD8Y+1z/oKV55LyqKP0H0DCb6vfYtSxWAYQym9PQ=
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-foo4.org. IN DNSKEY
-SECTION ANSWER
-foo4.org.	IN	DNSKEY	257 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55567 (ksk), size = 1024b}
-foo4.org.	3600	IN	RRSIG	DNSKEY 8 2 3600 20070926134150 20070829134150 55567 foo4.org. Hy1tP0xBPp23e+w2YJ49e09e8AB9hLDP3ksWI/8ujNFK51Kuwo8HBx4R6zbcuOELlqWxr6IQU2w6AwB6UqClS88mc2sIgeEbw7Nm+nCDWPSPklPP4qa9pdXFh2M4txF4NxymrgRABjTTJiXK4oeWtFBNKkUu0hf6RGb9OJmdzF0=
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.foo4.org. IN A
-SECTION ANSWER
-www.foo4.org.	3600	IN	CNAME	bok.foo4.org.
-www.foo4.org.	3600	IN	RRSIG	CNAME 8 3 3600 20070926134150 20070829134150 55567 foo4.org. ZRY/v7TPmkuKVNB739kTMiqPh84jtDO01hx2EtuPI2YwG4EnhWFV0fuz86FDMPKUD17MXRHKsi0+RUopqGUEbuZ7G9MzUFtuuTnVD8f9lNJVp2AfE2RAr1le8zZpdSvlmB1Y07HsrFPxxZAPYdBC2IY3VcpI0xaT1nHGsSpcoXc=
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-bok.foo4.org. IN A
-SECTION ANSWER
-bok.foo4.org.	3600	IN	A	1.2.3.4
-bok.foo4.org.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 55567 foo4.org. xDPRNYlwWTxfQaX6kKHbYeKC/ro/U1TAQzEexUoQb/GDpx1zB1oqvYBuauivIjHyKwjrGg7f9WHyyzMxSby0G62hJLPoMJMLscLce17mwkWcG2AuojBiDwLBr5QXvJXhvT21LpOFt8xplLZuzNRyw4EsUau0ecd2nQ/5vtIz5aU=
-ENTRY_END
-RANGE_END
-
-; ns.foo5.org for foo5.org
-RANGE_BEGIN 0 1000
-	ADDRESS 1.2.3.57
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-foo5.org. IN NS
-SECTION ANSWER
-foo5.org.	3600	IN	NS	ns.foo5.org.
-foo5.org.	3600	IN	RRSIG	NS 8 2 3600 20070926134150 20070829134150 55567 foo5.org. Zv/zSvsLucTxX2LL+i4IZfFw/D/5HvzNKmRcohBjmP2W+F53KddGJpRHb2FPqcBzKhvjL/Awf0x1mhHUUBCSQcHA3FZQ9q2kfXK4pzg4XbI03U/hsY5b/1M8SC/DfGE+4jN59QadXZ6N4ouV4Ka9sqRfqXiQFED1Rz9WuMyHfXY=
-SECTION ADDITIONAL
-ns.foo5.org.	3600	IN	A	1.2.3.57
-ns.foo5.org.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 55567 foo5.org. TcHl2qjwwcfoM1kJ+rwje/VRmPJT62RvJvjHwri5NqJopKp9tcaKz1dYByTlhbGbB0tGihWPa271ja3s31dHuOlZsuWd8hdMr7Hq/COpyn7iVOoeU8bLRtkvReLyiD3Ju9IMmzLMyWCGNNzpuZrEBfbBwTC4ali5iL4OgPjMdhc=
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-foo5.org. IN DNSKEY
-SECTION ANSWER
-foo5.org.	IN	DNSKEY	257 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55567 (ksk), size = 1024b}
-foo5.org.	3600	IN	RRSIG	DNSKEY 8 2 3600 20070926134150 20070829134150 55567 foo5.org. wq5nET6vQal5aXvNr6lhUI5VzGJNM52k9RVdNsntiN25GehtBKF/+O2OhrD4YoLCIkMM4dzSSlO/nbbtx/8V8Y5LlA5Kxx3DU+QWpn4iwJg01VwXhJaw8KqK20bUS+PbkG+ZwAqVD1veAdtKR7lfYI35XZojZQ1ReSMWb/vLv4s=
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qname
-ADJUST copy_id copy_query
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.foo5.org. IN A
-SECTION ANSWER
-www.foo5.org.	3600	IN	CNAME	bok.foo5.org.
-www.foo5.org.	3600	IN	RRSIG	CNAME 8 3 3600 20070926134150 20070829134150 55567 foo5.org. L/KOVafKFY401Y2k3J+QjkX0XcBTsMperFyhKfTmyQYY3lI5shvdJT0UGu6ogZ9cCWM+tLNyVr804+dfK6QL/wdYOx9hkK/fiePUhAU6lzepJBdg7wotw560Eu6J7UhhtopHKrWa5ElQFG1UFR/qjcx/m4Ms6BgCWh8yWy20N1E=
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-alt.foo5.org. IN A
-SECTION ANSWER
-alt.foo5.org.	3600	IN	A	4.0.5.6
-alt.foo5.org.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 55567 foo5.org. vG+qffAmazC38iBE2QsZq5kFxNW5Mo+65epMjAA/06syLzjOKkfh8dbe++jQqvwqCqrIBb56miVFDCW1VEYOdh8vReptt9KtbQjXXMfRF39V3ccvbhEfP1xMG8Z8B7tkIBtLvfCNrsfYaccvYgq+gkPeeL1JEiK3ntOukJUbapM=
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-bok.foo5.org. IN A
-SECTION ANSWER
-bok.foo5.org.	3600	IN	A	1.2.3.4
-bok.foo5.org.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 55567 foo5.org. rlBgWgq0R4yT+bK0CyuZfFJ36dCsZnpvc9/7tShcMAzDPDu4+hgbXuyMWcsnsZjX3ZfR0a4wRwOwH86ZNLLxdkXNO1/bSDq+IsLyXesoVBDmcNvtdq5PgupCNW5I/cBP4tK0DCytXDLRFtU7LOxdgPps4dFANhHU6Q6LboqW4t8=
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-alt.foo5.org. IN DS
-SECTION ANSWER
-SECTION AUTHORITY
-foo5.org.	3600	IN	SOA	ns.foo5.org. host.foo5.org. 2007090422 3600 300 604800 3600
-foo5.org.	3600	IN	RRSIG	SOA 8 2 3600 20070926134150 20070829134150 55567 foo5.org. cHo00Jg0OI9sRaQV9t6WMybhkRwG6UFx6gEq87HOeOm2gPSbXFjIImyH6l1u8MPdXj8kYcGsUotWUEPuBTfA88bGb/lKfbu4aMD9GaqjB9oZF1iOCf7IdkXqHg/0iZNHOXbUNyNlCJgjkrVdZysJ1D1tAx7qmJgmzsJHerDuQzA=
-alt.foo5.org.	3600	IN	NSEC	alt2.foo5.org. A RRSIG NSEC
-alt.foo5.org.	3600	IN	RRSIG	NSEC 8 3 3600 20070926134150 20070829134150 55567 foo5.org. fgOxxCj+ZnRWyfVFlNCS/9UDg4n8+JaSmMjQzsqUoXk5Db9fMzOd3ScYqVxweXC/ER6Ly+XHz9RFVsAOA4I67eWGL6YJ5sA/MUJd3tB4Dk3xp0ycHH0ARvys9YedG9PLUvBY9B5qT/nhrw2N9yRtkq04z6DhjLh3uC0UJKsSiVc=
-ENTRY_END
-RANGE_END
-
-; Test query
-STEP 10 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-foo.org. IN TXT
-ENTRY_END
-
-; It is blocked
-STEP 11 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA AA NXDOMAIN
-SECTION QUESTION
-foo.org. IN TXT
-SECTION ANSWER
-ENTRY_END
-
-; The foo2.org domain has no DS with NSEC. The queries for foo2.org DS and
-; DNSKEY are blocked.
-STEP 20 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.foo2.org. IN TXT
-ENTRY_END
-
-STEP 21 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.foo2.org. IN TXT
-SECTION ANSWER
-www.foo2.org. IN TXT "a.b.e."
-ENTRY_END
-
-; The foo3.org domain has no DS with NSEC3. The queries for foo3.org DS and
-; DNSKEY are blocked. Because it is nsec3, there is no negative cache entry,
-; and a type DS query is made, that is then blocked.
-STEP 30 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.foo3.org. IN TXT
-ENTRY_END
-
-STEP 31 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.foo3.org. IN TXT
-SECTION ANSWER
-www.foo3.org. IN TXT "a.b.f."
-ENTRY_END
-
-; This query would use a validation failure for foo3.org from the key cache,
-; if it previously failed.
-STEP 32 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www2.foo3.org. IN TXT
-ENTRY_END
-
-STEP 33 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www2.foo3.org. IN TXT
-SECTION ANSWER
-www2.foo3.org. IN TXT "a.b.g."
-ENTRY_END
-
-; This query has a CNAME to www.foo.org. It is signed, but foo.org is blocked,
-; for DS and DNSKEY queries. There is a DS, but the DNSKEY query is blocked.
-STEP 40 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-foo.com. IN TXT
-ENTRY_END
-
-STEP 41 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-foo.com. IN TXT
-SECTION ANSWER
-foo.com. IN CNAME www.foo.org.
-www.foo.org.	3600	IN	TXT	"a.b.d."
-ENTRY_END
-
-; The foo4.com query has a CNAME to a validly signed domain www.foo4.org,
-; that has a cname to bok.foo4.org. The bok.foo4.org name is RPZ filtered,
-; with a new A record in the response, that is not signed, from RPZ.
-STEP 50 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-foo4.com. IN A
-ENTRY_END
-
-STEP 51 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA AA NOERROR
-SECTION QUESTION
-foo4.com. IN A
-SECTION ANSWER
-foo4.com. IN CNAME www.foo4.org.
-www.foo4.org. IN CNAME bok.foo4.org.
-bok.foo4.org IN A 4.0.5.5
-ENTRY_END
-
-; The foo5.com query has a CNAME to a signed domain www.foo5.org,
-; the www.foo5.org is filtered by RPZ with a different CNAME to another,
-; DNSSEC signed A record, alt.foo5.org, instead of bok.foo5.org.
-STEP 60 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-foo5.com. IN A
-ENTRY_END
-
-STEP 61 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-foo5.com. IN A
-SECTION ANSWER
-foo5.com. IN CNAME www.foo5.org.
-www.foo5.org. IN CNAME alt.foo5.org.
-alt.foo5.org IN A 4.0.5.6
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/serve_expired.rpl b/contrib/unbound/testdata/serve_expired.rpl
deleted file mode 100644
index 990a562c7191..000000000000
--- a/contrib/unbound/testdata/serve_expired.rpl
+++ /dev/null
@@ -1,126 +0,0 @@
-; config options
-server:
-	module-config: "validator iterator"
-	qname-minimisation: "no"
-	minimal-responses: no
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	access-control: 127.0.0.1/32 allow_snoop
-	ede: yes
-	ede-serve-expired: yes
-
-stub-zone:
-	name: "example.com"
-	stub-addr: 1.2.3.4
-CONFIG_END
-
-SCENARIO_BEGIN Test serve-expired
-; Scenario overview:
-; - query for example.com. IN A
-; - check that we get an answer for example.com. IN A with the correct TTL
-; - query again (without the RD bit) right after the TTL expired
-; - check that we get the expired cached answer (this should trigger prefetching)
-; - query with RD bit and check that the cached record was updated
-
-; ns.example.com.
-RANGE_BEGIN 0 100
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN NS
-		SECTION ANSWER
-			example.com. IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. IN A 1.2.3.4
-	ENTRY_END
-
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN A
-		SECTION ANSWER
-			example.com. 10 IN A 5.6.7.8
-		SECTION AUTHORITY
-			example.com. IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. IN A 1.2.3.4
-	ENTRY_END
-RANGE_END
-
-; Query with RD flag
-STEP 1 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we got the correct answer (should be cached)
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com. 10 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. IN A 1.2.3.4
-ENTRY_END
-
-; Wait for the TTL to expire
-STEP 11 TIME_PASSES ELAPSE 3601
-
-; Query again without RD bit
-STEP 30 QUERY
-ENTRY_BEGIN
-	REPLY DO
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we got a stale answer
-STEP 40 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl ede=3
-	REPLY QR RA DO NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com.  30 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. 30 IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. 30 IN A 1.2.3.4
-ENTRY_END
-
-; Query with RD bit (the record should have been prefetched)
-STEP 50 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-STEP 60 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com.  10 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. IN A 1.2.3.4
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/serve_expired_0ttl_nodata.rpl b/contrib/unbound/testdata/serve_expired_0ttl_nodata.rpl
deleted file mode 100644
index 8ca461be2c7b..000000000000
--- a/contrib/unbound/testdata/serve_expired_0ttl_nodata.rpl
+++ /dev/null
@@ -1,154 +0,0 @@
-; config options
-server:
-	module-config: "validator iterator"
-	qname-minimisation: "no"
-	minimal-responses: no
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	ede: yes
-	ede-serve-expired: yes
-
-
-stub-zone:
-	name: "example.com"
-	stub-addr: 1.2.3.4
-CONFIG_END
-
-SCENARIO_BEGIN Test serve-expired with NXDOMAIN followed by 0 TTL
-; Scenario overview:
-; - query for 0ttl.example.com. IN A
-; - answer from upstream is NODATA; will be cached for the SOA negative TTL.
-; - check that the client gets the NODATA; also cached
-; - query again right after the TTL expired
-; - this time the server answers with a 0 TTL RRset
-; - check that we get the correct answer
-
-; ns.example.com.
-RANGE_BEGIN 0 20
-	ADDRESS 1.2.3.4
-	; response to A query
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR AA NOERROR
-		SECTION QUESTION
-			0ttl.example.com. IN A
-		SECTION AUTHORITY
-			example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10
-	ENTRY_END
-RANGE_END
-
-; ns.example.com.
-RANGE_BEGIN 30 100
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN NS
-		SECTION ANSWER
-			example.com. 10 IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. 10 IN A 1.2.3.4
-	ENTRY_END
-
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			0ttl.example.com. IN A
-		SECTION ANSWER
-			0ttl.example.com. 0 IN A 5.6.7.8
-		SECTION AUTHORITY
-			example.com. 10 IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. 10 IN A 1.2.3.4
-	ENTRY_END
-RANGE_END
-
-; Query with RD flag
-STEP 0 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		0ttl.example.com. IN A
-ENTRY_END
-
-; Check that we get the NODATA (will be cached)
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		0ttl.example.com. IN A
-	SECTION AUTHORITY
-		example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10
-ENTRY_END
-
-; Query again
-STEP 20 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		0ttl.example.com. IN A
-ENTRY_END
-
-; Check that we get the cached NODATA
-STEP 30 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		0ttl.example.com. IN A
-	SECTION AUTHORITY
-		example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10
-ENTRY_END
-
-; Wait for the NXDOMAIN to expire
-STEP 31 TIME_PASSES ELAPSE 32
-
-; Query again
-STEP 40 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		0ttl.example.com. IN A
-ENTRY_END
-
-; Check that we get the cached NODATA
-STEP 50 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		0ttl.example.com. IN A
-	SECTION AUTHORITY
-		example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10
-ENTRY_END
-
-; Query again
-STEP 60 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		0ttl.example.com. IN A
-ENTRY_END
-
-; Check that we got the correct answer
-STEP 70 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		0ttl.example.com. IN A
-	SECTION ANSWER
-		0ttl.example.com. 0 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. 10 IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/serve_expired_0ttl_nxdomain.rpl b/contrib/unbound/testdata/serve_expired_0ttl_nxdomain.rpl
deleted file mode 100644
index 7cf26aedda0a..000000000000
--- a/contrib/unbound/testdata/serve_expired_0ttl_nxdomain.rpl
+++ /dev/null
@@ -1,154 +0,0 @@
-; config options
-server:
-	module-config: "validator iterator"
-	qname-minimisation: "no"
-	minimal-responses: no
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	ede: yes
-	ede-serve-expired: yes
-
-
-stub-zone:
-	name: "example.com"
-	stub-addr: 1.2.3.4
-CONFIG_END
-
-SCENARIO_BEGIN Test serve-expired with NXDOMAIN followed by 0 TTL
-; Scenario overview:
-; - query for 0ttl.example.com. IN A
-; - answer from upstream is NXDOMAIN; will be cached for the SOA negative TTL.
-; - check that the client gets the NXDOMAIN; also cached
-; - query again right after the TTL expired
-; - this time the server answers with a 0 TTL RRset
-; - check that we get the correct answer
-
-; ns.example.com.
-RANGE_BEGIN 0 20
-	ADDRESS 1.2.3.4
-	; response to A query
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR AA NXDOMAIN
-		SECTION QUESTION
-			0ttl.example.com. IN A
-		SECTION AUTHORITY
-			example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10
-	ENTRY_END
-RANGE_END
-
-; ns.example.com.
-RANGE_BEGIN 30 100
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN NS
-		SECTION ANSWER
-			example.com. 10 IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. 10 IN A 1.2.3.4
-	ENTRY_END
-
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			0ttl.example.com. IN A
-		SECTION ANSWER
-			0ttl.example.com. 0 IN A 5.6.7.8
-		SECTION AUTHORITY
-			example.com. 10 IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. 10 IN A 1.2.3.4
-	ENTRY_END
-RANGE_END
-
-; Query with RD flag
-STEP 0 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		0ttl.example.com. IN A
-ENTRY_END
-
-; Check that we get the SERVFAIL (will be cached)
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all
-	REPLY QR RD RA NXDOMAIN
-	SECTION QUESTION
-		0ttl.example.com. IN A
-	SECTION AUTHORITY
-		example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10
-ENTRY_END
-
-; Query again
-STEP 20 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		0ttl.example.com. IN A
-ENTRY_END
-
-; Check that we get the cached NXDOMAIN
-STEP 30 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all
-	REPLY QR RD RA NXDOMAIN
-	SECTION QUESTION
-		0ttl.example.com. IN A
-	SECTION AUTHORITY
-		example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10
-ENTRY_END
-
-; Wait for the NXDOMAIN to expire
-STEP 31 TIME_PASSES ELAPSE 32
-
-; Query again
-STEP 40 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		0ttl.example.com. IN A
-ENTRY_END
-
-; Check that we get the cached NXDOMAIN
-STEP 50 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all
-	REPLY QR RD RA NXDOMAIN
-	SECTION QUESTION
-		0ttl.example.com. IN A
-	SECTION AUTHORITY
-		example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10
-ENTRY_END
-
-; Query again
-STEP 60 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		0ttl.example.com. IN A
-ENTRY_END
-
-; Check that we got the correct answer
-STEP 70 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		0ttl.example.com. IN A
-	SECTION ANSWER
-		0ttl.example.com. 0 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. 10 IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/serve_expired_0ttl_servfail.rpl b/contrib/unbound/testdata/serve_expired_0ttl_servfail.rpl
deleted file mode 100644
index e9d4c4884e9f..000000000000
--- a/contrib/unbound/testdata/serve_expired_0ttl_servfail.rpl
+++ /dev/null
@@ -1,129 +0,0 @@
-; config options
-server:
-	module-config: "validator iterator"
-	qname-minimisation: "no"
-	minimal-responses: no
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	ede: yes
-	ede-serve-expired: yes
-
-
-stub-zone:
-	name: "example.com"
-	stub-addr: 1.2.3.4
-CONFIG_END
-
-SCENARIO_BEGIN Test serve-expired with SERVFAIL followed by 0 TTL
-; Scenario overview:
-; - query for 0ttl.example.com. IN A
-; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5)
-; - check that the client gets the SERVFAIL; also cached
-; - query again right after the TTL expired
-; - this time the server answers with a 0 TTL RRset
-; - check that we get the correct answer
-
-; ns.example.com.
-RANGE_BEGIN 0 20
-	ADDRESS 1.2.3.4
-	; response to A query
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR AA SERVFAIL
-		SECTION QUESTION
-			0ttl.example.com. IN A
-	ENTRY_END
-RANGE_END
-
-; ns.example.com.
-RANGE_BEGIN 30 100
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN NS
-		SECTION ANSWER
-			example.com. 10 IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. 10 IN A 1.2.3.4
-	ENTRY_END
-
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			0ttl.example.com. IN A
-		SECTION ANSWER
-			0ttl.example.com. 0 IN A 5.6.7.8
-		SECTION AUTHORITY
-			example.com. 10 IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. 10 IN A 1.2.3.4
-	ENTRY_END
-RANGE_END
-
-; Query with RD flag
-STEP 0 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		0ttl.example.com. IN A
-ENTRY_END
-
-; Check that we get the SERVFAIL (will be cached)
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all
-	REPLY QR RD RA SERVFAIL
-	SECTION QUESTION
-		0ttl.example.com. IN A
-ENTRY_END
-
-; Query again
-STEP 20 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		0ttl.example.com. IN A
-ENTRY_END
-
-; Check that we get the cached SERVFAIL
-STEP 30 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all
-	REPLY QR RD RA SERVFAIL
-	SECTION QUESTION
-		0ttl.example.com. IN A
-ENTRY_END
-
-; Wait for the SERVFAIL to expire
-STEP 31 TIME_PASSES ELAPSE 32
-
-; Query again
-STEP 40 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		0ttl.example.com. IN A
-ENTRY_END
-
-; Check that we got the correct answer
-STEP 50 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		0ttl.example.com. IN A
-	SECTION ANSWER
-		0ttl.example.com. 0 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. 10 IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/serve_expired_cached_servfail.rpl b/contrib/unbound/testdata/serve_expired_cached_servfail.rpl
deleted file mode 100644
index eb115816ec1d..000000000000
--- a/contrib/unbound/testdata/serve_expired_cached_servfail.rpl
+++ /dev/null
@@ -1,130 +0,0 @@
-; config options
-server:
-	module-config: "validator iterator"
-	qname-minimisation: "no"
-	minimal-responses: no
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	serve-expired-reply-ttl: 123
-	ede: yes
-	ede-serve-expired: yes
-
-
-stub-zone:
-	name: "example.com"
-	stub-addr: 1.2.3.4
-CONFIG_END
-
-SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply
-; Scenario overview:
-; - query for example.com. IN A
-; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5)
-; - check that the client gets the SERVFAIL; also cached
-; - query again right after the TTL expired
-; - cached SERVFAIL should be ignored and upstream queried
-; - check that we get the correct answer
-
-; ns.example.com.
-RANGE_BEGIN 0 20
-	ADDRESS 1.2.3.4
-	; response to A query
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR AA SERVFAIL
-		SECTION QUESTION
-			example.com. IN A
-	ENTRY_END
-RANGE_END
-
-; ns.example.com.
-RANGE_BEGIN 40 100
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN NS
-		SECTION ANSWER
-			example.com. 10 IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. 10 IN A 1.2.3.4
-	ENTRY_END
-
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN A
-		SECTION ANSWER
-			example.com. 10 IN A 5.6.7.8
-		SECTION AUTHORITY
-			example.com. 10 IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. 10 IN A 1.2.3.4
-	ENTRY_END
-RANGE_END
-
-; Query with RD flag
-STEP 0 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we get the SERVFAIL (will be cached)
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all
-	REPLY QR RD RA SERVFAIL
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Query again
-STEP 20 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we get the cached SERVFAIL
-STEP 30 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all
-	REPLY QR RD RA SERVFAIL
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Wait for the SERVFAIL to expire
-STEP 31 TIME_PASSES ELAPSE 6
-
-; Query again
-STEP 40 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we got the correct answer
-STEP 50 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com. 10 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. 10 IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/serve_expired_cached_servfail_refresh.rpl b/contrib/unbound/testdata/serve_expired_cached_servfail_refresh.rpl
deleted file mode 100644
index 63277f25f15e..000000000000
--- a/contrib/unbound/testdata/serve_expired_cached_servfail_refresh.rpl
+++ /dev/null
@@ -1,145 +0,0 @@
-; config options
-server:
-	module-config: "validator iterator"
-	qname-minimisation: "no"
-	minimal-responses: no
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	serve-expired-reply-ttl: 123
-	ede: yes
-	ede-serve-expired: yes
-
-
-stub-zone:
-	name: "example.com"
-	stub-addr: 1.2.3.4
-CONFIG_END
-
-SCENARIO_BEGIN Test serve-expired without client-timeout and a SERVFAIL upstream reply
-; Scenario overview:
-; - query for example.com. IN A
-; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5)
-; - check that the client gets the SERVFAIL; also cached
-; - query again right after the TTL expired
-; - cached SERVFAIL should be ignored and upstream queried
-; - answer from upstream is still SERVFAIL; the cached error response will be
-;   refreshed for another NORR_TTL(5)
-; - check that the client gets the SERVFAIL
-; - query again; the upstream now has the answer available
-; - check that we get the refreshed cached response instead
-
-; ns.example.com.
-RANGE_BEGIN 0 50
-	ADDRESS 1.2.3.4
-	; response to A query
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR AA SERVFAIL
-		SECTION QUESTION
-			example.com. IN A
-	ENTRY_END
-RANGE_END
-
-; ns.example.com.
-RANGE_BEGIN 60 100
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN NS
-		SECTION ANSWER
-			example.com. 10 IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. 10 IN A 1.2.3.4
-	ENTRY_END
-
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN A
-		SECTION ANSWER
-			example.com. 10 IN A 5.6.7.8
-		SECTION AUTHORITY
-			example.com. 10 IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. 10 IN A 1.2.3.4
-	ENTRY_END
-RANGE_END
-
-; Query with RD flag
-STEP 0 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we get the SERVFAIL (will be cached)
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all
-	REPLY QR RD RA SERVFAIL
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Query again
-STEP 20 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we get the cached SERVFAIL
-STEP 30 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all
-	REPLY QR RD RA SERVFAIL
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Wait for the SERVFAIL to expire
-STEP 31 TIME_PASSES ELAPSE 6
-
-; Query again
-STEP 40 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we get the SERVFAIL (will be refreshed)
-STEP 50 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all
-	REPLY QR RD RA SERVFAIL
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Query again, upstream has the real answer available
-STEP 60 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we get the refreshed cached SERVFAIL
-STEP 70 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all
-	REPLY QR RD RA SERVFAIL
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/serve_expired_client_timeout_servfail.rpl b/contrib/unbound/testdata/serve_expired_client_timeout_servfail.rpl
deleted file mode 100644
index 3c5b35e1793a..000000000000
--- a/contrib/unbound/testdata/serve_expired_client_timeout_servfail.rpl
+++ /dev/null
@@ -1,219 +0,0 @@
-; config options
-server:
-	module-config: "validator iterator"
-	qname-minimisation: "no"
-	minimal-responses: no
-	serve-expired: yes
-	serve-expired-client-timeout: 1
-	serve-expired-reply-ttl: 123
-	ede: yes
-	ede-serve-expired: yes
-
-stub-zone:
-	name: "example.com"
-	stub-addr: 1.2.3.4
-CONFIG_END
-
-SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply
-; Scenario overview:
-; - query for example.com. IN A
-; - check that we get an answer for example.com. IN A with the correct TTL
-; - query again right after the TTL expired
-; - answer from upstream is servfail
-; - (expired cached answer will not be replaced, instead marked as unresolvable for NORR_TTL(5))
-; - check that we get the expired cached answer
-; - query again (the answer is available on the upstream server now)
-; - check that we get the immediate expired answer back instead
-; - query again (the answer is available on the upstream server now)
-; - check that we *still* get the immediate expired answer back instead, recursion is blocked for NORR_TTL(5)
-; - wait for NORR_TTL(5) to expire
-; - query again
-; - check that we get the freshly cached answer
-
-; ns.example.com.
-RANGE_BEGIN 0 20
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN NS
-		SECTION ANSWER
-			example.com. 10 IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. 10 IN A 1.2.3.4
-	ENTRY_END
-
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN A
-		SECTION ANSWER
-			example.com. 10 IN A 5.6.7.8
-		SECTION AUTHORITY
-			example.com. 10 IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. 10 IN A 1.2.3.4
-	ENTRY_END
-RANGE_END
-
-; ns.example.com.
-RANGE_BEGIN 30 40
-	ADDRESS 1.2.3.4
-	; response to A query
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR AA SERVFAIL
-		SECTION QUESTION
-			example.com. IN A
-	ENTRY_END
-RANGE_END
-
-; ns.example.com.
-RANGE_BEGIN 50 100
-	ADDRESS 1.2.3.4
-	; response to A query
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN A
-		SECTION ANSWER
-			example.com. 10 IN A 5.6.7.8
-		SECTION AUTHORITY
-			example.com. 10 IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. 10 IN A 1.2.3.4
-	ENTRY_END
-RANGE_END
-
-; Query with RD flag
-STEP 1 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we got the correct answer (should be cached)
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com. 10 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. 10 IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-; Wait for the TTL to expire
-STEP 11 TIME_PASSES ELAPSE 11
-
-; Query again
-STEP 30 QUERY
-ENTRY_BEGIN
-	REPLY RD DO
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we got a stale answer because of the upstream SERVFAIL
-STEP 40 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl ede=3
-	REPLY QR RD RA DO NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com.  123 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. 123 IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. 123 IN A 1.2.3.4
-ENTRY_END
-
-; Query again
-STEP 50 QUERY
-ENTRY_BEGIN
-	REPLY RD DO
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we got an immediate stale answer because of the previous failure,
-; regardless if upstream has the answer already in this range.
-STEP 60 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl ede=3
-	REPLY QR RD RA DO NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com.  123 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. 123 IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. 123 IN A 1.2.3.4
-ENTRY_END
-
-; Query again
-STEP 70 QUERY
-ENTRY_BEGIN
-	REPLY RD DO
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we still get the immediate stale answer because of the previous failure,
-; regardless if upstream has the answer already in this range. NORR_TTL(5) blocks us from
-; recursion.
-STEP 80 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl ede=3
-	REPLY QR RD RA DO NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com.  123 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. 123 IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. 123 IN A 1.2.3.4
-ENTRY_END
-
-; Let NORR_TTL(5) expire
-STEP 81 TIME_PASSES ELAPSE 5
-
-; Query again
-STEP 90 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check fresh reply
-STEP 100 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com. 10 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. 10 IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/serve_expired_client_timeout_val_bogus.rpl b/contrib/unbound/testdata/serve_expired_client_timeout_val_bogus.rpl
deleted file mode 100644
index 47a6545a4035..000000000000
--- a/contrib/unbound/testdata/serve_expired_client_timeout_val_bogus.rpl
+++ /dev/null
@@ -1,328 +0,0 @@
-; config options
-; The island of trust is at example.com
-server:
-	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
-	val-override-date: "20070916134226"
-	target-fetch-policy: "0 0 0 0 0"
-	qname-minimisation: "no"
-	fake-sha1: yes
-	trust-anchor-signaling: no
-	minimal-responses: no
-
-	serve-expired: yes
-	serve-expired-client-timeout: 1
-	serve-expired-reply-ttl: 123
-	ede: yes
-	ede-serve-expired: yes
-
-	# No need for AAAA nameserver queries
-	do-ip6: no
-
-stub-zone:
-	name: "."
-	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
-CONFIG_END
-
-SCENARIO_BEGIN Test serve-expired with client-timeout and bogus answer
-; Scenario overview:
-; - query for www.example.com. IN A
-; - check the answer
-; - wait for the record to expire
-; - (upstream now has a bogus response)
-; - query again for www.example.com. IN A
-; - check that we get the expired valid response instead; recursion is blocked for NORR_TTL(5) because of the failure
-; - (upstream has the valid response again)
-; - query once more
-; - check that we get the immediate expired valid response
-; - let NORR_TTL(5) expire
-; - query one last time
-; - check that we get the immediate valid cache response
-
-; The example.com NS and ns.example.com A record are commented out.
-; This to make the test succeed. It then keeps the dnssec valid lookup.
-; Otherwise, the relookup of the referral would overwrite the example.com NS
-; the serve expired response would no longer be valid. But this record must
-; be cached, for keeping the current delegation information.
-; Also the DNSKEY lookup authority and additional are cleaned to stop overwrite
-; of the NS and A record. This is more likely to keep the serve expired
-; information intact.
-
-;;
-;; K.ROOT-SERVERS.NET.
-;;
-RANGE_BEGIN 0 100
-	ADDRESS 193.0.14.129 
-    ENTRY_BEGIN
-    MATCH opcode qtype qname
-    ADJUST copy_id
-    REPLY QR NOERROR
-    SECTION QUESTION
-    . IN NS
-    SECTION ANSWER
-    . IN NS	K.ROOT-SERVERS.NET.
-    SECTION ADDITIONAL
-    K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
-    ENTRY_END
-
-    ENTRY_BEGIN
-    MATCH opcode
-    ADJUST copy_id copy_query
-    REPLY QR NOERROR
-    SECTION QUESTION
-    www.example.com. IN A
-    SECTION AUTHORITY
-    com.	IN NS	a.gtld-servers.net.
-    SECTION ADDITIONAL
-    a.gtld-servers.net.	IN 	A	192.5.6.30
-    ENTRY_END
-RANGE_END
-
-;;
-;; a.gtld-servers.net.
-;;
-RANGE_BEGIN 0 100
-	ADDRESS 192.5.6.30
-    ENTRY_BEGIN
-    MATCH opcode qtype qname
-    ADJUST copy_id
-    REPLY QR NOERROR
-    SECTION QUESTION
-    com. IN NS
-    SECTION ANSWER
-    com.    IN NS   a.gtld-servers.net.
-    SECTION ADDITIONAL
-    a.gtld-servers.net.     IN      A       192.5.6.30
-    ENTRY_END
-
-    ENTRY_BEGIN
-    MATCH opcode
-    ADJUST copy_id copy_query
-    REPLY QR NOERROR
-    SECTION QUESTION
-    www.example.com. IN A
-    SECTION AUTHORITY
-    example.com.	IN NS	ns.example.com.
-    SECTION ADDITIONAL
-    ns.example.com.		IN 	A	1.2.3.4
-    ENTRY_END
-RANGE_END
-
-;;
-;; ns.example.com. with generic valid data
-;;
-RANGE_BEGIN 0 100
-	ADDRESS 1.2.3.4
-    ENTRY_BEGIN
-    MATCH opcode qtype qname
-    ADJUST copy_id
-    REPLY QR NOERROR
-    SECTION QUESTION
-    example.com. IN NS
-    SECTION ANSWER
-    example.com.    IN NS   ns.example.com.
-    example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-    SECTION ADDITIONAL
-    ns.example.com.         IN      A       1.2.3.4
-    ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
-    ENTRY_END
-
-    ; response to DNSKEY priming query
-    ENTRY_BEGIN
-    MATCH opcode qtype qname
-    ADJUST copy_id
-    REPLY QR NOERROR
-    SECTION QUESTION
-    example.com. IN DNSKEY
-    SECTION ANSWER
-    example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
-    example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
-    SECTION AUTHORITY
-    example.com.	IN NS	ns.example.com.
-    example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-    SECTION ADDITIONAL
-    ns.example.com.		IN 	A	1.2.3.4
-    ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
-    ENTRY_END
-RANGE_END
-
-;;
-;; ns.example.com with valid data
-;;
-RANGE_BEGIN 0 10
-	ADDRESS 1.2.3.4
-    ; response to query of interest
-    ENTRY_BEGIN
-    MATCH opcode qtype qname
-    ADJUST copy_id
-    REPLY QR NOERROR
-    SECTION QUESTION
-    www.example.com. IN A
-    SECTION ANSWER
-    www.example.com. IN A	10.20.30.40
-    ;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-    SECTION AUTHORITY
-    ;example.com.	IN NS	ns.example.com.
-    ;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-    SECTION ADDITIONAL
-    ;ns.example.com.		IN 	A	1.2.3.4
-    www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-    ENTRY_END
-RANGE_END
-
-;;
-;; ns.example.com. with bogus data
-;;
-RANGE_BEGIN 20 30
-	ADDRESS 1.2.3.4
-    ; response to query of interest (bogus answer)
-    ENTRY_BEGIN
-    MATCH opcode qtype qname
-    ADJUST copy_id
-    REPLY QR NOERROR
-    SECTION QUESTION
-    www.example.com. IN A
-    SECTION ANSWER
-    www.example.com. IN A	10.20.30.40
-    ;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-    SECTION AUTHORITY
-    ;example.com.	IN NS	ns.example.com.
-    ;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-    SECTION ADDITIONAL
-    ;ns.example.com.		IN 	A	1.2.3.4
-    ;; (valid signature)
-    ;; www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-    ;; (bogus signature)
-    www.example.com.           3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. 
-    ENTRY_END
-RANGE_END
-
-;;
-;; ns.example.com. with valid data again
-;;
-RANGE_BEGIN 40 70
-	ADDRESS 1.2.3.4
-    ; response to query of interest
-    ENTRY_BEGIN
-    MATCH opcode qtype qname
-    ADJUST copy_id
-    REPLY QR NOERROR
-    SECTION QUESTION
-    www.example.com. IN A
-    SECTION ANSWER
-    www.example.com. IN A	10.20.30.40
-    ;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-    SECTION AUTHORITY
-    ;example.com.	IN NS	ns.example.com.
-    ;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-    SECTION ADDITIONAL
-    ;ns.example.com.		IN 	A	1.2.3.4
-    www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-    ENTRY_END
-RANGE_END
-
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; recursion happens here.
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA AD DO NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. IN A	10.20.30.40
-www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-SECTION AUTHORITY
-;example.com.	IN NS	ns.example.com.
-;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-SECTION ADDITIONAL
-;ns.example.com.		IN 	A	1.2.3.4
-;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-ENTRY_END
-
-STEP 11 TIME_PASSES ELAPSE 3601
-
-STEP 20 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; expired answer because upstream is bogus
-STEP 30 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl ede=3
-REPLY QR RD RA AD DO NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 123 IN A	10.20.30.40
-www.example.com.        123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-SECTION AUTHORITY
-;example.com.	123 IN NS	ns.example.com.
-;example.com.    123    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-SECTION ADDITIONAL
-;ns.example.com.	123	IN 	A	1.2.3.4
-;ns.example.com. 123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-ENTRY_END
-
-STEP 40 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; immediate cached answer; although upstream is valid again
-STEP 50 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl ede=3
-REPLY QR RD RA AD DO NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 123 IN A	10.20.30.40
-www.example.com.        123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-SECTION AUTHORITY
-;example.com.	123 IN NS	ns.example.com.
-;example.com.    123    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-SECTION ADDITIONAL
-;ns.example.com.	123	IN 	A	1.2.3.4
-;ns.example.com. 123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-ENTRY_END
-
-STEP 51 TIME_PASSES ELAPSE 5
-
-; query one last time
-STEP 60 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; this is the fresh valid response
-STEP 70 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA AD DO NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. IN A	10.20.30.40
-www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-SECTION AUTHORITY
-;example.com.	IN NS	ns.example.com.
-;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-SECTION ADDITIONAL
-;ns.example.com.		IN 	A	1.2.3.4
-;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/serve_expired_reply_ttl.rpl b/contrib/unbound/testdata/serve_expired_reply_ttl.rpl
deleted file mode 100644
index e76976bde07d..000000000000
--- a/contrib/unbound/testdata/serve_expired_reply_ttl.rpl
+++ /dev/null
@@ -1,106 +0,0 @@
-; config options
-server:
-	module-config: "validator iterator"
-	qname-minimisation: "no"
-	minimal-responses: no
-	serve-expired: yes
-	serve-expired-reply-ttl: 123
-	serve-expired-client-timeout: 0
-	ede: yes
-	ede-serve-expired: yes
-
-stub-zone:
-	name: "example.com"
-	stub-addr: 1.2.3.4
-CONFIG_END
-
-SCENARIO_BEGIN Test serve-expired with reply-ttl
-; Scenario overview:
-; - query for example.com. IN A
-; - check that we get an answer for example.com. IN A with the correct TTL
-; - query again right after the TTL expired
-; - check that we get the expired cached answer with the configured TTL
-
-; ns.example.com.
-RANGE_BEGIN 0 100
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN NS
-		SECTION ANSWER
-			example.com. IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. IN A 1.2.3.4
-	ENTRY_END
-
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN A
-		SECTION ANSWER
-			example.com. 10 IN A 5.6.7.8
-		SECTION AUTHORITY
-			example.com. IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. IN A 1.2.3.4
-	ENTRY_END
-RANGE_END
-
-; Query with RD flag
-STEP 1 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we got the correct answer (should be cached)
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com. 10 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. IN A 1.2.3.4
-ENTRY_END
-
-; Wait for the TTL to expire
-STEP 11 TIME_PASSES ELAPSE 3601
-
-; Query again
-STEP 30 QUERY
-ENTRY_BEGIN
-	REPLY RD DO
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we got a stale answer
-STEP 40 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl ede=3
-	REPLY QR RD RA DO NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com.  123 A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. 123 NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. 123 A 1.2.3.4
-ENTRY_END
-
-; Give time for the pending query to get answered
-STEP 41 TRAFFIC
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/serve_expired_ttl.rpl b/contrib/unbound/testdata/serve_expired_ttl.rpl
deleted file mode 100644
index 66acbdcf1fe1..000000000000
--- a/contrib/unbound/testdata/serve_expired_ttl.rpl
+++ /dev/null
@@ -1,101 +0,0 @@
-; config options
-server:
-	module-config: "validator iterator"
-	qname-minimisation: "no"
-	minimal-responses: no
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	serve-expired-ttl: 10
-
-stub-zone:
-	name: "example.com"
-	stub-addr: 1.2.3.4
-CONFIG_END
-
-SCENARIO_BEGIN Test serve-expired
-; Scenario overview:
-; - query for example.com. IN A
-; - check that we get an answer for example.com. IN A with the correct TTL
-; - query again right after the TTL expired + serve-expired-ttl
-; - check that we get an updated answer and not the cached one
-
-; ns.example.com.
-RANGE_BEGIN 0 100
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN NS
-		SECTION ANSWER
-			example.com. IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. IN A 1.2.3.4
-	ENTRY_END
-
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN A
-		SECTION ANSWER
-			example.com. IN A 5.6.7.8
-		SECTION AUTHORITY
-			example.com. IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. IN A 1.2.3.4
-	ENTRY_END
-RANGE_END
-
-; Query with RD flag
-STEP 1 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we got the correct answer (should be cached)
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com. IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. IN A 1.2.3.4
-ENTRY_END
-
-; Wait for the TTL to expire + serve-expired-ttl
-STEP 11 TIME_PASSES ELAPSE 3611
-
-; Query again
-STEP 30 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we got an updated answer
-STEP 40 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com.  IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. IN A 1.2.3.4
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/serve_expired_ttl_reset.rpl b/contrib/unbound/testdata/serve_expired_ttl_reset.rpl
deleted file mode 100644
index 9f215c96bcd1..000000000000
--- a/contrib/unbound/testdata/serve_expired_ttl_reset.rpl
+++ /dev/null
@@ -1,101 +0,0 @@
-; config options go here.
-server:
-    serve-expired: yes
-    serve-expired-ttl: 1
-    serve-expired-ttl-reset: yes
-    serve-expired-reply-ttl: 123
-    serve-expired-client-timeout: 0
-    ede: yes
-    ede-serve-expired: yes
-forward-zone: name: "." forward-addr: 216.0.0.1
-CONFIG_END
-SCENARIO_BEGIN Serve expired ttl with reset on forwarder with a timeout on upstream query
-; Scenario overview:
-; - Send query
-; - Get reply
-; - Wait for it to expire (+ serve-expired-ttl)
-; - Send query again
-; - Upstream timeouts
-; - Error response from iterator SERVFAIL, resets expired-ttl on cache and sets norec_ttl blocking recursion
-; - Check we are getting the cached response because it was expired-ttl-reset
-; - Query again
-; - Check we are getting the expired answer; prefetching is blocked by norec_ttl
-; - If there was prefetching the test would fail with the pending upstream query
-
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; Upstream reply
-STEP 2 REPLY
-ENTRY_BEGIN
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 0.0.0.0
-ENTRY_END
-
-STEP 3 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RA RD NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 10 IN A 0.0.0.0
-ENTRY_END
-
-; Expire the record (+ serve-expired-ttl)
-STEP 4 TIME_PASSES ELAPSE 12
-
-STEP 5 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; But the pending query times out!
-; outbound-msg-retry times timeout.
-STEP 6 TIMEOUT
-STEP 7 TIMEOUT
-STEP 8 TIMEOUT
-STEP 9 TIMEOUT
-STEP 10 TIMEOUT
-
-; Returns 
-; but error response from iterator resets the expired ttl
-STEP 11 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl ede=3
-REPLY QR RA RD DO NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 123 IN A 0.0.0.0
-ENTRY_END
-
-; Query again
-STEP 12 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; Check that we get the expired answer
-STEP 13 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl ede=3
-REPLY QR RA RD DO NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 123 IN A 0.0.0.0
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/serve_expired_val_bogus.rpl b/contrib/unbound/testdata/serve_expired_val_bogus.rpl
deleted file mode 100644
index 54b66fe98800..000000000000
--- a/contrib/unbound/testdata/serve_expired_val_bogus.rpl
+++ /dev/null
@@ -1,389 +0,0 @@
-; config options
-; The island of trust is at example.com
-server:
-	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
-	val-override-date: "20070916134226"
-	target-fetch-policy: "0 0 0 0 0"
-	qname-minimisation: "no"
-	fake-sha1: yes
-	trust-anchor-signaling: no
-	minimal-responses: no
-
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	serve-expired-reply-ttl: 123
-	ede: yes
-	ede-serve-expired: yes
-
-	# No need for AAAA nameserver queries
-	do-ip6: no
-
-stub-zone:
-	name: "."
-	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
-CONFIG_END
-
-SCENARIO_BEGIN Test serve-expired with client-timeout and bogus answer
-; Scenario overview:
-; - query for www.example.com. IN A
-; - check the answer
-; - wait for the record to expire
-; - (upstream now has a bogus response)
-; - query again for www.example.com. IN A
-; - check that we get the immediate expired valid response
-; - (prefetch response is bogus and is not cached; recursion is blocked for NORR_TTL(5) because of the failure)
-; - (upstream has a valid response again)
-; - query once more
-; - check that we still get the immediate expired valid response (prefetch will not trigger because of NORR_TTL(5))
-; - query and check that cache was not updated
-; - let NORR_TTL(5) expire
-; - query once more
-; - check that we still get the immediate expired valid response
-; - (prefetch should be allowed to refresh the record at this point)
-; - (upstream does not have the answer anymore)
-; - query one last time
-; - check that we get the immediate valid cache response
-
-; The example.com NS and ns.example.com A record are commented out.
-; This to make the test succeed. It then keeps the dnssec valid lookup.
-; Otherwise, the relookup of the referral would overwrite the example.com NS
-; the serve expired response would no longer be valid. But this record must
-; be cached, for keeping the current delegation information.
-; Also the DNSKEY lookup authority and additional are cleaned to stop overwrite
-; of the NS and A record. This is more likely to keep the serve expired
-; information intact.
-
-;;
-;; K.ROOT-SERVERS.NET.
-;;
-RANGE_BEGIN 0 100
-	ADDRESS 193.0.14.129 
-    ENTRY_BEGIN
-    MATCH opcode qtype qname
-    ADJUST copy_id
-    REPLY QR NOERROR
-    SECTION QUESTION
-    . IN NS
-    SECTION ANSWER
-    . IN NS	K.ROOT-SERVERS.NET.
-    SECTION ADDITIONAL
-    K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
-    ENTRY_END
-
-    ENTRY_BEGIN
-    MATCH opcode
-    ADJUST copy_id copy_query
-    REPLY QR NOERROR
-    SECTION QUESTION
-    www.example.com. IN A
-    SECTION AUTHORITY
-    com.	IN NS	a.gtld-servers.net.
-    SECTION ADDITIONAL
-    a.gtld-servers.net.	IN 	A	192.5.6.30
-    ENTRY_END
-RANGE_END
-
-;;
-;; a.gtld-servers.net.
-;;
-RANGE_BEGIN 0 100
-	ADDRESS 192.5.6.30
-    ENTRY_BEGIN
-    MATCH opcode qtype qname
-    ADJUST copy_id
-    REPLY QR NOERROR
-    SECTION QUESTION
-    com. IN NS
-    SECTION ANSWER
-    com.    IN NS   a.gtld-servers.net.
-    SECTION ADDITIONAL
-    a.gtld-servers.net.     IN      A       192.5.6.30
-    ENTRY_END
-
-    ENTRY_BEGIN
-    MATCH opcode
-    ADJUST copy_id copy_query
-    REPLY QR NOERROR
-    SECTION QUESTION
-    www.example.com. IN A
-    SECTION AUTHORITY
-    example.com.	IN NS	ns.example.com.
-    SECTION ADDITIONAL
-    ns.example.com.		IN 	A	1.2.3.4
-    ENTRY_END
-RANGE_END
-
-;;
-;; ns.example.com. with generic data
-;;
-RANGE_BEGIN 0 100
-	ADDRESS 1.2.3.4
-    ENTRY_BEGIN
-    MATCH opcode qtype qname
-    ADJUST copy_id
-    REPLY QR NOERROR
-    SECTION QUESTION
-    example.com. IN NS
-    SECTION ANSWER
-    example.com.    IN NS   ns.example.com.
-    example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-    SECTION ADDITIONAL
-    ns.example.com.         IN      A       1.2.3.4
-    ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
-    ENTRY_END
-
-    ; response to DNSKEY priming query
-    ENTRY_BEGIN
-    MATCH opcode qtype qname
-    ADJUST copy_id
-    REPLY QR NOERROR
-    SECTION QUESTION
-    example.com. IN DNSKEY
-    SECTION ANSWER
-    example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
-    example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
-    SECTION AUTHORITY
-    example.com.	IN NS	ns.example.com.
-    example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-    SECTION ADDITIONAL
-    ns.example.com.		IN 	A	1.2.3.4
-    ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
-    ENTRY_END
-RANGE_END
-
-;;
-;; ns.example.com. with valid data
-;;
-RANGE_BEGIN 0 10
-	ADDRESS 1.2.3.4
-    ; response to query of interest
-    ENTRY_BEGIN
-    MATCH opcode qtype qname
-    ADJUST copy_id
-    REPLY QR NOERROR
-    SECTION QUESTION
-    www.example.com. IN A
-    SECTION ANSWER
-    www.example.com. IN A	10.20.30.40
-    ;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-    SECTION AUTHORITY
-    ;example.com.	IN NS	ns.example.com.
-    ;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-    SECTION ADDITIONAL
-    ;ns.example.com.		IN 	A	1.2.3.4
-    www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-    ENTRY_END
-RANGE_END
-
-;;
-;; ns.example.com. with bogus data
-;;
-RANGE_BEGIN 20 40
-	ADDRESS 1.2.3.4
-    ; response to query of interest (bogus answer)
-    ENTRY_BEGIN
-    MATCH opcode qtype qname
-    ADJUST copy_id
-    REPLY QR NOERROR
-    SECTION QUESTION
-    www.example.com. IN A
-    SECTION ANSWER
-    www.example.com. IN A	10.20.30.40
-    ;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-    SECTION AUTHORITY
-    ;example.com.	IN NS	ns.example.com.
-    ;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-    SECTION ADDITIONAL
-    ;ns.example.com.		IN 	A	1.2.3.4
-    ;; (valid signature)
-    ;; www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-    ;; (bogus signature)
-    www.example.com.           3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. 
-    ENTRY_END
-RANGE_END
-
-;;
-;; ns.example.com. with valid data again
-;;
-RANGE_BEGIN 50 100
-	ADDRESS 1.2.3.4
-    ; response to query of interest
-    ENTRY_BEGIN
-    MATCH opcode qtype qname
-    ADJUST copy_id
-    REPLY QR NOERROR
-    SECTION QUESTION
-    www.example.com. IN A
-    SECTION ANSWER
-    www.example.com. IN A	10.20.30.40
-    ;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-    SECTION AUTHORITY
-    ;example.com.	IN NS	ns.example.com.
-    ;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-    SECTION ADDITIONAL
-    ;ns.example.com.		IN 	A	1.2.3.4
-    www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-    ENTRY_END
-RANGE_END
-
-
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; this is the valid answer
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA AD DO NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. IN A	10.20.30.40
-www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-SECTION AUTHORITY
-;example.com.	IN NS	ns.example.com.
-;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-SECTION ADDITIONAL
-;ns.example.com.		IN 	A	1.2.3.4
-;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-ENTRY_END
-
-STEP 11 TIME_PASSES ELAPSE 3601
-
-STEP 20 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; this is the immediate expired cache response
-STEP 30 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl ede=3
-REPLY QR RD RA AD DO NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 123 IN A	10.20.30.40
-www.example.com.        123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-SECTION AUTHORITY
-;example.com.	123 IN NS	ns.example.com.
-;example.com.    123    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-SECTION ADDITIONAL
-;ns.example.com.	123	IN 	A	1.2.3.4
-;ns.example.com. 123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-ENTRY_END
-
-; query with response available on the server
-STEP 40 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; this is still the immediate expired cache response because the previous upstream response was bogus
-; upstream query did not go out because of the previous failure NORR_TTL(5).
-STEP 50 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl ede=3
-REPLY QR RD RA AD DO NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 123 IN A	10.20.30.40
-www.example.com.        123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-SECTION AUTHORITY
-;example.com.	123 IN NS	ns.example.com.
-;example.com.    123    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-SECTION ADDITIONAL
-;ns.example.com.	123	IN 	A	1.2.3.4
-;ns.example.com. 123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-ENTRY_END
-
-; query with response available
-STEP 60 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; this is still the immediate expired cache response because resolution is blocked for NORR_TTL(5)
-STEP 70 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl ede=3
-REPLY QR RD RA AD DO NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 123 IN A	10.20.30.40
-www.example.com.        123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-SECTION AUTHORITY
-;example.com.	123 IN NS	ns.example.com.
-;example.com.    123    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-SECTION ADDITIONAL
-;ns.example.com.	123	IN 	A	1.2.3.4
-;ns.example.com. 123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-ENTRY_END
-
-; expire NORR_TTL(5)
-STEP 71 TIME_PASSES ELAPSE 5
-
-; query again
-STEP 80 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; this is still the immediate expired cache response but prefetching will be allowed to update the cache
-STEP 90 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl ede=3
-REPLY QR RD RA AD DO NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 123 IN A	10.20.30.40
-www.example.com.        123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-SECTION AUTHORITY
-;example.com.	123 IN NS	ns.example.com.
-;example.com.    123    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-SECTION ADDITIONAL
-;ns.example.com.	123	IN 	A	1.2.3.4
-;ns.example.com. 123    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-ENTRY_END
-
-STEP 100 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; this is the immediate cache response because the previous upstream response was valid
-STEP 110 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA AD DO NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. IN A	10.20.30.40
-www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-SECTION AUTHORITY
-;example.com.	IN NS	ns.example.com.
-;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-SECTION ADDITIONAL
-;ns.example.com.		IN 	A	1.2.3.4
-;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/serve_expired_zerottl.rpl b/contrib/unbound/testdata/serve_expired_zerottl.rpl
deleted file mode 100644
index 1411cb8e77a5..000000000000
--- a/contrib/unbound/testdata/serve_expired_zerottl.rpl
+++ /dev/null
@@ -1,157 +0,0 @@
-; config options
-server:
-	module-config: "validator iterator"
-	qname-minimisation: "no"
-	minimal-responses: no
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	serve-expired-reply-ttl: 123
-	ede: yes
-	ede-serve-expired: yes
-
-stub-zone:
-	name: "example.com"
-	stub-addr: 1.2.3.4
-CONFIG_END
-
-SCENARIO_BEGIN Test 0 TLL with serve-expired
-; Scenario overview:
-; - query for example.com. IN A
-; - check that we get an answer for example.com. IN A with the correct 0 TTL
-; - query again; this time the answer has >0 TTL
-; - check the answer
-; - query one last time after expiration
-; - check that the configured reply ttl is used
-
-; ns.example.com.
-RANGE_BEGIN 0 100
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN NS
-		SECTION ANSWER
-			example.com. IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. IN A 1.2.3.4
-	ENTRY_END
-RANGE_END
-
-RANGE_BEGIN 0 10
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN A
-		SECTION ANSWER
-			example.com. 0 IN A 5.6.7.8
-		SECTION AUTHORITY
-			example.com. 0 IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. 0 IN A 1.2.3.4
-	ENTRY_END
-RANGE_END
-
-RANGE_BEGIN 11 100
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN A
-		SECTION ANSWER
-			example.com. 10 IN A 5.6.7.8
-		SECTION AUTHORITY
-			example.com. 10 IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. 10 IN A 1.2.3.4
-	ENTRY_END
-RANGE_END
-
-; Let some time to pass so that timenow > 0
-STEP 1 TIME_PASSES ELAPSE 3600
-
-; Query with RD flag
-STEP 2 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we got the correct answer with 0 TTL
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com. 0 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com.  0 IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. 0 IN A 1.2.3.4
-ENTRY_END
-
-; Let some time to pass
-STEP 11 TIME_PASSES ELAPSE 1
-
-; Query with RD flag
-STEP 20 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we got the correct answer
-STEP 29 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com. 10 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. 10 IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. 10 IN A 1.2.3.4
-ENTRY_END
-
-; Wait for the TTL to expire
-STEP 30 TIME_PASSES ELAPSE 11
-
-; Query with RD flag
-STEP 40 QUERY
-ENTRY_BEGIN
-	REPLY RD DO
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we got the correct answer
-STEP 49 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl ede=3
-	REPLY QR RD RA DO NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com. 123 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. 123 IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. 123 IN A 1.2.3.4
-ENTRY_END
-
-; Give time for the pending query to get answered
-STEP 50 TRAFFIC
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/serve_original_ttl.rpl b/contrib/unbound/testdata/serve_original_ttl.rpl
deleted file mode 100644
index 30503c285ccd..000000000000
--- a/contrib/unbound/testdata/serve_original_ttl.rpl
+++ /dev/null
@@ -1,139 +0,0 @@
-; config options
-server:
-	access-control: 127.0.0.1 allow_snoop
-	module-config: "validator iterator"
-	qname-minimisation: "no"
-	minimal-responses: no
-	serve-original-ttl: yes
-	cache-max-ttl: 1000
-	cache-min-ttl: 20
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	serve-expired-reply-ttl: 123
-	ede: yes
-	ede-serve-expired: yes
-
-stub-zone:
-	name: "example.com"
-	stub-addr: 1.2.3.4
-CONFIG_END
-
-SCENARIO_BEGIN Test serve-original-ttl
-; Scenario overview:
-; - query for example.com. IN A
-; - check that we get an answer for example.com. IN A with the correct TTL
-; - query again after a couple seconds and check that we get the original TTL
-; (next steps are combination with serve-expired)
-; - query again after the TTL expired
-; - check that we get the expired cached answer with the original TTL
-
-; ns.example.com.
-RANGE_BEGIN 0 100
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN NS
-		SECTION ANSWER
-			example.com. IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. IN A 1.2.3.4
-	ENTRY_END
-
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN A
-		SECTION ANSWER
-			example.com. 10 IN A 5.6.7.8
-		SECTION AUTHORITY
-			example.com. IN NS ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com. IN A 1.2.3.4
-	ENTRY_END
-RANGE_END
-
-; Query with RD flag
-STEP 1 QUERY
-ENTRY_BEGIN
-	REPLY RD
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we got the correct answer (should be cached)
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl
-	REPLY QR RD RA NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com. 10 IN A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. IN NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. IN A 1.2.3.4
-ENTRY_END
-
-; Wait a couple of seconds (< 10)
-STEP 11 TIME_PASSES ELAPSE 5
-
-; Query again
-STEP 20 QUERY
-ENTRY_BEGIN
-	REPLY
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we got the cached answer with the original TTL
-; (Passively checks that minimum and maximum TTLs are ignored)
-STEP 30 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl
-	REPLY QR RA NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com.  10 A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. 3600 NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. 3600 A 1.2.3.4
-ENTRY_END
-
-; Wait for the TTL to expire
-STEP 31 TIME_PASSES ELAPSE 3601
-
-; Query again
-STEP 40 QUERY
-ENTRY_BEGIN
-	REPLY DO
-	SECTION QUESTION
-		example.com. IN A
-ENTRY_END
-
-; Check that we got a stale answer with the original TTL
-STEP 50 CHECK_ANSWER
-ENTRY_BEGIN
-	MATCH all ttl ede=3
-	REPLY QR RA DO NOERROR
-	SECTION QUESTION
-		example.com. IN A
-	SECTION ANSWER
-		example.com.  10 A 5.6.7.8
-	SECTION AUTHORITY
-		example.com. NS ns.example.com.
-	SECTION ADDITIONAL
-		ns.example.com. A 1.2.3.4
-ENTRY_END
-
-; Give time for the pending query to get answered
-STEP 51 TRAFFIC
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/stat_values.tdir/stat_values.conf b/contrib/unbound/testdata/stat_values.tdir/stat_values.conf
deleted file mode 100644
index 312a7e17494f..000000000000
--- a/contrib/unbound/testdata/stat_values.tdir/stat_values.conf
+++ /dev/null
@@ -1,44 +0,0 @@
-server:
-	verbosity: 5
-	num-threads: 1
-	interface: 127.0.0.1
-	port: @PORT@
-	use-syslog: no
-	directory: ""
-	pidfile: "unbound.pid"
-	chroot: ""
-	username: ""
-	do-not-query-localhost: no
-	extended-statistics: yes
-	identity: "stat_values"
-	outbound-msg-retry: 0
-	root-key-sentinel: no
-	trust-anchor-signaling: no
-	serve-expired-client-timeout: 0
-	dns-error-reporting: yes
-
-	trust-anchor: "bogusdnssec. DS 1444 8 2 5224fb17d630a2e3efdc863a05a4032c5db415b5de3f32472ee9abed42e10146"
-
-	local-zone: local.zone static
-	local-data: "www.local.zone A 192.0.2.1"
-remote-control:
-	control-enable: yes
-	control-interface: 127.0.0.1
-	# control-interface: ::1
-	control-port: @CONTROL_PORT@
-	server-key-file: "unbound_server.key"
-	server-cert-file: "unbound_server.pem"
-	control-key-file: "unbound_control.key"
-	control-cert-file: "unbound_control.pem"
-stub-zone:
-	name: "example.com."
-	stub-addr: "127.0.0.1@@TOPORT@"
-stub-zone:
-	name: "bogusdnssec."
-	stub-addr: "127.0.0.1@@TOPORT@"
-stub-zone:
-	name: "an.agent."
-	stub-addr: "127.0.0.1@@TOPORT@"
-stub-zone:
-	name: "expired."
-	stub-addr: "127.0.0.1@@EXPIREDPORT@"
diff --git a/contrib/unbound/testdata/stat_values.tdir/stat_values.pre b/contrib/unbound/testdata/stat_values.tdir/stat_values.pre
deleted file mode 100644
index 81f94d8d10be..000000000000
--- a/contrib/unbound/testdata/stat_values.tdir/stat_values.pre
+++ /dev/null
@@ -1,50 +0,0 @@
-# #-- stat_values.pre--#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-
-. ../common.sh
-
-PRE="../.."
-if grep "define USE_CACHEDB 1" $PRE/config.h; then
-    USE_CACHEDB=1
-    echo "USE_CACHEDB=1" >> .tpkg.var.test
-fi
-
-get_random_port 4
-UNBOUND_PORT=$RND_PORT
-FWD_PORT=$(($RND_PORT + 1))
-FWD_EXPIRED_PORT=$(($RND_PORT + 2))
-CONTROL_PORT=$(($RND_PORT + 3))
-FWD_EXPIRED_PORT=$(($RND_PORT + 4))
-echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
-echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
-echo "FWD_EXPIRED_PORT=$FWD_EXPIRED_PORT" >> .tpkg.var.test
-echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test
-
-# start forwarder
-get_ldns_testns
-$LDNS_TESTNS -p $FWD_PORT stat_values.testns >fwd.log 2>&1 &
-FWD_PID=$!
-echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
-
-# start expired forwarder
-$LDNS_TESTNS -p $FWD_EXPIRED_PORT stat_values.testexpiredns >fwd_expired.log 2>&1 &
-FWD_EXPIRED_PID=$!
-echo "FWD_EXPIRED_PID=$FWD_EXPIRED_PID" >> .tpkg.var.test
-
-# make config file
-sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@EXPIREDPORT\@/'$FWD_EXPIRED_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < stat_values.conf > ub.conf
-sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@EXPIREDPORT\@/'$FWD_EXPIRED_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < stat_values_cachedb.conf > ub_cachedb.conf
-sed -e 's/@PORT\@/'$UNBOUND_PORT'/'                                                                          -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < stat_values_downstream_cookies.conf > ub_downstream_cookies.conf
-sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/'                                            -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < stat_values_discard_wait_limit.conf > ub_discard_wait_limit.conf
-# start unbound in the background
-$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
-UNBOUND_PID=$!
-echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
-
-cat .tpkg.var.test
-wait_ldns_testns_up fwd.log
-wait_ldns_testns_up fwd_expired.log
-wait_unbound_up unbound.log
diff --git a/contrib/unbound/testdata/stat_values.tdir/stat_values.test b/contrib/unbound/testdata/stat_values.tdir/stat_values.test
deleted file mode 100644
index d538e4d60ec2..000000000000
--- a/contrib/unbound/testdata/stat_values.tdir/stat_values.test
+++ /dev/null
@@ -1,680 +0,0 @@
-# #-- stat_values.test --#
-# source the master var file when it's there
-[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
-# use .tpkg.var.test for in test variable passing
-[ -f .tpkg.var.test ] && source .tpkg.var.test
-. ../common.sh
-
-PRE="../.."
-
-# Individual thread stats.
-STATS_IGNORE_THREAD="\
-^thread"
-
-# Histogram stats.
-STATS_IGNORE_HISTOGRAM="\
-^histogram"
-
-# Time dependent stats.
-STATS_IGNORE_TIME_SPECIFIC="\
-^total.recursion.time.avg=
-^total.recursion.time.median=
-^time.now=
-^time.up=
-^time.elapsed="
-
-# Usage dependent stats.
-STATS_IGNORE_USAGE_SPECIFIC="\
-^total.requestlist.avg=
-^total.requestlist.max=
-^total.requestlist.overwritten=
-^total.requestlist.exceeded=
-^total.requestlist.current.all=
-^total.requestlist.current.user=
-^total.tcpusage=
-^mem\."
-
-# Stats to ignore by default.
-STATS_IGNORE_DEFAULT="\
-$STATS_IGNORE_THREAD
-$STATS_IGNORE_HISTOGRAM
-$STATS_IGNORE_TIME_SPECIFIC
-$STATS_IGNORE_USAGE_SPECIFIC"
-
-# Various files to be used while testing.
-STATS_FILE=stats.$$
-EXPECTED_STATS_FILE=expected_stats.$$
-IGNORE_REGEX_FILE=ignore_regex.$$
-FILTERED_STATS_FILE=filtered_stats.$$
-FOUND_STATS_FILE=found_stats.$$
-REST_STATS_FILE=rest_stats.$$
-
-DEBUG=0
-
-if dig -h 2>&1 | grep "cookie" >/dev/null; then
-	nocookie="+nocookie"
-else
-	nocookie=""
-fi
-
-# Write stats to $STATS_FILE.
-# Call this when you want to get stats from unbound.
-get_stats () {
-	echo "> Getting stats"
-	echo "$PRE/unbound-control -c ub.conf stats"
-	$PRE/unbound-control -c ub.conf stats > $STATS_FILE
-	if test $? -ne 0; then
-		echo "wrong exit value after success"
-		exit 1
-	fi
-}
-
-# Set the expected stat values by writing to $EXPECTED_STATS_FILE.
-# sort is used for proper diff later.
-set_expected_stats () {
-	echo "$1" | sort > $EXPECTED_STATS_FILE
-}
-
-# Set the regex to ignore stats by writing to $IGNORE_REGEX_FILE.
-set_ignore_regex_stats () {
-	echo "$1" > $IGNORE_REGEX_FILE
-}
-
-# Filter the stats by removing any matched regex from $IGNORE_REGEX_FILE,
-# sorts and writes the left over stats to $FILTERED_STATS_FILE.
-filter_stats () {
-	grep -v -f $IGNORE_REGEX_FILE $STATS_FILE | sort > $FILTERED_STATS_FILE
-}
-
-# Check that the stats in $FILTERED_STATS_FILE include the expected stats in
-# $EXPECTED_STATS_FILE.
-check_expected_stats () {
-	echo "> Checking expected stats"
-	grep -F -x -f $EXPECTED_STATS_FILE $FILTERED_STATS_FILE > $FOUND_STATS_FILE
-	if test $DEBUG -ne 0; then
-		echo "Found:"
-		cat $FOUND_STATS_FILE
-	fi
-	if diff $EXPECTED_STATS_FILE $FOUND_STATS_FILE; then
-		echo "OK"
-	else
-		echo "! bad expected stats:"
-        cat $FILTERED_STATS_FILE
-		end 1
-	fi
-}
-
-# Check that the rest (unspecified) stats are all 0 (no surprises).
-check_rest_stats () {
-	echo "> Checking rest stats"
-	grep -F -x -v -f $EXPECTED_STATS_FILE $FILTERED_STATS_FILE > $REST_STATS_FILE
-	if test $DEBUG -ne 0; then
-		echo "Rest:"
-		cat $REST_STATS_FILE
-	fi
-	if grep -v "=0$" $REST_STATS_FILE; then
-		echo "! bad rest stats"
-		end 1
-	else
-		echo "OK"
-	fi
-}
-
-# Main function to check stats by:
-# - Getting stats from unbound
-# - Filtering out the stats we are not interested in
-# - Checking that the expected stats are part of the filtered stats
-# - The rest of the stats have 0 values.
-check_stats () {
-	set_expected_stats "$1"
-	if test $DEBUG -ne 0; then
-		echo "Expected:"
-		cat $EXPECTED_STATS_FILE
-	fi
-	get_stats
-	filter_stats
-	if test $DEBUG -ne 0; then
-		echo "Filtered:"
-		cat $FILTERED_STATS_FILE
-	fi
-	check_expected_stats
-	check_rest_stats
-}
-
-# Convenient function to set an option through unbound-control.
-set_ub_option () {
-	name=$1
-	value=$2
-	echo "$PRE/unbound-control -c ub.conf set_option $name: $value"
-	$PRE/unbound-control -c ub.conf set_option $name: $value
-	if test $? -ne 0; then
-		echo "wrong exit value after success"
-		exit 1
-	fi
-}
-
-# Convenient function to kill current Unbound and bring up one with an alternate configuration.
-bring_up_alternate_configuration () {
-	conf_file=$1
-	kill_pid $UNBOUND_PID  # kill current Unbound
-	echo ""
-	cat unbound.log
-	echo ""
-	$PRE/unbound -d -c $conf_file >unbound.log 2>&1 &
-	UNBOUND_PID=$!
-	echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
-	wait_unbound_up unbound.log
-}
-
-# Convenient function to exit the test.
-end () {
-	echo "> cat logfiles"
-	cat fwd.log
-	cat unbound.log
-	if test $1 -eq 1; then
-		echo "Not OK"
-	else
-		echo "> OK"
-	fi
-	exit $1
-}
-
-# Ignore all run specific stats.
-set_ignore_regex_stats "$STATS_IGNORE_DEFAULT"
-
-# Check if the server is up.
-echo "> dig 1ttl.example.com."
-dig @127.0.0.1 -p $UNBOUND_PORT 1ttl.example.com. | tee outfile
-echo "> check answer"
-if grep "1.1.1.1" outfile; then
-	echo "OK"
-else
-	end 1
-fi
-
-
-teststep "Check initial stats based on first query."
-check_stats "\
-total.num.queries=1
-total.num.cachemiss=1
-total.num.recursivereplies=1
-num.query.type.A=1
-num.query.class.IN=1
-num.query.opcode.QUERY=1
-num.query.flags.RD=1
-num.query.flags.AD=1
-num.query.edns.present=1
-num.query.udpout=1
-msg.cache.count=1
-rrset.cache.count=1
-infra.cache.count=1
-num.answer.rcode.NOERROR=1"
-
-
-teststep "Check stat reset."
-check_stats "\
-msg.cache.count=1
-rrset.cache.count=1
-infra.cache.count=1"
-
-
-teststep "Enable serve-expired and check."
-set_ub_option serve-expired yes
-sleep 2  # make sure the TTL has expired.
-echo "> dig 1ttl.example.com."
-dig @127.0.0.1 -p $UNBOUND_PORT 1ttl.example.com. | tee outfile
-echo "> check answer"
-if grep "1.1.1.1" outfile; then
-	echo "OK"
-else
-	end 1
-fi
-check_stats "\
-total.num.queries=1
-total.num.expired=1
-total.num.cachehits=1
-total.num.prefetch=1
-num.answer.rcode.NOERROR=1
-num.query.class.IN=1
-num.query.edns.present=1
-num.query.flags.AD=1
-num.query.flags.RD=1
-num.query.opcode.QUERY=1
-num.query.type.A=1
-num.query.udpout=1
-msg.cache.count=1
-rrset.cache.count=1
-infra.cache.count=1"
-
-
-teststep "Enable serve-expired-client-timeout and check."
-set_ub_option serve-expired-client-timeout 1
-echo "> dig servfail.expired."
-dig @127.0.0.1 -p $UNBOUND_PORT servfail.expired. | tee outfile
-echo "> check answer"
-if grep "192.0.2.1" outfile; then
-	echo "OK"
-else
-	end 1
-fi
-check_stats "\
-total.num.queries=1
-total.num.cachemiss=1
-total.num.recursivereplies=1
-num.query.type.A=1
-num.query.class.IN=1
-num.query.opcode.QUERY=1
-num.query.flags.RD=1
-num.query.flags.AD=1
-num.query.edns.present=1
-num.query.udpout=1
-msg.cache.count=2
-rrset.cache.count=2
-infra.cache.count=2
-num.answer.rcode.NOERROR=1"
-kill_pid $FWD_EXPIRED_PID  # kill the expired forwarder to force a servfail from upstream.
-sleep 2  # make sure the TTL has expired.
-echo "> dig servfail.expired."
-dig @127.0.0.1 -p $UNBOUND_PORT servfail.expired. | tee outfile
-echo "> check answer"
-if grep "192.0.2.1" outfile; then
-	echo "OK"
-else
-	end 1
-fi
-sleep 1  # make sure the outgoing UDP (and no edns1xx0 retry because not a smaller buffer size) are accounted for.
-check_stats "\
-total.num.queries=1
-total.num.expired=1
-total.num.recursivereplies=1
-num.answer.rcode.NOERROR=1
-num.query.class.IN=1
-num.query.edns.present=1
-num.query.flags.AD=1
-num.query.flags.RD=1
-num.query.opcode.QUERY=1
-num.query.type.A=1
-num.query.udpout=1
-total.num.cachemiss=1
-msg.cache.count=2
-rrset.cache.count=2
-infra.cache.count=2"
-
-
-# Disable serve-expired
-set_ub_option serve-expired no
-
-
-teststep "Check REFUSED; try without RD flag."
-echo "> dig somethingelse.example.com."
-dig @127.0.0.1 -p $UNBOUND_PORT +nordflag somethingelse.example.com. | tee outfile
-echo "> check answer"
-if grep "REFUSED" outfile; then
-	echo "OK"
-else
-	end 1
-fi
-check_stats "\
-num.answer.rcode.REFUSED=1
-total.num.cachehits=1
-num.query.class.IN=1
-num.query.edns.present=1
-num.query.flags.AD=1
-num.query.opcode.QUERY=1
-num.query.type.A=1
-total.num.queries=1
-msg.cache.count=2
-rrset.cache.count=2
-infra.cache.count=2"
-
-
-teststep "Check the AD flag."
-echo "> dig www.example.com."
-dig @127.0.0.1 -p $UNBOUND_PORT +noadflag www.example.com. | tee outfile
-echo "> check answer"
-if grep "10.20.30.40" outfile; then
-	echo "OK"
-else
-	end 1
-fi
-check_stats "\
-num.query.flags.AD=0
-total.num.cachemiss=1
-num.answer.rcode.NOERROR=1
-num.query.class.IN=1
-num.query.edns.present=1
-num.query.flags.RD=1
-num.query.opcode.QUERY=1
-num.query.type.A=1
-num.query.udpout=1
-total.num.queries=1
-total.num.recursivereplies=1
-msg.cache.count=3
-rrset.cache.count=3
-infra.cache.count=2"
-
-
-teststep "Check local zone."
-echo "> dig www.local.zone."
-dig @127.0.0.1 -p $UNBOUND_PORT www.local.zone. | tee outfile
-echo "> check answer"
-if grep "192.0.2.1" outfile; then
-	echo "OK"
-else
-	end 1
-fi
-check_stats "\
-num.answer.rcode.NOERROR=1
-total.num.cachehits=1
-num.query.class.IN=1
-num.query.edns.present=1
-num.query.flags.AD=1
-num.query.flags.RD=1
-num.query.opcode.QUERY=1
-num.query.type.A=1
-total.num.queries=1
-msg.cache.count=3
-rrset.cache.count=3
-infra.cache.count=2"
-
-
-teststep "Check NXDOMAIN (with local data)."
-echo "> dig mail.local.zone."
-dig @127.0.0.1 -p $UNBOUND_PORT mail.local.zone. | tee outfile
-echo "> check answer"
-if grep "NXDOMAIN" outfile; then
-	echo "OK"
-else
-	end 1
-fi
-check_stats "\
-num.answer.rcode.NXDOMAIN=1
-total.num.cachehits=1
-num.query.class.IN=1
-num.query.edns.present=1
-num.query.flags.AD=1
-num.query.flags.RD=1
-num.query.opcode.QUERY=1
-num.query.type.A=1
-total.num.queries=1
-msg.cache.count=3
-rrset.cache.count=3
-infra.cache.count=2"
-
-
-teststep "Check CHAOS."
-echo "> dig id.server. ch txt"
-dig @127.0.0.1 -p $UNBOUND_PORT id.server. ch txt | tee outfile
-echo "> check answer"
-if grep "stat_values" outfile; then
-	echo "OK"
-else
-	end 1
-fi
-check_stats "\
-num.query.class.CH=1
-total.num.cachehits=1
-num.answer.rcode.NOERROR=1
-num.query.edns.present=1
-num.query.flags.AD=1
-num.query.flags.RD=1
-num.query.opcode.QUERY=1
-num.query.type.TXT=1
-total.num.queries=1
-msg.cache.count=3
-rrset.cache.count=3
-infra.cache.count=2"
-
-
-teststep "Check dns-error-reporting."
-echo "> dig www.bogusdnssec."
-dig @127.0.0.1 -p $UNBOUND_PORT www.bogusdnssec. | tee outfile
-echo "> check answer"
-if grep "SERVFAIL" outfile; then
-	echo "OK"
-else
-	end 1
-fi
-check_stats "\
-infra.cache.count=4
-key.cache.count=1
-msg.cache.count=7
-num.answer.bogus=1
-num.answer.rcode.SERVFAIL=1
-num.query.class.IN=1
-num.query.edns.present=1
-num.query.flags.AD=1
-num.query.flags.RD=1
-num.query.opcode.QUERY=1
-num.query.type.A=1
-num.query.udpout=9
-rrset.cache.count=4
-total.num.cachemiss=1
-total.num.dns_error_reports=1
-total.num.queries=1
-total.num.recursivereplies=1"
-
-
-###
-#
-# Bring the discard-timeout, wait-limit configured Unbound up
-#
-bring_up_alternate_configuration ub_discard_wait_limit.conf
-#
-###
-
-
-teststep "Check discard-timeout and wait-limit"
-echo "> dig www.unresponsive"
-dig @127.0.0.1 -p $UNBOUND_PORT +retry=2 +timeout=1 www.unresponsive. | tee outfile
-echo "> check answer"
-if grep "no servers could be reached" outfile; then
-	echo "OK"
-else
-	end 1
-fi
-check_stats "\
-infra.cache.count=1
-msg.cache.count=1
-num.query.class.IN=3
-num.query.edns.present=3
-num.query.flags.AD=3
-num.query.flags.RD=3
-num.query.opcode.QUERY=3
-num.query.type.A=3
-num.query.udpout=1
-total.num.cachemiss=3
-total.num.queries=3
-total.num.queries_discard_timeout=2
-total.num.queries_wait_limit=1"
-
-
-###
-#
-# Bring the downstream DNS Cookies configured Unbound up
-#
-bring_up_alternate_configuration ub_downstream_cookies.conf
-#
-###
-
-
-teststep "Get a DNS Cookie."
-echo "> dig www.local.zone +tcp $nocookie +ednsopt=10:0102030405060708"
-dig @127.0.0.1 -p $UNBOUND_PORT +tcp $nocookie +ednsopt=10:0102030405060708 +retry=0 +time=1 www.local.zone. | tee outfile
-echo "> check answer"
-if grep "192.0.2.1" outfile; then
-	echo "OK"
-else
-	end 1
-fi
-# Save valid cookie
-valid_cookie=`grep "COOKIE: " outfile | cut -d ' ' -f 3`
-invalid_cookie=`echo $valid_cookie | tr '0' '4'`
-check_stats "\
-total.num.queries=1
-total.num.queries_cookie_client=1
-total.num.cachehits=1
-num.query.type.A=1
-num.query.class.IN=1
-num.query.opcode.QUERY=1
-num.query.flags.RD=1
-num.query.flags.AD=1
-num.query.edns.present=1
-num.query.tcp=1
-num.answer.rcode.NOERROR=1"
-
-
-teststep "Present the valid DNS Cookie."
-echo "> dig www.local.zone $nocookie +ednsopt=10:valid_cookie"
-dig @127.0.0.1 -p $UNBOUND_PORT $nocookie +ednsopt=10:$valid_cookie +retry=0 +time=1 www.local.zone. | tee outfile
-echo "> check answer"
-if grep "192.0.2.1" outfile; then
-	echo "OK"
-else
-	end 1
-fi
-check_stats "\
-total.num.queries=1
-total.num.queries_cookie_valid=1
-total.num.cachehits=1
-num.query.type.A=1
-num.query.class.IN=1
-num.query.opcode.QUERY=1
-num.query.flags.RD=1
-num.query.flags.AD=1
-num.query.edns.present=1
-num.answer.rcode.NOERROR=1"
-
-
-teststep "Present an invalid DNS Cookie."
-echo "> dig www.local.zone $nocookie +ednsopt=10:invalid_cookie"
-dig @127.0.0.1 -p $UNBOUND_PORT $nocookie +ednsopt=10:$invalid_cookie +retry=0 +time=1 www.local.zone. | tee outfile
-echo "> check answer"
-if grep "192.0.2.1" outfile; then
-	end 1
-else
-	echo "OK"
-fi
-# A lot of stats are missing since BADCOOKIE error response is before
-# those stat calculations.
-# BADCOOKIE is an extended error code; we record YXRRSET below.
-check_stats "\
-total.num.queries=1
-total.num.queries_cookie_invalid=1
-total.num.cachehits=1
-num.answer.rcode.YXRRSET=1"
-
-
-teststep "Present no DNS Cookie."
-echo "> dig www.local.zone +ignore"
-dig @127.0.0.1 -p $UNBOUND_PORT +ignore $nocookie +retry=0 +time=1 www.local.zone. | tee outfile
-echo "> check answer"
-if grep "192.0.2.1" outfile; then
-	end 1
-else
-	echo "OK"
-fi
-# A lot of stats are missing since REFUSED error response because of no DNS
-# Cookie is before those stat calculations.
-check_stats "\
-total.num.queries=1
-total.num.cachehits=1
-num.answer.rcode.REFUSED=1"
-
-if test x$USE_CACHEDB = "x1"; then
-
-
-###
-#
-# Bring the cachedb configured Unbound up
-#
-bring_up_alternate_configuration ub_cachedb.conf
-#
-###
-
-
-teststep "Check cachedb cache miss."
-echo "> dig www.example.com."
-dig @127.0.0.1 +ednsopt=65534 -p $UNBOUND_PORT www.example.com. | tee outfile
-echo "> check answer"
-if grep "10.20.30.40" outfile; then
-	echo "OK"
-else
-	end 1
-fi
-check_stats "\
-total.num.queries=1
-total.num.cachemiss=1
-total.num.cachehits=0
-total.num.recursivereplies=1
-num.query.type.A=1
-num.query.class.IN=1
-num.query.opcode.QUERY=1
-num.query.flags.RD=1
-num.query.flags.AD=1
-num.query.edns.present=1
-num.query.udpout=1
-num.query.cachedb=0
-msg.cache.count=1
-rrset.cache.count=1
-infra.cache.count=1
-num.answer.rcode.NOERROR=1"
-
-
-teststep "Check cachedb cache hit."
-echo "> dig www.example.com."
-dig @127.0.0.1 +ednsopt=65534 -p $UNBOUND_PORT www.example.com. | tee outfile
-echo "> check answer"
-if grep "10.20.30.40" outfile; then
-	echo "OK"
-else
-	end 1
-fi
-check_stats "\
-total.num.queries=1
-total.num.cachemiss=1
-total.num.cachehits=0
-total.num.recursivereplies=1
-num.query.type.A=1
-num.query.class.IN=1
-num.query.opcode.QUERY=1
-num.query.flags.RD=1
-num.query.flags.AD=1
-num.query.edns.present=1
-num.query.udpout=0
-num.query.cachedb=1
-msg.cache.count=1
-rrset.cache.count=1
-infra.cache.count=1
-num.answer.rcode.NOERROR=1"
-
-
-teststep "Check cachedb cache hit with stat reset."
-echo "> dig www.example.com."
-dig @127.0.0.1 +ednsopt=65534 -p $UNBOUND_PORT www.example.com. | tee outfile
-echo "> check answer"
-if grep "10.20.30.40" outfile; then
-	echo "OK"
-else
-	end 1
-fi
-check_stats "\
-total.num.queries=1
-total.num.cachemiss=1
-total.num.cachehits=0
-total.num.recursivereplies=1
-num.query.type.A=1
-num.query.class.IN=1
-num.query.opcode.QUERY=1
-num.query.flags.RD=1
-num.query.flags.AD=1
-num.query.edns.present=1
-num.query.cachedb=1
-msg.cache.count=1
-rrset.cache.count=1
-infra.cache.count=1
-num.answer.rcode.NOERROR=1"
-
-fi  # USE_CACHEDB
-
-end 0
diff --git a/contrib/unbound/testdata/stat_values.tdir/stat_values.testns b/contrib/unbound/testdata/stat_values.tdir/stat_values.testns
deleted file mode 100644
index a5c0ae92b599..000000000000
--- a/contrib/unbound/testdata/stat_values.tdir/stat_values.testns
+++ /dev/null
@@ -1,82 +0,0 @@
-; nameserver test file
-$ORIGIN example.com.
-$TTL 3600
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-www	IN	A
-SECTION ANSWER
-www	IN	A	10.20.30.40
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-1ttl	IN	A
-SECTION ANSWER
-1ttl	1 IN	A 1.1.1.1
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-0ttl	IN	A
-SECTION ANSWER
-0ttl	0 IN	A 0.0.0.1
-ENTRY_END
-
-
-
-$ORIGIN bogusdnssec.
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-@	IN	DNSKEY
-SECTION ANSWER
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR AA NOERROR
-ADJUST copy_id
-SECTION QUESTION
-www	IN	A
-SECTION ANSWER
-www	0 IN	A 10.20.30.40
-; bogus signature to not trigger LAME DNSSEC and continue with validation
-www	0 IN	RRSIG   A 8 2 240 20250429005000 20250401005000 42393 bogusdnssec. ob6ddTJkdeOUn92cxx1NPGneV7rhOp2zKBv8FXQjJ/Wso8LJJnzRHW9p 3sTatlzi+UdRi7BOrcxwjUG38lgO+TS5vRFGAiTRmOezm6xJVNTg8lIb RJGCD5bRtRRstwt31Qt6Gda+6sAyvDebpUB/opkQpevv6xohdrhr0g8+ Q4w=
-SECTION ADDITIONAL
-; dns error reporting agent
-HEX_EDNSDATA_BEGIN
-	00 12				; opt-code (Report-Channel)
-	00 0A				; opt-len
-	02 61 6E 05 61 67 65 6E 74 00	; an.agent.
-HEX_EDNSDATA_END
-ENTRY_END
-
-
-
-$ORIGIN an.agent.
-;just give an answer back to anything
-ENTRY_BEGIN
-MATCH opcode subdomain
-REPLY QR AA NXDOMAIN
-ADJUST copy_id copy_query
-SECTION QUESTION
-an.agent.	IN	ANY
-ENTRY_END
-
-
-
-$ORIGIN unresponsive.
-;; no entry for 'unresponsive.', we rely on timeouts.
diff --git a/contrib/unbound/testdata/stat_values.tdir/stat_values_cachedb.conf b/contrib/unbound/testdata/stat_values.tdir/stat_values_cachedb.conf
deleted file mode 100644
index b7b375b36ef1..000000000000
--- a/contrib/unbound/testdata/stat_values.tdir/stat_values_cachedb.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-server:
-	verbosity: 5
-	module-config: "cachedb iterator"
-	num-threads: 1
-	interface: 127.0.0.1
-	port: @PORT@
-	use-syslog: no
-	directory: ""
-	pidfile: "unbound.pid"
-	chroot: ""
-	username: ""
-	do-not-query-localhost: no
-	extended-statistics: yes
-	identity: "stat_values"
-	outbound-msg-retry: 0
-	root-key-sentinel: no
-	trust-anchor-signaling: no
-
-remote-control:
-	control-enable: yes
-	control-interface: 127.0.0.1
-	# control-interface: ::1
-	control-port: @CONTROL_PORT@
-	server-key-file: "unbound_server.key"
-	server-cert-file: "unbound_server.pem"
-	control-key-file: "unbound_control.key"
-	control-cert-file: "unbound_control.pem"
-stub-zone:
-	name: "example.com."
-	stub-addr: "127.0.0.1@@TOPORT@"
diff --git a/contrib/unbound/testdata/stat_values.tdir/stat_values_discard_wait_limit.conf b/contrib/unbound/testdata/stat_values.tdir/stat_values_discard_wait_limit.conf
deleted file mode 100644
index b6f63cf17cfd..000000000000
--- a/contrib/unbound/testdata/stat_values.tdir/stat_values_discard_wait_limit.conf
+++ /dev/null
@@ -1,36 +0,0 @@
-server:
-	verbosity: 5
-	num-threads: 1
-	interface: 127.0.0.1
-	module-config: "validator iterator"
-	port: @PORT@
-	use-syslog: no
-	directory: ""
-	pidfile: "unbound.pid"
-	chroot: ""
-	username: ""
-	do-not-query-localhost: no
-	extended-statistics: yes
-	identity: "stat_values"
-	outbound-msg-retry: 0
-	root-key-sentinel: no
-	trust-anchor-signaling: no
-
-	discard-timeout: 800
-        wait-limit: 1
-	wait-limit-netblock: 127.0.0.0/8 1
-	wait-limit-netblock: ::1/128 1
-	infra-cache-min-rtt: 3000  # This is for the discard-timeout test
-
-remote-control:
-	control-enable: yes
-	control-interface: 127.0.0.1
-	# control-interface: ::1
-	control-port: @CONTROL_PORT@
-	server-key-file: "unbound_server.key"
-	server-cert-file: "unbound_server.pem"
-	control-key-file: "unbound_control.key"
-	control-cert-file: "unbound_control.pem"
-stub-zone:
-	name: "unresponsive."
-	stub-addr: "127.0.0.1@@TOPORT@"
diff --git a/contrib/unbound/testdata/subnet_cached_servfail.crpl b/contrib/unbound/testdata/subnet_cached_servfail.crpl
deleted file mode 100644
index f1a66159c4ee..000000000000
--- a/contrib/unbound/testdata/subnet_cached_servfail.crpl
+++ /dev/null
@@ -1,168 +0,0 @@
-; Check if an expired SERVFAIL answer stored in the global cache does not block
-; ECS queries to reach the ECS cache.
-
-server:
-	trust-anchor-signaling: no
-	target-fetch-policy: "0 0 0 0 0"
-	send-client-subnet: 1.2.3.4
-	max-client-subnet-ipv4: 21
-	module-config: "subnetcache iterator"
-	verbosity: 3
-	access-control: 127.0.0.1 allow_snoop
-	qname-minimisation: no
-	minimal-responses: no
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	prefetch: yes
-
-stub-zone:
-	name: "example.com."
-	stub-addr: 1.2.3.4
-CONFIG_END
-
-SCENARIO_BEGIN Test that expired SERVFAIL in global cache does not block clients to reach the ECS cache
-
-; ns.example.com.
-RANGE_BEGIN 0 10
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN NS
-		SECTION ANSWER
-			example.com.    IN NS   ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com.         IN      A       1.2.3.4
-	ENTRY_END
-
-	; response to query of interest
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR SERVFAIL
-		SECTION QUESTION
-			www.example.com. IN A
-	ENTRY_END
-RANGE_END
-
-; ns.example.com.
-RANGE_BEGIN 11 100
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN NS
-		SECTION ANSWER
-			example.com.    IN NS   ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com.         IN      A       1.2.3.4
-	ENTRY_END
-
-	; response to query of interest
-	ENTRY_BEGIN
-		MATCH opcode qtype qname ednsdata
-		ADJUST copy_id copy_ednsdata_assume_clientsubnet
-		REPLY QR NOERROR
-		SECTION QUESTION
-			www.example.com. IN A
-		SECTION ANSWER
-			www.example.com. 10 IN A	10.20.30.40
-		SECTION AUTHORITY
-			example.com.	IN NS	ns.example.com.
-		SECTION ADDITIONAL
-			HEX_EDNSDATA_BEGIN
-						; client is 127.0.0.1
-				00 08 		; OPC
-				00 05 		; option length
-				00 01 		; Family
-				08 00 		; source mask, scopemask
-				7f		; address
-			HEX_EDNSDATA_END
-			ns.example.com.		IN 	A	1.2.3.4
-	ENTRY_END
-RANGE_END
-
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; This answer should be in the global cache
-STEP 2 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA SERVFAIL
-SECTION QUESTION
-www.example.com.	IN A
-ENTRY_END
-
-; Bring the cached SERVFAIL to prefetch time
-STEP 10 TIME_PASSES ELAPSE 5
-
-STEP 11 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.example.com. IN A
-SECTION ADDITIONAL
-HEX_EDNSDATA_BEGIN
-	00 08 00 05	; OPC, optlen
-	00 01 08 00	; ip4, source 8, scope 0
-	7f   		; 127.0.0.0/8
-HEX_EDNSDATA_END
-ENTRY_END
-
-; This answer was cached but a prefetch was triggerred
-STEP 12 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH opcode qtype qname
-REPLY QR RD RA SERVFAIL
-SECTION QUESTION
-www.example.com.	IN A
-ENTRY_END
-
-; Wait for the SERVFAIL to expire
-STEP 13 TIME_PASSES ELAPSE 2
-
-; Query again to verify that the record was prefetched and stored in the ECS
-; cache (because the server replied with ECS this time)
-STEP 14 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.example.com. IN A
-SECTION ADDITIONAL
-HEX_EDNSDATA_BEGIN
-	00 08 00 05	; OPC, optlen
-	00 01 08 00	; ip4, source 8, scope 0
-	7f   		; 127.0.0.0/8
-HEX_EDNSDATA_END
-ENTRY_END
-
-; This record came from the ECS cache
-STEP 15 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA DO NOERROR
-SECTION QUESTION
-www.example.com.		IN A
-SECTION ANSWER
-www.example.com.	8	IN A	10.20.30.40
-SECTION AUTHORITY
-example.com.		3598	IN NS	ns.example.com.
-SECTION ADDITIONAL
-HEX_EDNSDATA_BEGIN
-	00 08 00 05	; OPC, optlen
-	00 01 08 08	; ip4, source 8, scope 0
-	7f		; 127.0.0.0/8
-HEX_EDNSDATA_END
-ns.example.com.		3598	IN A	1.2.3.4
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/subnet_global_prefetch_always_forward.crpl b/contrib/unbound/testdata/subnet_global_prefetch_always_forward.crpl
deleted file mode 100644
index 775474cbcfeb..000000000000
--- a/contrib/unbound/testdata/subnet_global_prefetch_always_forward.crpl
+++ /dev/null
@@ -1,168 +0,0 @@
-; Check if the prefetch option works properly when serve-expired is combined
-; with client-subnet-always-forward for non-ECS clients. The prefetch query
-; needs to result in an outgoing query without ECS.
-
-server:
-	trust-anchor-signaling: no
-	target-fetch-policy: "0 0 0 0 0"
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	client-subnet-always-forward: yes
-	module-config: "subnetcache iterator"
-	verbosity: 3
-	access-control: 127.0.0.1 allow_snoop
-	qname-minimisation: no
-	minimal-responses: no
-
-stub-zone:
-	name: "."
-	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
-CONFIG_END
-
-SCENARIO_BEGIN Test serve-expired and client-subnet-always-forward without ECS in the request
-
-; K.ROOT-SERVERS.NET.
-RANGE_BEGIN 0 100
-	ADDRESS 193.0.14.129
-	ENTRY_BEGIN
-		MATCH opcode qtype qname ednsdata
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			. IN NS
-		SECTION ANSWER
-			. IN NS	K.ROOT-SERVERS.NET.
-		SECTION ADDITIONAL
-			K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
-	ENTRY_END
-
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			www.example.com. IN A
-		SECTION AUTHORITY
-			com.	IN NS	a.gtld-servers.net.
-		SECTION ADDITIONAL
-			a.gtld-servers.net.	IN 	A	192.5.6.30
-	ENTRY_END
-RANGE_END
-
-; a.gtld-servers.net.
-RANGE_BEGIN 0 100
-	ADDRESS 192.5.6.30
-	ENTRY_BEGIN
-		MATCH opcode qtype qname ednsdata
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			com. IN NS
-		SECTION ANSWER
-			com.    IN NS   a.gtld-servers.net.
-		SECTION ADDITIONAL
-			a.gtld-servers.net.     IN      A       192.5.6.30
-	ENTRY_END
-
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			www.example.com. IN A
-		SECTION AUTHORITY
-			example.com.	IN NS	ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com.		IN 	A	1.2.3.4
-	ENTRY_END
-RANGE_END
-
-; ns.example.com.
-RANGE_BEGIN 0 100
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN NS
-		SECTION ANSWER
-			example.com.    IN NS   ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com.         IN      A       1.2.3.4
-	ENTRY_END
-
-	; response to query of interest
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			www.example.com. IN A
-		SECTION ANSWER
-			www.example.com. 10 IN A	10.20.30.40
-		SECTION AUTHORITY
-			example.com.	IN NS	ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com.		IN 	A	1.2.3.4
-	ENTRY_END
-RANGE_END
-
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; This answer should be in the global cache
-STEP 2 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com.	IN A
-SECTION ANSWER
-www.example.com.	IN A	10.20.30.40
-SECTION AUTHORITY
-example.com.		IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		IN A	1.2.3.4
-ENTRY_END
-
-; Wait for the TTL to expire
-STEP 3 TIME_PASSES ELAPSE 20
-
-STEP 11 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; This record came from the global cache and a prefetch was triggered
-STEP 12 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com.		IN A
-SECTION ANSWER
-www.example.com.	30	IN A	10.20.30.40
-SECTION AUTHORITY
-example.com.		3580	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		3580	IN A	1.2.3.4
-ENTRY_END
-
-STEP 13 CHECK_OUT_QUERY
-ENTRY_BEGIN
-        MATCH all
-	REPLY NOERROR DO
-        SECTION QUESTION
-                www.example.com. IN A
-ENTRY_END
-
-STEP 14 TRAFFIC
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/subnet_global_prefetch_expired.crpl b/contrib/unbound/testdata/subnet_global_prefetch_expired.crpl
deleted file mode 100644
index 374bf3e693aa..000000000000
--- a/contrib/unbound/testdata/subnet_global_prefetch_expired.crpl
+++ /dev/null
@@ -1,242 +0,0 @@
-; Check if the prefetch option works properly for messages stored in the global
-; cache for non-ECS clients. The prefetch query needs to result in an ECS
-; outgoing query based on the client's IP.
-; Prefetch initiated via serve-expired.
-
-server:
-	trust-anchor-signaling: no
-	target-fetch-policy: "0 0 0 0 0"
-	send-client-subnet: 1.2.3.4
-	max-client-subnet-ipv4: 21
-	module-config: "subnetcache iterator"
-	verbosity: 3
-	access-control: 127.0.0.1 allow_snoop
-	qname-minimisation: no
-	minimal-responses: no
-	serve-expired: yes
-	serve-expired-client-timeout: 0
-	serve-expired-ttl: 1
-	prefetch: yes
-
-stub-zone:
-	name: "."
-	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
-CONFIG_END
-
-SCENARIO_BEGIN Test prefetch option for global cache with ECS enabled (initiated via serve-expired)
-
-; K.ROOT-SERVERS.NET.
-RANGE_BEGIN 0 100
-	ADDRESS 193.0.14.129
-	ENTRY_BEGIN
-		MATCH opcode qtype qname ednsdata
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			. IN NS
-		SECTION ANSWER
-			. IN NS	K.ROOT-SERVERS.NET.
-		SECTION ADDITIONAL
-			HEX_EDNSDATA_BEGIN
-				;; we expect to receive empty
-			HEX_EDNSDATA_END
-			K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
-	ENTRY_END
-
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			www.example.com. IN A
-		SECTION AUTHORITY
-			com.	IN NS	a.gtld-servers.net.
-		SECTION ADDITIONAL
-			a.gtld-servers.net.	IN 	A	192.5.6.30
-	ENTRY_END
-RANGE_END
-
-; a.gtld-servers.net.
-RANGE_BEGIN 0 100
-	ADDRESS 192.5.6.30
-	ENTRY_BEGIN
-		MATCH opcode qtype qname ednsdata
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			com. IN NS
-		SECTION ANSWER
-			com.    IN NS   a.gtld-servers.net.
-		SECTION ADDITIONAL
-			HEX_EDNSDATA_BEGIN
-				;; we expect to receive empty
-			HEX_EDNSDATA_END
-			a.gtld-servers.net.     IN      A       192.5.6.30
-	ENTRY_END
-
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			www.example.com. IN A
-		SECTION AUTHORITY
-			example.com.	IN NS	ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com.		IN 	A	1.2.3.4
-	ENTRY_END
-RANGE_END
-
-; ns.example.com.
-RANGE_BEGIN 0 10
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN NS
-		SECTION ANSWER
-			example.com.    IN NS   ns.example.com.
-		SECTION ADDITIONAL
-			HEX_EDNSDATA_BEGIN
-				;; we expect to receive empty
-			HEX_EDNSDATA_END
-			ns.example.com.         IN      A       1.2.3.4
-	ENTRY_END
-
-	; response to query of interest
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			www.example.com. IN A
-		SECTION ANSWER
-			www.example.com. 10 IN A	10.20.30.40
-		SECTION AUTHORITY
-			example.com.	IN NS	ns.example.com.
-		SECTION ADDITIONAL
-			ns.example.com.		IN 	A	1.2.3.4
-	ENTRY_END
-RANGE_END
-
-; ns.example.com.
-RANGE_BEGIN 11 100
-	ADDRESS 1.2.3.4
-	ENTRY_BEGIN
-		MATCH opcode qtype qname
-		ADJUST copy_id
-		REPLY QR NOERROR
-		SECTION QUESTION
-			example.com. IN NS
-		SECTION ANSWER
-			example.com.    IN NS   ns.example.com.
-		SECTION ADDITIONAL
-			HEX_EDNSDATA_BEGIN
-				;; we expect to receive empty
-			HEX_EDNSDATA_END
-			ns.example.com.         IN      A       1.2.3.4
-	ENTRY_END
-
-	; response to query of interest
-	ENTRY_BEGIN
-		MATCH opcode qtype qname ednsdata
-		ADJUST copy_id copy_ednsdata_assume_clientsubnet
-		REPLY QR NOERROR
-		SECTION QUESTION
-			www.example.com. IN A
-		SECTION ANSWER
-			www.example.com. 10 IN A	10.20.30.40
-		SECTION AUTHORITY
-			example.com.	IN NS	ns.example.com.
-		SECTION ADDITIONAL
-			HEX_EDNSDATA_BEGIN
-						; client is 127.0.0.1
-				00 08 		; OPC
-				00 07 		; option length
-				00 01 		; Family
-				15 00 		; source mask, scopemask
-				7f 00 00 	; address
-			HEX_EDNSDATA_END
-			ns.example.com.		IN 	A	1.2.3.4
-	ENTRY_END
-RANGE_END
-
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; This answer should be in the global cache (because no ECS from upstream)
-STEP 2 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. IN A	10.20.30.40
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.4
-ENTRY_END
-
-; Try to trigger a prefetch with expired data
-STEP 3 TIME_PASSES ELAPSE 11
-
-STEP 11 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; This expired record came from the global cache and a prefetch is triggered.
-STEP 12 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 30 IN A	10.20.30.40
-SECTION AUTHORITY
-example.com.	3589 IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.	3589 IN 	A	1.2.3.4
-ENTRY_END
-
-;STEP 13 TRAFFIC
-; Allow enough time to pass so that the expired record from the global cache
-; cannot be used anymore.
-STEP 14 TIME_PASSES ELAPSE 1
-
-; Query again to verify that the record was prefetched and stored in the ECS
-; cache.
-STEP 15 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; This record came from the ECS cache.
-STEP 16 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ttl
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. 9 IN A	10.20.30.40
-SECTION AUTHORITY
-example.com.	3599 IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.	3599 IN 	A	1.2.3.4
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/test_ldnsrr.4 b/contrib/unbound/testdata/test_ldnsrr.4
deleted file mode 100644
index b20a317289b3..000000000000
--- a/contrib/unbound/testdata/test_ldnsrr.4
+++ /dev/null
@@ -1,80 +0,0 @@
-; opendnssec all.rr.org file
-@			IN	SOA		ns1 postmaster.all.rr.org. ( 1            3600         600          86400        3600 )       ; min TTL   [1h]
-ns1.all.rr.org.		IN	A		10.1.0.52
-all.rr.org.		IN	NS		ns1.example.com.
-; MD
-; MF
-foo.all.rr.org.		IN	CNAME		ns1.all.rr.org.
-all.rr.org.		IN	MB		mb-madname.example.com.
-all.rr.org.		IN	MG		mg-mgmname.example.com.
-all.rr.org.		IN	MR		mr-newname.example.com.
-; NULL
-; WKS
-bar.all.rr.org.		IN	PTR		ns1.all.rr.org.
-all.rr.org.		IN	HINFO		SUN4/110 UNIX
-helium				IN HINFO	"Shuttle-ST61G4 Intel PIV3000" "FreeBSD 7.0-STABLE"
-all.rr.org.		IN	MINFO		minfo-rmailbx.example.com. minfo-emailbx.example.com.
-all.rr.org.		IN	MX		10 VENERA.all.rr.org.
-selector._domainkey.all.rr.org.	IN	TXT		"v=DKIM1; n=Use=20DKIM; p=AwEAAZfbYw8SffZwsbrCLbC+JLErREIF6Yfe9aqsa1Pz6tpGWiLxm9rSL6/YoBvNP3UWX91YDF0JMo6lhu3UIZjITvIwDhx+RJYko9vLzaaJKXGf3ygy6z+deWoZJAV1lTY0Ltx9genboe88CSCHw9aSLkh0obN9Ck8R6zAMYR19ciM/; t=s"
-all.rr.org.		IN	RP		rp-mbox.example.com. rp-txtdname.example.com.
-all.rr.org.		IN	AFSDB		1 afsdb-hostname.example.com.
-all.rr.org.		IN	X25		311061700956
-all.rr.org.		IN	ISDN		150862028003217 004
-all.rr.org.		IN	RT		10   NET.Prime.COM.
-all.rr.org.		IN	NSAP		0x47.0005.80.005a00.0000.0001.e133.ffffff000161.00
-; NSAP-PTR
-; SIG
-; KEY
-all.rr.org.		IN	PX		10   net2.it.  PRMD-net2.ADMD-p400.C-it.
-; GPOS
-all.rr.org.		IN	AAAA		2001:db8::3
-all.rr.org.		IN	LOC		42 21 54.5 N 71 06 18.3 W -24m 30m
-; too lenient LOC record
-all.rr.org.		IN	LOC		42N 71 06 18.3W -24m 30m
-; NXT
-; EID
-; NIMLOC
-_http._tcp.all.rr.org.	IN	SRV		0 5 80 ns1.example.com.
-atma0			IN	ATMA		39.246f.00.0e7c9c.0312.0001.0001.000012345678.00
-atma1			IN	ATMA		+1.908.555.1212
-all.rr.org.		IN	NAPTR		100   10   ""  ""  "!^urn:cid:.+@([^\\.]+\\.)(.*)$!\\2!i"    .
-all.rr.org.		IN	KX		2 rt1.example.com.
-all.rr.org.		IN	CERT		6 0 0 FFsAyW1dVK7hIGuvhN56r26UwJx/
-; A6
-frobozz.all.rr.org.	IN	DNAME		frobozz-division.acme.example.
-; SINK
-; OPT
-; APL
-sub.all.rr.org.		IN	DS		12345 3 1 123456789abcdef67890123456789abcdef67890
-all.rr.org.		IN	SSHFP		2 1 123456789abcdef67890123456789abcdef67890
-all.rr.org.		IN	IPSECKEY	10 1 2 192.0.2.38 AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
-all.rr.org.		IN	RRSIG		A 5 3 86400 20030322173103 ( 20030220173103 2642 example.com.  oJB1W6WNGv+ldvQ3WDG0MQkg5IEhjRip8WTr PYGv07h108dUKGMeDPKijVCHX3DDKdfb+v6o B9wfuh3DTJXUAfI/M0zmO/zz8bW0Rznl8O3t GNazPwQKkRN20XPXV6nwwfoXmJQbsLNrLfkG J5D6fwFm8nN+6pBzeDQfsS3Ap3o= )
-all.rr.org.		IN	NSEC		host.example.com. A MX RRSIG NSEC
-all.rr.org.		IN	DNSKEY		256 3 5 ( AQPSKmynfzW4kyBv015MUG2DeIQ3 Cbl+BBZH4b/0PY1kxkmvHjcZc8no kfzj31GajIQKY+5CptLr3buXA10h WqTkF7H6RfoRqXQeogmMHfpftf6z Mv1LyBUgia7za6ZEzOJBOztyvhjL 742iU/TpPSEDhm2SNKLijfUppn1U aNvv4w== )
-all.rr.org.		IN	DHCID		( AAIBY2/AuCccgoJbsaxcQc9TUapptP69l OjxfNuVAA2kjEA= )
-ee19kl3631qol646kjjrh6lh96pduqii.all.rr.org.	IN	NSEC3	1 0 5 6467b16f6f36ba4d  13k9b8dv58kcn28us3fc0lqa60jeadp0 A RRSIG
-all.rr.org.		IN	NSEC3PARAM	1 0 5 6467b16f6f36ba4d
-; 52-54
-all.rr.org.		IN	HIP		( 2 200100107B1A74DF365639CC39F1D578 AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D rvs.example.com. )
-; NINFO
-; RKEY
-; 58-98
-all.rr.org.		IN	SPF		"v=spf1 +mx a:colo.example.com/28 -all"
-; UINFO
-; UID
-; GID
-; UNSPEC
-; 104-248
-; TKEY
-; TSIG
-; IXFR
-; AXFR
-; MAILB
-; MAILA
-; ANY
-; 256-32767
-; TA
-all.rr.org.		IN	DLV		12345 3 1 123456789abcdef67890123456789abcdef67890
-; 32770-65279  
-; 65280-65534
-; 65535
diff --git a/contrib/unbound/testdata/test_ldnsrr.5 b/contrib/unbound/testdata/test_ldnsrr.5
deleted file mode 100644
index 1f2837a67098..000000000000
--- a/contrib/unbound/testdata/test_ldnsrr.5
+++ /dev/null
@@ -1,178 +0,0 @@
-@	 IN      SOA     elektron.atoom.net. miekg.atoom.net. ( 2002120700 21600 7200 604800 3600 )
-@	IN	A	192.168.1.2
-@	IN      NS      elektron.atoom.net.
-@	IN      MD      md.atoom.net.
-@	IN      MF      mf.atoom.net.
-@	IN      MB      mb.atoom.net.
-@	IN      MG      mg.atoom.net.
-@	IN      MR      mr.atoom.net.
-@	IN      WKS     192.168.1.2 tcp domain 25 22 123
-@	IN      WKS     192.168.1.2 udp domain
-@	IN      PTR     ptr.atoom.net.
-@	IN      HINFO   "host" "info"
-@	IN      MINFO   machine.atoom.net. info.atoom.net.
-@	IN	MX	10 elektron.atoom.net.
-@	IN      TXT     "text description of domain"
-@	IN      RP      miekg.atoom.net. net.
-@	IN      AFSDB   12 atoom.net.
-@	IN      X25     "x25 address in text format"
-@	IN      ISDN    "isdn address"
-@	IN      ISDN    "isdn address" "subaddress"
-@	IN      RT      0 rt-host
-@	IN      NSAP    0x47.0005.80.005a00.0000.0001.e133.ffffff000161.00
-@	IN      PX      2 map822 mapx400
-
-@	IN     NAPTR 100  10   ""  ""  "/urn:cid:.+@([^\\.]+\\.)(.*)$/\\2/i" .
-@	IN     NAPTR 100  50  "s"  "http+I2L+I2C+I2R"  ""  _http._tcp.gatech.edu.
-
-@	IN     KX    10 kx-host    ; requires additional section processing
-
-@	IN     CERT  PKIX 65535    1 ( AQOppkQvFlPFLiWZc0NXX5/QY44jphv3vfX0dscHNmTh Ntfx0TUgfBb1YQKJX6MNrzu/vvtV3xpLcCJ+tIP8ADDi MaUYT5Gh6kmn22V7FgHPlCHRJ+AcudQbeYgw1KCYS9D4 6oEvBR8mQ4HFTEkdWg+PETATQk77P1CmmURdogcmzZqZ Ier+VAs6uusIdxrmWeP8j2aYRvozdjvgzmHXSabDDxrn uIbnL4r4qAoc6Q9DAybYA7Ya52gtH06dFOkaQr1dvHu1 iJES16H0SL/OlhsOVrZmM1RFcwDGXcnxiKZ4TdtFeXQ/ 6VN3JegLR5t2FyKzoKYb4klpdZM8JVuVtc/n)
-
-@	IN      APL
-
-; RFC 1101-like announcement of address ranges for foo.example
-@	IN APL 1:192.168.32.0/21 !1:192.168.38.0/28
-
-; CIDR blocks covered by classless delegation
-@	IN APL ( 1:192.168.42.0/26 1:192.168.42.64/26 1:192.168.42.128/25 )
-
-; Zone transfer restriction
-@	IN APL 1:127.0.0.1/32 1:172.16.64.0/22
-
-; List of address ranges for multicast
-@	IN APL 1:224.0.0.0/4  2:FF00:0:0:0:0:0:0:0/8
-
-
-;; network LOC RR derived from ZIP data.  note use of precision defaults
-@	IN LOC   42 21 54 N 71 06 18 W -24m 30m
-;; higher-precision host LOC RR.  note use of vertical precision default
-@	IN LOC   42 21 43.952 N 71 5 6.344 W -24.5m 1m 200m
-@	IN LOC   52 14 05 N 00 08 50 E 10.33m
-@	IN LOC   32   7 19 S 116 2 25.999 E 10m
-@	IN LOC   42 21 28.764 N 71 00 51.617 W -44.99m 2000m
-
-;$ORIGIN blaat.nl.
-
-dotted\.label IN MX 10 "foo bar.nl"
-
-low.low.low       IN      DNAME   rt-host
-
-redir       IN      CNAME   cname.toom.net.
-
-highbit-\200\210\201a	IN	A	127.0.0.1
-
-rt-host IN      A       127.0.0.1
-        IN      AAAA    ::1
-        IN      X25     "x25 address in text format"
-        IN      ISDN    "isdn address"
-kx-host IN      A       127.0.0.1
-kx-host IN      AAAA    ::1
-        IN      X25     "x25 address in text format"
-
-;; NXT from rfc 2535
-prev-nxt	IN	A	127.0.0.1
-		IN	AAAA	::1
-;	IN	NXT bigger-nxt. A AAAA NXT
-	IN	NSEC bigger-nxt. A AAAA NXT
-
-;; Insanely long TXT record
-	IN	TXT	"Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Vestibulum faucibus consequat ipsum," "vel pellentesque orci sodales sit amet." "Donec consectetur," "orci ut varius pulvinar," "mauris ante bibendum est," "vel pretium turpis massa auctor sem." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Morbi urna tellus," "ornare nec accumsan vitae," "rutrum id tortor." "Pellentesque non risus eu libero tempus consequat." "Suspendisse a mi elit." "Sed ultrices elit ut sem suscipit malesuada." "Cras sagittis nunc sed risus volutpat fermentum." "Aenean vitae magna lacus." "Etiam eu ligula purus." "Suspendisse eu dui sed ligula sagittis iaculis." "Suspendisse ut sodales orci." "Nunc sit amet sapien justo." "Sed molestie lectus vel lectus gravida bibendum." "In at enim quis lacus pretium tincidunt." "Sed eleifend," "lacus sed porttitor mattis," "erat nibh tincidunt lorem," "quis feugiat nibh dui ac erat." "Curabitur quis felis urna." "Nullam rhoncus," "arcu sed tincidunt posuere," "justo enim adipiscing arcu," "et suscipit tellus leo vitae elit." "Mauris gravida odio non quam tincidunt vel lobortis ligula faucibus." "Mauris vitae dolor at tortor congue imperdiet non id leo." "Proin in diam eu orci laoreet bibendum sed nec justo." "In nec ligula eu sapien suscipit vestibulum." "Etiam eleifend," "nibh vitae semper ultricies," "justo eros semper justo," "eget dictum nisi mauris et ligula." "Donec faucibus dapibus urna," "in ultricies lacus facilisis nec." "Pellentesque dapibus augue in sem pharetra accumsan." "Ut id ullamcorper elit." "Aliquam tellus orci," "lobortis nec molestie sit amet," "imperdiet quis lacus." "Praesent non congue nunc." "Quisque pretium pretium nunc," "nec convallis magna auctor nec." "Etiam accumsan eros sollicitudin augue posuere laoreet id sit amet orci." "Curabitur ut magna velit," "id adipiscing dui." "Morbi viverra vulputate vulputate." "Proin pulvinar justo sed tortor tincidunt id porttitor ipsum posuere." "Curabitur augue leo," "ultrices eget cursus sit amet," "fringilla non nisl." "Morbi et ante est," "non adipiscing mi." "Ut rutrum egestas scelerisque." "Pellentesque quis nisi orci." "In hac habitasse platea dictumst." "Donec sed tincidunt libero." "Proin porttitor placerat risus," "nec blandit sapien pharetra nec." "Phasellus eu risus quis mauris suscipit sollicitudin ut eu neque." "Duis odio lacus," "egestas in molestie adipiscing," "vulputate ut eros." "Nunc molestie orci sed turpis viverra volutpat aliquet mi vestibulum." "Sed interdum consectetur orci at consequat." "Curabitur molestie aliquam tellus," "id dignissim nibh porta sed." "Cras vestibulum orci hendrerit quam ornare condimentum." "Vivamus ultrices lacus ut lorem scelerisque vitae semper elit vulputate." "Aenean sit amet odio massa," "sed rutrum quam." "Ut lacinia enim nec orci rutrum dictum." "Curabitur id auctor ligula." "Nam nibh nulla," "interdum vitae suscipit eu," "porta quis ligula." "Proin lacinia sapien nec dolor viverra at suscipit orci tempus." "Phasellus scelerisque lobortis quam," "sit amet sagittis nibh ornare nec." "Donec sit amet tellus ac ipsum pharetra interdum." "Sed egestas velit et felis iaculis et dignissim est faucibus." "Suspendisse convallis scelerisque dapibus." "Nullam luctus lacinia nisl quis tristique." "Vivamus tincidunt vehicula sem sit amet ultrices." "Nulla arcu lectus," "vestibulum eu molestie in," "eleifend rutrum tortor." "Etiam ligula diam," "ultrices id malesuada vel," "varius ac dolor." "In sit amet sapien justo," "nec dignissim mi." "Vivamus vitae aliquam elit." "Vestibulum suscipit malesuada ipsum id dapibus." "Morbi ullamcorper pharetra velit," "in tempor mauris consequat non." "Praesent malesuada mattis nunc," "at auctor libero viverra id." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Vivamus convallis varius vulputate." "Donec eget tortor neque." "Nunc tempor mi quis enim euismod tincidunt." "Pellentesque et nibh magna," "id cursus enim." "Class aptent taciti sociosqu ad litora torquent per conubia nostra," "per inceptos himenaeos." "Nunc nunc sapien," "semper in tempor in," "cursus iaculis sapien." "Nunc vitae mattis elit." "Aliquam ut nisl vel lorem porttitor ullamcorper at sed quam." "Mauris a turpis erat." "Pellentesque viverra ligula vel tellus pretium ac auctor nisi imperdiet." "Proin faucibus sagittis odio," "quis semper massa pellentesque ac." "Morbi condimentum nisi vitae libero convallis blandit." "Proin sodales odio arcu." "Suspendisse non venenatis diam." "Sed vitae adipiscing lorem." "Nullam augue felis," "gravida quis commodo ut," "dignissim vel quam." "Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas." "Pellentesque fermentum nulla at dolor molestie semper." "Sed metus sapien," "mollis a commodo ac," "commodo sed sem." "Suspendisse feugiat elementum lacus," "vel euismod nisl aliquam non." "Curabitur vel auctor neque." "Phasellus et libero vel tortor vestibulum consequat ac in magna." "Nullam congue vestibulum massa," "quis suscipit turpis adipiscing id." "Nullam ullamcorper eros id ipsum vestibulum at pretium augue convallis." "Cras nec purus ac lectus iaculis commodo sit amet eget lacus." "Curabitur blandit molestie est at fringilla." "Praesent at dictum turpis." "Sed laoreet dapibus tellus et gravida." "Fusce vitae ante ut arcu laoreet sollicitudin." "Nulla mollis commodo orci sed mollis." "Ut eleifend aliquet tellus," "vel ultricies lorem luctus vitae." "Donec commodo ullamcorper massa," "at pretium magna fermentum vitae." "Nam rutrum aliquet suscipit." "Aliquam a massa vel odio vehicula semper a in tortor." "Pellentesque aliquam suscipit iaculis." "Donec sodales pretium massa sed tempus." "Phasellus velit urna," "commodo sit amet tristique id," "congue quis eros." "Ut vulputate magna aliquet leo porta id tempus nunc auctor." "Ut condimentum magna sit amet quam ultricies iaculis." "Aenean imperdiet facilisis tellus nec ornare." "Cras nec vulputate sapien." "Morbi ut dui ut magna sodales commodo eget id erat." "Duis erat nisi," "lacinia vitae imperdiet non," "egestas nec purus." "Pellentesque tempor," "erat ut eleifend condimentum," "ipsum lacus ultrices turpis," "a fringilla purus lectus semper nulla." "Proin id nulla mi." "Suspendisse vel sem lacus." "Ut rutrum eros id massa ultricies commodo." "Nulla eget adipiscing ante." "Nunc quis enim a justo pharetra commodo." "Nullam tortor tortor," "volutpat at commodo at," "consectetur sit amet erat." "Quisque pharetra turpis nec libero viverra quis rutrum nunc mattis." "Aenean sed lacus lectus." "Duis et odio tortor." "Aenean ullamcorper ultricies turpis sed volutpat." "Ut et est sem," "et ultrices turpis." "Pellentesque nisi felis," "dictum non tempor lobortis," "iaculis at enim." "Aliquam tellus elit," "volutpat ut tristique sed," "fringilla ac libero." "Duis rutrum quam magna," "ut ultrices ipsum." "Morbi id orci lectus." "Maecenas quis nunc at diam mollis congue." "Aliquam neque lorem," "lobortis sit amet commodo id," "feugiat mattis dolor." "Cras aliquam convallis adipiscing." "Vestibulum varius commodo pulvinar." "Suspendisse eleifend dictum lectus," "vel commodo nibh varius quis." "Phasellus sit amet nisi libero." "In aliquam purus ut mi mattis quis iaculis lacus porta." "Sed ultrices vehicula mauris sed ornare." "Maecenas gravida tincidunt sagittis." "Mauris id hendrerit eros." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Curabitur pharetra diam augue," "sit amet congue felis." "Praesent dignissim eleifend vulputate." "Sed nec vestibulum tellus." "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Vestibulum laoreet," "eros vitae rhoncus aliquet," "ligula turpis congue purus," "non convallis mi nibh eu purus." "Vivamus euismod facilisis lacus tincidunt rutrum." "Vivamus suscipit," "nisi sed semper iaculis," "libero sem pulvinar enim," "a aliquet purus urna ut nulla." "Donec ultrices luctus mauris," "in porttitor enim ullamcorper sit amet." "Morbi pellentesque auctor velit et egestas." "Fusce ac tincidunt massa." "Morbi a velit eget diam tincidunt eleifend." "Curabitur ornare lectus a quam blandit vel fermentum lacus dictum." "Donec vel turpis odio," "ac suscipit orci." "Nulla posuere convallis lacus venenatis feugiat." "Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas." "Suspendisse potenti." "Suspendisse mollis neque ut neque gravida ut viverra mi ultrices." "Vestibulum at tempor sem." "Mauris vel leo libero." "Aliquam augue justo," "ultricies vel feugiat a," "vulputate sed erat." "Aliquam in ultrices quam." "Phasellus aliquam vestibulum odio at auctor." "Sed dapibus," "felis ac ornare dapibus," "magna dolor bibendum nisl," "eget luctus lacus magna et mauris." "Nulla ipsum augue," "tempor quis consectetur in," "iaculis non dolor." "Suspendisse consectetur felis ac nulla sodales rhoncus." "Maecenas velit ante," "lacinia at convallis quis," "iaculis quis tellus." "Suspendisse imperdiet aliquet dui," "posuere dictum justo fermentum sit amet." "Etiam ac ante diam." "Suspendisse quis dolor dui," "at mollis neque." "Aenean eu nisi lorem," "et ultrices mauris." "Nulla in augue libero," "non suscipit elit." "Cras rhoncus," "est ac fringilla varius," "erat ipsum gravida nisl," "at ornare dui nisi id mauris." "Nullam nec dictum leo." "Phasellus magna sapien," "sagittis quis suscipit quis," "bibendum in odio." "Cras sed ligula tellus," "sit amet fermentum felis." "Pellentesque suscipit feugiat enim," "vitae feugiat eros mattis pretium." "Cras nisi tellus," "placerat nec dapibus eget," "faucibus ac felis." "Proin tempus feugiat sapien," "nec mattis leo pharetra vel." "Maecenas dapibus mi dignissim ligula commodo et facilisis quam tristique." "Praesent varius lacus eu enim pellentesque gravida." "Nam rhoncus mauris pharetra eros vulputate at tincidunt massa fringilla." "Pellentesque in erat nec massa consequat ultrices." "Donec varius elementum leo," "non hendrerit justo tincidunt sit amet." "Donec ac libero augue." "Sed mattis turpis a sem ultricies consequat." "Aenean nunc dui," "commodo eget vestibulum ut," "rutrum in nisl." "Nam augue lorem," "tempor in porta at," "commodo ut ipsum." "Quisque adipiscing aliquet tincidunt." "Suspendisse potenti." "Pellentesque porttitor elit at leo hendrerit pretium nec eu turpis." "Curabitur in elit metus." "Aliquam risus erat," "posuere id adipiscing consequat," "dapibus vel eros." "Maecenas semper felis sed felis tristique varius." "Mauris tempus tortor et metus euismod pellentesque." "Pellentesque dui massa," "euismod non tincidunt id," "aliquet in elit." "Aenean vulputate sem elit." "Pellentesque at tempus magna." "Aenean elementum nisl id ante commodo placerat." "Nam sed mauris tellus." "Pellentesque nec orci nibh," "nec vulputate enim." "Aliquam erat volutpat." "Etiam dignissim justo a orci egestas mattis." "Vivamus ultrices sapien ac turpis venenatis tempor." "Suspendisse consequat volutpat fermentum." "Duis eu orci velit." "Sed placerat," "nisi sed aliquet tincidunt," "risus odio mattis nulla," "non sodales nunc nulla vitae mi." "Nunc consequat pharetra dolor at fringilla." "Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas." "Vestibulum ultrices tellus quis nisl dignissim rhoncus eget et justo." "Maecenas vitae purus quis leo vehicula venenatis vel ut lectus." "Curabitur nec molestie nisl." "Vestibulum ullamcorper nulla non orci dictum quis lacinia est interdum." "Fusce eget sem risus," "sed volutpat augue." "Suspendisse potenti." "Sed luctus molestie augue," "a varius quam congue in." "Aliquam aliquet orci eget mi euismod consequat." "Ut et vestibulum ante." "Sed vitae metus elit." "Mauris lacus eros," "pellentesque eu vehicula semper," "dapibus consequat nulla." "Sed volutpat erat suscipit sem facilisis at adipiscing orci vehicula." "Pellentesque nisi nulla," "faucibus in rhoncus ut," "rhoncus eleifend turpis." "Aenean odio tortor," "ullamcorper id tincidunt nec," "rhoncus non mi." "Praesent interdum varius orci," "ut venenatis nibh mollis nec." "Ut placerat," "erat nec tincidunt pharetra," "metus lacus venenatis nunc," "et laoreet augue sapien vel lorem." "Sed sit amet viverra est." "Etiam rutrum," "purus ut ultrices aliquet," "neque magna luctus risus," "vel consectetur eros lorem ut odio." "Integer turpis elit," "consectetur ut suscipit sed," "gravida at lorem." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Morbi placerat accumsan malesuada." "Mauris porta," "lacus eget iaculis sagittis," "arcu sem lobortis nulla," "et tempus velit massa quis libero." "Fusce dolor nibh," "bibendum et adipiscing non," "eleifend et odio." "Duis elit eros," "hendrerit at porttitor vitae," "gravida nec arcu." "Praesent malesuada sapien a urna accumsan at hendrerit ipsum porttitor." "Mauris pharetra sagittis urna eu tempor." "Vestibulum purus leo," "pharetra quis ultrices ac," "semper nec erat." "Sed nec massa arcu," "sed tempus dolor." "Fusce vitae dictum eros." "Aenean vestibulum semper turpis," "iaculis auctor dolor vehicula ac." "In fermentum auctor pharetra." "Integer nec eros diam," "eget posuere leo." "Nam tristique," "nibh nec malesuada ornare," "urna odio porta mauris," "accumsan aliquet nunc lectus sit amet mauris." "Vestibulum nulla massa," "semper sit amet blandit sit amet," "venenatis eget sapien." "Vestibulum ultrices congue rhoncus." "Nunc lacinia dapibus imperdiet." "Nunc a eros sed urna pellentesque egestas non sit amet elit." "Integer dolor diam," "vulputate at tristique non," "venenatis in risus." "Sed lacinia luctus ipsum," "ac sagittis arcu molestie quis." "Phasellus pretium nulla quis quam placerat vitae commodo mi congue." "Praesent tristique laoreet elementum." "Praesent venenatis pretium dolor," "eu volutpat est scelerisque sit amet." "Praesent eleifend dictum vehicula." "Donec ullamcorper adipiscing ante ac elementum." "Integer dui nunc," "viverra at rutrum ut," "tincidunt vitae mi." "Donec nec risus id arcu porttitor placerat pulvinar at lacus." "Morbi ac velit sapien," "lacinia egestas nulla." "Mauris elementum dui ac libero ultricies consequat." "Nam non justo at tellus hendrerit rhoncus ultrices molestie augue." "Aenean elit purus," "tempor quis vehicula quis," "lobortis a odio." "Aliquam rhoncus varius lorem," "eu aliquet turpis rutrum a." "Nulla gravida gravida dui," "ac molestie arcu adipiscing vitae." "Cras diam mauris," "cursus vitae congue dictum," "adipiscing id erat." "Suspendisse ornare porta elit id hendrerit." "Praesent nec metus massa," "a egestas risus." "Donec pellentesque viverra diam sit amet pharetra." "Suspendisse lorem mi," "viverra eu auctor non," "volutpat et felis." "Proin id fermentum purus." "Nam eget mattis arcu." "Morbi bibendum rutrum euismod." "Donec aliquet hendrerit tincidunt." "Aenean eu sapien ut nunc dictum feugiat nec at lacus." "Duis commodo nisi nec tortor volutpat quis condimentum turpis aliquam." "Vivamus sollicitudin," "nulla rhoncus consequat posuere," "nisi nibh adipiscing felis," "aliquet porta arcu magna nec sapien." "Ut luctus interdum diam quis sollicitudin." "Ut semper magna sed neque hendrerit mattis." "Nullam turpis dui," "porttitor eget interdum id," "porttitor eu dui." "Ut accumsan," "tellus in eleifend imperdiet," "elit massa facilisis magna," "vitae feugiat tellus lectus eget tellus." "Mauris ac neque ac nibh ultricies imperdiet." "Ut urna lorem," "aliquet et mattis id," "suscipit a lectus." "Nam vehicula porttitor erat sit amet imperdiet." "Sed eu nunc id mauris mollis rutrum." "Pellentesque dui orci," "ullamcorper at fringilla eget," "sollicitudin eget nunc." "Quisque vel metus et enim placerat eleifend sed a leo." "Praesent pharetra hendrerit nibh scelerisque aliquam." "Duis tincidunt vestibulum congue." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Vestibulum non libero ligula." "Ut cursus mauris sed odio imperdiet vehicula." "In fermentum vehicula arcu," "ac commodo augue posuere sed." "Vivamus ultricies," "magna in aliquam suscipit," "tortor leo vestibulum dolor," "ut luctus odio diam nec lacus." "Phasellus et diam metus." "Cras fringilla nibh quis ante tincidunt in euismod leo luctus." "Nulla tincidunt erat sit amet erat viverra eleifend accumsan ligula luctus." "Quisque et risus enim." "Praesent vitae neque ut leo semper malesuada eu sed justo." "Duis pretium vehicula orci sed dignissim." "Cras nec magna in nulla laoreet vulputate quis at enim." "Nulla eget odio tellus." "In placerat massa et purus eleifend non fringilla neque fringilla." "Donec imperdiet ullamcorper nisl," "vel rutrum sapien rutrum a." "Duis luctus," "ante eu tristique commodo," "ipsum libero sollicitudin purus," "quis tempor nibh felis ac quam." "Nullam sodales vehicula elit," "eget egestas neque blandit in." "Mauris egestas faucibus elit," "id pellentesque nibh tincidunt id." "Nam vitae felis magna." "Donec tellus quam," "scelerisque vitae sollicitudin at," "gravida vel est." "Ut sodales velit nec dui sollicitudin a porta mi ullamcorper." "Cras sollicitudin egestas consequat." "Donec id tortor est," "eget tempor diam." "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Ut ullamcorper gravida pharetra." "Proin diam nunc," "feugiat id interdum vel," "porttitor a nisl." "Aliquam aliquet orci sed metus egestas porttitor." "Morbi sollicitudin pulvinar enim." "Etiam tincidunt augue ut quam mollis ac imperdiet odio egestas." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Nunc at enim diam." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Aliquam lorem lectus," "suscipit at vestibulum ac," "scelerisque quis augue." "Morbi felis tellus," "porttitor quis pellentesque ut," "dictum ac nisi." "Integer sit amet massa vel augue lacinia dapibus non vulputate tortor." "Aenean ullamcorper sodales justo," "at fermentum libero sodales et." "Fusce vitae enim ut ligula volutpat placerat." "Pellentesque et mauris nibh," "non lacinia ipsum." "Phasellus ac nibh sit amet nibh vulputate rutrum." "Maecenas id nulla quam." "Maecenas euismod dolor in magna condimentum adipiscing." "Morbi elementum tincidunt mauris in mollis." "Pellentesque sagittis turpis id nunc tempor a eleifend turpis fermentum." "Sed faucibus interdum arcu," "at varius sem aliquet id." "Pellentesque vestibulum iaculis risus," "id dictum lorem gravida ac." "Quisque sagittis arcu vitae eros dapibus vitae convallis nulla mattis." "Nam id dui neque," "ut molestie velit." "Pellentesque pulvinar porta erat eu interdum." "Nunc metus massa," "vestibulum vitae egestas a," "fringilla et odio." "Quisque quis diam lorem," "quis pellentesque velit." "Mauris sapien risus," "suscipit nec vestibulum nec," "rutrum a risus." "Curabitur lobortis condimentum ultricies." "Duis quis dapibus turpis." "Nunc lectus elit," "facilisis at bibendum et," "vestibulum in arcu." "Morbi odio nibh," "feugiat quis tempor ut," "scelerisque ultrices nisi." "Curabitur a accumsan augue." "Integer aliquet porttitor nibh," "nec placerat est pharetra in." "Donec feugiat nisi et odio commodo interdum." "Vestibulum ullamcorper bibendum fermentum." "Fusce eu lacus eget metus malesuada feugiat eu vel erat." "Sed et erat tortor." "Morbi malesuada varius mollis." "Nam accumsan dignissim odio," "quis consectetur mi molestie eget." "Etiam iaculis," "enim eu placerat vehicula," "elit massa pulvinar tellus," "in cursus magna mi non quam." "Vivamus varius tempor semper." "Nulla adipiscing feugiat sollicitudin." "Etiam lacinia placerat dui nec varius." "In vitae metus mauris." "Vestibulum sed magna quis nibh ornare rhoncus ut vitae ipsum." "Duis ligula nunc," "fermentum sed suscipit non," "molestie vel purus." "Suspendisse potenti." "Proin arcu leo," "adipiscing at vehicula ac," "ullamcorper nec diam." "Proin pretium porta urna," "quis fermentum nisl pretium et." "Suspendisse a elit eu nisi molestie lacinia." "Cras at condimentum arcu." "Suspendisse potenti." "Sed ullamcorper ante sit amet urna aliquet ultrices accumsan neque ullamcorper." "Nam sit amet velit vel urna gravida suscipit sit amet non mauris." "Ut non neque arcu." "Praesent gravida sodales lorem," "vitae hendrerit purus bibendum non." "Nulla facilisi." "Mauris ornare," "sem eget tristique vestibulum," "augue metus luctus neque," "sit amet pretium lectus dui et augue." "Curabitur eu convallis turpis." "Ut est est," "vulputate auctor laoreet et," "iaculis eget massa." "Vestibulum ornare porta rhoncus." "Phasellus sagittis orci et orci blandit facilisis viverra leo consectetur." "Curabitur molestie nibh vitae nisi condimentum eget tempor nulla consectetur." "Ut arcu nunc," "mollis nec consectetur nec," "elementum tempus enim." "Nullam vel arcu massa." "In quis accumsan nibh." "Nullam id tristique neque." "Phasellus mattis interdum nisi quis viverra." "Morbi sollicitudin," "leo vel faucibus consequat," "ante est blandit nibh," "id sodales risus nunc ac ligula." "Nullam pellentesque diam nec urna fringilla malesuada." "Maecenas nisi lorem," "bibendum a condimentum in," "commodo vel tellus." "Proin at odio in ante lacinia sodales vel eget elit." "Curabitur eu fermentum est." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Praesent rutrum lectus ac velit consequat hendrerit." "In faucibus dictum mattis." "Sed a justo mi," "eu convallis nibh." "Integer commodo sollicitudin suscipit." "Curabitur vel leo vitae quam ultricies interdum et eget justo." "Proin ultrices lacus et metus vulputate ultrices eu non ligula." "Proin at velit in nisi malesuada lobortis." "Fusce est urna," "pulvinar ac venenatis non," "hendrerit non neque." "Donec id augue ac magna consequat porta." "Donec sed erat vitae velit vehicula rutrum." "Aenean pulvinar dui nec augue pharetra iaculis." "Quisque pretium risus vitae arcu feugiat ac posuere risus sagittis." "Nam diam erat," "rutrum ut interdum non," "laoreet at sem." "Sed enim elit," "tempor eget volutpat ac," "aliquet at sem." "Nunc in urna eu ipsum tempor pharetra eget vitae est." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Nulla ultricies," "ligula quis consequat posuere," "ante risus gravida est," "in pretium elit ipsum nec eros." "Mauris ac leo sit amet nisl rutrum mattis." "Donec facilisis enim eget mauris gravida lacinia." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Vivamus eleifend lacus non erat eleifend lacinia." "Nam vehicula vehicula ipsum ac ultrices." "Aliquam ut massa purus." "Aenean vel est vitae nulla tincidunt malesuada." "Aliquam eleifend," "arcu non tristique tempor," "dui ligula malesuada sem," "iaculis scelerisque magna massa quis quam." "Pellentesque libero mauris," "vulputate sed tincidunt vitae," "vehicula ac ipsum." "Mauris pharetra," "turpis eu tincidunt rhoncus," "quam tortor viverra est," "at pellentesque augue nibh ac nibh." "In ipsum dui," "ullamcorper vel semper quis," "semper id massa." "Phasellus non sem dolor," "at scelerisque tellus." "Curabitur velit augue," "pulvinar in aliquam id," "aliquet vel leo." "Fusce fermentum blandit nunc," "vitae tincidunt leo molestie condimentum." "Suspendisse ut gravida ipsum." "Curabitur vulputate," "mauris sit amet pulvinar sagittis," "ipsum enim feugiat enim," "et porta risus neque eget ante." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Donec eros dolor," "vehicula quis aliquam eget," "ornare id lorem." "Ut dolor lacus," "aliquet ut tempor et," "varius et nunc." "Cras consectetur massa vitae velit mattis a ultrices urna venenatis." "Praesent lacus mi," "bibendum a aliquet quis," "vestibulum non velit." "Proin sit amet elit felis," "eu malesuada justo." "Maecenas auctor urna metus." "Phasellus convallis velit id justo blandit venenatis." "Suspendisse convallis rhoncus orci," "a tincidunt quam varius a." "Fusce scelerisque aliquam odio ac sodales." "Aliquam in lectus arcu." "In vestibulum," "nisi et sagittis dignissim," "purus est feugiat risus," "ac accumsan ante purus in turpis." "Maecenas bibendum condimentum nibh," "quis fringilla quam imperdiet sed." "Nulla ullamcorper suscipit sem euismod rhoncus." "Curabitur lectus justo," "consectetur vitae viverra sed," "fringilla at nunc." "Aliquam justo tortor," "ornare vel rhoncus non," "eleifend sed purus." "Nullam posuere gravida magna," "egestas convallis tellus venenatis quis." "Mauris feugiat," "lectus nec rutrum placerat," "tellus augue convallis velit," "in mattis odio neque in urna." "Quisque quis urna at diam pretium iaculis ut sed dui." "Morbi nibh enim," "accumsan eu convallis et," "bibendum sed dui." "Class aptent taciti sociosqu ad litora torquent per conubia nostra," "per inceptos himenaeos." "Etiam interdum turpis eu dui adipiscing sagittis." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "In hac habitasse platea dictumst." "Suspendisse sed libero enim," "et dapibus justo." "Aliquam commodo," "turpis sit amet venenatis facilisis," "nibh diam porttitor neque," "nec gravida massa odio a sem." "Morbi quis velit ligula." "Mauris interdum risus nec quam rhoncus eu bibendum mauris pulvinar." "Nunc id orci nec turpis lobortis luctus." "Praesent laoreet lectus vel leo malesuada interdum." "Quisque a mi ac eros mattis pharetra in a quam." "Sed scelerisque ligula vel tellus pulvinar suscipit sollicitudin odio vehicula." "In porta odio auctor justo commodo lobortis." "Nullam porttitor volutpat blandit." "In ut varius nisl." "Nunc pharetra porta luctus." "Mauris in mattis est." "In hac habitasse platea dictumst." "Maecenas sed convallis tellus." "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Ut vehicula metus vitae ipsum hendrerit rutrum." "Nunc dolor nisl," "interdum quis ornare et," "tempor quis dui." "Donec tincidunt varius turpis non cursus." "Nulla lobortis," "lacus eget pellentesque sagittis," "urna elit rhoncus erat," "ac convallis ipsum sapien non lacus." "Morbi pellentesque ligula et velit tempus sagittis." "Morbi tincidunt interdum nunc non suscipit." "Cras faucibus interdum velit accumsan posuere." "Donec a augue risus." "Etiam viverra," "lectus sed mattis lobortis," "erat risus aliquet lorem," "eu semper libero nunc ac erat." "Donec at dui nisi." "Fusce dui tortor," "consequat eget egestas vel," "lobortis elementum mi." "Suspendisse blandit molestie urna vel mollis." "Nam aliquam volutpat bibendum." "Nulla id erat a lectus facilisis vestibulum." "Nunc dictum laoreet magna eu venenatis." "Duis facilisis justo nec enim vehicula nec rutrum purus vulputate." "Sed sollicitudin dui nec purus porttitor lacinia." "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Praesent nisl lacus," "rutrum ac congue eu," "scelerisque dictum ligula." "Fusce neque massa," "viverra sed suscipit sit amet," "posuere at ipsum." "Praesent scelerisque libero in nibh gravida sed consectetur turpis vehicula." "Fusce sapien velit," "vestibulum a aliquam in," "bibendum vel mauris." "Phasellus id porta eros." "Aenean nec ligula turpis," "ut tincidunt velit." "Cras commodo congue dui," "id gravida felis iaculis eget." "Nunc varius diam a purus elementum eleifend." "Sed viverra velit sit amet ante ultrices nec varius tellus aliquam." "Suspendisse ante nunc," "suscipit nec sodales ut," "rhoncus a ante." "Nulla risus neque," "fermentum in pharetra nec," "commodo rhoncus nulla." "Aenean fermentum," "ligula nec suscipit ultrices," "ligula neque rhoncus purus," "a mollis sem purus ut nunc." "Nunc aliquam ullamcorper lacinia." "Duis id velit lacus." "Cras convallis sodales vehicula." "Proin nibh nulla," "bibendum sed pellentesque vitae," "blandit vitae quam." "Curabitur et eros velit," "non vehicula sapien." "Suspendisse eu mi nec metus pellentesque egestas." "Curabitur a tellus purus," "ac dictum nisi." "Donec diam ligula," "tincidunt ut posuere vitae," "consequat at nisi." "Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas." "Nulla auctor nisi sed metus tincidunt blandit." "Nulla facilisi." "Proin volutpat mi sagittis risus fringilla feugiat." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Vivamus sagittis," "metus et sagittis sodales," "massa leo elementum sapien," "id suscipit lectus ligula ac orci." "Nulla dignissim tristique justo," "vel volutpat turpis rutrum convallis." "Sed diam lorem," "ultricies a ultricies eu," "tristique vitae turpis." "Donec pellentesque consectetur tellus non sodales." "Nam id dolor arcu." "Pellentesque nisl eros," "gravida non aliquam auctor," "elementum et felis." "Quisque in pellentesque metus." "Morbi sed lorem non magna fringilla egestas vitae ut nulla." "Aenean vel ante id nibh tincidunt feugiat." "Ut diam lorem," "semper vel elementum ac," "faucibus suscipit nunc." "Ut ultrices pharetra pellentesque." "Sed malesuada," "nulla vitae luctus suscipit," "est ipsum viverra libero," "quis ultrices augue ante eget velit." "Aenean nibh libero," "elementum eget lacinia non," "faucibus ut arcu." "Suspendisse potenti." "Phasellus nisl ante," "faucibus sed aliquam non," "pellentesque vel orci." "Nulla facilisi." "Sed et mauris sit amet enim malesuada congue." "In hac habitasse platea dictumst." "Cras vitae velit a enim sollicitudin elementum interdum a diam." "Nulla purus lectus," "mattis facilisis pretium et," "consectetur ut tellus." "Cras posuere odio eget nibh lacinia ullamcorper." "Aliquam a enim purus." "Donec pharetra tristique magna," "sit amet varius erat facilisis et." "Nullam molestie nisi euismod orci ultrices in mollis tellus accumsan." "Ut placerat hendrerit porttitor." "Nulla sit amet quam risus." "Nunc diam dui," "adipiscing non cursus et," "pharetra sed mi." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Cras eget hendrerit mi." "Donec sagittis tincidunt nisi venenatis egestas." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Suspendisse ac felis erat," "ut placerat nisi." "Curabitur laoreet pellentesque erat sed porttitor." "Sed vel metus leo," "nec congue enim." "Vivamus elit orci," "ultricies ac sagittis nec," "porta a lorem." "Suspendisse volutpat facilisis turpis," "non dapibus mi scelerisque sed." "Ut id libero a lorem rhoncus sollicitudin non non lorem." "Integer erat purus," "laoreet eu pulvinar eget," "condimentum in tellus." "Nam et placerat purus." "Praesent convallis," "nisi id sodales pharetra," "nibh augue tincidunt elit," "sit amet tempor justo orci quis sapien." "Cras imperdiet ligula ultricies lacus vestibulum molestie." "Fusce non suscipit felis." "Aenean sed nisl quis mi dapibus auctor et eget sem." "Vestibulum luctus egestas diam nec aliquet." "Nunc suscipit," "risus non facilisis sagittis," "libero enim rutrum mauris," "at ullamcorper tortor nibh vel turpis." "Morbi sed nisl purus." "In hac habitasse platea dictumst." "Nulla orci dui," "consectetur id laoreet quis," "mollis in nunc." "Phasellus faucibus posuere magna eu semper." "Cras sem turpis," "mattis non pretium at," "feugiat eget lorem." "Mauris in orci nulla," "sed consectetur diam." "Pellentesque dignissim," "erat dictum gravida viverra," "est erat laoreet massa," "at porta sem mi a quam." "Mauris ultricies viverra velit in posuere." "Vestibulum et ligula eros." "Pellentesque eu orci nulla." "Proin lectus enim," "molestie a sagittis id," "elementum quis tortor." "Mauris et ligula ut ligula egestas porttitor nec quis sapien." "Duis nibh dolor," "pharetra eu mollis sit amet," "tempus ut tortor." "Pellentesque tristique mattis nisl sed commodo." "Praesent ut mauris mi." "Donec lectus arcu," "vestibulum tempus convallis in," "vestibulum eget risus." "Cras sit amet tristique metus." "Fusce sodales velit et purus imperdiet semper." "Donec a nibh tellus," "ut pharetra odio." "Proin tellus nulla," "malesuada vitae aliquet bibendum," "congue ut turpis." "Vestibulum vel purus elit," "sit amet tempus purus." "Praesent mi erat," "imperdiet at volutpat eget," "laoreet a purus." "Curabitur ultricies ultricies nisi," "et varius nisi auctor in." "Curabitur vehicula elit et erat imperdiet vitae euismod diam convallis." "Morbi mollis semper risus," "ac varius turpis faucibus et." "Nulla commodo ligula nec nulla blandit ut rhoncus quam semper." "Mauris arcu ligula," "dapibus vel blandit id," "ornare quis arcu." "Proin urna ligula," "dictum aliquet venenatis nec," "pharetra et est." "Donec libero lectus," "scelerisque eget pharetra nec," "scelerisque ut quam." "Integer mi tortor," "mattis a luctus sit amet," "consequat quis mi." "Praesent in orci a nibh cursus malesuada eu a magna." "Nam at ligula purus," "consequat eleifend dui." "Donec tristique velit id turpis ultricies fermentum." "In ut sem eu quam volutpat consequat ut eget augue." "Nam posuere nisl at lectus laoreet scelerisque." "Vivamus nec odio tempus nulla egestas iaculis." "Sed sollicitudin posuere sapien ac interdum." "Class aptent taciti sociosqu ad litora torquent per conubia nostra," "per inceptos himenaeos." "Quisque aliquam," "massa ut vehicula placerat," "dui dui feugiat sem," "sed blandit sem augue non sapien." "Nulla sit amet justo diam." "Aliquam eget justo vitae lorem condimentum imperdiet a eget nisi." "Etiam quam nulla," "volutpat ac consequat quis," "volutpat ac orci." "Nam fermentum hendrerit pulvinar." "Aliquam erat volutpat." "Mauris sit amet viverra justo." "Cras eget sollicitudin turpis." "Donec congue pretium suscipit." "Nunc tempus tempor augue vitae mattis." "Aenean vel lectus a neque feugiat pretium." "Proin ac purus a nisi tincidunt auctor non eget justo." "Donec et bibendum ipsum." "Nulla facilisi." "Nam pellentesque lacinia fermentum." "Nulla eu ligula turpis," "a cursus dui." "Nullam porttitor molestie bibendum." "Aenean iaculis mi ultrices lorem viverra gravida." "Proin tortor mauris," "fermentum vitae pretium ac," "posuere quis augue." "Cras sodales," "felis sit amet sollicitudin euismod," "lorem dui fermentum nisl," "et vehicula quam enim et est." "Etiam ac dolor sed augue dictum ullamcorper non molestie leo." "Morbi tellus arcu," "imperdiet eget condimentum sit amet," "convallis sodales massa." "Ut id urna eu quam facilisis rhoncus." "Curabitur euismod," "augue ut fringilla congue," "odio risus vestibulum enim," "ac porta augue lacus quis dolor." "Sed dui orci," "rutrum commodo dapibus sed," "fermentum in libero." "Aenean id purus sapien," "in feugiat odio." "Nullam interdum suscipit odio eget vehicula." "Praesent interdum," "sapien vitae consectetur pulvinar," "mauris felis iaculis nisi," "vitae sagittis sapien velit ac neque." "Morbi a purus vel velit vestibulum ullamcorper a vel diam." "Nam nec dui non tellus tincidunt molestie." "Nam lacinia iaculis orci eget pulvinar." "Etiam ac facilisis massa." "Nulla sit amet luctus odio." "Aenean eget turpis turpis," "eget fermentum neque." "Phasellus id lectus nisi." "Suspendisse tristique scelerisque suscipit." "Integer vel nibh elit." "Duis sem justo," "bibendum vel hendrerit vel," "cursus non turpis." "In hac habitasse platea dictumst." "Vestibulum nec quam a dolor consequat fermentum vel in leo." "Donec vel lorem risus," "quis blandit felis." "Sed mollis ornare turpis," "vitae mattis risus mollis eget." "Praesent eleifend iaculis mauris." "Maecenas porta tincidunt egestas." "Quisque at sem leo." "Donec non enim vel risus suscipit vulputate." "Nam a diam placerat dui feugiat commodo at a tortor." "Fusce elit augue," "congue sit amet imperdiet id," "sagittis at quam." "Integer vestibulum felis vel nunc consequat bibendum." "Curabitur rhoncus lacinia risus," "sit amet semper urna elementum vehicula." "Nulla vel ante libero." "Maecenas sed orci non eros venenatis dapibus nec non nibh." "Aliquam erat volutpat." "Quisque aliquet auctor nulla at semper." "Aenean congue pellentesque ipsum." "Aliquam id ante vel eros facilisis consectetur." "Aenean a mi in orci bibendum mattis euismod eget elit." "In sed enim et quam tincidunt semper in quis augue." "Proin sed sapien id magna cursus tristique." "Nunc ac sapien augue." "Aliquam tempus leo ultricies magna interdum tincidunt." "Nulla porttitor gravida ligula in aliquet." "Duis mattis dui non sem vestibulum ac sagittis enim molestie." "Quisque sed dui ligula." "Nullam euismod aliquet enim id tristique." "Curabitur nec lectus consectetur nisi cursus vehicula." "Nulla fringilla vestibulum rutrum." "Quisque malesuada nibh vitae quam feugiat nec placerat eros ultrices." "Pellentesque id dui id nisl eleifend iaculis posuere ut tortor." "Integer eget dui risus," "eu auctor quam." "Aliquam sit amet orci placerat nunc blandit dictum." "Vestibulum nec interdum nisi." "Proin purus nisi," "viverra ultricies accumsan ac," "dignissim nec nulla." "Donec sit amet dolor nisl," "a scelerisque elit." "Phasellus ut arcu lectus." "Sed semper dapibus pellentesque." "Nam vitae urna nulla," "vel auctor orci." "Sed vel magna nibh." "Curabitur pretium imperdiet orci eu ultrices." "Vivamus quis metus pharetra nunc euismod rutrum." "Fusce massa nibh," "venenatis sed ornare at," "posuere sed mauris." "Sed tortor est," "tempor vel fermentum sit amet," "laoreet at nulla." "Proin eu dictum lacus." "Proin nec mattis lectus." "Aliquam semper semper tellus," "ac eleifend orci accumsan non." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Phasellus vitae tortor mauris," "quis blandit nisi." "Donec quis viverra lacus." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Maecenas imperdiet," "leo eu tincidunt gravida," "eros sem lacinia risus," "vitae viverra massa augue eget ante." "Suspendisse ullamcorper lacus ut est bibendum condimentum." "In eget semper mi." "Praesent tellus turpis," "mollis sit amet feugiat at," "gravida eget augue." "Sed ac lacinia massa." "Sed vitae malesuada lorem." "Vivamus pellentesque urna eget sem vehicula pharetra." "Curabitur tristique tortor eget mauris adipiscing semper." "Sed eu nisi vulputate arcu elementum imperdiet." "Morbi gravida est non ante accumsan bibendum." "Cras et lectus augue," "sed congue leo." "Praesent semper," "urna nec pharetra aliquet," "augue purus tristique neque," "eget convallis libero turpis sed mi." "Sed tortor tellus," "tempus ac ullamcorper tempus," "consectetur in dui." "Cras aliquam dapibus turpis," "ut ultrices ligula vulputate a." "Donec molestie porttitor mi," "placerat rutrum neque sodales id." "Fusce quis justo lacus." "Duis eget sem nisi," "ac consectetur augue." "Vestibulum luctus erat non lacus commodo vel tristique dui consectetur." "Mauris tellus nisl," "molestie eget porta vitae," "sagittis sed dolor." "Class aptent taciti sociosqu ad litora torquent per conubia nostra," "per inceptos himenaeos." "Pellentesque vel odio eget sem aliquet scelerisque eget vitae nunc." "Fusce adipiscing sagittis libero," "quis placerat dui pulvinar eget." "Cras condimentum," "arcu tempor facilisis condimentum," "eros leo ullamcorper urna," "vel tincidunt velit enim eget eros." "Mauris et semper nulla." "Proin mollis sapien nec enim egestas aliquam vestibulum consectetur tellus." "Aenean ut nisl ut sapien iaculis auctor." "Pellentesque dolor tellus," "sodales eu elementum ut," "ullamcorper at nunc." "Vestibulum convallis ornare leo," "ac luctus eros dignissim commodo." "Suspendisse at elit sit amet urna placerat lobortis." "Donec fermentum libero lacus," "in placerat risus." "Nullam ut enim sapien," "nec blandit libero." "Donec in nibh fermentum lacus dapibus bibendum vel ac turpis." "Morbi rhoncus," "purus pharetra sagittis mollis," "lectus ante imperdiet magna," "in vestibulum urna nulla ac erat." "Duis dictum euismod vulputate." "Morbi odio augue," "ultrices a gravida sed," "elementum quis felis." "Nam scelerisque urna id justo dignissim placerat." "Sed convallis lobortis orci vel egestas." "Vestibulum ultricies felis in libero iaculis varius." "Aliquam erat volutpat." "Phasellus ac purus non elit malesuada auctor." "Donec ut sem id enim volutpat posuere." "Donec malesuada est sed odio ornare dignissim." "Cras vitae urna massa," "ut facilisis lorem." "In rutrum interdum lectus," "nec scelerisque tellus consequat pellentesque." "Proin eu molestie neque." "Integer sed enim lectus," "ac aliquet urna." "Phasellus sodales sollicitudin consequat." "Praesent vitae augue ante." "Sed id pellentesque leo." "Integer vehicula enim quis dui aliquet congue." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Curabitur gravida," "quam sed elementum eleifend," "velit nulla dictum est," "ut malesuada augue ligula id dui." "Maecenas bibendum tristique ipsum," "eu gravida elit commodo sed." "Fusce metus tortor," "accumsan ac feugiat id," "volutpat sed tortor." "Vivamus tincidunt mi non purus volutpat ultrices." "Praesent eget metus eu sem tempus pellentesque." "Etiam faucibus sollicitudin dapibus." "Donec tempor massa sit amet mi posuere ullamcorper." "Vestibulum ac dolor ut urna ultrices volutpat." "Integer ipsum urna," "congue tempus vehicula eu," "sodales sit amet velit." "Proin adipiscing urna ut eros sodales vulputate." "Nam faucibus auctor justo non luctus." "Suspendisse ac augue sed augue viverra congue." "Nam ligula erat," "eleifend eu semper eget," "pharetra laoreet nunc." "Phasellus tempor eros a ante tincidunt ultricies." "Fusce sit amet est tristique lacus pharetra tristique." "Pellentesque orci est," "tristique quis tristique id," "imperdiet at neque." "Vivamus ut rutrum mauris." "Nullam sit amet quam turpis," "ut fringilla enim." "Duis sagittis accumsan risus." "In eget risus vel mauris pharetra laoreet nec id arcu." "Cras mollis," "mauris et sagittis laoreet," "est dui hendrerit urna," "at tempor nulla mauris sed odio." "Cras sed hendrerit orci." "Curabitur eros sem," "pretium vel iaculis vel," "accumsan in enim." "Proin mattis," "ligula tincidunt sagittis rutrum," "mauris dui consectetur erat," "ac hendrerit quam risus at purus." "Cras ac ante id libero congue semper at id tortor." "Cras non risus sit amet erat porta dictum sit amet in justo." "Phasellus vel justo odio." "Donec scelerisque varius ligula id bibendum." "Nullam turpis ligula," "fringilla ac semper a," "iaculis a sapien." "Vestibulum in est venenatis metus malesuada lacinia quis id justo." "Vivamus faucibus luctus semper." "Etiam mattis ullamcorper magna," "sit amet faucibus est malesuada euismod." "Duis libero nisl," "molestie a iaculis in," "convallis eu nunc." "Nullam sit amet lorem at purus ullamcorper rutrum sit amet eu orci." "In vel nulla in elit convallis varius nec a lacus." "Nunc ac nunc nisl," "quis condimentum risus." "Donec tempus facilisis odio ac rutrum." "Etiam sed mollis tortor." "Sed ac lorem at urna lacinia porta." "Curabitur vestibulum metus eu augue viverra et accumsan augue ornare." "Phasellus mollis mauris erat," "ut vestibulum arcu." "Praesent pretium condimentum nisl," "id rutrum quam mattis ac." "Nunc vitae arcu leo," "sit amet pretium dui." "Mauris vehicula velit sem," "lobortis cursus tellus." "Ut eleifend dapibus tellus," "in euismod ipsum dapibus at." "Nulla convallis blandit nunc quis lobortis." "Praesent placerat mattis mauris," "sed luctus nisi ultricies vel." "In tristique laoreet tortor sed porta." "Aenean hendrerit orci non est viverra sit amet blandit lorem scelerisque." "Nulla in nulla lacus." "Pellentesque ac enim quam," "id aliquet justo." "Suspendisse diam metus," "placerat eu volutpat ut," "euismod non erat." "Phasellus luctus odio vel orci dapibus sed varius lacus aliquam." "Sed tincidunt feugiat diam vel ornare." "Fusce quis volutpat magna." "Cras malesuada elit at leo fringilla imperdiet et sed libero." "Morbi sit amet tincidunt ligula." "Ut id tempus tellus." "Vestibulum id rhoncus risus." "Ut non magna a lorem semper hendrerit." "Cras vulputate cursus eros," "sit amet tincidunt ligula rutrum fringilla." "Cras mauris nisl," "fringilla sed egestas vel," "accumsan non mauris." "Integer commodo," "tellus consequat mollis pulvinar," "dui elit faucibus arcu," "in lacinia nisi mi eget ligula." "Nulla malesuada semper tortor eu lacinia." "Vestibulum at varius sem." "Vivamus posuere ligula ac tellus faucibus lobortis." "Maecenas sagittis arcu in odio sodales aliquam." "Mauris at felis augue." "Donec venenatis interdum cursus." "Vivamus ante mauris," "dignissim sit amet laoreet vel," "vehicula vel arcu." "Sed facilisis nulla sit amet massa posuere faucibus." "Aliquam elementum elementum felis lacinia vehicula." "Maecenas metus justo," "viverra et pulvinar ut," "venenatis a mauris." "Duis eu ultricies elit." "Donec gravida condimentum magna," "sodales eleifend risus fermentum eget." "Nunc elit urna," "elementum in adipiscing sit amet," "cursus in dui." "Cras at risus non ligula scelerisque scelerisque dictum sed lorem." "Sed semper lorem id magna consequat ut ultricies nunc consectetur." "Suspendisse vehicula," "erat sit amet tempor auctor," "augue risus interdum nunc," "eu adipiscing tortor nisi tempus sem." "Etiam malesuada ipsum ut lectus ultrices faucibus." "Curabitur tellus tellus," "pretium vel accumsan nec," "eleifend nec elit." "Cras semper fermentum ipsum," "sit amet gravida lectus hendrerit non." "Nullam pretium velit vel dolor suscipit in blandit nisi scelerisque." "Curabitur viverra ipsum vitae odio placerat pulvinar." "In cursus elit id turpis aliquam ornare." "Donec consequat turpis feugiat elit tempor sed lobortis arcu aliquam." "Curabitur sit amet sagittis purus." "Curabitur tincidunt arcu sed odio suscipit elementum." "Sed ut nibh a ante adipiscing auctor eleifend a nisi." "Proin sollicitudin sollicitudin blandit." "Ut commodo auctor imperdiet." "Fusce eleifend," "neque non ullamcorper elementum," "felis ipsum cursus libero," "et bibendum augue mi sed ligula." "Curabitur sodales euismod diam vitae dictum." "Maecenas vestibulum," "mi non commodo sollicitudin," "massa quam iaculis odio," "vel tristique tellus nibh vitae tortor." "Vestibulum ut odio eget nisi ultricies auctor ac vitae lorem." "Sed eu lorem elit." "Aliquam erat volutpat." "Suspendisse fermentum nulla lorem." "Morbi eleifend dolor a ligula feugiat vulputate." "Curabitur laoreet auctor quam," "at tincidunt metus cursus in." "Nam aliquam volutpat porttitor." "Aenean id cursus eros." "Vestibulum vel neque diam," "non posuere quam." "Quisque leo sapien," "fermentum quis congue vel," "fringilla vitae arcu." "Mauris semper turpis ac libero volutpat dapibus." "Duis nisi enim," "faucibus eget tempus at," "ultricies nec tellus." "Cras id lectus nisl," "id cursus orci." "Etiam sapien nisl," "mollis sit amet volutpat vel," "volutpat nec nisi." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Nunc ac purus nec leo vestibulum porttitor a blandit arcu." "Proin nec rhoncus neque." "Pellentesque vestibulum pharetra vestibulum." "Sed molestie elit eu dui mollis varius." "Etiam porttitor dictum mi." "Maecenas suscipit sagittis nunc nec porta." "Sed et arcu sit amet sapien convallis vestibulum." "Cras egestas accumsan accumsan." "Quisque accumsan tortor et erat mattis sollicitudin." "Sed molestie turpis eget sem tincidunt nec convallis mi congue." "Etiam ac egestas lorem." "Proin sollicitudin est nec sem vehicula tincidunt." "Proin quis purus ut nisl dapibus euismod." "Class aptent taciti sociosqu ad litora torquent per conubia nostra," "per inceptos himenaeos." "Nunc lacus ante," "rutrum sed lacinia ut," "fermentum id purus." "Nulla facilisi." "Suspendisse sed lectus nec libero lacinia aliquam." "Sed id ipsum sapien," "id varius ipsum." "Vestibulum at nulla mi," "eget accumsan nibh." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Donec lobortis ultrices iaculis." "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Donec placerat eros ac arcu pellentesque laoreet." "Praesent sagittis pellentesque dictum." "Nulla in metus eget metus vulputate tempus." "Mauris dictum elementum commodo." "Donec tellus est," "suscipit iaculis venenatis ut," "pulvinar sit amet turpis." "Mauris et elit non magna consectetur bibendum." "Mauris pellentesque dui eu libero consectetur fringilla." "Aenean vel ipsum urna." "Maecenas pulvinar sollicitudin magna molestie interdum." "Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Mauris viverra pretium tortor eget gravida." "Integer commodo molestie turpis quis elementum." "Aenean placerat," "purus eu rhoncus ornare," "ligula nulla consequat dui," "vitae scelerisque augue massa pulvinar quam." "Suspendisse ultricies ultricies neque sit amet luctus." "Ut bibendum leo a lectus blandit eget hendrerit ligula consequat." "In hac habitasse platea dictumst." "Cras tempor," "eros non posuere pulvinar," "magna nisi consectetur lacus," "in ullamcorper ante lectus non justo." "Sed porttitor libero vel nisl bibendum dapibus." "Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas." "Fusce vitae faucibus mi." "Etiam in libero lobortis nisl lobortis lobortis blandit ut dolor." "Morbi auctor iaculis nulla at venenatis." "Morbi augue nibh," "lobortis ut bibendum id," "pretium nec felis." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Maecenas molestie," "ante nec porttitor bibendum," "tortor tortor aliquet arcu," "sit amet tempus ligula diam sit amet felis." "Phasellus semper posuere augue id rhoncus." "Cras dolor tellus," "posuere id varius in," "hendrerit eu tellus." "Proin vitae turpis non nulla ullamcorper tristique." "In hac habitasse platea dictumst." "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Fusce sed justo quis diam lacinia imperdiet nec eu tortor." "Nullam at quam non metus pretium luctus in ac dui." "Vivamus libero nibh," "adipiscing et tristique non," "accumsan quis sem." "Aliquam condimentum ligula eu lorem sodales fermentum." "Suspendisse ac urna vitae est pharetra vulputate at vel lacus." "Sed vel lorem consequat sapien tristique dignissim." "Praesent sodales fermentum est id iaculis." "Sed sollicitudin ullamcorper suscipit." "Morbi felis massa," "ultricies ac ultrices in," "malesuada volutpat sapien." "Vestibulum vitae egestas arcu." "Suspendisse ac facilisis dui." "Sed lobortis eros ac est adipiscing laoreet." "Nullam urna arcu," "dapibus quis commodo vulputate," "dictum aliquet mi." "Morbi sit amet erat sit amet velit pellentesque aliquam." "Sed eu arcu turpis," "ut vulputate quam." "Nullam ultrices condimentum tortor quis scelerisque." "Morbi lacinia lacinia metus," "vel elementum ante pharetra at." "Fusce mollis magna vel nisi gravida ut fringilla tortor rhoncus." "Aenean aliquam feugiat sapien ac euismod." "Nullam non est tortor." "Pellentesque vestibulum porta lorem ut adipiscing." "Nunc eget enim et dui pellentesque egestas." "Suspendisse ornare mollis odio," "tincidunt tincidunt sapien egestas non." "Cras vulputate," "nisi sit amet vehicula facilisis," "sapien neque adipiscing nisi," "at volutpat est nibh euismod ipsum." "Maecenas scelerisque elementum leo," "eget semper libero auctor a." "Proin vel odio sit amet tortor adipiscing facilisis non vel elit." "Aliquam eget leo libero," "sit amet vulputate est." "Maecenas ut turpis nec est tincidunt rutrum." "Nam laoreet," "justo in dictum tincidunt," "nisi est porttitor diam," "eget pretium libero est dictum odio." "Fusce justo felis," "tempor vitae mattis sit amet," "pretium sagittis sem." "Mauris risus erat," "volutpat sit amet aliquam cursus," "ultricies a nulla." "Aliquam at erat felis." "In imperdiet lacinia purus at luctus." "Suspendisse rutrum lacinia ullamcorper." "Vestibulum tincidunt sodales sollicitudin." "Aliquam sit amet velit purus," "in venenatis nisl." "Vivamus vitae magna quis nisi varius imperdiet ut quis tortor." "Ut pulvinar," "mi a volutpat blandit," "justo tellus tincidunt massa," "id vulputate elit nunc at risus." "Integer venenatis rhoncus enim." "In pretium adipiscing justo," "sed scelerisque urna fringilla sit amet." "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Etiam placerat," "est nec ornare convallis," "ante lacus vestibulum quam," "sit amet interdum magna purus ac eros." "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Nullam at adipiscing turpis." "Curabitur lobortis velit ut ligula commodo lacinia." "Nullam pellentesque," "velit in convallis consequat," "ipsum massa malesuada lacus," "sit amet sodales odio enim vitae mauris." "Integer eget risus quam." "Maecenas quis risus sit amet risus egestas pulvinar." "Proin nec consectetur est." "Praesent ultricies felis a nisi aliquet pulvinar." "Quisque nec elit at lorem porta malesuada." "Phasellus ac nulla eros," "eget egestas lectus." "Proin a lacus orci," "ornare vehicula posuere."
-
-;; RFC 6742
-
-host1.blaat.nl. IN NID 10 0014:4fff:ff20:ee64
-host1.blaat.nl. IN L32 10 10.1.2.0
-host1.blaat.nl. IN L64 10 2001:0DB8:1140:1000
-host1.blaat.nl. IN LP 10 l64-subnet1.blaat.nl.
-
-;error1	IN	NID 1 00fg:4fff:ff20:ee64
-;error2	IN	NID 1 00ff:4fff:ff20
-;error3	IN	NID 1 00f0
-;error4	IN	NID 1 00ff:4fff:ff20:ee64:67
-;error5	IN	NID 1 00ff:ff2056:ee64:67
-;error6	IN	NID 1 :::1
-
-;; RFC 6844: CAA
-caa	IN	CAA 0 issue "ca.example.net"
-caa	IN	CAA 0 iodef "mailto:security@example.com"
-caa	IN	CAA 0 iodef "http://iodef.example.com/"
-caa	IN	CAA 0 issue "ca.example.net; account=230123"
-caa	IN	CAA 0 issue "ca.example.net; policy=ev"
-caa	IN	CAA 128 tbs "Unknown"
-caa	IN	TYPE257 \# 70 020461757468303E3039060A2B06010401D679020301060960864801 65030402010420614829C81B958911F81164D40DCDBFD49D66CEB3B3 442FF6C9C3A912F9497566020100
-
-;; RFC 7043: EUI48 and EUI64
-eui48		IN EUI48 00-00-5e-90-01-2a
-eui64		IN EUI64 00-00-5e-ef-00-00-00-2a
-
-;error.eui48	IN EUI48 00-00-5e ; too short
-;error.eui48	IN EUI48 00-00-5e-90-01-2a-ef ; too long
-;error.eui48	IN EUI48 00-00-5e-9r-01-2a ; non-hex
-;error.eui64	IN EUI64 00-00-5e-ef-00-00-2a ; too short
-;error.eui64	IN EUI64 00-00-5e-ef-00-00-00-2a-ef ; too long
-;error.eui64	IN EUI64 00-00-5e-ef-r0-00-00-2a ; non-hex
-
-; Tests for Unbound
-; the text strings should be identical, with () and without (), parse test.
-txt1	TXT	"a" "bb" "ccc"
-txt2	TXT	( "a" "bb" "ccc" )
-txt3	TXT	"a b" "bb" " cc c " " "
-txt4	TXT	( "a b" "bb" " cc c " " " )
-
-; LOC tests
-abbey.example.com.	3600	IN	LOC	40 32 24.716 N 105 4 25.770 W 1208.00m 600000m 2000m 1m
-abram.example.com.	3600	IN	LOC	40 32 24.716 N 105 4 25.770 W 42849672.91m 1000m 500000m 2000m
-addie.example.com.	3600	IN	LOC	90 0 0.000 S 180 0 0.000 E 42849672.91m 9000000m 9000000m 9000000m
-addie.example.com.	3600	IN	LOC	90 0 0.000 S 180 0 0.000 E 42849672.91m 90000000m 90000000m 80000000m
-alfrac.example.com.	3600	IN	LOC	40 0 0.000 N 105 0 0.000 W 1208.64m 1m 10000m 1m
-allspec.example.com.	3600	IN	LOC	40 32 24.716 N 105 4 25.770 W 1208.00m 600000m 2000m 20m
-curtin.edu.au.example.com. 3600	IN	LOC	32 7 19.000 S 116 2 25.000 E 10.00m 1m 10000m 1m
-rwy04l.logan-airport.boston.example.com. 3600 IN LOC 42 21 28.764 N 71 0 51.617 W -44.00m 2000m 10000m 1m
-cambridge-net.kei.com.example.com. 3600	IN LOC	42 21 54.000 N 71 6 18.000 W -24.00m 30m 10000m 1m
-loiosh.kei.com.example.com. 3600 IN	LOC	42 21 43.952 N 71 5 6.344 W -24.00m 1m 200m 1m
-morefrac.example.com.	3600	IN	LOC	40 0 0.000 N 105 0 0.000 W 1208.64m 0.30m 5m 4m
-negative.example.com.	3600	IN	LOC	40 0 0.000 S 105 0 0.000 E -9978.85m 1m 10000m 1m
-pipex.net.example.com.	3600	IN	LOC	52 14 5.000 N 0 8 50.000 E 10.00m 1m 10000m 1m
-nohpvp.example.com.	3600	IN	LOC	40 32 24.716 N 105 4 25.770 W 1208.00m 600000m 10000m 1m
-nominnosec.example.com.	3600	IN	LOC	40 0 0.000 N 105 0 0.000 W 1208.00m 1m 10000m 1m
-nosec.example.com.	3600	IN	LOC	40 32 0.000 N 105 4 0.000 W 1208.00m 1m 10000m 1m
-noszhpvp.example.com.	3600	IN	LOC	40 32 24.716 N 105 4 25.770 W 1208.00m 1m 10000m 1m
-
-; Tests for TXT quotes and parenthesis
-txt5	TXT	Test-String"Test-String"
-txt6       IN      TXT     ("v=DKIM1; k=rsa; g=*; s=email; h=sha1; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC33ewKxBZARSAPbT96IpW/k3DgdNuFEb896eIf80HcVxWw+w2G+1sQcUjxWUSGp6yTTMEls6n7tthixidyRiE/aWOy3ic/K+927PuCy0M1ZX2QY8gVmOHJbYT3qBQ8toQrvGIer8fQqqJIzO/ATVbHxX8B/z0PsmGI2xxqCyXkOw""IDAQAB;")
-
-example.com. 3600 IN CSYNC 66 3 A NS AAAA
-9fe6cbb9e933ad0b8b4fa94066474e091ee8be696c224b1c1678fcec._openpgpkey 3600 IN OPENPGPKEY \# 2221 ( 99020d044d6cf351011000ae2731a071cae66040331dcfffbc1abaea01fba2b3 341ad29f4191e1e2e47514cc595e5d3b59ebd460db81cb04e98a753dae963543 74b8c3a420364960a6c6875e66cea7216327c16996557c4d13e25e236b3714e9 32795be889e8b33a295faf6d9015474cfe9c2643603f1e91e01334011a841909 8e2fc9807285b2195cdbb1a9ae1916a26b9e33b3f91cde2f728aa133464a1099 fc2beecaf8f67ee03a999aa97be89ce4a252f804ce27a9efb7a631ca956bfa99 c51d6beca52af39a93353aac43097671074a4bb5b039eb86e99209989d5b6a4a e22b32c1605e712072926095b4640db4b4d16b54a8139048e25ef0098781e524 4222df9b6a6bf2335942527356a29e1063c5bc1297c051ab969a3e0c01fb15e2 0ea63a06b416d6c96f9794c5d80e97afb249d2b907dc46605f1001019dd62774 4bc2ad73f239cd623f945bf9922ec6ceb607ce8818455173199de1ef555bf3e8 5e9702dcab7a30e5e6c0f6827ce6d550df2ba4fa6ef2ed47bceb916aded25a72 7039a09942a0684897cdf2efc13f5169693c19da94d861be40e8b07fe853d297 8389eba876332be7db146f1ec6a957bfe39ac90514b1f870a5d899bb4e1d97af 49294ad09dede6d5a04abdc29332bbe74cf70393b626c0f4fdfef6ee2b01d8a6 a40750c446e159b44d0a783611585385ba912b771364b6eda8a69680026a6bf2 105692fd6f9a6cf19e09550011010001b42357696c6c656d20546f6f726f7020 3c77696c6c656d406e6c6e65746c6162732e6e6c3e89023e0413010200280502 4d6cf351021b23050909660180060b090807030206150802090a0b0416020301 021e01021780000a0910e5f8f8212f77a4985d5b0ffe289b97f7d8e4e5abc537 8b7d6db7c395f98c3d787e3fb598638c41e889aea40cbe5b3001d947c7184c92 9efe6ad1e32ae9acb0802823870bb149c3a7bdfbb591601d8c099b3bdd3b3ddc cb03b4d611dc741d9c49c3b5b87654a21dfb618cfe6087f172b3dc663a9f4c0d ad81476ebe5b6fd966164383bc39303a66272a3fe6a0b9a813d4e249c6b9dacf 748a49a979b3fa24036e47099e1d24ed3310cc04341e0bf3afd4e365a04cd075 b7d1dff607a3b8738abf885a7dc959251785ca626b8c9b476f44439653615437 c715b1a586236132e1f89b0e4a9d2d84e403e6733c90a96ec041d14994b19ec0 d23153bb94d9059851901353ddb60b9c42edf715af6ee4ef111e5afd56092a1f 7662a72af80f8768425324a8a7335c805a49b1c4d3dc279b69114a5c592638ff 22a963bd34d2d4bcc319972b99c197fa31c21b89e627f36ce811297ff707f53e 6c258dab407b7d618ec296317a565c2c8b740a39244d8f82095842f6f84448dc e29bb292c7e15072b00c04f2a0f4cd700f2e7348b703f74bcb8d5f4235fbd282 4f515852ea9be06255f88d81a5046d1f730e9bf103b3335f5f03d74ac2ec6581 4dd920e985b57a3b4e0c699f3103ab033ccf36a5b037b3668365484b58a4462d 79414d27170c9db4285bec72d24a9654354b996d13c14b2994f6725e36fb766d 57a79ed721c3ca248221390d7d6fa65f867fa6fa1369b9020d044d6cf3510110 00a4ece215b3f782bae8fb6c1e3fdc06d1e6242271f41b073fc7a85237788814 7b7168134e0b753c608d07308f188b9489af34f1dab1bb52fc3968d0a705c30a 35ea0226e7d2608931138d56ccf124a9236276462863a8f1c83b3a640167211d eaaadfc557ff7701cbb1d413259cf3f5b18ec6e615000bb4ab73c75b980615cf a9a7778de3bab318cc448eca044e3fdc95ac63aa2b28846d77fe190fe8fbc3a0 3ece39d38675040ff1be064410faad9fc5a8c2efe02f34cc39f3087d6b2e9346 42995fd5a9f2d3a59302c0cbe1fea01002c7eb64c8c4e5f853b5b17aebc7c722 97380b8df9ec7f32f1766b3d76e186dc582eedd5da955b7cacdb4cca69e99e9b 25d22b157a68c9f828170917709d335a000590f2be22fd7a5ed0ff2432969642 e84978428c1a3c8380bb339d21ce9cb8ce8f4d6bc102b70a56042159f26c85f7 8599f931a73fe159cf4ae34c828e66fe84f648af745b5d2b1022d514901a8e48 c1cdae82205fe21a58cab77bbc8c1dd32a94aaf4954e7695f05b7c40a395e07f 34ee0add218904fcd380bb737be2ec5b148942840c58abfa212c10ad6debb265 23aa040dad2191397deb472f0dbeeceb6afb386b7166754a47216c3629f63633 a02c5fd1c116e46c8a682a163426e556ea5c0ecdb472429c0d51bea5e583f889 e70f831251e8b31c231d2f946de8c31a6550f884ea961dfdf75a2c3e366ad48c b5001101000189022404180102000f05024d6cf351021b0c050909660180000a 0910e5f8f8212f77a498ed740ff8e1cd5baa631d75dff18a2aa27def9c416118 d178092a1c327c3cc641fd74bc976f3a1b5da52b95cfea68618b31f2aaee6f82 f30ed934eb98de0105878a4814fc811139ed4b3aa356e3c962c422f0be4d3d59 f8e9e64913964287282a6519cd0b1f3f03615aea223b276efcbc5cd4921787c1 7f70b0967aefdcc5462344399b4180efd75c1185a83d6b691e660f8210e76624 f1a87d988baf9367d26b84dcb5df8c7303c2947c4c238734addccb7970f6c192 f3f5dd5f75127e289f26b2fda0562b44a032ed45ae1fc855dca67d54125ccd36 c16f207e4389b0f4e5ff45fe60328a53b322534868ff0d3d8aca0bb0781ee1fe 62f2c0e6fc468f57ccf795ced9f2b27e3cb6d16fc417bd4ca969a364dc649ea5 c57f0325205eaa77fd9df84431c3be5329773828d0e32c0011cbb885e7131b44 b1fc5267b0b3ff125e7255c233239fc6e8c8844d613dab76833e49a7d947fae6 b3ceb35b2ddce2a0f71f384f74fecda521ae07ce3332e5eb2c79d100ad8f9ace 2a0067c1b590f61dd18ab021d66605aa745b5944d830de4c9f61dcc889354b1a 6203d918a5c2317b6d5f188d8d0cf6dab11c9578f6f41d3089871bbb2963b114 59ab0b4c4220ddafb14c20ecbacab1cec60a522ecc883bd1d539ca61cdd4933c 412fafd631d03eff23b23a4164729e32236947f622fe79a17493154e9a30b257 e3fdf97f0b2e1b8c65fc85bd98)
-
-test.add.1.	0	ANY	TSIG	hmac-md5.sig-alg.reg.int. 1480584899 300 16 lkEJsjwBeAdfv9RGs6zZrg== 15355 NOERROR 0
-blabla.		0	ANY	TSIG	hmac-md5.sig-alg.reg.int. 1480585012 300 16 k9mSMs2t5vq5FV2DvQvR6g== 59231 NOERROR 0
-blabla.	0	ANY	TSIG	hmac-md5.sig-alg.reg.int. 1480523776  300 16 sBfx00GRs+tfRTm4uRCjyQ== 25791 0 0
-blabla.		0	ANY	TSIG	hmac-md5.sig-alg.reg.int. 1480585449 300 0  59692 BADSIG 0
-blabla.		0	ANY	TSIG	hmac-md5.sig-alg.reg.int. 1480585462 300 16 6wvlG82sEVHyqsTtBLvRQw== 26044 NOERROR 0
-
-; Test for ZONEMD
-example.org. 86400 IN ZONEMD 5 1 2 c1b8eddf4ef128db88125ede9008d6ff0b33a047b8a8a4d77b00271f7d8e7ae5ccd6c86d8398f64f0de0615bf3121ffba6946a3cd5f32acbc4e8d0649b4a78e6
-; from draft-ietf-dnsop-dns-zone-digest-12#section-2.4
-example.com. 86400 IN ZONEMD 2018031500 1 1 ( FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE 7EB1A7B641A47BA7FED2DD5B97AE499FAFA4F22C6BD647DE )
-; from draft-ietf-dnsop-dns-zone-digest-12#section-A.1
-example. 86400   IN  ZONEMD  2018031900 1 1 ( c68090d90a7aed71 6bc459f9340e3d7c 1370d4d24b7e2fc3 a1ddc0b9a87153b9 a9713b3c9ae5cc27 777f98b8e730044c )
-; from draft-ietf-dnsop-dns-zone-digest-12#section-A.2
-example. 86400   IN  ZONEMD  2018031900 1 1 ( 31cefb03814f5062 ad12fa951ba0ef5f 8da6ae354a415767 246f7dc932ceb1e7 42a2108f529db6a3 3a11c01493de358d )
-non-apex.example.      900     IN  ZONEMD  2018031900 1 1 ( 616c6c6f77656420 6275742069676e6f 7265642e20616c6c 6f77656420627574 2069676e6f726564 2e20616c6c6f7765 )
-; from draft-ietf-dnsop-dns-zone-digest-12#section-A.3
-example.      86400   IN  ZONEMD  2018031900 1 1 ( 62e6cf51b02e54b9 b5f967d547ce4313 6792901f9f88e637 493daaf401c92c27 9dd10f0edb1c56f8 080211f8480ee306 )
-example.      86400   IN  ZONEMD  2018031900 1 2 ( 08cfa1115c7b948c 4163a901270395ea 226a930cd2cbcf2f a9a5e6eb85f37c8a 4e114d884e66f176 eab121cb02db7d65 2e0cc4827e7a3204 f166b47e5613fd27 )
-example.      86400   IN  ZONEMD  2018031900 1 240 ( e2d523f654b9422a 96c5a8f44607bbee )
-example.      86400   IN  ZONEMD  2018031900 241 1 ( e1846540e33a9e41 89792d18d5d131f6 05fc283e )
-; from draft-ietf-dnsop-dns-zone-digest-12#section-A.4
-uri.arpa.       3600    IN      ZONEMD  2018100702 1 1 ( 1291b78ddf7669b1a39d014d87626b709b55774c5d7d58fa dc556439889a10eaf6f11d615900a4f996bd46279514e473 )
-; from draft-ietf-dnsop-dns-zone-digest-12#section-A.5
-root-servers.net.     3600000 IN  ZONEMD  2018091100 1 1 ( f1ca0ccd91bd5573d9f431c00ee0101b2545c97602be0a97 8a3b11dbfc1c776d5b3e86ae3d973d6b5349ba7f04340f79 )
-; from ldns issue #121, 0.10m was parsed as 0.01m.
-foo.	12345	IN	LOC	12 45 52.333 N 105 40 33.452 W -24m 0.1m 0.1m 0.1m
-; from ldns issue #147, fix #148, tab between quoted strings.
-foo	12345	IN	HINFO	"hohum"	"weirdo"
-0.0.3.6.1.0.0.0.f.f.f.f.f.f.3.3.1.e.1.0.0.0.0.0.0.0.0.0.a.5.0.0.0.8.5.0.0.0.7.4.NSAP.INT.	IN	NSAP-PTR	foo.bar.com.
-0.0.4.6.1.0.0.0.f.f.f.f.f.f.3.3.1.e.1.0.0.0.0.0.0.0.0.0.a.5.0.0.0.8.5.0.0.0.7.4.NSAP.INT.	IN	NSAP-PTR	host.school.de.
diff --git a/contrib/unbound/testdata/test_ldnsrr.c3 b/contrib/unbound/testdata/test_ldnsrr.c3
deleted file mode 100644
index 0ce9340dfc31..000000000000
--- a/contrib/unbound/testdata/test_ldnsrr.c3
+++ /dev/null
@@ -1,1068 +0,0 @@
-0C74797065732D7369676E6564027762087369646E6C616273026E6C000006000100015180003D036E7364087369646E6C616273026E6C000A686F73746D6173746572087369646E6C616273026E6C0077FD526100000E1000000258001BAF8000000E10
-types-signed.wb.sidnlabs.nl.	86400	IN	SOA	nsd.sidnlabs.nl. hostmaster.sidnlabs.nl. 2013090401 3600 600 1814400 3600
-0C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010001518000AF000608040001518052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00152E7FD817AC8F7BF4CCB4866EC4B3B4B2F8F3E79F160A55003BCB511CDDE430B5333DD6F71E72203BC39A626CF28FFD13C7F408A15F080B0FEDD0727E3493B0D5E9F371D20B8801DCE26004628572F09D063A86E2535E665BD7DB9D74CF95ADE08F40A7EE31AE975BEC6C7E9CB7F2B19528CE83D7653B675D142BFDF5089523
-types-signed.wb.sidnlabs.nl.	86400	IN	RRSIG	SOA 8 4 86400 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. FS5/2Besj3v0zLSGbsSztLL48+efFgpVADvLURzd5DC1Mz3W9x5yIDvDmmJs8o/9E8f0CKFfCAsP7dByfjSTsNXp83HSC4gB3OJgBGKFcvCdBjqG4lNeZlvX2510z5Wt4I9Ap+4xrpdb7Gx+nLfysZUozoPXZTtnXRQr/fUIlSM= ;{id = 62298}
-0C74797065732D7369676E6564027762087369646E6C616273026E6C00000200010000003C0011036E7364087369646E6C616273026E6C00
-types-signed.wb.sidnlabs.nl.	60	IN	NS	nsd.sidnlabs.nl.
-0C74797065732D7369676E6564027762087369646E6C616273026E6C00000200010000003C0012046B6E6F74087369646E6C616273026E6C00
-types-signed.wb.sidnlabs.nl.	60	IN	NS	knot.sidnlabs.nl.
-0C74797065732D7369676E6564027762087369646E6C616273026E6C00000200010000003C0012046E736434087369646E6C616273026E6C00
-types-signed.wb.sidnlabs.nl.	60	IN	NS	nsd4.sidnlabs.nl.
-0C74797065732D7369676E6564027762087369646E6C616273026E6C00000200010000003C00130562696E6439087369646E6C616273026E6C00
-types-signed.wb.sidnlabs.nl.	60	IN	NS	bind9.sidnlabs.nl.
-0C74797065732D7369676E6564027762087369646E6C616273026E6C00000200010000003C00140662696E643130087369646E6C616273026E6C00
-types-signed.wb.sidnlabs.nl.	60	IN	NS	bind10.sidnlabs.nl.
-0C74797065732D7369676E6564027762087369646E6C616273026E6C00000200010000003C001608706F776572646E73087369646E6C616273026E6C00
-types-signed.wb.sidnlabs.nl.	60	IN	NS	powerdns.sidnlabs.nl.
-0C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000208040000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00BA3DA6143757B97248F9A847256745AA90DE9CB8773F6B247B333DDF70BE16968B2DCD782611C84E32F90A80219DA24622E0C901CFCFA1C08B825F9F16C1204454AF2BFB2FAB32C29334C0FB5C34E03EC97682A3E0D1649147B9AF259D0E76943EFA786F6CA4E486A7E893179183636753F02045A91353F7A9CF0F30E16A5C3A
-types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	NS 8 4 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. uj2mFDdXuXJI+ahHJWdFqpDenLh3P2skezM933C+FpaLLc14JhHITjL5CoAhnaJGIuDJAc/PocCLgl+fFsEgRFSvK/svqzLCkzTA+1w04D7JdoKj4NFkkUe5ryWdDnaUPvp4b2yk5Ian6JMXkYNjZ1PwIEWpE1P3qc8PMOFqXDo= ;{id = 62298}
-0C74797065732D7369676E6564027762087369646E6C616273026E6C00003000010001518000880100030803010001D7B53C9C988E7476474466CC3BA260A461FE5764BF4CE754E6307E3B0764D2E0D1A84B23E52CBE08419A29A851219AF5DE8291DDDDA1D6C76315298C562C25F75EABEAA2998163AC6F1B500D810F6B8931A835FD01BB0D3529DE31DA574435DEBFFCDBD404974B23ACB201C42EF04A5AAED3275F633E555FB5F403C8B5BC39BD
-types-signed.wb.sidnlabs.nl.	86400	IN	DNSKEY	256 3 8 AwEAAde1PJyYjnR2R0RmzDuiYKRh/ldkv0znVOYwfjsHZNLg0ahLI+UsvghBmimoUSGa9d6Ckd3dodbHYxUpjFYsJfdeq+qimYFjrG8bUA2BD2uJMag1/QG7DTUp3jHaV0Q13r/829QEl0sjrLIBxC7wSlqu0ydfYz5VX7X0A8i1vDm9 ;{id = 62298 (zsk), size = 1024b}
-0C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010001518000AF003008040001518052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C002814BF2CD8FF2B000AFFB428CDECAAFDD33DAE745905F01E244082EED758BCA1BBF77C8B7966A1D6E4B7C98BA51D35CDFA3C8F67B6A07DB8ABEEF4719D7739A3D36224ABA64F9FCA7B46414431A5496C80FC0A8C7E46E2C242D69D4038E3CC0D1DB0FEDDA73177E6A1B3B5D3CF5AA712F60B840F2091B5BB3DF54299A37AAAA4
-types-signed.wb.sidnlabs.nl.	86400	IN	RRSIG	DNSKEY 8 4 86400 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. KBS/LNj/KwAK/7Qozeyq/dM9rnRZBfAeJECC7tdYvKG793yLeWah1uS3yYulHTXN+jyPZ7agfbir7vRxnXc5o9NiJKumT5/Ke0ZBRDGlSWyA/AqMfkbiwkLWnUA448wNHbD+3acxd+ahs7XTz1qnEvYLhA8gkbW7PfVCmaN6qqQ= ;{id = 62298}
-0C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002801610C74797065732D7369676E6564027762087369646E6C616273026E6C00000722000000000380
-types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	a.types-signed.wb.sidnlabs.nl. NS SOA RRSIG NSEC DNSKEY
-0C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080400000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00B55DC7CDE44F4A9D49BC6B969335B95A2450947D4C55C21D7453D3E8FD455C77F3287BC0EBF9040711F4A91ADAC6AC7EF928FB3D7ED2991EEA1E86B62145406305578B031FED59B5891F517AACA530339262708222B4E3FC7D6B90CDA885269B9F838D9A6BB199E1E09B82232876C8B8A3F2398D761DC34F5748FB77033A5E8D
-types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 4 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. tV3HzeRPSp1JvGuWkzW5WiRQlH1MVcIddFPT6P1FXHfzKHvA6/kEBxH0qRraxqx++Sj7PX7SmR7qHoa2IUVAYwVXiwMf7Vm1iR9ReqylMDOSYnCCIrTj/H1rkM2ohSabn4ONmmuxmeHgm4IjKHbIuKPyOY12HcNPV0j7dwM6Xo0= ;{id = 62298}
-01610C74797065732D7369676E6564027762087369646E6C616273026E6C00000100010000003C0004D5881FDD
-a.types-signed.wb.sidnlabs.nl.	60	IN	A	213.136.31.221
-01610C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000108050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00C559E7582596EE34600A9B219D9596C536BBB28FB5B12953BD84827532166D7A7CF85745F3C34D0F6DC4BDEBF07F47018E22AF939873A300881E8E1DDB4D44B50700506B01B9ED52320E8383ABD7AEC07D5CEB7E780C1752C177762229B4307403E8C9E9BCF1B3E0CE64623B785A40C3F7829C8BCE30EBA742B4ECF2A354B74F
-a.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	A 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. xVnnWCWW7jRgCpshnZWWxTa7so+1sSlTvYSCdTIWbXp8+FdF88NND23Evevwf0cBjiKvk5hzowCIHo4d201EtQcAUGsBue1SMg6Dg6vXrsB9XOt+eAwXUsF3diIptDB0A+jJ6bzxs+DOZGI7eFpAw/eCnIvOMOunQrTs8qNUt08= ;{id = 62298}
-01610C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100029036130310C74797065732D7369676E6564027762087369646E6C616273026E6C000006400000000003
-a.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	a01.types-signed.wb.sidnlabs.nl. A RRSIG NSEC
-01610C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00C8C27D0F6DCEA8A3DE18BA84D864361DEBB92BD95ED53A087CEEDF43567095AEABC08BD78B1BC19BFB36DB49EB2060C4D142D10BD14BE84B21FD819E7B5D1E10E79B0A9683992C8247DF846B78F5099A492192D814312EF7CAE56AF152C7783D14FA459D08950C8F9EE859B86D4F60EC6CA2BD587BC327AEF69001D52B31C83C
-a.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. yMJ9D23OqKPeGLqE2GQ2Heu5K9le1ToIfO7fQ1Zwla6rwIvXixvBm/s220nrIGDE0ULRC9FL6Esh/YGee10eEOebCpaDmSyCR9+Ea3j1CZpJIZLYFDEu98rlavFSx3g9FPpFnQiVDI+e6Fm4bU9g7GyivVh7wyeu9pAB1SsxyDw= ;{id = 62298}
-036130310C74797065732D7369676E6564027762087369646E6C616273026E6C00000100010000003C000400000000
-a01.types-signed.wb.sidnlabs.nl.	60	IN	A	0.0.0.0
-036130310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000108050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00C6F62261D5B4390B7A5D7B7BBE0199CED496D21157069EC6C50CCE785F66A33BCD6C579F4EED97559309618C4E84DA3A1EF61B74F8A556CED90AFEF09734FAC7648E3FE787B7E6D9048A181B69DCF2C7BFBA1F4AD23C203E9E94E29808142FC46B0A7B98CCD947B6DC274BE56527B7BE393109D8680B76B4A5E1E688E2C5A45D
-a01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	A 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. xvYiYdW0OQt6XXt7vgGZztSW0hFXBp7GxQzOeF9mozvNbFefTu2XVZMJYYxOhNo6HvYbdPilVs7ZCv7wlzT6x2SOP+eHt+bZBIoYG2nc8se/uh9K0jwgPp6U4pgIFC/Eawp7mMzZR7bcJ0vlZSe3vjkxCdhoC3a0peHmiOLFpF0= ;{id = 62298}
-036130310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100029036130320C74797065732D7369676E6564027762087369646E6C616273026E6C000006400000000003
-a01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	a02.types-signed.wb.sidnlabs.nl. A RRSIG NSEC
-036130310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0073D833E8E9157EEB2F3B51BD1DF6FBE4EAC56AACFA433454843F8FCAA618977291BF8780BFDABBDF5D2CBCA5CA1D5941F852CD08632C32306506E782174998FE7A7DD9CF2EBF16EA384AC691FD6F5354800FF3C0EFD19D7A673FF7EABD6E67C749A5B4FF8787386867532D91E1A91CC42EEDF149B9FB3E96608A099168D004B6
-a01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. c9gz6OkVfusvO1G9Hfb75OrFaqz6QzRUhD+PyqYYl3KRv4eAv9q7310svKXKHVlB+FLNCGMsMjBlBueCF0mY/np92c8uvxbqOErGkf1vU1SAD/PA79Gdemc/9+q9bmfHSaW0/4eHOGhnUy2R4akcxC7t8Um5+z6WYIoJkWjQBLY= ;{id = 62298}
-036130320C74797065732D7369676E6564027762087369646E6C616273026E6C00000100010000003C0004FFFFFFFF
-a02.types-signed.wb.sidnlabs.nl.	60	IN	A	255.255.255.255
-036130320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000108050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C007AAA7FCC2E6373DCA978D0AC99CB7B0CD5C8C8A3C40D05B106DD06E3639650E9A6061DE55519E01BBD512FCDD51C56E8325C6C0140632916F0F640CA335BF0A31703B4E385D196D84E78FE0BA4C03C321E8805427C0EE4D64BC5B7096104355558C28E79594C77EAEBF2D42C18AB4D13D2091E64B854DCFE187EFD5B5CC78A49
-a02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	A 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. eqp/zC5jc9ypeNCsmct7DNXIyKPEDQWxBt0G42OWUOmmBh3lVRngG71RL83VHFboMlxsAUBjKRbw9kDKM1vwoxcDtOOF0ZbYTnj+C6TAPDIeiAVCfA7k1kvFtwlhBDVVWMKOeVlMd+rr8tQsGKtNE9IJHmS4VNz+GH79W1zHikk= ;{id = 62298}
-036130320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A04616161610C74797065732D7369676E6564027762087369646E6C616273026E6C000006400000000003
-a02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	aaaa.types-signed.wb.sidnlabs.nl. A RRSIG NSEC
-036130320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00C3E75FFA8967071E982D29C4FAC6B0AB3F7C7AC1FC3D34BAADE78F7E0EAD53DA94B7E2FEF46959F009E63899716FF8ACB0F71A0F856F069AC24312D2187D2327BEC8B0787CE4A64D798DCB15C97B39692CE7010F362E49682A838E6328B04E4BADBFFF412D9C4748185A5841B5C6E1BD022447338F235EEC0E54FE7E51542E8A
-a02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. w+df+olnBx6YLSnE+sawqz98esH8PTS6reePfg6tU9qUt+L+9GlZ8AnmOJlxb/issPcaD4VvBprCQxLSGH0jJ77IsHh85KZNeY3LFcl7OWks5wEPNi5JaCqDjmMosE5Lrb//QS2cR0gYWlhBtcbhvQIkRzOPI17sDlT+flFULoo= ;{id = 62298}
-04616161610C74797065732D7369676E6564027762087369646E6C616273026E6C00001C00010000003C0010200107B80C0500000000000000800004
-aaaa.types-signed.wb.sidnlabs.nl.	60	IN	AAAA	2001:7b8:c05::80:4
-04616161610C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001C08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0034217882ADA06FCD8AE71C661AA484E237A8DED0B284F9042B7850988669B861CB691915E5758A10D2A5E84C61354CB659401832A6BA16D2F97F6B44CA629E6261CBC0100F489A4395C5E21E678CC98F6D419885869838F30B546E0CAF6C082ABDB354EA47FC614FD86904A832EFC70CF8ED3086C863D2FE0A9A610F8F418325
-aaaa.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	AAAA 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. NCF4gq2gb82K5xxmGqSE4jeo3tCyhPkEK3hQmIZpuGHLaRkV5XWKENKl6ExhNUy2WUAYMqa6FtL5f2tEymKeYmHLwBAPSJpDlcXiHmeMyY9tQZiFhpg48wtUbgyvbAgqvbNU6kf8YU/YaQSoMu/HDPjtMIbIY9L+CpphD49BgyU= ;{id = 62298}
-04616161610C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0561667364620C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000080003
-aaaa.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	afsdb.types-signed.wb.sidnlabs.nl. AAAA RRSIG NSEC
-04616161610C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C008113642B479C1F6FD36D0AF2C8A3AFB2ED509CA4F87078117147D961AD14F95E79DF68200F097D431B723CA2BB05BB803D2B9C2E77122AFFE1F96CBEC061D54D99177604847B541E1006C54E8F8706E593BEF28891DF0A4E7C05453D9E7EE4ED0BEAFA57F363C1BE78673564471C6FA3A482B2728A80CBC7CE33AC1B3C036EDE
-aaaa.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. gRNkK0ecH2/TbQryyKOvsu1QnKT4cHgRcUfZYa0U+V5532ggDwl9QxtyPKK7BbuAPSucLncSKv/h+Wy+wGHVTZkXdgSEe1QeEAbFTo+HBuWTvvKIkd8KTnwFRT2efuTtC+r6V/Njwb54ZzVkRxxvo6SCsnKKgMvHzjOsGzwDbt4= ;{id = 62298}
-0561667364620C74797065732D7369676E6564027762087369646E6C616273026E6C00001200010000003C00273039076166736E6F64650C74797065732D7369676E6564027762087369646E6C616273026E6C00
-afsdb.types-signed.wb.sidnlabs.nl.	60	IN	AFSDB	12345 afsnode.types-signed.wb.sidnlabs.nl.
-0561667364620C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001208050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00D337260602C05D7D8E689FB7F20E09379A03C2C5E5A1541C3F7307B125C08BC99651CDA9618C65E7C2053DA361AA6F50EAB4A79E0DBB570171070DA53F54B21A6B2088CB606D757ACF4B8C3FD4D2E3708C8901C5B76EDC3272FD9E433C049053A2B2878921C3E028EC007F358B456973132D4A33B5FEBA21CC2CA9E404EAC452
-afsdb.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	AFSDB 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. 0zcmBgLAXX2OaJ+38g4JN5oDwsXloVQcP3MHsSXAi8mWUc2pYYxl58IFPaNhqm9Q6rSnng27VwFxBw2lP1SyGmsgiMtgbXV6z0uMP9TS43CMiQHFt27cMnL9nkM8BJBTorKHiSHD4CjsAH81i0VpcxMtSjO1/rohzCyp5ATqxFI= ;{id = 62298}
-0561667364620C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002D07616673646230310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000020000003
-afsdb.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	afsdb01.types-signed.wb.sidnlabs.nl. AFSDB RRSIG NSEC
-0561667364620C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0039F04E019CDF47A6E9435D0B50DFED2BCC651A742FB3BB023E51389D768BCDE97C11D38BC83623EA869ECFE73C4F12252FFDD746C33DC26914B942749F0BB99A5B8FC31F96D30479AFC045E29C76DA4E5810FF8561BB73FC75E4AC25025451B7467E21B0B5F4489E05A91BECB33C5A9F358B0C61381E199AE10A4D815865CF49
-afsdb.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. OfBOAZzfR6bpQ10LUN/tK8xlGnQvs7sCPlE4nXaLzel8EdOLyDYj6oaez+c8TxIlL/3XRsM9wmkUuUJ0nwu5mluPwx+W0wR5r8BF4px22k5YEP+FYbtz/HXkrCUCVFG3Rn4hsLX0SJ4FqRvsszxanzWLDGE4Hhma4QpNgVhlz0k= ;{id = 62298}
-07616673646230310C74797065732D7369676E6564027762087369646E6C616273026E6C00001200010000003C0028000008686F73746E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00
-afsdb01.types-signed.wb.sidnlabs.nl.	60	IN	AFSDB	0 hostname.types-signed.wb.sidnlabs.nl.
-07616673646230310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001208050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00433236F737B6C742F95134A430A07D8B51F1286CF64B11CC47F2E57FD541BB93DC7DD3F0EBFEDBE37CD22EBA7D0D908BD960534BFF5A3D65FD3FF435EC998353CD751BE31DCB5A248D5CA84F4E0514A4551447A653A4F9084C9C688293CD5A9005D33EBFCEDB927C81F9EBA09B7A07D00F2B58E5AD67F9A0E4CBEF050C259C28
-afsdb01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	AFSDB 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. QzI29ze2x0L5UTSkMKB9i1HxKGz2SxHMR/Llf9VBu5PcfdPw6/7b43zSLrp9DZCL2WBTS/9aPWX9P/Q17JmDU811G+Mdy1okjVyoT04FFKRVFEemU6T5CEycaIKTzVqQBdM+v87bknyB+eugm3oH0A8rWOWtZ/mg5MvvBQwlnCg= ;{id = 62298}
-07616673646230310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002D07616673646230320C74797065732D7369676E6564027762087369646E6C616273026E6C000006000020000003
-afsdb01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	afsdb02.types-signed.wb.sidnlabs.nl. AFSDB RRSIG NSEC
-07616673646230310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C001CEF6BE6C935642319DEFB9903EF8F0FE1F9647263184F18A003E6459EF0C8DECE0DC09E731FCC5351F10CB28B0C986993D6204034A6DF2C5C8200D2CFFD77A1B8ECC886659F308142B3034AF534CA4AB3DB59AC7C99187BF900E6F76CF9F30748F941F4C19811A274D5FE44CE44A617EF43F357B8B952E535353785F6266BF4
-afsdb01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. HO9r5sk1ZCMZ3vuZA++PD+H5ZHJjGE8YoAPmRZ7wyN7ODcCecx/MU1HxDLKLDJhpk9YgQDSm3yxcggDSz/13objsyIZlnzCBQrMDSvU0ykqz21msfJkYe/kA5vds+fMHSPlB9MGYEaJ01f5EzkSmF+9D81e4uVLlNTU3hfYma/Q= ;{id = 62298}
-07616673646230320C74797065732D7369676E6564027762087369646E6C616273026E6C00001200010000003C0003FFFF00
-afsdb02.types-signed.wb.sidnlabs.nl.	60	IN	AFSDB	65535 .
-07616673646230320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001208050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00591C251983C795E59A14EAC58971CD36D965B01AD46AFD4D87CE0A0FB741C6915082CC02A9FAB523D3302C426333A3B9C7890981326CF00A28974B056CE63B22188BC1CAC02864133DA2969E3F6E006BB2A721C3880CCA99B9B0619120AFF0428105A8AC7095CA7C1B99CB51E0B9D8B816FF9A92AD9517E4422D366D330F6613
-afsdb02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	AFSDB 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. WRwlGYPHleWaFOrFiXHNNtllsBrUav1Nh84KD7dBxpFQgswCqfq1I9MwLEJjM6O5x4kJgTJs8Aool0sFbOY7IhiLwcrAKGQTPaKWnj9uAGuypyHDiAzKmbmwYZEgr/BCgQWorHCVynwbmctR4LnYuBb/mpKtlRfkQi02bTMPZhM= ;{id = 62298}
-07616673646230320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100029036364730C74797065732D7369676E6564027762087369646E6C616273026E6C000006000020000003
-afsdb02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	cds.types-signed.wb.sidnlabs.nl. AFSDB RRSIG NSEC
-07616673646230320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00786146DC4D929A6DB5EA3DC641C39B1DD80CDAFC32B271DD0D295C90DE49C4A310F4F9E6865DC058DDCB470A6056974E6C660B8A725A4646FF7DE59496069E98921E153699CDDDD95F9406FDE81E68EA22E10D290FBBB075E796A5C6DEA65B46AF7683E2A83B5A405403106C78A9C04BD8EBBDB0B7885EF3D17CDF376AC24865
-afsdb02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. eGFG3E2Smm216j3GQcObHdgM2vwysnHdDSlckN5JxKMQ9Pnmhl3AWN3LRwpgVpdObGYLinJaRkb/feWUlgaemJIeFTaZzd3ZX5QG/egeaOoi4Q0pD7uwdeeWpcbepltGr3aD4qg7WkBUAxBseKnAS9jrvbC3iF7z0XzfN2rCSGU= ;{id = 62298}
-036364730C74797065732D7369676E6564027762087369646E6C616273026E6C00003B00010000003C0024FCB2080286632F83494B1D7037E72949FD6CD8689C5DAAF4DF1E5D7E6EF3BA28ECE1E3C8
-cds.types-signed.wb.sidnlabs.nl.	60	IN	CDS	64690 8 2 86632F83494B1D7037E72949FD6CD8689C5DAAF4DF1E5D7E6EF3BA28ECE1E3C8
-036364730C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF003B08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C007BAC8D49E16C3744DE3C9EF198C05480F5238C4962012D61912CE532C41509C770A89F55624352BD7F31D772D4CF76D4E02041D658904ED3F4F3A85BA34F372444D336BC8CD7FBEE808B5D371571B4B4C1419E4723091939D3475279C031C5BADB9DD224927755309AE05A1893653A63A9F21CE5249A721AC6415BEE683099A8
-cds.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	CDS 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. e6yNSeFsN0TePJ7xmMBUgPUjjEliAS1hkSzlMsQVCcdwqJ9VYkNSvX8x13LUz3bU4CBB1liQTtP086hbo083JETTNryM1/vugItdNxVxtLTBQZ5HIwkZOdNHUnnAMcW6253SJJJ3VTCa4FoYk2U6Y6nyHOUkmnIaxkFb7mgwmag= ;{id = 62298}
-036364730C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C04636572740C74797065732D7369676E6564027762087369646E6C616273026E6C0000080000000000030010
-cds.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	cert.types-signed.wb.sidnlabs.nl. RRSIG NSEC CDS
-036364730C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0039771AE91719DEF01A03D67B508F84D1C51D98A99CADDA4D0A125A54F5195AA2ACFDC37586F081E0FD0C7EC316B0EE6AE159483A0C877D252C233D4718578D0DE2BD8E776363152D13B1EF4473EB97E3E082B5639082D01DF02CD27D7CEF4EDB297A6D2A1B42148465CDE9C445D3FECFCDD2935E40A0D05E8CA520BE51623A21
-cds.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. OXca6RcZ3vAaA9Z7UI+E0cUdmKmcrdpNChJaVPUZWqKs/cN1hvCB4P0MfsMWsO5q4VlIOgyHfSUsIz1HGFeNDeK9jndjYxUtE7HvRHPrl+PggrVjkILQHfAs0n18707bKXptKhtCFIRlzenERdP+z83Sk15AoNBejKUgvlFiOiE= ;{id = 62298}
-04636572740C74797065732D7369676E6564027762087369646E6C616273026E6C00002500010000003C0055FFFEFFFFFE33115C6F2F64FF2BDE74C7D080ACE11F97ABD0CBBFBC82F3E39224B2471E1468225829FF1B11E16A2E9502E1C0A0D533E18A14D6D55F4824AA4189FAFFFD7553A36577CD2311E0BC693ACEF8A2A609A6
-cert.types-signed.wb.sidnlabs.nl.	60	IN	CERT	65534 65535 254 MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY=
-04636572740C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002508050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00274412A0D2BF0FB8C5C6BA44A485ED6C15FC1AF76F58F0541F6D07D76A26E0A6A2E4D51E242BFC30DF1E847B32F540998E0D3E4BE0729D106CBF06A326239332BD42EE92ACD3BEC9BBF5E331AD2E9A8625B436C1C76E90DFAAF09CD3793BDCDBFDDC970F1064B0AFEDC19562359AD10AAF742FE7049305C332D8E2A9703C65A8
-cert.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	CERT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. J0QSoNK/D7jFxrpEpIXtbBX8GvdvWPBUH20H12om4Kai5NUeJCv8MN8ehHsy9UCZjg0+S+BynRBsvwajJiOTMr1C7pKs077Ju/XjMa0umoYltDbBx26Q36rwnNN5O9zb/dyXDxBksK/twZViNZrRCq90L+cEkwXDMtjiqXA8Zag= ;{id = 62298}
-04636572740C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C066365727430310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000000403
-cert.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	cert01.types-signed.wb.sidnlabs.nl. CERT RRSIG NSEC
-04636572740C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0063ED2B1B822B5B9A6CCB0F4ED01D8F159FC2146A67AFE335F5D50FF7E7A5E816E38D8A6483217F9F8B7948D601611CBB52A830FEA1082063889B0949CB13D7D7D0EF9790A2E13F118DB1647184166FB0C63CB7D26837ABA6C7782F30CC01CD5AAA17871574A7458158DF179390B1AB6673AAFF013FF3DA15FD9BE76121A21383
-cert.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Y+0rG4IrW5psyw9O0B2PFZ/CFGpnr+M19dUP9+el6BbjjYpkgyF/n4t5SNYBYRy7Uqgw/qEIIGOImwlJyxPX19Dvl5Ci4T8RjbFkcYQWb7DGPLfSaDerpsd4LzDMAc1aqheHFXSnRYFY3xeTkLGrZnOq/wE/89oV/ZvnYSGiE4M= ;{id = 62298}
-066365727430310C74797065732D7369676E6564027762087369646E6C616273026E6C00002500010000003C0055FFFEFFFFFE33115C6F2F64FF2BDE74C7D080ACE11F97ABD0CBBFBC82F3E39224B2471E1468225829FF1B11E16A2E9502E1C0A0D533E18A14D6D55F4824AA4189FAFFFD7553A36577CD2311E0BC693ACEF8A2A609A6
-cert01.types-signed.wb.sidnlabs.nl.	60	IN	CERT	65534 65535 254 MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY=
-066365727430310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002508050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C009A90B71BB343F532B68023474EB75EE1B34DCCFFE3462F944B043310C50E2A8FAB0223800095F3FF73B11850632C420FC20E5DF03CD985FD44715EBA1EA347C5A5B5824E8D43009B75382F800794309DC6CCDC839EB9A9692DC222A5113CEA3FD53D8CA02F83BE842EC4EE4CE44B900EC878533EB5EC7CD4139338EFA4DAA917
-cert01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	CERT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. mpC3G7ND9TK2gCNHTrde4bNNzP/jRi+USwQzEMUOKo+rAiOAAJXz/3OxGFBjLEIPwg5d8DzZhf1EcV66HqNHxaW1gk6NQwCbdTgvgAeUMJ3GzNyDnrmpaS3CIqURPOo/1T2MoC+DvoQuxO5M5EuQDsh4Uz617HzUE5M476TaqRc= ;{id = 62298}
-066365727430310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B05636E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000000403
-cert01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	cname.types-signed.wb.sidnlabs.nl. CERT RRSIG NSEC
-066365727430310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C009D36804E7EF0B73782B4E5693CC1F9D2013E0B7D8CED83CB6D72193DDF53685556376D64FF21357FFFFF066746877E21C2D78BB974E0838ED9D2BC47A2DBD8BCECBB224CAA3D0D77FD160391FD56FFF69345A0946D5A5FC8D219ED98EAE436310B888AC8CCD8274691327F8A323307199BAF759B070A9D7D41D32F855FD1B07A
-cert01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. nTaATn7wtzeCtOVpPMH50gE+C32M7YPLbXIZPd9TaFVWN21k/yE1f///BmdGh34hwteLuXTgg47Z0rxHotvYvOy7IkyqPQ13/RYDkf1W//aTRaCUbVpfyNIZ7Zjq5DYxC4iKyMzYJ0aRMn+KMjMHGZuvdZsHCp19QdMvhV/RsHo= ;{id = 62298}
-05636E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00000500010000003C0021037777770C74797065732D7369676E6564027762087369646E6C616273026E6C00
-cname.types-signed.wb.sidnlabs.nl.	60	IN	CNAME	www.types-signed.wb.sidnlabs.nl.
-05636E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000508050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C008AE9608C314758EA41D919D530502EDCDC740104346EAD005E750E40599ADF142DD996575285E32DE6C3650484E9AE9A7C21BD217820E4E91AE90CE9D4DFE27519EC288363A498BA22A740388A95C611B463D5FE0D2D076D1F308A2916AC156E05B93A019B07F7C49E3D8874BBA221A076F7299A8572C81BDFB3E4A6F158836B
-cname.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	CNAME 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. iulgjDFHWOpB2RnVMFAu3Nx0AQQ0bq0AXnUOQFma3xQt2ZZXUoXjLebDZQSE6a6afCG9IXgg5Oka6Qzp1N/idRnsKINjpJi6IqdAOIqVxhG0Y9X+DS0HbR8wiikWrBVuBbk6AZsH98SePYh0u6IhoHb3KZqFcsgb37PkpvFYg2s= ;{id = 62298}
-05636E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002D07636E616D6530310C74797065732D7369676E6564027762087369646E6C616273026E6C000006040000000003
-cname.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	cname01.types-signed.wb.sidnlabs.nl. CNAME RRSIG NSEC
-05636E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C005658F2FBA621CCD401CFE1E9F2FF81DFE1B543791CFDAB2BC609DCAD6609D37D62C7B7799F9CB38E26F914C0C24421B13B0DFD3D1701B2E9924B3826AFD12941EC1F3C7403D19238F064EA85CC6ED8DBBA5AA14DDCE2E384695E1029F9E96C0AF69534B20440F82A681AE3E573384DBDC0144419728F3752D3CF6C340350568A
-cname.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Vljy+6YhzNQBz+Hp8v+B3+G1Q3kc/asrxgncrWYJ031ix7d5n5yzjib5FMDCRCGxOw39PRcBsumSSzgmr9EpQewfPHQD0ZI48GTqhcxu2Nu6WqFN3OLjhGleECn56WwK9pU0sgRA+CpoGuPlczhNvcAURBlyjzdS089sNANQVoo= ;{id = 62298}
-07636E616D6530310C74797065732D7369676E6564027762087369646E6C616273026E6C00000500010000003C000E0C636E616D652D74617267657400
-cname01.types-signed.wb.sidnlabs.nl.	60	IN	CNAME	cname-target.
-07636E616D6530310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000508050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C000470C42BCFA53A94827D24D23A539AF9CFFA51FB08F757D3BCF1A39A04D58B11D1242C01467F67E21C11B1C73D3856CE69AFC348DE69449F5382036CB0FD8ED58CFA4FC3DC9199EF9001314F5D2E7B122E858E65231FFE251008C24474AFF70E6DBF5B87A41D41F878FBFF628E7B6950CEDBDB9F4BE33D2791CD96430FE6C53C
-cname01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	CNAME 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. BHDEK8+lOpSCfSTSOlOa+c/6UfsI91fTvPGjmgTVixHRJCwBRn9n4hwRscc9OFbOaa/DSN5pRJ9TggNssP2O1Yz6T8PckZnvkAExT10uexIuhY5lIx/+JRAIwkR0r/cObb9bh6QdQfh4+/9ijntpUM7b259L4z0nkc2WQw/mxTw= ;{id = 62298}
-07636E616D6530310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002D07636E616D6530320C74797065732D7369676E6564027762087369646E6C616273026E6C000006040000000003
-cname01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	cname02.types-signed.wb.sidnlabs.nl. CNAME RRSIG NSEC
-07636E616D6530310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00BAF6DF2E189412F35463EDC7A1A40D39E381DDD08FE7B4C79FB1EE53D7EBE9F54639691FD350204E2833A64E97FD1C81D0B2AD8BC862577567E098A673196364438EC5438AC0E5F5AB12246EB6C4E0312F8969B668EEA39AC9140FD26701F209CD40F17859AF6660C9BEB72EA55301BAC451C7E6C3D76A97B8DBFBEDE10D9464
-cname01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. uvbfLhiUEvNUY+3HoaQNOeOB3dCP57THn7HuU9fr6fVGOWkf01AgTigzpk6X/RyB0LKti8hiV3Vn4JimcxljZEOOxUOKwOX1qxIkbrbE4DEviWm2aO6jmskUD9JnAfIJzUDxeFmvZmDJvrcupVMBusRRx+bD12qXuNv77eENlGQ= ;{id = 62298}
-07636E616D6530320C74797065732D7369676E6564027762087369646E6C616273026E6C00000500010000003C002A0C636E616D652D7461726765740C74797065732D7369676E6564027762087369646E6C616273026E6C00
-cname02.types-signed.wb.sidnlabs.nl.	60	IN	CNAME	cname-target.types-signed.wb.sidnlabs.nl.
-07636E616D6530320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000508050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C007C8DD5D5B4ED0919954C63A3B846C5E2E7B8BECC49CD3A4BBE834375A3EDAECAAE491EA911401069496506772D003F5036A6A2A1C0646EF23E62A9967BE00B9168E30764430E669C1E7F74EEC347530A438BAE1A92A1D23D8A4F5FB2812E61578ACF1295580CB6BB1FA9300F1158706E6DC79896C851485DF3182B6254D057F4
-cname02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	CNAME 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. fI3V1bTtCRmVTGOjuEbF4ue4vsxJzTpLvoNDdaPtrsquSR6pEUAQaUllBnctAD9QNqaiocBkbvI+YqmWe+ALkWjjB2RDDmacHn907sNHUwpDi64akqHSPYpPX7KBLmFXis8SlVgMtrsfqTAPEVhwbm3HmJbIUUhd8xgrYlTQV/Q= ;{id = 62298}
-07636E616D6530320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0564686369640C74797065732D7369676E6564027762087369646E6C616273026E6C000006040000000003
-cname02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	dhcid.types-signed.wb.sidnlabs.nl. CNAME RRSIG NSEC
-07636E616D6530320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C003078A2199EFFDF1D3CD0742242B5705AF53C671DCEC8D2EDC58260AF5D1065E43C3C302AEEE89336E3FC777C59F92C37BC6FD1296CCA07531D7FF7320AEA114BDEF1B69A51CA71B728E4A4DC74D8FC53E7E6A49EF4D35B538C99BC35FBCABFAD7473B11017B9B2ED612AAFADDFB1887F603306E805D84AD197A53106B5EA504B
-cname02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. MHiiGZ7/3x080HQiQrVwWvU8Zx3OyNLtxYJgr10QZeQ8PDAq7uiTNuP8d3xZ+Sw3vG/RKWzKB1Mdf/cyCuoRS97xtppRynG3KOSk3HTY/FPn5qSe9NNbU4yZvDX7yr+tdHOxEBe5su1hKq+t37GIf2AzBugF2ErRl6UxBrXqUEs= ;{id = 62298}
-0564686369640C74797065732D7369676E6564027762087369646E6C616273026E6C00003100010000003C0023000201636FC0B8271C82825BB1AC5C41CF5351AA69B4FEBD94E8F17CDB95000DA48C40
-dhcid.types-signed.wb.sidnlabs.nl.	60	IN	DHCID	AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=
-0564686369640C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF003108050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00AF9284ECFB7B5961918033A1F3CB50529E4E7B3BEAAC81F552DE0BF337322FC9FE5E27CECBDB699ED9272A34ED66C64C9F38670A3C18C007E93A3134583D7327E7CB4CDBBECB7DB8BB5BA0B19495A65FD76F50606D47BA335FF6DBAD7612A19C193C1EBADF7C1E5247CFA9620255A6A35C806247B4BA32F573A4C19D74349DB5
-dhcid.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	DHCID 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. r5KE7Pt7WWGRgDOh88tQUp5OezvqrIH1Ut4L8zcyL8n+XifOy9tpntknKjTtZsZMnzhnCjwYwAfpOjE0WD1zJ+fLTNu+y324u1ugsZSVpl/Xb1BgbUe6M1/22612EqGcGTweut98HlJHz6liAlWmo1yAYke0ujL1c6TBnXQ0nbU= ;{id = 62298}
-0564686369640C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C05646E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00000700000000000340
-dhcid.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	dname.types-signed.wb.sidnlabs.nl. RRSIG NSEC DHCID
-0564686369640C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C004763CE81F01C48BB8DA3C045BB4B55221922D910F342EFB96DFC1BBDC54BA65B0A45F7EBF81CB6E339BA2583310733B6DACD7D36926F5938BA78EFE0AC8DAF897A46BC62494FE71BD60D160C01664298E1D3788D5619CEB29FC38A6D9D83128F992E1B7F84EF3009D95C43E0E297F3B9336C59FADF6F7A6B7A8CFB800833EDC6
-dhcid.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. R2POgfAcSLuNo8BFu0tVIhki2RDzQu+5bfwbvcVLplsKRffr+By24zm6JYMxBzO22s19NpJvWTi6eO/grI2viXpGvGJJT+cb1g0WDAFmQpjh03iNVhnOsp/Dim2dgxKPmS4bf4TvMAnZXEPg4pfzuTNsWfrfb3preoz7gAgz7cY= ;{id = 62298}
-05646E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00002700010000003C000E0C646E616D652D74617267657400
-dname.types-signed.wb.sidnlabs.nl.	60	IN	DNAME	dname-target.
-05646E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002708050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0038F1778C6B7DCE675FED229C5B6C890FE953F13D09559065DBDB50CAF241C1B8B8E04C5963F40187561B39F2663C96EAFC6E6F13A48A04CD3B925F0EBA780A0BBA54E49B08E28B31E436DA7418A793484315D884AAC47D93806775C6E03158C6DC323796947976D77047FC7B1937BB25CE46135DA63FD6DA035402EEE0401D6E
-dname.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	DNAME 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. OPF3jGt9zmdf7SKcW2yJD+lT8T0JVZBl29tQyvJBwbi44ExZY/QBh1YbOfJmPJbq/G5vE6SKBM07kl8OungKC7pU5JsI4osx5DbadBink0hDFdiEqsR9k4BndcbgMVjG3DI3lpR5dtdwR/x7GTe7Jc5GE12mP9baA1QC7uBAHW4= ;{id = 62298}
-05646E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002D07646E616D6530310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000000103
-dname.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	dname01.types-signed.wb.sidnlabs.nl. DNAME RRSIG NSEC
-05646E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0047E0AFF4CD48696E8ED970FB858809E391C618FA2835CC04F8AD436BB56EBF0030C96C8AD08A770789DFCDDACED85F4F179D6E3DE6CAAF33C0E355FAD80C630B5663DDCFCFCD242A3B02CE36691D2C1CCA69C4F482557ACB3B89701E5747A5C801397E037BE0189CE3D6685C17AC235791756C4F2FE1BE32B2AF650C2CBF702F
-dname.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. R+Cv9M1IaW6O2XD7hYgJ45HGGPooNcwE+K1Da7VuvwAwyWyK0Ip3B4nfzdrO2F9PF51uPebKrzPA41X62AxjC1Zj3c/PzSQqOwLONmkdLBzKacT0glV6yzuJcB5XR6XIATl+A3vgGJzj1mhcF6wjV5F1bE8v4b4ysq9lDCy/cC8= ;{id = 62298}
-07646E616D6530310C74797065732D7369676E6564027762087369646E6C616273026E6C00002700010000003C000E0C646E616D652D74617267657400
-dname01.types-signed.wb.sidnlabs.nl.	60	IN	DNAME	dname-target.
-07646E616D6530310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002708050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C001E15DA2D587694300FC44E9727FBAA506BE92B7BF2A0FA18D9BB292022A3949368B1EA4C6C1B3DE463E69E85D8DFCECBFE8DB481117B96BB3DE397A7000B83F475720538D49EE220053D9420AA4EABCA7BF662E361812095298344CE61E3CF7A3D3B5104ADDA18A722FC63F20F8B43893CEE04C5C1858048EE33E4D3DBF8FAED
-dname01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	DNAME 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. HhXaLVh2lDAPxE6XJ/uqUGvpK3vyoPoY2bspICKjlJNosepMbBs95GPmnoXY387L/o20gRF7lrs945enAAuD9HVyBTjUnuIgBT2UIKpOq8p79mLjYYEglSmDRM5h4896PTtRBK3aGKci/GPyD4tDiTzuBMXBhYBI7jPk09v4+u0= ;{id = 62298}
-07646E616D6530310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002D07646E616D6530320C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000000103
-dname01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	dname02.types-signed.wb.sidnlabs.nl. DNAME RRSIG NSEC
-07646E616D6530310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00D11822FC8451D9B21AB0F18AFDC337AF1CDFF458B135DBF973B033B58024599BAC20F8E7335F3091EDC5C087E9302BE61EE9978AFE93AAF6D589430932787B99A03F9B36D138A5C7538D5BACF676CBECA9338E828461391FB23B9A5762260F9475B9C8BCC8F00A6679870AF7F3296B772824F81BC809264E29F26EB66266F3F7
-dname01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. 0Rgi/IRR2bIasPGK/cM3rxzf9FixNdv5c7AztYAkWZusIPjnM18wke3FwIfpMCvmHumXiv6TqvbViUMJMnh7maA/mzbROKXHU41brPZ2y+ypM46ChGE5H7I7mldiJg+UdbnIvMjwCmZ5hwr38ylrdygk+BvICSZOKfJutmJm8/c= ;{id = 62298}
-07646E616D6530320C74797065732D7369676E6564027762087369646E6C616273026E6C00002700010000003C002A0C646E616D652D7461726765740C74797065732D7369676E6564027762087369646E6C616273026E6C00
-dname02.types-signed.wb.sidnlabs.nl.	60	IN	DNAME	dname-target.types-signed.wb.sidnlabs.nl.
-07646E616D6530320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002708050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0087B08F9E21FEC45DF46655AA9AD37E2DF51CA8C99AE6FA77EB756D022201578A8B86C2A6F128E270118CCEF1CD4D2A97B9E7C3CD96CAB7C409AF80A136E22502456ACCB4AAE85D9F2EAFF5E369D2F19CF69B9BB3632EE3EEA9B7F65699E7988891833CECD3B6B7C33251636E9337C30F9BC9A4F3FC6242198B6F1A659A38885F
-dname02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	DNAME 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. h7CPniH+xF30ZlWqmtN+LfUcqMma5vp363VtAiIBV4qLhsKm8SjicBGMzvHNTSqXuefDzZbKt8QJr4ChNuIlAkVqzLSq6F2fLq/142nS8Zz2m5uzYy7j7qm39laZ55iIkYM87NO2t8MyUWNukzfDD5vJpPP8YkIZi28aZZo4iF8= ;{id = 62298}
-07646E616D6530320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002D07646E616D6530330C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000000103
-dname02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	dname03.types-signed.wb.sidnlabs.nl. DNAME RRSIG NSEC
-07646E616D6530320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C005B45FA364152AB4E3499F9F0AA822F30FFE11A0779CD7955258840337DE095D7B9213D975EE25827BA96D76ED7AD53358E104C5AC4C4937A5D25E8EAD4ED85CEF3155488513C83A886896256F36AE065C1C4BA4994DF9A42886A7D38BC840EF5F29A8E24575FF1F02C7D35BB4C24E17394F0C820764877F4FFB800FDB33D2415
-dname02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. W0X6NkFSq040mfnwqoIvMP/hGgd5zXlVJYhAM33glde5IT2XXuJYJ7qW127XrVM1jhBMWsTEk3pdJejq1O2FzvMVVIhRPIOoholiVvNq4GXBxLpJlN+aQohqfTi8hA718pqOJFdf8fAsfTW7TCThc5TwyCB2SHf0/7gA/bM9JBU= ;{id = 62298}
-07646E616D6530330C74797065732D7369676E6564027762087369646E6C616273026E6C00002700010000003C000100
-dname03.types-signed.wb.sidnlabs.nl.	60	IN	DNAME	.
-07646E616D6530330C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002708050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00AB4E94D6E677558C008FAD101942510332C1DB2144A99C0352A3D46671F2B1BB3397B4B918392DE1A023B0BD5F5A9BD7A70A463EA904BF4CB15FFC2E7B60317D1551137C8EF9386C9FB4C88A702852B3E69C582833165C2A8C369B7583A29B402F7614F8E4800C4DA90AE62559E13E12892C075F7773834D30FE8612C9D61F8E
-dname03.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	DNAME 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. q06U1uZ3VYwAj60QGUJRAzLB2yFEqZwDUqPUZnHysbszl7S5GDkt4aAjsL1fWpvXpwpGPqkEv0yxX/wue2AxfRVRE3yO+Thsn7TIinAoUrPmnFgoMxZcKow2m3WDoptAL3YU+OSADE2pCuYlWeE+EoksB193c4NNMP6GEsnWH44= ;{id = 62298}
-07646E616D6530330C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A0467706F730C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000000103
-dname03.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	gpos.types-signed.wb.sidnlabs.nl. DNAME RRSIG NSEC
-07646E616D6530330C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00CFCE6808CE405CC73016F9685E75C161BEAA5869D2A6C9B584F4C22BD0CFE199C44F2F8C68BC7CEEF64DAEA444A78C9BB78271C487CD3A76885F757E5D98CEC0B35D173FE21040453AA59C34A6155199A9E1D8FACC67A36646021298D2F9CAEE31E2E022AB152BF32981795D796FC5532F017A091FD7928996BA1E5EF2E665DC
-dname03.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. z85oCM5AXMcwFvloXnXBYb6qWGnSpsm1hPTCK9DP4ZnETy+MaLx87vZNrqREp4ybt4JxxIfNOnaIX3V+XZjOwLNdFz/iEEBFOqWcNKYVUZmp4dj6zGejZkYCEpjS+cruMeLgIqsVK/MpgXldeW/FUy8Begkf15KJlroeXvLmZdw= ;{id = 62298}
-0467706F730C74797065732D7369676E6564027762087369646E6C616273026E6C00001B00010000003C00120532332E36370532332E36370532332E3637
-gpos.types-signed.wb.sidnlabs.nl.	60	IN	GPOS	23.67 23.67 23.67
-0467706F730C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001B08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0049CBABEED1B9089695C552489294378669AE1B934A81076F364E3D3E68F239E34AC106D4554F009A39A7813B1C8E02076B0A0737DACE4CCC7BF3CD20F4DFF9C19934DAAD81F23FB743C89CA941387CFC6B1506525634206D4918FA9CBE9707A88B25B0F6FF10E295551E4643488EA87FE7E051BD9E6D8AEF42F01574BB56BEE4
-gpos.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	GPOS 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Scur7tG5CJaVxVJIkpQ3hmmuG5NKgQdvNk49PmjyOeNKwQbUVU8AmjmngTscjgIHawoHN9rOTMx7880g9N/5wZk02q2B8j+3Q8icqUE4fPxrFQZSVjQgbUkY+py+lweoiyWw9v8Q4pVVHkZDSI6of+fgUb2ebYrvQvAVdLtWvuQ= ;{id = 62298}
-0467706F730C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0568696E666F0C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000100003
-gpos.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	hinfo.types-signed.wb.sidnlabs.nl. GPOS RRSIG NSEC
-0467706F730C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0037B66B1841B1F155AEE2BC14425FCC166A5BD822825927726096E57EAC9CAF410366B7FC3B73F16B52D0EA402C804AED7AFB00F89BF98AAA56758C95AB4BC660AB759973D5503FDC48DCBBD7C00235DFBCDBCCCFA23D09425142B7E3143028500FEA485F969401E8B85F44E8A5C6DCEB2368685F1F4A0B699E89273B945039CD
-gpos.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. N7ZrGEGx8VWu4rwUQl/MFmpb2CKCWSdyYJblfqycr0EDZrf8O3Pxa1LQ6kAsgErtevsA+Jv5iqpWdYyVq0vGYKt1mXPVUD/cSNy718ACNd+828zPoj0JQlFCt+MUMChQD+pIX5aUAei4X0Topcbc6yNoaF8fSgtpnoknO5RQOc0= ;{id = 62298}
-0568696E666F0C74797065732D7369676E6564027762087369646E6C616273026E6C00000D00010000003C00161047656E6572696320504320636C6F6E65044D794F53
-hinfo.types-signed.wb.sidnlabs.nl.	60	IN	HINFO	"Generic PC clone" "MyOS"
-0568696E666F0C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000D08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00B387E7452441A650E4C290CBBD2CB905CB2AC88DF818F032CDCE6817C2262442BD3459C25D4BD7A033AE070D8ABBB2D384894AFAA7618CA9BCCAD44D6C4E2253DC9C9ECE2DA1335890792283893DFE4DD93838117D90685DBB58AC14B421D74FA73AC24967691964A4356491961BB904F43C3A9134A5FBB9D803DD607081CADF
-hinfo.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	HINFO 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. s4fnRSRBplDkwpDLvSy5BcsqyI34GPAyzc5oF8ImJEK9NFnCXUvXoDOuBw2Ku7LThIlK+qdhjKm8ytRNbE4iU9ycns4toTNYkHkig4k9/k3ZODgRfZBoXbtYrBS0IddPpzrCSWdpGWSkNWSRlhu5BPQ8OpE0pfu52APdYHCByt8= ;{id = 62298}
-0568696E666F0C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002D0768696E666F30310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000400000003
-hinfo.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	hinfo01.types-signed.wb.sidnlabs.nl. HINFO RRSIG NSEC
-0568696E666F0C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00BC780429579844A4A5C119FE4E12494D2FF7ED0C651956CFBA5DAADAD46E0AB6700BC091AFB526459C38CCF5E37EBB21A7F087FA9F674D75A49A7D38BF4BABEF47BA799B8777E8A88CB998A0F24A9E1140FD1CE8D8C3EEFE9DBDB9823A337E6CB564DE3C06546A8648BC3FFBA3ECB7EA04ACA584404573B8BD9750C7ECDD7DF5
-hinfo.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. vHgEKVeYRKSlwRn+ThJJTS/37QxlGVbPul2q2tRuCrZwC8CRr7UmRZw4zPXjfrshp/CH+p9nTXWkmn04v0ur70e6eZuHd+iojLmYoPJKnhFA/Rzo2MPu/p29uYI6M35stWTePAZUaoZIvD/7o+y36gSspYRARXO4vZdQx+zdffU= ;{id = 62298}
-0768696E666F30310C74797065732D7369676E6564027762087369646E6C616273026E6C00000D00010000003C001C1047656E6572696320504320636C6F6E650A4E65744253442D312E34
-hinfo01.types-signed.wb.sidnlabs.nl.	60	IN	HINFO	"Generic PC clone" "NetBSD-1.4"
-0768696E666F30310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000D08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C002D194761A6316BE8ED94EE13A8FF3951E077A8B2C75A5F93209AF81181502440612BF46C821EB3FB45BA40E2FC33056A56026BAFA6DC388D7FC996073285944B56E3CC219AD640CFE76F5301F25BDE4050A01C541D2F8B82EC3B54B579196587A3FD123CE1636915DD28DF84EEED0A6165C1C86ABA2C9D0B7B4DA7972BAAE97A
-hinfo01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	HINFO 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. LRlHYaYxa+jtlO4TqP85UeB3qLLHWl+TIJr4EYFQJEBhK/Rsgh6z+0W6QOL8MwVqVgJrr6bcOI1/yZYHMoWUS1bjzCGa1kDP529TAfJb3kBQoBxUHS+Lguw7VLV5GWWHo/0SPOFjaRXdKN+E7u0KYWXByGq6LJ0Le02nlyuq6Xo= ;{id = 62298}
-0768696E666F30310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002D0768696E666F30320C74797065732D7369676E6564027762087369646E6C616273026E6C000006000400000003
-hinfo01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	hinfo02.types-signed.wb.sidnlabs.nl. HINFO RRSIG NSEC
-0768696E666F30310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00C5269C3EDCA14B8ED88CEB569B5265766945E18FEB15B241C0694399A8E54874B3CA648172BDB232BDD88A214322D77804CFC03638982B1D279004DB16F37F57DB6848E12EBB0C32BC140DE2141993650643718E59D848ABBA043C82AF371C4D6CD4F4B612149C6B7DACDEAEF0A441FB691624759FD2CA12F33778A2A1F24634
-hinfo01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. xSacPtyhS47YjOtWm1JldmlF4Y/rFbJBwGlDmajlSHSzymSBcr2yMr3YiiFDItd4BM/ANjiYKx0nkATbFvN/V9toSOEuuwwyvBQN4hQZk2UGQ3GOWdhIq7oEPIKvNxxNbNT0thIUnGt9rN6u8KRB+2kWJHWf0soS8zd4oqHyRjQ= ;{id = 62298}
-0768696E666F30320C74797065732D7369676E6564027762087369646E6C616273026E6C00000D00010000003C000A025043064E6574425344
-hinfo02.types-signed.wb.sidnlabs.nl.	60	IN	HINFO	"PC" "NetBSD"
-0768696E666F30320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000D08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0050F27CFAB319CCB5A076DC2495C6BD1B8906E6663F77BD0246D5C8299C7081DE08BB171244F7FE2B477BFD21243E3F6A4F534AB4528C521BCB01E042724D19EBB1C8278F4A7B56B4665E4E3494D26FE75E0958D2688D9CE39FE9DC3D722EDDB3C2A7FB1B5E8696929DE2CA86919B4FE49AE1DF3F7C122FE1C2202AAAAB9F8183
-hinfo02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	HINFO 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. UPJ8+rMZzLWgdtwklca9G4kG5mY/d70CRtXIKZxwgd4IuxcSRPf+K0d7/SEkPj9qT1NKtFKMUhvLAeBCck0Z67HIJ49Ke1a0Zl5ONJTSb+deCVjSaI2c45/p3D1yLt2zwqf7G16GlpKd4sqGkZtP5Jrh3z98Ei/hwiAqqqufgYM= ;{id = 62298}
-0768696E666F30320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A046973646E0C74797065732D7369676E6564027762087369646E6C616273026E6C000006000400000003
-hinfo02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	isdn.types-signed.wb.sidnlabs.nl. HINFO RRSIG NSEC
-0768696E666F30320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0042FF916DC600FF419E4B06A7F1BE27A4CD6DF0C87EA64921CF361FB40C08A4408335E51922B7E58B84028AA9CAD040F35E94C667C912CAF5533A90B43FAF4C33582CD0AA315FBF22303D670DBFF09C4305EA28FC63FC2C3DA549475C79B94A7B4EDF607D301C22A91442EB143228B333DF980A4A75DA8172539AF16AF66F0B31
-hinfo02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Qv+RbcYA/0GeSwan8b4npM1t8Mh+pkkhzzYftAwIpECDNeUZIrfli4QCiqnK0EDzXpTGZ8kSyvVTOpC0P69MM1gs0KoxX78iMD1nDb/wnEMF6ij8Y/wsPaVJR1x5uUp7Tt9gfTAcIqkUQusUMiizM9+YCkp12oFyU5rxavZvCzE= ;{id = 62298}
-046973646E0C74797065732D7369676E6564027762087369646E6C616273026E6C00001400010000003C00180C6973646E2D616464726573730A73756261646472657373
-isdn.types-signed.wb.sidnlabs.nl.	60	IN	ISDN	"isdn-address" "subaddress"
-046973646E0C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001408050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0061ADBE53518516A4E3A9CE0C93F55A3D5F4FFF70D7981957FF4F02EC7C14A1713CE783878B9CE9A93A26EB83D845D5BC032BC90D454313E26783457A6844332D332AEA09E28D760D1858C8507BF44EBA300FA352FE03A3ACD34AED47710557E0A9042EEA3CCF53457EE1D8C71AB8E4F2F4E35E786A4D89CC08310ED08F1281E7
-isdn.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	ISDN 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Ya2+U1GFFqTjqc4Mk/VaPV9P/3DXmBlX/08C7HwUoXE854OHi5zpqTom64PYRdW8AyvJDUVDE+Jng0V6aEQzLTMq6gnijXYNGFjIUHv0TrowD6NS/gOjrNNK7UdxBVfgqQQu6jzPU0V+4djHGrjk8vTjXnhqTYnMCDEO0I8Sgec= ;{id = 62298}
-046973646E0C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C066973646E30310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000008000003
-isdn.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	isdn01.types-signed.wb.sidnlabs.nl. ISDN RRSIG NSEC
-046973646E0C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0033F9D3D8729BC1E27FBB63F72726530166BB984CE39784F2188E89B018A4B1D8F7049B70A7AD5EBB641BBC3C657CFB8FF18DDE1D5C068E5AC48A67DA8EAE0F648DB34C3F7519E0260802BF5AF73D8362F5F69660CB0F04839BF5BB68EF9929327447DD08E39ACE2B74E505FF4406BD11E07122EAA062990CA5C3D58D57064792
-isdn.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. M/nT2HKbweJ/u2P3JyZTAWa7mEzjl4TyGI6JsBiksdj3BJtwp61eu2QbvDxlfPuP8Y3eHVwGjlrEimfajq4PZI2zTD91GeAmCAK/Wvc9g2L19pZgyw8Eg5v1u2jvmSkydEfdCOOazit05QX/RAa9EeBxIuqgYpkMpcPVjVcGR5I= ;{id = 62298}
-066973646E30310C74797065732D7369676E6564027762087369646E6C616273026E6C00001400010000003C000D0C6973646E2D61646472657373
-isdn01.types-signed.wb.sidnlabs.nl.	60	IN	ISDN	"isdn-address"
-066973646E30310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001408050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0025661F00A5AB22A374BCA1E81488DD1C474973BCC9A32135B216F21A6371CD8608816102B217A1467B2589FB135BF6E386C872DB863E00D1292D6BAED653184D9F622EAA196A3DEF385AD4C407F42476ACAC3371AF5D7579550ADC21D829C713B35B54EEAE1EBF44F09BB04E4EF20DF764E288E06ABDE19D9988491CD524F7F1
-isdn01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	ISDN 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. JWYfAKWrIqN0vKHoFIjdHEdJc7zJoyE1shbyGmNxzYYIgWECshehRnslifsTW/bjhshy24Y+ANEpLWuu1lMYTZ9iLqoZaj3vOFrUxAf0JHasrDNxr111eVUK3CHYKccTs1tU7q4ev0Twm7BOTvIN92TiiOBqveGdmYhJHNUk9/E= ;{id = 62298}
-066973646E30310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C066973646E30320C74797065732D7369676E6564027762087369646E6C616273026E6C000006000008000003
-isdn01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	isdn02.types-signed.wb.sidnlabs.nl. ISDN RRSIG NSEC
-066973646E30310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C006201C022F9A512BE073608B228D510F7450042ED9C90F58CCE24F03DC04A6A50173DA0D15C1BEED673605EC891851CD1539CD0680ACE338FDA1A264D017FB97E5CE901A3D84D1AD484B63718B8AA9BF6BC6F50D5AB3B55AFB33CF7A6443D804D6A80AF38999FBB0D4D691223103B3CC7D20D2EA9EC28DADC45A20D0186FA7AE9
-isdn01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. YgHAIvmlEr4HNgiyKNUQ90UAQu2ckPWMziTwPcBKalAXPaDRXBvu1nNgXsiRhRzRU5zQaArOM4/aGiZNAX+5flzpAaPYTRrUhLY3GLiqm/a8b1DVqztVr7M896ZEPYBNaoCvOJmfuw1NaRIjEDs8x9INLqnsKNrcRaINAYb6euk= ;{id = 62298}
-066973646E30320C74797065732D7369676E6564027762087369646E6C616273026E6C00001400010000003C00180C6973646E2D616464726573730A73756261646472657373
-isdn02.types-signed.wb.sidnlabs.nl.	60	IN	ISDN	"isdn-address" "subaddress"
-066973646E30320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001408050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00BE7FEF5228FC39172DF42EFEA5CF75D99B804A5C9281260BB36390D0CC9EC2E166B767DAE8546BE1B3FBF34BA43CFCBB88C1983641F486A69B9B4AC13E6DBB09854E330A0E53BE44B273D563FB46AA7D5DC9390D276F2211429EBD4D5C811A209BE84F076B2528D5CECD80085185398A85C414A54A82F4A698D0EE28AA010202
-isdn02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	ISDN 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. vn/vUij8ORct9C7+pc912ZuASlySgSYLs2OQ0MyewuFmt2fa6FRr4bP780ukPPy7iMGYNkH0hqabm0rBPm27CYVOMwoOU75EsnPVY/tGqn1dyTkNJ28iEUKevU1cgRogm+hPB2slKNXOzYAIUYU5ioXEFKVKgvSmmNDuKKoBAgI= ;{id = 62298}
-066973646E30320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C066973646E30330C74797065732D7369676E6564027762087369646E6C616273026E6C000006000008000003
-isdn02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	isdn03.types-signed.wb.sidnlabs.nl. ISDN RRSIG NSEC
-066973646E30320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C005B70D2DBB8DD7281692C6ACF22B728C23E731A7599C0B243AA5F6275AF7499A22CD5CD97C098D7BABFA6B147FA7220F74FBBDC1310843728DCB9121F5EBBCAFEA0AE583A4F2B4A47C3648643CA17E02C3F8218118FF21E2BE3038E6336668275436C9634A167B603F3101C2CEDCAA3A412CE033E397BB59ABEC63635DD109B06
-isdn02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. W3DS27jdcoFpLGrPIrcowj5zGnWZwLJDql9ida90maIs1c2XwJjXur+msUf6ciD3T7vcExCENyjcuRIfXrvK/qCuWDpPK0pHw2SGQ8oX4Cw/ghgRj/IeK+MDjmM2ZoJ1Q2yWNKFntgPzEBws7cqjpBLOAz45e7WavsY2Nd0QmwY= ;{id = 62298}
-066973646E30330C74797065732D7369676E6564027762087369646E6C616273026E6C00001400010000003C000D0C6973646E2D61646472657373
-isdn03.types-signed.wb.sidnlabs.nl.	60	IN	ISDN	"isdn-address"
-066973646E30330C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001408050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00B91462706D45C9048E5E65843BEDE1213450CA7F2E39D3C8489AC384F45600941A143F65BE71B8CEEBB494E3D0B0743F4B560BB1A70E43FBDF6CE32535EDC2A274AFA4AC38B44DAD0DC0715AF923B78E8A67F92B8A7EF6E6FB932364FA906CB61FF252EF5F5743AA58ED681C1C7AE05085CBF77B5CA8AA81124210A69FB9C3BD
-isdn03.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	ISDN 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. uRRicG1FyQSOXmWEO+3hITRQyn8uOdPISJrDhPRWAJQaFD9lvnG4zuu0lOPQsHQ/S1YLsacOQ/vfbOMlNe3ConSvpKw4tE2tDcBxWvkjt46KZ/krin725vuTI2T6kGy2H/JS719XQ6pY7WgcHHrgUIXL93tcqKqBEkIQpp+5w70= ;{id = 62298}
-066973646E30330C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C066973646E30340C74797065732D7369676E6564027762087369646E6C616273026E6C000006000008000003
-isdn03.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	isdn04.types-signed.wb.sidnlabs.nl. ISDN RRSIG NSEC
-066973646E30330C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00A286BF39805CB0E0A5A46B01324C2F5F1F4D0120F7B12D303167075193EAFDC886C478831B056BC4A512CAA0E01617E5AB026CECC173CAE893029EBC7F61B7965A2BDE1924EE28627699A0016BB9A16B9ABDE68BFE377625CF38D63095A0EBF6765167CD9C2C768BE0404F779669324D6C0B47C408B1EC6B59704418503DC21F
-isdn03.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. ooa/OYBcsOClpGsBMkwvXx9NASD3sS0wMWcHUZPq/ciGxHiDGwVrxKUSyqDgFhflqwJs7MFzyuiTAp68f2G3llor3hkk7ihidpmgAWu5oWuaveaL/jd2Jc841jCVoOv2dlFnzZwsdovgQE93lmkyTWwLR8QIsexrWXBEGFA9wh8= ;{id = 62298}
-066973646E30340C74797065732D7369676E6564027762087369646E6C616273026E6C00001400010000003C00180C6973646E2D616464726573730A73756261646472657373
-isdn04.types-signed.wb.sidnlabs.nl.	60	IN	ISDN	"isdn-address" "subaddress"
-066973646E30340C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001408050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00BDE59E2A715FE714287678F2455B7013185771FDD72FAA327FA404F65F146087D972CAEB772E4531AABBE253C0ADDC386AAF88FB0B7D2CABDBA160650BF42B793F32004046F8E1E260BAF7AA7D83F4A50816752BBE1536F259C84D168A9649E8932D5115904B4027B2F818CDF80BF74368BB46B3F947EA6E3AA49FEC5138AB03
-isdn04.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	ISDN 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. veWeKnFf5xQodnjyRVtwExhXcf3XL6oyf6QE9l8UYIfZcsrrdy5FMaq74lPArdw4aq+I+wt9LKvboWBlC/QreT8yAEBG+OHiYLr3qn2D9KUIFnUrvhU28lnITRaKlknoky1RFZBLQCey+BjN+Av3Q2i7RrP5R+puOqSf7FE4qwM= ;{id = 62298}
-066973646E30340C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100028026B780C74797065732D7369676E6564027762087369646E6C616273026E6C000006000008000003
-isdn04.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	kx.types-signed.wb.sidnlabs.nl. ISDN RRSIG NSEC
-066973646E30340C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C003F56EC419B949B8DAFD999F12E8A305912E87F305228E138F9F8C79B007F96F8F455070368C2907597D366154DE2C105F520D7F20331D2BDB2E8444640A6CFFBABBBF148A7DB835C6A5E8051D5970886F5A173F6FAB7E392BA523B702B743FCFDC87200E97C7004AE0EDAABE8E56D362E5BF6F6030ECE9E99D693F13BACB2DD5
-isdn04.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. P1bsQZuUm42v2ZnxLoowWRLofzBSKOE4+fjHmwB/lvj0VQcDaMKQdZfTZhVN4sEF9SDX8gMx0r2y6ERGQKbP+6u78Uin24Ncal6AUdWXCIb1oXP2+rfjkrpSO3ArdD/P3IcgDpfHAErg7aq+jlbTYuW/b2Aw7OnpnWk/E7rLLdU= ;{id = 62298}
-026B780C74797065732D7369676E6564027762087369646E6C616273026E6C00002400010000003C0022000A026B780C74797065732D7369676E6564027762087369646E6C616273026E6C00
-kx.types-signed.wb.sidnlabs.nl.	60	IN	KX	10 kx.types-signed.wb.sidnlabs.nl.
-026B780C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002408050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C001D39E7A108FE9179D718086B31EBC38CC96D23B40E9AC2BB0D1AEDC1F25286E89915FFDF439C1D0CA7B6BDA60743B02C4CDE46BCF56D22F8BF6A71C69F892DB7938D9E448E1D20488D1BB42080D821A179BFB90AA67CDCF498A6DFDDF7644C8D6B74C45E4594734014C3D6D83F2B4F66A8E017AD60F021A5B3443CC79AC7E41E
-kx.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	KX 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. HTnnoQj+kXnXGAhrMevDjMltI7QOmsK7DRrtwfJShuiZFf/fQ5wdDKe2vaYHQ7AsTN5GvPVtIvi/anHGn4ktt5ONnkSOHSBIjRu0IIDYIaF5v7kKpnzc9Jim3933ZEyNa3TEXkWUc0AUw9bYPytPZqjgF61g8CGls0Q8x5rH5B4= ;{id = 62298}
-026B780C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A046B7830310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000000803
-kx.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	kx01.types-signed.wb.sidnlabs.nl. KX RRSIG NSEC
-026B780C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0049395CD27535477D94221632AD640FA34F2B67D648891ACA2B305BC6F668F5B4F3DAE55634FC04267A739A62B6BEAC977DB9391DA4F7B46F9E9C490EDF201CB78C8E043696E849DC46674216A6CAD9F9B1F613BE3FEA70F53A2A624FFAF183CA2E236B18C5EAC65F117E6A57F90549740C2E23B2C6D4D3D3DB87937DF1F7E1DE
-kx.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. STlc0nU1R32UIhYyrWQPo08rZ9ZIiRrKKzBbxvZo9bTz2uVWNPwEJnpzmmK2vqyXfbk5HaT3tG+enEkO3yAct4yOBDaW6EncRmdCFqbK2fmx9hO+P+pw9ToqYk/68YPKLiNrGMXqxl8RfmpX+QVJdAwuI7LG1NPT24eTffH34d4= ;{id = 62298}
-046B7830310C74797065732D7369676E6564027762087369646E6C616273026E6C00002400010000003C0023000A036B64630C74797065732D7369676E6564027762087369646E6C616273026E6C00
-kx01.types-signed.wb.sidnlabs.nl.	60	IN	KX	10 kdc.types-signed.wb.sidnlabs.nl.
-046B7830310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002408050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00949BE15AB6863033083A462D713A52E437A08351F61F8A91052F2A111429D2904495D29A97150132A57F67A78F40CE79D8A51746517EA51B7319C2EF5ECD5E5FF92FE2CCF9FB6804A4EE36BBC83E0D4E17FD52BD71B11255CFD1590B060A78724F8AB38B3CC82240856B9580FF186804F98ADB0998C3324FA03BCD6604900FCF
-kx01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	KX 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. lJvhWraGMDMIOkYtcTpS5Degg1H2H4qRBS8qERQp0pBEldKalxUBMqV/Z6ePQM552KUXRlF+pRtzGcLvXs1eX/kv4sz5+2gEpO42u8g+DU4X/VK9cbESVc/RWQsGCnhyT4qzizzIIkCFa5WA/xhoBPmK2wmYwzJPoDvNZgSQD88= ;{id = 62298}
-046B7830310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A046B7830320C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000000803
-kx01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	kx02.types-signed.wb.sidnlabs.nl. KX RRSIG NSEC
-046B7830310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00704AE0DB56C1CD1641A737E824DEA1383870A246F9E19165794BCE02AD44A227E61D5722FAF02EE4BD253D4D8101B30F8EC43DFD04263B2248F1365F6F15AF1ED1E245C648D309B94282B1317811AB502082B9539CA801B5F90084F8AE24537286FB03CD857C7D5F1E21FD146B1BA4F391A1722B84FCCAA92493D3CD4A973FFF
-kx01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. cErg21bBzRZBpzfoJN6hODhwokb54ZFleUvOAq1EoifmHVci+vAu5L0lPU2BAbMPjsQ9/QQmOyJI8TZfbxWvHtHiRcZI0wm5QoKxMXgRq1AggrlTnKgBtfkAhPiuJFNyhvsDzYV8fV8eIf0Uaxuk85GhciuE/MqpJJPTzUqXP/8= ;{id = 62298}
-046B7830320C74797065732D7369676E6564027762087369646E6C616273026E6C00002400010000003C0003000A00
-kx02.types-signed.wb.sidnlabs.nl.	60	IN	KX	10 .
-046B7830320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002408050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C009BCA45823DDD82F9A41FF021C0123EC35CBCC3AEC5A74355C009025DA3B24D287C1D96CB3E66A9932ED30B3581B1CEAB21EBBFC8D12A0A1844A87DC54DD857B46882F1CB8ACBB4DAEF220FD088EA0115D70DD4AF299A876E816FF75C0E8D11FACEF906C101B3A09BA48A6A842D422E6552E96D63280CF1A1CB7B13E078B701E0
-kx02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	KX 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. m8pFgj3dgvmkH/AhwBI+w1y8w67Fp0NVwAkCXaOyTSh8HZbLPmapky7TCzWBsc6rIeu/yNEqChhEqH3FTdhXtGiC8cuKy7Ta7yIP0IjqARXXDdSvKZqHboFv91wOjRH6zvkGwQGzoJukimqELUIuZVLpbWMoDPGhy3sT4Hi3AeA= ;{id = 62298}
-046B7830320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100029036C33320C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000000803
-kx02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	l32.types-signed.wb.sidnlabs.nl. KX RRSIG NSEC
-046B7830320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00667C5D0349B39BB79BE3420CF11E3364066D1A268F2BF95E576CBE17CB122255692E2CCB5BA5591C7DC46A2CCA9D05D482A51BC566BE4AA3A022F5463A57B3DF2801C8A1C94E20402B2E0D6A749E7169A6D2F435377E46BEA71B1AECCD102B64B43F0B07D2F90BB028E343E60CFD6542F831780A83EF8699D673599AF22474C2
-kx02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. ZnxdA0mzm7eb40IM8R4zZAZtGiaPK/leV2y+F8sSIlVpLizLW6VZHH3EaizKnQXUgqUbxWa+SqOgIvVGOlez3ygByKHJTiBAKy4NanSecWmm0vQ1N35GvqcbGuzNECtktD8LB9L5C7Ao40PmDP1lQvgxeAqD74aZ1nNZmvIkdMI= ;{id = 62298}
-036C33320C74797065732D7369676E6564027762087369646E6C616273026E6C00006900010000003C0006000AC0000201
-l32.types-signed.wb.sidnlabs.nl.	60	IN	L32	10 192.0.2.1
-036C33320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF006908050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00C32B9C1FF9DCBA100FA5F933658B71C8BA9352C433F959F1F9D13591779EF5C61D0D46B17DC545672E8B7116667604448EF6D78B2846B15140453B47AFF44055817C91C8ECCBCFB82EC8E7844527564DD647DFD30A817D2B15C7B2D3CD40525AD349F42A0D9D5AF7EA3F7214CC8A54DEBE70DDFA2A4587C060B50F8D5A1D64FC
-l32.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	L32 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. wyucH/ncuhAPpfkzZYtxyLqTUsQz+Vnx+dE1kXee9cYdDUaxfcVFZy6LcRZmdgREjvbXiyhGsVFARTtHr/RAVYF8kcjsy8+4LsjnhEUnVk3WR9/TCoF9KxXHstPNQFJa00n0Kg2dWvfqP3IUzIpU3r5w3foqRYfAYLUPjVodZPw= ;{id = 62298}
-036C33320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100031036C36340C74797065732D7369676E6564027762087369646E6C616273026E6C00000E0000000000030000000000000040
-l32.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	l64.types-signed.wb.sidnlabs.nl. RRSIG NSEC L32
-036C33320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C003618267BD98B5FE7DFD44B66A31AFB1006B01D7302A460AD6FB44CC22FF677C27F60AA350572BBE6D7970A325E488946FF9257AA4D4CD6AC3C412931F9A5A828251206BF1B990B75A982ACE9150AD0BA13D5F5DF0566E501063BA7BB76AC4B7C549BE177B6E5A41DFF64292ECE0ED3667F7ACCCC07EA65C161128232FE092B25
-l32.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Nhgme9mLX+ff1Etmoxr7EAawHXMCpGCtb7RMwi/2d8J/YKo1BXK75teXCjJeSIlG/5JXqk1M1qw8QSkx+aWoKCUSBr8bmQt1qYKs6RUK0LoT1fXfBWblAQY7p7t2rEt8VJvhd7blpB3/ZCkuzg7TZn96zMwH6mXBYRKCMv4JKyU= ;{id = 62298}
-036C36340C74797065732D7369676E6564027762087369646E6C616273026E6C00006A00010000003C000A000A2A000D7800040503
-l64.types-signed.wb.sidnlabs.nl.	60	IN	L64	10 2a00:0d78:0004:0503
-036C36340C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF006A08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0014BE0DF88D725B5049361F508D8AF7420D226D96C9F520CC62AF7DBA10BCEE7B5DCF85FA3172E51DBC25BF584D623CD315B14E92CBA30ABCF303D9EA20A7CFD55FE3AC76B031BBCE45223D82A42C06F7FC3CC9D2BA11E306085732AAAA8480340CFA8FAE1C75B20D9232F78146860BC6E35C968071248FC8BFE3DE9AE3B2E127
-l64.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	L64 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. FL4N+I1yW1BJNh9QjYr3Qg0ibZbJ9SDMYq99uhC87ntdz4X6MXLlHbwlv1hNYjzTFbFOksujCrzzA9nqIKfP1V/jrHawMbvORSI9gqQsBvf8PMnSuhHjBghXMqqqhIA0DPqPrhx1sg2SMveBRoYLxuNcloBxJI/Iv+PemuOy4Sc= ;{id = 62298}
-036C36340C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100031036C6F630C74797065732D7369676E6564027762087369646E6C616273026E6C00000E0000000000030000000000000020
-l64.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	loc.types-signed.wb.sidnlabs.nl. RRSIG NSEC L64
-036C36340C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C003023888603877FDEC33CA964AEC98A491C65C570570BC883696C61E792C249F294E206799178F30984A2725376D7138756C7D3CCD7EB42833E728B8248C75A0BC5B62C097BF92332A988AC6DBC91D77D2B231FD0567A2484F3F85C8C9A4AA0D5596CE94A5457D782E3585B9B175E19F8D53DB9796717F8803134FCDDFB470BD1
-l64.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. MCOIhgOHf97DPKlkrsmKSRxlxXBXC8iDaWxh55LCSfKU4gZ5kXjzCYSiclN21xOHVsfTzNfrQoM+couCSMdaC8W2LAl7+SMyqYisbbyR130rIx/QVnokhPP4XIyaSqDVWWzpSlRX14LjWFubF14Z+NU9uXlnF/iAMTT83ftHC9E= ;{id = 62298}
-036C6F630C74797065732D7369676E6564027762087369646E6C616273026E6C00001D00010000003C0010002325238CE82360854A10A000989A68
-loc.types-signed.wb.sidnlabs.nl.	60	IN	LOC	60 09 00.000 N 24 39 00.000 E 10m 20m 2000m 20m
-036C6F630C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001D08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0081730F8F1A032FB7770A530916F5DFF1E56B53E72BCBFFAF3C4DD2C42E4AA3F2BD998347EE6D5C7095AAB7D53FD3F2FC8094BCF132DFAC14D739FCA8BA1C297B941CED642E63FB671BE6168CF9AF00E7D0A0F7E7E23BFCCB0CBF29B52C01BD5006CF6D85087ACBBD8A197A89BAAD7B62EC388F2CF010C84A31FDFDD09B2760A5
-loc.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	LOC 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. gXMPjxoDL7d3ClMJFvXf8eVrU+cry/+vPE3SxC5Ko/K9mYNH7m1ccJWqt9U/0/L8gJS88TLfrBTXOfyouhwpe5Qc7WQuY/tnG+YWjPmvAOfQoPfn4jv8ywy/KbUsAb1QBs9thQh6y72KGXqJuq17Yuw4jyzwEMhKMf390JsnYKU= ;{id = 62298}
-036C6F630C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B056C6F6330310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000040003
-loc.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	loc01.types-signed.wb.sidnlabs.nl. LOC RRSIG NSEC
-036C6F630C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C002DA87CBC56A6C94FCD24D4418C5D65B1D920883618D31E53E91346B176C330719120EC721EED5FE830CA504EBDDB131317F041D2D2C6D23C0EE0557D500B6D521718F043B015E199AC85EB3D8C386C24A69F9E519F50F620449267EF36A08D1B03E154B51B8D0B224CFCD87381DBFCA2CC7B97738B16BEB21FD704BEF62BBFD9
-loc.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Lah8vFamyU/NJNRBjF1lsdkgiDYY0x5T6RNGsXbDMHGRIOxyHu1f6DDKUE692xMTF/BB0tLG0jwO4FV9UAttUhcY8EOwFeGZrIXrPYw4bCSmn55Rn1D2IESSZ+82oI0bA+FUtRuNCyJM/Nhzgdv8osx7l3OLFr6yH9cEvvYrv9k= ;{id = 62298}
-056C6F6330310C74797065732D7369676E6564027762087369646E6C616273026E6C00001D00010000003C0010002325238CE82360854A10A000989A68
-loc01.types-signed.wb.sidnlabs.nl.	60	IN	LOC	60 09 00.000 N 24 39 00.000 E 10m 20m 2000m 20m
-056C6F6330310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001D08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00128D516F8CE942540EE7A0DB557DC7B044C9A90C367A6F87C7826A2BAB0B955CE13FFEDB836969532ACA1492651E61EDE7BE9BF9ECBE97D36318117DD337FB82F2498D725080551831ED9D15E9F9FA7A421E168482E6483F39124BF2F8C6427FB347FBBF1C651F5E05353F5B5F8DC99C27268A6ED27D1C7DCE314A91CD8980D8
-loc01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	LOC 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Eo1Rb4zpQlQO56DbVX3HsETJqQw2em+Hx4JqK6sLlVzhP/7bg2lpUyrKFJJlHmHt576b+ey+l9NjGBF90zf7gvJJjXJQgFUYMe2dFen5+npCHhaEguZIPzkSS/L4xkJ/s0f7vxxlH14FNT9bX43JnCcmim7SfRx9zjFKkc2JgNg= ;{id = 62298}
-056C6F6330310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B056C6F6330320C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000040003
-loc01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	loc02.types-signed.wb.sidnlabs.nl. LOC RRSIG NSEC
-056C6F6330310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C000E90DD4116B8D7EE57446312864F4B54254EFF6C74C54FCA7225105700FD092C8EBFAFA0867A126AFF6E2704828A0260A4C2BC0A715F8B5E4F7DFE25D8EA8997A7D85A6417983AE45263BF9B44020B5A3FDF6D054CA77AC70E194C9542382E5CB97EB4E401AF10859052BA0E3B98CED2FD230C6EE6DECEF62B6A12895D966C33
-loc01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. DpDdQRa41+5XRGMShk9LVCVO/2x0xU/KciUQVwD9CSyOv6+ghnoSav9uJwSCigJgpMK8CnFfi15Pff4l2OqJl6fYWmQXmDrkUmO/m0QCC1o/320FTKd6xw4ZTJVCOC5cuX605AGvEIWQUroOO5jO0v0jDG7m3s72K2oSiV2WbDM= ;{id = 62298}
-056C6F6330320C74797065732D7369676E6564027762087369646E6C616273026E6C00001D00010000003C0010002300138CE82360854A10A000989A68
-loc02.types-signed.wb.sidnlabs.nl.	60	IN	LOC	60 09 00.000 N 24 39 00.000 E 10m 20m 0.00m 10m
-056C6F6330320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001D08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0053D5052F1A36F741BBEA1F58930593F80F6570F1AC9963F6B960BE80912EA5865C2372DECE6C528778451C8D871BA01B2021DA7A9B7AF629EC108738410AE830DF2DEF622B35A1EB368E796897F5285E64B10F7F747796D009CBEE82E1D8A8DA0970649443E3B5363579AC9C4E6AAFD7C77328755B8B8A01A9CF73DBE4B16068
-loc02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	LOC 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. U9UFLxo290G76h9YkwWT+A9lcPGsmWP2uWC+gJEupYZcI3LezmxSh3hFHI2HG6AbICHaept69insEIc4QQroMN8t72IrNaHrNo55aJf1KF5ksQ9/dHeW0AnL7oLh2KjaCXBklEPjtTY1eaycTmqv18dzKHVbi4oBqc9z2+SxYGg= ;{id = 62298}
-056C6F6330320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100028026C700C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000040003
-loc02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	lp.types-signed.wb.sidnlabs.nl. LOC RRSIG NSEC
-056C6F6330320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00B277F761834847BCDE78EAED1C5C063E0FB4B0B4BBAA544BA5440AD2864B96CB2BD71CEA84E774F55DEEC7D60C630CCA4215A5443AD532FADCEB46463EF4D600E96F654161082D2192C2AC6B582B65F707B49B76776C9AE56AD8C71CB44433FD20178EA30AF3181C31DD4B04C54D3C5E964A39E13C0C07984B04D61A3EB54221
-loc02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. snf3YYNIR7zeeOrtHFwGPg+0sLS7qlRLpUQK0oZLlssr1xzqhOd09V3ux9YMYwzKQhWlRDrVMvrc60ZGPvTWAOlvZUFhCC0hksKsa1grZfcHtJt2d2ya5WrYxxy0RDP9IBeOowrzGBwx3UsExU08XpZKOeE8DAeYSwTWGj61QiE= ;{id = 62298}
-026C700C74797065732D7369676E6564027762087369646E6C616273026E6C00006B00010000003C001B000A0B6C36342D7375626E657431076578616D706C6503636F6D00
-lp.types-signed.wb.sidnlabs.nl.	60	IN	LP	10 l64-subnet1.example.com.
-026C700C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF006B08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C008FDB63E2B70629AD5AF5DE907DD330C703F4A35998D44FB731740A163AD0918659353FBB0D6DCFBB1A6B025315992DD9A45721507D4F83536FDA020394720210B03E35894C9D8766CEDE5E49FC5D52F460684D43301344BEA0C62EF3C6E6392A412A3DE5795AA6543D1D410D40F8017660FA47A0AE7E89FB23F7C83A9DD3CFE2
-lp.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	LP 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. j9tj4rcGKa1a9d6QfdMwxwP0o1mY1E+3MXQKFjrQkYZZNT+7DW3PuxprAlMVmS3ZpFchUH1Pg1Nv2gIDlHICELA+NYlMnYdmzt5eSfxdUvRgaE1DMBNEvqDGLvPG5jkqQSo95XlaplQ9HUENQPgBdmD6R6Cufon7I/fIOp3Tz+I= ;{id = 62298}
-026C700C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100030026D620C74797065732D7369676E6564027762087369646E6C616273026E6C00000E0000000000030000000000000010
-lp.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	mb.types-signed.wb.sidnlabs.nl. RRSIG NSEC LP
-026C700C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0007399B93DB821BB06930D3DB5812239EB2E3709DC426FC4F5BEFE8F93A9694DF1D695EBE37BFA859CD4AF03BA9A060754C2417CA45CB47C2C1453725D035B80E2B4421993EA50C65FBE2F52CDF09262185BEFB53A3DDC55716C7BA89A34757E72E0DFAB1C768DC6948006F5D6BF355E4003B6BCAF5BA10D9F428AB0EFBDD4DFA
-lp.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Bzmbk9uCG7BpMNPbWBIjnrLjcJ3EJvxPW+/o+TqWlN8daV6+N7+oWc1K8DupoGB1TCQXykXLR8LBRTcl0DW4DitEIZk+pQxl++L1LN8JJiGFvvtTo93FVxbHuomjR1fnLg36scdo3GlIAG9da/NV5AA7a8r1uhDZ9CirDvvdTfo= ;{id = 62298}
-026D620C74797065732D7369676E6564027762087369646E6C616273026E6C00000700010000003C0025076D61696C626F780C74797065732D7369676E6564027762087369646E6C616273026E6C00
-mb.types-signed.wb.sidnlabs.nl.	60	IN	MB	mailbox.types-signed.wb.sidnlabs.nl.
-026D620C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000708050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C001CC364B63B9214A10E49128940E5399CCB27BDA74F5FA8FE31E24A87D59B4AF83D67B487A5A9017AA0D348C291BED2893D3DDF1F7D8D80C8E514E57C4D26ACE7D6C9069CC76DF9DF04C5818D56F88D9CECC32B5F2A67615CBA1E491AD58D4C1E40B444DCE206D2ABCA13FC12785D1CD1F309547E9E11C7BE6B1A95D0900D10D6
-mb.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MB 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. HMNktjuSFKEOSRKJQOU5nMsnvadPX6j+MeJKh9WbSvg9Z7SHpakBeqDTSMKRvtKJPT3fH32NgMjlFOV8TSas59bJBpzHbfnfBMWBjVb4jZzswytfKmdhXLoeSRrVjUweQLRE3OIG0qvKE/wSeF0c0fMJVH6eEce+axqV0JANENY= ;{id = 62298}
-026D620C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A046D6230310C74797065732D7369676E6564027762087369646E6C616273026E6C000006010000000003
-mb.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	mb01.types-signed.wb.sidnlabs.nl. MB RRSIG NSEC
-026D620C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C009BC273C87D910A2FE6010F4BF279EE22C0E3AF85FF484673199FCB2BB95B450DF4E48D283930B18260099C22E2E27DBDA2A09C3F581ACA6289A1AD024A95DADA589EDA98CDB96035BD3B5C422337426E29C9CC0594D527663A71001994B62CACCDE86D6F789A26DA5FB9700A154B0AD932F9C8966842FB78C390A0F474BE24D9
-mb.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. m8JzyH2RCi/mAQ9L8nnuIsDjr4X/SEZzGZ/LK7lbRQ305I0oOTCxgmAJnCLi4n29oqCcP1gaymKJoa0CSpXa2lie2pjNuWA1vTtcQiM3Qm4pycwFlNUnZjpxABmUtiyszehtb3iaJtpfuXAKFUsK2TL5yJZoQvt4w5Cg9HS+JNk= ;{id = 62298}
-046D6230310C74797065732D7369676E6564027762087369646E6C616273026E6C00000800010000003C0025076D61646E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00
-mb01.types-signed.wb.sidnlabs.nl.	60	IN	MG	madname.types-signed.wb.sidnlabs.nl.
-046D6230310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000808050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C004CFEB8707B2EC2019A0F65F1B2BF788CF9E71769A5EABFEC7E1E8D5F5D0443D7F87F4C33751ADE049DEBBFEEFA1095FEBD99A24FBD2F645ABD8E760FC45EA737BCD848FB972C9AA85C6F6A750180D74CA2B35996B7920B0747C352DCD29EDD4147E45AA417C78C4C5EFF85BFE97601BB7819C3241245708E171472D3854E18FF
-mb01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MG 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. TP64cHsuwgGaD2Xxsr94jPnnF2ml6r/sfh6NX10EQ9f4f0wzdRreBJ3rv+76EJX+vZmiT70vZFq9jnYPxF6nN7zYSPuXLJqoXG9qdQGA10yis1mWt5ILB0fDUtzSnt1BR+RapBfHjExe/4W/6XYBu3gZwyQSRXCOFxRy04VOGP8= ;{id = 62298}
-046D6230310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A046D6230320C74797065732D7369676E6564027762087369646E6C616273026E6C000006008000000003
-mb01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	mb02.types-signed.wb.sidnlabs.nl. MG RRSIG NSEC
-046D6230310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0094091AD1B69EBFC2FAB5AC5A17FFAECF5992675FA01E67FC820B1F6A139F4B3D26180D0E31FC773F7D095A981AA9E123567CE6C5A4DCA7D4A5AAC7BAFD208BD171E1F6CC5C7932A9F019AF1A059DF8796355946053575D6ACD5F7C60D2D2272B2DC876A27707D04110209A33704FEEB41E578E063C94A004BCFF0AF8341DD100
-mb01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. lAka0baev8L6taxaF/+uz1mSZ1+gHmf8ggsfahOfSz0mGA0OMfx3P30JWpgaqeEjVnzmxaTcp9Slqse6/SCL0XHh9sxceTKp8BmvGgWd+HljVZRgU1ddas1ffGDS0icrLch2oncH0EEQIJozcE/utB5XjgY8lKAEvP8K+DQd0QA= ;{id = 62298}
-046D6230320C74797065732D7369676E6564027762087369646E6C616273026E6C00000800010000003C000100
-mb02.types-signed.wb.sidnlabs.nl.	60	IN	MG	.
-046D6230320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000808050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0047D3D581302DFE1B5C5F10A927E93B44AA4D15702C88BABA39814B65ADBFE84E68FFFBDDF35CD97DEB612ED98284C0CB80112D7DA0C03CE3ABF0BD0D589646BC029C4D1EDF435D3D86A76AA3DED58B39C68E5BF778193A0BAD65988ED6F03ED16DA32562D145B4E8C79AB7A2A4277EF73D468FE7FF1DD3CA336BB056A8403231
-mb02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MG 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. R9PVgTAt/htcXxCpJ+k7RKpNFXAsiLq6OYFLZa2/6E5o//vd81zZfethLtmChMDLgBEtfaDAPOOr8L0NWJZGvAKcTR7fQ109hqdqo97ViznGjlv3eBk6C61lmI7W8D7RbaMlYtFFtOjHmreipCd+9z1Gj+f/HdPKM2uwVqhAMjE= ;{id = 62298}
-046D6230320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100028026D640C74797065732D7369676E6564027762087369646E6C616273026E6C000006008000000003
-mb02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	md.types-signed.wb.sidnlabs.nl. MG RRSIG NSEC
-046D6230320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0082204D6DA0937D633C74774FC492D17B57D4470941C1D66F64D0321DC5F442DF6DBAD24F5F70816ED9D01DAE94C2988DBE71FBDD5FC2EFC4EF2C1706EBF22C51A71E1E50F8B8A3110A8A62F38396A0446DA43A0DC60FF1DFCA64E11602D5BB5FEF3C8B0AAF0EF9EC9F756AC4AC9B429D62FD4EC5978E4AA2074372CC3D164B4A
-mb02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. giBNbaCTfWM8dHdPxJLRe1fURwlBwdZvZNAyHcX0Qt9tutJPX3CBbtnQHa6UwpiNvnH73V/C78TvLBcG6/IsUaceHlD4uKMRCopi84OWoERtpDoNxg/x38pk4RYC1btf7zyLCq8O+eyfdWrErJtCnWL9TsWXjkqiB0NyzD0WS0o= ;{id = 62298}
-026D640C74797065732D7369676E6564027762087369646E6C616273026E6C00000300010000003C002D0F6D61696C64657374696E6174696F6E0C74797065732D7369676E6564027762087369646E6C616273026E6C00
-md.types-signed.wb.sidnlabs.nl.	60	IN	MD	maildestination.types-signed.wb.sidnlabs.nl.
-026D640C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000308050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0057CB1B8E5DC61C97139673CCAC5C894AC816890D67537CDDC72492A206D9086449A145D318DDD2F02420E149D8C48D1E1512D8777D628C347508421FD226F87222D0C71F1F863B320761D4011B5AABC1850336D1185024F978CA5F7C7F77A1947EB45DABAD39712CBA6E07DF42D8E89358BE347D8BC02F2D4980FC720ED5C92D
-md.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MD 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. V8sbjl3GHJcTlnPMrFyJSsgWiQ1nU3zdxySSogbZCGRJoUXTGN3S8CQg4UnYxI0eFRLYd31ijDR1CEIf0ib4ciLQxx8fhjsyB2HUARtaq8GFAzbRGFAk+XjKX3x/d6GUfrRdq605cSy6bgffQtjok1i+NH2LwC8tSYD8cg7VyS0= ;{id = 62298}
-026D640C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100028026D660C74797065732D7369676E6564027762087369646E6C616273026E6C000006100000000003
-md.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	mf.types-signed.wb.sidnlabs.nl. MD RRSIG NSEC
-026D640C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00570F2EB40A47A454EE136ABB1989E6161E486248ECDB5C6E139E1CB53857C6C3500706B102B21B4245961F85626234C8DC2DE65F32E07476009BD26C3FB6D1CE8AD9E9911FBCFFC96F897352FC6C1C19426B40CA64E7025CA44E3BC36AEACBBDC2C775CC9F2FE0ECA14CD0667DBB61B29CFE425AF496C1B2AC05AA75AC8E7911
-md.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Vw8utApHpFTuE2q7GYnmFh5IYkjs21xuE54ctThXxsNQBwaxArIbQkWWH4ViYjTI3C3mXzLgdHYAm9JsP7bRzorZ6ZEfvP/Jb4lzUvxsHBlCa0DKZOcCXKROO8Nq6su9wsd1zJ8v4OyhTNBmfbthspz+Qlr0lsGyrAWqdayOeRE= ;{id = 62298}
-026D660C74797065732D7369676E6564027762087369646E6C616273026E6C00000400010000003C002B0D6D61696C666F727761726465720C74797065732D7369676E6564027762087369646E6C616273026E6C00
-mf.types-signed.wb.sidnlabs.nl.	60	IN	MF	mailforwarder.types-signed.wb.sidnlabs.nl.
-026D660C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000408050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C001A68FCEAB32F07C83CF70A6B285F4205E1BAF64BAEDB5EDAC29D690B3BD10EE0E5E40A5160CEEAF65EA8C877DBB02F925E779ED32002FC8E23E719ACD88451B43EE4B9D9B40ECEE87DFC904B865C89460AA0F7A6B1959C05AE623CFF8D42E3BF8CF37841462642E6F3DD8E4184F091382CAC777AA03424A4FD98665620D64E37
-mf.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MF 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Gmj86rMvB8g89wprKF9CBeG69kuu217awp1pCzvRDuDl5ApRYM7q9l6oyHfbsC+SXnee0yAC/I4j5xms2IRRtD7kudm0Ds7offyQS4ZciUYKoPemsZWcBa5iPP+NQuO/jPN4QUYmQubz3Y5BhPCROCysd3qgNCSk/ZhmViDWTjc= ;{id = 62298}
-026D660C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100028026D670C74797065732D7369676E6564027762087369646E6C616273026E6C000006080000000003
-mf.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	mg.types-signed.wb.sidnlabs.nl. MF RRSIG NSEC
-026D660C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C006891F178CD9142759EEB12DF1FBE44606BC4A6EA38B507BA70B861280A628121AFF2CB3CA696CF7B5EEA4AF1713C9148A69FAFCA3AC0B6EF3D02F73B70FE143EE5DB44A784DD757EAA81FBDD44C9E85B3E8B5A77742B977969E95CD9BFAF59C6A24EEDABE0428ACB48385BEC12245337486C50F1FBD5E05D53B21CE2557A067A
-mf.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. aJHxeM2RQnWe6xLfH75EYGvEpuo4tQe6cLhhKApigSGv8ss8ppbPe17qSvFxPJFIpp+vyjrAtu89Avc7cP4UPuXbRKeE3XV+qoH73UTJ6Fs+i1p3dCuXeWnpXNm/r1nGok7tq+BCistIOFvsEiRTN0hsUPH71eBdU7Ic4lV6Bno= ;{id = 62298}
-026D670C74797065732D7369676E6564027762087369646E6C616273026E6C00000800010000003C002D0F6D61696C67726F75706D656D6265720C74797065732D7369676E6564027762087369646E6C616273026E6C00
-mg.types-signed.wb.sidnlabs.nl.	60	IN	MG	mailgroupmember.types-signed.wb.sidnlabs.nl.
-026D670C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000808050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C001BC62AC02A5E0627A39F789FC2719F8486B38D9260CC3518FE9F6DA9DD2B3C6E2EC01BCCA4226BC7A9A46FC4D63C05E64DFF8D587972E6D8B978E81515B96C7D5DAC1E5EEC70AE7300DB0808598BD3981F2D3A163C275BA4527772EAEFE4F1D62AF94060E66DF36B341D673714B3281E8E4E68D374846AEF80ADD07975C7102B
-mg.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MG 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. G8YqwCpeBiejn3ifwnGfhIazjZJgzDUY/p9tqd0rPG4uwBvMpCJrx6mkb8TWPAXmTf+NWHly5ti5eOgVFblsfV2sHl7scK5zANsICFmL05gfLToWPCdbpFJ3curv5PHWKvlAYOZt82s0HWc3FLMoHo5OaNN0hGrvgK3QeXXHECs= ;{id = 62298}
-026D670C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A046D6730310C74797065732D7369676E6564027762087369646E6C616273026E6C000006008000000003
-mg.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	mg01.types-signed.wb.sidnlabs.nl. MG RRSIG NSEC
-026D670C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00666DCB78D770395351FAB42CF08218A934B11831417EB46CA81A2B99817FAF1557708C92FAD03CAFB548E01981B61C1F3286D8B3716803A69B1FBF012B544CB1F091EB6907F444E70CCF6C4EFDED6ED150A1DC806E22A155F5742C96772F132A9E24C79411FCD3C6CE4BCB0926DA2E8699E3C18FA54EB319C099315731082676
-mg.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Zm3LeNdwOVNR+rQs8IIYqTSxGDFBfrRsqBormYF/rxVXcIyS+tA8r7VI4BmBthwfMobYs3FoA6abH78BK1RMsfCR62kH9ETnDM9sTv3tbtFQodyAbiKhVfV0LJZ3LxMqniTHlBH808bOS8sJJtouhpnjwY+lTrMZwJkxVzEIJnY= ;{id = 62298}
-046D6730310C74797065732D7369676E6564027762087369646E6C616273026E6C00000800010000003C0025076D676D6E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00
-mg01.types-signed.wb.sidnlabs.nl.	60	IN	MG	mgmname.types-signed.wb.sidnlabs.nl.
-046D6730310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000808050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0057584E8D70217F7AF5A66CA57BE5EB5168D8735C8F09CBCEC36E570DBCA923597948367C13E31B8CCB531E4C29521B321F2270BDE1E7840EF355BA34E9E4C55AB03864F60EC93582AF2340884502709920EAD33E3A3410E366D5B041D1DDDCD2FBA933FC8D2BF4D21A369A786714C594511428244432FA7392F234012B457C48
-mg01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MG 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. V1hOjXAhf3r1pmyle+XrUWjYc1yPCcvOw25XDbypI1l5SDZ8E+MbjMtTHkwpUhsyHyJwveHnhA7zVbo06eTFWrA4ZPYOyTWCryNAiEUCcJkg6tM+OjQQ42bVsEHR3dzS+6kz/I0r9NIaNpp4ZxTFlFEUKCREMvpzkvI0AStFfEg= ;{id = 62298}
-046D6730310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A046D6730320C74797065732D7369676E6564027762087369646E6C616273026E6C000006008000000003
-mg01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	mg02.types-signed.wb.sidnlabs.nl. MG RRSIG NSEC
-046D6730310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00965EA55B0D6FA2B176CF0CDC1C8763BD76668CEE9FB639172C8ABEB11C61BC742CF8C9CE4565FD9A708E51BC214D812CCD837740688CA3441914F513470B73E38F3BA004590376FC7F85D7EC333870F1CA710B5074DEA47C071C1CC7BE67E416093C3E8BC244144E6BFDC22545B30D5D5AC1B5E0AE1D3C574D49C0D4412CBADF
-mg01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. ll6lWw1vorF2zwzcHIdjvXZmjO6ftjkXLIq+sRxhvHQs+MnORWX9mnCOUbwhTYEszYN3QGiMo0QZFPUTRwtz4487oARZA3b8f4XX7DM4cPHKcQtQdN6kfAccHMe+Z+QWCTw+i8JEFE5r/cIlRbMNXVrBteCuHTxXTUnA1EEsut8= ;{id = 62298}
-046D6730320C74797065732D7369676E6564027762087369646E6C616273026E6C00000800010000003C000100
-mg02.types-signed.wb.sidnlabs.nl.	60	IN	MG	.
-046D6730320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000808050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00814A48EC9E056077137560D1ACCF0601D163208F0478CB8954ED9D2ACCEB12FF2AEDBF43A6CF4A9C4D206758D63A977BE9D572D15C1D93E2597BFEF64165DB1F79BF2ED93186300ADB42DA5F2C6CEA2F10A3EFB512EB7DD1D1D02B9E525072FA54B966687F32EC1A2ADBFF0D43B75F1AE733DEE36C6355568D6BA62DCAD3D980
-mg02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MG 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. gUpI7J4FYHcTdWDRrM8GAdFjII8EeMuJVO2dKszrEv8q7b9Dps9KnE0gZ1jWOpd76dVy0Vwdk+JZe/72QWXbH3m/LtkxhjAK20LaXyxs6i8Qo++1Eut90dHQK55SUHL6VLlmaH8y7Boq2/8NQ7dfGucz3uNsY1VWjWumLcrT2YA= ;{id = 62298}
-046D6730320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B056D696E666F0C74797065732D7369676E6564027762087369646E6C616273026E6C000006008000000003
-mg02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	minfo.types-signed.wb.sidnlabs.nl. MG RRSIG NSEC
-046D6730320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00393AEBDF51BD90EA8161A2A20DC8EE9A0EE7F37F29381755FCB17BC3A99ABF0D85509F32E02D063AF1904868F5D8E87821CD5F0737ECE04A740BA6F9563E7C7567AC2C92418B71AA387C72BFD6CF68BB698C3BC808DD81AB44F4D9066266E9BB5CC747421F4FE6B22915E93A0138A04403C3FA42D77A460613CA8BD1F43EF314
-mg02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. OTrr31G9kOqBYaKiDcjumg7n838pOBdV/LF7w6mavw2FUJ8y4C0GOvGQSGj12Oh4Ic1fBzfs4Ep0C6b5Vj58dWesLJJBi3GqOHxyv9bPaLtpjDvICN2Bq0T02QZiZum7XMdHQh9P5rIpFek6ATigRAPD+kLXekYGE8qL0fQ+8xQ= ;{id = 62298}
-056D696E666F0C74797065732D7369676E6564027762087369646E6C616273026E6C00000E00010000003C002209626F786D617374657203666F6F0362617200076D61696C626F7805746865726500
-minfo.types-signed.wb.sidnlabs.nl.	60	IN	MINFO	boxmaster.foo.bar. mailbox.there.
-056D696E666F0C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000E08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00640FE71C2231D066C2A2415B3C73B684CBDA3C97AC22FDE008E8159A396ECC6ACEE6024CCB27AB34B626C15B308937487F8B25FB08BDE36D723C984CE70855648F8DC378B1063BF0837F57E6A606E123FAD94201D90B9418125C37E5D5AE38681A696381D35C6CADEEE076EA56C6469784EB845DCEE763EEDCBF6D442F7D8E07
-minfo.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MINFO 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. ZA/nHCIx0GbCokFbPHO2hMvaPJesIv3gCOgVmjluzGrO5gJMyyerNLYmwVswiTdIf4sl+wi9421yPJhM5whVZI+Nw3ixBjvwg39X5qYG4SP62UIB2QuUGBJcN+XVrjhoGmljgdNcbK3u4HbqVsZGl4TrhF3O52Pu3L9tRC99jgc= ;{id = 62298}
-056D696E666F0C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002D076D696E666F30310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000200000003
-minfo.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	minfo01.types-signed.wb.sidnlabs.nl. MINFO RRSIG NSEC
-056D696E666F0C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00715B36317F7022514399CFB4D3E84469AB69A749230AD914CEA2408C60102910EF87DA103961413A6F6F133B31AD42C13B380B344A6458BBF371CFA2930E699BDDF4EBA5ADF24E7068B99B0EA20B032D64C29B91F081554EA8C5AC6DEAD135720EBA808FB689073DACD3AC3DF646C4DAF4A2960AC3650B60DCF8C1BCDF8D25B7
-minfo.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. cVs2MX9wIlFDmc+00+hEaatpp0kjCtkUzqJAjGAQKRDvh9oQOWFBOm9vEzsxrULBOzgLNEpkWLvzcc+ikw5pm93066Wt8k5waLmbDqILAy1kwpuR8IFVTqjFrG3q0TVyDrqAj7aJBz2s06w99kbE2vSilgrDZQtg3PjBvN+NJbc= ;{id = 62298}
-076D696E666F30310C74797065732D7369676E6564027762087369646E6C616273026E6C00000E00010000003C00020000
-minfo01.types-signed.wb.sidnlabs.nl.	60	IN	MINFO	. .
-076D696E666F30310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000E08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C003CB31E1C90A158134ED8B59B5B1B2E2281DBA2FA52DC1260108AAB3E0D2E84EDFC54CCD08E7957476271D95072041B41D697AFE0B86EAD4B12CDD63197975CB5C595FF8E50FCC9C94A884EC3D084C498649707FF47D554D2514560B975DEF1D6F136E5468EA13BFB467BD23156CEDFBD0D1C5B3DB41249C5512BF4C0E4A29478
-minfo01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MINFO 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. PLMeHJChWBNO2LWbWxsuIoHbovpS3BJgEIqrPg0uhO38VMzQjnlXR2Jx2VByBBtB1pev4LhurUsSzdYxl5dctcWV/45Q/MnJSohOw9CExJhklwf/R9VU0lFFYLl13vHW8TblRo6hO/tGe9IxVs7fvQ0cWz20EknFUSv0wOSilHg= ;{id = 62298}
-076D696E666F30310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100028026D720C74797065732D7369676E6564027762087369646E6C616273026E6C000006000200000003
-minfo01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	mr.types-signed.wb.sidnlabs.nl. MINFO RRSIG NSEC
-076D696E666F30310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00BA0C86E32AC03E9A5DD77FC6172BAD10148AF3DEDE44090ED72C145A086BE39D1424B95B1132D82C8580EAC47807EA92DC722E3E6AFEE57086AD2A6A0C0D80170CDB26DD9051FC920F2C9C30BA53564E0F5525256D06335931145E541AD6BA8B63A653368D52A972C7EA0A2D5103CB1A417A6EEA5811283335EFA0E546EC289D
-minfo01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. ugyG4yrAPppd13/GFyutEBSK897eRAkO1ywUWghr450UJLlbETLYLIWA6sR4B+qS3HIuPmr+5XCGrSpqDA2AFwzbJt2QUfySDyycMLpTVk4PVSUlbQYzWTEUXlQa1rqLY6ZTNo1SqXLH6gotUQPLGkF6bupYESgzNe+g5UbsKJ0= ;{id = 62298}
-026D720C74797065732D7369676E6564027762087369646E6C616273026E6C00000900010000003C00280A6D61696C72656E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00
-mr.types-signed.wb.sidnlabs.nl.	60	IN	MR	mailrename.types-signed.wb.sidnlabs.nl.
-026D720C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000908050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C006C10E517DED2588CFF9B07DB683EEBD0BCA48DEC046A2FD0253AC54A4635954F24881192E3D56F9D016D779AF456D77A9493CC7AC166A12F8245F7DDB9E66D46170CAB0FA131A8A342542721C4BA15F9EBBBFAD60AF28A69F3D45FF478D511D8D0ECE21CE2B190427E7F83D1CDB68780CCECB1DE3834C5789CA72238985797C9
-mr.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MR 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. bBDlF97SWIz/mwfbaD7r0LykjewEai/QJTrFSkY1lU8kiBGS49VvnQFtd5r0Vtd6lJPMesFmoS+CRffdueZtRhcMqw+hMaijQlQnIcS6Ffnru/rWCvKKafPUX/R41RHY0OziHOKxkEJ+f4PRzbaHgMzssd44NMV4nKciOJhXl8k= ;{id = 62298}
-026D720C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A046D7230310C74797065732D7369676E6564027762087369646E6C616273026E6C000006004000000003
-mr.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	mr01.types-signed.wb.sidnlabs.nl. MR RRSIG NSEC
-026D720C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0077658CCDA142E59BD47C633C857A63AFCC9C32FFF5CB37C1C56BF2F96F2D0A2EA1994B7D6CACF3B03C4ED36F678A86BCA10667255B7B83E7E795A0CF1472846CD62BDE14A5D2603D8ED914644787C0451DE326B4FCACF7F327447D2FA21FDD160D95DD9AB74909781368B79225FA261585F5F1DD6DEA360110E86F8380B8B1E2
-mr.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. d2WMzaFC5ZvUfGM8hXpjr8ycMv/1yzfBxWvy+W8tCi6hmUt9bKzzsDxO029nioa8oQZnJVt7g+fnlaDPFHKEbNYr3hSl0mA9jtkUZEeHwEUd4ya0/Kz38ydEfS+iH90WDZXdmrdJCXgTaLeSJfomFYX18d1t6jYBEOhvg4C4seI= ;{id = 62298}
-046D7230310C74797065732D7369676E6564027762087369646E6C616273026E6C00000900010000003C0024066D726E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00
-mr01.types-signed.wb.sidnlabs.nl.	60	IN	MR	mrname.types-signed.wb.sidnlabs.nl.
-046D7230310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000908050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C003619B48BD4C137D18DF7D40B68F3B43568F46249202A98F0AEBBE124E07993CA4F33CC17D04FBFC74B594F203D8CE2B6710A56D16021C43A6F32F4C00D0A0602A3F2631917EEDC572B11E1ADBD3975E3CA7C975138819C2CED5E6D0A381CF6A0CF3345EA9A7444D71C2DA6B218491E0AF0AF0A36027D36704256E33C99CE4521
-mr01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MR 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Nhm0i9TBN9GN99QLaPO0NWj0YkkgKpjwrrvhJOB5k8pPM8wX0E+/x0tZTyA9jOK2cQpW0WAhxDpvMvTADQoGAqPyYxkX7txXKxHhrb05dePKfJdROIGcLO1ebQo4HPagzzNF6pp0RNccLaayGEkeCvCvCjYCfTZwQlbjPJnORSE= ;{id = 62298}
-046D7230310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A046D7230320C74797065732D7369676E6564027762087369646E6C616273026E6C000006004000000003
-mr01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	mr02.types-signed.wb.sidnlabs.nl. MR RRSIG NSEC
-046D7230310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00478637D403C323DF3B801E3C40BBDA18D9E02ABF93E850EC7EE90D076921B838E00BA668C829FFCC7D37FDCB8E2737FB3AF8249B9066A7A5D1F3DB622A307917A5F9F928321F21A57E5BD2534DDF7CFF5ACC15EE240DC3B43C6704CADAE3439C98D17A708BE316D1BFB38F2ED62C8671E0D8B0952D816BD2277D33C5F7592E26
-mr01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. R4Y31APDI987gB48QLvaGNngKr+T6FDsfukNB2khuDjgC6ZoyCn/zH03/cuOJzf7Ovgkm5Bmp6XR89tiKjB5F6X5+SgyHyGlflvSU03ffP9azBXuJA3DtDxnBMra40OcmNF6cIvjFtG/s48u1iyGceDYsJUtgWvSJ30zxfdZLiY= ;{id = 62298}
-046D7230320C74797065732D7369676E6564027762087369646E6C616273026E6C00000900010000003C000100
-mr02.types-signed.wb.sidnlabs.nl.	60	IN	MR	.
-046D7230320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000908050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C001C8B4D5C345AEC9A7C43DD44F66E2BED6C42AC9857891E07BE2D649E754B3BDF2B4EE2EE90DB60092787B3670DD62B88A5A5CB69D77C85A01905E2BE3B9668F4CEDB685F901F43A4705C34C1A68A8B1627B04003FC06607E82B7D2A68E965899623F6D53E51D88850CC48C5BC8DAD40DF7FA4BD62B2986386B35676F085197E1
-mr02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MR 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. HItNXDRa7Jp8Q91E9m4r7WxCrJhXiR4Hvi1knnVLO98rTuLukNtgCSeHs2cN1iuIpaXLadd8haAZBeK+O5Zo9M7baF+QH0OkcFw0waaKixYnsEAD/AZgfoK30qaOlliZYj9tU+UdiIUMxIxbyNrUDff6S9YrKYY4azVnbwhRl+E= ;{id = 62298}
-046D7230320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100028026D780C74797065732D7369676E6564027762087369646E6C616273026E6C000006004000000003
-mr02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	mx.types-signed.wb.sidnlabs.nl. MR RRSIG NSEC
-046D7230320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C002C776E37CBA1FFA37C542A2B5BC77FC50379C59CD7A4E9B7D7A378A1D06BB2D259ED0F4E0F4648BC673AF8455435D2E79E833B87CDEF64C5BB0B42839ACE1C6565E2A3F582F33A01444D67CE64720207370C87B269A1E93B0BDFE4995CB3AE7B183E54C37F7317E249B6725B27564AF90BE3D555E49FE274162FF8C4621E2CD7
-mr02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. LHduN8uh/6N8VCorW8d/xQN5xZzXpOm316N4odBrstJZ7Q9OD0ZIvGc6+EVUNdLnnoM7h83vZMW7C0KDms4cZWXio/WC8zoBRE1nzmRyAgc3DIeyaaHpOwvf5Jlcs657GD5Uw39zF+JJtnJbJ1ZK+Qvj1VXkn+J0Fi/4xGIeLNc= ;{id = 62298}
-026D780C74797065732D7369676E6564027762087369646E6C616273026E6C00000F00010000003C002E000A0E6D61696C646F65736E74776F726B0C74797065732D7369676E6564027762087369646E6C616273026E6C00
-mx.types-signed.wb.sidnlabs.nl.	60	IN	MX	10 maildoesntwork.types-signed.wb.sidnlabs.nl.
-026D780C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000F08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C000E83AAE736148C3E5C0800C673F617BAB0CB1A25C843BB1AAA3BBB2D2535F1C9F6FD35EA14B044A24A80EEF27160DBEFCD4F2F52C69439F5B4A6B37E24728A1D64D59DC82888291994AE4302D58DDCE4EDAF99DA1C1FD71874243C0E624E8ADB82FC9415C86E7C7936AEF27E67AC262869FEF59989414EB4FB4337DCB111DBF8
-mx.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MX 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. DoOq5zYUjD5cCADGc/YXurDLGiXIQ7saqju7LSU18cn2/TXqFLBEokqA7vJxYNvvzU8vUsaUOfW0prN+JHKKHWTVncgoiCkZlK5DAtWN3OTtr5naHB/XGHQkPA5iTorbgvyUFchufHk2rvJ+Z6wmKGn+9ZmJQU60+0M33LER2/g= ;{id = 62298}
-026D780C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A046D7830310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000100000003
-mx.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	mx01.types-signed.wb.sidnlabs.nl. MX RRSIG NSEC
-026D780C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C009D10FC9E30258366DD6ABA74A55A5C8DF204B429A6191B191BD058E52E8BEE92081B0919333B92FBD27DF1776A844F90E2C379DB3915A0253920B6D5E51B0E4BBB858FADFE9782A4E94AC5FBFDC2018818BDEC79F109E2523FA247C358983C0F301226DB58CAD29C8EE629E136AEDA6E293E6F45793D9B9059C3DF9D2C63551F
-mx.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. nRD8njAlg2bdarp0pVpcjfIEtCmmGRsZG9BY5S6L7pIIGwkZMzuS+9J98XdqhE+Q4sN52zkVoCU5ILbV5RsOS7uFj63+l4Kk6UrF+/3CAYgYvex58QniUj+iR8NYmDwPMBIm21jK0pyO5inhNq7abik+b0V5PZuQWcPfnSxjVR8= ;{id = 62298}
-046D7830310C74797065732D7369676E6564027762087369646E6C616273026E6C00000F00010000003C0024000A046D61696C0C74797065732D7369676E6564027762087369646E6C616273026E6C00
-mx01.types-signed.wb.sidnlabs.nl.	60	IN	MX	10 mail.types-signed.wb.sidnlabs.nl.
-046D7830310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000F08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00A86C1132A50A84C3913B75996FC8C4CD142F7E2B916D9180B6D0C81001C6C5B4B021FF3F6A0F20637CDF1509DA8347BF5DCAA16E28D9B80806BBCA8FB337AD81935DC1A110FCCCC342D6FB62ABAF989A57D8B004D10DB425FBA5AA0EA7D6E6C83AA343B0BF5FFA789D423E1D01E7DF9A2716E680BE83EFC04C64AEB0D7198A77
-mx01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MX 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. qGwRMqUKhMORO3WZb8jEzRQvfiuRbZGAttDIEAHGxbSwIf8/ag8gY3zfFQnag0e/XcqhbijZuAgGu8qPszetgZNdwaEQ/MzDQtb7YquvmJpX2LAE0Q20Jfulqg6n1ubIOqNDsL9f+nidQj4dAeffmicW5oC+g+/ATGSusNcZinc= ;{id = 62298}
-046D7830310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B056E617074720C74797065732D7369676E6564027762087369646E6C616273026E6C000006000100000003
-mx01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	naptr.types-signed.wb.sidnlabs.nl. MX RRSIG NSEC
-046D7830310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C003C3CCCEDF93B97506A9847EF4C77FA4343EE2153409259EF19840F5B0F7665895EAB26AEA21DE98447D80A49617AE19955FB489EB01695360011291746E18F7E5A113140E010BB89A3FFF4308C35989051F3DC4DC4122CB35D195B0B698D22AD8B199BE535D58EB26536D1633C8FE25EB90D42C698013F319C763DE94940A92E
-mx01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. PDzM7fk7l1BqmEfvTHf6Q0PuIVNAklnvGYQPWw92ZYleqyauoh3phEfYCklheuGZVftInrAWlTYAESkXRuGPfloRMUDgELuJo//0MIw1mJBR89xNxBIss10ZWwtpjSKtixmb5TXVjrJlNtFjPI/iXrkNQsaYAT8xnHY96UlAqS4= ;{id = 62298}
-056E617074720C74797065732D7369676E6564027762087369646E6C616273026E6C00002300010000003C003F00640064017308687474702B6C407200056E617074720B7265706C6163656D656E740C74797065732D7369676E6564027762087369646E6C616273026E6C00
-naptr.types-signed.wb.sidnlabs.nl.	60	IN	NAPTR	100 100 "s" "http+l@r" "" naptr.replacement.types-signed.wb.sidnlabs.nl.
-056E617074720C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002308050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C007D709F918305386C15999995B7D9C850918778642152A1AECDB0ED26E6211D32A6C160E9404B743C1F7220ECAF25C8C21AD69372B11CDB3EB11F89FE8116F9EDA37CC41C8536A935422B2B18284E6A586E6D76D5EFB470466D3521A3D3E8125781254E34136F3419F71EAD8048FC7610F96D13D115BE23A64FC104488602F3E3
-naptr.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	NAPTR 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. fXCfkYMFOGwVmZmVt9nIUJGHeGQhUqGuzbDtJuYhHTKmwWDpQEt0PB9yIOyvJcjCGtaTcrEc2z6xH4n+gRb57aN8xByFNqk1QisrGChOalhubXbV77RwRm01IaPT6BJXgSVONBNvNBn3Hq2ASPx2EPltE9EVviOmT8EESIYC8+M= ;{id = 62298}
-056E617074720C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002D076E6170747230310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000001003
-naptr.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	naptr01.types-signed.wb.sidnlabs.nl. NAPTR RRSIG NSEC
-056E617074720C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C008F72EBD35A0EEE36E8DF434B927FE5F7018E5534A4DBE9DFC5650DC3B72C77C45C52847D96B90B61A84FEE454333020BF2C1AC4F1B14FDD56B004F84BBB357C26974EAE5E8FAB86CF9FF648614566DBE86BF813D72525325B8E568A8B0B8ABA518089AC7F62DE3D6A9236AC59F27D139C42359E3D3E0F86199859203B739F49D
-naptr.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. j3Lr01oO7jbo30NLkn/l9wGOVTSk2+nfxWUNw7csd8RcUoR9lrkLYahP7kVDMwIL8sGsTxsU/dVrAE+Eu7NXwml06uXo+rhs+f9khhRWbb6Gv4E9clJTJbjlaKiwuKulGAiax/Yt49apI2rFnyfROcQjWePT4PhhmYWSA7c59J0= ;{id = 62298}
-076E6170747230310C74797065732D7369676E6564027762087369646E6C616273026E6C00002300010000003C00080000000000000000
-naptr01.types-signed.wb.sidnlabs.nl.	60	IN	NAPTR	0 0 "" "" "" .
-076E6170747230310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002308050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00A6015315625DC63DA865A9E2734B06E021517623CA635DA025BA678AF42801C961BA508563679A4C7DC2E11BD503BAE227933CF7D702084664AC00F48677C5A90064612A9DCD38171E9E9073899EE93E95589FB87576700FA291E6DF8AB234C119914BB30BA47EF4A273210DC30529F705A7AF189922A3956D7F4FD7FC5AE798
-naptr01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	NAPTR 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. pgFTFWJdxj2oZanic0sG4CFRdiPKY12gJbpnivQoAclhulCFY2eaTH3C4RvVA7riJ5M899cCCEZkrAD0hnfFqQBkYSqdzTgXHp6Qc4me6T6VWJ+4dXZwD6KR5t+KsjTBGZFLswukfvSicyENwwUp9wWnrxiZIqOVbX9P1/xa55g= ;{id = 62298}
-076E6170747230310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002D076E6170747230320C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000001003
-naptr01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	naptr02.types-signed.wb.sidnlabs.nl. NAPTR RRSIG NSEC
-076E6170747230310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00B9E57CD3A00F82157DA43373BC5ACBF33E89A1B2B4CF114BE33F1083AA0E70D404BAC06243857E07191E7546108529FC88F6665FB3191CC4450821D3D9A8FF58C4B09DBF632D94A2D1B182EA52BBDAF176349A4A82C4597A37011EF1346E256FD6C2ADA919D1C8EF6BA3F68F5670EFAD27FD949148899FB0FF57A8DDBBE3B85B
-naptr01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. ueV806APghV9pDNzvFrL8z6JobK0zxFL4z8Qg6oOcNQEusBiQ4V+BxkedUYQhSn8iPZmX7MZHMRFCCHT2aj/WMSwnb9jLZSi0bGC6lK72vF2NJpKgsRZejcBHvE0biVv1sKtqRnRyO9ro/aPVnDvrSf9lJFIiZ+w/1eo3bvjuFs= ;{id = 62298}
-076E6170747230320C74797065732D7369676E6564027762087369646E6C616273026E6C00002300010000003C001DFFFFFFFF06626C7572676805626C6F726606626C6C6C626203666F6F00
-naptr02.types-signed.wb.sidnlabs.nl.	60	IN	NAPTR	65535 65535 "blurgh" "blorf" "blllbb" foo.
-076E6170747230320C74797065732D7369676E6564027762087369646E6C616273026E6C00002300010000003C001DFFFFFFFF06626C7572676805626C6F726606626C6C6C626203666F6F00
-naptr02.types-signed.wb.sidnlabs.nl.	60	IN	NAPTR	65535 65535 "blurgh" "blorf" "blllbb" foo.
-076E6170747230320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002308050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C003A80331F59470338C74C7BC3C87EF2FA8651E1CB35719915F6B17F301B0017D9B6A038D2B00831C55A4EC45C4AF7716BB3AADC6791A928DED6A3C2E8F2ADD85516F5857491CFC15F518C6E2FD3835C964E70C06297AF28A700ADFCE73ABA41851DD4356EB944C9939084BEA8CAD76C6B9C33A79E97AC2A5176AB6E5F34743B33
-naptr02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	NAPTR 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. OoAzH1lHAzjHTHvDyH7y+oZR4cs1cZkV9rF/MBsAF9m2oDjSsAgxxVpOxFxK93Frs6rcZ5GpKN7Wo8Lo8q3YVRb1hXSRz8FfUYxuL9ODXJZOcMBil68opwCt/Oc6ukGFHdQ1brlEyZOQhL6oytdsa5wzp56XrCpRdqtuXzR0OzM= ;{id = 62298}
-076E6170747230320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100029036E69640C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000001003
-naptr02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	nid.types-signed.wb.sidnlabs.nl. NAPTR RRSIG NSEC
-076E6170747230320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00771231AA7D7B77FC30B7F238621B7E70767DB7B233F61AA628D583B002EF204B8C3DEDC299D43A5FF9E00B82C2467F3A7FDB240071EB29CE95CC893E60E1C6648F7AC42CAB961586F0D5ADD356D12DDC3597ECBFB5E1587860F05560C10C0D540E674CDEB9E52C1A59542132DE1E52BD739CD7B9DC8C8E360AF9DF9612C9B26F
-naptr02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. dxIxqn17d/wwt/I4Yht+cHZ9t7Iz9hqmKNWDsALvIEuMPe3CmdQ6X/ngC4LCRn86f9skAHHrKc6VzIk+YOHGZI96xCyrlhWG8NWt01bRLdw1l+y/teFYeGDwVWDBDA1UDmdM3rnlLBpZVCEy3h5SvXOc17ncjI42CvnflhLJsm8= ;{id = 62298}
-036E69640C74797065732D7369676E6564027762087369646E6C616273026E6C00006800010000003C000A000A0094019801520169
-nid.types-signed.wb.sidnlabs.nl.	60	IN	NID	10 0094:0198:0152:0169
-036E69640C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF006808050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0025627D858D06C3BD42EE062F18A51A03B18E71470CDFBC080FA85576FDEAC46791D4F2AA6CFA3C8B6ADB1B42F449D7A085C4711C990A001C7DA3B5C415EEB5D5E7B91C4F0012EFF7BB9639C1D49CD5F74611985B6A11EED2F1F9ADC87321984A7848FCCC0A9E0E8469EBA6E168473A54E07C6444DA39B160FD6C32398766B081
-nid.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	NID 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. JWJ9hY0Gw71C7gYvGKUaA7GOcUcM37wID6hVdv3qxGeR1PKqbPo8i2rbG0L0SdeghcRxHJkKABx9o7XEFe611ee5HE8AEu/3u5Y5wdSc1fdGEZhbahHu0vH5rchzIZhKeEj8zAqeDoRp66bhaEc6VOB8ZETaObFg/WwyOYdmsIE= ;{id = 62298}
-036E69640C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100033056E696E666F0C74797065732D7369676E6564027762087369646E6C616273026E6C00000E0000000000030000000000000080
-nid.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	ninfo.types-signed.wb.sidnlabs.nl. RRSIG NSEC NID
-036E69640C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C002355971859ACDABB66B00BDF3A048C199A2752159B0CE8483BB9B487EA1A90AA8D4DBB34265BAFCC5FAC26BCE52469E661DC59DC3EEA3F918368C0E3CB4707320F7A0412B099170C1497C60DF68936F1338BFC8D61975BC12958D34F9788B59F49ADFF3A4048CB1C7AB6FC06C2390231398725701D8514875FA36DEDD1A3E85D
-nid.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. I1WXGFms2rtmsAvfOgSMGZonUhWbDOhIO7m0h+oakKqNTbs0JluvzF+sJrzlJGnmYdxZ3D7qP5GDaMDjy0cHMg96BBKwmRcMFJfGDfaJNvEzi/yNYZdbwSlY00+XiLWfSa3/OkBIyxx6tvwGwjkCMTmHJXAdhRSHX6Nt7dGj6F0= ;{id = 62298}
-056E696E666F0C74797065732D7369676E6564027762087369646E6C616273026E6C00003800010000003C001B1A54686973207A6F6E65206973206578706572696D656E74616C2E
-ninfo.types-signed.wb.sidnlabs.nl.	60	IN	TYPE56	\# 27 1A54686973207A6F6E65206973206578706572696D656E74616C2E
-056E696E666F0C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF003808050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0010DDA8F8BDB9541F905C47FAB758667C4C952BC6687191FB39EC8B85CD76AA77298A46A6DFD3AADF05F4568C142054A211A3188610B9A756BBDE9DA4E30EE1ABB615BC7D10FFB82DF5003EE3710E66A3655E2B44730F024DB416ABA1DBEBA2C3F41449B3822244A9F5F073435B3A75D248E414A3B2F61B2DBC5603DC7C1945D2
-ninfo.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TYPE56 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. EN2o+L25VB+QXEf6t1hmfEyVK8ZocZH7OeyLhc12qncpikam39Oq3wX0VowUIFSiEaMYhhC5p1a73p2k4w7hq7YVvH0Q/7gt9QA+43EOZqNlXitEcw8CTbQWq6Hb66LD9BRJs4IiRKn18HNDWzp10kjkFKOy9hstvFYD3HwZRdI= ;{id = 62298}
-056E696E666F0C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C046E7361700C74797065732D7369676E6564027762087369646E6C616273026E6C0000080000000000030080
-ninfo.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	nsap.types-signed.wb.sidnlabs.nl. RRSIG NSEC TYPE56
-056E696E666F0C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00B6691341982A6AD71BE177F79A60E1164C135355B9838AE6F63C000C6F42D8120CD979EC5AB6DDB61E9B4F287AB71F2744E9A0FE1B58AFEF4906EE24081D020390644E45B6336C9A241B20451D46D3839C4878E6BA1A22B828B04A8DC4CEDBDA45ADB5D5C06891EB024747D64BF1F3C3558C6B19DDF8175EE598ED596EE5D4B8
-ninfo.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. tmkTQZgqatcb4Xf3mmDhFkwTU1W5g4rm9jwADG9C2BIM2XnsWrbdth6bTyh6tx8nROmg/htYr+9JBu4kCB0CA5BkTkW2M2yaJBsgRR1G04OcSHjmuhoiuCiwSo3EztvaRa211cBokesCR0fWS/Hzw1WMaxnd+Bde5ZjtWW7l1Lg= ;{id = 62298}
-046E7361700C74797065732D7369676E6564027762087369646E6C616273026E6C00001600010000003C0003012345
-nsap.types-signed.wb.sidnlabs.nl.	60	IN	NSAP	0x012345
-046E7361700C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001608050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C004F7D97EC839DDB784F81AE1AA6DAAD49268E22784F52D3EB42E6742BBD1784B7911C02D01BAE5C140F41B1E887AE6D9FD23A062B53A9E7ED38D6B2940441485720A3C33CF71811E81D20E244E9CDBA56D4A501A792705BD73C77433DFB546CC8D8D25CD63A91761DE9A9953AC01BF367A1DF0C4CAF4A4CA1E21005271F5AE596
-nsap.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	NSAP 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. T32X7IOd23hPga4aptqtSSaOInhPUtPrQuZ0K70XhLeRHALQG65cFA9BseiHrm2f0joGK1Op5+041rKUBEFIVyCjwzz3GBHoHSDiROnNulbUpQGnknBb1zx3Qz37VGzI2NJc1jqRdh3pqZU6wBvzZ6HfDEyvSkyh4hAFJx9a5ZY= ;{id = 62298}
-046E7361700C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C066E73617030310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000002000003
-nsap.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	nsap01.types-signed.wb.sidnlabs.nl. NSAP RRSIG NSEC
-046E7361700C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00B57148523D96FB94FD47D42019D6E330DF8FAEE7089010C0F9815B22AF881929A1D5A0C7E5FBB3C5BF9AE184F679C90FFA61EDAAC76EC7A5D8CC86C0A5018B6C26C003C2358E090A7AB2D1E5D5B8AA3802907CA2A28B1C5557AE821EC35036CB8316164544A5748C5037CC347D38DF4FDD86C107498E9F8278F5E0BDEBB8DDDE
-nsap.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. tXFIUj2W+5T9R9QgGdbjMN+PrucIkBDA+YFbIq+IGSmh1aDH5fuzxb+a4YT2eckP+mHtqsdux6XYzIbApQGLbCbAA8I1jgkKerLR5dW4qjgCkHyiooscVVeugh7DUDbLgxYWRUSldIxQN8w0fTjfT92GwQdJjp+CePXgveu43d4= ;{id = 62298}
-066E73617030310C74797065732D7369676E6564027762087369646E6C616273026E6C00001600010000003C001447000580005A0000000001E133FFFFFF00016100
-nsap01.types-signed.wb.sidnlabs.nl.	60	IN	NSAP	0x47000580005A0000000001E133FFFFFF00016100
-066E73617030310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001608050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00115CEC1D59D29C102FD901D3EE1B6862F1F6EC9C6DD8D60D7C08CD75C11F9C8C67C78A9695233DD5A4E9506A81CFCEB2EF2F3B6B90A71FE2EAEE6E5FEEF537736E0BAD318CCECBB472C32CBE014CCE1E88709CF63F2D9ADB656F86D170C02DA98CAC23B5DC1851715B42EE050042DFEA8E4D61A062B076F92A2FA394699DAAAE
-nsap01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	NSAP 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. EVzsHVnSnBAv2QHT7htoYvH27Jxt2NYNfAjNdcEfnIxnx4qWlSM91aTpUGqBz86y7y87a5CnH+Lq7m5f7vU3c24LrTGMzsu0csMsvgFMzh6IcJz2Py2a22VvhtFwwC2pjKwjtdwYUXFbQu4FAELf6o5NYaBisHb5Ki+jlGmdqq4= ;{id = 62298}
-066E73617030310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0570747230310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000002000003
-nsap01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	ptr01.types-signed.wb.sidnlabs.nl. NSAP RRSIG NSEC
-066E73617030310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C009875879E0F93B9331FF60C80E6DF1D5EB1B9AF228E8AE9777B8C2811FE4F893E3147B608957A15E6975370255D20E20A27A38F656F9ED417DEA7B3CC14FE96B508D67DD248AB93DACCB76399E92962C4D43A7967736F22F50165BB069ECDEA0BD4EC5F175116C91AFF1A8B6A256A9ADF302D957F1F4E165910252D147EEE97EE
-nsap01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. mHWHng+TuTMf9gyA5t8dXrG5ryKOiul3e4woEf5PiT4xR7YIlXoV5pdTcCVdIOIKJ6OPZW+e1Bfep7PMFP6WtQjWfdJIq5PazLdjmekpYsTUOnlnc28i9QFluwaezeoL1OxfF1EWyRr/GotqJWqa3zAtlX8fThZZECUtFH7ul+4= ;{id = 62298}
-0570747230310C74797065732D7369676E6564027762087369646E6C616273026E6C00000C00010000003C001D0C74797065732D7369676E6564027762087369646E6C616273026E6C00
-ptr01.types-signed.wb.sidnlabs.nl.	60	IN	PTR	types-signed.wb.sidnlabs.nl.
-0570747230310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000C08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C002212DF6A2113C795CCCFC7DB9DB6F6FD11FC5FDDCAD99FE3BF8F2E65FE38FA6681F2F5D72F14D4ED275D9DCEEDCEAB0212EE2603FBDB87F5D8B076550914B6A0460AD381D15D36FF7DD1D3CBAD1604E14DC71D10C7602452C406C0018339EE57010EA4B2C9D3BEA9AFFED323EBE026503D23720D6673E9E83886D17384F4CC39
-ptr01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	PTR 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. IhLfaiETx5XMz8fbnbb2/RH8X93K2Z/jv48uZf44+maB8vXXLxTU7Sddnc7tzqsCEu4mA/vbh/XYsHZVCRS2oEYK04HRXTb/fdHTy60WBOFNxx0Qx2AkUsQGwAGDOe5XAQ6kssnTvqmv/tMj6+AmUD0jcg1mc+noOIbRc4T0zDk= ;{id = 62298}
-0570747230310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E1000280270780C74797065732D7369676E6564027762087369646E6C616273026E6C000006000800000003
-ptr01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	px.types-signed.wb.sidnlabs.nl. PTR RRSIG NSEC
-0570747230310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00773F1B78FEE91FAC301BE3345573AB64CD0F43FEB5AD0F2A29494761430710FCB41C8A713E54217159E581D030AC1836B44FF6FEFA4464F11714F5BDFB0A3E2107CBE3CB003DE87B6345C5A3FDB489E6A8C2519270969EE9B8FC6DDEA4EF25C12F35CF26F8B2EFD04AE4AB9241ACFF9D6A2D93A7508FE908DE1C0BF1C58CF26C
-ptr01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. dz8beP7pH6wwG+M0VXOrZM0PQ/61rQ8qKUlHYUMHEPy0HIpxPlQhcVnlgdAwrBg2tE/2/vpEZPEXFPW9+wo+IQfL48sAPeh7Y0XFo/20ieaowlGScJae6bj8bd6k7yXBLzXPJviy79BK5KuSQaz/nWotk6dQj+kI3hwL8cWM8mw= ;{id = 62298}
-0270780C74797065732D7369676E6564027762087369646E6C616273026E6C00001A00010000003C004B000A066D61703832320C74797065732D7369676E6564027762087369646E6C616273026E6C00076D6170783430300C74797065732D7369676E6564027762087369646E6C616273026E6C00
-px.types-signed.wb.sidnlabs.nl.	60	IN	PX	10 map822.types-signed.wb.sidnlabs.nl. mapx400.types-signed.wb.sidnlabs.nl.
-0270780C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001A08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00AD9AFFCA32BA4C9A230EC209F35248E3C9D56062014C42FE0ABC4573E56249E95DE1A6E34BB2573DB072FAA5A76FD2CAA90B544D49DEB3D34EB09575B1E2AE8F77F2E5D91819B12F6BF9B5219C4705A33D742BEFCC23B74AFCC8FB23B81B3B1B56841806DC7D9587AF5861674AEAF0ABED5F7BBC39EA77AB82F34C9402077DA2
-px.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	PX 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. rZr/yjK6TJojDsIJ81JI48nVYGIBTEL+CrxFc+ViSeld4abjS7JXPbBy+qWnb9LKqQtUTUnes9NOsJV1seKuj3fy5dkYGbEva/m1IZxHBaM9dCvvzCO3SvzI+yO4GzsbVoQYBtx9lYevWGFnSurwq+1fe7w56nergvNMlAIHfaI= ;{id = 62298}
-0270780C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A04726B65790C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000200003
-px.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	rkey.types-signed.wb.sidnlabs.nl. PX RRSIG NSEC
-0270780C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00975F55577CF9128482A354124AD181AB18C4A87963CD4C9846EB7D488C9FCD06763757BFC30F83EFD690A754192F478CDC0AE68F12B1087E9E2BBD32F6345DDEC67CCA5F4FC8342172A8DD82D19D3C9CBDB8EC66F4545C0491D3B5B4609BF86C5908EE21BB4DB9A21715F32B9EC299ED29B3ECD0952D71AD0C4693C6EFC7FAAA
-px.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. l19VV3z5EoSCo1QSStGBqxjEqHljzUyYRut9SIyfzQZ2N1e/ww+D79aQp1QZL0eM3ArmjxKxCH6eK70y9jRd3sZ8yl9PyDQhcqjdgtGdPJy9uOxm9FRcBJHTtbRgm/hsWQjuIbtNuaIXFfMrnsKZ7Smz7NCVLXGtDEaTxu/H+qo= ;{id = 62298}
-04726B65790C74797065732D7369676E6564027762087369646E6C616273026E6C00003900010000003C00880000010803010001D7B53C9C988E7476474466CC3BA260A461FE5764BF4CE754E6307E3B0764D2E0D1A84B23E52CBE08419A29A851219AF5DE8291DDDDA1D6C76315298C562C25F75EABEAA2998163AC6F1B500D810F6B8931A835FD01BB0D3529DE31DA574435DEBFFCDBD404974B23ACB201C42EF04A5AAED3275F633E555FB5F403C8B5BC39BD
-rkey.types-signed.wb.sidnlabs.nl.	60	IN	TYPE57	\# 136 0000010803010001D7B53C9C988E7476474466CC3BA260A461FE5764BF4CE754E6307E3B0764D2E0D1A84B23E52CBE08419A29A851219AF5DE8291DDDDA1D6C76315298C562C25F75EABEAA2998163AC6F1B500D810F6B8931A835FD01BB0D3529DE31DA574435DEBFFCDBD404974B23ACB201C42EF04A5AAED3275F633E555FB5F403C8B5BC39BD
-04726B65790C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF003908050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0072C9B63B54B7E59C175D2B9CD66D9F242BC6B501F602EF4A07035CEC492227F36C675848605200D5CEBC940CE9C333BA2D5ECA10AD9A92D3D0A4E7610585E093D40720087311D3B9E5040F890E6E1D34C422583086E6893A82FB9AC2670AD496262151558045918EBE8DBDB7BD0D0365EABC99DC89E65F36652F143E0CBD8981
-rkey.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TYPE57 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. csm2O1S35ZwXXSuc1m2fJCvGtQH2Au9KBwNc7EkiJ/NsZ1hIYFIA1c68lAzpwzO6LV7KEK2aktPQpOdhBYXgk9QHIAhzEdO55QQPiQ5uHTTEIlgwhuaJOoL7msJnCtSWJiFRVYBFkY6+jb23vQ0DZeq8mdyJ5l82ZS8UPgy9iYE= ;{id = 62298}
-04726B65790C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A0272700C74797065732D7369676E6564027762087369646E6C616273026E6C0000080000000000030040
-rkey.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	rp.types-signed.wb.sidnlabs.nl. RRSIG NSEC TYPE57
-04726B65790C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00C39087F2C3A4D58DBFFFB0DCC824CCEDA7FD36F85126E40E4DF826BFD5EED2985902074815C6254FDD21F8079B03B0C04694FCE4396E8872A29F50BC9644B4693CE7DC61D45E95F40AF7719551B1CC878DCA65AB2872237BE79959FD56BB2F48AEC065312006DBF2213683D6B399948993461761D727DC0BC8EA85389CAEC83E
-rkey.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. w5CH8sOk1Y2//7DcyCTM7af9NvhRJuQOTfgmv9Xu0phZAgdIFcYlT90h+AebA7DARpT85DluiHKin1C8lkS0aTzn3GHUXpX0CvdxlVGxzIeNymWrKHIje+eZWf1Wuy9IrsBlMSAG2/IhNoPWs5mUiZNGF2HXJ9wLyOqFOJyuyD4= ;{id = 62298}
-0272700C74797065732D7369676E6564027762087369646E6C616273026E6C00001100010000003C002200037478740C74797065732D7369676E6564027762087369646E6C616273026E6C00
-rp.types-signed.wb.sidnlabs.nl.	60	IN	RP	. txt.types-signed.wb.sidnlabs.nl.
-0272700C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001108050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00D2601452142C09B0AE02923437DD34B11F77C013A638DCC6FE653EF4E46D31FAC3760411154DF1D12587EBFDDAB17FD187AD2F5A05C9AAE383F070D7C9086DC3299FFF10FCFA3B1170B3E4A54E199FE157EC2C6D8ABA5C845ACF05BE7BC20937A17780D5E0E4757CA57F1E2B7C6F83085E0FB4BAE0AA59D98D6A3DD456881586
-rp.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	RP 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. 0mAUUhQsCbCuApI0N900sR93wBOmONzG/mU+9ORtMfrDdgQRFU3x0SWH6/3asX/Rh60vWgXJquOD8HDXyQhtwymf/xD8+jsRcLPkpU4Zn+FX7CxtirpchFrPBb57wgk3oXeA1eDkdXylfx4rfG+DCF4PtLrgqlnZjWo91FaIFYY= ;{id = 62298}
-0272700C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A04727030310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000040000003
-rp.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	rp01.types-signed.wb.sidnlabs.nl. RP RRSIG NSEC
-0272700C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00316C9D51ECECA8EC86EB575D60F6C81CAABB9C7B84C8613F2807C21E16C4C4770E6EFE31D4924B79786C3DE655F6986EBDC03F44315E4247AA35CA9BC3FB6DD247CD34908C8F01707030103909DB669EE5C82055FF9AE004010DC4AE0E6F1F00373F57F1A9939B2CBB1664F1622D16939F734BF4D3CE9142F239CC5B155B6366
-rp.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. MWydUezsqOyG61ddYPbIHKq7nHuEyGE/KAfCHhbExHcObv4x1JJLeXhsPeZV9phuvcA/RDFeQkeqNcqbw/tt0kfNNJCMjwFwcDAQOQnbZp7lyCBV/5rgBAENxK4Obx8ANz9X8amTmyy7FmTxYi0Wk59zS/TTzpFC8jnMWxVbY2Y= ;{id = 62298}
-04727030310C74797065732D7369676E6564027762087369646E6C616273026E6C00001100010000003C004F0A6D626F782D646E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00097478742D646E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00
-rp01.types-signed.wb.sidnlabs.nl.	60	IN	RP	mbox-dname.types-signed.wb.sidnlabs.nl. txt-dname.types-signed.wb.sidnlabs.nl.
-04727030310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001108050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C000DFD1CB6DA5B8546EB42253AC4F94477B5BCA1F4086DF2893CC6EAE39EEF41D9814AC8A2A1A8E161A31C5F7C6D9BCFBD1AFBA0AB031EE220E929B0EC3794DA82DFADAAECBDCB1CA11E34E5AD2F1D83CACF2EEC6F24C0BC195F6960911E74A991A0BA22A914056F5DBDD12960FDEF5CBA054AEFA6FA2F7E8772BD334BCE9AAD5F
-rp01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	RP 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Df0cttpbhUbrQiU6xPlEd7W8ofQIbfKJPMbq457vQdmBSsiioajhYaMcX3xtm8+9GvugqwMe4iDpKbDsN5Tagt+tquy9yxyhHjTlrS8dg8rPLuxvJMC8GV9pYJEedKmRoLoiqRQFb1290Slg/e9cugVK76b6L36Hcr0zS86arV8= ;{id = 62298}
-04727030310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A04727030320C74797065732D7369676E6564027762087369646E6C616273026E6C000006000040000003
-rp01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	rp02.types-signed.wb.sidnlabs.nl. RP RRSIG NSEC
-04727030310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C003BB4B3B1624EBAAC452D219C41BD275CA3FCE626F3F1B1A0586644F64D27E35F49687C551507DC46A73312B5343224877EA2A703988459101F8F43039A0D6F03125D2967BF0A8944960AB5E3A531E0B5D0648743606C051494A5A04E01B5621904D281E63C24D8FD3550B6DF60B544082F5CFA78645316E482CCD220C267FFC9
-rp01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. O7SzsWJOuqxFLSGcQb0nXKP85ibz8bGgWGZE9k0n419JaHxVFQfcRqczErU0MiSHfqKnA5iEWRAfj0MDmg1vAxJdKWe/ColElgq146Ux4LXQZIdDYGwFFJSloE4BtWIZBNKB5jwk2P01ULbfYLVECC9c+nhkUxbkgszSIMJn/8k= ;{id = 62298}
-04727030320C74797065732D7369676E6564027762087369646E6C616273026E6C00001100010000003C00020000
-rp02.types-signed.wb.sidnlabs.nl.	60	IN	RP	. .
-04727030320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001108050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00CCB7C8E92D968D0379DF329F359873CD545DE5442D3936CF357BA423C5C2E9788E1E25DD998CC59B2E5FDFF22B00D8F15FCF5ADE87200C22F0A89C1EFA81B30E3C4432DC311270056314BA91FC400DEE6BD2F5FD3B36C749560BAE5D15D0AEE0B6D1B87F3896CE3DA8977E87417C1FAFDC71D3E6DFC7918C3583D85905A17EB7
-rp02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	RP 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. zLfI6S2WjQN53zKfNZhzzVRd5UQtOTbPNXukI8XC6XiOHiXdmYzFmy5f3/IrANjxX89a3ocgDCLwqJwe+oGzDjxEMtwxEnAFYxS6kfxADe5r0vX9OzbHSVYLrl0V0K7gttG4fziWzj2ol36HQXwfr9xx0+bfx5GMNYPYWQWhfrc= ;{id = 62298}
-04727030320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E1000280272740C74797065732D7369676E6564027762087369646E6C616273026E6C000006000040000003
-rp02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	rt.types-signed.wb.sidnlabs.nl. RP RRSIG NSEC
-04727030320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0067D65685F0DB2C958C91B8117E9CCF01162B590AA4ECD0C130D88566CBE825FB5BC48EA1B3DF9EC77E8BD4CAF49127E99F1A59B2AF5D7F073242A9CABF1E8D6297AAAFCB8B339368C90651725D76C3D510A4AC892CAF845483F8765BDC8F2A6E0EAB6B95DE79DC13DD2477AF6FA92893633F44A7593B34E88CF8B44FCF2CF5B3
-rp02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Z9ZWhfDbLJWMkbgRfpzPARYrWQqk7NDBMNiFZsvoJftbxI6hs9+ex36L1Mr0kSfpnxpZsq9dfwcyQqnKvx6NYpeqr8uLM5NoyQZRcl12w9UQpKyJLK+EVIP4dlvcjypuDqtrld553BPdJHevb6kok2M/RKdZOzTojPi0T88s9bM= ;{id = 62298}
-0272740C74797065732D7369676E6564027762087369646E6C616273026E6C00001500010000003C0026000A067274686F73740C74797065732D7369676E6564027762087369646E6C616273026E6C00
-rt.types-signed.wb.sidnlabs.nl.	60	IN	RT	10 rthost.types-signed.wb.sidnlabs.nl.
-0272740C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001508050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C009B46AB2E51455A0DC4B89F0C2DC14D0859D3F526537F1CDEF6623FE5E0BA28522CE28D6B42A5D3BE74753FAEBD7C26D58B7748731514943D969A1BBBEA2CF9D8B790ACDFC1CFF2E84031577875E474EA64FE48274395BEF744843F595EED66EA0CE9E742C362FA4D2CEB71C3F784268F3578517CB17CCFFECBF527FC84F8261C
-rt.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	RT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. m0arLlFFWg3EuJ8MLcFNCFnT9SZTfxze9mI/5eC6KFIs4o1rQqXTvnR1P669fCbVi3dIcxUUlD2Wmhu76iz52LeQrN/Bz/LoQDFXeHXkdOpk/kgnQ5W+90SEP1le7WbqDOnnQsNi+k0s63HD94QmjzV4UXyxfM/+y/Un/IT4Jhw= ;{id = 62298}
-0272740C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A04727430310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000004000003
-rt.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	rt01.types-signed.wb.sidnlabs.nl. RT RRSIG NSEC
-0272740C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00D3BDB0FB8F619CEDA6D53D82A694F14AFEFBA2AAA58D24417F1D7B66ABFD865FB8EBAB7002F3EAE45FE450618D8905B7063FFF2785A41E299A2889DA3C330B174BFC131FF44688F24FA2062C1FE56D260B7974C56882FE061EBE2B80BD9610D0A4E2CF8D79406DF7EB0A03B33E486D42179989E5CF07251F757C079733B93E7F
-rt.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. 072w+49hnO2m1T2CppTxSv77oqqljSRBfx17Zqv9hl+466twAvPq5F/kUGGNiQW3Bj//J4WkHimaKInaPDMLF0v8Ex/0RojyT6IGLB/lbSYLeXTFaIL+Bh6+K4C9lhDQpOLPjXlAbffrCgOzPkhtQheZieXPByUfdXwHlzO5Pn8= ;{id = 62298}
-04727430310C74797065732D7369676E6564027762087369646E6C616273026E6C00001500010000003C0031000011696E7465726D6564696174652D686F73740C74797065732D7369676E6564027762087369646E6C616273026E6C00
-rt01.types-signed.wb.sidnlabs.nl.	60	IN	RT	0 intermediate-host.types-signed.wb.sidnlabs.nl.
-04727430310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001508050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0039D3DE5EF82B984705D0D4F8714C4EBBF21046C44DC7681BEABAD10A5F61BC7F49C298DACCD18BD8820A07E5EF04B7D3B622F82548805DF623D69DB3D48693AF7C956D1670C2BD7AEEFFC3D6D06764598187C377A716D23A2744A360831973EE26D6235C04FC289A5A42B6938F05F262A5CB5A41EB7B2D084DE1AE2BA0ACC009
-rt01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	RT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. OdPeXvgrmEcF0NT4cUxOu/IQRsRNx2gb6rrRCl9hvH9JwpjazNGL2IIKB+XvBLfTtiL4JUiAXfYj1p2z1IaTr3yVbRZwwr167v/D1tBnZFmBh8N3pxbSOidEo2CDGXPuJtYjXAT8KJpaQraTjwXyYqXLWkHrey0ITeGuK6CswAk= ;{id = 62298}
-04727430310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A04727430320C74797065732D7369676E6564027762087369646E6C616273026E6C000006000004000003
-rt01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	rt02.types-signed.wb.sidnlabs.nl. RT RRSIG NSEC
-04727430310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00C7DDA07BDFC645F5A302E489C7A06E859B2E44E5B0267CD9F02B5149225801FCFD4D45CCA51C48E163200BFE9BCD1E22D53CAEF7FA3DAEFEA1C6BE44B6FFCEA5DE735BC717FBFF510B03FDF55C10A3C1E05F06DFBCB398E9E2A305A69BCF0B7DAF16C948BDDA9E58870ACF5FB8187B06DC441BB77EF7F8BB421CE486DB99D58F
-rt01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. x92ge9/GRfWjAuSJx6BuhZsuROWwJnzZ8CtRSSJYAfz9TUXMpRxI4WMgC/6bzR4i1Tyu9/o9rv6hxr5Etv/Opd5zW8cX+/9RCwP99VwQo8HgXwbfvLOY6eKjBaabzwt9rxbJSL3anliHCs9fuBh7BtxEG7d+9/i7QhzkhtuZ1Y8= ;{id = 62298}
-04727430320C74797065732D7369676E6564027762087369646E6C616273026E6C00001500010000003C0003FFFF00
-rt02.types-signed.wb.sidnlabs.nl.	60	IN	RT	65535 .
-04727430320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001508050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00CF38E23A6A10153D6018A70C5E6EFB13E0A7D9A18F7686018E4AB6308D83995D981C08AA46B120063C4DBEF57345FDC268A8F77760FF84E905FE974DFD2675581AA4E7D2497C190A13FC23AF93601A450ADA079B30C4896C23117CF989674BC24C4AEDBD0F69F703675D6AF9ADD7E772EBF8CAA4C61263785E712FEC45AE411B
-rt02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	RT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. zzjiOmoQFT1gGKcMXm77E+Cn2aGPdoYBjkq2MI2DmV2YHAiqRrEgBjxNvvVzRf3CaKj3d2D/hOkF/pdN/SZ1WBqk59JJfBkKE/wjr5NgGkUK2gebMMSJbCMRfPmJZ0vCTErtvQ9p9wNnXWr5rdfncuv4yqTGEmN4XnEv7EWuQRs= ;{id = 62298}
-04727430320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100029037370660C74797065732D7369676E6564027762087369646E6C616273026E6C000006000004000003
-rt02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	spf.types-signed.wb.sidnlabs.nl. RT RRSIG NSEC
-04727430320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00D075C82A28F2497BE3EDA86CA4E9B936AF818EF9D5CA2FD31BF37846C45231094E54776D96005BDE5C0A035D2559C1C3104D7456E8D447E8C3E30F1383ADCC5761EA2F9C22A013E65B5ADE131A9EF5C4E63AB1D5D0A86FCA198E00070075EA052C674898941F339DC4BC9C8E478DCA614B7C2E0C6F6E0BFAC96C24F1A20D1DC5
-rt02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. 0HXIKijySXvj7ahspOm5Nq+BjvnVyi/TG/N4RsRSMQlOVHdtlgBb3lwKA10lWcHDEE10VujUR+jD4w8Tg63MV2HqL5wioBPmW1reExqe9cTmOrHV0KhvyhmOAAcAdeoFLGdImJQfM53EvJyOR43KYUt8Lgxvbgv6yWwk8aINHcU= ;{id = 62298}
-037370660C74797065732D7369676E6564027762087369646E6C616273026E6C00006300010000003C002625763D73706631202B6D7820613A636F6C6F2E6578616D706C652E636F6D2F3238202D616C6C
-spf.types-signed.wb.sidnlabs.nl.	60	IN	SPF	"v=spf1 +mx a:colo.example.com/28 -all"
-037370660C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF006308050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00456101C17F8C7C242E019E7BCEF46304F10E12B5BDBD3CC8A9EA293A79314F94FBA4B5A3AD6500B73A6D4C7C66678F014F021384989329FB671ACEB1AA116AC3502804EFB20A9C4F485BE01B1D562FA9C39A817FD9476DABC70A684921C9141BDE56C4A3F6AE44F2CB7703CB876C97D21A06FCC0ED0CE05ECAA7B6B84AC333B8
-spf.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	SPF 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. RWEBwX+MfCQuAZ57zvRjBPEOErW9vTzIqeopOnkxT5T7pLWjrWUAtzptTHxmZ48BTwIThJiTKftnGs6xqhFqw1AoBO+yCpxPSFvgGx1WL6nDmoF/2Udtq8cKaEkhyRQb3lbEo/auRPLLdwPLh2yX0hoG/MDtDOBeyqe2uErDM7g= ;{id = 62298}
-037370660C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100030037372760C74797065732D7369676E6564027762087369646E6C616273026E6C00000D00000000000300000000000010
-spf.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	srv.types-signed.wb.sidnlabs.nl. RRSIG NSEC SPF
-037370660C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C002B8E5E8F5123E78C9972420200C8AE7CED24336556387EC49BE8E120256388B45995019C453389EC418118AF4BE98E675B0CE57A8F10A6E8C10F5D1E8F1D5CA0C5FECC2D9F1CDF56254795D550DE097B613A5F80395A5DC0E1B0609B81B15248B55580DE89077632F98DF5F56BEA1994AC91A92C682320502709642FFC8473E6
-spf.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. K45ej1Ej54yZckICAMiufO0kM2VWOH7Em+jhICVjiLRZlQGcRTOJ7EGBGK9L6Y5nWwzleo8QpujBD10ejx1coMX+zC2fHN9WJUeV1VDeCXthOl+AOVpdwOGwYJuBsVJItVWA3okHdjL5jfX1a+oZlKyRqSxoIyBQJwlkL/yEc+Y= ;{id = 62298}
-037372760C74797065732D7369676E6564027762087369646E6C616273026E6C00002100010000003C0030FFFFFFFFFFFF0C6F6C642D736C6F772D626F780C74797065732D7369676E6564027762087369646E6C616273026E6C00
-srv.types-signed.wb.sidnlabs.nl.	60	IN	SRV	65535 65535 65535 old-slow-box.types-signed.wb.sidnlabs.nl.
-037372760C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002108050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00085086CEAD8365292BB1C6E0B44B384D8D45F91B05F0538A1A30B54C363DCC7EC9527C4227297B381EA4F5DB771F8323F6B922F16E1E63FFDECE8FEE3A7A87739D5620F0625BBAEE3C09094E748F43AF0FB601CEE18A34C9D57EF02A8A65D0F048DA3850FE34EFDA94A6AB18E577656BFEB27F401D19888B32E29B14FCB39401
-srv.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	SRV 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. CFCGzq2DZSkrscbgtEs4TY1F+RsF8FOKGjC1TDY9zH7JUnxCJyl7OB6k9dt3H4Mj9rki8W4eY//ezo/uOnqHc51WIPBiW7ruPAkJTnSPQ68PtgHO4Yo0ydV+8CqKZdDwSNo4UP4079qUpqsY5Xdla/6yf0AdGYiLMuKbFPyzlAE= ;{id = 62298}
-037372760C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0573727630310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000004003
-srv.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	srv01.types-signed.wb.sidnlabs.nl. SRV RRSIG NSEC
-037372760C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00895639958555044C68F66485E9AB872540360A57BBF3C9F8C2B93692E2A18AF3ECC60F52D9BE8EE019D1755C807ECBDEF70284E99B22C73B9EBE3326F1BD3CA4D44DF0FDFA36DD6633ABE27E05F627B233D3D9285E2156F100A119A2BD2ABBDCA17899E49F6AAD8350CCEDEE1D91EA16B621A5F431F4F53612A0E087C5ED2E23
-srv.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. iVY5lYVVBExo9mSF6auHJUA2Cle788n4wrk2kuKhivPsxg9S2b6O4BnRdVyAfsve9wKE6ZsixzuevjMm8b08pNRN8P36Nt1mM6vifgX2J7Iz09koXiFW8QChGaK9KrvcoXiZ5J9qrYNQzO3uHZHqFrYhpfQx9PU2EqDgh8XtLiM= ;{id = 62298}
-0573727630310C74797065732D7369676E6564027762087369646E6C616273026E6C00002100010000003C000B00000000000003666F6F00
-srv01.types-signed.wb.sidnlabs.nl.	60	IN	SRV	0 0 0 foo.
-0573727630310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002108050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C002CD4D5495F305C9CE1C2A7FA2D0D7C7EDD739D38BBBE1736D25B43A527EAAC30590B6DF509229D7C34BD37190B87271A53B373003D9109BC04FDC603E45DDC9F55C85B6D48A40564CD206F51739C79A5A648CA9C7E7BE0B4CBA3EFE81A7D262B291A74E3BBD3CF33E5D1BB47A9D609375E7C65D269F88F13BDE72D214133B29D
-srv01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	SRV 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. LNTVSV8wXJzhwqf6LQ18ft1znTi7vhc20ltDpSfqrDBZC231CSKdfDS9NxkLhycaU7NzAD2RCbwE/cYD5F3cn1XIW21IpAVkzSBvUXOceaWmSMqcfnvgtMuj7+gafSYrKRp047vTzzPl0btHqdYJN158ZdJp+I8TvectIUEzsp0= ;{id = 62298}
-0573727630310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0573727630320C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000004003
-srv01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	srv02.types-signed.wb.sidnlabs.nl. SRV RRSIG NSEC
-0573727630310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00AE3F62146AB7244E19DAC2072E80F9E2EBAF5C4CFBCF6C0D25C7894FB45D290A55CA7DC5894B61F9A681FF0654BBAAF04145D6A141160898D5AEBD32DC0F884B1C2E28C5FC6A83097CCC197BCAA9C35BE17C63FF90171EEAAD6DB79DA04F218FE5A3F7AB2BC55E00CEEB2E851560F1C928C6A0955BA01C5843D843B082401EC6
-srv01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. rj9iFGq3JE4Z2sIHLoD54uuvXEz7z2wNJceJT7RdKQpVyn3FiUth+aaB/wZUu6rwQUXWoUEWCJjVrr0y3A+ISxwuKMX8aoMJfMwZe8qpw1vhfGP/kBce6q1tt52gTyGP5aP3qyvFXgDO6y6FFWDxySjGoJVboBxYQ9hDsIJAHsY= ;{id = 62298}
-0573727630320C74797065732D7369676E6564027762087369646E6C616273026E6C00002100010000003C0030FFFFFFFFFFFF0C6F6C642D736C6F772D626F780C74797065732D7369676E6564027762087369646E6C616273026E6C00
-srv02.types-signed.wb.sidnlabs.nl.	60	IN	SRV	65535 65535 65535 old-slow-box.types-signed.wb.sidnlabs.nl.
-0573727630320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002108050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C002EACB1753E92C2EF5D64E44E7116DAA402DEE878F690549F8B4E2330C3A580FDAE494958F6FB1F87FAE6787AA85FF6EA892B63246CC5BD3727FCC3102BEC9BB98443F970E9249F282C4ADB8F548EE52E8A29D001E96B0CC99FAFE7309016BC61FEE81400BD9B6BCC4612E136006520A1A3EF25141AEE15EE7B87766CC2C3AF78
-srv02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	SRV 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. LqyxdT6Swu9dZOROcRbapALe6Hj2kFSfi04jMMOlgP2uSUlY9vsfh/rmeHqoX/bqiStjJGzFvTcn/MMQK+ybuYRD+XDpJJ8oLErbj1SO5S6KKdAB6WsMyZ+v5zCQFrxh/ugUAL2ba8xGEuE2AGUgoaPvJRQa7hXue4d2bMLDr3g= ;{id = 62298}
-0573727630320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C0674616C696E6B0C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000004003
-srv02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	talink.types-signed.wb.sidnlabs.nl. SRV RRSIG NSEC
-0573727630320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0078DFBCD398516BE2BDEC0857EAACC870069AA1C21AB1647F59903CE3034401763449E8BCF2E37992DD9084266F46C5E1A1F88AEF0A4A918DFC11F03FDF3F4724D06C3AC0E66E8E6A6252446B1D7BB40B430E41B7EC4F340816AE0811C6B910117B593AC3AE96DF0D0C23BAA0765605CE0B81EBDCEF21B6D8504152295B5D4852
-srv02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. eN+805hRa+K97AhX6qzIcAaaocIasWR/WZA84wNEAXY0Sei88uN5kt2QhCZvRsXhofiK7wpKkY38EfA/3z9HJNBsOsDmbo5qYlJEax17tAtDDkG37E80CBauCBHGuRARe1k6w66W3w0MI7qgdlYFzguB69zvIbbYUEFSKVtdSFI= ;{id = 62298}
-0674616C696E6B0C74797065732D7369676E6564027762087369646E6C616273026E6C00003A00010000003C0020026830076578616D706C6503636F6D00026831076578616D706C6503636F6D00
-talink.types-signed.wb.sidnlabs.nl.	60	IN	TALINK	h0.example.com. h1.example.com.
-0674616C696E6B0C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF003A08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C000460664413F05EC3A1BBD570BF9B17975FD44CE4CDC4ADDCA56602F16A1E4D653AB55BB02F0C2BC9E575FA284AE1F6584A46CC20C541764B2A9613385BB0E26A9AEDD23BFF2199AF7859FF45BBAB1CC69AC79A069901F51C3BFBA08F94D6156AB3AC1111E0CE2CAD3EF69E3A014AD1C1B3CC752C2D3CEB64AD2E9AD2FFDF9FA4
-talink.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TALINK 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. BGBmRBPwXsOhu9Vwv5sXl1/UTOTNxK3cpWYC8WoeTWU6tVuwLwwryeV1+ihK4fZYSkbMIMVBdksqlhM4W7Diaprt0jv/IZmveFn/RburHMaax5oGmQH1HDv7oI+U1hVqs6wREeDOLK0+9p46AUrRwbPMdSwtPOtkrS6a0v/fn6Q= ;{id = 62298}
-0674616C696E6B0C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C04746C73610C74797065732D7369676E6564027762087369646E6C616273026E6C0000080000000000030020
-talink.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	tlsa.types-signed.wb.sidnlabs.nl. RRSIG NSEC TALINK
-0674616C696E6B0C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0060E1F004624CD3B9FC3ED1ABDDEEA03301F3F8EC565379F31A5ABD9EE11120AB8B8891FE890FB9452A922EA587A164F44C06542B871F565002AA62E37E64C1BBC60A8DB58F921879912FE4B439D5958C4140376C6A645E1A7B4A43BCD9BA314ABE5D4025C0451BB9F22F6FAEB835D569275CA27809788B24268A3DFEA000A77E
-talink.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. YOHwBGJM07n8PtGr3e6gMwHz+OxWU3nzGlq9nuERIKuLiJH+iQ+5RSqSLqWHoWT0TAZUK4cfVlACqmLjfmTBu8YKjbWPkhh5kS/ktDnVlYxBQDdsamReGntKQ7zZujFKvl1AJcBFG7nyL2+uuDXVaSdcongJeIskJoo9/qAAp34= ;{id = 62298}
-04746C73610C74797065732D7369676E6564027762087369646E6C616273026E6C00003400010000003C004301010292003BA34942DC74152E2F2C408D29ECA5A520E7F2E06BB944F4DCA346BAF63C1B177615D466F6C4B71C216A50292BD58C9EBDD2F74E38FE51FFD48C43326CBC
-tlsa.types-signed.wb.sidnlabs.nl.	60	IN	TLSA	1 1 2 92003BA34942DC74152E2F2C408D29ECA5A520E7F2E06BB944F4DCA346BAF63C1B177615D466F6C4B71C216A50292BD58C9EBDD2F74E38FE51FFD48C43326CBC
-04746C73610C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF003408050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00CDF2D66C5A7233727509DCF1533BD3B881201A38B55698C061D3CB198F0FD19CD15D618E1FC1A71FE2229CF67115B86585F5E29B77FA5D51E634DAD12AA8DA4818633956AFEF2805555CFEF4C5C97E8E9EC5C23704BC6F6C67077D72BC7F53D42ECF5EE50C8962BBE364C1D4D7B0B77CBC89866D1A0582F12E7E6F06CE06C9D2
-tlsa.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TLSA 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. zfLWbFpyM3J1CdzxUzvTuIEgGji1VpjAYdPLGY8P0ZzRXWGOH8GnH+IinPZxFbhlhfXim3f6XVHmNNrRKqjaSBhjOVav7ygFVVz+9MXJfo6excI3BLxvbGcHfXK8f1PULs9e5QyJYrvjZMHU17C3fLyJhm0aBYLxLn5vBs4GydI= ;{id = 62298}
-04746C73610C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002A037478740C74797065732D7369676E6564027762087369646E6C616273026E6C00000700000000000308
-tlsa.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	txt.types-signed.wb.sidnlabs.nl. RRSIG NSEC TLSA
-04746C73610C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0097F52F8B14A82A9CAC0A35A306CA9E98F35AB8BA98D824BE14A8235CBBE93CCA3A576C0E83D36AB951F08EB298CB52FD303E4D8D6790762033CC4A036CB8BBB0898FE5303053D5E4DDFFBD719FC1D5DD280A08E9315C304DA8883F7F3E10E9E6910185F466878EC57C60EC5035E2B8E074483414E50079B458F9BA36E4C5789F
-tlsa.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. l/UvixSoKpysCjWjBsqemPNauLqY2CS+FKgjXLvpPMo6V2wOg9NquVHwjrKYy1L9MD5NjWeQdiAzzEoDbLi7sImP5TAwU9Xk3f+9cZ/B1d0oCgjpMVwwTaiIP38+EOnmkQGF9GaHjsV8YOxQNeK44HRINBTlAHm0WPm6NuTFeJ8= ;{id = 62298}
-037478740C74797065732D7369676E6564027762087369646E6C616273026E6C00001000010000003C001405224A75737405736F6D65220122057465787422
-txt.types-signed.wb.sidnlabs.nl.	60	IN	TXT	"\"Just" "some\"" "\"" "text\""
-037478740C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001008050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C008BD56AA1A540EDBA0C4E8C89205FCC77D142551210620869DA88C33C65378505B9055464096FAFCA8F660272FEF9898EC9FFE69078A9328F8958C8A0B43FE6904AD124E1C0CFD025E5439D0C56E9DE8BACA71039484FCD99C1FAC1C9F088246227AE05A44A898901F146006B66EA8B649F0965FCAE69C120411A8D2EF406E241
-txt.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TXT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. i9VqoaVA7boMToyJIF/Md9FCVRIQYghp2ojDPGU3hQW5BVRkCW+vyo9mAnL++YmOyf/mkHipMo+JWMigtD/mkErRJOHAz9Al5UOdDFbp3ouspxA5SE/NmcH6wcnwiCRiJ64FpEqJiQHxRgBrZuqLZJ8JZfyuacEgQRqNLvQG4kE= ;{id = 62298}
-037478740C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574787430310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000080000003
-txt.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	txt01.types-signed.wb.sidnlabs.nl. TXT RRSIG NSEC
-037478740C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0078954E69CC79D8C8EEBBF34BF3EFF6565D66B9587437F5B215D91482FC4DB0311769504211CF9528C0AAA81C18FE1B0B5BDDDF35BE31E59599E5B450C79858AB23295953C1044D5F0BB2B9F5FE80848F22E2A9E2E7FB82A7017B5F9A9BA6EDFAEE934007B197856D441102CFB93E9218C2F47230FE883183829DC99646529830
-txt.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. eJVOacx52Mjuu/NL8+/2Vl1muVh0N/WyFdkUgvxNsDEXaVBCEc+VKMCqqBwY/hsLW93fNb4x5ZWZ5bRQx5hYqyMpWVPBBE1fC7K59f6AhI8i4qni5/uCpwF7X5qbpu367pNAB7GXhW1EEQLPuT6SGML0cjD+iDGDgp3JlkZSmDA= ;{id = 62298}
-0574787430310C74797065732D7369676E6564027762087369646E6C616273026E6C00001000010000003C000403666F6F
-txt01.types-signed.wb.sidnlabs.nl.	60	IN	TXT	"foo"
-0574787430310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001008050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00BAF485241B5AC03407D32844CA9FBD69372E1CFCA7714723FC4CDDC197F00DBE86E34F3A91CD5618D72E3532B31EB6AD8A60A3D769BAAA71FCA302F19C837A3039CB686A5AD3544D2C07CEC81AE5ABD850CF6AD793A6525958A813754F014C73691652530669546D7A746A989C4661A356451F5D2D6E21479A4C29AFBF0D9800
-txt01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TXT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. uvSFJBtawDQH0yhEyp+9aTcuHPyncUcj/EzdwZfwDb6G4086kc1WGNcuNTKzHratimCj12m6qnH8owLxnIN6MDnLaGpa01RNLAfOyBrlq9hQz2rXk6ZSWVioE3VPAUxzaRZSUwZpVG16dGqYnEZho1ZFH10tbiFHmkwpr78NmAA= ;{id = 62298}
-0574787430310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574787430320C74797065732D7369676E6564027762087369646E6C616273026E6C000006000080000003
-txt01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	txt02.types-signed.wb.sidnlabs.nl. TXT RRSIG NSEC
-0574787430310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C003CF324223B2312A4D068D7440F5AA6856C47475AC6AD76579F7F1DC33C1054E695FB07E36210D2506C4EDA77DE7CF3B61067F2CE9DB0809AD327F3E96DA78394699284F77B2150B29989C5AB641826D6D13D4266A3802A8FACFBA8839E9D11D2B9DAE756DC8113827EF5464B4E3262BA9826A9B03CFA9A7FCEB704A9C80DD091
-txt01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. PPMkIjsjEqTQaNdED1qmhWxHR1rGrXZXn38dwzwQVOaV+wfjYhDSUGxO2nfefPO2EGfyzp2wgJrTJ/PpbaeDlGmShPd7IVCymYnFq2QYJtbRPUJmo4Aqj6z7qIOenRHSudrnVtyBE4J+9UZLTjJiupgmqbA8+pp/zrcEqcgN0JE= ;{id = 62298}
-0574787430320C74797065732D7369676E6564027762087369646E6C616273026E6C00001000010000003C000803666F6F03626172
-txt02.types-signed.wb.sidnlabs.nl.	60	IN	TXT	"foo" "bar"
-0574787430320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001008050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00B61880BFFE98FB6CE1370A023F4EB5385060026D0E188AA2AE3799D6C134A3C30647EE9AB41045A1ED003890E21983A4354EFFDDEB572608CE7B1F8D54D4F1718B55A8D12828A49B870F620CDA20BB875C8C01F96A899EBE60B0F5CC48F04709B956DFFBF779267AD4196261197FE7B858FCB19E027679579AC211B15969070C
-txt02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TXT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. thiAv/6Y+2zhNwoCP061OFBgAm0OGIqirjeZ1sE0o8MGR+6atBBFoe0AOJDiGYOkNU7/3etXJgjOex+NVNTxcYtVqNEoKKSbhw9iDNogu4dcjAH5aomevmCw9cxI8EcJuVbf+/d5JnrUGWJhGX/nuFj8sZ4CdnlXmsIRsVlpBww= ;{id = 62298}
-0574787430320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574787430330C74797065732D7369676E6564027762087369646E6C616273026E6C000006000080000003
-txt02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	txt03.types-signed.wb.sidnlabs.nl. TXT RRSIG NSEC
-0574787430320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0069190076BB65B21AE47F094B08FBE8D1E9995630C1CF93E7102ECDE51D0B982C775969EF7B7545781D44F6BC2BDEEFC5C68B6D099ED6C39E9D628F191B98D2FE07278FA7F8B0EE2916FED9C88F512F06827B6E84FE984BB1C965C9C7B2DEB106BDF2A9E85EAB9194E8B365BE02C9FEE63E9A1BC0A1560A98C1B33C0CAA31A049
-txt02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. aRkAdrtlshrkfwlLCPvo0emZVjDBz5PnEC7N5R0LmCx3WWnve3VFeB1E9rwr3u/FxottCZ7Ww56dYo8ZG5jS/gcnj6f4sO4pFv7ZyI9RLwaCe26E/phLscllycey3rEGvfKp6F6rkZTos2W+Asn+5j6aG8ChVgqYwbM8DKoxoEk= ;{id = 62298}
-0574787430330C74797065732D7369676E6564027762087369646E6C616273026E6C00001000010000003C000403666F6F
-txt03.types-signed.wb.sidnlabs.nl.	60	IN	TXT	"foo"
-0574787430330C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001008050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C005A4BA080E4AAEEFDBA92DC3EDBBB72A429D0D8F2D9D144A4432A2A9DB4C74CAAF8BC5D5B0D96BE08C5F81826A7B27F1682A2F4AF14485EB29258230BADEBA8AE0F11AD39388026D0CA74806D67EAC9DEC3A545BB7D7735B90951845967DE471408BF7C02F8F1FAFD7AAA428A199669F46C1A6A9606FB20F5CC34CEFD66458513
-txt03.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TXT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. WkuggOSq7v26ktw+27typCnQ2PLZ0USkQyoqnbTHTKr4vF1bDZa+CMX4GCansn8WgqL0rxRIXrKSWCMLreuorg8RrTk4gCbQynSAbWfqyd7DpUW7fXc1uQlRhFln3kcUCL98Avjx+v16qkKKGZZp9GwaapYG+yD1zDTO/WZFhRM= ;{id = 62298}
-0574787430330C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574787430340C74797065732D7369676E6564027762087369646E6C616273026E6C000006000080000003
-txt03.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	txt04.types-signed.wb.sidnlabs.nl. TXT RRSIG NSEC
-0574787430330C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C009DD6B0FEB54F97547379B144F5F32F6A8253FC454D0DBC9B70C08995430C18A69640DDA102FE4C06F179C3952976C715BFEA4BA627A7414C5B0648A095B8FE03F4BF279A65A2FB34238F0315AC70D636A6EBA133AE3F6608324BABD1712119A4EC6F80F44803796BAA4A5A68ECDABA012284A5C6017074B141B6195D661E1FC4
-txt03.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. ndaw/rVPl1RzebFE9fMvaoJT/EVNDbybcMCJlUMMGKaWQN2hAv5MBvF5w5UpdscVv+pLpienQUxbBkiglbj+A/S/J5plovs0I48DFaxw1jam66Ezrj9mCDJLq9FxIRmk7G+A9EgDeWuqSlpo7Nq6ASKEpcYBcHSxQbYZXWYeH8Q= ;{id = 62298}
-0574787430340C74797065732D7369676E6564027762087369646E6C616273026E6C00001000010000003C000803666F6F03626172
-txt04.types-signed.wb.sidnlabs.nl.	60	IN	TXT	"foo" "bar"
-0574787430340C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001008050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C000C86EC0C5DE52EB9C3235EAC5F43DDDAF5C54BA22942AAFB304A926A51E70B43A17BD66648E87D6F52DF536CD948C8C6BD0E501B3BDBAAC02984461FFC7334F0C3755F616309D5F1CCC862E4BCD4B32B27455FBB0F509C266A0D22783DE0B6053AC86E2C39E9D36F130C4EDE2E6023A631A9400DDF90AD4DB169C6818D4A7869
-txt04.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TXT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. DIbsDF3lLrnDI16sX0Pd2vXFS6IpQqr7MEqSalHnC0Ohe9ZmSOh9b1LfU2zZSMjGvQ5QGzvbqsAphEYf/HM08MN1X2FjCdXxzMhi5LzUsysnRV+7D1CcJmoNIng94LYFOshuLDnp028TDE7eLmAjpjGpQA3fkK1NsWnGgY1KeGk= ;{id = 62298}
-0574787430340C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574787430350C74797065732D7369676E6564027762087369646E6C616273026E6C000006000080000003
-txt04.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	txt05.types-signed.wb.sidnlabs.nl. TXT RRSIG NSEC
-0574787430340C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00B5E9355D66E7E11E110C81F4C273DFC805261341C5E53914C80FD6D9DEFFB63FCF4B21D254E335804735985A38ADEF72CC02945A869C45E1D5B282493127CB44298415EC414015E631983C532C28F07CCFED89708D1DF85A4DCF942026E856EF9F35449024966BEE831BDF73B31F86CEA46EB0B6BE9EC44EDEE1896A6331CC44
-txt04.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. tek1XWbn4R4RDIH0wnPfyAUmE0HF5TkUyA/W2d7/tj/PSyHSVOM1gEc1mFo4re9yzAKUWoacReHVsoJJMSfLRCmEFexBQBXmMZg8Uywo8HzP7YlwjR34Wk3PlCAm6FbvnzVEkCSWa+6DG99zsx+GzqRusLa+nsRO3uGJamMxzEQ= ;{id = 62298}
-0574787430350C74797065732D7369676E6564027762087369646E6C616273026E6C00001000010000003C000807666F6F20626172
-txt05.types-signed.wb.sidnlabs.nl.	60	IN	TXT	"foo bar"
-0574787430350C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001008050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C002C3ECB6C8F92E28F8C3A18934B4BA8E4D585CE520CB897E9DD2F302274CA48A8592CE6911BE4BE5EFC82D6B3023BC5A0C15C6D1878E48A794A5853291085F5DEED67BCDC55B4B9E4557EB1238DB2F34AB85ACF1997F5A8BF0C8A27B2DD9E4CEB33FB9DA5741C024D17322935CC1764244E8B6CA1E821CEDE8354C5F25F545908
-txt05.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TXT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. LD7LbI+S4o+MOhiTS0uo5NWFzlIMuJfp3S8wInTKSKhZLOaRG+S+XvyC1rMCO8WgwVxtGHjkinlKWFMpEIX13u1nvNxVtLnkVX6xI42y80q4Ws8Zl/WovwyKJ7LdnkzrM/udpXQcAk0XMik1zBdkJE6LbKHoIc7eg1TF8l9UWQg= ;{id = 62298}
-0574787430350C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574787430360C74797065732D7369676E6564027762087369646E6C616273026E6C000006000080000003
-txt05.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	txt06.types-signed.wb.sidnlabs.nl. TXT RRSIG NSEC
-0574787430350C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00049035F97A89E76C0275504C3143A8C0F468C49785FD3994D2E30C4082CC855E57EC435D4435398148442C9ABDE07CC54DD66C433A9E847D11D2794578E43B78BFA1BBB7B2D4E9723643715B9A507DC02ABC48965EB42EE35B1CC91A82B353DC0CCF10C5F5D0EFD17CB1AF7E24782439690B886782824D89B95B621CFBB90167
-txt05.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. BJA1+XqJ52wCdVBMMUOowPRoxJeF/TmU0uMMQILMhV5X7ENdRDU5gUhELJq94HzFTdZsQzqehH0R0nlFeOQ7eL+hu7ey1OlyNkNxW5pQfcAqvEiWXrQu41scyRqCs1PcDM8QxfXQ79F8sa9+JHgkOWkLiGeCgk2JuVtiHPu5AWc= ;{id = 62298}
-0574787430360C74797065732D7369676E6564027762087369646E6C616273026E6C00001000010000003C000807666F6F20626172
-txt06.types-signed.wb.sidnlabs.nl.	60	IN	TXT	"foo bar"
-0574787430360C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001008050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C001693E3E25DCE053707AC78DB183FDC7D97CEFCBEBD3DBB9AF3EB173D150CB421AB3F7242386991FA2C090553E572AA332F33B88DA3E02B81E09F45A300A0E978DA00B29D7700B8D0EE4747558973FBDACC60E7F1766E7CD66A59D4D463B71551BA55B23692F434E9D07BF4C41C3120022677B86BC713426F995CB01E06B71668
-txt06.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TXT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. FpPj4l3OBTcHrHjbGD/cfZfO/L69Pbua8+sXPRUMtCGrP3JCOGmR+iwJBVPlcqozLzO4jaPgK4Hgn0WjAKDpeNoAsp13ALjQ7kdHVYlz+9rMYOfxdm581mpZ1NRjtxVRulWyNpL0NOnQe/TEHDEgAiZ3uGvHE0JvmVywHga3Fmg= ;{id = 62298}
-0574787430360C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574787430370C74797065732D7369676E6564027762087369646E6C616273026E6C000006000080000003
-txt06.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	txt07.types-signed.wb.sidnlabs.nl. TXT RRSIG NSEC
-0574787430360C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0085CD08D248F0B6D700EFDA6DB9B89A2591215DC1E0FC1DC53A870430111E422681FAF6485CD8F65E67E13079A9A6B129CC5EB74205A6702B15BD08167BE658E521B40B63D95D6871F4AD2B4144C2697703F53870BE805D6D4BD24D63436DFA0276D4C69F6AC83582E7F013B40CF6F81538C662E5A14EFFD122FEA3908BF649EB
-txt06.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. hc0I0kjwttcA79ptubiaJZEhXcHg/B3FOocEMBEeQiaB+vZIXNj2XmfhMHmpprEpzF63QgWmcCsVvQgWe+ZY5SG0C2PZXWhx9K0rQUTCaXcD9ThwvoBdbUvSTWNDbfoCdtTGn2rINYLn8BO0DPb4FTjGYuWhTv/RIv6jkIv2Ses= ;{id = 62298}
-0574787430370C74797065732D7369676E6564027762087369646E6C616273026E6C00001000010000003C000807666F6F20626172
-txt07.types-signed.wb.sidnlabs.nl.	60	IN	TXT	"foo bar"
-0574787430370C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001008050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C005B1F105472039EC943ED4692C8661E77DBC84CB3E69DD8186C116354CB8FE24B400D2A3337B493FDA45D43A1FCB7AD4415F02F2A558B0D7EFDF8EA48590F11B84380E6B510355AD342260D2C236F1AE74827A2C501AE5B4E957D9E5E81FED08B2862044F40700CDA6AEACF2C82980887AE7913832AED4BCABF9568B6A010AC64
-txt07.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TXT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Wx8QVHIDnslD7UaSyGYed9vITLPmndgYbBFjVMuP4ktADSozN7ST/aRdQ6H8t61EFfAvKlWLDX79+OpIWQ8RuEOA5rUQNVrTQiYNLCNvGudIJ6LFAa5bTpV9nl6B/tCLKGIET0BwDNpq6s8sgpgIh655E4Mq7UvKv5VotqAQrGQ= ;{id = 62298}
-0574787430370C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574787430380C74797065732D7369676E6564027762087369646E6C616273026E6C000006000080000003
-txt07.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	txt08.types-signed.wb.sidnlabs.nl. TXT RRSIG NSEC
-0574787430370C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00A350B2E5D3C33A32BC09D93C17A14A1CD88F223F2DD7DFF41CDAAC0B8BF8B31844C7239EBA15A32057A962AA9890F95D830E1F5C5B0E28913DC9466517DC6D298223CBDBAA26B9FEAAFB12E680F2EAFE0D42FD572A00BD315E3E949115D7126E2AFAE1FA9C6EA7F85E2C05BEF3FF31966537A4BC2C960DC8241182AE408EAF0B
-txt07.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. o1Cy5dPDOjK8Cdk8F6FKHNiPIj8t19/0HNqsC4v4sxhExyOeuhWjIFepYqqYkPldgw4fXFsOKJE9yUZlF9xtKYIjy9uqJrn+qvsS5oDy6v4NQv1XKgC9MV4+lJEV1xJuKvrh+pxup/heLAW+8/8xlmU3pLwslg3IJBGCrkCOrws= ;{id = 62298}
-0574787430380C74797065732D7369676E6564027762087369646E6C616273026E6C00001000010000003C000807666F6F0A626172
-txt08.types-signed.wb.sidnlabs.nl.	60	IN	TXT	"foo\010bar"
-0574787430380C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001008050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C007EAF50D5E3D3AFC367CB51F1F4F023F84610B30AAD49CD6582938222D77A36FB7CA10B78E76158405EAED1509E66E1FE4D61C8B9877455DC7AE7394267CE7108928F85B85FAB33240E45C1C2363F8BEE72F8EA4B7536EB15ADD57F0F769DF8C1BD39164FD2C75278F32E8ED7A1A8881C07992998BD82ABEAAD739426CD67ED8C
-txt08.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TXT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. fq9Q1ePTr8Nny1Hx9PAj+EYQswqtSc1lgpOCItd6Nvt8oQt452FYQF6u0VCeZuH+TWHIuYd0Vdx65zlCZ85xCJKPhbhfqzMkDkXBwjY/i+5y+OpLdTbrFa3Vfw92nfjBvTkWT9LHUnjzLo7XoaiIHAeZKZi9gqvqrXOUJs1n7Yw= ;{id = 62298}
-0574787430380C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574787430390C74797065732D7369676E6564027762087369646E6C616273026E6C000006000080000003
-txt08.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	txt09.types-signed.wb.sidnlabs.nl. TXT RRSIG NSEC
-0574787430380C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00045A9E069174356C639F3E496F82EA4649C1AC7D378C1F56E3C122E5811220D0DCE1C6BB2137DEBECAB61C68242AA6CDEC77D16E07BE9F0919A7E061DBD4825CAEFE9646A255EA15B902B54EBE6DC2B9B6479E78782A95EC492C0E3038A10A939DF5DBA202D6221F10CCFE2B07571C2D41784CB69A6D727211EFE533CF9F2060
-txt08.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. BFqeBpF0NWxjnz5Jb4LqRknBrH03jB9W48Ei5YESINDc4ca7ITfevsq2HGgkKqbN7HfRbge+nwkZp+Bh29SCXK7+lkaiVeoVuQK1Tr5twrm2R554eCqV7EksDjA4oQqTnfXbogLWIh8QzP4rB1ccLUF4TLaabXJyEe/lM8+fIGA= ;{id = 62298}
-0574787430390C74797065732D7369676E6564027762087369646E6C616273026E6C00001000010000003C000807666F6F0A626172
-txt09.types-signed.wb.sidnlabs.nl.	60	IN	TXT	"foo\010bar"
-0574787430390C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001008050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0004931F8D7A5AC5F385A61D80BBB4580A906ECF5F5DBC9A780B6D45BB4DDB10DEB4FE9E92739F56CF510C7602A5C22656323F689215DAD1AC28093BFFD8F1A4588890BD508ADA42705D1F6461CE85379C4F488D3684E85C24AD98974A80828E6791AB887E32F74132181C10C04A297ABFE52144AFE9E13CCD17EB4B639185D09E
-txt09.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TXT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. BJMfjXpaxfOFph2Au7RYCpBuz19dvJp4C21Fu03bEN60/p6Sc59Wz1EMdgKlwiZWMj9okhXa0awoCTv/2PGkWIiQvVCK2kJwXR9kYc6FN5xPSI02hOhcJK2Yl0qAgo5nkauIfjL3QTIYHBDASil6v+UhRK/p4TzNF+tLY5GF0J4= ;{id = 62298}
-0574787430390C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574787431300C74797065732D7369676E6564027762087369646E6C616273026E6C000006000080000003
-txt09.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	txt10.types-signed.wb.sidnlabs.nl. TXT RRSIG NSEC
-0574787430390C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0082E41AB417CF62A108879C393508BAA05D1104596E6A4D17CB3B51033B29AE41478CAA4E8FFB8836E749E5F59ECF5D6ABDA0FECA0915AEB908C1F59515B4D3BFD33A07544208CA58AE97EC2CD86D726B0B9574035F615FE1898631F783B5FCA249B7275256C08696E47073EDDCD21341CDD9E38332F7B20EC3339B25290CCD2E
-txt09.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. guQatBfPYqEIh5w5NQi6oF0RBFluak0XyztRAzsprkFHjKpOj/uINudJ5fWez11qvaD+ygkVrrkIwfWVFbTTv9M6B1RCCMpYrpfsLNhtcmsLlXQDX2Ff4YmGMfeDtfyiSbcnUlbAhpbkcHPt3NITQc3Z44My97IOwzObJSkMzS4= ;{id = 62298}
-0574787431300C74797065732D7369676E6564027762087369646E6C616273026E6C00001000010000003C000807666F6F20626172
-txt10.types-signed.wb.sidnlabs.nl.	60	IN	TXT	"foo bar"
-0574787431300C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001008050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00079ABF65F4B0AF532D43D8F7C87DB58EA95E7BC3BD8EC1F6DF89DB1E5D5DD8FF2B7B564817A3AFA521E7CA98F68599B7CC477D7E766957D2C0C7697313DA6032E49FA690E9263D87175EEEA7FC86310687450D052364D268EC5D2AE2A699362AFB758176549B98769D63A7D61F7649733797B55C437755671499D5B42903B842
-txt10.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TXT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. B5q/ZfSwr1MtQ9j3yH21jqlee8O9jsH234nbHl1d2P8re1ZIF6OvpSHnypj2hZm3zEd9fnZpV9LAx2lzE9pgMuSfppDpJj2HF17up/yGMQaHRQ0FI2TSaOxdKuKmmTYq+3WBdlSbmHadY6fWH3ZJczeXtVxDd1VnFJnVtCkDuEI= ;{id = 62298}
-0574787431300C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574787431310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000080000003
-txt10.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	txt11.types-signed.wb.sidnlabs.nl. TXT RRSIG NSEC
-0574787431300C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0009BB90E7994FE5F4F0F33ED788C31615092B594359BA645CE4C75B094FEA47A3EA3EDE2F963ED175826A6C2193C8017AE2C63311A7099C048CB9B5FAAC1B1F2640F014AFF45EB281A17FF1E16B20086178FF12525117191EF396F5C268FF82F6BF5885C30E7AAFD4E032490C6764310FDEB69CFEF340D3AE4F07EAC9975138E5
-txt10.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. CbuQ55lP5fTw8z7XiMMWFQkrWUNZumRc5MdbCU/qR6PqPt4vlj7RdYJqbCGTyAF64sYzEacJnASMubX6rBsfJkDwFK/0XrKBoX/x4WsgCGF4/xJSURcZHvOW9cJo/4L2v1iFww56r9TgMkkMZ2QxD962nP7zQNOuTwfqyZdROOU= ;{id = 62298}
-0574787431310C74797065732D7369676E6564027762087369646E6C616273026E6C00001000010000003C00060522666F6F22
-txt11.types-signed.wb.sidnlabs.nl.	60	IN	TXT	"\"foo\""
-0574787431310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001008050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0092018C6609F373A95EB06AEED7058650B80EA1F11E8C915D12A5E847876B346D71131ECC200373E797E0A27A59E4AC7253AA5B49BFB2DE2563087F2F4B8EE0265EB0FE2AD0994C44045A94312B4C9133DE780D1CA8613AED11EC6AE0FBDA71104FDF721CB9E81BB4AF78061ADE5934B3D15D1C69E3C4410939FC04CB07B99E99
-txt11.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TXT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. kgGMZgnzc6lesGru1wWGULgOofEejJFdEqXoR4drNG1xEx7MIANz55fgonpZ5KxyU6pbSb+y3iVjCH8vS47gJl6w/irQmUxEBFqUMStMkTPeeA0cqGE67RHsauD72nEQT99yHLnoG7SveAYa3lk0s9FdHGnjxEEJOfwEywe5npk= ;{id = 62298}
-0574787431310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574787431320C74797065732D7369676E6564027762087369646E6C616273026E6C000006000080000003
-txt11.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	txt12.types-signed.wb.sidnlabs.nl. TXT RRSIG NSEC
-0574787431310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0005A3586586F1ADEA3D768E15E2CA2329160249C380F804690E81D5EA553C8D28B6B8D7B3CCB7EC22CC6DCDD2786B400A415A8F627AB75E48216661FD1949347C674A490D10ED98C78ECC7798636534A986475988B0BBAC89E5415C091F3F733A5D82409FD46F136B84CCC87420DA2E04E3C8754C89332761E4FBC27173C0EBBD
-txt11.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. BaNYZYbxreo9do4V4sojKRYCScOA+ARpDoHV6lU8jSi2uNezzLfsIsxtzdJ4a0AKQVqPYnq3XkghZmH9GUk0fGdKSQ0Q7ZjHjsx3mGNlNKmGR1mIsLusieVBXAkfP3M6XYJAn9RvE2uEzMh0INouBOPIdUyJMydh5PvCcXPA670= ;{id = 62298}
-0574787431320C74797065732D7369676E6564027762087369646E6C616273026E6C00001000010000003C00060522666F6F22
-txt12.types-signed.wb.sidnlabs.nl.	60	IN	TXT	"\"foo\""
-0574787431320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001008050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00541ACC2F0568FC015005BA404D5302E45988D6EA7F98A63C2031569966F234F8B2A2530584498F9D359DDEA9FDF9680413C1818D1BA3F12F587ABCEE1CEE71819798AB193A0B1AAB8716B6D3D268E7D2901128D3D197A913E13F2ACB2B901503EE28A49DFC781837BC47141048C664F907CEE512CADCC34548747151F3A9F833
-txt12.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TXT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. VBrMLwVo/AFQBbpATVMC5FmI1up/mKY8IDFWmWbyNPiyolMFhEmPnTWd3qn9+WgEE8GBjRuj8S9YerzuHO5xgZeYqxk6Cxqrhxa209Jo59KQESjT0ZepE+E/KssrkBUD7iiknfx4GDe8RxQQSMZk+QfO5RLK3MNFSHRxUfOp+DM= ;{id = 62298}
-0574787431320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574797065310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000080000003
-txt12.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type1.types-signed.wb.sidnlabs.nl. TXT RRSIG NSEC
-0574787431320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00B01A2B49A52907AC1D54ADD42FD9111B1CF087E4690E5E0ACC6ACB5253EB5008C03088BF16E32F4691B132F908BF4A28D985AEFE4B7CC9D198906988EF012BFECA9CF1534AA029D7766AD2E98DE689CA7BD68FCC5236E0412688AA9D4454DE2BB476E802858DA45F5644493008D944F94EB4257C57DDF4FD1D3F0C078CBE8ACE
-txt12.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. sBorSaUpB6wdVK3UL9kRGxzwh+RpDl4KzGrLUlPrUAjAMIi/FuMvRpGxMvkIv0oo2YWu/kt8ydGYkGmI7wEr/sqc8VNKoCnXdmrS6Y3micp71o/MUjbgQSaIqp1EVN4rtHboAoWNpF9WREkwCNlE+U60JXxX3fT9HT8MB4y+is4= ;{id = 62298}
-0574797065310C74797065732D7369676E6564027762087369646E6C616273026E6C00000100010000003C0004D5881FDD
-type1.types-signed.wb.sidnlabs.nl.	60	IN	A	213.136.31.221
-0574797065310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000108050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C001E72D8B48B5B914AC2598422D3FE4CFB9F4396B15E8BDB3C61025D66BEF3BDFFCFE32FDBF73F3BDFC1BE5A1826AFFF918900E4413CF9DF200D70FAAE493A8F5FF297A19C940B294D55FAB9374FF9F21CD4DA0966CE45A197FC285C2497EB00E3973EECD3A2135D5DABDD736781425D33D7BE15CE312DEB3DC96B669B857B9940
-type1.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	A 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. HnLYtItbkUrCWYQi0/5M+59DlrFei9s8YQJdZr7zvf/P4y/b9z8738G+Whgmr/+RiQDkQTz53yANcPquSTqPX/KXoZyUCylNVfq5N0/58hzU2glmzkWhl/woXCSX6wDjlz7s06ITXV2r3XNngUJdM9e+Fc4xLes9yWtmm4V7mUA= ;{id = 62298}
-0574797065310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002D07747970653130340C74797065732D7369676E6564027762087369646E6C616273026E6C000006400000000003
-type1.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type104.types-signed.wb.sidnlabs.nl. A RRSIG NSEC
-0574797065310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C004BE03DAD5F34D73B25CBB1BA9D04DD4544DBC8870003A8690F7B6274F24F73525A5A715CBE54B7FE05B1869E7D01403DE3ADABE6A44F77C9AA7B5C3EAA9D7A0E58AAA5DDBC29CD61985C43172061BE3DC2C551DD53D4D7270C3384C26E9C98D835A16B8A81C7C30CF8356436EE26562421D79D17EAEFC1EA9C71BE518ECBD366
-type1.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. S+A9rV801zsly7G6nQTdRUTbyIcAA6hpD3tidPJPc1JaWnFcvlS3/gWxhp59AUA9462r5qRPd8mqe1w+qp16Dliqpd28Kc1hmFxDFyBhvj3CxVHdU9TXJwwzhMJunJjYNaFrioHHwwz4NWQ27iZWJCHXnRfq78HqnHG+UY7L02Y= ;{id = 62298}
-07747970653130340C74797065732D7369676E6564027762087369646E6C616273026E6C00006800010000003C000A000A0094019801520169
-type104.types-signed.wb.sidnlabs.nl.	60	IN	NID	10 0094:0198:0152:0169
-07747970653130340C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF006808050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00D566532AF6419B038FD5C8652BDE327C0008889DB84C480BCA508F22A9A51AD2145DE21C0AD1D44F1AB40C74433E7807E1B4D5FD23748B11F399FBA156CF506775953AE4BFCD76C88F14D5DB62936A291C082ABA77A0B3AB77BF30EB85A39967D95372C2117DF51E9FFFCF8F5C2B2281656EB77A04D7BC8830D3CBA8AB6667C3
-type104.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	NID 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. 1WZTKvZBmwOP1chlK94yfAAIiJ24TEgLylCPIqmlGtIUXeIcCtHUTxq0DHRDPngH4bTV/SN0ixHzmfuhVs9QZ3WVOuS/zXbIjxTV22KTaikcCCq6d6Czq3e/MOuFo5ln2VNywhF99R6f/8+PXCsigWVut3oE17yIMNPLqKtmZ8M= ;{id = 62298}
-07747970653130340C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10003507747970653130350C74797065732D7369676E6564027762087369646E6C616273026E6C00000E0000000000030000000000000080
-type104.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type105.types-signed.wb.sidnlabs.nl. RRSIG NSEC NID
-07747970653130340C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00B325AAB62B8B48111FE764A8AB15DB94B2C6E4807AEE43C3626E318AEB8CF1684D64E4D97F4951B0949A26DF27AEFF684DB1E2F8B78F6BCC071EDE041DE5E21103BF805E204DC211313E549821D39E0918CD667989619C4705E25B91E7962A432CC09BAAFDD1D39C4A36846E8017CFB5819B8036DED3953E77BD4E50D312D006
-type104.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. syWqtiuLSBEf52SoqxXblLLG5IB67kPDYm4xiuuM8WhNZOTZf0lRsJSaJt8nrv9oTbHi+LePa8wHHt4EHeXiEQO/gF4gTcIRMT5UmCHTngkYzWZ5iWGcRwXiW5HnlipDLMCbqv3R05xKNoRugBfPtYGbgDbe05U+d71OUNMS0AY= ;{id = 62298}
-07747970653130350C74797065732D7369676E6564027762087369646E6C616273026E6C00006900010000003C0006000AC0000201
-type105.types-signed.wb.sidnlabs.nl.	60	IN	L32	10 192.0.2.1
-07747970653130350C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF006908050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0018539C6E19DDDA7E8A3F64C209F027A5699490AC0A4A94E8E91AFA6381649248E35ADC2114D86F1CA04B87305215DE2649327248253759940068005A7CAED1EBA6217E7A493BC18498AE90995A9E8550E93C08F906D20F99408CA8D18B1AA20627DE5139B16A8266416B9FE9E1D2F10BA97AF0B2181856A80D338AED8A323D38
-type105.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	L32 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. GFOcbhnd2n6KP2TCCfAnpWmUkKwKSpTo6Rr6Y4FkkkjjWtwhFNhvHKBLhzBSFd4mSTJySCU3WZQAaABafK7R66YhfnpJO8GEmK6QmVqehVDpPAj5BtIPmUCMqNGLGqIGJ95RObFqgmZBa5/p4dLxC6l68LIYGFaoDTOK7YoyPTg= ;{id = 62298}
-07747970653130350C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10003507747970653130360C74797065732D7369676E6564027762087369646E6C616273026E6C00000E0000000000030000000000000040
-type105.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type106.types-signed.wb.sidnlabs.nl. RRSIG NSEC L32
-07747970653130350C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C001616926FFD37517788775845EDAD313ACB6586E3460D6C0A3C679D41F5449B8D5F0F2CDBD3F3B66A185017CBCE10706B0A82306DB13AAD9CF05D785A987B9D4A2AD6D6BD09CEC16BFA1CCFE3FAF33181466B19F1E49D60ED049F464CE04E4FF2AB2A4C50D0B07CC1DCC8B4C3ACA42A1F4F8C3EA82C428D705C1EF1CE6682EDEA
-type105.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. FhaSb/03UXeId1hF7a0xOstlhuNGDWwKPGedQfVEm41fDyzb0/O2ahhQF8vOEHBrCoIwbbE6rZzwXXhamHudSirW1r0JzsFr+hzP4/rzMYFGaxnx5J1g7QSfRkzgTk/yqypMUNCwfMHcyLTDrKQqH0+MPqgsQo1wXB7xzmaC7eo= ;{id = 62298}
-07747970653130360C74797065732D7369676E6564027762087369646E6C616273026E6C00006A00010000003C000A000A2A000D7800040503
-type106.types-signed.wb.sidnlabs.nl.	60	IN	L64	10 2a00:0d78:0004:0503
-07747970653130360C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF006A08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00AEF76EB3B886E8C728758AFB258A15F122A3D6239CBB859A2BA33D19E839A5B78DBCA9953E52BA342B00E8387DFAEE763425AF6E2853899E90578193BAD080A17CD6EBF6CFAB03BE1E4B677BCDB26B5FB7BD15AE8FB7A38BBE26A0BC03F1CF1C1A6F044CEDC7D8C12FD62E31467C3D3E607631A8876CF289E7A4B67E8BA8BB93
-type106.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	L64 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. rvdus7iG6McodYr7JYoV8SKj1iOcu4WaK6M9Geg5pbeNvKmVPlK6NCsA6Dh9+u52NCWvbihTiZ6QV4GTutCAoXzW6/bPqwO+Hktne82ya1+3vRWuj7eji74moLwD8c8cGm8ETO3H2MEv1i4xRnw9PmB2MaiHbPKJ56S2fouou5M= ;{id = 62298}
-07747970653130360C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10003507747970653130370C74797065732D7369676E6564027762087369646E6C616273026E6C00000E0000000000030000000000000020
-type106.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type107.types-signed.wb.sidnlabs.nl. RRSIG NSEC L64
-07747970653130360C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0085076B7E7134981FB306A9E7AE276BB519BF861218000BC2B5D5DEABFBA7DE5A198549064E73A0C1397769614FD378FEDDA4A28457D0D6C6B90A3E09D6C18B3C54F9A75F9EA066335B1DCC3CEB7DBD68F7AAA0E1C17B77E9D01083C80FBA7C4CA535266E44BD55C60FB03FBBB1D4672A36E017652E5234E262616E631D5E1D21
-type106.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. hQdrfnE0mB+zBqnnridrtRm/hhIYAAvCtdXeq/un3loZhUkGTnOgwTl3aWFP03j+3aSihFfQ1sa5Cj4J1sGLPFT5p1+eoGYzWx3MPOt9vWj3qqDhwXt36dAQg8gPunxMpTUmbkS9VcYPsD+7sdRnKjbgF2UuUjTiYmFuYx1eHSE= ;{id = 62298}
-07747970653130370C74797065732D7369676E6564027762087369646E6C616273026E6C00006B00010000003C001B000A0B6C36342D7375626E657431076578616D706C6503636F6D00
-type107.types-signed.wb.sidnlabs.nl.	60	IN	LP	10 l64-subnet1.example.com.
-07747970653130370C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF006B08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C006A9BCD9615969BC5451373A1A80686BAF4994D7F73E9D04F977E5683DBDF935F6C69E3C19E447B2717B70E9CF4F0016FAD4FDD71B9BDC0D70E77A8E52AE748573983FC9D3A579048F25AD9BC41F5EDD0EAE88613B66F28642876E18C2BD444AEAFCD4C3E42DFA8C1328B02C07AB899CBBF60AA676EAE2C779911066BB3FE77F9
-type107.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	LP 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. apvNlhWWm8VFE3OhqAaGuvSZTX9z6dBPl35Wg9vfk19saePBnkR7Jxe3Dpz08AFvrU/dcbm9wNcOd6jlKudIVzmD/J06V5BI8lrZvEH17dDq6IYTtm8oZCh24Ywr1ESur81MPkLfqMEyiwLAeriZy79gqmdurix3mREGa7P+d/k= ;{id = 62298}
-07747970653130370C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100034067479706531310C74797065732D7369676E6564027762087369646E6C616273026E6C00000E0000000000030000000000000010
-type107.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type11.types-signed.wb.sidnlabs.nl. RRSIG NSEC LP
-07747970653130370C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C005A6CB3E2ABFA42752071ADC3D73D83DF1C2C9E3C97807735797FACACB8B86CFEF0ADA194E5E0433B99A2501DDA9E478C6AE1FDB180FC63956ED945EAD07D81A25CDD90CF8E5486ADB00104AD0A1815350786FDF45AF9718329DD0917132EE20F22CB587A9AC13FC40D582BD9EEBE8AEEA6796658341C24D02E886B4462EE45D1
-type107.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Wmyz4qv6QnUgca3D1z2D3xwsnjyXgHc1eX+srLi4bP7wraGU5eBDO5miUB3ankeMauH9sYD8Y5Vu2UXq0H2BolzdkM+OVIatsAEErQoYFTUHhv30WvlxgyndCRcTLuIPIstYeprBP8QNWCvZ7r6K7qZ5Zlg0HCTQLohrRGLuRdE= ;{id = 62298}
-067479706531310C74797065732D7369676E6564027762087369646E6C616273026E6C00000B00010000003C000A0A00000106E00005A060
-type11.types-signed.wb.sidnlabs.nl.	60	IN	WKS	10.0.0.1 tcp 0 1 2 21 23 24 26 33 34
-067479706531310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000B08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C006CD9FF11E609BBB56BD60D0AEBD0E20B790ADB9D1926B5DA2E0770B717250B31A5D1C8FA96278125C3D124E3039EDDF04D065FB5D101DBB3FA7B9B4337D38E547773719AD5319CFD865A6A9307B27D2512F0325729C75CF22D59D9682D511D8565BA7157120A5E3E35934EF2FA27EF333142854B5B9EE47FCAC9062535A0C137
-type11.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	WKS 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. bNn/EeYJu7Vr1g0K69DiC3kK250ZJrXaLgdwtxclCzGl0cj6lieBJcPRJOMDnt3wTQZftdEB27P6e5tDN9OOVHdzcZrVMZz9hlpqkweyfSUS8DJXKcdc8i1Z2WgtUR2FZbpxVxIKXj41k07y+ifvMzFChUtbnuR/yskGJTWgwTc= ;{id = 62298}
-067479706531310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706531320C74797065732D7369676E6564027762087369646E6C616273026E6C000006001000000003
-type11.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type12.types-signed.wb.sidnlabs.nl. WKS RRSIG NSEC
-067479706531310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00B8CF3CFACBF9AA4ADC3236C72818F419380A7833836DBD70B2BB0162B204E76DEE2167FABAE9EC7830F3BA169AB36698F2407412DD4601157679EF8B9ACC246DD85BD74AA18D10E539B6BD83CBB79E0EC3FD70C22157EB29A837969B46A6A25ACB401307BA50B33DE75C7249031528595030907C6D69C5BB12800A2C49E8E570
-type11.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. uM88+sv5qkrcMjbHKBj0GTgKeDODbb1wsrsBYrIE523uIWf6uunseDDzuhaas2aY8kB0Et1GARV2ee+Lmswkbdhb10qhjRDlOba9g8u3ng7D/XDCIVfrKag3lptGpqJay0ATB7pQsz3nXHJJAxUoWVAwkHxtacW7EoAKLEno5XA= ;{id = 62298}
-067479706531320C74797065732D7369676E6564027762087369646E6C616273026E6C00000C00010000003C001D0C74797065732D7369676E6564027762087369646E6C616273026E6C00
-type12.types-signed.wb.sidnlabs.nl.	60	IN	PTR	types-signed.wb.sidnlabs.nl.
-067479706531320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000C08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00C79D7695C91FFB2FF4B3986ABE384F4DB95130DD19E04EA18CAC0024BE4FCADBE0BBA435E4360AC625E550F98D893ABDF715DC44F301DF9905EB2A340E88559A42267C8E75376A5B0B2C96097E0A83A99A0C72BDD9D29385644A76ABF5978244D56764DC9F25DB268133305E5C3C0D8A1A465B6E34C8449F918ED883991E4977
-type12.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	PTR 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. x512lckf+y/0s5hqvjhPTblRMN0Z4E6hjKwAJL5Pytvgu6Q15DYKxiXlUPmNiTq99xXcRPMB35kF6yo0DohVmkImfI51N2pbCyyWCX4Kg6maDHK92dKThWRKdqv1l4JE1Wdk3J8l2yaBMzBeXDwNihpGW240yESfkY7Yg5keSXc= ;{id = 62298}
-067479706531320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706531330C74797065732D7369676E6564027762087369646E6C616273026E6C000006000800000003
-type12.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type13.types-signed.wb.sidnlabs.nl. PTR RRSIG NSEC
-067479706531320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00D31A0EBF2678BC5C995D9A3FCF064436F5365C9778C8B43771582B9FF3380CE4C0FF0C5B2C8EF19C05E94F15228BBC397625667E40F34BBAC65110E82E098E18CFD08AE42BD7F99A8CC20B91408D872D16144945BE9D091F11D96D93B9C33B9D5DE9ABE7F3788F37287AAE1C2CD0EB6AAEAB5B1DEE430E558B00FE03A29EB656
-type12.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. 0xoOvyZ4vFyZXZo/zwZENvU2XJd4yLQ3cVgrn/M4DOTA/wxbLI7xnAXpTxUii7w5diVmfkDzS7rGURDoLgmOGM/QiuQr1/majMILkUCNhy0WFElFvp0JHxHZbZO5wzudXemr5/N4jzcoeq4cLNDraq6rWx3uQw5ViwD+A6KetlY= ;{id = 62298}
-067479706531330C74797065732D7369676E6564027762087369646E6C616273026E6C00000D00010000003C00161047656E6572696320504320636C6F6E65044D794F53
-type13.types-signed.wb.sidnlabs.nl.	60	IN	HINFO	"Generic PC clone" "MyOS"
-067479706531330C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000D08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0004D1AAC324F692573047C535FD3089BA83272A849ED383B7EA68090799D8AA5CC34AF84523A7D78700092677EFDE94086EE2A6654BC81350D795828ADB9AED8A2D4A87B89143E9F45867F03A621C5491738A30F7DC7C5A8D1A7E58FC629F395A67DCC92B033E75601568B7BD9E1805099BF0E1D0A78054EE617D639FBEAB7212
-type13.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	HINFO 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. BNGqwyT2klcwR8U1/TCJuoMnKoSe04O36mgJB5nYqlzDSvhFI6fXhwAJJnfv3pQIbuKmZUvIE1DXlYKK25rtii1Kh7iRQ+n0WGfwOmIcVJFzijD33HxajRp+WPxinzlaZ9zJKwM+dWAVaLe9nhgFCZvw4dCngFTuYX1jn76rchI= ;{id = 62298}
-067479706531330C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706531340C74797065732D7369676E6564027762087369646E6C616273026E6C000006000400000003
-type13.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type14.types-signed.wb.sidnlabs.nl. HINFO RRSIG NSEC
-067479706531330C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00C1E7153B155A3F6C42B416034430D2B8E98CFE61A5968928E30F4FAA92CAC5BC1F9B58C07BCCA999115309FE8D9F49971E41290E4B0762877B1CF358DC6F8AB7ADCCBA610BCB99D06E4CCE406E2FFBF3AF18C2023958273BD9EE43DDBA6B85B0369020B813B070E5616E67589AC9E1E2D2ADE8DDA94F7BEDF2157B3B7DF309F6
-type13.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. wecVOxVaP2xCtBYDRDDSuOmM/mGlloko4w9PqpLKxbwfm1jAe8ypmRFTCf6Nn0mXHkEpDksHYod7HPNY3G+Kt63MumELy5nQbkzOQG4v+/OvGMICOVgnO9nuQ926a4WwNpAguBOwcOVhbmdYmsnh4tKt6N2pT3vt8hV7O33zCfY= ;{id = 62298}
-067479706531340C74797065732D7369676E6564027762087369646E6C616273026E6C00000E00010000003C002209626F786D617374657203666F6F0362617200076D61696C626F7805746865726500
-type14.types-signed.wb.sidnlabs.nl.	60	IN	MINFO	boxmaster.foo.bar. mailbox.there.
-067479706531340C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000E08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00845C0F5672160BAFAA2964887EC2BFA70D525F041D199E84E745DAECCB541B1312BAACC94685B8824FD109568F0CC1C303C51625EE6FB8CDBF4058FD4F8359AB6BC46380A07B982CEF27F36B19743DFCADB6CE8EB9500194D3701D9C97C085B1CEE22EDE338D2C8A3745CD776FA62F6F40741F3897E8BD8A58417F77E7E11DC2
-type14.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MINFO 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. hFwPVnIWC6+qKWSIfsK/pw1SXwQdGZ6E50Xa7MtUGxMSuqzJRoW4gk/RCVaPDMHDA8UWJe5vuM2/QFj9T4NZq2vEY4Cge5gs7yfzaxl0Pfytts6OuVABlNNwHZyXwIWxzuIu3jONLIo3Rc13b6Yvb0B0HziX6L2KWEF/d+fhHcI= ;{id = 62298}
-067479706531340C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706531350C74797065732D7369676E6564027762087369646E6C616273026E6C000006000200000003
-type14.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type15.types-signed.wb.sidnlabs.nl. MINFO RRSIG NSEC
-067479706531340C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00317FEB3B70FDD1A7772BD7B8789BB69168FB7F4F3AB159B0569F0A1A9D8E0ED069DE7CDFD8E699CF804D04CEC124EA015C9B73E5DF207D6639ABD1145D99210786F4500C2930ACD5AD7A2711EF663CF8EBDFBCA7FF25F46ACF87FCE1185FBB6956179FD866BF79CA3D5E04D4D50921268FF41215D740B0D24E8788992575BFA1
-type14.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. MX/rO3D90ad3K9e4eJu2kWj7f086sVmwVp8KGp2ODtBp3nzf2OaZz4BNBM7BJOoBXJtz5d8gfWY5q9EUXZkhB4b0UAwpMKzVrXonEe9mPPjr37yn/yX0as+H/OEYX7tpVhef2Ga/eco9XgTU1QkhJo/0EhXXQLDSToeImSV1v6E= ;{id = 62298}
-067479706531350C74797065732D7369676E6564027762087369646E6C616273026E6C00000F00010000003C002E000A0E6D61696C646F65736E74776F726B0C74797065732D7369676E6564027762087369646E6C616273026E6C00
-type15.types-signed.wb.sidnlabs.nl.	60	IN	MX	10 maildoesntwork.types-signed.wb.sidnlabs.nl.
-067479706531350C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000F08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C006A50B273CB8EDE2AB15117DFA05C5808A787F7E9C86C4B79BBE38D429454E71F23721EF039ED45EF4EAF262EEBBD61656ADA7B54CCD57566CBF9C7C5E785B1058CF191ED365192896D548D6D9F5F8F3FB2BBB2A50198CD0911BBF86DA838EB38094B5FF57B3B10168DDFF0539127B3CE85347D440EA4212E1A13F3E04E53D122
-type15.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MX 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. alCyc8uO3iqxURffoFxYCKeH9+nIbEt5u+ONQpRU5x8jch7wOe1F706vJi7rvWFlatp7VMzVdWbL+cfF54WxBYzxke02UZKJbVSNbZ9fjz+yu7KlAZjNCRG7+G2oOOs4CUtf9Xs7EBaN3/BTkSezzoU0fUQOpCEuGhPz4E5T0SI= ;{id = 62298}
-067479706531350C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706531360C74797065732D7369676E6564027762087369646E6C616273026E6C000006000100000003
-type15.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type16.types-signed.wb.sidnlabs.nl. MX RRSIG NSEC
-067479706531350C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0055DA837B8FA08335692B8C3A42830DB7ACAA93296A3BFE075E0AFA16B858C1D9CFB019866EF5AEB858A0228A5A2C069B7AC6018263713A29E3C4ADC64721D93821D50FEEBD81027B0A9289D1523B6D15DBFC4A0817E85BDE88E7C18153E252BFA900C6C0030D997C30E03E16D8BBECCE896038BB43BAF831FCEE3E1DF2F9A75D
-type15.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. VdqDe4+ggzVpK4w6QoMNt6yqkylqO/4HXgr6FrhYwdnPsBmGbvWuuFigIopaLAabesYBgmNxOinjxK3GRyHZOCHVD+69gQJ7CpKJ0VI7bRXb/EoIF+hb3ojnwYFT4lK/qQDGwAMNmXww4D4W2LvszolgOLtDuvgx/O4+HfL5p10= ;{id = 62298}
-067479706531360C74797065732D7369676E6564027762087369646E6C616273026E6C00001000010000003C001405224A75737405736F6D65220122057465787422
-type16.types-signed.wb.sidnlabs.nl.	60	IN	TXT	"\"Just" "some\"" "\"" "text\""
-067479706531360C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001008050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C007B63449597EC2286BC37168C09C0505D6333A280D7A3C4DB5FD7B6DDB548B9A10E7B9632B732E0A3178AA09E41C57CDDF9C495B6833E8240B6F5FD86853F2D5AB77F09564E55BB3103FAA81EDF7AAB1F8BB872AE88DA4112B24B5469B8649E0568F01C4876759177A4EE9A0325B4E27B37B0EA89ABF99113F47F2C6BBB153327
-type16.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TXT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. e2NElZfsIoa8NxaMCcBQXWMzooDXo8TbX9e23bVIuaEOe5YytzLgoxeKoJ5BxXzd+cSVtoM+gkC29f2GhT8tWrd/CVZOVbsxA/qoHt96qx+LuHKuiNpBErJLVGm4ZJ4FaPAcSHZ1kXek7poDJbTiezew6omr+ZET9H8sa7sVMyc= ;{id = 62298}
-067479706531360C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706531370C74797065732D7369676E6564027762087369646E6C616273026E6C000006000080000003
-type16.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type17.types-signed.wb.sidnlabs.nl. TXT RRSIG NSEC
-067479706531360C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0022AF5481EA695CFE716B83587EA1076BFA323195721DC5A1A16E65C468C3621CAD395CA50F250DDB81360B17C8419C5CDDF54F53CE3CA0C34C97A843615D35C1BBC1A4F1EC2AAD74CE91F210952B19DC0314B20723E8525B01579879E1F376F7CB372AE3484BE995BC74091E9544E0A419125B32C47FB2211D2EAEF7EFC72B59
-type16.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Iq9UgeppXP5xa4NYfqEHa/oyMZVyHcWhoW5lxGjDYhytOVylDyUN24E2CxfIQZxc3fVPU848oMNMl6hDYV01wbvBpPHsKq10zpHyEJUrGdwDFLIHI+hSWwFXmHnh83b3yzcq40hL6ZW8dAkelUTgpBkSWzLEf7IhHS6u9+/HK1k= ;{id = 62298}
-067479706531370C74797065732D7369676E6564027762087369646E6C616273026E6C00001100010000003C002200037478740C74797065732D7369676E6564027762087369646E6C616273026E6C00
-type17.types-signed.wb.sidnlabs.nl.	60	IN	RP	. txt.types-signed.wb.sidnlabs.nl.
-067479706531370C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001108050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0036A94354CE471C31EC3AC3783BA4187D6DCC614A0DC78544D33C6FB41970B7EC9D867C656E2BFB1BCA40722515AED2BA7ECC666BAB671E7AB4457501B94D03534828F63F406E377D6ED8D098636D467DF1CC92A9D31E59014766098165D439B3DB9B221A24078330D7DED6E66D271183BDE9FE4C6DEFF07BFC9AF34DE2030FED
-type17.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	RP 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. NqlDVM5HHDHsOsN4O6QYfW3MYUoNx4VE0zxvtBlwt+ydhnxlbiv7G8pAciUVrtK6fsxma6tnHnq0RXUBuU0DU0go9j9Abjd9btjQmGNtRn3xzJKp0x5ZAUdmCYFl1Dmz25siGiQHgzDX3tbmbScRg73p/kxt7/B7/JrzTeIDD+0= ;{id = 62298}
-067479706531370C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706531380C74797065732D7369676E6564027762087369646E6C616273026E6C000006000040000003
-type17.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type18.types-signed.wb.sidnlabs.nl. RP RRSIG NSEC
-067479706531370C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0055936C79CC62D1B06E6DE44F56CAED4C95D1F1B388142ED365F5295268AE689233822EE68973F170DA90025B970E0B12CFF51142582C62CB39D307A6A350C42621522CBCFDFDD9CC55EBBDAE3F09D75F371757F1B8F4104F54B564B92B97ED12FB870169C44EAB4C1B26FEF0D8332630E07DE038773C728E58E073CC396FEFFB
-type17.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. VZNsecxi0bBubeRPVsrtTJXR8bOIFC7TZfUpUmiuaJIzgi7miXPxcNqQAluXDgsSz/URQlgsYss50wemo1DEJiFSLLz9/dnMVeu9rj8J1183F1fxuPQQT1S1ZLkrl+0S+4cBacROq0wbJv7w2DMmMOB94Dh3PHKOWOBzzDlv7/s= ;{id = 62298}
-067479706531380C74797065732D7369676E6564027762087369646E6C616273026E6C00001200010000003C00273039076166736E6F64650C74797065732D7369676E6564027762087369646E6C616273026E6C00
-type18.types-signed.wb.sidnlabs.nl.	60	IN	AFSDB	12345 afsnode.types-signed.wb.sidnlabs.nl.
-067479706531380C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001208050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00610CFAFDED06A23B267830F4EC89B66D07B6E102FE55B3E3821E520AB6E72D514B1C060FC4DB5A27F12B1C34F40E2D99A57AB8E7547682AF1C562D0E6B6A27E7D83380D769E6D109FBD7F398E8DD6BB6ADBB457B906D439EE328A9B889DE1443DB4905F2AA7C06AB26DBB42C3007A22A2A818DEF64F4012322DF09931BE3156C
-type18.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	AFSDB 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. YQz6/e0GojsmeDD07Im2bQe24QL+VbPjgh5SCrbnLVFLHAYPxNtaJ/ErHDT0Di2ZpXq451R2gq8cVi0Oa2on59gzgNdp5tEJ+9fzmOjda7atu0V7kG1DnuMoqbiJ3hRD20kF8qp8Bqsm27QsMAeiKiqBje9k9AEjIt8JkxvjFWw= ;{id = 62298}
-067479706531380C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706531390C74797065732D7369676E6564027762087369646E6C616273026E6C000006000020000003
-type18.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type19.types-signed.wb.sidnlabs.nl. AFSDB RRSIG NSEC
-067479706531380C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C009DA2934C057BE75EEA6016192CF88374021A4575633A69AE87BF7A495DCB3BEC6D23C176963EB76BEDF5907E2C27F317A66E6039B789A6FE8CCE3AA0EBC9E3CB8052072B5499F9F75923A1C8A43548EC2CEA0DC5DAC27B8EBD478A75EDD9605A2F2B9BEAC700B8E4C34295CB3D7BCDD49CEE346504812F1F97AC957E7493F809
-type18.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. naKTTAV7517qYBYZLPiDdAIaRXVjOmmuh796SV3LO+xtI8F2lj63a+31kH4sJ/MXpm5gObeJpv6Mzjqg68njy4BSBytUmfn3WSOhyKQ1SOws6g3F2sJ7jr1HinXt2WBaLyub6scAuOTDQpXLPXvN1JzuNGUEgS8fl6yVfnST+Ak= ;{id = 62298}
-067479706531390C74797065732D7369676E6564027762087369646E6C616273026E6C00001300010000003C000B0A33303333303333303333
-type19.types-signed.wb.sidnlabs.nl.	60	IN	X25	"3033033033"
-067479706531390C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001308050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00CB1435F13DA39A918CDEEE1BA9C5BD15EBA402434DF0A1363A0DDC6CF6FC0E046A5E50CE334C8DCA099A1872A932DDCF1E55FF6EBF33362C6B65F6A11D73C307E20ADFE3F05A032478976D9146CF01B1E29C28B09CEB8E853C6E9D2995C2E18028DF98275E327DC99847160D7BC819B5E3FF3EA7254C8AC333AAF69E203999C5
-type19.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	X25 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. yxQ18T2jmpGM3u4bqcW9FeukAkNN8KE2Og3cbPb8DgRqXlDOM0yNygmaGHKpMt3PHlX/br8zNixrZfahHXPDB+IK3+PwWgMkeJdtkUbPAbHinCiwnOuOhTxunSmVwuGAKN+YJ14yfcmYRxYNe8gZteP/PqclTIrDM6r2niA5mcU= ;{id = 62298}
-067479706531390C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706532300C74797065732D7369676E6564027762087369646E6C616273026E6C000006000010000003
-type19.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type20.types-signed.wb.sidnlabs.nl. X25 RRSIG NSEC
-067479706531390C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0030D30AEA9FC35111E7D134FB0DB48EC3E6DAEEF2019B03742011ADE10C592C2CB98CE1EE86921F718B57783FACFB2791760A64AA9E102DA23F7AA5F095A313C52F3273F4189A857D94A180AE7235BB6FFDE7863199C29F664AD1B5A0435A1D667C114EFE198DCD735D5322A962702196D7766EF29FFDFB394C4A5A6AB48CDD91
-type19.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. MNMK6p/DURHn0TT7DbSOw+ba7vIBmwN0IBGt4QxZLCy5jOHuhpIfcYtXeD+s+yeRdgpkqp4QLaI/eqXwlaMTxS8yc/QYmoV9lKGArnI1u2/954YxmcKfZkrRtaBDWh1mfBFO/hmNzXNdUyKpYnAhltd2bvKf/fs5TEpaarSM3ZE= ;{id = 62298}
-067479706532300C74797065732D7369676E6564027762087369646E6C616273026E6C00001400010000003C00180C6973646E2D616464726573730A73756261646472657373
-type20.types-signed.wb.sidnlabs.nl.	60	IN	ISDN	"isdn-address" "subaddress"
-067479706532300C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001408050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C003E87F64D1DAC92B9DE83228DCDDE1FFE0A89C746BB3906DB1768A1BDCBC6CA6F29010D384BFD2ED7E4CD9E470C4BBFE53BB5DC62C484B564CC601F787DCA90ECB6A2294F7128E936899C6D3068F8378E9E0530B6101B389647CED450B5663DCB5CC2D2C28C5EC8990E5895F3220AA50C7969A223B716F4BF0D5B3FAE69AEF792
-type20.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	ISDN 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Pof2TR2skrnegyKNzd4f/gqJx0a7OQbbF2ihvcvGym8pAQ04S/0u1+TNnkcMS7/lO7XcYsSEtWTMYB94fcqQ7LaiKU9xKOk2iZxtMGj4N46eBTC2EBs4lkfO1FC1Zj3LXMLSwoxeyJkOWJXzIgqlDHlpoiO3FvS/DVs/rmmu95I= ;{id = 62298}
-067479706532300C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706532310C74797065732D7369676E6564027762087369646E6C616273026E6C000006000008000003
-type20.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type21.types-signed.wb.sidnlabs.nl. ISDN RRSIG NSEC
-067479706532300C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00295C19B04B2FEC64F9740D0C8DA48CAE00A7AF61502486FEC0384F1F82C6265A9ADA0C1462F74297643F105642B7157743A993086B005F8E86936C9D57D706E2BA52DAF0FC6A5C42FF19B45B60BACE3F9E1023F809738728600CD42F7464DD29F5F1F3CCF08A0FC70758B28F8B8EC25CE27F86440D430644CD44221B9F6626B0
-type20.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. KVwZsEsv7GT5dA0MjaSMrgCnr2FQJIb+wDhPH4LGJlqa2gwUYvdCl2Q/EFZCtxV3Q6mTCGsAX46Gk2ydV9cG4rpS2vD8alxC/xm0W2C6zj+eECP4CXOHKGAM1C90ZN0p9fHzzPCKD8cHWLKPi47CXOJ/hkQNQwZEzUQiG59mJrA= ;{id = 62298}
-067479706532310C74797065732D7369676E6564027762087369646E6C616273026E6C00001500010000003C0026000A067274686F73740C74797065732D7369676E6564027762087369646E6C616273026E6C00
-type21.types-signed.wb.sidnlabs.nl.	60	IN	RT	10 rthost.types-signed.wb.sidnlabs.nl.
-067479706532310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001508050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00526E5CF996A1A75CA27CC6E8E3608C4ECEAF96154012257FE2F8DDE3549525283DC1D69F2C5C593C5C4D44E736AA6A863D1D4353E44D71FEEEE3B006D6395DE8F28134F55212BFD10EB6F91824E831D3CF3CC830A79799F6D53D5ADB887FA2FE92211DCD27FB23DD7B1B248B60F9EF0B21C8A9F1489779F09D24A4BEE2C3B865
-type21.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	RT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Um5c+Zahp1yifMbo42CMTs6vlhVAEiV/4vjd41SVJSg9wdafLFxZPFxNROc2qmqGPR1DU+RNcf7u47AG1jld6PKBNPVSEr/RDrb5GCToMdPPPMgwp5eZ9tU9WtuIf6L+kiEdzSf7I917GySLYPnvCyHIqfFIl3nwnSSkvuLDuGU= ;{id = 62298}
-067479706532310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706532320C74797065732D7369676E6564027762087369646E6C616273026E6C000006000004000003
-type21.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type22.types-signed.wb.sidnlabs.nl. RT RRSIG NSEC
-067479706532310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C007D9960A3FE9ED8906407B2F05C300C805CE4C83A2E74E863AE234E4A144E6B210D3B22BB949484D73DC8D0A4C7959552691CF341529339A995A974C31F37CA8857F12E384D1FDF4FCF55D130B84F03A6F4D57CBB31126B0C22E2E8AA02B22135ACE68A49CE587D6411438A410017AEC9346B2E7CB3CD6C3C9E20721620E78B23
-type21.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. fZlgo/6e2JBkB7LwXDAMgFzkyDoudOhjriNOShROayENOyK7lJSE1z3I0KTHlZVSaRzzQVKTOamVqXTDHzfKiFfxLjhNH99Pz1XRMLhPA6b01Xy7MRJrDCLi6KoCsiE1rOaKSc5YfWQRQ4pBABeuyTRrLnyzzWw8niByFiDniyM= ;{id = 62298}
-067479706532320C74797065732D7369676E6564027762087369646E6C616273026E6C00001600010000003C001447000580005A0000000001E133FFFFFF00016100
-type22.types-signed.wb.sidnlabs.nl.	60	IN	NSAP	0x47000580005A0000000001E133FFFFFF00016100
-067479706532320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001608050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C005EF66E752297DFD1983E3543632EC347E983B86CB3FC75B0436C3CBB09DD07E46239B4BC92D1FA7437984D3BCA73000A11CB7FD2DB447C98060427A27A3206D4F2AEAB92D6136934E83D3084D9157B7F1E1818FA76A9B3A2200554AC0384106F3CA0F3580C5C5A73DAB9CED2F43364ED58F1F25580510EEBF744336351091B86
-type22.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	NSAP 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. XvZudSKX39GYPjVDYy7DR+mDuGyz/HWwQ2w8uwndB+RiObS8ktH6dDeYTTvKcwAKEct/0ttEfJgGBCeiejIG1PKuq5LWE2k06D0whNkVe38eGBj6dqmzoiAFVKwDhBBvPKDzWAxcWnPauc7S9DNk7Vjx8lWAUQ7r90QzY1EJG4Y= ;{id = 62298}
-067479706532320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706532360C74797065732D7369676E6564027762087369646E6C616273026E6C000006000002000003
-type22.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type26.types-signed.wb.sidnlabs.nl. NSAP RRSIG NSEC
-067479706532320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C003EFCB61BD5CC7518A211C94BF9930F665CD8E52BB76DAD551CD9D84A9815989953F060F9192052096532DB5E22E02A63F2F8233AB423D8EA5D538445E08592D0DF88F6A0452D840D3914EEA4F21781A7E13CDFC622EB4C5CF037BE57F02D6B858E6606C9F7A3E916290ABD249898337C5967DA0EF364984369A71DFF9C85E38E
-type22.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Pvy2G9XMdRiiEclL+ZMPZlzY5Su3ba1VHNnYSpgVmJlT8GD5GSBSCWUy214i4Cpj8vgjOrQj2OpdU4RF4IWS0N+I9qBFLYQNORTupPIXgafhPN/GIutMXPA3vlfwLWuFjmYGyfej6RYpCr0kmJgzfFln2g7zZJhDaacd/5yF444= ;{id = 62298}
-067479706532360C74797065732D7369676E6564027762087369646E6C616273026E6C00001A00010000003C004B000A066D61703832320C74797065732D7369676E6564027762087369646E6C616273026E6C00076D6170783430300C74797065732D7369676E6564027762087369646E6C616273026E6C00
-type26.types-signed.wb.sidnlabs.nl.	60	IN	PX	10 map822.types-signed.wb.sidnlabs.nl. mapx400.types-signed.wb.sidnlabs.nl.
-067479706532360C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001A08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0007BC7E6C58CCE5E16BF4CFA26F477CD74804445F84883BE10554235BA6B94900A14957C43BF8FB303ED7113174BC69CB6070BA5018B1567A707EF3E9D5CE0560E9BDD6D8862FAB070717C6F9F60F8B043FFDC228680061DBC169A5F487165578D7EB178DCA0AC3675C2337021926099789A1BD72DF6FEFACA81E7D9739C79ABF
-type26.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	PX 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. B7x+bFjM5eFr9M+ib0d810gERF+EiDvhBVQjW6a5SQChSVfEO/j7MD7XETF0vGnLYHC6UBixVnpwfvPp1c4FYOm91tiGL6sHBxfG+fYPiwQ//cIoaABh28FppfSHFlV41+sXjcoKw2dcIzcCGSYJl4mhvXLfb++sqB59lznHmr8= ;{id = 62298}
-067479706532360C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706532370C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000200003
-type26.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type27.types-signed.wb.sidnlabs.nl. PX RRSIG NSEC
-067479706532360C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00B37F1C2B73BB1D6A5EE4A53E2E9E8F893F0A4E20FD62BC7C1C56D2A40D59AC7CD25157555FC677BB9DCAA76C3F07710B381DBB61EEF2A8896A67F1AF40107DFC5BD74B62593ACFFBE407DEA015E12D72294725BDC7B8218FDC5E991A5676CC9BAC59B8A2D743F3A3A479226167D54973C7DAE32267D2AD6DE873CC8ABDCFA07E
-type26.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. s38cK3O7HWpe5KU+Lp6PiT8KTiD9Yrx8HFbSpA1ZrHzSUVdVX8Z3u53Kp2w/B3ELOB27Ye7yqIlqZ/GvQBB9/FvXS2JZOs/75AfeoBXhLXIpRyW9x7ghj9xemRpWdsybrFm4otdD86OkeSJhZ9VJc8fa4yJn0q1t6HPMir3PoH4= ;{id = 62298}
-067479706532370C74797065732D7369676E6564027762087369646E6C616273026E6C00001B00010000003C00120532332E36370532332E36370532332E3637
-type27.types-signed.wb.sidnlabs.nl.	60	IN	GPOS	23.67 23.67 23.67
-067479706532370C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001B08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0013BF8CA0C46CABE234D3A0D55A9D4D2A30449E21A25E889DBAE3499A2C567B8F652C2CB2F67A83767D6B5963205F7FBF83A79318E702C558E30688507E062029FCF4EBD2EC5DEE7DFEB6C3C2F326131920401A05444AAA326CC9D118139C43A4A0DC834ECE3ECF883DAC78B03031F15432A5ACD4331587F43B22176CBA0A6E14
-type27.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	GPOS 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. E7+MoMRsq+I006DVWp1NKjBEniGiXoiduuNJmixWe49lLCyy9nqDdn1rWWMgX3+/g6eTGOcCxVjjBohQfgYgKfz069LsXe59/rbDwvMmExkgQBoFREqqMmzJ0RgTnEOkoNyDTs4+z4g9rHiwMDHxVDKlrNQzFYf0OyIXbLoKbhQ= ;{id = 62298}
-067479706532370C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706532380C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000100003
-type27.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type28.types-signed.wb.sidnlabs.nl. GPOS RRSIG NSEC
-067479706532370C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C005FA879F3D1C9D30ACAB487853ABD326942CF6FAC281F629AE5B65DAF5095824E1C3AEE6D368FFCD0AB912540E07A08C0F002C91671C910D25B07EAE86E05BE30C8C776B771623DFA92623A54DAD4215E5FECC6AA5409C43C5C1A9E61F523C22C32B602B685B21D2AD1C0DB1BDA0437FAC962A8CF6E4D7B38AECC4B709255924C
-type27.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. X6h589HJ0wrKtIeFOr0yaULPb6woH2Ka5bZdr1CVgk4cOu5tNo/80KuRJUDgegjA8ALJFnHJENJbB+robgW+MMjHdrdxYj36kmI6VNrUIV5f7MaqVAnEPFwanmH1I8IsMrYCtoWyHSrRwNsb2gQ3+sliqM9uTXs4rsxLcJJVkkw= ;{id = 62298}
-067479706532380C74797065732D7369676E6564027762087369646E6C616273026E6C00001C00010000003C0010200107B80C0500000000000000800004
-type28.types-signed.wb.sidnlabs.nl.	60	IN	AAAA	2001:7b8:c05::80:4
-067479706532380C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001C08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00AA2FC22A85C6F37F758FE28B30415328F22C239286C97766EE24E56F365A5453FEF070C066BA639FD13E6BD65FAE8744C42DAC0FBB3334491A3A46E14C01062D5994116D8E6A341C64B7A15AC59488B7B1BE1A4380A7D67DD87900950AB5077E7C5F6493E3587EA81CDA9D10553EED1818664B133A0A7BEE50A607FC4699035A
-type28.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	AAAA 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. qi/CKoXG8391j+KLMEFTKPIsI5KGyXdm7iTlbzZaVFP+8HDAZrpjn9E+a9ZfrodExC2sD7szNEkaOkbhTAEGLVmUEW2OajQcZLehWsWUiLexvhpDgKfWfdh5AJUKtQd+fF9kk+NYfqgc2p0QVT7tGBhmSxM6CnvuUKYH/EaZA1o= ;{id = 62298}
-067479706532380C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706532390C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000080003
-type28.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type29.types-signed.wb.sidnlabs.nl. AAAA RRSIG NSEC
-067479706532380C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0044B6B17BB55C82073DC54D291632081B6486C5A743118D087DC012E962033FF5492A413106B452EB1F0687A174FA95E251F88D6CF177FCCC4B6B99CA73646978B526DE12CAFFA14B8078FCF354C009A85E6AD84DC7C5BBD4F0BABD43B487F282CB9EC4D157C4773C377388BE840C0C0D933308E0E30AA7377BB7AD488D22BFA9
-type28.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. RLaxe7Vcggc9xU0pFjIIG2SGxadDEY0IfcAS6WIDP/VJKkExBrRS6x8Gh6F0+pXiUfiNbPF3/MxLa5nKc2RpeLUm3hLK/6FLgHj881TACaheathNx8W71PC6vUO0h/KCy57E0VfEdzw3c4i+hAwMDZMzCODjCqc3e7etSI0iv6k= ;{id = 62298}
-067479706532390C74797065732D7369676E6564027762087369646E6C616273026E6C00001D00010000003C0010002325238CE82360854A10A000989A68
-type29.types-signed.wb.sidnlabs.nl.	60	IN	LOC	60 09 00.000 N 24 39 00.000 E 10m 20m 2000m 20m
-067479706532390C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001D08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00773797EE5E6DFECA51B59E29778C2A298852D0C43ECF4881F669C3D6899167DCBCA965B2CDEE827C8A3FD56B8B15A18B667FDEE9F26776F1FFA32587C0707707FD8F27F035D4F94114EAD802A35654E7E2F300F7FA1D9EC9B7693CFDF6655BCB3C70D6FB2C19CC4D4FA7DC2AD97531CA030F8F18F1393268A20E7581461B87FE
-type29.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	LOC 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. dzeX7l5t/spRtZ4pd4wqKYhS0MQ+z0iB9mnD1omRZ9y8qWWyze6CfIo/1WuLFaGLZn/e6fJndvH/oyWHwHB3B/2PJ/A11PlBFOrYAqNWVOfi8wD3+h2eybdpPP32ZVvLPHDW+ywZzE1Pp9wq2XUxygMPjxjxOTJoog51gUYbh/4= ;{id = 62298}
-067479706532390C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574797065330C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000040003
-type29.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type3.types-signed.wb.sidnlabs.nl. LOC RRSIG NSEC
-067479706532390C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00BDB57CC449238634F579867CBD19A93EE5F5A54704529643D9EB855F8E713775627A8E64AD9167D0E4DAD169AD5726296C1C1627004310BD1F6DFD571C19C1782C2B14344AEF07407CAC85049478BBF755E62FC044ED7F8174E8CA99534B72487695D199BF89ED46731D50AF17EB15A2BA89F1935ED81AFF6F4A83E6F122FE51
-type29.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. vbV8xEkjhjT1eYZ8vRmpPuX1pUcEUpZD2euFX45xN3Vieo5krZFn0OTa0WmtVyYpbBwWJwBDEL0fbf1XHBnBeCwrFDRK7wdAfKyFBJR4u/dV5i/ARO1/gXToyplTS3JIdpXRmb+J7UZzHVCvF+sVorqJ8ZNe2Br/b0qD5vEi/lE= ;{id = 62298}
-0574797065330C74797065732D7369676E6564027762087369646E6C616273026E6C00000300010000003C002D0F6D61696C64657374696E6174696F6E0C74797065732D7369676E6564027762087369646E6C616273026E6C00
-type3.types-signed.wb.sidnlabs.nl.	60	IN	MD	maildestination.types-signed.wb.sidnlabs.nl.
-0574797065330C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000308050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0074C05F690F450A80517066CF8B10B270801C46C6E1698DCC77377BBBC2DE4197325608D92F0A1EB7B947C176663306F199FDA45D800DA6DB817004EE2B5CF851C8DF743F1FF70A002EA5736657EAA9BB96FF7500AFA9B6FF72DD11FA10EF3829F0D31677A9DDCF779E76CD04CF9509A4BB72532C552E1032FB5BA4871CD90754
-type3.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MD 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. dMBfaQ9FCoBRcGbPixCycIAcRsbhaY3Mdzd7u8LeQZcyVgjZLwoet7lHwXZmMwbxmf2kXYANptuBcATuK1z4UcjfdD8f9woALqVzZlfqqbuW/3UAr6m2/3LdEfoQ7zgp8NMWd6ndz3eeds0Ez5UJpLtyUyxVLhAy+1ukhxzZB1Q= ;{id = 62298}
-0574797065330C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706533330C74797065732D7369676E6564027762087369646E6C616273026E6C000006100000000003
-type3.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type33.types-signed.wb.sidnlabs.nl. MD RRSIG NSEC
-0574797065330C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00BD5A512FED79316CC332589D316A1E86D20F7FBF33917092964744E7C31DFDF5AB848BF43FDD2E2A779C37D55CF20B7E1BFD33619AB427696AE377915F12BD17789C9CD3E72AAE5C1FBF71C148D4600E38449CA9F89A00EA7D9A49152D9950DAA2A804A5E54AC8769A76EA34130C76CDD9CA4508B31DAE6118D2D0C31E88D4BA
-type3.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. vVpRL+15MWzDMlidMWoehtIPf78zkXCSlkdE58Md/fWrhIv0P90uKnecN9Vc8gt+G/0zYZq0J2lq43eRXxK9F3icnNPnKq5cH79xwUjUYA44RJyp+JoA6n2aSRUtmVDaoqgEpeVKyHaaduo0Ewx2zdnKRQizHa5hGNLQwx6I1Lo= ;{id = 62298}
-067479706533330C74797065732D7369676E6564027762087369646E6C616273026E6C00002100010000003C0030FFFFFFFFFFFF0C6F6C642D736C6F772D626F780C74797065732D7369676E6564027762087369646E6C616273026E6C00
-type33.types-signed.wb.sidnlabs.nl.	60	IN	SRV	65535 65535 65535 old-slow-box.types-signed.wb.sidnlabs.nl.
-067479706533330C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002108050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0054BF20268131FF6311F93EDA4B52FAE5644280659E9CE17AF40E93C0FDA769CAFB0EE7B2BA240E298FB7C4CF5FBBE078D8D0DBB331D0C22725DC6F8DC044B48B3A69E78CBA1D1F2FC3F7E01035B4D1026308C328C79BBF07918A7E20A0EFF091A9020909E4A3EF97629A699383F6EB299B6F8C8A5CCDB48B77C889C176F24C53
-type33.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	SRV 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. VL8gJoEx/2MR+T7aS1L65WRCgGWenOF69A6TwP2nacr7DueyuiQOKY+3xM9fu+B42NDbszHQwicl3G+NwES0izpp54y6HR8vw/fgEDW00QJjCMMox5u/B5GKfiCg7/CRqQIJCeSj75dimmmTg/brKZtvjIpczbSLd8iJwXbyTFM= ;{id = 62298}
-067479706533330C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706533350C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000004003
-type33.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type35.types-signed.wb.sidnlabs.nl. SRV RRSIG NSEC
-067479706533330C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0033A38561B0A2A9948105A8121B1EED11A796A2DF882E743034A5121FC9A8ACC02C67DC9C9293B2ABBA18D97ED3D36243492FF4647C9047452E907EC10FBD99E1D80C23327C9E6D21A1ABBFB1202346959167956891FF581335C42AF45DC2A73AABE2E34FC2AE59578A30AF70FAE04FEB08184B9028F87A95D2182D6CD9E3611A
-type33.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. M6OFYbCiqZSBBagSGx7tEaeWot+ILnQwNKUSH8morMAsZ9yckpOyq7oY2X7T02JDSS/0ZHyQR0UukH7BD72Z4dgMIzJ8nm0hoau/sSAjRpWRZ5Vokf9YEzXEKvRdwqc6q+LjT8KuWVeKMK9w+uBP6wgYS5Ao+HqV0hgtbNnjYRo= ;{id = 62298}
-067479706533350C74797065732D7369676E6564027762087369646E6C616273026E6C00002300010000003C003F00640064017308687474702B6C407200056E617074720B7265706C6163656D656E740C74797065732D7369676E6564027762087369646E6C616273026E6C00
-type35.types-signed.wb.sidnlabs.nl.	60	IN	NAPTR	100 100 "s" "http+l@r" "" naptr.replacement.types-signed.wb.sidnlabs.nl.
-067479706533350C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002308050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C009C19EEDA585AB44AC64668D3795FE282A4794657F9BAEA0713130C74A01624E3410628501E6F896A64BE86164360A50BB1E86ACF64615C70099379F93E03440830DFC3C86E0CE1CFCCD598414D18DD8DFFA2B063E7351630F92BB37151F3128FA22D10354788493B4F06D9D926351D594C602F8906D2C5D06421D2C19BD1C90E
-type35.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	NAPTR 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. nBnu2lhatErGRmjTeV/igqR5Rlf5uuoHExMMdKAWJONBBihQHm+JamS+hhZDYKULsehqz2RhXHAJk3n5PgNECDDfw8huDOHPzNWYQU0Y3Y3/orBj5zUWMPkrs3FR8xKPoi0QNUeISTtPBtnZJjUdWUxgL4kG0sXQZCHSwZvRyQ4= ;{id = 62298}
-067479706533350C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706533360C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000001003
-type35.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type36.types-signed.wb.sidnlabs.nl. NAPTR RRSIG NSEC
-067479706533350C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00A6977F257ABD09285F999B03BCA5B6FD8B39524AC5E3851867258AA348F11A56090D130E1D69893CA623FD45E831B7A4E1FFDFA7A8B3F68BE97AAA3ADDB37D28A3CD738186771AA8148EAEC65589F66D8BE957115CE9E129E28B4D116900C9FB981747055818658917F2ED15667CB12F6CDF0EA685882E15685D32C9C7677B34
-type35.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. ppd/JXq9CShfmZsDvKW2/Ys5UkrF44UYZyWKo0jxGlYJDRMOHWmJPKYj/UXoMbek4f/fp6iz9ovpeqo63bN9KKPNc4GGdxqoFI6uxlWJ9m2L6VcRXOnhKeKLTRFpAMn7mBdHBVgYZYkX8u0VZnyxL2zfDqaFiC4VaF0yycdnezQ= ;{id = 62298}
-067479706533360C74797065732D7369676E6564027762087369646E6C616273026E6C00002400010000003C0022000A026B780C74797065732D7369676E6564027762087369646E6C616273026E6C00
-type36.types-signed.wb.sidnlabs.nl.	60	IN	KX	10 kx.types-signed.wb.sidnlabs.nl.
-067479706533360C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002408050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C002F98CBD797366929192B6056CA2DBBEBB31B18AA744508DAFC4A0A2047300BD4A4DE812F21749F87BC05B139EE9A3CB8C2DAD344DF3832939980F6871FB9E24724F3C17BEC179DB0E04EC2546562DD7A0EAEF76AC67A4B241E760E885ADD111F517BD4D9F785C67874453340F7D40CF06ED3B46E5F4E1B7990CC77FC602CDAB7
-type36.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	KX 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. L5jL15c2aSkZK2BWyi2767MbGKp0RQja/EoKIEcwC9Sk3oEvIXSfh7wFsTnumjy4wtrTRN84MpOZgPaHH7niRyTzwXvsF52w4E7CVGVi3XoOrvdqxnpLJB52Doha3REfUXvU2feFxnh0RTNA99QM8G7TtG5fTht5kMx3/GAs2rc= ;{id = 62298}
-067479706533360C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706533370C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000000803
-type36.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type37.types-signed.wb.sidnlabs.nl. KX RRSIG NSEC
-067479706533360C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0077A60055EFEBD967DB3D15CE97ABA9D555A9D17503447F93AED8BA8A8057D32F9CB163F0E230E5205706ACEA040A860FA5FF605326DC490B646CDF68D5A7D63C4C4390E30927B77F255C68017102232AA180DBF95B46E73C90A704A4B0D87FB161FAC81C0A91E4B373717DDBD8FDE520D0F2E49997AFE4C3C957E89070A40B1F
-type36.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. d6YAVe/r2WfbPRXOl6up1VWp0XUDRH+Trti6ioBX0y+csWPw4jDlIFcGrOoECoYPpf9gUybcSQtkbN9o1afWPExDkOMJJ7d/JVxoAXECIyqhgNv5W0bnPJCnBKSw2H+xYfrIHAqR5LNzcX3b2P3lINDy5JmXr+TDyVfokHCkCx8= ;{id = 62298}
-067479706533370C74797065732D7369676E6564027762087369646E6C616273026E6C00002500010000003C0055FFFEFFFFFE33115C6F2F64FF2BDE74C7D080ACE11F97ABD0CBBFBC82F3E39224B2471E1468225829FF1B11E16A2E9502E1C0A0D533E18A14D6D55F4824AA4189FAFFFD7553A36577CD2311E0BC693ACEF8A2A609A6
-type37.types-signed.wb.sidnlabs.nl.	60	IN	CERT	65534 65535 254 MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY=
-067479706533370C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002508050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C004A508E9762CF3169255799A6302E19F4BCC4CBD1888593E6F9D557869ECB15CD029B147DE33029E8DACD426A3FE4B00C09CA9669766D061B320E0421719160F75F4956498AEF2889F5BCEA220F1141434EB4C878A48F53B58820EC54573373243EEFB24F2EC762FFEB161B803375FD220213A1D79E55E480AD2631F6188E0210
-type37.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	CERT 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. SlCOl2LPMWklV5mmMC4Z9LzEy9GIhZPm+dVXhp7LFc0CmxR94zAp6NrNQmo/5LAMCcqWaXZtBhsyDgQhcZFg919JVkmK7yiJ9bzqIg8RQUNOtMh4pI9TtYgg7FRXM3MkPu+yTy7HYv/rFhuAM3X9IgITodeeVeSArSYx9hiOAhA= ;{id = 62298}
-067479706533370C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706533390C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000000403
-type37.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type39.types-signed.wb.sidnlabs.nl. CERT RRSIG NSEC
-067479706533370C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00A3F53595336329EFF2423BA7B9582BECF007F6CBBB1C04D6F3417EFC7D87F91F80A5AEA4B5D3F89991554DD51AC529C3DCACD5E87D98E25F12649D98A2A9AE9000F29E0ADFC1CAB3D17CB41D397F128F41AE7646A94678CF20C1B192B7BAF90CDEC2CE0C64503588414A61149F431438045779C247E81B9F04FDDCB2F5081D9E
-type37.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. o/U1lTNjKe/yQjunuVgr7PAH9su7HATW80F+/H2H+R+Apa6ktdP4mZFVTdUaxSnD3KzV6H2Y4l8SZJ2YoqmukADyngrfwcqz0Xy0HTl/Eo9BrnZGqUZ4zyDBsZK3uvkM3sLODGRQNYhBSmEUn0MUOARXecJH6BufBP3csvUIHZ4= ;{id = 62298}
-067479706533390C74797065732D7369676E6564027762087369646E6C616273026E6C00002700010000003C000E0C646E616D652D74617267657400
-type39.types-signed.wb.sidnlabs.nl.	60	IN	DNAME	dname-target.
-067479706533390C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF002708050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00666102AA42F2ED0C389C6A3C1780DC2A9B3949E02315AEE9FE70B1A45F331991FD2D00B0CF13A6C2534295DEA89839D8B1CC773A01471BE189FB7ACC4635BE67201CF54D58F766C3A448C3CFB50A756994A53513EEB2740AEAF4F065787563E108F8CE1EA36789C9999C6E655D90B34ACB0513DB63B8BB2FCD9AC847CAD4C46F
-type39.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	DNAME 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. ZmECqkLy7Qw4nGo8F4DcKps5SeAjFa7p/nCxpF8zGZH9LQCwzxOmwlNCld6omDnYscx3OgFHG+GJ+3rMRjW+ZyAc9U1Y92bDpEjDz7UKdWmUpTUT7rJ0Cur08GV4dWPhCPjOHqNnicmZnG5lXZCzSssFE9tjuLsvzZrIR8rUxG8= ;{id = 62298}
-067479706533390C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574797065340C74797065732D7369676E6564027762087369646E6C616273026E6C000006000000000103
-type39.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type4.types-signed.wb.sidnlabs.nl. DNAME RRSIG NSEC
-067479706533390C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0029B6CE781C9E09ED9879F8CA23953548F5188B0382935B7060A6FA8799A6F8D2F4C440E26224FEA9D4A9F2C474B2D7B555687A82B8A427067C13F69A159944B1B7CA44431D4F4371D9A589384704E353FBCBACF9BE28EF225F0CB01F342F3702C02D0FC8E83FD8460764E4EDCE28224DA033F60A7ADC84C3AC25EBC9CA286F05
-type39.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. KbbOeByeCe2YefjKI5U1SPUYiwOCk1twYKb6h5mm+NL0xEDiYiT+qdSp8sR0ste1VWh6grikJwZ8E/aaFZlEsbfKREMdT0Nx2aWJOEcE41P7y6z5vijvIl8MsB80LzcCwC0PyOg/2EYHZOTtzigiTaAz9gp63ITDrCXrycoobwU= ;{id = 62298}
-0574797065340C74797065732D7369676E6564027762087369646E6C616273026E6C00000400010000003C002B0D6D61696C666F727761726465720C74797065732D7369676E6564027762087369646E6C616273026E6C00
-type4.types-signed.wb.sidnlabs.nl.	60	IN	MF	mailforwarder.types-signed.wb.sidnlabs.nl.
-0574797065340C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000408050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00795FADE35280832C3F48D7C0151743C57D2B45A86F05B5492064FAABD8197D7DB90842B5476F690F05FBAC6D7B6D52BA31DB0A54539965EC0A1AF8E81D443E9B11CEE76175FC8ED14CBC95C9ED33FA8AA2C131CAE9321D4789EBB441897B0C0D73F3F7C6C465F18FE15E96C261704149E0ECAC8C660651D66CA224C5072D1ED4
-type4.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MF 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. eV+t41KAgyw/SNfAFRdDxX0rRahvBbVJIGT6q9gZfX25CEK1R29pDwX7rG17bVK6MdsKVFOZZewKGvjoHUQ+mxHO52F1/I7RTLyVye0z+oqiwTHK6TIdR4nrtEGJewwNc/P3xsRl8Y/hXpbCYXBBSeDsrIxmBlHWbKIkxQctHtQ= ;{id = 62298}
-0574797065340C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706534390C74797065732D7369676E6564027762087369646E6C616273026E6C000006080000000003
-type4.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type49.types-signed.wb.sidnlabs.nl. MF RRSIG NSEC
-0574797065340C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0002B8C2DE0BB2A14FE489C55937A6901CF217EB42661855B74E5C1AA4877BC29591CBB7AD99C89428F477FBDAB1D3FC5B67CC2E3EDA3C2AC13ED3CDCFD859DDDA0C24E7A75EBCE20A95FC498792C3FEF0E138274ABFD7D9DFCB242F1CD7B515F6633AF587C3E13B433395D8C1D8734BA2B9F2A61F8F5C66F7A005216A38376FB7
-type4.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. ArjC3guyoU/kicVZN6aQHPIX60JmGFW3TlwapId7wpWRy7etmciUKPR3+9qx0/xbZ8wuPto8KsE+083P2Fnd2gwk56devOIKlfxJh5LD/vDhOCdKv9fZ38skLxzXtRX2Yzr1h8PhO0MzldjB2HNLornyph+PXGb3oAUhajg3b7c= ;{id = 62298}
-067479706534390C74797065732D7369676E6564027762087369646E6C616273026E6C00003100010000003C0023000201636FC0B8271C82825BB1AC5C41CF5351AA69B4FEBD94E8F17CDB95000DA48C40
-type49.types-signed.wb.sidnlabs.nl.	60	IN	DHCID	AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=
-067479706534390C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF003108050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C004F25023648D4D5C1F548BEC27599259D4AE78398E159839091757E9516EBFE0DA527785B227C99D231A9E21AB27BD8CDEDDAD30F95DA06DCDEB31CE4C8413A2A80021205A9BC2622D326FAED444E44B6D29DF93D57AE545A34D04D687D51092BF03B753D5290D7CC34BA4897087B0FD2C6C02B2938992C85369B0508B2B8E8BB
-type49.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	DHCID 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. TyUCNkjU1cH1SL7CdZklnUrng5jhWYOQkXV+lRbr/g2lJ3hbInyZ0jGp4hqye9jN7drTD5XaBtzesxzkyEE6KoACEgWpvCYi0yb67URORLbSnfk9V65UWjTQTWh9UQkr8Dt1PVKQ18w0ukiXCHsP0sbAKyk4mSyFNpsFCLK46Ls= ;{id = 62298}
-067479706534390C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C0574797065350C74797065732D7369676E6564027762087369646E6C616273026E6C00000700000000000340
-type49.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type5.types-signed.wb.sidnlabs.nl. RRSIG NSEC DHCID
-067479706534390C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00AD4E315A771397331D8132C9573DD66F4E59A5680C452B80CAE889366FA7D3EB439F84B9AB9A11C24D96F0C673332B8AC7D88B261134C54E47E03C5E201CF27AD58A563687697B7AFA16F422DB6B05E5BF3C7544FE13DB4BAAF93B3A27E594D4E83CE0C584A73215AE8A558B1EB521B35CDA47A05FE910C9C3219CF562BBE9E5
-type49.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. rU4xWncTlzMdgTLJVz3Wb05ZpWgMRSuAyuiJNm+n0+tDn4S5q5oRwk2W8MZzMyuKx9iLJhE0xU5H4DxeIBzyetWKVjaHaXt6+hb0IttrBeW/PHVE/hPbS6r5Ozon5ZTU6DzgxYSnMhWuilWLHrUhs1zaR6Bf6RDJwyGc9WK76eU= ;{id = 62298}
-0574797065350C74797065732D7369676E6564027762087369646E6C616273026E6C00000500010000003C0021037777770C74797065732D7369676E6564027762087369646E6C616273026E6C00
-type5.types-signed.wb.sidnlabs.nl.	60	IN	CNAME	www.types-signed.wb.sidnlabs.nl.
-0574797065350C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000508050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00D27B676C96D3CA1D345CFF79B177C4C6262B5AA37857AEBC8DAA614555CABB3332562B9842FE57A97BCE737EC135EFC0D70EEF0417886DD2ED8CD02715A111E563F315D94AE27AD32CB8046A4CD9E4EC2DDCAB9D1E47F568CA5158704C5EE93B25F7A40A45B0FCC321E56A6B6F8226DEED80F34C47554EBD4728529F6B7AF25E
-type5.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	CNAME 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. 0ntnbJbTyh00XP95sXfExiYrWqN4V668japhRVXKuzMyViuYQv5XqXvOc37BNe/A1w7vBBeIbdLtjNAnFaER5WPzFdlK4nrTLLgEakzZ5Owt3KudHkf1aMpRWHBMXuk7JfekCkWw/MMh5Wprb4Im3u2A80xHVU69RyhSn2t68l4= ;{id = 62298}
-0574797065350C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706535320C74797065732D7369676E6564027762087369646E6C616273026E6C000006040000000003
-type5.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type52.types-signed.wb.sidnlabs.nl. CNAME RRSIG NSEC
-0574797065350C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00956B573C494D3D1D83EFECE600F23492D2CA44CF8E8A98115AB4E340F158D7AA727D26B79D7C2EE0E4F8DDF5A5D9F043E617CDDD4673648CDE375330B6BF396838A203B4EBA9B6B889D369EEBA1B3B8D63D635163B570AA9A39CA7F2C1BFCA8A9E38826E4E76D8179E67B9C97B5001CF32FCEA639DBCBE1010F26F8CB8D55935
-type5.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. lWtXPElNPR2D7+zmAPI0ktLKRM+OipgRWrTjQPFY16pyfSa3nXwu4OT43fWl2fBD5hfN3UZzZIzeN1Mwtr85aDiiA7Trqba4idNp7robO41j1jUWO1cKqaOcp/LBv8qKnjiCbk522BeeZ7nJe1ABzzL86mOdvL4QEPJvjLjVWTU= ;{id = 62298}
-067479706535320C74797065732D7369676E6564027762087369646E6C616273026E6C00003400010000003C004301010292003BA34942DC74152E2F2C408D29ECA5A520E7F2E06BB944F4DCA346BAF63C1B177615D466F6C4B71C216A50292BD58C9EBDD2F74E38FE51FFD48C43326CBC
-type52.types-signed.wb.sidnlabs.nl.	60	IN	TLSA	1 1 2 92003BA34942DC74152E2F2C408D29ECA5A520E7F2E06BB944F4DCA346BAF63C1B177615D466F6C4B71C216A50292BD58C9EBDD2F74E38FE51FFD48C43326CBC
-067479706535320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF003408050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C007C3A756D265A46898DC495A94D7E933F1972DD812433544BB1399008C59EB6B916931484338FD3EA05219F5AA8365265E7ACFA2B995C1917C4B85381CF5D6D1CEEACE97354A1021772A58113C6B9C538D2ED511F9C581DF0A02E7542F1213E168527F9E72201963628A9C4BE5BD1908C493B7ECE94918B740EE0D2FF4A4198BA
-type52.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TLSA 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. fDp1bSZaRomNxJWpTX6TPxly3YEkM1RLsTmQCMWetrkWkxSEM4/T6gUhn1qoNlJl56z6K5lcGRfEuFOBz11tHO6s6XNUoQIXcqWBE8a5xTjS7VEfnFgd8KAudULxIT4WhSf55yIBljYoqcS+W9GQjEk7fs6UkYt0DuDS/0pBmLo= ;{id = 62298}
-067479706535320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002D067479706535360C74797065732D7369676E6564027762087369646E6C616273026E6C00000700000000000308
-type52.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type56.types-signed.wb.sidnlabs.nl. RRSIG NSEC TLSA
-067479706535320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C006B1F8CC540B4EEB2939CEC12AE51C9A45E7DC801E1853F68D3383A6BD918ACB6556876FBB2F0CC37DAAA15AE0B785F6B137B83FCBB41A982732C93E156A708F5AB9AFAF1FFB8111B3397E0F051EA97F8D313D0ED9063DBCE557A4C6B4DBFD3133A339B5CD921BB00D1EF14443A6EB99D9D554E0696E5B631D57F727998965A00
-type52.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. ax+MxUC07rKTnOwSrlHJpF59yAHhhT9o0zg6a9kYrLZVaHb7svDMN9qqFa4LeF9rE3uD/LtBqYJzLJPhVqcI9aua+vH/uBEbM5fg8FHql/jTE9DtkGPbzlV6TGtNv9MTOjObXNkhuwDR7xREOm65nZ1VTgaW5bYx1X9yeZiWWgA= ;{id = 62298}
-067479706535360C74797065732D7369676E6564027762087369646E6C616273026E6C00003800010000003C001B1A54686973207A6F6E65206973206578706572696D656E74616C2E
-type56.types-signed.wb.sidnlabs.nl.	60	IN	TYPE56	\# 27 1A54686973207A6F6E65206973206578706572696D656E74616C2E
-067479706535360C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF003808050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00B12E7FABA91D6B5DE3551B7201515C94C61DCFB936DC679466ED2BBFAB1A295B1991F4FDEB593888EE8AC2F8F9E2D27CCFC5080E72D4C0FF8E40C020E341D0D1444EFCDC7CB1A6F6EAC0642EBEF66A261613F2EE4FD0A945AC8CF222D61C6320122C489899A2A22A47A1E2CDDBC35CB8CD6CBE6BCB50E7035257871DCA713E6B
-type56.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TYPE56 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. sS5/q6kda13jVRtyAVFclMYdz7k23GeUZu0rv6saKVsZkfT961k4iO6Kwvj54tJ8z8UIDnLUwP+OQMAg40HQ0URO/Nx8sab26sBkLr72aiYWE/LuT9CpRayM8iLWHGMgEixImJmioipHoeLN28NcuM1svmvLUOcDUleHHcpxPms= ;{id = 62298}
-067479706535360C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002E067479706535370C74797065732D7369676E6564027762087369646E6C616273026E6C0000080000000000030080
-type56.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type57.types-signed.wb.sidnlabs.nl. RRSIG NSEC TYPE56
-067479706535360C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00A048098B52D7427863BAF72B594F82610E0381575AB2657B25754F432CDD57839144DA03303329040D9E8BABC5E8DA469B975C2EB48A14B1697EA2413B8FAABAE09B98CD9101710567C719A592CD900D75ACCC497F05C6E08103CB08754EC96D85C60BD6E928CB5B06EB01103E069D71EB5F10FE4593BB0C1F83F7D9BC09634B
-type56.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. oEgJi1LXQnhjuvcrWU+CYQ4DgVdasmV7JXVPQyzdV4ORRNoDMDMpBA2ei6vF6NpGm5dcLrSKFLFpfqJBO4+quuCbmM2RAXEFZ8cZpZLNkA11rMxJfwXG4IEDywh1TslthcYL1ukoy1sG6wEQPgadcetfEP5Fk7sMH4P32bwJY0s= ;{id = 62298}
-067479706535370C74797065732D7369676E6564027762087369646E6C616273026E6C00003900010000003C00880000010803010001D7B53C9C988E7476474466CC3BA260A461FE5764BF4CE754E6307E3B0764D2E0D1A84B23E52CBE08419A29A851219AF5DE8291DDDDA1D6C76315298C562C25F75EABEAA2998163AC6F1B500D810F6B8931A835FD01BB0D3529DE31DA574435DEBFFCDBD404974B23ACB201C42EF04A5AAED3275F633E555FB5F403C8B5BC39BD
-type57.types-signed.wb.sidnlabs.nl.	60	IN	TYPE57	\# 136 0000010803010001D7B53C9C988E7476474466CC3BA260A461FE5764BF4CE754E6307E3B0764D2E0D1A84B23E52CBE08419A29A851219AF5DE8291DDDDA1D6C76315298C562C25F75EABEAA2998163AC6F1B500D810F6B8931A835FD01BB0D3529DE31DA574435DEBFFCDBD404974B23ACB201C42EF04A5AAED3275F633E555FB5F403C8B5BC39BD
-067479706535370C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF003908050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00B886C444A3B0560A1FCB3CD124567D86B6DF794FD31E0F16DEC9F8F0C6D75391319EBD94E2FF4638CF5C49BE69F24B50F01C77DEE2983FE53F294888BF0A3AC4BFA8D2F6BC38E0A4021DB76FEFC7B5FB17BC65CE8CB509AC14C3A598E5F8327B278E0733D1B09D1E03860B062EC940BFC6B8DC08B2E9285144F991E769222D4F
-type57.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TYPE57 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. uIbERKOwVgofyzzRJFZ9hrbfeU/THg8W3sn48MbXU5Exnr2U4v9GOM9cSb5p8ktQ8Bx33uKYP+U/KUiIvwo6xL+o0va8OOCkAh23b+/HtfsXvGXOjLUJrBTDpZjl+DJ7J44HM9GwnR4DhgsGLslAv8a43Aiy6ShRRPmR52kiLU8= ;{id = 62298}
-067479706535370C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002E067479706535380C74797065732D7369676E6564027762087369646E6C616273026E6C0000080000000000030040
-type57.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type58.types-signed.wb.sidnlabs.nl. RRSIG NSEC TYPE57
-067479706535370C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0010AD4D7FD5DD692E7927B4885A17E2EC5B34C8EE854A2CDAFBCE28483783AFE7A81D3EA0CEB84E23FED082F981D5F6F37BD26EF6EFC2F4C821D06E5116AA927A9D091A5FD7B44113848B8F322F6E5DF92ECFE3F197690E546F6459BA389FABC8D3C1277E07B2FADF681CDE107C07365081F59A01EB61265F264D1E2DC5503487
-type57.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. EK1Nf9XdaS55J7SIWhfi7Fs0yO6FSiza+84oSDeDr+eoHT6gzrhOI/7QgvmB1fbze9Ju9u/C9Mgh0G5RFqqSep0JGl/XtEEThIuPMi9uXfkuz+Pxl2kOVG9kWbo4n6vI08Enfgey+t9oHN4QfAc2UIH1mgHrYSZfJk0eLcVQNIc= ;{id = 62298}
-067479706535380C74797065732D7369676E6564027762087369646E6C616273026E6C00003A00010000003C0020026830076578616D706C6503636F6D00026831076578616D706C6503636F6D00
-type58.types-signed.wb.sidnlabs.nl.	60	IN	TALINK	h0.example.com. h1.example.com.
-067479706535380C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF003A08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00C9C41FB39C617477B0864A428B90B67D37DD4011DA80BBA5DD17E9D9553C408B9ADB2BC520C38E3117AEA752362084FE89BA883DFB59EA6FFA9BEB6356BB993D268AA097013D487BA041AB636DCCB23511D9BC451226DFDF7EED642CEFD1EF26BC69EBEE097AF589DFC9C963BF6962816C7C0CDF4312A38D884E6698FB6A90FD
-type58.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	TALINK 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. ycQfs5xhdHewhkpCi5C2fTfdQBHagLul3Rfp2VU8QIua2yvFIMOOMReup1I2IIT+ibqIPftZ6m/6m+tjVruZPSaKoJcBPUh7oEGrY23MsjUR2bxFEibf337tZCzv0e8mvGnr7gl69Ynfycljv2ligWx8DN9DEqONiE5mmPtqkP0= ;{id = 62298}
-067479706535380C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002E067479706535390C74797065732D7369676E6564027762087369646E6C616273026E6C0000080000000000030020
-type58.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type59.types-signed.wb.sidnlabs.nl. RRSIG NSEC TALINK
-067479706535380C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C000ED11D2F06C798CE081095580E53DB40D30033ACF692C58CB5B617E489C8B89DBCB1129A028EE1C8D74231AC812385203C062629DFE7112874A97EA2DD20031113673D5ADEB9F2643F519D3F76AEE7DA95F82E880C6F0290CE7F3759C545189DE13FA0CE9A2A5B1A252AEDD57E582111479390F7A6E5ED742950453EDD6A6A78
-type58.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. DtEdLwbHmM4IEJVYDlPbQNMAM6z2ksWMtbYX5InIuJ28sRKaAo7hyNdCMayBI4UgPAYmKd/nESh0qX6i3SADERNnPVreufJkP1GdP3au59qV+C6IDG8CkM5/N1nFRRid4T+gzpoqWxolKu3VflghEUeTkPem5e10KVBFPt1qang= ;{id = 62298}
-067479706535390C74797065732D7369676E6564027762087369646E6C616273026E6C00003B00010000003C0024FCB2080286632F83494B1D7037E72949FD6CD8689C5DAAF4DF1E5D7E6EF3BA28ECE1E3C8
-type59.types-signed.wb.sidnlabs.nl.	60	IN	CDS	64690 8 2 86632F83494B1D7037E72949FD6CD8689C5DAAF4DF1E5D7E6EF3BA28ECE1E3C8
-067479706535390C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF003B08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0073997BF33E9EECBCAAA6D07C08024AD8358CC26974167BCD432802FB68E6CD1C361539D098FCC57D43B8D104D27AAD32070BEBFC60F002E5D998B615E76580EEFB74F2E8B0E155C0D5782C9E15D89DA036B770C2ACBAD21EE3453D0070C386BD2A154EC7F6481CF69B226E2E12873DE0F753B16F7B5220CDDD13A93C9240F8E2
-type59.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	CDS 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. c5l78z6e7LyqptB8CAJK2DWMwml0FnvNQygC+2jmzRw2FTnQmPzFfUO40QTSeq0yBwvr/GDwAuXZmLYV52WA7vt08uiw4VXA1XgsnhXYnaA2t3DCrLrSHuNFPQBww4a9KhVOx/ZIHPabIm4uEoc94PdTsW97UiDN3ROpPJJA+OI= ;{id = 62298}
-067479706535390C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002D0574797065370C74797065732D7369676E6564027762087369646E6C616273026E6C0000080000000000030010
-type59.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type7.types-signed.wb.sidnlabs.nl. RRSIG NSEC CDS
-067479706535390C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C000766B940EAFF1131A7869B0754EC734F0DD15D485109FE7858BF2AD6247B913536FD5BFF72ED4769EA290BF047ED143B0FB6751FE50B5BFA4168F3EFD8C7A8C228C17AFC31C404FC6D6B5697CA7853F9B007A9109BAB891ADD3275E93CB7629097CE4B04EB2ACAF7EF9C32BD724835BCF8CB34F63A44BEC4C747347B694C1537
-type59.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. B2a5QOr/ETGnhpsHVOxzTw3RXUhRCf54WL8q1iR7kTU2/Vv/cu1HaeopC/BH7RQ7D7Z1H+ULW/pBaPPv2MeowijBevwxxAT8bWtWl8p4U/mwB6kQm6uJGt0ydek8t2KQl85LBOsqyvfvnDK9ckg1vPjLNPY6RL7Ex0c0e2lMFTc= ;{id = 62298}
-0574797065370C74797065732D7369676E6564027762087369646E6C616273026E6C00000700010000003C0025076D61696C626F780C74797065732D7369676E6564027762087369646E6C616273026E6C00
-type7.types-signed.wb.sidnlabs.nl.	60	IN	MB	mailbox.types-signed.wb.sidnlabs.nl.
-0574797065370C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000708050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C006D6E25734BABC71FC9D7DFF7DEA810243D44C7DFA721638C148C10349EE76F398B03044E6BBA971711FA32927053D2ECA63DE95D238B69A9BD1D11B588082E13832D17B0BCC7DEFAD8441845305F5BF9CF5901A26CC4F1ABB9C9DC0A7AF8E3689A56BB25E22DA082D05B17B31CBF8BCDD0CC41AF6419970F66069C25DA5E8920
-type7.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MB 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. bW4lc0urxx/J19/33qgQJD1Ex9+nIWOMFIwQNJ7nbzmLAwROa7qXFxH6MpJwU9Lspj3pXSOLaam9HRG1iAguE4MtF7C8x9762EQYRTBfW/nPWQGibMTxq7nJ3Ap6+ONomla7JeItoILQWxezHL+LzdDMQa9kGZcPZgacJdpeiSA= ;{id = 62298}
-0574797065370C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574797065380C74797065732D7369676E6564027762087369646E6C616273026E6C000006010000000003
-type7.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type8.types-signed.wb.sidnlabs.nl. MB RRSIG NSEC
-0574797065370C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C006644E43E3825D8096B3A02203151C9EDEBF0AC65D67211674A7090AB2E9F797EDB1D5790052714A0AFF039182653661A2C3ECC1E696F72016AC67818B64787D374F83E925F2FD8EC86DF65646B836B0F0084E295A755E717967AF51A10D5E97B2585A27F39FC43B0B70A0287F8BEE810F15C0DCB7B83702B00941A22C66E4A11
-type7.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. ZkTkPjgl2AlrOgIgMVHJ7evwrGXWchFnSnCQqy6feX7bHVeQBScUoK/wORgmU2YaLD7MHmlvcgFqxngYtkeH03T4PpJfL9jsht9lZGuDaw8AhOKVp1XnF5Z69RoQ1el7JYWifzn8Q7C3CgKH+L7oEPFcDct7g3ArAJQaIsZuShE= ;{id = 62298}
-0574797065380C74797065732D7369676E6564027762087369646E6C616273026E6C00000800010000003C002D0F6D61696C67726F75706D656D6265720C74797065732D7369676E6564027762087369646E6C616273026E6C00
-type8.types-signed.wb.sidnlabs.nl.	60	IN	MG	mailgroupmember.types-signed.wb.sidnlabs.nl.
-0574797065380C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000808050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0089CCDC17A2A6472F3A0C36D84D7ACAB3AC55D4B007C267A88E4F0BFBE4649FD230903953112EBFC5A92F83777E59900FA78AF846DDE357D616ECC8174E3BAEDF37962872257F4931AD86245C6875284CDF836FC004CB576A6613CC12F0513A10C664D0240FE5F4C93F5284F7E114196E1E2AEECB257A593875C1DF705665A11C
-type8.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MG 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. iczcF6KmRy86DDbYTXrKs6xV1LAHwmeojk8L++Rkn9IwkDlTES6/xakvg3d+WZAPp4r4Rt3jV9YW7MgXTjuu3zeWKHIlf0kxrYYkXGh1KEzfg2/ABMtXamYTzBLwUToQxmTQJA/l9Mk/UoT34RQZbh4q7sslelk4dcHfcFZloRw= ;{id = 62298}
-0574797065380C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B0574797065390C74797065732D7369676E6564027762087369646E6C616273026E6C000006008000000003
-type8.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type9.types-signed.wb.sidnlabs.nl. MG RRSIG NSEC
-0574797065380C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C001CAB9CF013C4620C86D2DF36CA7AF55E6BE81A93553DDA8D6A10FEA633A521522FE34BC19EE7C667C966EB94752652AB7CF121EF69B24F60CD98E162F417A4BC7243E7E04FF1C14B1D0766A27CAAA01AF43DB7AB5F362DE5FBC1FE0544936BB6AED8FF651F7EC7A71C59DB9D8485EA8E5DC42C3723C07A68C357306E8E8D8FA0
-type8.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. HKuc8BPEYgyG0t82ynr1XmvoGpNVPdqNahD+pjOlIVIv40vBnufGZ8lm65R1JlKrfPEh72myT2DNmOFi9BekvHJD5+BP8cFLHQdmonyqoBr0PberXzYt5fvB/gVEk2u2rtj/ZR9+x6ccWdudhIXqjl3ELDcjwHpow1cwbo6Nj6A= ;{id = 62298}
-0574797065390C74797065732D7369676E6564027762087369646E6C616273026E6C00000900010000003C00280A6D61696C72656E616D650C74797065732D7369676E6564027762087369646E6C616273026E6C00
-type9.types-signed.wb.sidnlabs.nl.	60	IN	MR	mailrename.types-signed.wb.sidnlabs.nl.
-0574797065390C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000908050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C007E9CCEE6E21991F8F051D27F2050626065414AD5D462C8D990E7016A74926CE24D4AE1569BFE6F75DA3DE5175020E3A0DFEF9C758847F41D79BDBA9EB42E2476F9F4AA41F113F534BC70A0989516C25AB501FDFC4ECF7F5AC27E3AD41E512EA2E60B4843CB0CB5279D7784F777F3AC64D8167568E02FEE49757432574DA3B235
-type9.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	MR 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. fpzO5uIZkfjwUdJ/IFBiYGVBStXUYsjZkOcBanSSbOJNSuFWm/5vddo95RdQIOOg3++cdYhH9B15vbqetC4kdvn0qkHxE/U0vHCgmJUWwlq1Af38Ts9/WsJ+OtQeUS6i5gtIQ8sMtSedd4T3d/OsZNgWdWjgL+5JdXQyV02jsjU= ;{id = 62298}
-0574797065390C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002C067479706539390C74797065732D7369676E6564027762087369646E6C616273026E6C000006004000000003
-type9.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	type99.types-signed.wb.sidnlabs.nl. MR RRSIG NSEC
-0574797065390C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00ACAF3441F6B2EA06B3AC5EBFD93F838F27CADDE73CE0C02BF16D4ACACB747CD6D6D9E17D5C15D0444609C98343559D66844F6511D0BDEFB7ADCB86F30BC2C5E35B6D9B40F28F8964716DF2EBC6819F9CC58B7F3CBE6F28497F0A1D55D030B986C840F5F9BA92C89CF876C8D87328D6D27BD7376FCBF3B68F834027762B9EA949
-type9.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. rK80Qfay6gazrF6/2T+DjyfK3ec84MAr8W1Kyst0fNbW2eF9XBXQREYJyYNDVZ1mhE9lEdC977ety4bzC8LF41ttm0Dyj4lkcW3y68aBn5zFi388vm8oSX8KHVXQMLmGyED1+bqSyJz4dsjYcyjW0nvXN2/L87aPg0AndiueqUk= ;{id = 62298}
-067479706539390C74797065732D7369676E6564027762087369646E6C616273026E6C00006300010000003C002625763D73706631202B6D7820613A636F6C6F2E6578616D706C652E636F6D2F3238202D616C6C
-type99.types-signed.wb.sidnlabs.nl.	60	IN	SPF	"v=spf1 +mx a:colo.example.com/28 -all"
-067479706539390C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF006308050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C007BE80F299CEF2ADE102DE7995277B387252B124C3C2B062864E427A74384AD162B5907D21B4FA92163EA9909A372DBF62AEAEE5A81FC4432D89BDE32303CC0FB0B8FC420A398FB2DA3ADCD5C2CD71C6B89508421AB50D86D68574306B7D7732CD8EAAE8FCE003F1F9F881DE102E94F265B45EBC6F75C5B293141881513000566
-type99.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	SPF 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. e+gPKZzvKt4QLeeZUnezhyUrEkw8KwYoZOQnp0OErRYrWQfSG0+pIWPqmQmjctv2KuruWoH8RDLYm94yMDzA+wuPxCCjmPsto63NXCzXHGuJUIQhq1DYbWhXQwa313Ms2Oquj84APx+fiB3hAulPJltF68b3XFspMUGIFRMABWY= ;{id = 62298}
-067479706539390C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10003003776B730C74797065732D7369676E6564027762087369646E6C616273026E6C00000D00000000000300000000000010
-type99.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	wks.types-signed.wb.sidnlabs.nl. RRSIG NSEC SPF
-067479706539390C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C000BF173CBB81D152D94323BA05F9CD0C7F20D36FDA59C122A42A7B72C24D4CA2450BB307707441233BD4E47FBA8FA3222F524978E06DCD2CA719E24B6C776B68D345424FBBE32B3FD342A4CC0233381CF2545769820A173293054D207A3E410BAA7B1D06FA9E0E85B34B1FCA90F52F1B2D13137DA51D4B8B868F8791EBF54D507
-type99.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. C/Fzy7gdFS2UMjugX5zQx/INNv2lnBIqQqe3LCTUyiRQuzB3B0QSM71OR/uo+jIi9SSXjgbc0spxniS2x3a2jTRUJPu+MrP9NCpMwCMzgc8lRXaYIKFzKTBU0gej5BC6p7HQb6ng6Fs0sfypD1LxstExN9pR1Li4aPh5Hr9U1Qc= ;{id = 62298}
-03776B730C74797065732D7369676E6564027762087369646E6C616273026E6C00000B00010000003C000A0A00000106E00005A060
-wks.types-signed.wb.sidnlabs.nl.	60	IN	WKS	10.0.0.1 tcp 0 1 2 21 23 24 26 33 34
-03776B730C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000B08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C009F701D990D4713040E9A68527D76706368EAC0979ADB9A6C07F08940E7FEB2B3B6BC977AE26804A40D087A44B1F1A8CA92D8A51EA39533B13F1EAA8D64357230A08E56B5618D266E23B7B6B8D8F79825A6B5432C984B0457704B2E4C3436FCF83173A5FA074F102483A8B75C739EA9B61A22452DF9C2F1B69475D4C635221906
-wks.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	WKS 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. n3AdmQ1HEwQOmmhSfXZwY2jqwJea25psB/CJQOf+srO2vJd64mgEpA0IekSx8ajKktilHqOVM7E/HqqNZDVyMKCOVrVhjSZuI7e2uNj3mCWmtUMsmEsEV3BLLkw0Nvz4MXOl+gdPECSDqLdcc56pthoiRS35wvG2lHXUxjUiGQY= ;{id = 62298}
-03776B730C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B05776B7330310C74797065732D7369676E6564027762087369646E6C616273026E6C000006001000000003
-wks.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	wks01.types-signed.wb.sidnlabs.nl. WKS RRSIG NSEC
-03776B730C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C004646BF2DCEA8D73FE608B97BFD19A4BA0BFDA0686AC90721B7FB0C238201D365E94D5632469A539ED5844AEB0A5D0D9C46A374E88AB19FD4619340D560A81126A3637B0116646EED03FBB7E92BB25C2792B479A06E4A16F7AD9958CD500DCF23F816074B5A532A4C7AC7EE4485BD32F92C8C672CBADB6F5625F4992D4E7808BE
-wks.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. Rka/Lc6o1z/mCLl7/Rmkugv9oGhqyQcht/sMI4IB02XpTVYyRppTntWESusKXQ2cRqN06Iqxn9Rhk0DVYKgRJqNjewEWZG7tA/u36SuyXCeStHmgbkoW962ZWM1QDc8j+BYHS1pTKkx6x+5Ehb0y+SyMZyy6229WJfSZLU54CL4= ;{id = 62298}
-05776B7330310C74797065732D7369676E6564027762087369646E6C616273026E6C00000B00010000003C000A0A00000106E00005A060
-wks01.types-signed.wb.sidnlabs.nl.	60	IN	WKS	10.0.0.1 tcp 0 1 2 21 23 24 26 33 34
-05776B7330310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000B08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0097B1D87F38DC2212100D9DB3209974803E63B1877387FD6A41140B15719B8D09577AB11AC3F60124F5F344F166D5C694F31CF6ADB92A317572A086670EDEA91FECBF31F14D950863B30586D2ADD61947E9525C9F242A5213415D75FA21EF7EB69B8DA62D381B7E8AE7260BB16E07582D0FCD7CB8A7AC57817CD124E19142536D
-wks01.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	WKS 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. l7HYfzjcIhIQDZ2zIJl0gD5jsYdzh/1qQRQLFXGbjQlXerEaw/YBJPXzRPFm1caU8xz2rbkqMXVyoIZnDt6pH+y/MfFNlQhjswWG0q3WGUfpUlyfJCpSE0Fddfoh7362m42mLTgbfornJguxbgdYLQ/NfLinrFeBfNEk4ZFCU20= ;{id = 62298}
-05776B7330310C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E10002B05776B7330320C74797065732D7369676E6564027762087369646E6C616273026E6C000006001000000003
-wks01.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	wks02.types-signed.wb.sidnlabs.nl. WKS RRSIG NSEC
-05776B7330310C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00D01001A192EE66714896D115CCFE402266CF993F711D456B71B1BAB0D097F3023E3F682FE2D44DB0A7E7790688C8A78F327F75D370B597EECE17B49F5516D438C619E76A41B62D32065D04082ADFE235D60596777B4BDC5CD0340699FD7CBC5E6321CB6B08479653C2CB6F6FD67B38CE95A3BC8A61C46DD7F5F9C4055673448E
-wks01.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. 0BABoZLuZnFIltEVzP5AImbPmT9xHUVrcbG6sNCX8wI+P2gv4tRNsKfneQaIyKePMn9103C1l+7OF7SfVRbUOMYZ52pBti0yBl0ECCrf4jXWBZZ3e0vcXNA0Bpn9fLxeYyHLawhHllPCy29v1ns4zpWjvIphxG3X9fnEBVZzRI4= ;{id = 62298}
-05776B7330320C74797065732D7369676E6564027762087369646E6C616273026E6C00000B00010000003C000C0A00000111E0000000000004
-wks02.types-signed.wb.sidnlabs.nl.	60	IN	WKS	10.0.0.1 udp 0 1 2 53
-05776B7330320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000B08050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C003FEA7581C41B3B823FB01414664B6BCF8435A2C58814814694AF28F92CC85CC8F199D372DFABE3C16E927F2F7B0B271B2D114843682B3EFFDC3DA5EDA0C6FEBAC1C2A03B65E6C4AF2D32459A0F61A50FB19B5D86BEE9D9BC06001B1F5F66273E42F2DA85283E723A97D4CD2847D07AF20731F9DB8C74BCDAC2551C22A5FC8260
-wks02.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	WKS 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. P+p1gcQbO4I/sBQUZktrz4Q1osWIFIFGlK8o+SzIXMjxmdNy36vjwW6Sfy97CycbLRFIQ2grPv/cPaXtoMb+usHCoDtl5sSvLTJFmg9hpQ+xm12GvunZvAYAGx9fZic+QvLahSg+cjqX1M0oR9B68gcx+duMdLzawlUcIqX8gmA= ;{id = 62298}
-05776B7330320C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100029037777770C74797065732D7369676E6564027762087369646E6C616273026E6C000006001000000003
-wks02.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	www.types-signed.wb.sidnlabs.nl. WKS RRSIG NSEC
-05776B7330320C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0013435E4DDC01BDFA2E234BEFD5FA26F48BEF8A8F67BC064C0A8B0A2E748BF2D57A9D5E0720E071F0699E5EC72DC8B4A6FC074006D29EE4B9767A66E5A632C7B8022D3B654220D5DF19E6E8743CDFE7163651B0138697F01B1E695C1AFD77E0D75B11C97A3E546FD78E5B3B60C41D64D86D6EF80C69404058F32C220E8A7BCF89
-wks02.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. E0NeTdwBvfouI0vv1fom9Ivvio9nvAZMCosKLnSL8tV6nV4HIOBx8GmeXsctyLSm/AdABtKe5Ll2emblpjLHuAItO2VCINXfGebodDzf5xY2UbAThpfwGx5pXBr9d+DXWxHJej5Ub9eOWztgxB1k2G1u+AxpQEBY8ywiDop7z4k= ;{id = 62298}
-037777770C74797065732D7369676E6564027762087369646E6C616273026E6C00000100010000003C0004D5881FDD
-www.types-signed.wb.sidnlabs.nl.	60	IN	A	213.136.31.221
-037777770C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF000108050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C00B0FE97F5148BEB30C9EFAD9664B82CDB01B77C39263DA72CD1E4F9AA08C76410714D992FA29E5F00FB5A2AAD78B4FFA97CDD7EA5AD668EB58FA4EC2EBDCA42DB949AF31EB82127E6FA983C4510E61253363603AEEDAE23C6D38ECE301C412E45A5FE333C76E8DA3113A1C4DCBFB5CE1A29EA7B7DD2C409738ADDB27E464D9099
-www.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	A 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. sP6X9RSL6zDJ762WZLgs2wG3fDkmPacs0eT5qgjHZBBxTZkvop5fAPtaKq14tP+pfN1+pa1mjrWPpOwuvcpC25Sa8x64ISfm+pg8RRDmElM2NgOu7a4jxtOOzjAcQS5Fpf4zPHbo2jETocTcv7XOGinqe33SxAlzit2yfkZNkJk= ;{id = 62298}
-037777770C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E100029037832350C74797065732D7369676E6564027762087369646E6C616273026E6C000006400000000003
-www.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	x25.types-signed.wb.sidnlabs.nl. A RRSIG NSEC
-037777770C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C008F694DB17EE6C657534A6C274D0A13E9A2B3636429CD1AA347D691052A63554FC59D3F33735FE7CFDCB7FA1EADAEF6F80666EC49FB6710C24A430B5C88D18EE4A35C0DAC9924D43BE1F88463077D084BF01184189D44435131CEB19FECDBBB767DBE72E3E6C8FBD8544CC89D5ACCF7B181FFDE1E37AB23FCADDE9DBF7BFF11C2
-www.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. j2lNsX7mxldTSmwnTQoT6aKzY2QpzRqjR9aRBSpjVU/FnT8zc1/nz9y3+h6trvb4BmbsSftnEMJKQwtciNGO5KNcDayZJNQ74fiEYwd9CEvwEYQYnURDUTHOsZ/s27t2fb5y4+bI+9hUTMidWsz3sYH/3h43qyP8rd6dv3v/EcI= ;{id = 62298}
-037832350C74797065732D7369676E6564027762087369646E6C616273026E6C00001300010000003C000B0A33303333303333303333
-x25.types-signed.wb.sidnlabs.nl.	60	IN	X25	"3033033033"
-037832350C74797065732D7369676E6564027762087369646E6C616273026E6C00002E00010000003C00AF001308050000003C52EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C007D8AA21CF0CA444990DBC72FDA49854BA90FE2765837BFA166C8E4A10F7CDD54866CFF3398F01F3E77D5B2EC19CFE2C79D47CB41C099ACBCCAD8AE2B0811ECB8A6D22E46706106BD54B7795373D8F4AAE3F528FED800ADC46D8A5F6F3944B9D1E99572C801CAF76B9DA947C9514E4BA113AEBB3DFB4DE44C63F0EF4A9CFFBA29
-x25.types-signed.wb.sidnlabs.nl.	60	IN	RRSIG	X25 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. fYqiHPDKREmQ28cv2kmFS6kP4nZYN7+hZsjkoQ983VSGbP8zmPAfPnfVsuwZz+LHnUfLQcCZrLzK2K4rCBHsuKbSLkZwYQa9VLd5U3PY9Krj9Sj+2ACtxG2KX285RLnR6ZVyyAHK92udqUfJUU5LoROuuz37TeRMY/DvSpz/uik= ;{id = 62298}
-037832350C74797065732D7369676E6564027762087369646E6C616273026E6C00002F000100000E1000250C74797065732D7369676E6564027762087369646E6C616273026E6C000006000010000003
-x25.types-signed.wb.sidnlabs.nl.	3600	IN	NSEC	types-signed.wb.sidnlabs.nl. X25 RRSIG NSEC
-037832350C74797065732D7369676E6564027762087369646E6C616273026E6C00002E000100000E1000AF002F080500000E1052EC3900524963DCF35A0C74797065732D7369676E6564027762087369646E6C616273026E6C0002A2DE7B343205D8D75C47B9BCDB52CCEACE3D02CABE5DE3005E95DE1205B5976C6C0131AE32D75EBC5EA11DFBB4FC6D3AA17DE7F1ED5D815A0E6B9542D9447620E8CC81CD0AD052DCAB55AC8565774D152DDDF140B35A93B5FD5A1318348979709E6074B15573FB5529C2F672B683C9732C8D70C0D28D8DC67A5565AB643FB7
-x25.types-signed.wb.sidnlabs.nl.	3600	IN	RRSIG	NSEC 8 5 3600 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. AqLeezQyBdjXXEe5vNtSzOrOPQLKvl3jAF6V3hIFtZdsbAExrjLXXrxeoR37tPxtOqF95/HtXYFaDmuVQtlEdiDozIHNCtBS3KtVrIVld00VLd3xQLNak7X9WhMYNIl5cJ5gdLFVc/tVKcL2craDyXMsjXDA0o2NxnpVZatkP7c= ;{id = 62298}
diff --git a/contrib/unbound/testdata/test_ldnsrr.c4 b/contrib/unbound/testdata/test_ldnsrr.c4
deleted file mode 100644
index 93e7617f6a80..000000000000
--- a/contrib/unbound/testdata/test_ldnsrr.c4
+++ /dev/null
@@ -1,84 +0,0 @@
-000006000100000E100030036E7331000A706F73746D617374657203616C6C027272036F7267000000000100000E10000002580001518000000E10
-.	3600	IN	SOA	ns1. postmaster.all.rr.org. 1 3600 600 86400 3600
-036E733103616C6C027272036F7267000001000100000E1000040A010034
-ns1.all.rr.org.	3600	IN	A	10.1.0.52
-03616C6C027272036F7267000002000100000E100011036E7331076578616D706C6503636F6D00
-all.rr.org.	3600	IN	NS	ns1.example.com.
-03666F6F03616C6C027272036F7267000005000100000E100010036E733103616C6C027272036F726700
-foo.all.rr.org.	3600	IN	CNAME	ns1.all.rr.org.
-03616C6C027272036F7267000007000100000E1000180A6D622D6D61646E616D65076578616D706C6503636F6D00
-all.rr.org.	3600	IN	MB	mb-madname.example.com.
-03616C6C027272036F7267000008000100000E1000180A6D672D6D676D6E616D65076578616D706C6503636F6D00
-all.rr.org.	3600	IN	MG	mg-mgmname.example.com.
-03616C6C027272036F7267000009000100000E1000180A6D722D6E65776E616D65076578616D706C6503636F6D00
-all.rr.org.	3600	IN	MR	mr-newname.example.com.
-0362617203616C6C027272036F726700000C000100000E100010036E733103616C6C027272036F726700
-bar.all.rr.org.	3600	IN	PTR	ns1.all.rr.org.
-03616C6C027272036F726700000D000100000E10000E0853554E342F31313004554E4958
-all.rr.org.	3600	IN	HINFO	"SUN4/110" "UNIX"
-0668656C69756D00000D000100000E1000301C53687574746C652D53543631473420496E74656C2050495633303030124672656542534420372E302D535441424C45
-helium.	3600	IN	HINFO	"Shuttle-ST61G4 Intel PIV3000" "FreeBSD 7.0-STABLE"
-03616C6C027272036F726700000E000100000E1000360D6D696E666F2D726D61696C6278076578616D706C6503636F6D000D6D696E666F2D656D61696C6278076578616D706C6503636F6D00
-all.rr.org.	3600	IN	MINFO	minfo-rmailbx.example.com. minfo-emailbx.example.com.
-03616C6C027272036F726700000F000100000E100015000A0656454E45524103616C6C027272036F726700
-all.rr.org.	3600	IN	MX	10 VENERA.all.rr.org.
-0873656C6563746F720A5F646F6D61696E6B657903616C6C027272036F7267000010000100000E1000CFCE763D444B494D313B206E3D5573653D3230444B494D3B20703D41774541415A66625977385366665A77736272434C62432B4A4C45725245494636596665396171736131507A3674704757694C786D3972534C362F596F42764E50335557583931594446304A4D6F366C68753355495A6A49547649774468782B524A596B6F39764C7A61614A4B58476633796779367A2B6465576F5A4A4156316C5459304C74783967656E626F65383843534348773961534C6B68306F624E39436B3852367A414D5952313963694D2F3B20743D73
-selector._domainkey.all.rr.org.	3600	IN	TXT	"v=DKIM1; n=Use=20DKIM; p=AwEAAZfbYw8SffZwsbrCLbC+JLErREIF6Yfe9aqsa1Pz6tpGWiLxm9rSL6/YoBvNP3UWX91YDF0JMo6lhu3UIZjITvIwDhx+RJYko9vLzaaJKXGf3ygy6z+deWoZJAV1lTY0Ltx9genboe88CSCHw9aSLkh0obN9Ck8R6zAMYR19ciM/; t=s"
-03616C6C027272036F7267000011000100000E10002E0772702D6D626F78076578616D706C6503636F6D000B72702D747874646E616D65076578616D706C6503636F6D00
-all.rr.org.	3600	IN	RP	rp-mbox.example.com. rp-txtdname.example.com.
-03616C6C027272036F7267000012000100000E10001E00010E61667364622D686F73746E616D65076578616D706C6503636F6D00
-all.rr.org.	3600	IN	AFSDB	1 afsdb-hostname.example.com.
-03616C6C027272036F7267000013000100000E10000D0C333131303631373030393536
-all.rr.org.	3600	IN	X25	"311061700956"
-03616C6C027272036F7267000014000100000E1000140F31353038363230323830303332313703303034
-all.rr.org.	3600	IN	ISDN	"150862028003217" "004"
-03616C6C027272036F7267000015000100000E100011000A034E4554055072696D6503434F4D00
-all.rr.org.	3600	IN	RT	10 NET.Prime.COM.
-03616C6C027272036F7267000016000100000E10001447000580005A0000000001E133FFFFFF00016100
-all.rr.org.	3600	IN	NSAP	0x47000580005A0000000001E133FFFFFF00016100
-03616C6C027272036F726700001A000100000E100025000A046E657432026974000950524D442D6E6574320941444D442D7034303004432D697400
-all.rr.org.	3600	IN	PX	10 net2.it. PRMD-net2.ADMD-p400.C-it.
-03616C6C027272036F726700001C000100000E10001020010DB8000000000000000000000003
-all.rr.org.	3600	IN	AAAA	2001:db8::3
-03616C6C027272036F726700001D000100000E1000100033161389172FC470BE14C400988D20
-all.rr.org.	3600	IN	LOC	42 21 54.500 N 71 06 18.300 W -24m 30m 10000m 10m
-03616C6C027272036F726700001D000100000E100010003316138903210070BE14C400988D20
-all.rr.org.	3600	IN	LOC	42 00 00.000 N 71 06 18.300 W -24m 30m 10000m 10m
-055F68747470045F74637003616C6C027272036F7267000021000100000E100017000000050050036E7331076578616D706C6503636F6D00
-_http._tcp.all.rr.org.	3600	IN	SRV	0 5 80 ns1.example.com.
-0561746D6130000022000100000E1000150039246F000E7C9C03120001000100001234567800
-atma0.	3600	IN	ATMA	39246F000E7C9C03120001000100001234567800
-0561746D6131000022000100000E10000C013139303835353531323132
-atma1.	3600	IN	ATMA	+19085551212
-03616C6C027272036F7267000023000100000E1000290064000A000021215E75726E3A6369643A2E2B40285B5E5C2E5D2B5C2E29282E2A2924215C32216900
-all.rr.org.	3600	IN	NAPTR	100 10 "" "" "!^urn:cid:.+@([^\\.]+\\.)(.*)$!\\2!i" .
-03616C6C027272036F7267000024000100000E100013000203727431076578616D706C6503636F6D00
-all.rr.org.	3600	IN	KX	2 rt1.example.com.
-03616C6C027272036F7267000025000100000E10001A0006000000145B00C96D5D54AEE1206BAF84DE7AAF6E94C09C7F
-all.rr.org.	3600	IN	CERT	IPGP 0 0 FFsAyW1dVK7hIGuvhN56r26UwJx/
-0766726F626F7A7A03616C6C027272036F7267000027000100000E10001F1066726F626F7A7A2D6469766973696F6E0461636D65076578616D706C6500
-frobozz.all.rr.org.	3600	IN	DNAME	frobozz-division.acme.example.
-0373756203616C6C027272036F726700002B000100000E10001830390301123456789ABCDEF67890123456789ABCDEF67890
-sub.all.rr.org.	3600	IN	DS	12345 3 1 123456789ABCDEF67890123456789ABCDEF67890
-03616C6C027272036F726700002C000100000E1000160201123456789ABCDEF67890123456789ABCDEF67890
-all.rr.org.	3600	IN	SSHFP	2 1 123456789ABCDEF67890123456789ABCDEF67890
-03616C6C027272036F726700002D000100000E1000290A0102C0000226010351537986ED35533B6064478EEEB27B5BD74DAE149B6E81BA3A0521AF82AB7801
-all.rr.org.	3600	IN	IPSECKEY	10 1 2 192.0.2.38 AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
-03616C6C027272036F726700002E000100000E10009F00010503000151803E7C9DD73E5510D70A52076578616D706C6503636F6D00A090755BA58D1AFFA576F4375831B4310920E481218D18A9F164EB3D81AFD3B875D3C75428631E0CF2A28D50875F70C329D7DBFAFEA807DC1FBA1DC34C95D401F23F334CE63BFCF3F1B5B44739E5F0EDED18D6B33F040A911376D173D757A9F0C1FA1798941BB0B36B2DF9062790FA7F0166F2737EEA907378341FB12DC0A77A
-all.rr.org.	3600	IN	RRSIG	A 5 3 86400 20030322173103 20030220173103 2642 example.com. oJB1W6WNGv+ldvQ3WDG0MQkg5IEhjRip8WTrPYGv07h108dUKGMeDPKijVCHX3DDKdfb+v6oB9wfuh3DTJXUAfI/M0zmO/zz8bW0Rznl8O3tGNazPwQKkRN20XPXV6nwwfoXmJQbsLNrLfkGJ5D6fwFm8nN+6pBzeDQfsS3Ap3o= ;{id = 2642}
-03616C6C027272036F726700002F000100000E10001A04686F7374076578616D706C6503636F6D000006400100000003
-all.rr.org.	3600	IN	NSEC	host.example.com. A MX RRSIG NSEC
-03616C6C027272036F7267000030000100000E100086010003050103D22A6CA77F35B893206FD35E4C506D8378843709B97E041647E1BFF43D8D64C649AF1E371973C9E891FCE3DF519A8C840A63EE42A6D2EBDDBB97035D215AA4E417B1FA45FA11A9741EA2098C1DFA5FB5FEB332FD4BC8152089AEF36BA644CCE2413B3B72BE18CBEF8DA253F4E93D2103866D9234A2E28DF529A67D5468DBEFE3
-all.rr.org.	3600	IN	DNSKEY	256 3 5 AQPSKmynfzW4kyBv015MUG2DeIQ3Cbl+BBZH4b/0PY1kxkmvHjcZc8nokfzj31GajIQKY+5CptLr3buXA10hWqTkF7H6RfoRqXQeogmMHfpftf6zMv1LyBUgia7za6ZEzOJBOztyvhjL742iU/TpPSEDhm2SNKLijfUppn1UaNvv4w== ;{id = 2642 (zsk), size = 1024b}
-03616C6C027272036F7267000031000100000E100023000201636FC0B8271C82825BB1AC5C41CF5351AA69B4FEBD94E8F17CDB95000DA48C40
-all.rr.org.	3600	IN	DHCID	AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=
-20656531396B6C33363331716F6C3634366B6A6A7268366C68393670647571696903616C6C027272036F7267000032000100000E10002A01000005086467B16F6F36BA4D1408E895A1BF2A28CB891EE0DEC0574A3026E537200006400000000002
-ee19kl3631qol646kjjrh6lh96pduqii.all.rr.org.	3600	IN	NSEC3	1 0 5 6467B16F6F36BA4D 13k9b8dv58kcn28us3fc0lqa60jeadp0 A RRSIG
-03616C6C027272036F7267000033000100000E10000D01000005086467B16F6F36BA4D
-all.rr.org.	3600	IN	NSEC3PARAM	1 0 5 6467B16F6F36BA4D
-03616C6C027272036F7267000037000100000E1000A910020084200100107B1A74DF365639CC39F1D57803010001B771CA136E4AEB5CE44333C53B3D2C13C22243851FC708BCCE29F7E2EB5787B5F56CCAD34F8223ACC10904DDB56B2EC4A6D6232F3B50EA094F0914B3B941BBE529AF582C36BBADEFDAF2ADAF9B4911906F5B2522603C615272B880EC8FB930CC6EE39C444DAA75B1678F005A4B2499D1DA5433F805C7A5AD3237ACC5DD5C5E4303727673076578616D706C6503636F6D00
-all.rr.org.	3600	IN	HIP	2 200100107B1A74DF365639CC39F1D578 AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D rvs.example.com.
-03616C6C027272036F7267000063000100000E10002625763D73706631202B6D7820613A636F6C6F2E6578616D706C652E636F6D2F3238202D616C6C
-all.rr.org.	3600	IN	SPF	"v=spf1 +mx a:colo.example.com/28 -all"
-03616C6C027272036F7267008001000100000E10001830390301123456789ABCDEF67890123456789ABCDEF67890
-all.rr.org.	3600	IN	DLV	12345 3 1 123456789ABCDEF67890123456789ABCDEF67890
diff --git a/contrib/unbound/testdata/test_ldnsrr.c5 b/contrib/unbound/testdata/test_ldnsrr.c5
deleted file mode 100644
index 72d7b69d62bc..000000000000
--- a/contrib/unbound/testdata/test_ldnsrr.c5
+++ /dev/null
@@ -1,220 +0,0 @@
-000006000100000E10003908656C656B74726F6E0561746F6F6D036E657400056D69656B670561746F6F6D036E6574007755EFFC0000546000001C2000093A8000000E10
-.	3600	IN	SOA	elektron.atoom.net. miekg.atoom.net. 2002120700 21600 7200 604800 3600
-000001000100000E100004C0A80102
-.	3600	IN	A	192.168.1.2
-000002000100000E10001408656C656B74726F6E0561746F6F6D036E657400
-.	3600	IN	NS	elektron.atoom.net.
-000003000100000E10000E026D640561746F6F6D036E657400
-.	3600	IN	MD	md.atoom.net.
-000004000100000E10000E026D660561746F6F6D036E657400
-.	3600	IN	MF	mf.atoom.net.
-000007000100000E10000E026D620561746F6F6D036E657400
-.	3600	IN	MB	mb.atoom.net.
-000008000100000E10000E026D670561746F6F6D036E657400
-.	3600	IN	MG	mg.atoom.net.
-000009000100000E10000E026D720561746F6F6D036E657400
-.	3600	IN	MR	mr.atoom.net.
-00000B000100000E100015C0A801020600000240000004000000000000000010
-.	3600	IN	WKS	192.168.1.2 tcp 22 25 53 123
-00000B000100000E10000CC0A801021100000000000004
-.	3600	IN	WKS	192.168.1.2 udp 53
-00000C000100000E10000F037074720561746F6F6D036E657400
-.	3600	IN	PTR	ptr.atoom.net.
-00000D000100000E10000A04686F737404696E666F
-.	3600	IN	HINFO	"host" "info"
-00000E000100000E100023076D616368696E650561746F6F6D036E65740004696E666F0561746F6F6D036E657400
-.	3600	IN	MINFO	machine.atoom.net. info.atoom.net.
-00000F000100000E100016000A08656C656B74726F6E0561746F6F6D036E657400
-.	3600	IN	MX	10 elektron.atoom.net.
-000010000100000E10001B1A74657874206465736372697074696F6E206F6620646F6D61696E
-.	3600	IN	TXT	"text description of domain"
-000011000100000E100016056D69656B670561746F6F6D036E657400036E657400
-.	3600	IN	RP	miekg.atoom.net. net.
-000012000100000E10000D000C0561746F6F6D036E657400
-.	3600	IN	AFSDB	12 atoom.net.
-000013000100000E10001B1A783235206164647265737320696E207465787420666F726D6174
-.	3600	IN	X25	"x25 address in text format"
-000014000100000E10000D0C6973646E2061646472657373
-.	3600	IN	ISDN	"isdn address"
-000014000100000E1000180C6973646E20616464726573730A73756261646472657373
-.	3600	IN	ISDN	"isdn address" "subaddress"
-000015000100000E10000B00000772742D686F737400
-.	3600	IN	RT	0 rt-host.
-000016000100000E10001447000580005A0000000001E133FFFFFF00016100
-.	3600	IN	NSAP	0x47000580005A0000000001E133FFFFFF00016100
-00001A000100000E1000130002066D617038323200076D61707834303000
-.	3600	IN	PX	2 map822. mapx400.
-000023000100000E1000280064000A0000202F75726E3A6369643A2E2B40285B5E5C2E5D2B5C2E29282E2A29242F5C322F6900
-.	3600	IN	NAPTR	100 10 "" "" "/urn:cid:.+@([^\\.]+\\.)(.*)$/\\2/i" .
-000023000100000E10002F00640032017310687474702B49324C2B4932432B49325200055F68747470045F746370066761746563680365647500
-.	3600	IN	NAPTR	100 50 "s" "http+I2L+I2C+I2R" "" _http._tcp.gatech.edu.
-000024000100000E10000B000A076B782D686F737400
-.	3600	IN	KX	10 kx-host.
-000025000100000E1001070001FFFF010103A9A6442F1653C52E25997343575F9FD0638E23A61BF7BDF5F476C7073664E136D7F1D135207C16F56102895FA30DAF3BBFBEFB55DF1A4B70227EB483FC0030E231A5184F91A1EA49A7DB657B1601CF9421D127E01CB9D41B798830D4A0984BD0F8EA812F051F264381C54C491D5A0F8F113013424EFB3F50A699445DA20726CD9A9921EAFE540B3ABAEB08771AE659E3FC8F669846FA33763BE0CE61D749A6C30F1AE7B886E72F8AF8A80A1CE90F430326D803B61AE7682D1F4E9D14E91A42BD5DBC7BB5889112D7A1F448BFCE961B0E56B6663354457300C65DC9F188A6784DDB4579743FE9537725E80B479B761722B3A0A61BE2496975933C255B95B5CFE7
-.	3600	IN	CERT	PKIX 65535 1 AQOppkQvFlPFLiWZc0NXX5/QY44jphv3vfX0dscHNmThNtfx0TUgfBb1YQKJX6MNrzu/vvtV3xpLcCJ+tIP8ADDiMaUYT5Gh6kmn22V7FgHPlCHRJ+AcudQbeYgw1KCYS9D46oEvBR8mQ4HFTEkdWg+PETATQk77P1CmmURdogcmzZqZIer+VAs6uusIdxrmWeP8j2aYRvozdjvgzmHXSabDDxrnuIbnL4r4qAoc6Q9DAybYA7Ya52gtH06dFOkaQr1dvHu1iJES16H0SL/OlhsOVrZmM1RFcwDGXcnxiKZ4TdtFeXQ/6VN3JegLR5t2FyKzoKYb4klpdZM8JVuVtc/n
-00002A000100000E100000
-.	3600	IN	APL	
-00002A000100000E10000E00011503C0A82000011C83C0A826
-.	3600	IN	APL	1:192.168.32.0/21 !1:192.168.38.0/28
-00002A000100000E10001700011A03C0A82A00011A04C0A82A4000011904C0A82A80
-.	3600	IN	APL	1:192.168.42.0/26 1:192.168.42.64/26 1:192.168.42.128/25
-00002A000100000E10000F000120047F00000100011603AC1040
-.	3600	IN	APL	1:127.0.0.1/32 1:172.16.64.0/22
-00002A000100000E10000A00010401E000020801FF
-.	3600	IN	APL	1:224.0.0.0/4 2:ff00:0000:0000:0000:0000:0000:0000:0000/8
-00001D000100000E1000100033161389172DD070BE15F000988D20
-.	3600	IN	LOC	42 21 54.000 N 71 06 18.000 W -24m 30m 10000m 10m
-00001D000100000E100010001224138917069070BF2DD800988CEE
-.	3600	IN	LOC	42 21 43.952 N 71 05 06.344 W -24.50m 1m 200m 10m
-00001D000100000E100010001216138B3556C88008165000989A89
-.	3600	IN	LOC	52 14 05.000 N 00 08 50.000 E 10.33m 1m 10000m 10m
-00001D000100000E10001000121613791B7D2898E64C4F00989A68
-.	3600	IN	LOC	32 07 19.000 S 116 02 25.999 E 10m 1m 10000m 10m
-00001D000100000E100010002516138916CB3C70C310DF009884ED
-.	3600	IN	LOC	42 21 28.764 N 71 00 51.617 W -44.99m 2000m 10000m 10m
-0C646F747465642E6C6162656C00000F000100000E100008000A0422666F6F00
-dotted\.label.	3600	IN	MX	10 "foo.
-036C6F77036C6F77036C6F77000027000100000E1000090772742D686F737400
-low.low.low.	3600	IN	DNAME	rt-host.
-057265646972000005000100000E10001005636E616D6504746F6F6D036E657400
-redir.	3600	IN	CNAME	cname.toom.net.
-0C686967686269742DC8D2C961000001000100000E1000047F000001
-highbit-\200\210\201a.	3600	IN	A	127.0.0.1
-0772742D686F7374000001000100000E1000047F000001
-rt-host.	3600	IN	A	127.0.0.1
-00001C000100000E10001000000000000000000000000000000001
-.	3600	IN	AAAA	::1
-000013000100000E10001B1A783235206164647265737320696E207465787420666F726D6174
-.	3600	IN	X25	"x25 address in text format"
-000014000100000E10000D0C6973646E2061646472657373
-.	3600	IN	ISDN	"isdn address"
-076B782D686F7374000001000100000E1000047F000001
-kx-host.	3600	IN	A	127.0.0.1
-076B782D686F737400001C000100000E10001000000000000000000000000000000001
-kx-host.	3600	IN	AAAA	::1
-000013000100000E10001B1A783235206164647265737320696E207465787420666F726D6174
-.	3600	IN	X25	"x25 address in text format"
-08707265762D6E7874000001000100000E1000047F000001
-prev-nxt.	3600	IN	A	127.0.0.1
-00001C000100000E10001000000000000000000000000000000001
-.	3600	IN	AAAA	::1
-00002F000100000E1000120A6269676765722D6E78740000044000000A
-.	3600	IN	NSEC	bigger-nxt. A AAAA NXT
-000010000100000E10C3901B4C6F72656D20697073756D20646F6C6F722073697420616D65742C1C636F6E73656374657475722061646970697363696E6720656C69742E24566573746962756C756D20666175636962757320636F6E73657175617420697073756D2C2776656C2070656C6C656E746573717565206F72636920736F64616C65732073697420616D65742E12446F6E656320636F6E73656374657475722C186F726369207574207661726975732070756C76696E61722C196D617572697320616E746520626962656E64756D206573742C2476656C207072657469756D20747572706973206D6173736120617563746F722073656D2E3D43756D20736F63696973206E61746F7175652070656E617469627573206574206D61676E6973206469732070617274757269656E74206D6F6E7465732C176E61736365747572207269646963756C7573206D75732E124D6F7262692075726E612074656C6C75732C1A6F726E617265206E656320616363756D73616E2076697461652C1172757472756D20696420746F72746F722E3250656C6C656E746573717565206E6F6E207269737573206575206C696265726F2074656D70757320636F6E7365717561742E1653757370656E64697373652061206D6920656C69742E2C53656420756C74726963657320656C69742075742073656D207375736369706974206D616C6573756164612E3043726173207361676974746973206E756E632073656420726973757320766F6C7574706174206665726D656E74756D2E1941656E65616E207669746165206D61676E61206C616375732E16457469616D206575206C6967756C612070757275732E2F53757370656E64697373652065752064756920736564206C6967756C6120736167697474697320696163756C69732E1C53757370656E646973736520757420736F64616C6573206F7263692E1B4E756E632073697420616D65742073617069656E206A7573746F2E30536564206D6F6C6573746965206C65637475732076656C206C6563747573206772617669646120626962656E64756D2E28496E20617420656E696D2071756973206C61637573207072657469756D2074696E636964756E742E0D53656420656C656966656E642C1B6C616375732073656420706F72747469746F72206D61747469732C1A65726174206E6962682074696E636964756E74206C6F72656D2C1E717569732066657567696174206E6962682064756920616320657261742E1A43757261626974757220717569732066656C69732075726E612E0F4E756C6C616D2072686F6E6375732C1B61726375207365642074696E636964756E7420706F73756572652C1B6A7573746F20656E696D2061646970697363696E6720617263752C2265742073757363697069742074656C6C7573206C656F20766974616520656C69742E444D61757269732067726176696461206F64696F206E6F6E207175616D2074696E636964756E742076656C206C6F626F72746973206C6967756C612066617563696275732E394D617572697320766974616520646F6C6F7220617420746F72746F7220636F6E67756520696D70657264696574206E6F6E206964206C656F2E3550726F696E20696E206469616D206575206F726369206C616F7265657420626962656E64756D20736564206E6563206A7573746F2E2C496E206E6563206C6967756C612065752073617069656E20737573636970697420766573746962756C756D2E0F457469616D20656C656966656E642C1C6E6962682076697461652073656D70657220756C747269636965732C186A7573746F2065726F732073656D706572206A7573746F2C22656765742064696374756D206E697369206D6175726973206574206C6967756C612E1C446F6E656320666175636962757320646170696275732075726E612C21696E20756C74726963696573206C6163757320666163696C69736973206E65632E3450656C6C656E746573717565206461706962757320617567756520696E2073656D20706861726574726120616363756D73616E2E17557420696420756C6C616D636F7270657220656C69742E14416C697175616D2074656C6C7573206F7263692C1F6C6F626F72746973206E6563206D6F6C65737469652073697420616D65742C15696D706572646965742071756973206C616375732E195072616573656E74206E6F6E20636F6E677565206E756E632E1D51756973717565207072657469756D207072657469756D206E756E632C1F6E656320636F6E76616C6C6973206D61676E6120617563746F72206E65632E48457469616D20616363756D73616E2065726F7320736F6C6C696369747564696E20617567756520706F7375657265206C616F726565742069642073697420616D6574206F7263692E19437572616269747572207574206D61676E612076656C69742C1269642061646970697363696E67206475692E224D6F72626920766976657272612076756C7075746174652076756C7075746174652E4550726F696E2070756C76696E6172206A7573746F2073656420746F72746F722074696E636964756E7420696420706F72747469746F7220697073756D20706F73756572652E14437572616269747572206175677565206C656F2C1E756C7472696365732065676574206375727375732073697420616D65742C136672696E67696C6C61206E6F6E206E69736C2E124D6F72626920657420616E7465206573742C126E6F6E2061646970697363696E67206D692E1E55742072757472756D2065676573746173207363656C657269737175652E1C50656C6C656E7465737175652071756973206E697369206F7263692E21496E206861632068616269746173736520706C617465612064696374756D73742E1B446F6E6563207365642074696E636964756E74206C696265726F2E1F50726F696E20706F72747469746F7220706C6163657261742072697375732C206E656320626C616E6469742073617069656E207068617265747261206E65632E4150686173656C6C75732065752072697375732071756973206D617572697320737573636970697420736F6C6C696369747564696E207574206575206E657175652E1044756973206F64696F206C616375732C1F6567657374617320696E206D6F6C65737469652061646970697363696E672C1276756C7075746174652075742065726F732E454E756E63206D6F6C6573746965206F7263692073656420747572706973207669766572726120766F6C757470617420616C6971756574206D6920766573746962756C756D2E2B53656420696E74657264756D20636F6E7365637465747572206F72636920617420636F6E7365717561742E22437572616269747572206D6F6C657374696520616C697175616D2074656C6C75732C1C6964206469676E697373696D206E69626820706F727461207365642E374372617320766573746962756C756D206F7263692068656E647265726974207175616D206F726E61726520636F6E64696D656E74756D2E48566976616D757320756C747269636573206C61637573207574206C6F72656D207363656C657269737175652076697461652073656D70657220656C69742076756C7075746174652E1B41656E65616E2073697420616D6574206F64696F206D617373612C107365642072757472756D207175616D2E275574206C6163696E696120656E696D206E6563206F7263692072757472756D2064696374756D2E1B43757261626974757220696420617563746F72206C6967756C612E0F4E616D206E696268206E756C6C612C1B696E74657264756D2076697461652073757363697069742065752C12706F7274612071756973206C6967756C612E3F50726F696E206C6163696E69612073617069656E206E656320646F6C6F722076697665727261206174207375736369706974206F7263692074656D7075732E2450686173656C6C7573207363656C65726973717565206C6F626F72746973207175616D2C2273697420616D6574207361676974746973206E696268206F726E617265206E65632E31446F6E65632073697420616D65742074656C6C757320616320697073756D20706861726574726120696E74657264756D2E3D53656420656765737461732076656C69742065742066656C697320696163756C6973206574206469676E697373696D206573742066617563696275732E2A53757370656E646973736520636F6E76616C6C6973207363656C6572697371756520646170696275732E2A4E756C6C616D206C7563747573206C6163696E6961206E69736C2071756973207472697374697175652E31566976616D75732074696E636964756E74207665686963756C612073656D2073697420616D657420756C7472696365732E124E756C6C612061726375206C65637475732C1A766573746962756C756D206575206D6F6C657374696520696E2C17656C656966656E642072757472756D20746F72746F722E12457469616D206C6967756C61206469616D2C1A756C747269636573206964206D616C6573756164612076656C2C1076617269757320616320646F6C6F722E19496E2073697420616D65742073617069656E206A7573746F2C116E6563206469676E697373696D206D692E1B566976616D757320766974616520616C697175616D20656C69742E2F566573746962756C756D207375736369706974206D616C65737561646120697073756D20696420646170696275732E214D6F72626920756C6C616D636F727065722070686172657472612076656C69742C1F696E2074656D706F72206D617572697320636F6E736571756174206E6F6E2E1F5072616573656E74206D616C657375616461206D6174746973206E756E632C1C617420617563746F72206C696265726F20766976657272612069642E3D43756D20736F63696973206E61746F7175652070656E617469627573206574206D61676E6973206469732070617274757269656E74206D6F6E7465732C176E61736365747572207269646963756C7573206D75732E23566976616D757320636F6E76616C6C6973207661726975732076756C7075746174652E18446F6E6563206567657420746F72746F72206E657175652E2B4E756E632074656D706F72206D69207175697320656E696D20657569736D6F642074696E636964756E742E1B50656C6C656E746573717565206574206E696268206D61676E612C0F69642063757273757320656E696D2E43436C61737320617074656E742074616369746920736F63696F737175206164206C69746F726120746F727175656E742070657220636F6E75626961206E6F737472612C1770657220696E636570746F732068696D656E61656F732E114E756E63206E756E632073617069656E2C1473656D70657220696E2074656D706F7220696E2C1663757273757320696163756C69732073617069656E2E174E756E63207669746165206D617474697320656C69742E3C416C697175616D207574206E69736C2076656C206C6F72656D20706F72747469746F7220756C6C616D636F7270657220617420736564207175616D2E154D617572697320612074757270697320657261742E4850656C6C656E7465737175652076697665727261206C6967756C612076656C2074656C6C7573207072657469756D20616320617563746F72206E69736920696D706572646965742E1D50726F696E206661756369627573207361676974746973206F64696F2C22717569732073656D706572206D617373612070656C6C656E7465737175652061632E364D6F72626920636F6E64696D656E74756D206E697369207669746165206C696265726F20636F6E76616C6C697320626C616E6469742E1850726F696E20736F64616C6573206F64696F20617263752E1F53757370656E6469737365206E6F6E2076656E656E61746973206469616D2E1B5365642076697461652061646970697363696E67206C6F72656D2E134E756C6C616D2061756775652066656C69732C1867726176696461207175697320636F6D6D6F646F2075742C136469676E697373696D2076656C207175616D2E5D50656C6C656E746573717565206861626974616E74206D6F726269207472697374697175652073656E6563747573206574206E65747573206574206D616C6573756164612066616D65732061632074757270697320656765737461732E3650656C6C656E746573717565206665726D656E74756D206E756C6C6120617420646F6C6F72206D6F6C65737469652073656D7065722E11536564206D657475732073617069656E2C146D6F6C6C6973206120636F6D6D6F646F2061632C10636F6D6D6F646F207365642073656D2E2453757370656E6469737365206665756769617420656C656D656E74756D206C616375732C1D76656C20657569736D6F64206E69736C20616C697175616D206E6F6E2E1B4375726162697475722076656C20617563746F72206E657175652E4050686173656C6C7573206574206C696265726F2076656C20746F72746F7220766573746962756C756D20636F6E73657175617420616320696E206D61676E612E1F4E756C6C616D20636F6E67756520766573746962756C756D206D617373612C2371756973207375736369706974207475727069732061646970697363696E672069642E474E756C6C616D20756C6C616D636F727065722065726F7320696420697073756D20766573746962756C756D206174207072657469756D20617567756520636F6E76616C6C69732E3D43726173206E6563207075727573206163206C656374757320696163756C697320636F6D6D6F646F2073697420616D65742065676574206C616375732E2C43757261626974757220626C616E646974206D6F6C657374696520657374206174206672696E67696C6C612E1A5072616573656E742061742064696374756D207475727069732E26536564206C616F7265657420646170696275732074656C6C757320657420677261766964612E2E467573636520766974616520616E74652075742061726375206C616F7265657420736F6C6C696369747564696E2E254E756C6C61206D6F6C6C697320636F6D6D6F646F206F72636920736564206D6F6C6C69732E1B557420656C656966656E6420616C69717565742074656C6C75732C2176656C20756C74726963696573206C6F72656D206C75637475732076697461652E20446F6E656320636F6D6D6F646F20756C6C616D636F72706572206D617373612C216174207072657469756D206D61676E61206665726D656E74756D2076697461652E1C4E616D2072757472756D20616C69717565742073757363697069742E35416C697175616D2061206D617373612076656C206F64696F207665686963756C612073656D706572206120696E20746F72746F722E2650656C6C656E74657371756520616C697175616D20737573636970697420696163756C69732E27446F6E656320736F64616C6573207072657469756D206D61737361207365642074656D7075732E1550686173656C6C75732076656C69742075726E612C1E636F6D6D6F646F2073697420616D6574207472697374697175652069642C11636F6E67756520717569732065726F732E3B55742076756C707574617465206D61676E6120616C6971756574206C656F20706F7274612069642074656D707573206E756E6320617563746F722E35557420636F6E64696D656E74756D206D61676E612073697420616D6574207175616D20756C7472696369657320696163756C69732E2D41656E65616E20696D7065726469657420666163696C697369732074656C6C7573206E6563206F726E6172652E1A43726173206E65632076756C7075746174652073617069656E2E334D6F72626920757420647569207574206D61676E6120736F64616C657320636F6D6D6F646F206567657420696420657261742E0F447569732065726174206E6973692C1C6C6163696E696120766974616520696D70657264696574206E6F6E2C1265676573746173206E65632070757275732E1450656C6C656E7465737175652074656D706F722C1D6572617420757420656C656966656E6420636F6E64696D656E74756D2C1C697073756D206C6163757320756C747269636573207475727069732C2661206672696E67696C6C61207075727573206C65637475732073656D706572206E756C6C612E1250726F696E206964206E756C6C61206D692E1A53757370656E64697373652076656C2073656D206C616375732E2A55742072757472756D2065726F73206964206D6173736120756C7472696369657320636F6D6D6F646F2E1B4E756C6C6120656765742061646970697363696E6720616E74652E284E756E63207175697320656E696D2061206A7573746F20706861726574726120636F6D6D6F646F2E154E756C6C616D20746F72746F7220746F72746F722C17766F6C757470617420617420636F6D6D6F646F2061742C1A636F6E73656374657475722073697420616D657420657261742E435175697371756520706861726574726120747572706973206E6563206C696265726F207669766572726120717569732072757472756D206E756E63206D61747469732E1841656E65616E20736564206C61637573206C65637475732E1444756973206574206F64696F20746F72746F722E3141656E65616E20756C6C616D636F7270657220756C74726963696573207475727069732073656420766F6C75747061742E0E5574206574206573742073656D2C13657420756C747269636573207475727069732E1850656C6C656E746573717565206E6973692066656C69732C1B64696374756D206E6F6E2074656D706F72206C6F626F727469732C10696163756C697320617420656E696D2E14416C697175616D2074656C6C757320656C69742C1A766F6C757470617420757420747269737469717565207365642C146672696E67696C6C61206163206C696265726F2E17447569732072757472756D207175616D206D61676E612C12757420756C74726963657320697073756D2E154D6F726269206964206F726369206C65637475732E294D616563656E61732071756973206E756E63206174206469616D206D6F6C6C697320636F6E6775652E14416C697175616D206E65717565206C6F72656D2C1D6C6F626F727469732073697420616D657420636F6D6D6F646F2069642C1566657567696174206D617474697320646F6C6F722E224372617320616C697175616D20636F6E76616C6C69732061646970697363696E672E23566573746962756C756D2076617269757320636F6D6D6F646F2070756C76696E61722E2353757370656E646973736520656C656966656E642064696374756D206C65637475732C1D76656C20636F6D6D6F646F206E6962682076617269757320717569732E1F50686173656C6C75732073697420616D6574206E697369206C696265726F2E37496E20616C697175616D207075727573207574206D69206D6174746973207175697320696163756C6973206C6163757320706F7274612E2853656420756C747269636573207665686963756C61206D617572697320736564206F726E6172652E244D616563656E617320677261766964612074696E636964756E742073616769747469732E194D61757269732069642068656E6472657269742065726F732E1B4C6F72656D20697073756D20646F6C6F722073697420616D65742C1C636F6E73656374657475722061646970697363696E6720656C69742E1E437572616269747572207068617265747261206469616D2061756775652C1673697420616D657420636F6E6775652066656C69732E265072616573656E74206469676E697373696D20656C656966656E642076756C7075746174652E1A536564206E656320766573746962756C756D2074656C6C75732E6B566573746962756C756D20616E746520697073756D207072696D697320696E206661756369627573206F726369206C756374757320657420756C74726963657320706F737565726520637562696C69612043757261653B20566573746962756C756D206C616F726565742C1B65726F732076697461652072686F6E63757320616C69717565742C1B6C6967756C612074757270697320636F6E6775652070757275732C1F6E6F6E20636F6E76616C6C6973206D69206E6962682065752070757275732E31566976616D757320657569736D6F6420666163696C69736973206C616375732074696E636964756E742072757472756D2E11566976616D75732073757363697069742C186E697369207365642073656D70657220696163756C69732C196C696265726F2073656D2070756C76696E617220656E696D2C1E6120616C69717565742070757275732075726E61207574206E756C6C612E1D446F6E656320756C747269636573206C7563747573206D61757269732C27696E20706F72747469746F7220656E696D20756C6C616D636F727065722073697420616D65742E2B4D6F7262692070656C6C656E74657371756520617563746F722076656C697420657420656765737461732E1946757363652061632074696E636964756E74206D617373612E2B4D6F72626920612076656C69742065676574206469616D2074696E636964756E7420656C656966656E642E42437572616269747572206F726E617265206C65637475732061207175616D20626C616E6469742076656C206665726D656E74756D206C616375732064696374756D2E16446F6E65632076656C20747572706973206F64696F2C116163207375736369706974206F7263692E304E756C6C6120706F737565726520636F6E76616C6C6973206C616375732076656E656E6174697320666575676961742E5D50656C6C656E746573717565206861626974616E74206D6F726269207472697374697175652073656E6563747573206574206E65747573206574206D616C6573756164612066616D65732061632074757270697320656765737461732E1453757370656E646973736520706F74656E74692E4153757370656E6469737365206D6F6C6C6973206E65717565207574206E6571756520677261766964612075742076697665727261206D6920756C7472696365732E19566573746962756C756D2061742074656D706F722073656D2E164D61757269732076656C206C656F206C696265726F2E14416C697175616D206175677565206A7573746F2C18756C747269636965732076656C206665756769617420612C1376756C7075746174652073656420657261742E19416C697175616D20696E20756C747269636573207175616D2E2C50686173656C6C757320616C697175616D20766573746962756C756D206F64696F20617420617563746F722E0C53656420646170696275732C1866656C6973206163206F726E61726520646170696275732C1A6D61676E6120646F6C6F7220626962656E64756D206E69736C2C2265676574206C7563747573206C61637573206D61676E61206574206D61757269732E124E756C6C6120697073756D2061756775652C1B74656D706F72207175697320636F6E736563746574757220696E2C12696163756C6973206E6F6E20646F6C6F722E3753757370656E646973736520636F6E73656374657475722066656C6973206163206E756C6C6120736F64616C65732072686F6E6375732E144D616563656E61732076656C697420616E74652C1A6C6163696E696120617420636F6E76616C6C697320717569732C14696163756C697320717569732074656C6C75732E2253757370656E646973736520696D7065726469657420616C6971756574206475692C28706F73756572652064696374756D206A7573746F206665726D656E74756D2073697420616D65742E13457469616D20616320616E7465206469616D2E1B53757370656E6469737365207175697320646F6C6F72206475692C106174206D6F6C6C6973206E657175652E1541656E65616E206575206E697369206C6F72656D2C13657420756C747269636573206D61757269732E164E756C6C6120696E206175677565206C696265726F2C126E6F6E20737573636970697420656C69742E0D437261732072686F6E6375732C18657374206163206672696E67696C6C61207661726975732C186572617420697073756D2067726176696461206E69736C2C1D6174206F726E61726520647569206E697369206964206D61757269732E164E756C6C616D206E65632064696374756D206C656F2E1750686173656C6C7573206D61676E612073617069656E2C1C7361676974746973207175697320737573636970697420717569732C11626962656E64756D20696E206F64696F2E174372617320736564206C6967756C612074656C6C75732C1973697420616D6574206665726D656E74756D2066656C69732E2350656C6C656E746573717565207375736369706974206665756769617420656E696D2C22766974616520666575676961742065726F73206D6174746973207072657469756D2E1143726173206E6973692074656C6C75732C1A706C616365726174206E6563206461706962757320656765742C1266617563696275732061632066656C69732E1C50726F696E2074656D70757320666575676961742073617069656E2C1C6E6563206D6174746973206C656F2070686172657472612076656C2E494D616563656E61732064617069627573206D69206469676E697373696D206C6967756C6120636F6D6D6F646F20657420666163696C69736973207175616D207472697374697175652E335072616573656E7420766172697573206C6163757320657520656E696D2070656C6C656E74657371756520677261766964612E484E616D2072686F6E637573206D61757269732070686172657472612065726F732076756C7075746174652061742074696E636964756E74206D61737361206672696E67696C6C612E3250656C6C656E74657371756520696E2065726174206E6563206D6173736120636F6E73657175617420756C7472696365732E1B446F6E65632076617269757320656C656D656E74756D206C656F2C276E6F6E2068656E647265726974206A7573746F2074696E636964756E742073697420616D65742E16446F6E6563206163206C696265726F2061756775652E2C536564206D61747469732074757270697320612073656D20756C7472696369657320636F6E7365717561742E1041656E65616E206E756E63206475692C1B636F6D6D6F646F206567657420766573746962756C756D2075742C0F72757472756D20696E206E69736C2E104E616D206175677565206C6F72656D2C1374656D706F7220696E20706F7274612061742C11636F6D6D6F646F20757420697073756D2E25517569737175652061646970697363696E6720616C69717565742074696E636964756E742E1453757370656E646973736520706F74656E74692E4350656C6C656E74657371756520706F72747469746F7220656C6974206174206C656F2068656E647265726974207072657469756D206E6563206575207475727069732E1843757261626974757220696E20656C6974206D657475732E13416C697175616D20726973757320657261742C20706F73756572652069642061646970697363696E6720636F6E7365717561742C11646170696275732076656C2065726F732E314D616563656E61732073656D7065722066656C6973207365642066656C697320747269737469717565207661726975732E334D61757269732074656D70757320746F72746F72206574206D6574757320657569736D6F642070656C6C656E7465737175652E1750656C6C656E74657371756520647569206D617373612C19657569736D6F64206E6F6E2074696E636964756E742069642C10616C697175657420696E20656C69742E1A41656E65616E2076756C7075746174652073656D20656C69742E1D50656C6C656E7465737175652061742074656D707573206D61676E612E2F41656E65616E20656C656D656E74756D206E69736C20696420616E746520636F6D6D6F646F20706C6163657261742E164E616D20736564206D61757269732074656C6C75732E1B50656C6C656E746573717565206E6563206F726369206E6962682C136E65632076756C70757461746520656E696D2E16416C697175616D206572617420766F6C75747061742E2C457469616D206469676E697373696D206A7573746F2061206F7263692065676573746173206D61747469732E33566976616D757320756C7472696365732073617069656E206163207475727069732076656E656E617469732074656D706F722E2953757370656E646973736520636F6E73657175617420766F6C7574706174206665726D656E74756D2E1344756973206575206F7263692076656C69742E0D53656420706C6163657261742C1B6E6973692073656420616C69717565742074696E636964756E742C187269737573206F64696F206D6174746973206E756C6C612C206E6F6E20736F64616C6573206E756E63206E756C6C61207669746165206D692E2B4E756E6320636F6E73657175617420706861726574726120646F6C6F72206174206672696E67696C6C612E5D50656C6C656E746573717565206861626974616E74206D6F726269207472697374697175652073656E6563747573206574206E65747573206574206D616C6573756164612066616D65732061632074757270697320656765737461732E45566573746962756C756D20756C7472696365732074656C6C75732071756973206E69736C206469676E697373696D2072686F6E6375732065676574206574206A7573746F2E3F4D616563656E61732076697461652070757275732071756973206C656F207665686963756C612076656E656E617469732076656C207574206C65637475732E1C437572616269747572206E6563206D6F6C6573746965206E69736C2E47566573746962756C756D20756C6C616D636F72706572206E756C6C61206E6F6E206F7263692064696374756D2071756973206C6163696E69612065737420696E74657264756D2E15467573636520656765742073656D2072697375732C1373656420766F6C75747061742061756775652E1453757370656E646973736520706F74656E74692E1A536564206C7563747573206D6F6C65737469652061756775652C186120766172697573207175616D20636F6E67756520696E2E2F416C697175616D20616C6971756574206F7263692065676574206D6920657569736D6F6420636F6E7365717561742E16557420657420766573746962756C756D20616E74652E15536564207669746165206D6574757320656C69742E124D6175726973206C616375732065726F732C2070656C6C656E746573717565206575207665686963756C612073656D7065722C186461706962757320636F6E736571756174206E756C6C612E4553656420766F6C757470617420657261742073757363697069742073656D20666163696C697369732061742061646970697363696E67206F726369207665686963756C612E1850656C6C656E746573717565206E697369206E756C6C612C17666175636962757320696E2072686F6E6375732075742C1872686F6E63757320656C656966656E64207475727069732E1341656E65616E206F64696F20746F72746F722C1D756C6C616D636F727065722069642074696E636964756E74206E65632C0F72686F6E637573206E6F6E206D692E1E5072616573656E7420696E74657264756D20766172697573206F7263692C1D75742076656E656E61746973206E696268206D6F6C6C6973206E65632E0C557420706C6163657261742C1C65726174206E65632074696E636964756E742070686172657472612C1B6D65747573206C616375732076656E656E61746973206E756E632C226574206C616F726565742061756775652073617069656E2076656C206C6F72656D2E195365642073697420616D65742076697665727261206573742E0D457469616D2072757472756D2C1A707572757320757420756C74726963657320616C69717565742C196E65717565206D61676E61206C75637475732072697375732C2376656C20636F6E73656374657475722065726F73206C6F72656D207574206F64696F2E14496E74656765722074757270697320656C69742C1C636F6E7365637465747572207574207375736369706974207365642C1167726176696461206174206C6F72656D2E3D43756D20736F63696973206E61746F7175652070656E617469627573206574206D61676E6973206469732070617274757269656E74206D6F6E7465732C176E61736365747572207269646963756C7573206D75732E224D6F72626920706C61636572617420616363756D73616E206D616C6573756164612E0D4D617572697320706F7274612C1C6C61637573206567657420696163756C69732073616769747469732C18617263752073656D206C6F626F72746973206E756C6C612C2265742074656D7075732076656C6974206D617373612071756973206C696265726F2E11467573636520646F6C6F72206E6962682C1B626962656E64756D2065742061646970697363696E67206E6F6E2C11656C656966656E64206574206F64696F2E0F4475697320656C69742065726F732C1D68656E64726572697420617420706F72747469746F722076697461652C1167726176696461206E656320617263752E475072616573656E74206D616C6573756164612073617069656E20612075726E6120616363756D73616E2061742068656E64726572697420697073756D20706F72747469746F722E284D61757269732070686172657472612073616769747469732075726E612065752074656D706F722E15566573746962756C756D207075727573206C656F2C1A7068617265747261207175697320756C7472696365732061632C1073656D706572206E656320657261742E13536564206E6563206D6173736120617263752C117365642074656D70757320646F6C6F722E1846757363652076697461652064696374756D2065726F732E2041656E65616E20766573746962756C756D2073656D706572207475727069732C21696163756C697320617563746F7220646F6C6F72207665686963756C612061632E1D496E206665726D656E74756D20617563746F722070686172657472612E16496E7465676572206E65632065726F73206469616D2C116567657420706F7375657265206C656F2E0E4E616D207472697374697175652C1A6E696268206E6563206D616C657375616461206F726E6172652C1775726E61206F64696F20706F727461206D61757269732C2D616363756D73616E20616C6971756574206E756E63206C65637475732073697420616D6574206D61757269732E17566573746962756C756D206E756C6C61206D617373612C2173656D7065722073697420616D657420626C616E6469742073697420616D65742C1676656E656E6174697320656765742073617069656E2E23566573746962756C756D20756C74726963657320636F6E6775652072686F6E6375732E1F4E756E63206C6163696E6961206461706962757320696D706572646965742E3C4E756E6320612065726F73207365642075726E612070656C6C656E7465737175652065676573746173206E6F6E2073697420616D657420656C69742E13496E746567657220646F6C6F72206469616D2C1B76756C70757461746520617420747269737469717565206E6F6E2C1376656E656E6174697320696E2072697375732E19536564206C6163696E6961206C756374757320697073756D2C1F61632073616769747469732061726375206D6F6C657374696520717569732E4350686173656C6C7573207072657469756D206E756C6C612071756973207175616D20706C61636572617420766974616520636F6D6D6F646F206D6920636F6E6775652E255072616573656E7420747269737469717565206C616F7265657420656C656D656E74756D2E215072616573656E742076656E656E61746973207072657469756D20646F6C6F722C25657520766F6C757470617420657374207363656C657269737175652073697420616D65742E225072616573656E7420656C656966656E642064696374756D207665686963756C612E2F446F6E656320756C6C616D636F727065722061646970697363696E6720616E746520616320656C656D656E74756D2E11496E746567657220647569206E756E632C15766976657272612061742072757472756D2075742C1374696E636964756E74207669746165206D692E3D446F6E6563206E6563207269737573206964206172637520706F72747469746F7220706C6163657261742070756C76696E6172206174206C616375732E164D6F7262692061632076656C69742073617069656E2C166C6163696E69612065676573746173206E756C6C612E334D617572697320656C656D656E74756D20647569206163206C696265726F20756C7472696369657320636F6E7365717561742E424E616D206E6F6E206A7573746F2061742074656C6C75732068656E6472657269742072686F6E63757320756C747269636573206D6F6C65737469652061756775652E1241656E65616E20656C69742070757275732C1A74656D706F722071756973207665686963756C6120717569732C106C6F626F727469732061206F64696F2E1D416C697175616D2072686F6E63757320766172697573206C6F72656D2C1B657520616C6971756574207475727069732072757472756D20612E1A4E756C6C6120677261766964612067726176696461206475692C226163206D6F6C657374696520617263752061646970697363696E672076697461652E1143726173206469616D206D61757269732C1B63757273757320766974616520636F6E6775652064696374756D2C1361646970697363696E6720696420657261742E2B53757370656E6469737365206F726E61726520706F72746120656C69742069642068656E6472657269742E195072616573656E74206E6563206D65747573206D617373612C106120656765737461732072697375732E32446F6E65632070656C6C656E7465737175652076697665727261206469616D2073697420616D65742070686172657472612E1553757370656E6469737365206C6F72656D206D692C167669766572726120657520617563746F72206E6F6E2C12766F6C75747061742065742066656C69732E1950726F696E206964206665726D656E74756D2070757275732E154E616D2065676574206D617474697320617263752E1E4D6F72626920626962656E64756D2072757472756D20657569736D6F642E22446F6E656320616C69717565742068656E6472657269742074696E636964756E742E3541656E65616E2065752073617069656E207574206E756E632064696374756D2066657567696174206E6563206174206C616375732E464475697320636F6D6D6F646F206E697369206E656320746F72746F7220766F6C7574706174207175697320636F6E64696D656E74756D2074757270697320616C697175616D2E15566976616D757320736F6C6C696369747564696E2C206E756C6C612072686F6E63757320636F6E73657175617420706F73756572652C1B6E697369206E6962682061646970697363696E672066656C69732C24616C697175657420706F7274612061726375206D61676E61206E65632073617069656E2E2A5574206C756374757320696E74657264756D206469616D207175697320736F6C6C696369747564696E2E2B55742073656D706572206D61676E6120736564206E657175652068656E647265726974206D61747469732E124E756C6C616D20747572706973206475692C1B706F72747469746F72206567657420696E74657264756D2069642C11706F72747469746F72206575206475692E0C557420616363756D73616E2C1D74656C6C757320696E20656C656966656E6420696D706572646965742C1B656C6974206D6173736120666163696C69736973206D61676E612C28766974616520666575676961742074656C6C7573206C656374757320656765742074656C6C75732E2C4D6175726973206163206E65717565206163206E69626820756C7472696369657320696D706572646965742E0E55742075726E61206C6F72656D2C15616C6971756574206574206D61747469732069642C1273757363697069742061206C65637475732E2F4E616D207665686963756C6120706F72747469746F7220657261742073697420616D657420696D706572646965742E24536564206575206E756E63206964206D6175726973206D6F6C6C69732072757472756D2E1650656C6C656E74657371756520647569206F7263692C1E756C6C616D636F72706572206174206672696E67696C6C6120656765742C17736F6C6C696369747564696E2065676574206E756E632E36517569737175652076656C206D6574757320657420656E696D20706C61636572617420656C656966656E64207365642061206C656F2E355072616573656E742070686172657472612068656E647265726974206E696268207363656C6572697371756520616C697175616D2E21447569732074696E636964756E7420766573746962756C756D20636F6E6775652E1B4C6F72656D20697073756D20646F6C6F722073697420616D65742C1C636F6E73656374657475722061646970697363696E6720656C69742E1D566573746962756C756D206E6F6E206C696265726F206C6967756C612E2D557420637572737573206D617572697320736564206F64696F20696D70657264696574207665686963756C612E1B496E206665726D656E74756D207665686963756C6120617263752C1D616320636F6D6D6F646F20617567756520706F7375657265207365642E12566976616D757320756C747269636965732C1A6D61676E6120696E20616C697175616D2073757363697069742C1C746F72746F72206C656F20766573746962756C756D20646F6C6F722C1E7574206C7563747573206F64696F206469616D206E6563206C616375732E1850686173656C6C7573206574206469616D206D657475732E3E43726173206672696E67696C6C61206E696268207175697320616E74652074696E636964756E7420696E20657569736D6F64206C656F206C75637475732E4B4E756C6C612074696E636964756E7420657261742073697420616D65742065726174207669766572726120656C656966656E6420616363756D73616E206C6967756C61206C75637475732E165175697371756520657420726973757320656E696D2E3A5072616573656E74207669746165206E65717565207574206C656F2073656D706572206D616C65737561646120657520736564206A7573746F2E2944756973207072657469756D207665686963756C61206F72636920736564206469676E697373696D2E3743726173206E6563206D61676E6120696E206E756C6C61206C616F726565742076756C707574617465207175697320617420656E696D2E174E756C6C612065676574206F64696F2074656C6C75732E42496E20706C616365726174206D6173736120657420707572757320656C656966656E64206E6F6E206672696E67696C6C61206E65717565206672696E67696C6C612E21446F6E656320696D7065726469657420756C6C616D636F72706572206E69736C2C1B76656C2072757472756D2073617069656E2072757472756D20612E0C44756973206C75637475732C1A616E74652065752074726973746971756520636F6D6D6F646F2C20697073756D206C696265726F20736F6C6C696369747564696E2070757275732C1F717569732074656D706F72206E6962682066656C6973206163207175616D2E1D4E756C6C616D20736F64616C6573207665686963756C6120656C69742C1E656765742065676573746173206E6571756520626C616E64697420696E2E1D4D6175726973206567657374617320666175636962757320656C69742C2269642070656C6C656E746573717565206E6962682074696E636964756E742069642E164E616D2076697461652066656C6973206D61676E612E12446F6E65632074656C6C7573207175616D2C227363656C6572697371756520766974616520736F6C6C696369747564696E2061742C10677261766964612076656C206573742E3D557420736F64616C65732076656C6974206E65632064756920736F6C6C696369747564696E206120706F727461206D6920756C6C616D636F727065722E244372617320736F6C6C696369747564696E206567657374617320636F6E7365717561742E14446F6E656320696420746F72746F72206573742C11656765742074656D706F72206469616D2E78566573746962756C756D20616E746520697073756D207072696D697320696E206661756369627573206F726369206C756374757320657420756C74726963657320706F737565726520637562696C69612043757261653B20557420756C6C616D636F7270657220677261766964612070686172657472612E1050726F696E206469616D206E756E632C186665756769617420696420696E74657264756D2076656C2C11706F72747469746F722061206E69736C2E31416C697175616D20616C6971756574206F72636920736564206D65747573206567657374617320706F72747469746F722E214D6F72626920736F6C6C696369747564696E2070756C76696E617220656E696D2E3F457469616D2074696E636964756E74206175677565207574207175616D206D6F6C6C697320616320696D70657264696574206F64696F20656765737461732E1B4C6F72656D20697073756D20646F6C6F722073697420616D65742C1C636F6E73656374657475722061646970697363696E6720656C69742E124E756E6320617420656E696D206469616D2E1B4C6F72656D20697073756D20646F6C6F722073697420616D65742C1C636F6E73656374657475722061646970697363696E6720656C69742E15416C697175616D206C6F72656D206C65637475732C1A737573636970697420617420766573746962756C756D2061632C177363656C6572697371756520717569732061756775652E134D6F7262692066656C69732074656C6C75732C1F706F72747469746F7220717569732070656C6C656E7465737175652075742C0F64696374756D206163206E6973692E46496E74656765722073697420616D6574206D617373612076656C206175677565206C6163696E69612064617069627573206E6F6E2076756C70757461746520746F72746F722E2141656E65616E20756C6C616D636F7270657220736F64616C6573206A7573746F2C1F6174206665726D656E74756D206C696265726F20736F64616C65732065742E2D467573636520766974616520656E696D207574206C6967756C6120766F6C757470617420706C6163657261742E1C50656C6C656E746573717565206574206D6175726973206E6962682C126E6F6E206C6163696E696120697073756D2E3150686173656C6C7573206163206E6962682073697420616D6574206E6962682076756C7075746174652072757472756D2E174D616563656E6173206964206E756C6C61207175616D2E374D616563656E617320657569736D6F6420646F6C6F7220696E206D61676E6120636F6E64696D656E74756D2061646970697363696E672E2B4D6F72626920656C656D656E74756D2074696E636964756E74206D617572697320696E206D6F6C6C69732E4850656C6C656E74657371756520736167697474697320747572706973206964206E756E632074656D706F72206120656C656966656E6420747572706973206665726D656E74756D2E1B53656420666175636962757320696E74657264756D20617263752C196174207661726975732073656D20616C69717565742069642E2650656C6C656E74657371756520766573746962756C756D20696163756C69732072697375732C1B69642064696374756D206C6F72656D20677261766964612061632E465175697371756520736167697474697320617263752076697461652065726F73206461706962757320766974616520636F6E76616C6C6973206E756C6C61206D61747469732E114E616D20696420647569206E657175652C127574206D6F6C65737469652076656C69742E2D50656C6C656E7465737175652070756C76696E617220706F727461206572617420657520696E74657264756D2E114E756E63206D65747573206D617373612C1B766573746962756C756D207669746165206567657374617320612C126672696E67696C6C61206574206F64696F2E18517569737175652071756973206469616D206C6F72656D2C18717569732070656C6C656E7465737175652076656C69742E144D61757269732073617069656E2072697375732C1C7375736369706974206E656320766573746962756C756D206E65632C0F72757472756D20612072697375732E29437572616269747572206C6F626F7274697320636F6E64696D656E74756D20756C747269636965732E194475697320717569732064617069627573207475727069732E114E756E63206C656374757320656C69742C19666163696C6973697320617420626962656E64756D2065742C13766573746962756C756D20696E20617263752E104D6F726269206F64696F206E6962682C176665756769617420717569732074656D706F722075742C1A7363656C6572697371756520756C747269636573206E6973692E1B437572616269747572206120616363756D73616E2061756775652E1F496E746567657220616C697175657420706F72747469746F72206E6962682C1D6E656320706C6163657261742065737420706861726574726120696E2E2C446F6E65632066657567696174206E697369206574206F64696F20636F6D6D6F646F20696E74657264756D2E2A566573746962756C756D20756C6C616D636F7270657220626962656E64756D206665726D656E74756D2E384675736365206575206C616375732065676574206D65747573206D616C65737561646120666575676961742065752076656C20657261742E13536564206574206572617420746F72746F722E1E4D6F726269206D616C65737561646120766172697573206D6F6C6C69732E1C4E616D20616363756D73616E206469676E697373696D206F64696F2C227175697320636F6E7365637465747572206D69206D6F6C657374696520656765742E0E457469616D20696163756C69732C1A656E696D20657520706C616365726174207665686963756C612C1B656C6974206D617373612070756C76696E61722074656C6C75732C1C696E20637572737573206D61676E61206D69206E6F6E207175616D2E1D566976616D7573207661726975732074656D706F722073656D7065722E264E756C6C612061646970697363696E67206665756769617420736F6C6C696369747564696E2E26457469616D206C6163696E696120706C61636572617420647569206E6563207661726975732E16496E207669746165206D65747573206D61757269732E3D566573746962756C756D20736564206D61676E612071756973206E696268206F726E6172652072686F6E63757320757420766974616520697073756D2E1144756973206C6967756C61206E756E632C1B6665726D656E74756D20736564207375736369706974206E6F6E2C136D6F6C65737469652076656C2070757275732E1453757370656E646973736520706F74656E74692E0F50726F696E2061726375206C656F2C1A61646970697363696E67206174207665686963756C612061632C15756C6C616D636F72706572206E6563206469616D2E1950726F696E207072657469756D20706F7274612075726E612C1F71756973206665726D656E74756D206E69736C207072657469756D2065742E2C53757370656E6469737365206120656C6974206575206E697369206D6F6C6573746965206C6163696E69612E194372617320617420636F6E64696D656E74756D20617263752E1453757370656E646973736520706F74656E74692E4F53656420756C6C616D636F7270657220616E74652073697420616D65742075726E6120616C697175657420756C74726963657320616363756D73616E206E6571756520756C6C616D636F727065722E414E616D2073697420616D65742076656C69742076656C2075726E6120677261766964612073757363697069742073697420616D6574206E6F6E206D61757269732E125574206E6F6E206E6571756520617263752E1F5072616573656E74206772617669646120736F64616C6573206C6F72656D2C2376697461652068656E64726572697420707572757320626962656E64756D206E6F6E2E0F4E756C6C6120666163696C6973692E0E4D6175726973206F726E6172652C1E73656D20656765742074726973746971756520766573746962756C756D2C196175677565206D65747573206C7563747573206E657175652C2573697420616D6574207072657469756D206C6563747573206475692065742061756775652E1E43757261626974757220657520636F6E76616C6C6973207475727069732E0B557420657374206573742C1C76756C70757461746520617563746F72206C616F726565742065742C13696163756C69732065676574206D617373612E20566573746962756C756D206F726E61726520706F7274612072686F6E6375732E4A50686173656C6C7573207361676974746973206F726369206574206F72636920626C616E64697420666163696C697369732076697665727261206C656F20636F6E73656374657475722E4D437572616269747572206D6F6C6573746965206E696268207669746165206E69736920636F6E64696D656E74756D20656765742074656D706F72206E756C6C6120636F6E73656374657475722E0D55742061726375206E756E632C1B6D6F6C6C6973206E656320636F6E7365637465747572206E65632C16656C656D656E74756D2074656D70757320656E696D2E164E756C6C616D2076656C2061726375206D617373612E16496E207175697320616363756D73616E206E6962682E1A4E756C6C616D20696420747269737469717565206E657175652E2C50686173656C6C7573206D617474697320696E74657264756D206E697369207175697320766976657272612E134D6F72626920736F6C6C696369747564696E2C1B6C656F2076656C20666175636962757320636F6E7365717561742C16616E74652065737420626C616E646974206E6962682C20696420736F64616C6573207269737573206E756E63206163206C6967756C612E364E756C6C616D2070656C6C656E746573717565206469616D206E65632075726E61206672696E67696C6C61206D616C6573756164612E144D616563656E6173206E697369206C6F72656D2C1A626962656E64756D206120636F6E64696D656E74756D20696E2C13636F6D6D6F646F2076656C2074656C6C75732E3450726F696E206174206F64696F20696E20616E7465206C6163696E696120736F64616C65732076656C206567657420656C69742E1B437572616269747572206575206665726D656E74756D206573742E1B4C6F72656D20697073756D20646F6C6F722073697420616D65742C1C636F6E73656374657475722061646970697363696E6720656C69742E345072616573656E742072757472756D206C65637475732061632076656C697420636F6E7365717561742068656E6472657269742E1A496E2066617563696275732064696374756D206D61747469732E0F5365642061206A7573746F206D692C12657520636F6E76616C6C6973206E6962682E26496E746567657220636F6D6D6F646F20736F6C6C696369747564696E2073757363697069742E3E4375726162697475722076656C206C656F207669746165207175616D20756C7472696369657320696E74657264756D2065742065676574206A7573746F2E3F50726F696E20756C747269636573206C61637573206574206D657475732076756C70757461746520756C747269636573206575206E6F6E206C6967756C612E2A50726F696E2061742076656C697420696E206E697369206D616C657375616461206C6F626F727469732E0F4675736365206573742075726E612C1A70756C76696E61722061632076656E656E61746973206E6F6E2C1468656E647265726974206E6F6E206E657175652E28446F6E6563206964206175677565206163206D61676E6120636F6E73657175617420706F7274612E2B446F6E65632073656420657261742076697461652076656C6974207665686963756C612072757472756D2E2F41656E65616E2070756C76696E617220647569206E656320617567756520706861726574726120696163756C69732E4351756973717565207072657469756D2072697375732076697461652061726375206665756769617420616320706F73756572652072697375732073616769747469732E0E4E616D206469616D20657261742C1772757472756D20757420696E74657264756D206E6F6E2C0F6C616F726565742061742073656D2E0E53656420656E696D20656C69742C1874656D706F72206567657420766F6C75747061742061632C0F616C69717565742061742073656D2E354E756E6320696E2075726E6120657520697073756D2074656D706F722070686172657472612065676574207669746165206573742E3D43756D20736F63696973206E61746F7175652070656E617469627573206574206D61676E6973206469732070617274757269656E74206D6F6E7465732C176E61736365747572207269646963756C7573206D75732E104E756C6C6120756C747269636965732C1E6C6967756C61207175697320636F6E73657175617420706F73756572652C17616E74652072697375732067726176696461206573742C1F696E207072657469756D20656C697420697073756D206E65632065726F732E2A4D6175726973206163206C656F2073697420616D6574206E69736C2072757472756D206D61747469732E31446F6E656320666163696C6973697320656E696D2065676574206D61757269732067726176696461206C6163696E69612E3D43756D20736F63696973206E61746F7175652070656E617469627573206574206D61676E6973206469732070617274757269656E74206D6F6E7465732C176E61736365747572207269646963756C7573206D75732E31566976616D757320656C656966656E64206C61637573206E6F6E206572617420656C656966656E64206C6163696E69612E284E616D207665686963756C61207665686963756C6120697073756D20616320756C7472696365732E17416C697175616D207574206D617373612070757275732E2F41656E65616E2076656C20657374207669746165206E756C6C612074696E636964756E74206D616C6573756164612E11416C697175616D20656C656966656E642C1A61726375206E6F6E207472697374697175652074656D706F722C19647569206C6967756C61206D616C6573756164612073656D2C2A696163756C6973207363656C65726973717565206D61676E61206D617373612071756973207175616D2E1B50656C6C656E746573717565206C696265726F206D61757269732C1E76756C707574617465207365642074696E636964756E742076697461652C127665686963756C6120616320697073756D2E104D61757269732070686172657472612C1C7475727069732065752074696E636964756E742072686F6E6375732C187175616D20746F72746F722076697665727261206573742C2361742070656C6C656E746573717565206175677565206E696268206163206E6962682E0D496E20697073756D206475692C1C756C6C616D636F727065722076656C2073656D70657220717569732C1073656D706572206964206D617373612E1850686173656C6C7573206E6F6E2073656D20646F6C6F722C166174207363656C657269737175652074656C6C75732E164375726162697475722076656C69742061756775652C1770756C76696E617220696E20616C697175616D2069642C10616C69717565742076656C206C656F2E1D4675736365206665726D656E74756D20626C616E646974206E756E632C2976697461652074696E636964756E74206C656F206D6F6C657374696520636F6E64696D656E74756D2E1D53757370656E6469737365207574206772617669646120697073756D2E144375726162697475722076756C7075746174652C226D61757269732073697420616D65742070756C76696E61722073616769747469732C18697073756D20656E696D206665756769617420656E696D2C1F657420706F727461207269737573206E65717565206567657420616E74652E3D43756D20736F63696973206E61746F7175652070656E617469627573206574206D61676E6973206469732070617274757269656E74206D6F6E7465732C176E61736365747572207269646963756C7573206D75732E11446F6E65632065726F7320646F6C6F722C1B7665686963756C61207175697320616C697175616D20656765742C106F726E617265206964206C6F72656D2E0F557420646F6C6F72206C616375732C15616C69717565742075742074656D706F722065742C0F766172697573206574206E756E632E444372617320636F6E7365637465747572206D617373612076697461652076656C6974206D6174746973206120756C7472696365732075726E612076656E656E617469732E125072616573656E74206C61637573206D692C18626962656E64756D206120616C697175657420717569732C15766573746962756C756D206E6F6E2076656C69742E1A50726F696E2073697420616D657420656C69742066656C69732C136575206D616C657375616461206A7573746F2E1B4D616563656E617320617563746F722075726E61206D657475732E3550686173656C6C757320636F6E76616C6C69732076656C6974206964206A7573746F20626C616E6469742076656E656E617469732E2353757370656E646973736520636F6E76616C6C69732072686F6E637573206F7263692C1A612074696E636964756E74207175616D2076617269757320612E2A4675736365207363656C6572697371756520616C697175616D206F64696F20616320736F64616C65732E17416C697175616D20696E206C656374757320617263752E0E496E20766573746962756C756D2C1B6E697369206574207361676974746973206469676E697373696D2C1870757275732065737420666575676961742072697375732C21616320616363756D73616E20616E746520707572757320696E207475727069732E234D616563656E617320626962656E64756D20636F6E64696D656E74756D206E6962682C2271756973206672696E67696C6C61207175616D20696D70657264696574207365642E2F4E756C6C6120756C6C616D636F727065722073757363697069742073656D20657569736D6F642072686F6E6375732E17437572616269747572206C6563747573206A7573746F2C1E636F6E73656374657475722076697461652076697665727261207365642C126672696E67696C6C61206174206E756E632E15416C697175616D206A7573746F20746F72746F722C176F726E6172652076656C2072686F6E637573206E6F6E2C13656C656966656E64207365642070757275732E1D4E756C6C616D20706F73756572652067726176696461206D61676E612C286567657374617320636F6E76616C6C69732074656C6C75732076656E656E6174697320717569732E0F4D617572697320666575676961742C1B6C6563747573206E65632072757472756D20706C6163657261742C1D74656C6C757320617567756520636F6E76616C6C69732076656C69742C1D696E206D6174746973206F64696F206E6571756520696E2075726E612E355175697371756520717569732075726E61206174206469616D207072657469756D20696163756C697320757420736564206475692E104D6F726269206E69626820656E696D2C19616363756D73616E20657520636F6E76616C6C69732065742C11626962656E64756D20736564206475692E43436C61737320617074656E742074616369746920736F63696F737175206164206C69746F726120746F727175656E742070657220636F6E75626961206E6F737472612C1770657220696E636570746F732068696D656E61656F732E31457469616D20696E74657264756D20747572706973206575206475692061646970697363696E672073616769747469732E1B4C6F72656D20697073756D20646F6C6F722073697420616D65742C1C636F6E73656374657475722061646970697363696E6720656C69742E21496E206861632068616269746173736520706C617465612064696374756D73742E1C53757370656E646973736520736564206C696265726F20656E696D2C1165742064617069627573206A7573746F2E10416C697175616D20636F6D6D6F646F2C247475727069732073697420616D65742076656E656E6174697320666163696C697369732C1A6E696268206469616D20706F72747469746F72206E657175652C1D6E65632067726176696461206D61737361206F64696F20612073656D2E184D6F72626920717569732076656C6974206C6967756C612E434D617572697320696E74657264756D207269737573206E6563207175616D2072686F6E63757320657520626962656E64756D206D61757269732070756C76696E61722E284E756E63206964206F726369206E656320747572706973206C6F626F72746973206C75637475732E335072616573656E74206C616F72656574206C65637475732076656C206C656F206D616C65737561646120696E74657264756D2E2F517569737175652061206D692061632065726F73206D617474697320706861726574726120696E2061207175616D2E4F536564207363656C65726973717565206C6967756C612076656C2074656C6C75732070756C76696E617220737573636970697420736F6C6C696369747564696E206F64696F207665686963756C612E2C496E20706F727461206F64696F20617563746F72206A7573746F20636F6D6D6F646F206C6F626F727469732E224E756C6C616D20706F72747469746F7220766F6C757470617420626C616E6469742E12496E20757420766172697573206E69736C2E1B4E756E6320706861726574726120706F727461206C75637475732E154D617572697320696E206D6174746973206573742E21496E206861632068616269746173736520706C617465612064696374756D73742E1E4D616563656E61732073656420636F6E76616C6C69732074656C6C75732E87566573746962756C756D20616E746520697073756D207072696D697320696E206661756369627573206F726369206C756374757320657420756C74726963657320706F737565726520637562696C69612043757261653B205574207665686963756C61206D6574757320766974616520697073756D2068656E6472657269742072757472756D2E104E756E6320646F6C6F72206E69736C2C18696E74657264756D2071756973206F726E6172652065742C1074656D706F722071756973206475692E29446F6E65632074696E636964756E742076617269757320747572706973206E6F6E206375727375732E0F4E756C6C61206C6F626F727469732C216C6163757320656765742070656C6C656E7465737175652073616769747469732C1775726E6120656C69742072686F6E63757320657261742C24616320636F6E76616C6C697320697073756D2073617069656E206E6F6E206C616375732E334D6F7262692070656C6C656E746573717565206C6967756C612065742076656C69742074656D7075732073616769747469732E2B4D6F7262692074696E636964756E7420696E74657264756D206E756E63206E6F6E2073757363697069742E2E4372617320666175636962757320696E74657264756D2076656C697420616363756D73616E20706F73756572652E14446F6E656320612061756775652072697375732E0E457469616D20766976657272612C1B6C656374757320736564206D6174746973206C6F626F727469732C196572617420726973757320616C6971756574206C6F72656D2C1E65752073656D706572206C696265726F206E756E6320616320657261742E12446F6E656320617420647569206E6973692E1146757363652064756920746F72746F722C1B636F6E736571756174206567657420656765737461732076656C2C166C6F626F7274697320656C656D656E74756D206D692E2D53757370656E646973736520626C616E646974206D6F6C65737469652075726E612076656C206D6F6C6C69732E1E4E616D20616C697175616D20766F6C757470617420626962656E64756D2E2C4E756C6C6120696420657261742061206C656374757320666163696C6973697320766573746962756C756D2E274E756E632064696374756D206C616F72656574206D61676E612065752076656E656E617469732E424475697320666163696C69736973206A7573746F206E656320656E696D207665686963756C61206E65632072757472756D2070757275732076756C7075746174652E3153656420736F6C6C696369747564696E20647569206E656320707572757320706F72747469746F72206C6163696E69612E6C566573746962756C756D20616E746520697073756D207072696D697320696E206661756369627573206F726369206C756374757320657420756C74726963657320706F737565726520637562696C69612043757261653B205072616573656E74206E69736C206C616375732C1472757472756D20616320636F6E6775652065752C1A7363656C657269737175652064696374756D206C6967756C612E124675736365206E65717565206D617373612C1E76697665727261207365642073757363697069742073697420616D65742C11706F737565726520617420697073756D2E4C5072616573656E74207363656C65726973717565206C696265726F20696E206E69626820677261766964612073656420636F6E736563746574757220747572706973207665686963756C612E1346757363652073617069656E2076656C69742C18766573746962756C756D206120616C697175616D20696E2C14626962656E64756D2076656C206D61757269732E1850686173656C6C757320696420706F7274612065726F732E1941656E65616E206E6563206C6967756C61207475727069732C1375742074696E636964756E742076656C69742E184372617320636F6D6D6F646F20636F6E677565206475692C1E696420677261766964612066656C697320696163756C697320656765742E2C4E756E6320766172697573206469616D206120707572757320656C656D656E74756D20656C656966656E642E4353656420766976657272612076656C69742073697420616D657420616E746520756C747269636573206E6563207661726975732074656C6C757320616C697175616D2E1653757370656E646973736520616E7465206E756E632C187375736369706974206E656320736F64616C65732075742C0F72686F6E637573206120616E74652E124E756C6C61207269737573206E657175652C1A6665726D656E74756D20696E207068617265747261206E65632C16636F6D6D6F646F2072686F6E637573206E756C6C612E1141656E65616E206665726D656E74756D2C1D6C6967756C61206E656320737573636970697420756C7472696365732C1B6C6967756C61206E657175652072686F6E6375732070757275732C1B61206D6F6C6C69732073656D207075727573207574206E756E632E214E756E6320616C697175616D20756C6C616D636F72706572206C6163696E69612E14447569732069642076656C6974206C616375732E204372617320636F6E76616C6C697320736F64616C6573207665686963756C612E1150726F696E206E696268206E756C6C612C20626962656E64756D207365642070656C6C656E7465737175652076697461652C13626C616E646974207669746165207175616D2E184375726162697475722065742065726F732076656C69742C146E6F6E207665686963756C612073617069656E2E3153757370656E6469737365206575206D69206E6563206D657475732070656C6C656E74657371756520656765737461732E1943757261626974757220612074656C6C75732070757275732C0F61632064696374756D206E6973692E12446F6E6563206469616D206C6967756C612C1B74696E636964756E7420757420706F73756572652076697461652C12636F6E736571756174206174206E6973692E5D50656C6C656E746573717565206861626974616E74206D6F726269207472697374697175652073656E6563747573206574206E65747573206574206D616C6573756164612066616D65732061632074757270697320656765737461732E2E4E756C6C6120617563746F72206E69736920736564206D657475732074696E636964756E7420626C616E6469742E0F4E756C6C6120666163696C6973692E3350726F696E20766F6C7574706174206D69207361676974746973207269737573206672696E67696C6C6120666575676961742E1B4C6F72656D20697073756D20646F6C6F722073697420616D65742C1C636F6E73656374657475722061646970697363696E6720656C69742E11566976616D75732073616769747469732C1A6D6574757320657420736167697474697320736F64616C65732C1B6D61737361206C656F20656C656D656E74756D2073617069656E2C226964207375736369706974206C6563747573206C6967756C61206163206F7263692E204E756C6C61206469676E697373696D20747269737469717565206A7573746F2C2576656C20766F6C7574706174207475727069732072757472756D20636F6E76616C6C69732E0F536564206469616D206C6F72656D2C19756C74726963696573206120756C747269636965732065752C17747269737469717565207669746165207475727069732E32446F6E65632070656C6C656E74657371756520636F6E73656374657475722074656C6C7573206E6F6E20736F64616C65732E124E616D20696420646F6C6F7220617263752E1750656C6C656E746573717565206E69736C2065726F732C1B67726176696461206E6F6E20616C697175616D20617563746F722C13656C656D656E74756D2065742066656C69732E1E5175697371756520696E2070656C6C656E746573717565206D657475732E3B4D6F72626920736564206C6F72656D206E6F6E206D61676E61206672696E67696C6C612065676573746173207669746165207574206E756C6C612E2A41656E65616E2076656C20616E7465206964206E6962682074696E636964756E7420666575676961742E0E5574206469616D206C6F72656D2C1873656D7065722076656C20656C656D656E74756D2061632C176661756369627573207375736369706974206E756E632E22557420756C7472696365732070686172657472612070656C6C656E7465737175652E0E536564206D616C6573756164612C1C6E756C6C61207669746165206C75637475732073757363697069742C1965737420697073756D2076697665727261206C696265726F2C247175697320756C74726963657320617567756520616E746520656765742076656C69742E1341656E65616E206E696268206C696265726F2C1B656C656D656E74756D2065676574206C6163696E6961206E6F6E2C11666175636962757320757420617263752E1453757370656E646973736520706F74656E74692E1450686173656C6C7573206E69736C20616E74652C1966617563696275732073656420616C697175616D206E6F6E2C1670656C6C656E7465737175652076656C206F7263692E0F4E756C6C6120666163696C6973692E2D536564206574206D61757269732073697420616D657420656E696D206D616C65737561646120636F6E6775652E21496E206861632068616269746173736520706C617465612064696374756D73742E3F437261732076697461652076656C6974206120656E696D20736F6C6C696369747564696E20656C656D656E74756D20696E74657264756D2061206469616D2E134E756C6C61207075727573206C65637475732C1C6D617474697320666163696C69736973207072657469756D2065742C16636F6E73656374657475722075742074656C6C75732E304372617320706F7375657265206F64696F2065676574206E696268206C6163696E696120756C6C616D636F727065722E15416C697175616D206120656E696D2070757275732E1F446F6E656320706861726574726120747269737469717565206D61676E612C2273697420616D657420766172697573206572617420666163696C697369732065742E454E756C6C616D206D6F6C6573746965206E69736920657569736D6F64206F72636920756C74726963657320696E206D6F6C6C69732074656C6C757320616363756D73616E2E20557420706C6163657261742068656E64726572697420706F72747469746F722E1A4E756C6C612073697420616D6574207175616D2072697375732E0E4E756E63206469616D206475692C1961646970697363696E67206E6F6E206375727375732065742C10706861726574726120736564206D692E3D43756D20736F63696973206E61746F7175652070656E617469627573206574206D61676E6973206469732070617274757269656E74206D6F6E7465732C176E61736365747572207269646963756C7573206D75732E174372617320656765742068656E647265726974206D692E30446F6E65632073616769747469732074696E636964756E74206E6973692076656E656E6174697320656765737461732E3D43756D20736F63696973206E61746F7175652070656E617469627573206574206D61676E6973206469732070617274757269656E74206D6F6E7465732C176E61736365747572207269646963756C7573206D75732E1A53757370656E64697373652061632066656C697320657261742C11757420706C616365726174206E6973692E32437572616269747572206C616F726565742070656C6C656E74657371756520657261742073656420706F72747469746F722E125365642076656C206D65747573206C656F2C106E656320636F6E67756520656E696D2E12566976616D757320656C6974206F7263692C1A756C74726963696573206163207361676974746973206E65632C0E706F7274612061206C6F72656D2E2653757370656E646973736520766F6C757470617420666163696C69736973207475727069732C1F6E6F6E2064617069627573206D69207363656C65726973717565207365642E385574206964206C696265726F2061206C6F72656D2072686F6E63757320736F6C6C696369747564696E206E6F6E206E6F6E206C6F72656D2E13496E746567657220657261742070757275732C196C616F726565742065752070756C76696E617220656765742C16636F6E64696D656E74756D20696E2074656C6C75732E164E616D20657420706C6163657261742070757275732E135072616573656E7420636F6E76616C6C69732C196E69736920696420736F64616C65732070686172657472612C1A6E6962682061756775652074696E636964756E7420656C69742C2773697420616D65742074656D706F72206A7573746F206F72636920717569732073617069656E2E3A4372617320696D70657264696574206C6967756C6120756C74726963696573206C6163757320766573746962756C756D206D6F6C65737469652E194675736365206E6F6E2073757363697069742066656C69732E3341656E65616E20736564206E69736C2071756973206D69206461706962757320617563746F7220657420656765742073656D2E2B566573746962756C756D206C75637475732065676573746173206469616D206E656320616C69717565742E0E4E756E632073757363697069742C1D7269737573206E6F6E20666163696C697369732073616769747469732C1A6C696265726F20656E696D2072757472756D206D61757269732C26617420756C6C616D636F7270657220746F72746F72206E6962682076656C207475727069732E154D6F72626920736564206E69736C2070757275732E21496E206861632068616269746173736520706C617465612064696374756D73742E0F4E756C6C61206F726369206475692C1C636F6E7365637465747572206964206C616F7265657420717569732C0F6D6F6C6C697320696E206E756E632E2B50686173656C6C757320666175636962757320706F7375657265206D61676E612065752073656D7065722E10437261732073656D207475727069732C166D6174746973206E6F6E207072657469756D2061742C13666575676961742065676574206C6F72656D2E154D617572697320696E206F726369206E756C6C612C1573656420636F6E7365637465747572206469616D2E1750656C6C656E746573717565206469676E697373696D2C1C657261742064696374756D206772617669646120766976657272612C176573742065726174206C616F72656574206D617373612C17617420706F7274612073656D206D692061207175616D2E2A4D617572697320756C7472696369657320766976657272612076656C697420696E20706F73756572652E1A566573746962756C756D206574206C6967756C612065726F732E1B50656C6C656E746573717565206575206F726369206E756C6C612E1250726F696E206C656374757320656E696D2C176D6F6C657374696520612073616769747469732069642C16656C656D656E74756D207175697320746F72746F722E3D4D6175726973206574206C6967756C61207574206C6967756C61206567657374617320706F72747469746F72206E656320717569732073617069656E2E1044756973206E69626820646F6C6F722C1C7068617265747261206575206D6F6C6C69732073697420616D65742C1174656D70757320757420746F72746F722E2F50656C6C656E74657371756520747269737469717565206D6174746973206E69736C2073656420636F6D6D6F646F2E165072616573656E74207574206D6175726973206D692E12446F6E6563206C656374757320617263752C1F766573746962756C756D2074656D70757320636F6E76616C6C697320696E2C16766573746962756C756D20656765742072697375732E1E437261732073697420616D657420747269737469717565206D657475732E2E467573636520736F64616C65732076656C697420657420707572757320696D706572646965742073656D7065722E14446F6E65632061206E6962682074656C6C75732C117574207068617265747261206F64696F2E1350726F696E2074656C6C7573206E756C6C612C216D616C65737561646120766974616520616C697175657420626962656E64756D2C11636F6E677565207574207475727069732E1A566573746962756C756D2076656C20707572757320656C69742C1673697420616D65742074656D7075732070757275732E115072616573656E74206D6920657261742C1B696D7065726469657420617420766F6C757470617420656765742C106C616F7265657420612070757275732E2343757261626974757220756C7472696369657320756C74726963696573206E6973692C19657420766172697573206E69736920617563746F7220696E2E47437572616269747572207665686963756C6120656C6974206574206572617420696D7065726469657420766974616520657569736D6F64206469616D20636F6E76616C6C69732E1A4D6F726269206D6F6C6C69732073656D7065722072697375732C1D616320766172697573207475727069732066617563696275732065742E3E4E756C6C6120636F6D6D6F646F206C6967756C61206E6563206E756C6C6120626C616E6469742075742072686F6E637573207175616D2073656D7065722E134D61757269732061726375206C6967756C612C17646170696275732076656C20626C616E6469742069642C116F726E617265207175697320617263752E1250726F696E2075726E61206C6967756C612C1D64696374756D20616C69717565742076656E656E61746973206E65632C107068617265747261206574206573742E14446F6E6563206C696265726F206C65637475732C1E7363656C657269737175652065676574207068617265747261206E65632C147363656C65726973717565207574207175616D2E12496E7465676572206D6920746F72746F722C196D61747469732061206C75637475732073697420616D65742C12636F6E7365717561742071756973206D692E345072616573656E7420696E206F7263692061206E69626820637572737573206D616C6573756164612065752061206D61676E612E144E616D206174206C6967756C612070757275732C17636F6E73657175617420656C656966656E64206475692E34446F6E6563207472697374697175652076656C69742069642074757270697320756C74726963696573206665726D656E74756D2E33496E2075742073656D206575207175616D20766F6C757470617420636F6E73657175617420757420656765742061756775652E2F4E616D20706F7375657265206E69736C206174206C6563747573206C616F72656574207363656C657269737175652E2E566976616D7573206E6563206F64696F2074656D707573206E756C6C61206567657374617320696163756C69732E2C53656420736F6C6C696369747564696E20706F73756572652073617069656E20616320696E74657264756D2E43436C61737320617074656E742074616369746920736F63696F737175206164206C69746F726120746F727175656E742070657220636F6E75626961206E6F737472612C1770657220696E636570746F732068696D656E61656F732E105175697371756520616C697175616D2C1B6D61737361207574207665686963756C6120706C6163657261742C146475692064756920666575676961742073656D2C2173656420626C616E6469742073656D206175677565206E6F6E2073617069656E2E1A4E756C6C612073697420616D6574206A7573746F206469616D2E41416C697175616D2065676574206A7573746F207669746165206C6F72656D20636F6E64696D656E74756D20696D7065726469657420612065676574206E6973692E11457469616D207175616D206E756C6C612C1B766F6C757470617420616320636F6E73657175617420717569732C11766F6C7574706174206163206F7263692E214E616D206665726D656E74756D2068656E6472657269742070756C76696E61722E16416C697175616D206572617420766F6C75747061742E1E4D61757269732073697420616D65742076697665727261206A7573746F2E1E43726173206567657420736F6C6C696369747564696E207475727069732E1E446F6E656320636F6E677565207072657469756D2073757363697069742E264E756E632074656D7075732074656D706F72206175677565207669746165206D61747469732E2A41656E65616E2076656C206C65637475732061206E657175652066657567696174207072657469756D2E3650726F696E2061632070757275732061206E6973692074696E636964756E7420617563746F72206E6F6E2065676574206A7573746F2E18446F6E656320657420626962656E64756D20697073756D2E0F4E756C6C6120666163696C6973692E234E616D2070656C6C656E746573717565206C6163696E6961206665726D656E74756D2E174E756C6C61206575206C6967756C61207475727069732C0D6120637572737573206475692E234E756C6C616D20706F72747469746F72206D6F6C657374696520626962656E64756D2E3141656E65616E20696163756C6973206D6920756C747269636573206C6F72656D207669766572726120677261766964612E1450726F696E20746F72746F72206D61757269732C1B6665726D656E74756D207669746165207072657469756D2061632C13706F737565726520717569732061756775652E0D4372617320736F64616C65732C2466656C69732073697420616D657420736F6C6C696369747564696E20657569736D6F642C196C6F72656D20647569206665726D656E74756D206E69736C2C1D6574207665686963756C61207175616D20656E696D206574206573742E3D457469616D20616320646F6C6F72207365642061756775652064696374756D20756C6C616D636F72706572206E6F6E206D6F6C6573746965206C656F2E124D6F7262692074656C6C757320617263752C24696D70657264696574206567657420636F6E64696D656E74756D2073697420616D65742C18636F6E76616C6C697320736F64616C6573206D617373612E2555742069642075726E61206575207175616D20666163696C697369732072686F6E6375732E1243757261626974757220657569736D6F642C1A6175677565207574206672696E67696C6C6120636F6E6775652C1B6F64696F20726973757320766573746962756C756D20656E696D2C20616320706F727461206175677565206C61637573207175697320646F6C6F722E0D53656420647569206F7263692C1B72757472756D20636F6D6D6F646F2064617069627573207365642C146665726D656E74756D20696E206C696265726F2E1741656E65616E2069642070757275732073617069656E2C10696E2066657567696174206F64696F2E2C4E756C6C616D20696E74657264756D207375736369706974206F64696F2065676574207665686963756C612E125072616573656E7420696E74657264756D2C2273617069656E20766974616520636F6E73656374657475722070756C76696E61722C1A6D61757269732066656C697320696163756C6973206E6973692C2576697461652073616769747469732073617069656E2076656C6974206163206E657175652E3A4D6F72626920612070757275732076656C2076656C697420766573746962756C756D20756C6C616D636F7270657220612076656C206469616D2E2A4E616D206E656320647569206E6F6E2074656C6C75732074696E636964756E74206D6F6C65737469652E274E616D206C6163696E696120696163756C6973206F72636920656765742070756C76696E61722E19457469616D20616320666163696C69736973206D617373612E1B4E756C6C612073697420616D6574206C7563747573206F64696F2E1A41656E65616E206567657420747572706973207475727069732C1565676574206665726D656E74756D206E657175652E1950686173656C6C7573206964206C6563747573206E6973692E2B53757370656E646973736520747269737469717565207363656C657269737175652073757363697069742E16496E74656765722076656C206E69626820656C69742E0F447569732073656D206A7573746F2C1B626962656E64756D2076656C2068656E6472657269742076656C2C12637572737573206E6F6E207475727069732E21496E206861632068616269746173736520706C617465612064696374756D73742E3B566573746962756C756D206E6563207175616D206120646F6C6F7220636F6E736571756174206665726D656E74756D2076656C20696E206C656F2E16446F6E65632076656C206C6F72656D2072697375732C137175697320626C616E6469742066656C69732E19536564206D6F6C6C6973206F726E617265207475727069732C1F7669746165206D6174746973207269737573206D6F6C6C697320656765742E215072616573656E7420656C656966656E6420696163756C6973206D61757269732E214D616563656E617320706F7274612074696E636964756E7420656765737461732E13517569737175652061742073656D206C656F2E2C446F6E6563206E6F6E20656E696D2076656C2072697375732073757363697069742076756C7075746174652E344E616D2061206469616D20706C61636572617420647569206665756769617420636F6D6D6F646F206174206120746F72746F722E11467573636520656C69742061756775652C1D636F6E6775652073697420616D657420696D706572646965742069642C117361676974746973206174207175616D2E35496E746567657220766573746962756C756D2066656C69732076656C206E756E6320636F6E73657175617420626962656E64756D2E204375726162697475722072686F6E637573206C6163696E69612072697375732C2873697420616D65742073656D7065722075726E6120656C656D656E74756D207665686963756C612E164E756C6C612076656C20616E7465206C696265726F2E3A4D616563656E617320736564206F726369206E6F6E2065726F732076656E656E617469732064617069627573206E6563206E6F6E206E6962682E16416C697175616D206572617420766F6C75747061742E275175697371756520616C697175657420617563746F72206E756C6C612061742073656D7065722E2141656E65616E20636F6E6775652070656C6C656E74657371756520697073756D2E2F416C697175616D20696420616E74652076656C2065726F7320666163696C6973697320636F6E73656374657475722E3641656E65616E2061206D6920696E206F72636920626962656E64756D206D617474697320657569736D6F64206567657420656C69742E33496E2073656420656E696D206574207175616D2074696E636964756E742073656D70657220696E20717569732061756775652E2B50726F696E207365642073617069656E206964206D61676E6120637572737573207472697374697175652E154E756E632061632073617069656E2061756775652E36416C697175616D2074656D707573206C656F20756C74726963696573206D61676E6120696E74657264756D2074696E636964756E742E2A4E756C6C6120706F72747469746F722067726176696461206C6967756C6120696E20616C69717565742E3D44756973206D617474697320647569206E6F6E2073656D20766573746962756C756D20616320736167697474697320656E696D206D6F6C65737469652E17517569737175652073656420647569206C6967756C612E294E756C6C616D20657569736D6F6420616C697175657420656E696D206964207472697374697175652E36437572616269747572206E6563206C656374757320636F6E7365637465747572206E69736920637572737573207665686963756C612E224E756C6C61206672696E67696C6C6120766573746962756C756D2072757472756D2E4551756973717565206D616C657375616461206E696268207669746165207175616D2066657567696174206E656320706C6163657261742065726F7320756C7472696365732E3F50656C6C656E74657371756520696420647569206964206E69736C20656C656966656E6420696163756C697320706F737565726520757420746F72746F722E17496E74656765722065676574206475692072697375732C0F657520617563746F72207175616D2E33416C697175616D2073697420616D6574206F72636920706C616365726174206E756E6320626C616E6469742064696374756D2E1D566573746962756C756D206E656320696E74657264756D206E6973692E1150726F696E207075727573206E6973692C1E7669766572726120756C7472696369657320616363756D73616E2061632C146469676E697373696D206E6563206E756C6C612E1A446F6E65632073697420616D657420646F6C6F72206E69736C2C1361207363656C6572697371756520656C69742E1950686173656C6C75732075742061726375206C65637475732E205365642073656D70657220646170696275732070656C6C656E7465737175652E154E616D2076697461652075726E61206E756C6C612C1076656C20617563746F72206F7263692E135365642076656C206D61676E61206E6962682E2D437572616269747572207072657469756D20696D70657264696574206F72636920657520756C7472696365732E30566976616D75732071756973206D65747573207068617265747261206E756E6320657569736D6F642072757472756D2E114675736365206D61737361206E6962682C1876656E656E6174697320736564206F726E6172652061742C13706F737565726520736564206D61757269732E0F53656420746F72746F72206573742C1E74656D706F722076656C206665726D656E74756D2073697420616D65742C116C616F72656574206174206E756C6C612E1650726F696E2065752064696374756D206C616375732E1850726F696E206E6563206D6174746973206C65637475732E1D416C697175616D2073656D7065722073656D7065722074656C6C75732C1E616320656C656966656E64206F72636920616363756D73616E206E6F6E2E3D43756D20736F63696973206E61746F7175652070656E617469627573206574206D61676E6973206469732070617274757269656E74206D6F6E7465732C176E61736365747572207269646963756C7573206D75732E1E50686173656C6C757320766974616520746F72746F72206D61757269732C127175697320626C616E646974206E6973692E19446F6E656320717569732076697665727261206C616375732E1B4C6F72656D20697073756D20646F6C6F722073697420616D65742C1C636F6E73656374657475722061646970697363696E6720656C69742E134D616563656E617320696D706572646965742C196C656F2065752074696E636964756E7420677261766964612C1765726F732073656D206C6163696E69612072697375732C2476697461652076697665727261206D61737361206175677565206567657420616E74652E3A53757370656E646973736520756C6C616D636F72706572206C616375732075742065737420626962656E64756D20636F6E64696D656E74756D2E12496E20656765742073656D706572206D692E175072616573656E742074656C6C7573207475727069732C1B6D6F6C6C69732073697420616D657420666575676961742061742C136772617669646120656765742061756775652E15536564206163206C6163696E6961206D617373612E1A536564207669746165206D616C657375616461206C6F72656D2E35566976616D75732070656C6C656E7465737175652075726E6120656765742073656D207665686963756C612070686172657472612E394375726162697475722074726973746971756520746F72746F722065676574206D61757269732061646970697363696E672073656D7065722E2F536564206575206E6973692076756C707574617465206172637520656C656D656E74756D20696D706572646965742E2D4D6F726269206772617669646120657374206E6F6E20616E746520616363756D73616E20626962656E64756D2E1543726173206574206C65637475732061756775652C0F73656420636F6E677565206C656F2E105072616573656E742073656D7065722C1A75726E61206E656320706861726574726120616C69717565742C1C617567756520707572757320747269737469717565206E657175652C246567657420636F6E76616C6C6973206C696265726F2074757270697320736564206D692E1253656420746F72746F722074656C6C75732C1D74656D70757320616320756C6C616D636F727065722074656D7075732C13636F6E736563746574757220696E206475692E1C4372617320616C697175616D2064617069627573207475727069732C1F757420756C747269636573206C6967756C612076756C70757461746520612E1C446F6E6563206D6F6C657374696520706F72747469746F72206D692C21706C6163657261742072757472756D206E6571756520736F64616C65732069642E1746757363652071756973206A7573746F206C616375732E134475697320656765742073656D206E6973692C15616320636F6E73656374657475722061756775652E47566573746962756C756D206C75637475732065726174206E6F6E206C6163757320636F6D6D6F646F2076656C207472697374697175652064756920636F6E73656374657475722E134D61757269732074656C6C7573206E69736C2C1A6D6F6C6573746965206567657420706F7274612076697461652C1373616769747469732073656420646F6C6F722E43436C61737320617074656E742074616369746920736F63696F737175206164206C69746F726120746F727175656E742070657220636F6E75626961206E6F737472612C1770657220696E636570746F732068696D656E61656F732E4350656C6C656E7465737175652076656C206F64696F20656765742073656D20616C6971756574207363656C657269737175652065676574207669746165206E756E632E2146757363652061646970697363696E67207361676974746973206C696265726F2C207175697320706C616365726174206475692070756C76696E617220656765742E114372617320636F6E64696D656E74756D2C22617263752074656D706F7220666163696C6973697320636F6E64696D656E74756D2C1A65726F73206C656F20756C6C616D636F727065722075726E612C2376656C2074696E636964756E742076656C697420656E696D20656765742065726F732E174D61757269732065742073656D706572206E756C6C612E4B50726F696E206D6F6C6C69732073617069656E206E656320656E696D206567657374617320616C697175616D20766573746962756C756D20636F6E73656374657475722074656C6C75732E2841656E65616E207574206E69736C2075742073617069656E20696163756C697320617563746F722E1A50656C6C656E74657371756520646F6C6F722074656C6C75732C18736F64616C657320657520656C656D656E74756D2075742C14756C6C616D636F72706572206174206E756E632E20566573746962756C756D20636F6E76616C6C6973206F726E617265206C656F2C216163206C75637475732065726F73206469676E697373696D20636F6D6D6F646F2E3453757370656E646973736520617420656C69742073697420616D65742075726E6120706C616365726174206C6F626F727469732E1D446F6E6563206665726D656E74756D206C696265726F206C616375732C12696E20706C6163657261742072697375732E164E756C6C616D20757420656E696D2073617069656E2C136E656320626C616E646974206C696265726F2E3D446F6E656320696E206E696268206665726D656E74756D206C61637573206461706962757320626962656E64756D2076656C206163207475727069732E0E4D6F7262692072686F6E6375732C1F7075727573207068617265747261207361676974746973206D6F6C6C69732C1C6C656374757320616E746520696D70657264696574206D61676E612C21696E20766573746962756C756D2075726E61206E756C6C6120616320657261742E1E447569732064696374756D20657569736D6F642076756C7075746174652E114D6F726269206F64696F2061756775652C17756C74726963657320612067726176696461207365642C15656C656D656E74756D20717569732066656C69732E314E616D207363656C657269737175652075726E61206964206A7573746F206469676E697373696D20706C6163657261742E2853656420636F6E76616C6C6973206C6F626F72746973206F7263692076656C20656765737461732E34566573746962756C756D20756C747269636965732066656C697320696E206C696265726F20696163756C6973207661726975732E16416C697175616D206572617420766F6C75747061742E2D50686173656C6C7573206163207075727573206E6F6E20656C6974206D616C65737561646120617563746F722E26446F6E65632075742073656D20696420656E696D20766F6C757470617420706F73756572652E2E446F6E6563206D616C6573756164612065737420736564206F64696F206F726E617265206469676E697373696D2E16437261732076697461652075726E61206D617373612C13757420666163696C69736973206C6F72656D2E1A496E2072757472756D20696E74657264756D206C65637475732C2E6E6563207363656C657269737175652074656C6C757320636F6E7365717561742070656C6C656E7465737175652E1850726F696E206575206D6F6C6573746965206E657175652E18496E74656765722073656420656E696D206C65637475732C10616320616C69717565742075726E612E2950686173656C6C757320736F64616C657320736F6C6C696369747564696E20636F6E7365717561742E1A5072616573656E7420766974616520617567756520616E74652E185365642069642070656C6C656E746573717565206C656F2E2E496E7465676572207665686963756C6120656E696D20717569732064756920616C697175657420636F6E6775652E1B4C6F72656D20697073756D20646F6C6F722073697420616D65742C1C636F6E73656374657475722061646970697363696E6720656C69742E1243757261626974757220677261766964612C1C7175616D2073656420656C656D656E74756D20656C656966656E642C1776656C6974206E756C6C612064696374756D206573742C217574206D616C657375616461206175677565206C6967756C61206964206475692E224D616563656E617320626962656E64756D2074726973746971756520697073756D2C1C6575206772617669646120656C697420636F6D6D6F646F207365642E134675736365206D6574757320746F72746F722C17616363756D73616E20616320666575676961742069642C14766F6C75747061742073656420746F72746F722E31566976616D75732074696E636964756E74206D69206E6F6E20707572757320766F6C757470617420756C7472696365732E2F5072616573656E742065676574206D657475732065752073656D2074656D7075732070656C6C656E7465737175652E24457469616D20666175636962757320736F6C6C696369747564696E20646170696275732E33446F6E65632074656D706F72206D617373612073697420616D6574206D6920706F737565726520756C6C616D636F727065722E2E566573746962756C756D20616320646F6C6F722075742075726E6120756C74726963657320766F6C75747061742E13496E746567657220697073756D2075726E612C1A636F6E6775652074656D707573207665686963756C612065752C17736F64616C65732073697420616D65742076656C69742E3050726F696E2061646970697363696E672075726E612075742065726F7320736F64616C65732076756C7075746174652E254E616D20666175636962757320617563746F72206A7573746F206E6F6E206C75637475732E2E53757370656E646973736520616320617567756520736564206175677565207669766572726120636F6E6775652E104E616D206C6967756C6120657261742C18656C656966656E642065752073656D70657220656765742C167068617265747261206C616F72656574206E756E632E3150686173656C6C75732074656D706F722065726F73206120616E74652074696E636964756E7420756C747269636965732E3646757363652073697420616D65742065737420747269737469717565206C61637573207068617265747261207472697374697175652E1650656C6C656E746573717565206F726369206573742C1C7472697374697175652071756973207472697374697175652069642C13696D70657264696574206174206E657175652E19566976616D75732075742072757472756D206D61757269732E1C4E756C6C616D2073697420616D6574207175616D207475727069732C127574206672696E67696C6C6120656E696D2E1D4475697320736167697474697320616363756D73616E2072697375732E36496E20656765742072697375732076656C206D6175726973207068617265747261206C616F72656574206E656320696420617263752E0C43726173206D6F6C6C69732C1B6D6175726973206574207361676974746973206C616F726565742C17657374206475692068656E6472657269742075726E612C2061742074656D706F72206E756C6C61206D617572697320736564206F64696F2E1843726173207365642068656E647265726974206F7263692E134375726162697475722065726F732073656D2C187072657469756D2076656C20696163756C69732076656C2C11616363756D73616E20696E20656E696D2E0D50726F696E206D61747469732C216C6967756C612074696E636964756E742073616769747469732072757472756D2C1C6D61757269732064756920636F6E736563746574757220657261742C2161632068656E647265726974207175616D2072697375732061742070757275732E324372617320616320616E7465206964206C696265726F20636F6E6775652073656D70657220617420696420746F72746F722E3C43726173206E6F6E2072697375732073697420616D6574206572617420706F7274612064696374756D2073697420616D657420696E206A7573746F2E1950686173656C6C75732076656C206A7573746F206F64696F2E2C446F6E6563207363656C6572697371756520766172697573206C6967756C6120696420626962656E64756D2E154E756C6C616D20747572706973206C6967756C612C166672696E67696C6C612061632073656D70657220612C11696163756C697320612073617069656E2E42566573746962756C756D20696E206573742076656E656E61746973206D65747573206D616C657375616461206C6163696E69612071756973206964206A7573746F2E1F566976616D7573206661756369627573206C75637475732073656D7065722E1F457469616D206D617474697320756C6C616D636F72706572206D61676E612C2873697420616D657420666175636962757320657374206D616C65737561646120657569736D6F642E1144756973206C696265726F206E69736C2C166D6F6C6573746965206120696163756C697320696E2C12636F6E76616C6C6973206575206E756E632E434E756C6C616D2073697420616D6574206C6F72656D20617420707572757320756C6C616D636F727065722072757472756D2073697420616D6574206575206F7263692E32496E2076656C206E756C6C6120696E20656C697420636F6E76616C6C697320766172697573206E65632061206C616375732E124E756E63206163206E756E63206E69736C2C177175697320636F6E64696D656E74756D2072697375732E26446F6E65632074656D70757320666163696C69736973206F64696F2061632072757472756D2E18457469616D20736564206D6F6C6C697320746F72746F722E23536564206163206C6F72656D2061742075726E61206C6163696E696120706F7274612E4543757261626974757220766573746962756C756D206D65747573206575206175677565207669766572726120657420616363756D73616E206175677565206F726E6172652E1D50686173656C6C7573206D6F6C6C6973206D617572697320657261742C13757420766573746962756C756D20617263752E225072616573656E74207072657469756D20636F6E64696D656E74756D206E69736C2C1969642072757472756D207175616D206D61747469732061632E144E756E632076697461652061726375206C656F2C1573697420616D6574207072657469756D206475692E1A4D6175726973207665686963756C612076656C69742073656D2C176C6F626F72746973206375727375732074656C6C75732E1B557420656C656966656E6420646170696275732074656C6C75732C1C696E20657569736D6F6420697073756D20646170696275732061742E2B4E756C6C6120636F6E76616C6C697320626C616E646974206E756E632071756973206C6F626F727469732E205072616573656E7420706C616365726174206D6174746973206D61757269732C1E736564206C7563747573206E69736920756C747269636965732076656C2E26496E20747269737469717565206C616F7265657420746F72746F722073656420706F7274612E4941656E65616E2068656E647265726974206F726369206E6F6E2065737420766976657272612073697420616D657420626C616E646974206C6F72656D207363656C657269737175652E154E756C6C6120696E206E756C6C61206C616375732E1A50656C6C656E74657371756520616320656E696D207175616D2C11696420616C6971756574206A7573746F2E1753757370656E6469737365206469616D206D657475732C18706C61636572617420657520766F6C75747061742075742C11657569736D6F64206E6F6E20657261742E4050686173656C6C7573206C7563747573206F64696F2076656C206F72636920646170696275732073656420766172697573206C6163757320616C697175616D2E265365642074696E636964756E742066657567696174206469616D2076656C206F726E6172652E1A4675736365207175697320766F6C7574706174206D61676E612E3D43726173206D616C65737561646120656C6974206174206C656F206672696E67696C6C6120696D7065726469657420657420736564206C696265726F2E204D6F7262692073697420616D65742074696E636964756E74206C6967756C612E1455742069642074656D7075732074656C6C75732E1C566573746962756C756D2069642072686F6E6375732072697375732E265574206E6F6E206D61676E612061206C6F72656D2073656D7065722068656E6472657269742E1B437261732076756C707574617465206375727375732065726F732C2B73697420616D65742074696E636964756E74206C6967756C612072757472756D206672696E67696C6C612E1143726173206D6175726973206E69736C2C1A6672696E67696C6C612073656420656765737461732076656C2C14616363756D73616E206E6F6E206D61757269732E10496E746567657220636F6D6D6F646F2C2174656C6C757320636F6E736571756174206D6F6C6C69732070756C76696E61722C1764756920656C697420666175636962757320617263752C1F696E206C6163696E6961206E697369206D692065676574206C6967756C612E294E756C6C61206D616C6573756164612073656D70657220746F72746F72206575206C6163696E69612E19566573746962756C756D206174207661726975732073656D2E33566976616D757320706F7375657265206C6967756C612061632074656C6C7573206661756369627573206C6F626F727469732E2F4D616563656E6173207361676974746973206172637520696E206F64696F20736F64616C657320616C697175616D2E164D61757269732061742066656C69732061756775652E20446F6E65632076656E656E6174697320696E74657264756D206375727375732E14566976616D757320616E7465206D61757269732C1F6469676E697373696D2073697420616D6574206C616F726565742076656C2C127665686963756C612076656C20617263752E3453656420666163696C69736973206E756C6C612073697420616D6574206D6173736120706F73756572652066617563696275732E33416C697175616D20656C656D656E74756D20656C656D656E74756D2066656C6973206C6163696E6961207665686963756C612E154D616563656E6173206D65747573206A7573746F2C17766976657272612065742070756C76696E61722075742C1376656E656E617469732061206D61757269732E174475697320657520756C7472696369657320656C69742E20446F6E6563206772617669646120636F6E64696D656E74756D206D61676E612C26736F64616C657320656C656966656E64207269737573206665726D656E74756D20656765742E0F4E756E6320656C69742075726E612C21656C656D656E74756D20696E2061646970697363696E672073697420616D65742C0E63757273757320696E206475692E4243726173206174207269737573206E6F6E206C6967756C61207363656C65726973717565207363656C657269737175652064696374756D20736564206C6F72656D2E425365642073656D706572206C6F72656D206964206D61676E6120636F6E73657175617420757420756C74726963696573206E756E6320636F6E73656374657475722E1553757370656E6469737365207665686963756C612C1C657261742073697420616D65742074656D706F7220617563746F722C1A617567756520726973757320696E74657264756D206E756E632C2565752061646970697363696E6720746F72746F72206E6973692074656D7075732073656D2E32457469616D206D616C65737561646120697073756D207574206C656374757320756C7472696365732066617563696275732E184375726162697475722074656C6C75732074656C6C75732C197072657469756D2076656C20616363756D73616E206E65632C12656C656966656E64206E656320656C69742E1C437261732073656D706572206665726D656E74756D20697073756D2C2673697420616D65742067726176696461206C65637475732068656E647265726974206E6F6E2E444E756C6C616D207072657469756D2076656C69742076656C20646F6C6F7220737573636970697420696E20626C616E646974206E697369207363656C657269737175652E35437572616269747572207669766572726120697073756D207669746165206F64696F20706C6163657261742070756C76696E61722E28496E2063757273757320656C69742069642074757270697320616C697175616D206F726E6172652E45446F6E656320636F6E73657175617420747572706973206665756769617420656C69742074656D706F7220736564206C6F626F72746973206172637520616C697175616D2E224375726162697475722073697420616D65742073616769747469732070757275732E354375726162697475722074696E636964756E74206172637520736564206F64696F20737573636970697420656C656D656E74756D2E35536564207574206E696268206120616E74652061646970697363696E6720617563746F7220656C656966656E642061206E6973692E2850726F696E20736F6C6C696369747564696E20736F6C6C696369747564696E20626C616E6469742E1C557420636F6D6D6F646F20617563746F7220696D706572646965742E0F467573636520656C656966656E642C206E65717565206E6F6E20756C6C616D636F7270657220656C656D656E74756D2C1A66656C697320697073756D20637572737573206C696265726F2C20657420626962656E64756D206175677565206D6920736564206C6967756C612E2C43757261626974757220736F64616C657320657569736D6F64206469616D2076697461652064696374756D2E144D616563656E617320766573746962756C756D2C1C6D69206E6F6E20636F6D6D6F646F20736F6C6C696369747564696E2C186D61737361207175616D20696163756C6973206F64696F2C2776656C207472697374697175652074656C6C7573206E69626820766974616520746F72746F722E3D566573746962756C756D207574206F64696F2065676574206E69736920756C7472696369657320617563746F72206163207669746165206C6F72656D2E12536564206575206C6F72656D20656C69742E16416C697175616D206572617420766F6C75747061742E2253757370656E6469737365206665726D656E74756D206E756C6C61206C6F72656D2E304D6F72626920656C656966656E6420646F6C6F722061206C6967756C6120666575676961742076756C7075746174652E1E437572616269747572206C616F7265657420617563746F72207175616D2C1D61742074696E636964756E74206D657475732063757273757320696E2E1F4E616D20616C697175616D20766F6C757470617420706F72747469746F722E1641656E65616E206964206375727375732065726F732E1A566573746962756C756D2076656C206E65717565206469616D2C116E6F6E20706F7375657265207175616D2E1351756973717565206C656F2073617069656E2C1A6665726D656E74756D207175697320636F6E6775652076656C2C156672696E67696C6C6120766974616520617263752E304D61757269732073656D70657220747572706973206163206C696265726F20766F6C757470617420646170696275732E0F44756973206E69736920656E696D2C18666175636962757320656765742074656D7075732061742C15756C74726963696573206E65632074656C6C75732E1443726173206964206C6563747573206E69736C2C0F696420637572737573206F7263692E12457469616D2073617069656E206E69736C2C1D6D6F6C6C69732073697420616D657420766F6C75747061742076656C2C12766F6C7574706174206E6563206E6973692E1B4C6F72656D20697073756D20646F6C6F722073697420616D65742C1C636F6E73656374657475722061646970697363696E6720656C69742E3A4E756E63206163207075727573206E6563206C656F20766573746962756C756D20706F72747469746F72206120626C616E64697420617263752E1850726F696E206E65632072686F6E637573206E657175652E2C50656C6C656E74657371756520766573746962756C756D20706861726574726120766573746962756C756D2E27536564206D6F6C657374696520656C697420657520647569206D6F6C6C6973207661726975732E1A457469616D20706F72747469746F722064696374756D206D692E2A4D616563656E6173207375736369706974207361676974746973206E756E63206E656320706F7274612E3153656420657420617263752073697420616D65742073617069656E20636F6E76616C6C697320766573746962756C756D2E1F43726173206567657374617320616363756D73616E20616363756D73616E2E345175697371756520616363756D73616E20746F72746F722065742065726174206D617474697320736F6C6C696369747564696E2E3F536564206D6F6C65737469652074757270697320656765742073656D2074696E636964756E74206E656320636F6E76616C6C6973206D6920636F6E6775652E17457469616D2061632065676573746173206C6F72656D2E3250726F696E20736F6C6C696369747564696E20657374206E65632073656D207665686963756C612074696E636964756E742E2950726F696E2071756973207075727573207574206E69736C206461706962757320657569736D6F642E43436C61737320617074656E742074616369746920736F63696F737175206164206C69746F726120746F727175656E742070657220636F6E75626961206E6F737472612C1770657220696E636570746F732068696D656E61656F732E104E756E63206C6163757320616E74652C1672757472756D20736564206C6163696E69612075742C136665726D656E74756D2069642070757275732E0F4E756C6C6120666163696C6973692E3253757370656E646973736520736564206C6563747573206E6563206C696265726F206C6163696E696120616C697175616D2E1453656420696420697073756D2073617069656E2C1069642076617269757320697073756D2E17566573746962756C756D206174206E756C6C61206D692C136567657420616363756D73616E206E6962682E1B4C6F72656D20697073756D20646F6C6F722073697420616D65742C1C636F6E73656374657475722061646970697363696E6720656C69742E20446F6E6563206C6F626F7274697320756C74726963657320696163756C69732E89566573746962756C756D20616E746520697073756D207072696D697320696E206661756369627573206F726369206C756374757320657420756C74726963657320706F737565726520637562696C69612043757261653B20446F6E656320706C6163657261742065726F7320616320617263752070656C6C656E746573717565206C616F726565742E265072616573656E742073616769747469732070656C6C656E7465737175652064696374756D2E2B4E756C6C6120696E206D657475732065676574206D657475732076756C7075746174652074656D7075732E204D61757269732064696374756D20656C656D656E74756D20636F6D6D6F646F2E11446F6E65632074656C6C7573206573742C1E737573636970697420696163756C69732076656E656E617469732075742C1970756C76696E61722073697420616D6574207475727069732E2E4D617572697320657420656C6974206E6F6E206D61676E6120636F6E736563746574757220626962656E64756D2E384D61757269732070656C6C656E74657371756520647569206575206C696265726F20636F6E7365637465747572206672696E67696C6C612E1641656E65616E2076656C20697073756D2075726E612E374D616563656E61732070756C76696E617220736F6C6C696369747564696E206D61676E61206D6F6C657374696520696E74657264756D2E5D50656C6C656E746573717565206861626974616E74206D6F726269207472697374697175652073656E6563747573206574206E65747573206574206D616C6573756164612066616D65732061632074757270697320656765737461732E1B4C6F72656D20697073756D20646F6C6F722073697420616D65742C1C636F6E73656374657475722061646970697363696E6720656C69742E3D43756D20736F63696973206E61746F7175652070656E617469627573206574206D61676E6973206469732070617274757269656E74206D6F6E7465732C176E61736365747572207269646963756C7573206D75732E2B4D61757269732076697665727261207072657469756D20746F72746F72206567657420677261766964612E2F496E746567657220636F6D6D6F646F206D6F6C657374696520747572706973207175697320656C656D656E74756D2E1041656E65616E20706C6163657261742C1870757275732065752072686F6E637573206F726E6172652C1B6C6967756C61206E756C6C6120636F6E736571756174206475692C2C7669746165207363656C65726973717565206175677565206D617373612070756C76696E6172207175616D2E3653757370656E646973736520756C7472696369657320756C74726963696573206E657175652073697420616D6574206C75637475732E41557420626962656E64756D206C656F2061206C656374757320626C616E64697420656765742068656E647265726974206C6967756C6120636F6E7365717561742E21496E206861632068616269746173736520706C617465612064696374756D73742E0C437261732074656D706F722C1A65726F73206E6F6E20706F73756572652070756C76696E61722C1D6D61676E61206E69736920636F6E7365637465747572206C616375732C25696E20756C6C616D636F7270657220616E7465206C6563747573206E6F6E206A7573746F2E2F53656420706F72747469746F72206C696265726F2076656C206E69736C20626962656E64756D20646170696275732E5D50656C6C656E746573717565206861626974616E74206D6F726269207472697374697175652073656E6563747573206574206E65747573206574206D616C6573756164612066616D65732061632074757270697320656765737461732E184675736365207669746165206661756369627573206D692E41457469616D20696E206C696265726F206C6F626F72746973206E69736C206C6F626F72746973206C6F626F7274697320626C616E64697420757420646F6C6F722E284D6F72626920617563746F7220696163756C6973206E756C6C612061742076656E656E617469732E114D6F726269206175677565206E6962682C186C6F626F7274697320757420626962656E64756D2069642C127072657469756D206E65632066656C69732E1B4C6F72656D20697073756D20646F6C6F722073697420616D65742C1C636F6E73656374657475722061646970697363696E6720656C69742E124D616563656E6173206D6F6C65737469652C1C616E7465206E656320706F72747469746F7220626962656E64756D2C1B746F72746F7220746F72746F7220616C697175657420617263752C2B73697420616D65742074656D707573206C6967756C61206469616D2073697420616D65742066656C69732E2A50686173656C6C75732073656D70657220706F73756572652061756775652069642072686F6E6375732E124372617320646F6C6F722074656C6C75732C15706F73756572652069642076617269757320696E2C1468656E6472657269742065752074656C6C75732E3350726F696E20766974616520747572706973206E6F6E206E756C6C6120756C6C616D636F72706572207472697374697175652E21496E206861632068616269746173736520706C617465612064696374756D73742E92566573746962756C756D20616E746520697073756D207072696D697320696E206661756369627573206F726369206C756374757320657420756C74726963657320706F737565726520637562696C69612043757261653B20467573636520736564206A7573746F2071756973206469616D206C6163696E696120696D70657264696574206E656320657520746F72746F722E324E756C6C616D206174207175616D206E6F6E206D65747573207072657469756D206C756374757320696E206163206475692E14566976616D7573206C696265726F206E6962682C1C61646970697363696E6720657420747269737469717565206E6F6E2C12616363756D73616E20717569732073656D2E36416C697175616D20636F6E64696D656E74756D206C6967756C61206575206C6F72656D20736F64616C6573206665726D656E74756D2E3E53757370656E64697373652061632075726E61207669746165206573742070686172657472612076756C7075746174652061742076656C206C616375732E335365642076656C206C6F72656D20636F6E7365717561742073617069656E20747269737469717565206469676E697373696D2E2A5072616573656E7420736F64616C6573206665726D656E74756D2065737420696420696163756C69732E2653656420736F6C6C696369747564696E20756C6C616D636F727065722073757363697069742E124D6F7262692066656C6973206D617373612C19756C7472696369657320616320756C74726963657320696E2C1A6D616C65737561646120766F6C75747061742073617069656E2E1E566573746962756C756D207669746165206567657374617320617263752E1D53757370656E646973736520616320666163696C69736973206475692E2C536564206C6F626F727469732065726F73206163206573742061646970697363696E67206C616F726565742E114E756C6C616D2075726E6120617263752C1F64617069627573207175697320636F6D6D6F646F2076756C7075746174652C1264696374756D20616C6971756574206D692E384D6F7262692073697420616D657420657261742073697420616D65742076656C69742070656C6C656E74657371756520616C697175616D2E135365642065752061726375207475727069732C1275742076756C707574617465207175616D2E344E756C6C616D20756C74726963657320636F6E64696D656E74756D20746F72746F722071756973207363656C657269737175652E1C4D6F726269206C6163696E6961206C6163696E6961206D657475732C1F76656C20656C656D656E74756D20616E74652070686172657472612061742E404675736365206D6F6C6C6973206D61676E612076656C206E6973692067726176696461207574206672696E67696C6C6120746F72746F722072686F6E6375732E2941656E65616E20616C697175616D20666575676961742073617069656E20616320657569736D6F642E164E756C6C616D206E6F6E2065737420746F72746F722E3250656C6C656E74657371756520766573746962756C756D20706F727461206C6F72656D2075742061646970697363696E672E2B4E756E63206567657420656E696D206574206475692070656C6C656E74657371756520656765737461732E1F53757370656E6469737365206F726E617265206D6F6C6C6973206F64696F2C2774696E636964756E742074696E636964756E742073617069656E2065676573746173206E6F6E2E0F437261732076756C7075746174652C216E6973692073697420616D6574207665686963756C6120666163696C697369732C1D73617069656E206E657175652061646970697363696E67206E6973692C23617420766F6C757470617420657374206E69626820657569736D6F6420697073756D2E234D616563656E6173207363656C6572697371756520656C656D656E74756D206C656F2C1C656765742073656D706572206C696265726F20617563746F7220612E4150726F696E2076656C206F64696F2073697420616D657420746F72746F722061646970697363696E6720666163696C69736973206E6F6E2076656C20656C69742E18416C697175616D2065676574206C656F206C696265726F2C1773697420616D65742076756C707574617465206573742E2C4D616563656E617320757420747572706973206E6563206573742074696E636964756E742072757472756D2E0C4E616D206C616F726565742C1A6A7573746F20696E2064696374756D2074696E636964756E742C186E6973692065737420706F72747469746F72206469616D2C2465676574207072657469756D206C696265726F206573742064696374756D206F64696F2E124675736365206A7573746F2066656C69732C1D74656D706F72207669746165206D61747469732073697420616D65742C157072657469756D2073616769747469732073656D2E124D617572697320726973757320657261742C21766F6C75747061742073697420616D657420616C697175616D206375727375732C12756C747269636965732061206E756C6C612E16416C697175616D20617420657261742066656C69732E25496E20696D70657264696574206C6163696E6961207075727573206174206C75637475732E2753757370656E64697373652072757472756D206C6163696E696120756C6C616D636F727065722E2A566573746962756C756D2074696E636964756E7420736F64616C657320736F6C6C696369747564696E2E1D416C697175616D2073697420616D65742076656C69742070757275732C12696E2076656E656E61746973206E69736C2E3E566976616D7573207669746165206D61676E612071756973206E6973692076617269757320696D70657264696574207574207175697320746F72746F722E0C55742070756C76696E61722C166D69206120766F6C757470617420626C616E6469742C1D6A7573746F2074656C6C75732074696E636964756E74206D617373612C2069642076756C70757461746520656C6974206E756E632061742072697375732E1F496E74656765722076656E656E617469732072686F6E63757320656E696D2E1C496E207072657469756D2061646970697363696E67206A7573746F2C28736564207363656C657269737175652075726E61206672696E67696C6C612073697420616D65742E67566573746962756C756D20616E746520697073756D207072696D697320696E206661756369627573206F726369206C756374757320657420756C74726963657320706F737565726520637562696C69612043757261653B20457469616D20706C6163657261742C19657374206E6563206F726E61726520636F6E76616C6C69732C1B616E7465206C6163757320766573746962756C756D207175616D2C2673697420616D657420696E74657264756D206D61676E612070757275732061632065726F732E74566573746962756C756D20616E746520697073756D207072696D697320696E206661756369627573206F726369206C756374757320657420756C74726963657320706F737565726520637562696C69612043757261653B204E756C6C616D2061742061646970697363696E67207475727069732E33437572616269747572206C6F626F727469732076656C6974207574206C6967756C6120636F6D6D6F646F206C6163696E69612E144E756C6C616D2070656C6C656E7465737175652C1D76656C697420696E20636F6E76616C6C697320636F6E7365717561742C1C697073756D206D61737361206D616C657375616461206C616375732C2873697420616D657420736F64616C6573206F64696F20656E696D207669746165206D61757269732E18496E74656765722065676574207269737573207175616D2E344D616563656E617320717569732072697375732073697420616D657420726973757320656765737461732070756C76696E61722E1A50726F696E206E656320636F6E7365637465747572206573742E315072616573656E7420756C747269636965732066656C69732061206E69736920616C69717565742070756C76696E61722E2A51756973717565206E656320656C6974206174206C6F72656D20706F727461206D616C6573756164612E1850686173656C6C7573206163206E756C6C612065726F732C14656765742065676573746173206C65637475732E1350726F696E2061206C61637573206F7263692C186F726E617265207665686963756C6120706F73756572652E
-.	3600	IN	TXT	"Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Vestibulum faucibus consequat ipsum," "vel pellentesque orci sodales sit amet." "Donec consectetur," "orci ut varius pulvinar," "mauris ante bibendum est," "vel pretium turpis massa auctor sem." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Morbi urna tellus," "ornare nec accumsan vitae," "rutrum id tortor." "Pellentesque non risus eu libero tempus consequat." "Suspendisse a mi elit." "Sed ultrices elit ut sem suscipit malesuada." "Cras sagittis nunc sed risus volutpat fermentum." "Aenean vitae magna lacus." "Etiam eu ligula purus." "Suspendisse eu dui sed ligula sagittis iaculis." "Suspendisse ut sodales orci." "Nunc sit amet sapien justo." "Sed molestie lectus vel lectus gravida bibendum." "In at enim quis lacus pretium tincidunt." "Sed eleifend," "lacus sed porttitor mattis," "erat nibh tincidunt lorem," "quis feugiat nibh dui ac erat." "Curabitur quis felis urna." "Nullam rhoncus," "arcu sed tincidunt posuere," "justo enim adipiscing arcu," "et suscipit tellus leo vitae elit." "Mauris gravida odio non quam tincidunt vel lobortis ligula faucibus." "Mauris vitae dolor at tortor congue imperdiet non id leo." "Proin in diam eu orci laoreet bibendum sed nec justo." "In nec ligula eu sapien suscipit vestibulum." "Etiam eleifend," "nibh vitae semper ultricies," "justo eros semper justo," "eget dictum nisi mauris et ligula." "Donec faucibus dapibus urna," "in ultricies lacus facilisis nec." "Pellentesque dapibus augue in sem pharetra accumsan." "Ut id ullamcorper elit." "Aliquam tellus orci," "lobortis nec molestie sit amet," "imperdiet quis lacus." "Praesent non congue nunc." "Quisque pretium pretium nunc," "nec convallis magna auctor nec." "Etiam accumsan eros sollicitudin augue posuere laoreet id sit amet orci." "Curabitur ut magna velit," "id adipiscing dui." "Morbi viverra vulputate vulputate." "Proin pulvinar justo sed tortor tincidunt id porttitor ipsum posuere." "Curabitur augue leo," "ultrices eget cursus sit amet," "fringilla non nisl." "Morbi et ante est," "non adipiscing mi." "Ut rutrum egestas scelerisque." "Pellentesque quis nisi orci." "In hac habitasse platea dictumst." "Donec sed tincidunt libero." "Proin porttitor placerat risus," "nec blandit sapien pharetra nec." "Phasellus eu risus quis mauris suscipit sollicitudin ut eu neque." "Duis odio lacus," "egestas in molestie adipiscing," "vulputate ut eros." "Nunc molestie orci sed turpis viverra volutpat aliquet mi vestibulum." "Sed interdum consectetur orci at consequat." "Curabitur molestie aliquam tellus," "id dignissim nibh porta sed." "Cras vestibulum orci hendrerit quam ornare condimentum." "Vivamus ultrices lacus ut lorem scelerisque vitae semper elit vulputate." "Aenean sit amet odio massa," "sed rutrum quam." "Ut lacinia enim nec orci rutrum dictum." "Curabitur id auctor ligula." "Nam nibh nulla," "interdum vitae suscipit eu," "porta quis ligula." "Proin lacinia sapien nec dolor viverra at suscipit orci tempus." "Phasellus scelerisque lobortis quam," "sit amet sagittis nibh ornare nec." "Donec sit amet tellus ac ipsum pharetra interdum." "Sed egestas velit et felis iaculis et dignissim est faucibus." "Suspendisse convallis scelerisque dapibus." "Nullam luctus lacinia nisl quis tristique." "Vivamus tincidunt vehicula sem sit amet ultrices." "Nulla arcu lectus," "vestibulum eu molestie in," "eleifend rutrum tortor." "Etiam ligula diam," "ultrices id malesuada vel," "varius ac dolor." "In sit amet sapien justo," "nec dignissim mi." "Vivamus vitae aliquam elit." "Vestibulum suscipit malesuada ipsum id dapibus." "Morbi ullamcorper pharetra velit," "in tempor mauris consequat non." "Praesent malesuada mattis nunc," "at auctor libero viverra id." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Vivamus convallis varius vulputate." "Donec eget tortor neque." "Nunc tempor mi quis enim euismod tincidunt." "Pellentesque et nibh magna," "id cursus enim." "Class aptent taciti sociosqu ad litora torquent per conubia nostra," "per inceptos himenaeos." "Nunc nunc sapien," "semper in tempor in," "cursus iaculis sapien." "Nunc vitae mattis elit." "Aliquam ut nisl vel lorem porttitor ullamcorper at sed quam." "Mauris a turpis erat." "Pellentesque viverra ligula vel tellus pretium ac auctor nisi imperdiet." "Proin faucibus sagittis odio," "quis semper massa pellentesque ac." "Morbi condimentum nisi vitae libero convallis blandit." "Proin sodales odio arcu." "Suspendisse non venenatis diam." "Sed vitae adipiscing lorem." "Nullam augue felis," "gravida quis commodo ut," "dignissim vel quam." "Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas." "Pellentesque fermentum nulla at dolor molestie semper." "Sed metus sapien," "mollis a commodo ac," "commodo sed sem." "Suspendisse feugiat elementum lacus," "vel euismod nisl aliquam non." "Curabitur vel auctor neque." "Phasellus et libero vel tortor vestibulum consequat ac in magna." "Nullam congue vestibulum massa," "quis suscipit turpis adipiscing id." "Nullam ullamcorper eros id ipsum vestibulum at pretium augue convallis." "Cras nec purus ac lectus iaculis commodo sit amet eget lacus." "Curabitur blandit molestie est at fringilla." "Praesent at dictum turpis." "Sed laoreet dapibus tellus et gravida." "Fusce vitae ante ut arcu laoreet sollicitudin." "Nulla mollis commodo orci sed mollis." "Ut eleifend aliquet tellus," "vel ultricies lorem luctus vitae." "Donec commodo ullamcorper massa," "at pretium magna fermentum vitae." "Nam rutrum aliquet suscipit." "Aliquam a massa vel odio vehicula semper a in tortor." "Pellentesque aliquam suscipit iaculis." "Donec sodales pretium massa sed tempus." "Phasellus velit urna," "commodo sit amet tristique id," "congue quis eros." "Ut vulputate magna aliquet leo porta id tempus nunc auctor." "Ut condimentum magna sit amet quam ultricies iaculis." "Aenean imperdiet facilisis tellus nec ornare." "Cras nec vulputate sapien." "Morbi ut dui ut magna sodales commodo eget id erat." "Duis erat nisi," "lacinia vitae imperdiet non," "egestas nec purus." "Pellentesque tempor," "erat ut eleifend condimentum," "ipsum lacus ultrices turpis," "a fringilla purus lectus semper nulla." "Proin id nulla mi." "Suspendisse vel sem lacus." "Ut rutrum eros id massa ultricies commodo." "Nulla eget adipiscing ante." "Nunc quis enim a justo pharetra commodo." "Nullam tortor tortor," "volutpat at commodo at," "consectetur sit amet erat." "Quisque pharetra turpis nec libero viverra quis rutrum nunc mattis." "Aenean sed lacus lectus." "Duis et odio tortor." "Aenean ullamcorper ultricies turpis sed volutpat." "Ut et est sem," "et ultrices turpis." "Pellentesque nisi felis," "dictum non tempor lobortis," "iaculis at enim." "Aliquam tellus elit," "volutpat ut tristique sed," "fringilla ac libero." "Duis rutrum quam magna," "ut ultrices ipsum." "Morbi id orci lectus." "Maecenas quis nunc at diam mollis congue." "Aliquam neque lorem," "lobortis sit amet commodo id," "feugiat mattis dolor." "Cras aliquam convallis adipiscing." "Vestibulum varius commodo pulvinar." "Suspendisse eleifend dictum lectus," "vel commodo nibh varius quis." "Phasellus sit amet nisi libero." "In aliquam purus ut mi mattis quis iaculis lacus porta." "Sed ultrices vehicula mauris sed ornare." "Maecenas gravida tincidunt sagittis." "Mauris id hendrerit eros." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Curabitur pharetra diam augue," "sit amet congue felis." "Praesent dignissim eleifend vulputate." "Sed nec vestibulum tellus." "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Vestibulum laoreet," "eros vitae rhoncus aliquet," "ligula turpis congue purus," "non convallis mi nibh eu purus." "Vivamus euismod facilisis lacus tincidunt rutrum." "Vivamus suscipit," "nisi sed semper iaculis," "libero sem pulvinar enim," "a aliquet purus urna ut nulla." "Donec ultrices luctus mauris," "in porttitor enim ullamcorper sit amet." "Morbi pellentesque auctor velit et egestas." "Fusce ac tincidunt massa." "Morbi a velit eget diam tincidunt eleifend." "Curabitur ornare lectus a quam blandit vel fermentum lacus dictum." "Donec vel turpis odio," "ac suscipit orci." "Nulla posuere convallis lacus venenatis feugiat." "Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas." "Suspendisse potenti." "Suspendisse mollis neque ut neque gravida ut viverra mi ultrices." "Vestibulum at tempor sem." "Mauris vel leo libero." "Aliquam augue justo," "ultricies vel feugiat a," "vulputate sed erat." "Aliquam in ultrices quam." "Phasellus aliquam vestibulum odio at auctor." "Sed dapibus," "felis ac ornare dapibus," "magna dolor bibendum nisl," "eget luctus lacus magna et mauris." "Nulla ipsum augue," "tempor quis consectetur in," "iaculis non dolor." "Suspendisse consectetur felis ac nulla sodales rhoncus." "Maecenas velit ante," "lacinia at convallis quis," "iaculis quis tellus." "Suspendisse imperdiet aliquet dui," "posuere dictum justo fermentum sit amet." "Etiam ac ante diam." "Suspendisse quis dolor dui," "at mollis neque." "Aenean eu nisi lorem," "et ultrices mauris." "Nulla in augue libero," "non suscipit elit." "Cras rhoncus," "est ac fringilla varius," "erat ipsum gravida nisl," "at ornare dui nisi id mauris." "Nullam nec dictum leo." "Phasellus magna sapien," "sagittis quis suscipit quis," "bibendum in odio." "Cras sed ligula tellus," "sit amet fermentum felis." "Pellentesque suscipit feugiat enim," "vitae feugiat eros mattis pretium." "Cras nisi tellus," "placerat nec dapibus eget," "faucibus ac felis." "Proin tempus feugiat sapien," "nec mattis leo pharetra vel." "Maecenas dapibus mi dignissim ligula commodo et facilisis quam tristique." "Praesent varius lacus eu enim pellentesque gravida." "Nam rhoncus mauris pharetra eros vulputate at tincidunt massa fringilla." "Pellentesque in erat nec massa consequat ultrices." "Donec varius elementum leo," "non hendrerit justo tincidunt sit amet." "Donec ac libero augue." "Sed mattis turpis a sem ultricies consequat." "Aenean nunc dui," "commodo eget vestibulum ut," "rutrum in nisl." "Nam augue lorem," "tempor in porta at," "commodo ut ipsum." "Quisque adipiscing aliquet tincidunt." "Suspendisse potenti." "Pellentesque porttitor elit at leo hendrerit pretium nec eu turpis." "Curabitur in elit metus." "Aliquam risus erat," "posuere id adipiscing consequat," "dapibus vel eros." "Maecenas semper felis sed felis tristique varius." "Mauris tempus tortor et metus euismod pellentesque." "Pellentesque dui massa," "euismod non tincidunt id," "aliquet in elit." "Aenean vulputate sem elit." "Pellentesque at tempus magna." "Aenean elementum nisl id ante commodo placerat." "Nam sed mauris tellus." "Pellentesque nec orci nibh," "nec vulputate enim." "Aliquam erat volutpat." "Etiam dignissim justo a orci egestas mattis." "Vivamus ultrices sapien ac turpis venenatis tempor." "Suspendisse consequat volutpat fermentum." "Duis eu orci velit." "Sed placerat," "nisi sed aliquet tincidunt," "risus odio mattis nulla," "non sodales nunc nulla vitae mi." "Nunc consequat pharetra dolor at fringilla." "Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas." "Vestibulum ultrices tellus quis nisl dignissim rhoncus eget et justo." "Maecenas vitae purus quis leo vehicula venenatis vel ut lectus." "Curabitur nec molestie nisl." "Vestibulum ullamcorper nulla non orci dictum quis lacinia est interdum." "Fusce eget sem risus," "sed volutpat augue." "Suspendisse potenti." "Sed luctus molestie augue," "a varius quam congue in." "Aliquam aliquet orci eget mi euismod consequat." "Ut et vestibulum ante." "Sed vitae metus elit." "Mauris lacus eros," "pellentesque eu vehicula semper," "dapibus consequat nulla." "Sed volutpat erat suscipit sem facilisis at adipiscing orci vehicula." "Pellentesque nisi nulla," "faucibus in rhoncus ut," "rhoncus eleifend turpis." "Aenean odio tortor," "ullamcorper id tincidunt nec," "rhoncus non mi." "Praesent interdum varius orci," "ut venenatis nibh mollis nec." "Ut placerat," "erat nec tincidunt pharetra," "metus lacus venenatis nunc," "et laoreet augue sapien vel lorem." "Sed sit amet viverra est." "Etiam rutrum," "purus ut ultrices aliquet," "neque magna luctus risus," "vel consectetur eros lorem ut odio." "Integer turpis elit," "consectetur ut suscipit sed," "gravida at lorem." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Morbi placerat accumsan malesuada." "Mauris porta," "lacus eget iaculis sagittis," "arcu sem lobortis nulla," "et tempus velit massa quis libero." "Fusce dolor nibh," "bibendum et adipiscing non," "eleifend et odio." "Duis elit eros," "hendrerit at porttitor vitae," "gravida nec arcu." "Praesent malesuada sapien a urna accumsan at hendrerit ipsum porttitor." "Mauris pharetra sagittis urna eu tempor." "Vestibulum purus leo," "pharetra quis ultrices ac," "semper nec erat." "Sed nec massa arcu," "sed tempus dolor." "Fusce vitae dictum eros." "Aenean vestibulum semper turpis," "iaculis auctor dolor vehicula ac." "In fermentum auctor pharetra." "Integer nec eros diam," "eget posuere leo." "Nam tristique," "nibh nec malesuada ornare," "urna odio porta mauris," "accumsan aliquet nunc lectus sit amet mauris." "Vestibulum nulla massa," "semper sit amet blandit sit amet," "venenatis eget sapien." "Vestibulum ultrices congue rhoncus." "Nunc lacinia dapibus imperdiet." "Nunc a eros sed urna pellentesque egestas non sit amet elit." "Integer dolor diam," "vulputate at tristique non," "venenatis in risus." "Sed lacinia luctus ipsum," "ac sagittis arcu molestie quis." "Phasellus pretium nulla quis quam placerat vitae commodo mi congue." "Praesent tristique laoreet elementum." "Praesent venenatis pretium dolor," "eu volutpat est scelerisque sit amet." "Praesent eleifend dictum vehicula." "Donec ullamcorper adipiscing ante ac elementum." "Integer dui nunc," "viverra at rutrum ut," "tincidunt vitae mi." "Donec nec risus id arcu porttitor placerat pulvinar at lacus." "Morbi ac velit sapien," "lacinia egestas nulla." "Mauris elementum dui ac libero ultricies consequat." "Nam non justo at tellus hendrerit rhoncus ultrices molestie augue." "Aenean elit purus," "tempor quis vehicula quis," "lobortis a odio." "Aliquam rhoncus varius lorem," "eu aliquet turpis rutrum a." "Nulla gravida gravida dui," "ac molestie arcu adipiscing vitae." "Cras diam mauris," "cursus vitae congue dictum," "adipiscing id erat." "Suspendisse ornare porta elit id hendrerit." "Praesent nec metus massa," "a egestas risus." "Donec pellentesque viverra diam sit amet pharetra." "Suspendisse lorem mi," "viverra eu auctor non," "volutpat et felis." "Proin id fermentum purus." "Nam eget mattis arcu." "Morbi bibendum rutrum euismod." "Donec aliquet hendrerit tincidunt." "Aenean eu sapien ut nunc dictum feugiat nec at lacus." "Duis commodo nisi nec tortor volutpat quis condimentum turpis aliquam." "Vivamus sollicitudin," "nulla rhoncus consequat posuere," "nisi nibh adipiscing felis," "aliquet porta arcu magna nec sapien." "Ut luctus interdum diam quis sollicitudin." "Ut semper magna sed neque hendrerit mattis." "Nullam turpis dui," "porttitor eget interdum id," "porttitor eu dui." "Ut accumsan," "tellus in eleifend imperdiet," "elit massa facilisis magna," "vitae feugiat tellus lectus eget tellus." "Mauris ac neque ac nibh ultricies imperdiet." "Ut urna lorem," "aliquet et mattis id," "suscipit a lectus." "Nam vehicula porttitor erat sit amet imperdiet." "Sed eu nunc id mauris mollis rutrum." "Pellentesque dui orci," "ullamcorper at fringilla eget," "sollicitudin eget nunc." "Quisque vel metus et enim placerat eleifend sed a leo." "Praesent pharetra hendrerit nibh scelerisque aliquam." "Duis tincidunt vestibulum congue." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Vestibulum non libero ligula." "Ut cursus mauris sed odio imperdiet vehicula." "In fermentum vehicula arcu," "ac commodo augue posuere sed." "Vivamus ultricies," "magna in aliquam suscipit," "tortor leo vestibulum dolor," "ut luctus odio diam nec lacus." "Phasellus et diam metus." "Cras fringilla nibh quis ante tincidunt in euismod leo luctus." "Nulla tincidunt erat sit amet erat viverra eleifend accumsan ligula luctus." "Quisque et risus enim." "Praesent vitae neque ut leo semper malesuada eu sed justo." "Duis pretium vehicula orci sed dignissim." "Cras nec magna in nulla laoreet vulputate quis at enim." "Nulla eget odio tellus." "In placerat massa et purus eleifend non fringilla neque fringilla." "Donec imperdiet ullamcorper nisl," "vel rutrum sapien rutrum a." "Duis luctus," "ante eu tristique commodo," "ipsum libero sollicitudin purus," "quis tempor nibh felis ac quam." "Nullam sodales vehicula elit," "eget egestas neque blandit in." "Mauris egestas faucibus elit," "id pellentesque nibh tincidunt id." "Nam vitae felis magna." "Donec tellus quam," "scelerisque vitae sollicitudin at," "gravida vel est." "Ut sodales velit nec dui sollicitudin a porta mi ullamcorper." "Cras sollicitudin egestas consequat." "Donec id tortor est," "eget tempor diam." "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Ut ullamcorper gravida pharetra." "Proin diam nunc," "feugiat id interdum vel," "porttitor a nisl." "Aliquam aliquet orci sed metus egestas porttitor." "Morbi sollicitudin pulvinar enim." "Etiam tincidunt augue ut quam mollis ac imperdiet odio egestas." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Nunc at enim diam." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Aliquam lorem lectus," "suscipit at vestibulum ac," "scelerisque quis augue." "Morbi felis tellus," "porttitor quis pellentesque ut," "dictum ac nisi." "Integer sit amet massa vel augue lacinia dapibus non vulputate tortor." "Aenean ullamcorper sodales justo," "at fermentum libero sodales et." "Fusce vitae enim ut ligula volutpat placerat." "Pellentesque et mauris nibh," "non lacinia ipsum." "Phasellus ac nibh sit amet nibh vulputate rutrum." "Maecenas id nulla quam." "Maecenas euismod dolor in magna condimentum adipiscing." "Morbi elementum tincidunt mauris in mollis." "Pellentesque sagittis turpis id nunc tempor a eleifend turpis fermentum." "Sed faucibus interdum arcu," "at varius sem aliquet id." "Pellentesque vestibulum iaculis risus," "id dictum lorem gravida ac." "Quisque sagittis arcu vitae eros dapibus vitae convallis nulla mattis." "Nam id dui neque," "ut molestie velit." "Pellentesque pulvinar porta erat eu interdum." "Nunc metus massa," "vestibulum vitae egestas a," "fringilla et odio." "Quisque quis diam lorem," "quis pellentesque velit." "Mauris sapien risus," "suscipit nec vestibulum nec," "rutrum a risus." "Curabitur lobortis condimentum ultricies." "Duis quis dapibus turpis." "Nunc lectus elit," "facilisis at bibendum et," "vestibulum in arcu." "Morbi odio nibh," "feugiat quis tempor ut," "scelerisque ultrices nisi." "Curabitur a accumsan augue." "Integer aliquet porttitor nibh," "nec placerat est pharetra in." "Donec feugiat nisi et odio commodo interdum." "Vestibulum ullamcorper bibendum fermentum." "Fusce eu lacus eget metus malesuada feugiat eu vel erat." "Sed et erat tortor." "Morbi malesuada varius mollis." "Nam accumsan dignissim odio," "quis consectetur mi molestie eget." "Etiam iaculis," "enim eu placerat vehicula," "elit massa pulvinar tellus," "in cursus magna mi non quam." "Vivamus varius tempor semper." "Nulla adipiscing feugiat sollicitudin." "Etiam lacinia placerat dui nec varius." "In vitae metus mauris." "Vestibulum sed magna quis nibh ornare rhoncus ut vitae ipsum." "Duis ligula nunc," "fermentum sed suscipit non," "molestie vel purus." "Suspendisse potenti." "Proin arcu leo," "adipiscing at vehicula ac," "ullamcorper nec diam." "Proin pretium porta urna," "quis fermentum nisl pretium et." "Suspendisse a elit eu nisi molestie lacinia." "Cras at condimentum arcu." "Suspendisse potenti." "Sed ullamcorper ante sit amet urna aliquet ultrices accumsan neque ullamcorper." "Nam sit amet velit vel urna gravida suscipit sit amet non mauris." "Ut non neque arcu." "Praesent gravida sodales lorem," "vitae hendrerit purus bibendum non." "Nulla facilisi." "Mauris ornare," "sem eget tristique vestibulum," "augue metus luctus neque," "sit amet pretium lectus dui et augue." "Curabitur eu convallis turpis." "Ut est est," "vulputate auctor laoreet et," "iaculis eget massa." "Vestibulum ornare porta rhoncus." "Phasellus sagittis orci et orci blandit facilisis viverra leo consectetur." "Curabitur molestie nibh vitae nisi condimentum eget tempor nulla consectetur." "Ut arcu nunc," "mollis nec consectetur nec," "elementum tempus enim." "Nullam vel arcu massa." "In quis accumsan nibh." "Nullam id tristique neque." "Phasellus mattis interdum nisi quis viverra." "Morbi sollicitudin," "leo vel faucibus consequat," "ante est blandit nibh," "id sodales risus nunc ac ligula." "Nullam pellentesque diam nec urna fringilla malesuada." "Maecenas nisi lorem," "bibendum a condimentum in," "commodo vel tellus." "Proin at odio in ante lacinia sodales vel eget elit." "Curabitur eu fermentum est." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Praesent rutrum lectus ac velit consequat hendrerit." "In faucibus dictum mattis." "Sed a justo mi," "eu convallis nibh." "Integer commodo sollicitudin suscipit." "Curabitur vel leo vitae quam ultricies interdum et eget justo." "Proin ultrices lacus et metus vulputate ultrices eu non ligula." "Proin at velit in nisi malesuada lobortis." "Fusce est urna," "pulvinar ac venenatis non," "hendrerit non neque." "Donec id augue ac magna consequat porta." "Donec sed erat vitae velit vehicula rutrum." "Aenean pulvinar dui nec augue pharetra iaculis." "Quisque pretium risus vitae arcu feugiat ac posuere risus sagittis." "Nam diam erat," "rutrum ut interdum non," "laoreet at sem." "Sed enim elit," "tempor eget volutpat ac," "aliquet at sem." "Nunc in urna eu ipsum tempor pharetra eget vitae est." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Nulla ultricies," "ligula quis consequat posuere," "ante risus gravida est," "in pretium elit ipsum nec eros." "Mauris ac leo sit amet nisl rutrum mattis." "Donec facilisis enim eget mauris gravida lacinia." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Vivamus eleifend lacus non erat eleifend lacinia." "Nam vehicula vehicula ipsum ac ultrices." "Aliquam ut massa purus." "Aenean vel est vitae nulla tincidunt malesuada." "Aliquam eleifend," "arcu non tristique tempor," "dui ligula malesuada sem," "iaculis scelerisque magna massa quis quam." "Pellentesque libero mauris," "vulputate sed tincidunt vitae," "vehicula ac ipsum." "Mauris pharetra," "turpis eu tincidunt rhoncus," "quam tortor viverra est," "at pellentesque augue nibh ac nibh." "In ipsum dui," "ullamcorper vel semper quis," "semper id massa." "Phasellus non sem dolor," "at scelerisque tellus." "Curabitur velit augue," "pulvinar in aliquam id," "aliquet vel leo." "Fusce fermentum blandit nunc," "vitae tincidunt leo molestie condimentum." "Suspendisse ut gravida ipsum." "Curabitur vulputate," "mauris sit amet pulvinar sagittis," "ipsum enim feugiat enim," "et porta risus neque eget ante." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Donec eros dolor," "vehicula quis aliquam eget," "ornare id lorem." "Ut dolor lacus," "aliquet ut tempor et," "varius et nunc." "Cras consectetur massa vitae velit mattis a ultrices urna venenatis." "Praesent lacus mi," "bibendum a aliquet quis," "vestibulum non velit." "Proin sit amet elit felis," "eu malesuada justo." "Maecenas auctor urna metus." "Phasellus convallis velit id justo blandit venenatis." "Suspendisse convallis rhoncus orci," "a tincidunt quam varius a." "Fusce scelerisque aliquam odio ac sodales." "Aliquam in lectus arcu." "In vestibulum," "nisi et sagittis dignissim," "purus est feugiat risus," "ac accumsan ante purus in turpis." "Maecenas bibendum condimentum nibh," "quis fringilla quam imperdiet sed." "Nulla ullamcorper suscipit sem euismod rhoncus." "Curabitur lectus justo," "consectetur vitae viverra sed," "fringilla at nunc." "Aliquam justo tortor," "ornare vel rhoncus non," "eleifend sed purus." "Nullam posuere gravida magna," "egestas convallis tellus venenatis quis." "Mauris feugiat," "lectus nec rutrum placerat," "tellus augue convallis velit," "in mattis odio neque in urna." "Quisque quis urna at diam pretium iaculis ut sed dui." "Morbi nibh enim," "accumsan eu convallis et," "bibendum sed dui." "Class aptent taciti sociosqu ad litora torquent per conubia nostra," "per inceptos himenaeos." "Etiam interdum turpis eu dui adipiscing sagittis." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "In hac habitasse platea dictumst." "Suspendisse sed libero enim," "et dapibus justo." "Aliquam commodo," "turpis sit amet venenatis facilisis," "nibh diam porttitor neque," "nec gravida massa odio a sem." "Morbi quis velit ligula." "Mauris interdum risus nec quam rhoncus eu bibendum mauris pulvinar." "Nunc id orci nec turpis lobortis luctus." "Praesent laoreet lectus vel leo malesuada interdum." "Quisque a mi ac eros mattis pharetra in a quam." "Sed scelerisque ligula vel tellus pulvinar suscipit sollicitudin odio vehicula." "In porta odio auctor justo commodo lobortis." "Nullam porttitor volutpat blandit." "In ut varius nisl." "Nunc pharetra porta luctus." "Mauris in mattis est." "In hac habitasse platea dictumst." "Maecenas sed convallis tellus." "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Ut vehicula metus vitae ipsum hendrerit rutrum." "Nunc dolor nisl," "interdum quis ornare et," "tempor quis dui." "Donec tincidunt varius turpis non cursus." "Nulla lobortis," "lacus eget pellentesque sagittis," "urna elit rhoncus erat," "ac convallis ipsum sapien non lacus." "Morbi pellentesque ligula et velit tempus sagittis." "Morbi tincidunt interdum nunc non suscipit." "Cras faucibus interdum velit accumsan posuere." "Donec a augue risus." "Etiam viverra," "lectus sed mattis lobortis," "erat risus aliquet lorem," "eu semper libero nunc ac erat." "Donec at dui nisi." "Fusce dui tortor," "consequat eget egestas vel," "lobortis elementum mi." "Suspendisse blandit molestie urna vel mollis." "Nam aliquam volutpat bibendum." "Nulla id erat a lectus facilisis vestibulum." "Nunc dictum laoreet magna eu venenatis." "Duis facilisis justo nec enim vehicula nec rutrum purus vulputate." "Sed sollicitudin dui nec purus porttitor lacinia." "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Praesent nisl lacus," "rutrum ac congue eu," "scelerisque dictum ligula." "Fusce neque massa," "viverra sed suscipit sit amet," "posuere at ipsum." "Praesent scelerisque libero in nibh gravida sed consectetur turpis vehicula." "Fusce sapien velit," "vestibulum a aliquam in," "bibendum vel mauris." "Phasellus id porta eros." "Aenean nec ligula turpis," "ut tincidunt velit." "Cras commodo congue dui," "id gravida felis iaculis eget." "Nunc varius diam a purus elementum eleifend." "Sed viverra velit sit amet ante ultrices nec varius tellus aliquam." "Suspendisse ante nunc," "suscipit nec sodales ut," "rhoncus a ante." "Nulla risus neque," "fermentum in pharetra nec," "commodo rhoncus nulla." "Aenean fermentum," "ligula nec suscipit ultrices," "ligula neque rhoncus purus," "a mollis sem purus ut nunc." "Nunc aliquam ullamcorper lacinia." "Duis id velit lacus." "Cras convallis sodales vehicula." "Proin nibh nulla," "bibendum sed pellentesque vitae," "blandit vitae quam." "Curabitur et eros velit," "non vehicula sapien." "Suspendisse eu mi nec metus pellentesque egestas." "Curabitur a tellus purus," "ac dictum nisi." "Donec diam ligula," "tincidunt ut posuere vitae," "consequat at nisi." "Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas." "Nulla auctor nisi sed metus tincidunt blandit." "Nulla facilisi." "Proin volutpat mi sagittis risus fringilla feugiat." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Vivamus sagittis," "metus et sagittis sodales," "massa leo elementum sapien," "id suscipit lectus ligula ac orci." "Nulla dignissim tristique justo," "vel volutpat turpis rutrum convallis." "Sed diam lorem," "ultricies a ultricies eu," "tristique vitae turpis." "Donec pellentesque consectetur tellus non sodales." "Nam id dolor arcu." "Pellentesque nisl eros," "gravida non aliquam auctor," "elementum et felis." "Quisque in pellentesque metus." "Morbi sed lorem non magna fringilla egestas vitae ut nulla." "Aenean vel ante id nibh tincidunt feugiat." "Ut diam lorem," "semper vel elementum ac," "faucibus suscipit nunc." "Ut ultrices pharetra pellentesque." "Sed malesuada," "nulla vitae luctus suscipit," "est ipsum viverra libero," "quis ultrices augue ante eget velit." "Aenean nibh libero," "elementum eget lacinia non," "faucibus ut arcu." "Suspendisse potenti." "Phasellus nisl ante," "faucibus sed aliquam non," "pellentesque vel orci." "Nulla facilisi." "Sed et mauris sit amet enim malesuada congue." "In hac habitasse platea dictumst." "Cras vitae velit a enim sollicitudin elementum interdum a diam." "Nulla purus lectus," "mattis facilisis pretium et," "consectetur ut tellus." "Cras posuere odio eget nibh lacinia ullamcorper." "Aliquam a enim purus." "Donec pharetra tristique magna," "sit amet varius erat facilisis et." "Nullam molestie nisi euismod orci ultrices in mollis tellus accumsan." "Ut placerat hendrerit porttitor." "Nulla sit amet quam risus." "Nunc diam dui," "adipiscing non cursus et," "pharetra sed mi." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Cras eget hendrerit mi." "Donec sagittis tincidunt nisi venenatis egestas." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Suspendisse ac felis erat," "ut placerat nisi." "Curabitur laoreet pellentesque erat sed porttitor." "Sed vel metus leo," "nec congue enim." "Vivamus elit orci," "ultricies ac sagittis nec," "porta a lorem." "Suspendisse volutpat facilisis turpis," "non dapibus mi scelerisque sed." "Ut id libero a lorem rhoncus sollicitudin non non lorem." "Integer erat purus," "laoreet eu pulvinar eget," "condimentum in tellus." "Nam et placerat purus." "Praesent convallis," "nisi id sodales pharetra," "nibh augue tincidunt elit," "sit amet tempor justo orci quis sapien." "Cras imperdiet ligula ultricies lacus vestibulum molestie." "Fusce non suscipit felis." "Aenean sed nisl quis mi dapibus auctor et eget sem." "Vestibulum luctus egestas diam nec aliquet." "Nunc suscipit," "risus non facilisis sagittis," "libero enim rutrum mauris," "at ullamcorper tortor nibh vel turpis." "Morbi sed nisl purus." "In hac habitasse platea dictumst." "Nulla orci dui," "consectetur id laoreet quis," "mollis in nunc." "Phasellus faucibus posuere magna eu semper." "Cras sem turpis," "mattis non pretium at," "feugiat eget lorem." "Mauris in orci nulla," "sed consectetur diam." "Pellentesque dignissim," "erat dictum gravida viverra," "est erat laoreet massa," "at porta sem mi a quam." "Mauris ultricies viverra velit in posuere." "Vestibulum et ligula eros." "Pellentesque eu orci nulla." "Proin lectus enim," "molestie a sagittis id," "elementum quis tortor." "Mauris et ligula ut ligula egestas porttitor nec quis sapien." "Duis nibh dolor," "pharetra eu mollis sit amet," "tempus ut tortor." "Pellentesque tristique mattis nisl sed commodo." "Praesent ut mauris mi." "Donec lectus arcu," "vestibulum tempus convallis in," "vestibulum eget risus." "Cras sit amet tristique metus." "Fusce sodales velit et purus imperdiet semper." "Donec a nibh tellus," "ut pharetra odio." "Proin tellus nulla," "malesuada vitae aliquet bibendum," "congue ut turpis." "Vestibulum vel purus elit," "sit amet tempus purus." "Praesent mi erat," "imperdiet at volutpat eget," "laoreet a purus." "Curabitur ultricies ultricies nisi," "et varius nisi auctor in." "Curabitur vehicula elit et erat imperdiet vitae euismod diam convallis." "Morbi mollis semper risus," "ac varius turpis faucibus et." "Nulla commodo ligula nec nulla blandit ut rhoncus quam semper." "Mauris arcu ligula," "dapibus vel blandit id," "ornare quis arcu." "Proin urna ligula," "dictum aliquet venenatis nec," "pharetra et est." "Donec libero lectus," "scelerisque eget pharetra nec," "scelerisque ut quam." "Integer mi tortor," "mattis a luctus sit amet," "consequat quis mi." "Praesent in orci a nibh cursus malesuada eu a magna." "Nam at ligula purus," "consequat eleifend dui." "Donec tristique velit id turpis ultricies fermentum." "In ut sem eu quam volutpat consequat ut eget augue." "Nam posuere nisl at lectus laoreet scelerisque." "Vivamus nec odio tempus nulla egestas iaculis." "Sed sollicitudin posuere sapien ac interdum." "Class aptent taciti sociosqu ad litora torquent per conubia nostra," "per inceptos himenaeos." "Quisque aliquam," "massa ut vehicula placerat," "dui dui feugiat sem," "sed blandit sem augue non sapien." "Nulla sit amet justo diam." "Aliquam eget justo vitae lorem condimentum imperdiet a eget nisi." "Etiam quam nulla," "volutpat ac consequat quis," "volutpat ac orci." "Nam fermentum hendrerit pulvinar." "Aliquam erat volutpat." "Mauris sit amet viverra justo." "Cras eget sollicitudin turpis." "Donec congue pretium suscipit." "Nunc tempus tempor augue vitae mattis." "Aenean vel lectus a neque feugiat pretium." "Proin ac purus a nisi tincidunt auctor non eget justo." "Donec et bibendum ipsum." "Nulla facilisi." "Nam pellentesque lacinia fermentum." "Nulla eu ligula turpis," "a cursus dui." "Nullam porttitor molestie bibendum." "Aenean iaculis mi ultrices lorem viverra gravida." "Proin tortor mauris," "fermentum vitae pretium ac," "posuere quis augue." "Cras sodales," "felis sit amet sollicitudin euismod," "lorem dui fermentum nisl," "et vehicula quam enim et est." "Etiam ac dolor sed augue dictum ullamcorper non molestie leo." "Morbi tellus arcu," "imperdiet eget condimentum sit amet," "convallis sodales massa." "Ut id urna eu quam facilisis rhoncus." "Curabitur euismod," "augue ut fringilla congue," "odio risus vestibulum enim," "ac porta augue lacus quis dolor." "Sed dui orci," "rutrum commodo dapibus sed," "fermentum in libero." "Aenean id purus sapien," "in feugiat odio." "Nullam interdum suscipit odio eget vehicula." "Praesent interdum," "sapien vitae consectetur pulvinar," "mauris felis iaculis nisi," "vitae sagittis sapien velit ac neque." "Morbi a purus vel velit vestibulum ullamcorper a vel diam." "Nam nec dui non tellus tincidunt molestie." "Nam lacinia iaculis orci eget pulvinar." "Etiam ac facilisis massa." "Nulla sit amet luctus odio." "Aenean eget turpis turpis," "eget fermentum neque." "Phasellus id lectus nisi." "Suspendisse tristique scelerisque suscipit." "Integer vel nibh elit." "Duis sem justo," "bibendum vel hendrerit vel," "cursus non turpis." "In hac habitasse platea dictumst." "Vestibulum nec quam a dolor consequat fermentum vel in leo." "Donec vel lorem risus," "quis blandit felis." "Sed mollis ornare turpis," "vitae mattis risus mollis eget." "Praesent eleifend iaculis mauris." "Maecenas porta tincidunt egestas." "Quisque at sem leo." "Donec non enim vel risus suscipit vulputate." "Nam a diam placerat dui feugiat commodo at a tortor." "Fusce elit augue," "congue sit amet imperdiet id," "sagittis at quam." "Integer vestibulum felis vel nunc consequat bibendum." "Curabitur rhoncus lacinia risus," "sit amet semper urna elementum vehicula." "Nulla vel ante libero." "Maecenas sed orci non eros venenatis dapibus nec non nibh." "Aliquam erat volutpat." "Quisque aliquet auctor nulla at semper." "Aenean congue pellentesque ipsum." "Aliquam id ante vel eros facilisis consectetur." "Aenean a mi in orci bibendum mattis euismod eget elit." "In sed enim et quam tincidunt semper in quis augue." "Proin sed sapien id magna cursus tristique." "Nunc ac sapien augue." "Aliquam tempus leo ultricies magna interdum tincidunt." "Nulla porttitor gravida ligula in aliquet." "Duis mattis dui non sem vestibulum ac sagittis enim molestie." "Quisque sed dui ligula." "Nullam euismod aliquet enim id tristique." "Curabitur nec lectus consectetur nisi cursus vehicula." "Nulla fringilla vestibulum rutrum." "Quisque malesuada nibh vitae quam feugiat nec placerat eros ultrices." "Pellentesque id dui id nisl eleifend iaculis posuere ut tortor." "Integer eget dui risus," "eu auctor quam." "Aliquam sit amet orci placerat nunc blandit dictum." "Vestibulum nec interdum nisi." "Proin purus nisi," "viverra ultricies accumsan ac," "dignissim nec nulla." "Donec sit amet dolor nisl," "a scelerisque elit." "Phasellus ut arcu lectus." "Sed semper dapibus pellentesque." "Nam vitae urna nulla," "vel auctor orci." "Sed vel magna nibh." "Curabitur pretium imperdiet orci eu ultrices." "Vivamus quis metus pharetra nunc euismod rutrum." "Fusce massa nibh," "venenatis sed ornare at," "posuere sed mauris." "Sed tortor est," "tempor vel fermentum sit amet," "laoreet at nulla." "Proin eu dictum lacus." "Proin nec mattis lectus." "Aliquam semper semper tellus," "ac eleifend orci accumsan non." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Phasellus vitae tortor mauris," "quis blandit nisi." "Donec quis viverra lacus." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Maecenas imperdiet," "leo eu tincidunt gravida," "eros sem lacinia risus," "vitae viverra massa augue eget ante." "Suspendisse ullamcorper lacus ut est bibendum condimentum." "In eget semper mi." "Praesent tellus turpis," "mollis sit amet feugiat at," "gravida eget augue." "Sed ac lacinia massa." "Sed vitae malesuada lorem." "Vivamus pellentesque urna eget sem vehicula pharetra." "Curabitur tristique tortor eget mauris adipiscing semper." "Sed eu nisi vulputate arcu elementum imperdiet." "Morbi gravida est non ante accumsan bibendum." "Cras et lectus augue," "sed congue leo." "Praesent semper," "urna nec pharetra aliquet," "augue purus tristique neque," "eget convallis libero turpis sed mi." "Sed tortor tellus," "tempus ac ullamcorper tempus," "consectetur in dui." "Cras aliquam dapibus turpis," "ut ultrices ligula vulputate a." "Donec molestie porttitor mi," "placerat rutrum neque sodales id." "Fusce quis justo lacus." "Duis eget sem nisi," "ac consectetur augue." "Vestibulum luctus erat non lacus commodo vel tristique dui consectetur." "Mauris tellus nisl," "molestie eget porta vitae," "sagittis sed dolor." "Class aptent taciti sociosqu ad litora torquent per conubia nostra," "per inceptos himenaeos." "Pellentesque vel odio eget sem aliquet scelerisque eget vitae nunc." "Fusce adipiscing sagittis libero," "quis placerat dui pulvinar eget." "Cras condimentum," "arcu tempor facilisis condimentum," "eros leo ullamcorper urna," "vel tincidunt velit enim eget eros." "Mauris et semper nulla." "Proin mollis sapien nec enim egestas aliquam vestibulum consectetur tellus." "Aenean ut nisl ut sapien iaculis auctor." "Pellentesque dolor tellus," "sodales eu elementum ut," "ullamcorper at nunc." "Vestibulum convallis ornare leo," "ac luctus eros dignissim commodo." "Suspendisse at elit sit amet urna placerat lobortis." "Donec fermentum libero lacus," "in placerat risus." "Nullam ut enim sapien," "nec blandit libero." "Donec in nibh fermentum lacus dapibus bibendum vel ac turpis." "Morbi rhoncus," "purus pharetra sagittis mollis," "lectus ante imperdiet magna," "in vestibulum urna nulla ac erat." "Duis dictum euismod vulputate." "Morbi odio augue," "ultrices a gravida sed," "elementum quis felis." "Nam scelerisque urna id justo dignissim placerat." "Sed convallis lobortis orci vel egestas." "Vestibulum ultricies felis in libero iaculis varius." "Aliquam erat volutpat." "Phasellus ac purus non elit malesuada auctor." "Donec ut sem id enim volutpat posuere." "Donec malesuada est sed odio ornare dignissim." "Cras vitae urna massa," "ut facilisis lorem." "In rutrum interdum lectus," "nec scelerisque tellus consequat pellentesque." "Proin eu molestie neque." "Integer sed enim lectus," "ac aliquet urna." "Phasellus sodales sollicitudin consequat." "Praesent vitae augue ante." "Sed id pellentesque leo." "Integer vehicula enim quis dui aliquet congue." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Curabitur gravida," "quam sed elementum eleifend," "velit nulla dictum est," "ut malesuada augue ligula id dui." "Maecenas bibendum tristique ipsum," "eu gravida elit commodo sed." "Fusce metus tortor," "accumsan ac feugiat id," "volutpat sed tortor." "Vivamus tincidunt mi non purus volutpat ultrices." "Praesent eget metus eu sem tempus pellentesque." "Etiam faucibus sollicitudin dapibus." "Donec tempor massa sit amet mi posuere ullamcorper." "Vestibulum ac dolor ut urna ultrices volutpat." "Integer ipsum urna," "congue tempus vehicula eu," "sodales sit amet velit." "Proin adipiscing urna ut eros sodales vulputate." "Nam faucibus auctor justo non luctus." "Suspendisse ac augue sed augue viverra congue." "Nam ligula erat," "eleifend eu semper eget," "pharetra laoreet nunc." "Phasellus tempor eros a ante tincidunt ultricies." "Fusce sit amet est tristique lacus pharetra tristique." "Pellentesque orci est," "tristique quis tristique id," "imperdiet at neque." "Vivamus ut rutrum mauris." "Nullam sit amet quam turpis," "ut fringilla enim." "Duis sagittis accumsan risus." "In eget risus vel mauris pharetra laoreet nec id arcu." "Cras mollis," "mauris et sagittis laoreet," "est dui hendrerit urna," "at tempor nulla mauris sed odio." "Cras sed hendrerit orci." "Curabitur eros sem," "pretium vel iaculis vel," "accumsan in enim." "Proin mattis," "ligula tincidunt sagittis rutrum," "mauris dui consectetur erat," "ac hendrerit quam risus at purus." "Cras ac ante id libero congue semper at id tortor." "Cras non risus sit amet erat porta dictum sit amet in justo." "Phasellus vel justo odio." "Donec scelerisque varius ligula id bibendum." "Nullam turpis ligula," "fringilla ac semper a," "iaculis a sapien." "Vestibulum in est venenatis metus malesuada lacinia quis id justo." "Vivamus faucibus luctus semper." "Etiam mattis ullamcorper magna," "sit amet faucibus est malesuada euismod." "Duis libero nisl," "molestie a iaculis in," "convallis eu nunc." "Nullam sit amet lorem at purus ullamcorper rutrum sit amet eu orci." "In vel nulla in elit convallis varius nec a lacus." "Nunc ac nunc nisl," "quis condimentum risus." "Donec tempus facilisis odio ac rutrum." "Etiam sed mollis tortor." "Sed ac lorem at urna lacinia porta." "Curabitur vestibulum metus eu augue viverra et accumsan augue ornare." "Phasellus mollis mauris erat," "ut vestibulum arcu." "Praesent pretium condimentum nisl," "id rutrum quam mattis ac." "Nunc vitae arcu leo," "sit amet pretium dui." "Mauris vehicula velit sem," "lobortis cursus tellus." "Ut eleifend dapibus tellus," "in euismod ipsum dapibus at." "Nulla convallis blandit nunc quis lobortis." "Praesent placerat mattis mauris," "sed luctus nisi ultricies vel." "In tristique laoreet tortor sed porta." "Aenean hendrerit orci non est viverra sit amet blandit lorem scelerisque." "Nulla in nulla lacus." "Pellentesque ac enim quam," "id aliquet justo." "Suspendisse diam metus," "placerat eu volutpat ut," "euismod non erat." "Phasellus luctus odio vel orci dapibus sed varius lacus aliquam." "Sed tincidunt feugiat diam vel ornare." "Fusce quis volutpat magna." "Cras malesuada elit at leo fringilla imperdiet et sed libero." "Morbi sit amet tincidunt ligula." "Ut id tempus tellus." "Vestibulum id rhoncus risus." "Ut non magna a lorem semper hendrerit." "Cras vulputate cursus eros," "sit amet tincidunt ligula rutrum fringilla." "Cras mauris nisl," "fringilla sed egestas vel," "accumsan non mauris." "Integer commodo," "tellus consequat mollis pulvinar," "dui elit faucibus arcu," "in lacinia nisi mi eget ligula." "Nulla malesuada semper tortor eu lacinia." "Vestibulum at varius sem." "Vivamus posuere ligula ac tellus faucibus lobortis." "Maecenas sagittis arcu in odio sodales aliquam." "Mauris at felis augue." "Donec venenatis interdum cursus." "Vivamus ante mauris," "dignissim sit amet laoreet vel," "vehicula vel arcu." "Sed facilisis nulla sit amet massa posuere faucibus." "Aliquam elementum elementum felis lacinia vehicula." "Maecenas metus justo," "viverra et pulvinar ut," "venenatis a mauris." "Duis eu ultricies elit." "Donec gravida condimentum magna," "sodales eleifend risus fermentum eget." "Nunc elit urna," "elementum in adipiscing sit amet," "cursus in dui." "Cras at risus non ligula scelerisque scelerisque dictum sed lorem." "Sed semper lorem id magna consequat ut ultricies nunc consectetur." "Suspendisse vehicula," "erat sit amet tempor auctor," "augue risus interdum nunc," "eu adipiscing tortor nisi tempus sem." "Etiam malesuada ipsum ut lectus ultrices faucibus." "Curabitur tellus tellus," "pretium vel accumsan nec," "eleifend nec elit." "Cras semper fermentum ipsum," "sit amet gravida lectus hendrerit non." "Nullam pretium velit vel dolor suscipit in blandit nisi scelerisque." "Curabitur viverra ipsum vitae odio placerat pulvinar." "In cursus elit id turpis aliquam ornare." "Donec consequat turpis feugiat elit tempor sed lobortis arcu aliquam." "Curabitur sit amet sagittis purus." "Curabitur tincidunt arcu sed odio suscipit elementum." "Sed ut nibh a ante adipiscing auctor eleifend a nisi." "Proin sollicitudin sollicitudin blandit." "Ut commodo auctor imperdiet." "Fusce eleifend," "neque non ullamcorper elementum," "felis ipsum cursus libero," "et bibendum augue mi sed ligula." "Curabitur sodales euismod diam vitae dictum." "Maecenas vestibulum," "mi non commodo sollicitudin," "massa quam iaculis odio," "vel tristique tellus nibh vitae tortor." "Vestibulum ut odio eget nisi ultricies auctor ac vitae lorem." "Sed eu lorem elit." "Aliquam erat volutpat." "Suspendisse fermentum nulla lorem." "Morbi eleifend dolor a ligula feugiat vulputate." "Curabitur laoreet auctor quam," "at tincidunt metus cursus in." "Nam aliquam volutpat porttitor." "Aenean id cursus eros." "Vestibulum vel neque diam," "non posuere quam." "Quisque leo sapien," "fermentum quis congue vel," "fringilla vitae arcu." "Mauris semper turpis ac libero volutpat dapibus." "Duis nisi enim," "faucibus eget tempus at," "ultricies nec tellus." "Cras id lectus nisl," "id cursus orci." "Etiam sapien nisl," "mollis sit amet volutpat vel," "volutpat nec nisi." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Nunc ac purus nec leo vestibulum porttitor a blandit arcu." "Proin nec rhoncus neque." "Pellentesque vestibulum pharetra vestibulum." "Sed molestie elit eu dui mollis varius." "Etiam porttitor dictum mi." "Maecenas suscipit sagittis nunc nec porta." "Sed et arcu sit amet sapien convallis vestibulum." "Cras egestas accumsan accumsan." "Quisque accumsan tortor et erat mattis sollicitudin." "Sed molestie turpis eget sem tincidunt nec convallis mi congue." "Etiam ac egestas lorem." "Proin sollicitudin est nec sem vehicula tincidunt." "Proin quis purus ut nisl dapibus euismod." "Class aptent taciti sociosqu ad litora torquent per conubia nostra," "per inceptos himenaeos." "Nunc lacus ante," "rutrum sed lacinia ut," "fermentum id purus." "Nulla facilisi." "Suspendisse sed lectus nec libero lacinia aliquam." "Sed id ipsum sapien," "id varius ipsum." "Vestibulum at nulla mi," "eget accumsan nibh." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Donec lobortis ultrices iaculis." "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Donec placerat eros ac arcu pellentesque laoreet." "Praesent sagittis pellentesque dictum." "Nulla in metus eget metus vulputate tempus." "Mauris dictum elementum commodo." "Donec tellus est," "suscipit iaculis venenatis ut," "pulvinar sit amet turpis." "Mauris et elit non magna consectetur bibendum." "Mauris pellentesque dui eu libero consectetur fringilla." "Aenean vel ipsum urna." "Maecenas pulvinar sollicitudin magna molestie interdum." "Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Cum sociis natoque penatibus et magnis dis parturient montes," "nascetur ridiculus mus." "Mauris viverra pretium tortor eget gravida." "Integer commodo molestie turpis quis elementum." "Aenean placerat," "purus eu rhoncus ornare," "ligula nulla consequat dui," "vitae scelerisque augue massa pulvinar quam." "Suspendisse ultricies ultricies neque sit amet luctus." "Ut bibendum leo a lectus blandit eget hendrerit ligula consequat." "In hac habitasse platea dictumst." "Cras tempor," "eros non posuere pulvinar," "magna nisi consectetur lacus," "in ullamcorper ante lectus non justo." "Sed porttitor libero vel nisl bibendum dapibus." "Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas." "Fusce vitae faucibus mi." "Etiam in libero lobortis nisl lobortis lobortis blandit ut dolor." "Morbi auctor iaculis nulla at venenatis." "Morbi augue nibh," "lobortis ut bibendum id," "pretium nec felis." "Lorem ipsum dolor sit amet," "consectetur adipiscing elit." "Maecenas molestie," "ante nec porttitor bibendum," "tortor tortor aliquet arcu," "sit amet tempus ligula diam sit amet felis." "Phasellus semper posuere augue id rhoncus." "Cras dolor tellus," "posuere id varius in," "hendrerit eu tellus." "Proin vitae turpis non nulla ullamcorper tristique." "In hac habitasse platea dictumst." "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Fusce sed justo quis diam lacinia imperdiet nec eu tortor." "Nullam at quam non metus pretium luctus in ac dui." "Vivamus libero nibh," "adipiscing et tristique non," "accumsan quis sem." "Aliquam condimentum ligula eu lorem sodales fermentum." "Suspendisse ac urna vitae est pharetra vulputate at vel lacus." "Sed vel lorem consequat sapien tristique dignissim." "Praesent sodales fermentum est id iaculis." "Sed sollicitudin ullamcorper suscipit." "Morbi felis massa," "ultricies ac ultrices in," "malesuada volutpat sapien." "Vestibulum vitae egestas arcu." "Suspendisse ac facilisis dui." "Sed lobortis eros ac est adipiscing laoreet." "Nullam urna arcu," "dapibus quis commodo vulputate," "dictum aliquet mi." "Morbi sit amet erat sit amet velit pellentesque aliquam." "Sed eu arcu turpis," "ut vulputate quam." "Nullam ultrices condimentum tortor quis scelerisque." "Morbi lacinia lacinia metus," "vel elementum ante pharetra at." "Fusce mollis magna vel nisi gravida ut fringilla tortor rhoncus." "Aenean aliquam feugiat sapien ac euismod." "Nullam non est tortor." "Pellentesque vestibulum porta lorem ut adipiscing." "Nunc eget enim et dui pellentesque egestas." "Suspendisse ornare mollis odio," "tincidunt tincidunt sapien egestas non." "Cras vulputate," "nisi sit amet vehicula facilisis," "sapien neque adipiscing nisi," "at volutpat est nibh euismod ipsum." "Maecenas scelerisque elementum leo," "eget semper libero auctor a." "Proin vel odio sit amet tortor adipiscing facilisis non vel elit." "Aliquam eget leo libero," "sit amet vulputate est." "Maecenas ut turpis nec est tincidunt rutrum." "Nam laoreet," "justo in dictum tincidunt," "nisi est porttitor diam," "eget pretium libero est dictum odio." "Fusce justo felis," "tempor vitae mattis sit amet," "pretium sagittis sem." "Mauris risus erat," "volutpat sit amet aliquam cursus," "ultricies a nulla." "Aliquam at erat felis." "In imperdiet lacinia purus at luctus." "Suspendisse rutrum lacinia ullamcorper." "Vestibulum tincidunt sodales sollicitudin." "Aliquam sit amet velit purus," "in venenatis nisl." "Vivamus vitae magna quis nisi varius imperdiet ut quis tortor." "Ut pulvinar," "mi a volutpat blandit," "justo tellus tincidunt massa," "id vulputate elit nunc at risus." "Integer venenatis rhoncus enim." "In pretium adipiscing justo," "sed scelerisque urna fringilla sit amet." "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Etiam placerat," "est nec ornare convallis," "ante lacus vestibulum quam," "sit amet interdum magna purus ac eros." "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Nullam at adipiscing turpis." "Curabitur lobortis velit ut ligula commodo lacinia." "Nullam pellentesque," "velit in convallis consequat," "ipsum massa malesuada lacus," "sit amet sodales odio enim vitae mauris." "Integer eget risus quam." "Maecenas quis risus sit amet risus egestas pulvinar." "Proin nec consectetur est." "Praesent ultricies felis a nisi aliquet pulvinar." "Quisque nec elit at lorem porta malesuada." "Phasellus ac nulla eros," "eget egestas lectus." "Proin a lacus orci," "ornare vehicula posuere."
-05686F73743105626C616174026E6C000068000100000E10000A000A00144FFFFF20EE64
-host1.blaat.nl.	3600	IN	NID	10 0014:4fff:ff20:ee64
-05686F73743105626C616174026E6C000069000100000E100006000A0A010200
-host1.blaat.nl.	3600	IN	L32	10 10.1.2.0
-05686F73743105626C616174026E6C00006A000100000E10000A000A20010DB811401000
-host1.blaat.nl.	3600	IN	L64	10 2001:0db8:1140:1000
-05686F73743105626C616174026E6C00006B000100000E100018000A0B6C36342D7375626E65743105626C616174026E6C00
-host1.blaat.nl.	3600	IN	LP	10 l64-subnet1.blaat.nl.
-03636161000101000100000E1000150005697373756563612E6578616D706C652E6E6574
-caa.	3600	IN	CAA	0 issue "ca.example.net"
-03636161000101000100000E1000220005696F6465666D61696C746F3A7365637572697479406578616D706C652E636F6D
-caa.	3600	IN	CAA	0 iodef "mailto:security@example.com"
-03636161000101000100000E1000200005696F646566687474703A2F2F696F6465662E6578616D706C652E636F6D2F
-caa.	3600	IN	CAA	0 iodef "http://iodef.example.com/"
-03636161000101000100000E1000250005697373756563612E6578616D706C652E6E65743B206163636F756E743D323330313233
-caa.	3600	IN	CAA	0 issue "ca.example.net; account=230123"
-03636161000101000100000E1000200005697373756563612E6578616D706C652E6E65743B20706F6C6963793D6576
-caa.	3600	IN	CAA	0 issue "ca.example.net; policy=ev"
-03636161000101000100000E10000C8003746273556E6B6E6F776E
-caa.	3600	IN	CAA	128 tbs "Unknown"
-03636161000101000100000E100046020461757468303E3039060A2B06010401D67902030106096086480165030402010420614829C81B958911F81164D40DCDBFD49D66CEB3B3442FF6C9C3A912F9497566020100
-caa.	3600	IN	CAA	2 auth "0>09\006\010+\006\001\004\001\214y\002\003\001\006	`\134H\001e\003\004\002\001\004 aH)\200\027\149\137\017\248\017d\212\013\205\191\212\157f\206\179\179D/\246\201\195\169\018\249Iuf\002\001\000"
-05657569343800006C000100000E10000600005E90012A
-eui48.	3600	IN	EUI48	00-00-5e-90-01-2a
-05657569363400006D000100000E10000800005EEF0000002A
-eui64.	3600	IN	EUI64	00-00-5e-ef-00-00-00-2a
-0474787431000010000100000E100009016102626203636363
-txt1.	3600	IN	TXT	"a" "bb" "ccc"
-0474787432000010000100000E100009016102626203636363
-txt2.	3600	IN	TXT	"a" "bb" "ccc"
-0474787433000010000100000E10001003612062026262062063632063200120
-txt3.	3600	IN	TXT	"a b" "bb" " cc c " " "
-0474787434000010000100000E10001003612062026262062063632063200120
-txt4.	3600	IN	TXT	"a b" "bb" " cc c " " "
-056162626579076578616D706C6503636F6D00001D000100000E1000100067251288B2F08C69741F56009A6E60
-abbey.example.com.	3600	IN	LOC	40 32 24.716 N 105 04 25.770 W 1208m 600000m 2000m 1m
-05616272616D076578616D706C6503636F6D00001D000100000E1000100015572588B2F08C69741F56FFFFFFFB
-abram.example.com.	3600	IN	LOC	40 32 24.716 N 105 04 25.770 W 42849672.91m 1000m 500000m 2000m
-056164646965076578616D706C6503636F6D00001D000100000E100010009898986CB02700A69FB200FFFFFFFB
-addie.example.com.	3600	IN	LOC	90 00 00.000 S 180 00 00.000 E 42849672.91m 9000000m 9000000m 9000000m
-056164646965076578616D706C6503636F6D00001D000100000E100010009999896CB02700A69FB200FFFFFFFB
-addie.example.com.	3600	IN	LOC	90 00 00.000 S 180 00 00.000 E 42849672.91m 90000000m 90000000m 80000000m
-06616C66726163076578616D706C6503636F6D00001D000100000E100010001216128895440069782D80009A6EA0
-alfrac.example.com.	3600	IN	LOC	40 00 00.000 N 105 00 00.000 W 1208.64m 1m 10000m 1m
-07616C6C73706563076578616D706C6503636F6D00001D000100000E1000100067252388B2F08C69741F56009A6E60
-allspec.example.com.	3600	IN	LOC	40 32 24.716 N 105 04 25.770 W 1208m 600000m 2000m 20m
-0663757274696E03656475026175076578616D706C6503636F6D00001D000100000E10001000121612791B7D2898E6486800989A68
-curtin.edu.au.example.com.	3600	IN	LOC	32 07 19.000 S 116 02 25.000 E 10m 1m 10000m 1m
-0672777930346C0D6C6F67616E2D616972706F727406626F73746F6E076578616D706C6503636F6D00001D000100000E100010002516128916CB3C70C310DF00988550
-rwy04l.logan-airport.boston.example.com.	3600	IN	LOC	42 21 28.764 N 71 00 51.617 W -44m 2000m 10000m 1m
-0D63616D6272696467652D6E6574036B656903636F6D076578616D706C6503636F6D00001D000100000E1000100033161289172DD070BE15F000988D20
-cambridge-net.kei.com.example.com.	3600	IN	LOC	42 21 54.000 N 71 06 18.000 W -24m 30m 10000m 1m
-066C6F696F7368036B656903636F6D076578616D706C6503636F6D00001D000100000E100010001224128917069070BF2DD800988D20
-loiosh.kei.com.example.com.	3600	IN	LOC	42 21 43.952 N 71 05 06.344 W -24m 1m 200m 1m
-086D6F726566726163076578616D706C6503636F6D00001D000100000E100010003152428895440069782D80009A6EA0
-morefrac.example.com.	3600	IN	LOC	40 00 00.000 N 105 00 00.000 W 1208.64m 0.30m 5m 4m
-086E65676174697665076578616D706C6503636F6D00001D000100000E10001000121612776ABC009687D28000895C83
-negative.example.com.	3600	IN	LOC	40 00 00.000 S 105 00 00.000 E -9978.85m 1m 10000m 1m
-057069706578036E6574076578616D706C6503636F6D00001D000100000E100010001216128B3556C88008165000989A68
-pipex.net.example.com.	3600	IN	LOC	52 14 05.000 N 00 08 50.000 E 10m 1m 10000m 1m
-066E6F68707670076578616D706C6503636F6D00001D000100000E1000100067161288B2F08C69741F56009A6E60
-nohpvp.example.com.	3600	IN	LOC	40 32 24.716 N 105 04 25.770 W 1208m 600000m 10000m 1m
-0A6E6F6D696E6E6F736563076578616D706C6503636F6D00001D000100000E100010001216128895440069782D80009A6E60
-nominnosec.example.com.	3600	IN	LOC	40 00 00.000 N 105 00 00.000 W 1208m 1m 10000m 1m
-056E6F736563076578616D706C6503636F6D00001D000100000E1000100012161288B2900069748400009A6E60
-nosec.example.com.	3600	IN	LOC	40 32 00.000 N 105 04 00.000 W 1208m 1m 10000m 1m
-086E6F737A68707670076578616D706C6503636F6D00001D000100000E1000100012161288B2F08C69741F56009A6E60
-noszhpvp.example.com.	3600	IN	LOC	40 32 24.716 N 105 04 25.770 W 1208m 1m 10000m 1m
-0474787435000010000100000E10001918546573742D537472696E6722546573742D537472696E6722
-txt5.	3600	IN	TXT	"Test-String\"Test-String\""
-0474787436000010000100000E100108FF763D444B494D313B206B3D7273613B20673D2A3B20733D656D61696C3B20683D736861313B20743D733B20703D4D4947664D413047435371475349623344514542415155414134474E4144434269514B42675143333365774B78425A4152534150625439364970572F6B334467644E7546456238393665496638304863567857772B7732472B31735163556A785755534770367954544D456C73366E3774746869786964795269452F61574F793369632F4B2B39323750754379304D315A583251593867566D4F484A6259543371425138746F5172764749657238665171714A497A4F2F4154566248785838422F7A3050736D4749327878714379586B4F77074944415141423B
-txt6.	3600	IN	TXT	"v=DKIM1; k=rsa; g=*; s=email; h=sha1; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC33ewKxBZARSAPbT96IpW/k3DgdNuFEb896eIf80HcVxWw+w2G+1sQcUjxWUSGp6yTTMEls6n7tthixidyRiE/aWOy3ic/K+927PuCy0M1ZX2QY8gVmOHJbYT3qBQ8toQrvGIer8fQqqJIzO/ATVbHxX8B/z0PsmGI2xxqCyXkOw" "IDAQAB;"
-076578616D706C6503636F6D00003E000100000E10000C000000420003000460000008
-example.com.	3600	IN	CSYNC	66 3 A NS AAAA
-3839666536636262396539333361643062386234666139343036363437346530393165653862653639366332323462316331363738666365630B5F6F70656E7067706B657900003D000100000E1008AD99020D044D6CF351011000AE2731A071CAE66040331DCFFFBC1ABAEA01FBA2B3341AD29F4191E1E2E47514CC595E5D3B59EBD460DB81CB04E98A753DAE96354374B8C3A420364960A6C6875E66CEA7216327C16996557C4D13E25E236B3714E932795BE889E8B33A295FAF6D9015474CFE9C2643603F1E91E01334011A8419098E2FC9807285B2195CDBB1A9AE1916A26B9E33B3F91CDE2F728AA133464A1099FC2BEECAF8F67EE03A999AA97BE89CE4A252F804CE27A9EFB7A631CA956BFA99C51D6BECA52AF39A93353AAC43097671074A4BB5B039EB86E99209989D5B6A4AE22B32C1605E712072926095B4640DB4B4D16B54A8139048E25EF0098781E5244222DF9B6A6BF2335942527356A29E1063C5BC1297C051AB969A3E0C01FB15E20EA63A06B416D6C96F9794C5D80E97AFB249D2B907DC46605F1001019DD627744BC2AD73F239CD623F945BF9922EC6CEB607CE8818455173199DE1EF555BF3E85E9702DCAB7A30E5E6C0F6827CE6D550DF2BA4FA6EF2ED47BCEB916ADED25A727039A09942A0684897CDF2EFC13F5169693C19DA94D861BE40E8B07FE853D2978389EBA876332BE7DB146F1EC6A957BFE39AC90514B1F870A5D899BB4E1D97AF49294AD09DEDE6D5A04ABDC29332BBE74CF70393B626C0F4FDFEF6EE2B01D8A6A40750C446E159B44D0A783611585385BA912B771364B6EDA8A69680026A6BF2105692FD6F9A6CF19E09550011010001B42357696C6C656D20546F6F726F70203C77696C6C656D406E6C6E65746C6162732E6E6C3E89023E04130102002805024D6CF351021B23050909660180060B090807030206150802090A0B0416020301021E01021780000A0910E5F8F8212F77A4985D5B0FFE289B97F7D8E4E5ABC5378B7D6DB7C395F98C3D787E3FB598638C41E889AEA40CBE5B3001D947C7184C929EFE6AD1E32AE9ACB0802823870BB149C3A7BDFBB591601D8C099B3BDD3B3DDCCB03B4D611DC741D9C49C3B5B87654A21DFB618CFE6087F172B3DC663A9F4C0DAD81476EBE5B6FD966164383BC39303A66272A3FE6A0B9A813D4E249C6B9DACF748A49A979B3FA24036E47099E1D24ED3310CC04341E0BF3AFD4E365A04CD075B7D1DFF607A3B8738ABF885A7DC959251785CA626B8C9B476F44439653615437C715B1A586236132E1F89B0E4A9D2D84E403E6733C90A96EC041D14994B19EC0D23153BB94D9059851901353DDB60B9C42EDF715AF6EE4EF111E5AFD56092A1F7662A72AF80F8768425324A8A7335C805A49B1C4D3DC279B69114A5C592638FF22A963BD34D2D4BCC319972B99C197FA31C21B89E627F36CE811297FF707F53E6C258DAB407B7D618EC296317A565C2C8B740A39244D8F82095842F6F84448DCE29BB292C7E15072B00C04F2A0F4CD700F2E7348B703F74BCB8D5F4235FBD2824F515852EA9BE06255F88D81A5046D1F730E9BF103B3335F5F03D74AC2EC65814DD920E985B57A3B4E0C699F3103AB033CCF36A5B037B3668365484B58A4462D79414D27170C9DB4285BEC72D24A9654354B996D13C14B2994F6725E36FB766D57A79ED721C3CA248221390D7D6FA65F867FA6FA1369B9020D044D6CF351011000A4ECE215B3F782BAE8FB6C1E3FDC06D1E6242271F41B073FC7A852377888147B7168134E0B753C608D07308F188B9489AF34F1DAB1BB52FC3968D0A705C30A35EA0226E7D2608931138D56CCF124A9236276462863A8F1C83B3A640167211DEAAADFC557FF7701CBB1D413259CF3F5B18EC6E615000BB4AB73C75B980615CFA9A7778DE3BAB318CC448ECA044E3FDC95AC63AA2B28846D77FE190FE8FBC3A03ECE39D38675040FF1BE064410FAAD9FC5A8C2EFE02F34CC39F3087D6B2E934642995FD5A9F2D3A59302C0CBE1FEA01002C7EB64C8C4E5F853B5B17AEBC7C72297380B8DF9EC7F32F1766B3D76E186DC582EEDD5DA955B7CACDB4CCA69E99E9B25D22B157A68C9F828170917709D335A000590F2BE22FD7A5ED0FF2432969642E84978428C1A3C8380BB339D21CE9CB8CE8F4D6BC102B70A56042159F26C85F78599F931A73FE159CF4AE34C828E66FE84F648AF745B5D2B1022D514901A8E48C1CDAE82205FE21A58CAB77BBC8C1DD32A94AAF4954E7695F05B7C40A395E07F34EE0ADD218904FCD380BB737BE2EC5B148942840C58ABFA212C10AD6DEBB26523AA040DAD2191397DEB472F0DBEECEB6AFB386B7166754A47216C3629F63633A02C5FD1C116E46C8A682A163426E556EA5C0ECDB472429C0D51BEA5E583F889E70F831251E8B31C231D2F946DE8C31A6550F884EA961DFDF75A2C3E366AD48CB5001101000189022404180102000F05024D6CF351021B0C050909660180000A0910E5F8F8212F77A498ED740FF8E1CD5BAA631D75DFF18A2AA27DEF9C416118D178092A1C327C3CC641FD74BC976F3A1B5DA52B95CFEA68618B31F2AAEE6F82F30ED934EB98DE0105878A4814FC811139ED4B3AA356E3C962C422F0BE4D3D59F8E9E64913964287282A6519CD0B1F3F03615AEA223B276EFCBC5CD4921787C17F70B0967AEFDCC5462344399B4180EFD75C1185A83D6B691E660F8210E76624F1A87D988BAF9367D26B84DCB5DF8C7303C2947C4C238734ADDCCB7970F6C192F3F5DD5F75127E289F26B2FDA0562B44A032ED45AE1FC855DCA67D54125CCD36C16F207E4389B0F4E5FF45FE60328A53B322534868FF0D3D8ACA0BB0781EE1FE62F2C0E6FC468F57CCF795CED9F2B27E3CB6D16FC417BD4CA969A364DC649EA5C57F0325205EAA77FD9DF84431C3BE5329773828D0E32C0011CBB885E7131B44B1FC5267B0B3FF125E7255C233239FC6E8C8844D613DAB76833E49A7D947FAE6B3CEB35B2DDCE2A0F71F384F74FECDA521AE07CE3332E5EB2C79D100AD8F9ACE2A0067C1B590F61DD18AB021D66605AA745B5944D830DE4C9F61DCC889354B1A6203D918A5C2317B6D5F188D8D0CF6DAB11C9578F6F41D3089871BBB2963B11459AB0B4C4220DDAFB14C20ECBACAB1CEC60A522ECC883BD1D539CA61CDD4933C412FAFD631D03EFF23B23A4164729E32236947F622FE79A17493154E9A30B257E3FDF97F0B2E1B8C65FC85BD98
-9fe6cbb9e933ad0b8b4fa94066474e091ee8be696c224b1c1678fcec._openpgpkey.	3600	IN	OPENPGPKEY	mQINBE1s81EBEACuJzGgccrmYEAzHc//vBq66gH7orM0GtKfQZHh4uR1FMxZXl07WevUYNuBywTpinU9rpY1Q3S4w6QgNklgpsaHXmbOpyFjJ8FpllV8TRPiXiNrNxTpMnlb6InoszopX69tkBVHTP6cJkNgPx6R4BM0ARqEGQmOL8mAcoWyGVzbsamuGRaia54zs/kc3i9yiqEzRkoQmfwr7sr49n7gOpmaqXvonOSiUvgEziep77emMcqVa/qZxR1r7KUq85qTNTqsQwl2cQdKS7WwOeuG6ZIJmJ1bakriKzLBYF5xIHKSYJW0ZA20tNFrVKgTkEjiXvAJh4HlJEIi35tqa/IzWUJSc1ainhBjxbwSl8BRq5aaPgwB+xXiDqY6BrQW1slvl5TF2A6Xr7JJ0rkH3EZgXxABAZ3WJ3RLwq1z8jnNYj+UW/mSLsbOtgfOiBhFUXMZneHvVVvz6F6XAtyrejDl5sD2gnzm1VDfK6T6bvLtR7zrkWre0lpycDmgmUKgaEiXzfLvwT9RaWk8GdqU2GG+QOiwf+hT0peDieuodjMr59sUbx7GqVe/45rJBRSx+HCl2Jm7Th2Xr0kpStCd7ebVoEq9wpMyu+dM9wOTtibA9P3+9u4rAdimpAdQxEbhWbRNCng2EVhThbqRK3cTZLbtqKaWgAJqa/IQVpL9b5ps8Z4JVQARAQABtCNXaWxsZW0gVG9vcm9wIDx3aWxsZW1AbmxuZXRsYWJzLm5sPokCPgQTAQIAKAUCTWzzUQIbIwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ5fj4IS93pJhdWw/+KJuX99jk5avFN4t9bbfDlfmMPXh+P7WYY4xB6ImupAy+WzAB2UfHGEySnv5q0eMq6aywgCgjhwuxScOnvfu1kWAdjAmbO907PdzLA7TWEdx0HZxJw7W4dlSiHfthjP5gh/Fys9xmOp9MDa2BR26+W2/ZZhZDg7w5MDpmJyo/5qC5qBPU4knGudrPdIpJqXmz+iQDbkcJnh0k7TMQzAQ0Hgvzr9TjZaBM0HW30d/2B6O4c4q/iFp9yVklF4XKYmuMm0dvREOWU2FUN8cVsaWGI2Ey4fibDkqdLYTkA+ZzPJCpbsBB0UmUsZ7A0jFTu5TZBZhRkBNT3bYLnELt9xWvbuTvER5a/VYJKh92Yqcq+A+HaEJTJKinM1yAWkmxxNPcJ5tpEUpcWSY4/yKpY7000tS8wxmXK5nBl/oxwhuJ5ifzbOgRKX/3B/U+bCWNq0B7fWGOwpYxelZcLIt0CjkkTY+CCVhC9vhESNzim7KSx+FQcrAMBPKg9M1wDy5zSLcD90vLjV9CNfvSgk9RWFLqm+BiVfiNgaUEbR9zDpvxA7MzX18D10rC7GWBTdkg6YW1ejtODGmfMQOrAzzPNqWwN7Nmg2VIS1ikRi15QU0nFwydtChb7HLSSpZUNUuZbRPBSymU9nJeNvt2bVenntchw8okgiE5DX1vpl+Gf6b6E2m5Ag0ETWzzUQEQAKTs4hWz94K66PtsHj/cBtHmJCJx9BsHP8eoUjd4iBR7cWgTTgt1PGCNBzCPGIuUia808dqxu1L8OWjQpwXDCjXqAibn0mCJMRONVszxJKkjYnZGKGOo8cg7OmQBZyEd6qrfxVf/dwHLsdQTJZzz9bGOxuYVAAu0q3PHW5gGFc+pp3eN47qzGMxEjsoETj/claxjqisohG13/hkP6PvDoD7OOdOGdQQP8b4GRBD6rZ/FqMLv4C80zDnzCH1rLpNGQplf1any06WTAsDL4f6gEALH62TIxOX4U7WxeuvHxyKXOAuN+ex/MvF2az124YbcWC7t1dqVW3ys20zKaememyXSKxV6aMn4KBcJF3CdM1oABZDyviL9el7Q/yQylpZC6El4QowaPIOAuzOdIc6cuM6PTWvBArcKVgQhWfJshfeFmfkxpz/hWc9K40yCjmb+hPZIr3RbXSsQItUUkBqOSMHNroIgX+IaWMq3e7yMHdMqlKr0lU52lfBbfECjleB/NO4K3SGJBPzTgLtze+LsWxSJQoQMWKv6ISwQrW3rsmUjqgQNrSGROX3rRy8Nvuzravs4a3FmdUpHIWw2KfY2M6AsX9HBFuRsimgqFjQm5VbqXA7NtHJCnA1RvqXlg/iJ5w+DElHosxwjHS+UbejDGmVQ+ITqlh3991osPjZq1Iy1ABEBAAGJAiQEGAECAA8FAk1s81ECGwwFCQlmAYAACgkQ5fj4IS93pJjtdA/44c1bqmMddd/xiiqife+cQWEY0XgJKhwyfDzGQf10vJdvOhtdpSuVz+poYYsx8qrub4LzDtk065jeAQWHikgU/IEROe1LOqNW48lixCLwvk09Wfjp5kkTlkKHKCplGc0LHz8DYVrqIjsnbvy8XNSSF4fBf3Cwlnrv3MVGI0Q5m0GA79dcEYWoPWtpHmYPghDnZiTxqH2Yi6+TZ9JrhNy134xzA8KUfEwjhzSt3Mt5cPbBkvP13V91En4onyay/aBWK0SgMu1Frh/IVdymfVQSXM02wW8gfkOJsPTl/0X+YDKKU7MiU0ho/w09isoLsHge4f5i8sDm/EaPV8z3lc7Z8rJ+PLbRb8QXvUypaaNk3GSepcV/AyUgXqp3/Z34RDHDvlMpdzgo0OMsABHLuIXnExtEsfxSZ7Cz/xJeclXCMyOfxujIhE1hPat2gz5Jp9lH+uazzrNbLdzioPcfOE90/s2lIa4HzjMy5essedEArY+azioAZ8G1kPYd0YqwIdZmBap0W1lE2DDeTJ9h3MiJNUsaYgPZGKXCMXttXxiNjQz22rEclXj29B0wiYcbuyljsRRZqwtMQiDdr7FMIOy6yrHOxgpSLsyIO9HVOcphzdSTPEEvr9Yx0D7/I7I6QWRynjIjaUf2Iv55oXSTFU6aMLJX4/35fwsuG4xl/IW9mA==
-04746573740361646401310000FA00FF00000000003A08686D61632D6D6435077369672D616C670372656703696E74000000583FEEC3012C0010964109B23C0178075FBFD446B3ACD9AE3BFB00000000
-test.add.1.	0	ANY	TSIG	hmac-md5.sig-alg.reg.int. 1480584899 300 16 lkEJsjwBeAdfv9RGs6zZrg== 15355 NOERROR 0
-06626C61626C610000FA00FF00000000003A08686D61632D6D6435077369672D616C670372656703696E74000000583FEF34012C001093D99232CDADE6FAB9155D83BD0BD1EAE75F00000000
-blabla.	0	ANY	TSIG	hmac-md5.sig-alg.reg.int. 1480585012 300 16 k9mSMs2t5vq5FV2DvQvR6g== 59231 NOERROR 0
-06626C61626C610000FA00FF00000000003A08686D61632D6D6435077369672D616C670372656703696E74000000583F0000012C0010B017F1D34191B3EB5F4539B8B910A3C964BF00000000
-blabla.	0	ANY	TSIG	hmac-md5.sig-alg.reg.int. 1480523776 300 16 sBfx00GRs+tfRTm4uRCjyQ== 25791 NOERROR 0
-06626C61626C610000FA00FF00000000002A08686D61632D6D6435077369672D616C670372656703696E74000000583FF0E9012C0000E92C00100000
-blabla.	0	ANY	TSIG	hmac-md5.sig-alg.reg.int. 1480585449 300 0 59692 BADSIG 0
-06626C61626C610000FA00FF00000000003A08686D61632D6D6435077369672D616C670372656703696E74000000583FF0F6012C0010EB0BE51BCDAC1151F2AAC4ED04BBD14365BC00000000
-blabla.	0	ANY	TSIG	hmac-md5.sig-alg.reg.int. 1480585462 300 16 6wvlG82sEVHyqsTtBLvRQw== 26044 NOERROR 0
-076578616D706C65036F726700003F0001000151800046000000050102C1B8EDDF4EF128DB88125EDE9008D6FF0B33A047B8A8A4D77B00271F7D8E7AE5CCD6C86D8398F64F0DE0615BF3121FFBA6946A3CD5F32ACBC4E8D0649B4A78E6
-example.org.	86400	IN	ZONEMD	5 1 2 C1B8EDDF4EF128DB88125EDE9008D6FF0B33A047B8A8A4D77B00271F7D8E7AE5CCD6C86D8398F64F0DE0615BF3121FFBA6946A3CD5F32ACBC4E8D0649B4A78E6
-076578616D706C6503636F6D00003F00010001518000367848B78C0101FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE7EB1A7B641A47BA7FED2DD5B97AE499FAFA4F22C6BD647DE
-example.com.	86400	IN	ZONEMD	2018031500 1 1 FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE7EB1A7B641A47BA7FED2DD5B97AE499FAFA4F22C6BD647DE
-076578616D706C6500003F00010001518000367848B91C0101C68090D90A7AED716BC459F9340E3D7C1370D4D24B7E2FC3A1DDC0B9A87153B9A9713B3C9AE5CC27777F98B8E730044C
-example.	86400	IN	ZONEMD	2018031900 1 1 C68090D90A7AED716BC459F9340E3D7C1370D4D24B7E2FC3A1DDC0B9A87153B9A9713B3C9AE5CC27777F98B8E730044C
-076578616D706C6500003F00010001518000367848B91C010131CEFB03814F5062AD12FA951BA0EF5F8DA6AE354A415767246F7DC932CEB1E742A2108F529DB6A33A11C01493DE358D
-example.	86400	IN	ZONEMD	2018031900 1 1 31CEFB03814F5062AD12FA951BA0EF5F8DA6AE354A415767246F7DC932CEB1E742A2108F529DB6A33A11C01493DE358D
-086E6F6E2D61706578076578616D706C6500003F00010000038400367848B91C0101616C6C6F776564206275742069676E6F7265642E20616C6C6F776564206275742069676E6F7265642E20616C6C6F7765
-non-apex.example.	900	IN	ZONEMD	2018031900 1 1 616C6C6F776564206275742069676E6F7265642E20616C6C6F776564206275742069676E6F7265642E20616C6C6F7765
-076578616D706C6500003F00010001518000367848B91C010162E6CF51B02E54B9B5F967D547CE43136792901F9F88E637493DAAF401C92C279DD10F0EDB1C56F8080211F8480EE306
-example.	86400	IN	ZONEMD	2018031900 1 1 62E6CF51B02E54B9B5F967D547CE43136792901F9F88E637493DAAF401C92C279DD10F0EDB1C56F8080211F8480EE306
-076578616D706C6500003F00010001518000467848B91C010208CFA1115C7B948C4163A901270395EA226A930CD2CBCF2FA9A5E6EB85F37C8A4E114D884E66F176EAB121CB02DB7D652E0CC4827E7A3204F166B47E5613FD27
-example.	86400	IN	ZONEMD	2018031900 1 2 08CFA1115C7B948C4163A901270395EA226A930CD2CBCF2FA9A5E6EB85F37C8A4E114D884E66F176EAB121CB02DB7D652E0CC4827E7A3204F166B47E5613FD27
-076578616D706C6500003F00010001518000167848B91C01F0E2D523F654B9422A96C5A8F44607BBEE
-example.	86400	IN	ZONEMD	2018031900 1 240 E2D523F654B9422A96C5A8F44607BBEE
-076578616D706C6500003F000100015180001A7848B91CF101E1846540E33A9E4189792D18D5D131F605FC283E
-example.	86400	IN	ZONEMD	2018031900 241 1 E1846540E33A9E4189792D18D5D131F605FC283E
-03757269046172706100003F000100000E1000367849C5DE01011291B78DDF7669B1A39D014D87626B709B55774C5D7D58FADC556439889A10EAF6F11D615900A4F996BD46279514E473
-uri.arpa.	3600	IN	ZONEMD	2018100702 1 1 1291B78DDF7669B1A39D014D87626B709B55774C5D7D58FADC556439889A10EAF6F11D615900A4F996BD46279514E473
-0C726F6F742D73657276657273036E657400003F00010036EE8000367849A05C0101F1CA0CCD91BD5573D9F431C00EE0101B2545C97602BE0A978A3B11DBFC1C776D5B3E86AE3D973D6B5349BA7F04340F79
-root-servers.net.	3600000	IN	ZONEMD	2018091100 1 1 F1CA0CCD91BD5573D9F431C00EE0101B2545C97602BE0A978A3B11DBFC1C776D5B3E86AE3D973D6B5349BA7F04340F79
-03666F6F00001D00010000303900100011111182BD2D4D69530BD400988D20
-foo.	12345	IN	LOC	12 45 52.333 N 105 40 33.452 W -24m 0.10m 0.10m 0.10m
-03666F6F00000D000100003039000D05686F68756D0677656972646F
-foo.	12345	IN	HINFO	"hohum" "weirdo"
-0130013001330136013101300130013001660166016601660166016601330133013101650131013001300130013001300130013001300130016101350130013001300138013501300130013001370134044E53415003494E54000017000100000E10000D0C666F6F2E6261722E636F6D2E
-0.0.3.6.1.0.0.0.f.f.f.f.f.f.3.3.1.e.1.0.0.0.0.0.0.0.0.0.a.5.0.0.0.8.5.0.0.0.7.4.NSAP.INT.	3600	IN	NSAP-PTR	foo.bar.com.
-0130013001340136013101300130013001660166016601660166016601330133013101650131013001300130013001300130013001300130016101350130013001300138013501300130013001370134044E53415003494E54000017000100000E1000100F686F73742E7363686F6F6C2E64652E
-0.0.4.6.1.0.0.0.f.f.f.f.f.f.3.3.1.e.1.0.0.0.0.0.0.0.0.0.a.5.0.0.0.8.5.0.0.0.7.4.NSAP.INT.	3600	IN	NSAP-PTR	host.school.de.
diff --git a/contrib/unbound/testdata/val_failure_dnskey.rpl b/contrib/unbound/testdata/val_failure_dnskey.rpl
deleted file mode 100644
index c5f1af2ff349..000000000000
--- a/contrib/unbound/testdata/val_failure_dnskey.rpl
+++ /dev/null
@@ -1,347 +0,0 @@
-; config options
-; The island of trust is at example.com
-server:
-	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
-	trust-anchor: "example.net.	3600	IN	DS	1444 8 2 69887be92d4848c0bc10acc95682a01e7e3b57ab0750a2ee6f72cac7191a64f1"
-	val-override-date: "20070916134226"
-	target-fetch-policy: "0 0 0 0 0"
-	qname-minimisation: "no"
-	fake-sha1: yes
-	trust-anchor-signaling: no
-	minimal-responses: no
-	val-log-level: 2
-	ede: yes
-
-stub-zone:
-	name: "."
-	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
-CONFIG_END
-
-SCENARIO_BEGIN Test validator with failure for chaing of trust lookup.
-; The error message that is created, also for EDE is more extensive.
-
-; K.ROOT-SERVERS.NET.
-RANGE_BEGIN 0 100
-	ADDRESS 193.0.14.129 
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-. IN NS
-SECTION ANSWER
-. IN NS	K.ROOT-SERVERS.NET.
-SECTION ADDITIONAL
-K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-com. IN NS
-SECTION AUTHORITY
-com.	IN NS	a.gtld-servers.net.
-SECTION ADDITIONAL
-a.gtld-servers.net.	IN 	A	192.5.6.30
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-net. IN NS
-SECTION AUTHORITY
-net.	IN NS	a.gtld-servers.net.
-SECTION ADDITIONAL
-a.gtld-servers.net.	IN 	A	192.5.6.30
-ENTRY_END
-RANGE_END
-
-; a.gtld-servers.net.
-RANGE_BEGIN 0 100
-	ADDRESS 192.5.6.30
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-com. IN NS
-SECTION ANSWER
-com.    IN NS   a.gtld-servers.net.
-SECTION ADDITIONAL
-a.gtld-servers.net.     IN      A       192.5.6.30
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-example.com. IN NS
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.4
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-example.net. IN NS
-SECTION AUTHORITY
-example.net.	IN NS	ns.example.net.
-SECTION ADDITIONAL
-ns.example.net.		IN 	A	1.2.3.5
-ENTRY_END
-RANGE_END
-
-; ns.example.com.
-RANGE_BEGIN 0 100
-	ADDRESS 1.2.3.4
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-example.com. IN NS
-SECTION ANSWER
-example.com.    IN NS   ns.example.com.
-example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-SECTION ADDITIONAL
-ns.example.com.         IN      A       1.2.3.4
-ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-ns.example.com. IN A
-SECTION ANSWER
-ns.example.com.         IN      A       1.2.3.4
-ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-ns.example.com. IN AAAA
-SECTION AUTHORITY
-example.com.    IN NS   ns.example.com.
-example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-SECTION ADDITIONAL
-ns.example.com.         IN      A       1.2.3.4
-ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
-ENTRY_END
-
-; response to DNSKEY priming query
-;ENTRY_BEGIN
-;MATCH opcode qtype qname
-;ADJUST copy_id
-;REPLY QR NOERROR
-;SECTION QUESTION
-;example.com. IN DNSKEY
-;SECTION ANSWER
-;example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
-;example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
-;SECTION AUTHORITY
-;example.com.	IN NS	ns.example.com.
-;example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-;SECTION ADDITIONAL
-;ns.example.com.		IN 	A	1.2.3.4
-;ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
-;ENTRY_END
-; servfail for DNSKEY priming query
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA SERVFAIL
-SECTION QUESTION
-example.com. IN DNSKEY
-ENTRY_END
-
-; response to query of interest
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. IN A	10.20.30.40
-ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.4
-www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
-ENTRY_END
-RANGE_END
-
-; ns.example.com.
-RANGE_BEGIN 0 100
-	ADDRESS 1.2.3.5
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-example.net. IN NS
-SECTION ANSWER
-example.net.	3600	IN	NS	ns.example.net.
-example.net.	3600	IN	RRSIG	NS 8 2 3600 20070926134150 20070829134150 1444 example.net. nHpOqZb00nIGytQ1YmVoXEHURL/75dWhlKSEtRTorjVdPGPZNN7ziCWJW303v7u07TkZ+i6oFVEWG/SDR4ejn5o31UKJy1373PEH/cvPf9/44jw9gAFaHF1eO6ZQGaRQaeEpU06+xUcnc2QXFt6rNu60EsTvMRDN83bD+r7FA7Y=
-SECTION ADDITIONAL
-ns.example.net.	3600	IN	A	1.2.3.5
-ns.example.net.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 1444 example.net. TgQ4nfGtLHuZXlC4JJlVQ6mejf1WJbstTxsh/kgMAc2tryOxF/gvGBHaMtz6oceFZrIgk6g3RYI1Gk5gjSFNADh+EIwI422M8XPAAxRLfFahiO4lr1aCo4c94TYeZNpnDKy81rINTz2hQE1pGWr8Z03ySABqSBnTE1FQt4N/JCo=
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-ns.example.net. IN A
-SECTION ANSWER
-ns.example.net.	3600	IN	A	1.2.3.5
-ns.example.net.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 1444 example.net. TgQ4nfGtLHuZXlC4JJlVQ6mejf1WJbstTxsh/kgMAc2tryOxF/gvGBHaMtz6oceFZrIgk6g3RYI1Gk5gjSFNADh+EIwI422M8XPAAxRLfFahiO4lr1aCo4c94TYeZNpnDKy81rINTz2hQE1pGWr8Z03ySABqSBnTE1FQt4N/JCo=
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-ns.example.net. IN AAAA
-SECTION AUTHORITY
-example.net.	3600	IN	SOA	ns.example.net. host.example.net. 1 3600 300 7200 3600
-example.net.	3600	IN	RRSIG	SOA 8 2 3600 20070926134150 20070829134150 1444 example.net. P5FRQ4A/0n5owaBhZqlYBFD2PNAWJc5oxiDwvwh0hdjxETx8ta3EAvDKtNj5XZ5EKDAhP/tivd+Bq50I0xfRBmrouxgxjgnV3ye8zU+M1fXbuKpsWme9R3S4cs9WYfggTn7X00Af8m0tE62SLH/ZtOOQi2CvOPu7PXtHYT6KW4Q=
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-example.net. IN DNSKEY
-SECTION ANSWER
-example.net.	3600	IN	DNSKEY	257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
-example.net.	3600	IN	RRSIG	DNSKEY 8 2 3600 20070926134150 20070829134150 1444 example.net. hAAlJt/YwAgWBzseK0N42+ysSMaWgntcuftF8a43chLh+fbe3vPWrgwqr/Cic52tu4ZqMox592tqWDxAG7F1eDGfO0SfzS2C9Tc/Wnz5nFjFh75G4Mtt8DTv5vTyGUVX5zAFzV8SNijVC0o1F7MHaVPt3rFtjjg2zW/UOz2m9+U=
-ENTRY_END
-
-; For sub1.example.net. zone; it is co-hosted with example.net, so that
-; there can be failures for the DS lookup. But the data lookup succeeds.
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.sub1.example.net. IN A
-SECTION ANSWER
-www.sub1.example.net. IN A	10.20.30.41
-www.sub1.example.net.	3600	IN	RRSIG	A 8 4 3600 20070926134150 20070829134150 29332 sub1.example.net. NcFP77Hixawt8hb+STIbbeqdF9tWTuHsbGEB4agKXlwHqS0BnyA+It6+UdE57IF0Kbnc7gSuaslX9At8ctd4HuC/9F/osbo96o23JEfnXPky/r5SsLaeN5KmUmUVjG9oxyAEc6PVlaaQ5a/RhaxmDRaDiku2gB7KjdjPxwxe+Rc54GV2eM3GtcfT+oDakLdSSACqeVjUFIOtYMpG8jAHrBe4uSnjKI7O0fWDFN5OES6sN9iUS9/ceorIoF/gSIqM7xWEuPLxE2c5TtYJyPtMCeGJ9wBP4wrTXfJ58+Lg5SFKgEuKTvAqEv9KEwg/kJb1GQ+ho5XKFO6EII2iyeUK/w==
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR SERVFAIL
-SECTION QUESTION
-sub1.example.net. IN DS
-SECTION ANSWER
-; no DS for sub1.example.net id=29332 algo=8
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-www.sub2.example.net. IN A
-SECTION ANSWER
-www.sub2.example.net. IN A	10.20.30.42
-www.sub2.example.net.	3600	IN	RRSIG	A 8 4 3600 20070926134150 20070829134150 29332 sub2.example.net. FOY6YxNoFyrSkBtWV7HcECmORTMedRWHdGk7Rm04icT8Bw0dWfzVaIpAkBY6FXx8UvqN7McN4IJI5dAVXptfekO+Yvy2PwkjehRUXvQK64XH5UM5pVbX5g8E4pnOrLa/jzPB7srzMpyWVCpt81lPoFpdfXUMm7434ifkTYhpAll7y5NAocFiT3F+XGe06qMIr51WxoFfegIGohMFhkTDUdLWrdV10128W+NzPdwoYtiigtCObKxTtyj3gK+mxqXvX4X4F2YIGQ+mx62ovdUilnLYZm/WC/ZQkdxeOZjeCTxvSpGGG+wtu1QufgIJ+BpAZAOxREOYZkhR29AG0np4EA==
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR SERVFAIL
-SECTION QUESTION
-sub2.example.net. IN DNSKEY
-SECTION ANSWER
-; sub2.example.net.       IN      DNSKEY  257 3 8 AwEAAb4WMOTBLTFvmBra5m6SK4VfViOzmvyUAU0qv861ZQXeEFvwlndqNU9rwRsMxrSWAYs5nHErKDn49usC/HyxxW1477iGFHhfgL4mjNreJm9zft2QFB1VLbRbEPYdDMLCn4co0qnG7/KG8W2i8Pym1L7f+aREwbLo+/716AS2PbaKMhfWLKLiq5wnBcUClQMNzCiwhqxDJp1oePqfkVdeUgXOtgi0dYRIKyQFhJ5VWJ22npoi/Gif0XLCADAlAwRLKc8o/yJkCxskzgpHpw5Cki1lclg0aq4ssOuPRQ+ne6IHYCz9D2mwzulblhLFamKdq7aHzNt4NlyxhpANVFiKLD8= ;{id = 29332 (ksk), size = 2048b}
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-sub2.example.net. IN DS
-SECTION ANSWER
-sub2.example.net.       3600    IN      DS      29332 8 2 d53e615d9d736b0f2a0097f1d5fa51c84320610f94ecbd7197e7de5f44f02d72
-sub2.example.net.	3600	IN	RRSIG	DS 8 3 3600 20070926134150 20070829134150 1444 example.net. dYLYs1uMxJm5+MB6L1+uStE5S1YtyYR0JF+1pPoTptc/H1hYqMxK7pVQPtIGvq8j8wNyC7jOzALfEXgwRKiSdR1l1GQ5HIxWkhUmkpLcecwJOjemee4nXaifOFa5bdbdYpuDwTiIzx+PvanlaVjEPy0i1IukanDi6jojfyWcgLA=
-ENTRY_END
-RANGE_END
-
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; The DNSKEY lookup for the key prime is a failure.
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ede=9
-REPLY QR RD RA DO SERVFAIL
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-ENTRY_END
-
-STEP 20 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.sub1.example.net. IN A
-ENTRY_END
-
-; The DS lookup is a failure.
-STEP 30 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ede=23
-REPLY QR RD RA DO SERVFAIL
-SECTION QUESTION
-www.sub1.example.net. IN A
-SECTION ANSWER
-ENTRY_END
-
-STEP 40 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.sub2.example.net. IN A
-ENTRY_END
-
-; The DNSKEY lookup is a failure.
-STEP 50 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ede=9
-REPLY QR RD RA DO SERVFAIL
-SECTION QUESTION
-www.sub2.example.net. IN A
-SECTION ANSWER
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/testdata/val_scrub_rr_length.rpl b/contrib/unbound/testdata/val_scrub_rr_length.rpl
deleted file mode 100644
index f83157ff04c3..000000000000
--- a/contrib/unbound/testdata/val_scrub_rr_length.rpl
+++ /dev/null
@@ -1,163 +0,0 @@
-; config options
-; The island of trust is at example.com
-server:
-	trust-anchor: "example.com.	IN	DS	55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af"
-	val-override-date: "20070916134226"
-	target-fetch-policy: "0 0 0 0 0"
-	qname-minimisation: "no"
-	trust-anchor-signaling: no
-	minimal-responses: no
-	rrset-roundrobin: no
-	ede: yes
-
-stub-zone:
-	name: "."
-	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
-CONFIG_END
-
-SCENARIO_BEGIN Test validator with scrub of RR for inappropriate length
-
-; K.ROOT-SERVERS.NET.
-RANGE_BEGIN 0 100
-	ADDRESS 193.0.14.129 
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-. IN NS
-SECTION ANSWER
-. IN NS	K.ROOT-SERVERS.NET.
-SECTION ADDITIONAL
-K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION AUTHORITY
-com.	IN NS	a.gtld-servers.net.
-SECTION ADDITIONAL
-a.gtld-servers.net.	IN 	A	192.5.6.30
-ENTRY_END
-RANGE_END
-
-; a.gtld-servers.net.
-RANGE_BEGIN 0 100
-	ADDRESS 192.5.6.30
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-com. IN NS
-SECTION ANSWER
-com.    IN NS   a.gtld-servers.net.
-SECTION ADDITIONAL
-a.gtld-servers.net.     IN      A       192.5.6.30
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.4
-ENTRY_END
-RANGE_END
-
-; ns.example.com.
-RANGE_BEGIN 0 100
-	ADDRESS 1.2.3.4
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-example.com. IN NS
-SECTION ANSWER
-example.com.    IN NS   ns.example.com.
-example.com.	3600	IN	RRSIG	NS 8 2 3600 20070926134150 20070829134150 55566 example.com. cHdLVCzujUQs6b67c1SmCX+/br4tgOg86Gj/R/x+PKUQmWHyeVwBSTlJuLOHbca3CQoyIQc+V2ilK6fjwjbY/dLk4uOlux8L+Zn7HsUXSOwJPIjsM3LuTa8CYDMvYhOP7KGR+vNpJVSsQ25pyDn6Rzsdl3E7DAf7uSkPV8VJwa8=
-SECTION ADDITIONAL
-ns.example.com.         IN      A       1.2.3.4
-ns.example.com.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 55566 example.com. PBwNifMNxTXlDorHX1neq1wUhWLmqk+PZ+PBZCI5BJAmakdgOXdLQiVqlKaErJyA/4uN+99fUf6/DqxwgxL8FIPdBkxMOTJaKrCFjEhL6qozTd3+DI6qFJPgTm1lrkpvb9W72MtK2vxAyT5I/bG2SWKdpzOaQXysbDb2hnxq3as=
-ENTRY_END
-
-; response to DNSKEY priming query
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-example.com. IN DNSKEY
-SECTION ANSWER
-example.com.	IN	DNSKEY	256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b}
-example.com.	3600	IN	RRSIG	DNSKEY 8 2 3600 20070926134150 20070829134150 55566 example.com. Ni7Q17l2dzKcAnHdU3Mycpdwo0I6qgGxRvBhBNI43xIUFHJpgKpbeMFxKvVTkbwHyMPMIuHmOaC82IBhOpGD10SExVh4erQhWS3Hvl+m4Cwl3WI9N+AW6CTB9yj+d4xzX3bHjjBt6MSk4bU8ABR7qIoAjgjY7zdtUDWQlaM+d18=
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-example.com.	3600	IN	RRSIG	NS 8 2 3600 20070926134150 20070829134150 55566 example.com. cHdLVCzujUQs6b67c1SmCX+/br4tgOg86Gj/R/x+PKUQmWHyeVwBSTlJuLOHbca3CQoyIQc+V2ilK6fjwjbY/dLk4uOlux8L+Zn7HsUXSOwJPIjsM3LuTa8CYDMvYhOP7KGR+vNpJVSsQ25pyDn6Rzsdl3E7DAf7uSkPV8VJwa8=
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.4
-ns.example.com.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 55566 example.com. PBwNifMNxTXlDorHX1neq1wUhWLmqk+PZ+PBZCI5BJAmakdgOXdLQiVqlKaErJyA/4uN+99fUf6/DqxwgxL8FIPdBkxMOTJaKrCFjEhL6qozTd3+DI6qFJPgTm1lrkpvb9W72MtK2vxAyT5I/bG2SWKdpzOaQXysbDb2hnxq3as=
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-ns.example.com. IN AAAA
-SECTION AUTHORITY
-example.com.    IN NS   ns.example.com.
-example.com.	3600	IN	RRSIG	NS 8 2 3600 20070926134150 20070829134150 55566 example.com. cHdLVCzujUQs6b67c1SmCX+/br4tgOg86Gj/R/x+PKUQmWHyeVwBSTlJuLOHbca3CQoyIQc+V2ilK6fjwjbY/dLk4uOlux8L+Zn7HsUXSOwJPIjsM3LuTa8CYDMvYhOP7KGR+vNpJVSsQ25pyDn6Rzsdl3E7DAf7uSkPV8VJwa8=
-SECTION ADDITIONAL
-ns.example.com.         IN      A       1.2.3.4
-ns.example.com.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 55566 example.com. PBwNifMNxTXlDorHX1neq1wUhWLmqk+PZ+PBZCI5BJAmakdgOXdLQiVqlKaErJyA/4uN+99fUf6/DqxwgxL8FIPdBkxMOTJaKrCFjEhL6qozTd3+DI6qFJPgTm1lrkpvb9W72MtK2vxAyT5I/bG2SWKdpzOaQXysbDb2hnxq3as=
-ENTRY_END
-
-; response to query of interest
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. IN A	10.20.30.40
-www.example.com. IN A \# 5 0102030405
-; RRSIG includes the malformed record.
-www.example.com.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 55566 example.com. W4WFu9B81uRvp3Dj8uLIscypznKWuLuKrZqVg1on5/45/3/xyjHvj3TjTL3gruWFXPiQpldvOstXLZ5eN3OpqILdkVey0eqVATujpHwIruY6GWztVx5WptmFfK6E6zzshZ3RmAARqq/czQ+IZli2A9xixdY2H0o1dSU6gohEjjE=
-SECTION AUTHORITY
-example.com.	IN NS	ns.example.com.
-example.com.	3600	IN	RRSIG	NS 8 2 3600 20070926134150 20070829134150 55566 example.com. cHdLVCzujUQs6b67c1SmCX+/br4tgOg86Gj/R/x+PKUQmWHyeVwBSTlJuLOHbca3CQoyIQc+V2ilK6fjwjbY/dLk4uOlux8L+Zn7HsUXSOwJPIjsM3LuTa8CYDMvYhOP7KGR+vNpJVSsQ25pyDn6Rzsdl3E7DAf7uSkPV8VJwa8=
-SECTION ADDITIONAL
-ns.example.com.		IN 	A	1.2.3.4
-ns.example.com.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 55566 example.com. PBwNifMNxTXlDorHX1neq1wUhWLmqk+PZ+PBZCI5BJAmakdgOXdLQiVqlKaErJyA/4uN+99fUf6/DqxwgxL8FIPdBkxMOTJaKrCFjEhL6qozTd3+DI6qFJPgTm1lrkpvb9W72MtK2vxAyT5I/bG2SWKdpzOaQXysbDb2hnxq3as=
-ENTRY_END
-RANGE_END
-
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; recursion happens here.
-STEP 10 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all ede=0
-REPLY QR RD RA DO SERVFAIL
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-ENTRY_END
-
-SCENARIO_END
diff --git a/contrib/unbound/util/config_file.c b/contrib/unbound/util/config_file.c
index cf610efc6a7c..8bbb428290c1 100644
--- a/contrib/unbound/util/config_file.c
+++ b/contrib/unbound/util/config_file.c
@@ -155,7 +155,7 @@ config_create(void)
 #  else
 	/* libevent can use many sockets */
 	cfg->outgoing_num_ports = 4096;
-	cfg->num_queries_per_thread = 1024;
+	cfg->num_queries_per_thread = 2048;
 #  endif
 	cfg->outgoing_num_tcp = 10;
 	cfg->incoming_num_tcp = 10;
@@ -169,10 +169,10 @@ config_create(void)
 	cfg->edns_buffer_size = 1232; /* from DNS flagday recommendation */
 	cfg->msg_buffer_size = 65552; /* 64 k + a small margin */
 	cfg->msg_cache_size = 4 * 1024 * 1024;
-	cfg->msg_cache_slabs = 4;
+	cfg->msg_cache_slabs = 0;
 	cfg->jostle_time = 200;
 	cfg->rrset_cache_size = 4 * 1024 * 1024;
-	cfg->rrset_cache_slabs = 4;
+	cfg->rrset_cache_slabs = 0;
 	cfg->host_ttl = 900;
 	cfg->bogus_ttl = 60;
 	cfg->min_ttl = 0;
@@ -182,7 +182,7 @@ config_create(void)
 	cfg->prefetch = 0;
 	cfg->prefetch_key = 0;
 	cfg->deny_any = 0;
-	cfg->infra_cache_slabs = 4;
+	cfg->infra_cache_slabs = 0;
 	cfg->infra_cache_numhosts = 10000;
 	cfg->infra_cache_min_rtt = 50;
 	cfg->infra_cache_max_rtt = 120000;
@@ -210,7 +210,7 @@ config_create(void)
 	cfg->if_automatic = 0;
 	cfg->if_automatic_ports = NULL;
 	cfg->so_rcvbuf = 0;
-	cfg->so_sndbuf = 0;
+	cfg->so_sndbuf = 4*1024*1024;
 	cfg->so_reuseport = REUSEPORT_DEFAULT;
 	cfg->ip_transparent = 0;
 	cfg->ip_freebind = 0;
@@ -291,7 +291,7 @@ config_create(void)
 	cfg->keep_missing = 366*24*3600; /* one year plus a little leeway */
 	cfg->permit_small_holddown = 0;
 	cfg->key_cache_size = 4 * 1024 * 1024;
-	cfg->key_cache_slabs = 4;
+	cfg->key_cache_slabs = 0;
 	cfg->neg_cache_size = 1 * 1024 * 1024;
 	cfg->local_zones = NULL;
 	cfg->local_zones_nodefault = NULL;
@@ -341,8 +341,8 @@ config_create(void)
 	cfg->ip_ratelimit_cookie = 0;
 	cfg->ip_ratelimit = 0;
 	cfg->ratelimit = 0;
-	cfg->ip_ratelimit_slabs = 4;
-	cfg->ratelimit_slabs = 4;
+	cfg->ip_ratelimit_slabs = 0;
+	cfg->ratelimit_slabs = 0;
 	cfg->ip_ratelimit_size = 4*1024*1024;
 	cfg->ratelimit_size = 4*1024*1024;
 	cfg->ratelimit_for_domain = NULL;
@@ -367,9 +367,9 @@ config_create(void)
 	cfg->dnscrypt_provider_cert_rotated = NULL;
 	cfg->dnscrypt_secret_key = NULL;
 	cfg->dnscrypt_shared_secret_cache_size = 4*1024*1024;
-	cfg->dnscrypt_shared_secret_cache_slabs = 4;
+	cfg->dnscrypt_shared_secret_cache_slabs = 0;
 	cfg->dnscrypt_nonce_cache_size = 4*1024*1024;
-	cfg->dnscrypt_nonce_cache_slabs = 4;
+	cfg->dnscrypt_nonce_cache_slabs = 0;
 	cfg->pad_responses = 1;
 	cfg->pad_responses_block_size = 468; /* from RFC8467 */
 	cfg->pad_queries = 1;
@@ -421,6 +421,7 @@ config_create(void)
 	cfg->dns_error_reporting = 0;
 	cfg->iter_scrub_ns = 20;
 	cfg->iter_scrub_cname = 11;
+	cfg->iter_scrub_promiscuous = 1;
 	cfg->max_global_quota = 200;
 	return cfg;
 error_exit:
@@ -454,6 +455,11 @@ struct config_file* config_create_forlib(void)
 	cfg->val_log_squelch = 1;
 	cfg->minimal_responses = 0;
 	cfg->harden_short_bufsize = 1;
+	/* Need to explicitly define the slabs from their 0 default value */
+	cfg->ip_ratelimit_slabs = 1;
+	cfg->ratelimit_slabs = 1;
+	cfg->dnscrypt_shared_secret_cache_slabs = 1;
+	cfg->dnscrypt_nonce_cache_slabs = 1;
 	return cfg;
 }
 
@@ -760,6 +766,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
 	else S_YNO("dns-error-reporting:", dns_error_reporting)
 	else S_NUMBER_OR_ZERO("iter-scrub-ns:", iter_scrub_ns)
 	else S_NUMBER_OR_ZERO("iter-scrub-cname:", iter_scrub_cname)
+	else S_YNO("iter-scrub-promiscuous:", iter_scrub_promiscuous)
 	else S_NUMBER_OR_ZERO("max-global-quota:", max_global_quota)
 	else S_YNO("serve-original-ttl:", serve_original_ttl)
 	else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations)
@@ -1236,6 +1243,7 @@ config_get_option(struct config_file* cfg, const char* opt,
 	else O_YNO(opt, "dns-error-reporting", dns_error_reporting)
 	else O_DEC(opt, "iter-scrub-ns", iter_scrub_ns)
 	else O_DEC(opt, "iter-scrub-cname", iter_scrub_cname)
+	else O_YNO(opt, "iter-scrub-promiscuous", iter_scrub_promiscuous)
 	else O_DEC(opt, "max-global-quota", max_global_quota)
 	else O_YNO(opt, "serve-original-ttl", serve_original_ttl)
 	else O_STR(opt, "val-nsec3-keysize-iterations",val_nsec3_key_iterations)
@@ -1448,6 +1456,41 @@ create_cfg_parser(struct config_file* cfg, char* filename, const char* chroot)
 	init_cfg_parse();
 }
 
+void
+config_auto_slab_values(struct config_file* cfg)
+{
+#define SET_AUTO_SLAB(var, name, val)						\
+do {										\
+	if(cfg->var == 0) {							\
+		cfg->var = val;							\
+		verbose(VERB_QUERY, "setting "name": %lu", (unsigned long)val);	\
+	}									\
+} while(0);
+#ifdef THREADS_DISABLED
+	size_t pow_2_threads = 1;
+#else
+	size_t pow_2_threads = 4;  /* pow2 start */
+	while (pow_2_threads < (size_t)(cfg->num_threads?cfg->num_threads:1) &&
+		/* 1/3 of the distance to the next pow2 value stays with the
+		 * lower value */
+		(size_t)cfg->num_threads > pow_2_threads + (pow_2_threads - 1)/3) {
+		pow_2_threads <<= 1;
+	}
+	log_assert((pow_2_threads & (pow_2_threads - 1)) == 0); /* powerof2? */
+#endif /* THREADS_DISABLED */
+
+	SET_AUTO_SLAB(msg_cache_slabs, "msg-cache-slabs", pow_2_threads);
+	SET_AUTO_SLAB(rrset_cache_slabs, "rrset-cache-slabs", pow_2_threads);
+	SET_AUTO_SLAB(infra_cache_slabs, "infra-cache-slabs", pow_2_threads);
+	SET_AUTO_SLAB(key_cache_slabs, "key-cache-slabs", pow_2_threads);
+	SET_AUTO_SLAB(ip_ratelimit_slabs, "ip-ratelimit-slabs", pow_2_threads);
+	SET_AUTO_SLAB(ratelimit_slabs, "ratelimit-slabs", pow_2_threads);
+	SET_AUTO_SLAB(dnscrypt_shared_secret_cache_slabs,
+		"dnscrypt-shared-secret-cache-slabs", pow_2_threads);
+	SET_AUTO_SLAB(dnscrypt_nonce_cache_slabs,
+		"dnscrypt-nonce-cache-slabs", pow_2_threads);
+}
+
 int
 config_read(struct config_file* cfg, const char* filename, const char* chroot)
 {
@@ -1512,6 +1555,7 @@ config_read(struct config_file* cfg, const char* filename, const char* chroot)
 			}
 		}
 		globfree(&g);
+		config_auto_slab_values(cfg);
 		return 1;
 	}
 #endif /* HAVE_GLOB */
@@ -1535,6 +1579,7 @@ config_read(struct config_file* cfg, const char* filename, const char* chroot)
 		return 0;
 	}
 
+	config_auto_slab_values(cfg);
 	return 1;
 }
 
diff --git a/contrib/unbound/util/config_file.h b/contrib/unbound/util/config_file.h
index 89bbc1c7d856..f77538b0d6a5 100644
--- a/contrib/unbound/util/config_file.h
+++ b/contrib/unbound/util/config_file.h
@@ -792,6 +792,9 @@ struct config_file {
 	int iter_scrub_cname;
 	/** limit on upstream queries for an incoming query and subqueries. */
 	int max_global_quota;
+	/** Should the iterator scrub promiscuous NS rrsets, from positive
+	 * answers. */
+	int iter_scrub_promiscuous;
 };
 
 /** from cfg username, after daemonize setup performed */
@@ -967,6 +970,17 @@ struct config_file* config_create(void);
 struct config_file* config_create_forlib(void);
 
 /**
+ * If _slabs values are not explicitly configured, 0 value, put them in a
+ * pow2 value close to the number of threads used.
+ * Starts at the current default 4.
+ * If num_threads is in between two pow2 values, 1/3 of the way stays with
+ * the lower pow2 value.
+ * Exported for unit testing.
+ * @param config: where the _slabs values reside.
+ */
+void config_auto_slab_values(struct config_file* config);
+
+/**
  * Read the config file from the specified filename.
  * @param config: where options are stored into, must be freshly created.
  * @param filename: name of configfile. If NULL nothing is done.
diff --git a/contrib/unbound/util/configlexer.c b/contrib/unbound/util/configlexer.c
index d69ad059b3ff..6822fb43853c 100644
--- a/contrib/unbound/util/configlexer.c
+++ b/contrib/unbound/util/configlexer.c
@@ -354,8 +354,8 @@ static void yynoreturn yy_fatal_error ( const char* msg  );
 	(yy_hold_char) = *yy_cp; \
 	*yy_cp = '\0'; \
 	(yy_c_buf_p) = yy_cp;
-#define YY_NUM_RULES 412
-#define YY_END_OF_BUFFER 413
+#define YY_NUM_RULES 413
+#define YY_END_OF_BUFFER 414
 /* This struct is not used in this scanner,
    but its presence is necessary. */
 struct yy_trans_info
@@ -363,461 +363,462 @@ struct yy_trans_info
 	flex_int32_t yy_verify;
 	flex_int32_t yy_nxt;
 	};
-static const flex_int16_t yy_accept[4118] =
+static const flex_int16_t yy_accept[4130] =
     {   0,
-        1,    1,  386,  386,  390,  390,  394,  394,  398,  398,
-        1,    1,  402,  402,  406,  406,  413,  410,    1,  384,
-      384,  411,    2,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  411,  386,  387,  387,
-      388,  411,  390,  391,  391,  392,  411,  397,  394,  395,
-      395,  396,  411,  398,  399,  399,  400,  411,  409,  385,
-        2,  389,  409,  411,  405,  402,  403,  403,  404,  411,
-      406,  407,  407,  408,  411,  410,    0,    1,    2,    2,
-        2,    2,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  386,    0,  390,    0,  397,    0,
-      394,  398,    0,  409,    0,    2,    2,  409,  405,    0,
-      402,  406,    0,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  409,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  378,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  140,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  150,  410,  410,  410,  410,
-      410,  410,  410,  410,  409,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  122,  410,  410,  377,  410,
-      410,  410,  410,  410,  410,  410,  410,    8,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  141,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  155,  410,  410,  410,  409,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  367,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  409,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,   73,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  277,  410,   14,   15,  410,  410,   20,   19,  410,
-      410,  251,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  148,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  249,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,    3,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  409,  410,
-      410,  410,  410,  410,  410,  410,  410,  346,  410,  410,
-      410,  345,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  393,  410,  410,
-      410,  410,  410,  410,  410,  410,   72,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,   76,  410,  315,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      368,  369,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,   77,  410,  410,  149,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  144,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  238,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-       22,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  176,  410,  410,  410,  410,  410,  410,
-      409,  393,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  120,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  323,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-       16,  410,  410,  410,  410,  410,  410,  410,  410,  204,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  175,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  119,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,   37,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,   38,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,   74,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  147,  410,  410,  410,  409,
-      410,  410,  410,  410,  410,  410,  139,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,   75,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  281,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  205,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-       62,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,   58,   59,  410,  301,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-       67,  410,   68,  410,  410,  410,  410,  410,  410,  123,
-      410,  124,  410,  410,  410,  410,  410,  121,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,    7,  410,  410,  410,  410,  410,  409,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  266,  410,  410,  410,  410,  410,  410,  179,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  282,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-       51,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,   63,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  229,  410,
-      228,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,   17,   18,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,   78,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  237,  410,  410,  410,  410,  410,  410,  410,  126,
-      410,  125,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  218,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  156,  410,
-      257,  410,  410,  410,  409,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  114,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      100,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      250,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  105,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-       71,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  222,  223,  410,  410,  410,  410,  317,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,    6,  410,  410,  410,
-      410,  410,  410,  410,  336,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  321,  410,
-      410,  410,  410,  410,  410,  410,  347,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,   48,  410,  410,  410,  410,  410,   50,  410,
-
-      410,  410,  101,  410,  410,  410,  410,  410,   60,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  409,  410,  214,  410,  410,  410,  151,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  242,  410,  410,  215,  410,  410,  410,
-      410,  410,  410,  262,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,   61,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  153,  132,  410,
-      133,  410,  410,  410,  410,  131,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  172,  410,  410,
-       56,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  299,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  216,  410,  410,  410,  410,  410,  227,
-      219,  410,  226,  410,  410,  221,  410,  410,  410,  410,
-      410,  410,  410,  261,  410,  410,  410,  410,  410,  410,
-      265,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  118,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  145,  410,  410,
-      410,  410,  410,  410,  410,  410,   69,  410,  410,  410,
-      410,   31,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,   21,  410,  410,  410,  410,  410,
-      410,  410,   32,   41,  410,  184,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  212,  410,  410,  409,  410,  410,  410,  410,
-      372,  410,  410,   86,  410,   89,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  373,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  325,  410,  410,  410,
-
-      410,  278,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  134,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      171,  410,   52,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  272,  410,  410,  410,  410,  410,  410,
-      410,  410,  340,  410,  410,  410,  410,  410,  381,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  178,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  334,  410,  410,  410,  410,  248,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  358,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  197,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  127,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      191,  410,  206,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  409,  410,  159,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  113,  410,  410,  410,  410,  240,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  263,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  290,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  152,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  195,
-      410,  410,  410,  410,  410,  410,  410,   90,  410,   91,
-      410,  410,  410,  410,  410,  275,  410,  410,  410,  410,
-      410,   70,  343,  410,  410,  410,  410,  410,  410,   99,
-
-      207,  410,  230,  410,  267,  410,  410,  220,  318,  410,
-      410,  410,  410,  410,  313,  410,  410,  410,   82,  410,
-      209,  410,  410,  410,  410,  410,  410,    9,  410,  410,
-      410,  410,  410,  117,  410,  410,  410,  410,  410,  410,
-      305,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  239,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  409,  410,  410,  410,  410,  194,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  196,  256,  180,  410,  410,  324,  410,  410,
-      410,  410,  410,  289,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  252,  410,  410,  410,
-      410,  410,  410,  316,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  177,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  344,  410,  410,  208,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,   81,
-       83,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  116,  410,  410,  410,  410,  410,  410,  303,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  320,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  244,  410,   39,   33,
-       35,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,   40,  410,   34,   36,  410,   42,
-      410,  410,  410,  410,  410,  410,  410,  112,  410,  190,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  409,
-      410,  410,  410,  410,  410,  410,  410,  410,  348,  410,
-      410,  410,  410,  410,  246,  243,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,   80,  410,
-      410,  410,  154,  410,  135,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  173,   53,  410,
-      410,  410,  401,   13,  410,  410,  410,  410,  410,  410,
-      410,  160,  410,  410,  410,  410,  410,  410,  410,  410,
-      338,  410,  341,  410,  382,  410,  410,  410,  410,  410,
-
-      383,  410,  410,  410,  410,  410,  410,  410,   12,  410,
-      410,   23,  410,  410,  410,  410,  410,  410,  410,  309,
-      410,  410,  410,  410,  365,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  322,  410,  410,  410,  410,   84,
-      410,  254,  410,  410,  410,  410,  410,  245,  410,  410,
-      410,  410,   79,  410,  410,  410,  410,  410,  410,   24,
-      410,  410,   49,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  189,  188,  410,  410,  410,
-      410,  401,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  247,  241,  410,  410,  410,  264,  410,
-
-      410,  326,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  202,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,   92,  410,  410,  410,  410,  410,  410,  410,  410,
-      304,  410,  410,  410,  410,  225,  410,  410,  410,  410,
-      410,  410,  253,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  311,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  350,  410,  354,  352,  186,  410,
-      410,  410,   85,  410,  410,  410,  410,  198,  410,  410,
-
-      410,  410,  410,  128,  130,  129,  410,  410,  410,   26,
-      410,  410,  181,  410,  183,  410,  231,  410,  410,  410,
-      410,  187,  410,  410,  258,  410,  410,  410,  410,  268,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  162,
-      374,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  297,  410,  410,  280,  410,  410,  410,  410,
-      410,  410,  410,  375,  410,   28,  410,  319,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,   97,  232,  410,
-      410,  274,  410,  410,  410,  302,  410,  342,  410,  224,
-
-      410,  410,  314,  410,  410,  410,  312,   64,  410,  410,
-      410,  410,  410,  410,  410,    4,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  143,  410,
-      161,  410,  410,  410,  203,   30,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  271,   43,   44,
-      410,  410,  410,  410,  410,  410,  410,  379,  410,  410,
-      327,  410,  410,  410,  410,  410,  410,  410,  288,  410,
-      410,  410,  410,  410,  410,  410,  410,  235,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,   96,   95,  410,  410,   65,  410,
-      410,  300,  308,  410,  276,  410,  410,  410,  410,  410,
-       11,  410,  410,  410,  410,  380,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  142,  410,
-      410,  410,  410,  410,  410,  233,  102,  410,  410,   46,
-      410,  410,  410,  410,  410,  410,  410,  410,  193,  410,
-      259,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      164,  410,  410,  410,  410,  279,  410,  410,  410,  410,
-      410,  287,  410,  410,  410,  410,  157,  410,  410,  410,
-      136,  138,  137,  410,  410,  410,  104,  109,  103,  410,
-
-      410,  174,  410,  410,  410,  410,   93,  410,  273,  310,
-      410,  410,  410,  410,  410,  410,   10,  410,  410,  410,
-      410,  410,  306,  410,  410,  364,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  371,
-       45,  410,  410,  410,  410,  410,  192,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  110,  108,  410,  410,  410,
-       57,  410,  410,   94,  410,  339,  410,  410,  410,  410,
-       25,  410,  410,  410,  410,  410,  217,  410,  410,  360,
-
-      362,  410,  410,  410,  410,  410,  359,  356,  410,  410,
-      410,  410,  234,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  213,  410,  410,  182,   87,   88,  410,
-      410,  410,  410,  410,  410,  328,  410,  410,  410,  410,
-      410,  410,  410,  284,  410,  410,  283,  158,  410,  410,
-      107,  410,  106,   54,  410,  410,  165,  166,  169,  170,
-      167,  168,   98,  337,  410,  410,  307,  410,  410,  410,
-      410,  410,  410,  146,  410,  410,  410,  410,   27,  410,
-      185,  410,  410,  410,  410,  410,  211,  410,  270,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  200,
-      199,  236,   47,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  335,
-      410,  410,  410,  366,  410,  410,  410,  410,  410,  410,
-      410,  115,  410,  410,  269,  410,  410,  298,  332,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      376,  410,  111,   55,   66,    5,  410,  410,  351,  410,
-      355,  353,  410,  410,  255,  410,  410,  410,  410,  333,
-
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  285,
-       29,  410,  410,  410,  410,  410,  410,  260,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  286,  410,
-      410,  410,  410,  410,  410,  410,  163,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  201,  410,
-      210,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      361,  363,  357,  410,  410,  329,  410,  410,  410,  410,
-      410,  410,  410,  410,  410,  410,  410,  410,  410,  410,
-      410,  410,  410,  410,  370,  349,  410,  410,  293,  410,
-      410,  410,  410,  410,  330,  410,  410,  410,  410,  410,
-
-      410,  331,  410,  410,  410,  291,  410,  294,  295,  410,
-      410,  410,  410,  410,  292,  296,    0
+        1,    1,  387,  387,  391,  391,  395,  395,  399,  399,
+        1,    1,  403,  403,  407,  407,  414,  411,    1,  385,
+      385,  412,    2,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  412,  387,  388,  388,
+      389,  412,  391,  392,  392,  393,  412,  398,  395,  396,
+      396,  397,  412,  399,  400,  400,  401,  412,  410,  386,
+        2,  390,  410,  412,  406,  403,  404,  404,  405,  412,
+      407,  408,  408,  409,  412,  411,    0,    1,    2,    2,
+        2,    2,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  387,    0,  391,    0,  398,    0,
+      395,  399,    0,  410,    0,    2,    2,  410,  406,    0,
+      403,  407,    0,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  410,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  378,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  140,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  150,  411,  411,  411,  411,
+      411,  411,  411,  411,  410,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  122,  411,  411,  377,  411,
+      411,  411,  411,  411,  411,  411,  411,    8,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  141,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  155,  411,  411,  411,  410,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  367,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  410,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,   73,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  277,  411,   14,   15,  411,  411,   20,   19,  411,
+      411,  251,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  148,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  249,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,    3,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  410,  411,
+      411,  411,  411,  411,  411,  411,  411,  346,  411,  411,
+      411,  345,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  394,  411,  411,
+      411,  411,  411,  411,  411,  411,   72,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,   76,  411,  315,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      368,  369,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,   77,  411,  411,  149,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  144,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  238,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+       22,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  176,  411,  411,  411,  411,  411,  411,
+      410,  394,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  120,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  323,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+       16,  411,  411,  411,  411,  411,  411,  411,  411,  204,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  175,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  119,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,   37,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,   38,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,   74,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  147,  411,  411,  411,  410,
+      411,  411,  411,  411,  411,  411,  139,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,   75,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  281,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  205,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+       62,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,   58,   59,  411,  301,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+       67,  411,   68,  411,  411,  411,  411,  411,  411,  123,
+      411,  124,  411,  411,  411,  411,  411,  121,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,    7,  411,  411,  411,  411,  411,  410,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  266,  411,  411,  411,  411,  411,  411,  179,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  282,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+       51,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,   63,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  229,  411,
+      228,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,   17,   18,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,   78,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  237,  411,  411,  411,  411,  411,  411,  411,  126,
+      411,  125,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  218,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  156,  411,
+      257,  411,  411,  411,  410,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  114,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      100,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      250,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  105,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+       71,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  222,  223,  411,  411,  411,  411,  317,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,    6,  411,  411,
+      411,  411,  411,  411,  411,  336,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  321,
+      411,  411,  411,  411,  411,  411,  411,  347,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,   48,  411,  411,  411,  411,  411,   50,
+
+      411,  411,  411,  101,  411,  411,  411,  411,  411,   60,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  410,  411,  214,  411,  411,  411,  151,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  242,  411,  411,  215,  411,  411,
+      411,  411,  411,  411,  262,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,   61,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  153,  132,
+      411,  133,  411,  411,  411,  411,  131,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  172,  411,
+      411,   56,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  299,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  216,  411,  411,  411,  411,
+      411,  227,  219,  411,  226,  411,  411,  221,  411,  411,
+      411,  411,  411,  411,  411,  261,  411,  411,  411,  411,
+      411,  411,  265,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  118,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  145,
+      411,  411,  411,  411,  411,  411,  411,  411,   69,  411,
+      411,  411,  411,   31,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,   21,  411,  411,  411,
+      411,  411,  411,  411,   32,   41,  411,  184,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  212,  411,  411,  410,  411,  411,
+      411,  411,  372,  411,  411,   86,  411,   89,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  373,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  325,  411,
+
+      411,  411,  411,  278,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  134,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  171,  411,   52,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  272,  411,  411,  411,  411,
+      411,  411,  411,  411,  340,  411,  411,  411,  411,  411,
+      381,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      178,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  334,  411,  411,  411,  411,  248,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  358,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  197,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  127,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  191,  411,  206,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  410,  411,  159,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  113,  411,  411,  411,
+      411,  240,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  263,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      290,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  152,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  195,  411,  411,  411,  411,  411,  411,  411,
+       90,  411,   91,  411,  411,  411,  411,  411,  275,  411,
+      411,  411,  411,  411,   70,  343,  411,  411,  411,  411,
+
+      411,  411,  411,   99,  207,  411,  230,  411,  267,  411,
+      411,  220,  318,  411,  411,  411,  411,  411,  313,  411,
+      411,  411,   82,  411,  209,  411,  411,  411,  411,  411,
+      411,    9,  411,  411,  411,  411,  411,  117,  411,  411,
+      411,  411,  411,  411,  305,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  239,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  410,  411,  411,  411,
+      411,  194,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  196,  256,  180,  411,
+      411,  324,  411,  411,  411,  411,  411,  289,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      252,  411,  411,  411,  411,  411,  411,  316,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  177,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  344,
+      411,  411,  411,  208,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,   81,   83,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  116,  411,  411,  411,
+      411,  411,  411,  303,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  320,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  244,  411,   39,   33,   35,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,   40,
+      411,   34,   36,  411,   42,  411,  411,  411,  411,  411,
+
+      411,  411,  112,  411,  190,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  410,  411,  411,  411,  411,  411,
+      411,  411,  411,  348,  411,  411,  411,  411,  411,  246,
+      243,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,   80,  411,  411,  411,  154,  411,  135,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  173,   53,  411,  411,  411,  402,   13,  411,
+      411,  411,  411,  411,  411,  411,  160,  411,  411,  411,
+      411,  411,  411,  411,  411,  338,  411,  341,  411,  382,
+
+      411,  411,  411,  411,  411,  411,  383,  411,  411,  411,
+      411,  411,  411,  411,   12,  411,  411,   23,  411,  411,
+      411,  411,  411,  411,  411,  309,  411,  411,  411,  411,
+      365,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      322,  411,  411,  411,  411,   84,  411,  254,  411,  411,
+      411,  411,  411,  245,  411,  411,  411,  411,   79,  411,
+      411,  411,  411,  411,  411,   24,  411,  411,   49,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  189,  188,  411,  411,  411,  411,  402,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  247,
+
+      241,  411,  411,  411,  264,  411,  411,  326,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  202,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,   92,  411,  411,
+      411,  411,  411,  411,  411,  411,  304,  411,  411,  411,
+      411,  411,  225,  411,  411,  411,  411,  411,  411,  253,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      311,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  350,  411,  354,  352,  186,  411,  411,  411,   85,
+
+      411,  411,  411,  411,  198,  411,  411,  411,  411,  411,
+      128,  130,  129,  411,  411,  411,   26,  411,  411,  181,
+      411,  183,  411,  231,  411,  411,  411,  411,  187,  411,
+      411,  258,  411,  411,  411,  411,  268,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  162,  374,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  297,
+      411,  411,  280,  411,  411,  411,  411,  411,  411,  411,
+      375,  411,   28,  411,  319,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,   97,  232,  411,  411,  274,  411,
+
+      411,  411,  302,  411,  342,  411,  411,  224,  411,  411,
+      314,  411,  411,  411,  312,   64,  411,  411,  411,  411,
+      411,  411,  411,    4,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  143,  411,  161,  411,
+      411,  411,  203,   30,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  271,   43,   44,  411,  411,
+      411,  411,  411,  411,  411,  379,  411,  411,  327,  411,
+      411,  411,  411,  411,  411,  411,  288,  411,  411,  411,
+      411,  411,  411,  411,  411,  235,  411,  411,  411,  411,
+
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,   96,   95,  411,  411,   65,  411,  411,  300,
+      308,  411,  411,  276,  411,  411,  411,  411,  411,   11,
+      411,  411,  411,  411,  380,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  142,  411,  411,
+      411,  411,  411,  411,  233,  102,  411,  411,   46,  411,
+      411,  411,  411,  411,  411,  411,  411,  193,  411,  259,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  164,
+      411,  411,  411,  411,  279,  411,  411,  411,  411,  411,
+      287,  411,  411,  411,  411,  157,  411,  411,  411,  136,
+
+      138,  137,  411,  411,  411,  104,  109,  103,  411,  411,
+      174,  411,  411,  411,  411,   93,  411,  273,  310,  411,
+      411,  411,  411,  411,  411,  411,   10,  411,  411,  411,
+      411,  411,  306,  411,  411,  364,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  371,
+       45,  411,  411,  411,  411,  411,  192,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  110,  108,  411,  411,  411,
+       57,  411,  411,   94,  411,  339,  411,  411,  411,  411,
+
+      411,   25,  411,  411,  411,  411,  411,  217,  411,  411,
+      360,  362,  411,  411,  411,  411,  411,  359,  356,  411,
+      411,  411,  411,  234,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  213,  411,  411,  182,   87,   88,
+      411,  411,  411,  411,  411,  411,  328,  411,  411,  411,
+      411,  411,  411,  411,  284,  411,  411,  283,  158,  411,
+      411,  107,  411,  106,   54,  411,  411,  384,  165,  166,
+      169,  170,  167,  168,   98,  337,  411,  411,  307,  411,
+      411,  411,  411,  411,  411,  146,  411,  411,  411,  411,
+       27,  411,  185,  411,  411,  411,  411,  411,  211,  411,
+
+      270,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  200,  199,  236,   47,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  335,  411,  411,  411,  366,  411,  411,  411,  411,
+      411,  411,  411,  115,  411,  411,  269,  411,  411,  298,
+      332,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  376,  411,  111,   55,   66,    5,  411,  411,
+
+      351,  411,  355,  353,  411,  411,  255,  411,  411,  411,
+      411,  333,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  285,   29,  411,  411,  411,  411,  411,  411,  260,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      286,  411,  411,  411,  411,  411,  411,  411,  163,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      201,  411,  210,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  361,  363,  357,  411,  411,  329,  411,  411,
+      411,  411,  411,  411,  411,  411,  411,  411,  411,  411,
+      411,  411,  411,  411,  411,  411,  370,  349,  411,  411,
+
+      293,  411,  411,  411,  411,  411,  330,  411,  411,  411,
+      411,  411,  411,  331,  411,  411,  411,  291,  411,  294,
+      295,  411,  411,  411,  411,  411,  292,  296,    0
     } ;
 
 static const YY_CHAR yy_ec[256] =
@@ -863,17 +864,17 @@ static const YY_CHAR yy_meta[67] =
         1,    1,    1,    1,    1,    1
     } ;
 
-static const flex_int16_t yy_base[4136] =
+static const flex_int16_t yy_base[4148] =
     {   0,
         0,    0,   64,   67,   70,   72,   78,   84,   89,   92,
-      131,  137,  112,  118,  123,  142,  573,  532,   96,11766,
-    11766,11766,  160,  185,  116,  183,  229,  132,  175,  173,
+      131,  137,  112,  118,  123,  142,  573,  532,   96,11768,
+    11768,11768,  160,  185,  116,  183,  229,  132,  175,  173,
       278,   50,   66,  120,  230,  268,  159,  325,  226,  377,
-      418,  290,  318,  279,  177,  126,  380,  531,11766,11766,
-    11766,   95,  469,11766,11766,11766,  181,  464,  493,11766,
-    11766,11766,  238,  424,11766,11766,11766,  104,  422,11766,
-      394,11766,  167,  350,  380,  402,11766,11766,11766,  405,
-      329,11766,11766,11766,  146,  306,  424,  168,    0,  436,
+      418,  290,  318,  279,  177,  126,  380,  531,11768,11768,
+    11768,   95,  469,11768,11768,11768,  181,  464,  493,11768,
+    11768,11768,  238,  424,11768,11768,11768,  104,  422,11768,
+      394,11768,  167,  350,  380,  402,11768,11768,11768,  405,
+      329,11768,11768,11768,  146,  306,  424,  168,    0,  436,
         0,    0,  225,  219,  252,  209,  319,  215,  248,  357,
 
       283,  339,  417,  428,  429,  354,  371,  444,  263,  463,
@@ -900,16 +901,16 @@ static const flex_int16_t yy_base[4136] =
 
      1056, 1059, 1066, 1064, 1069, 1072, 1078, 1093, 1096, 1076,
       150, 1077, 1105, 1108, 1098, 1111, 1107, 1113, 1118, 1119,
-     1123,11766, 1103, 1129, 1120, 1146, 1124, 1145, 1130, 1147,
+     1123,11768, 1103, 1129, 1120, 1146, 1124, 1145, 1130, 1147,
      1134, 1164, 1140, 1144, 1157, 1150, 1167, 1177, 1170, 1181,
      1173, 1184, 1195, 1191, 1200, 1186, 1187, 1206, 1213, 1205,
      1244, 1215, 1207, 1223, 1289, 1238, 1218, 1227, 1257, 1272,
       488, 1243, 1249, 1278, 1270, 1286, 1297, 1273, 1284, 1277,
      1312, 1302, 1325, 1311, 1316, 1313, 1211, 1320, 1327, 1328,
-     1334, 1242, 1359,11766, 1330, 1361, 1356, 1363, 1369, 1367,
+     1334, 1242, 1359,11768, 1330, 1361, 1356, 1363, 1369, 1367,
      1365, 1386, 1399, 1355, 1383, 1390, 1400, 1398, 1447, 1495,
 
-     1389, 1401, 1397, 1417, 1394,11766, 1434, 1440, 1544, 1428,
+     1389, 1401, 1397, 1417, 1394,11768, 1434, 1440, 1544, 1428,
      1442, 1419, 1439, 1466, 1436, 1463, 1458, 1467, 1478, 1493,
      1444, 1475, 1488, 1490, 1517, 1545, 1506, 1507, 1522, 1534,
      1535, 1554, 1515, 1551, 1555, 1553, 1570, 1562, 1573, 1524,
@@ -920,15 +921,15 @@ static const flex_int16_t yy_base[4136] =
      1732, 1673, 1736, 1717, 1722, 1729, 1757, 1760, 1766, 1743,
      1749, 1753, 1761, 1776, 1774, 1751, 1778, 1780, 1777, 1797,
 
-     1789, 1806, 1770, 1794, 1792,11766, 1820, 1822,11766, 1804,
-     1818, 1807, 1821, 1808, 1827, 1817, 1831,11766, 1842, 1845,
+     1789, 1806, 1770, 1794, 1792,11768, 1820, 1822,11768, 1804,
+     1818, 1807, 1821, 1808, 1827, 1817, 1831,11768, 1842, 1845,
      1819, 1847, 1851, 1856, 1852, 1858, 1866, 1870, 1859, 1869,
      1878, 1874, 1876, 1890, 1887, 1886, 1907, 1914, 1897, 1915,
      1894, 1898, 1908, 1913, 1917, 1921, 1918, 1935, 1933, 1940,
-     1980,11766, 1938, 1934, 1941, 1960, 1947, 1965, 1968, 1971,
+     1980,11768, 1938, 1934, 1941, 1960, 1947, 1965, 1968, 1971,
      2005, 1962, 2004, 2001, 2003, 2030, 2007, 2024, 2015, 1904,
      2023, 2037, 2021, 2051, 2039, 2041, 2044, 2057, 2036, 2047,
-     2056, 2063, 2068, 2062, 2070,11766, 2079, 2066, 2088, 2090,
+     2056, 2063, 2068, 2062, 2070,11768, 2079, 2066, 2088, 2090,
      1974, 2086, 2085, 2082, 2093, 1976, 2095, 2105, 2104, 2103,
 
      2109, 2102, 2125, 2124, 1978, 2127, 2145, 2146, 2130, 2141,
@@ -937,7 +938,7 @@ static const flex_int16_t yy_base[4136] =
      2194, 2210, 2199, 2190, 2208, 2211, 2217, 2219, 2205, 2221,
      2223, 2227, 2230, 2235, 2240, 2241, 2238, 2243, 2250, 2251,
      2254, 2248, 2259, 2265, 2282, 2249, 2285, 2276, 2283, 2277,
-     2286, 2300, 2303, 2304, 2274,11766, 2314, 2312, 2310, 2322,
+     2286, 2300, 2303, 2304, 2274,11768, 2314, 2312, 2310, 2322,
      2324, 2307, 2331, 2330, 2335, 2327, 2320, 2341, 2329, 2354,
      2344, 2361, 2357, 2353, 2358, 2369, 2355, 2365, 2362, 2381,
      2371, 2392, 2388, 2399, 2413, 2391, 2401, 2409, 2398, 2406,
@@ -953,22 +954,22 @@ static const flex_int16_t yy_base[4136] =
      2682, 2673, 2685, 2679, 2676, 2702, 2704, 2708, 2618, 2716,
      2719, 2723, 2710, 2717, 2715, 2725, 2718, 2712, 2689, 2755,
 
-     2741, 2753, 2752,11766, 2743, 2739, 2744, 2745, 2769, 2766,
+     2741, 2753, 2752,11768, 2743, 2739, 2744, 2745, 2769, 2766,
      2742, 2757, 2779, 2781, 2787, 2771, 2770, 2783, 2782, 2791,
-     2837,11766, 2788,11766,11766,  777, 2799,11766,11766, 2808,
-     2814,11766, 2802, 2821, 2831, 2809, 2841, 2852, 2854, 2850,
+     2837,11768, 2788,11768,11768,  777, 2799,11768,11768, 2808,
+     2814,11768, 2802, 2821, 2831, 2809, 2841, 2852, 2854, 2850,
      2805, 2848, 2843, 2792, 2890, 2851, 2869, 2866, 2877, 2896,
      2879, 2906, 2880, 2886, 2915, 2901, 2914, 2922, 2945, 2924,
      2933, 2929, 2941, 2947, 2949, 2952, 2957, 2696, 2961, 2938,
      2940, 2960, 2951, 2965, 2974, 2972, 2982, 2979, 2975, 2984,
-     2996, 2986, 2988, 2981, 2804, 3009, 2833, 3033,11766, 3011,
+     2996, 2986, 2988, 2981, 2804, 3009, 2833, 3033,11768, 3011,
      3010, 3015, 3008, 3013, 3019, 3023, 3024, 3050, 3031, 3041,
 
      3040, 3049, 3052, 3036, 3056, 3044, 3060, 3051, 3063, 3066,
-     3053, 3067, 3072, 3076, 3080, 3073, 3100, 3083, 3079,11766,
+     3053, 3067, 3072, 3076, 3080, 3073, 3100, 3083, 3079,11768,
      3093, 3087, 3082, 3095, 3103, 3092, 3106, 3112, 3119, 3114,
      3131, 3132, 3122, 3113, 3133, 3139, 3162, 3140, 3146, 3141,
-     3151, 3144, 3148, 3158, 3179,11766, 3175, 3184, 3165, 3183,
+     3151, 3144, 3148, 3158, 3179,11768, 3175, 3184, 3165, 3183,
      3166, 3189, 3171, 3180, 3174, 3185, 3199, 3197, 3215, 3204,
      3206, 3233, 3221, 3217, 3218, 3224, 3223, 3232, 3228, 3226,
      3249, 3239, 3250, 3248, 3253, 3251, 3264, 3259, 3260, 3265,
@@ -976,812 +977,814 @@ static const flex_int16_t yy_base[4136] =
      3304, 3294, 3302, 3318, 3291, 3324, 3332, 3333, 3316, 3320,
 
      3329, 3337, 3328, 3336, 3326, 3341, 3352, 3358, 3367, 3351,
-     3368, 3369, 3355, 3353, 3371, 3378, 3387,11766, 3365, 3388,
-     3404,11766, 3395, 3392, 3390, 3443, 3415, 3422, 3405, 3413,
+     3368, 3369, 3355, 3353, 3371, 3378, 3387,11768, 3365, 3388,
+     3404,11768, 3395, 3392, 3390, 3443, 3415, 3422, 3405, 3413,
      3424, 3416, 3453, 3436, 3445, 3426, 3447, 3462, 3451, 3482,
      3481, 3479, 3491, 3483, 3496, 3487, 3500, 3488, 3469, 3492,
      3489, 3512, 3526, 3527, 3530, 3363, 3435, 3536,  414, 3517,
      3515, 3522, 3525, 3570, 3534, 3540, 3542, 3538, 3554, 3561,
      3567, 3560, 3564, 3565, 3581, 3585, 3583, 3591, 3608, 3597,
-     3601, 3598, 3602, 3603, 3595, 3611, 3612,11766, 3638, 3631,
-     3618, 3639, 3630, 3654, 3645, 3633,11766, 3642, 3646, 3640,
+     3601, 3598, 3602, 3603, 3595, 3611, 3612,11768, 3638, 3631,
+     3618, 3639, 3630, 3654, 3645, 3633,11768, 3642, 3646, 3640,
 
      3658, 3641, 3665, 3657, 3670, 3660, 3672, 3687, 3671, 3678,
-     3684, 3685, 3689, 3679, 3705,11766, 3692,11766, 3710, 3706,
+     3684, 3685, 3689, 3679, 3705,11768, 3692,11768, 3710, 3706,
      3703, 3700, 3723, 3714, 3715, 3722, 3711, 3730, 3735, 3738,
-    11766,11766, 3739, 3741, 3749, 3747, 3752, 3759, 3751, 3754,
-     3764,11766, 3766, 3788,11766, 3791, 3774, 3781, 3776, 3778,
+    11768,11768, 3739, 3741, 3749, 3747, 3752, 3759, 3751, 3754,
+     3764,11768, 3766, 3788,11768, 3791, 3774, 3781, 3776, 3778,
      3775, 3779, 3800, 3794, 3805, 3804, 3806, 3815, 3808, 3802,
-     3816, 3835, 3819, 3833, 3830,11766, 3847, 3842, 3831, 3849,
-     3851, 3837, 3850, 3861, 3862, 3858,11766, 3876, 3857, 3881,
+     3816, 3835, 3819, 3833, 3830,11768, 3847, 3842, 3831, 3849,
+     3851, 3837, 3850, 3861, 3862, 3858,11768, 3876, 3857, 3881,
      3869, 3896, 3868, 3883, 3880, 3899, 3900, 3886, 3893, 3891,
      3903, 3908, 3910, 3920, 3927, 3919, 3929, 3937, 3931, 3945,
 
-    11766, 3938, 3923, 3922, 3949, 3947, 3953, 3946, 3948, 3954,
+    11768, 3938, 3923, 3922, 3949, 3947, 3953, 3946, 3948, 3954,
      3944, 3958, 3963, 3964, 3972, 3973, 3969, 3976, 3979, 3965,
      4000, 3982, 3996, 4002, 3989, 3993, 3999, 3994,  158, 3995,
-     4009, 4014, 3992,11766, 4023, 4021, 4031, 4024, 4038, 4041,
+     4009, 4014, 3992,11768, 4023, 4021, 4031, 4024, 4038, 4041,
      4027,  115, 4035, 4037, 4044, 4048, 4054, 4040, 4061, 4057,
      4071, 4083, 4064, 4070, 4073, 4081, 4090, 4082, 4079, 4080,
-     4091, 4088, 4105, 4098, 4095, 4111, 4108,11766, 4131, 4119,
-     4130, 4128, 4118, 4116, 4125, 4135, 4122, 4160,11766, 4144,
+     4091, 4088, 4105, 4098, 4095, 4111, 4108,11768, 4131, 4119,
+     4130, 4128, 4118, 4116, 4125, 4135, 4122, 4160,11768, 4144,
      4155, 4145, 4139, 4163, 4146, 4164, 4177, 4162, 4166, 4185,
-    11766, 4183, 4190, 4186, 4200, 4191, 4202, 4203, 4201,11766,
+    11768, 4183, 4190, 4186, 4200, 4191, 4202, 4203, 4201,11768,
 
      4199, 4217, 4219, 4211, 4227, 4229, 4225, 4230, 4235, 4221,
      4252, 4238, 4256, 4254, 4249, 4248, 4260, 4265, 4258, 4275,
      4247, 4274, 4279, 4280, 4288, 4285, 4296, 4290, 4293, 4295,
-     4316, 4305,11766, 4319, 4312, 4314, 4321, 4313, 4322, 4337,
+     4316, 4305,11768, 4319, 4312, 4314, 4321, 4313, 4322, 4337,
      4332, 4358, 4343, 4320, 4350, 4356, 4390, 4349, 4353, 4365,
      4355, 4378, 4370, 4369, 4385, 4377, 4383, 4402, 4410, 4360,
      4415, 4428, 4400, 4396, 4423, 4437, 4444, 4442, 4439, 4426,
      4447, 4440, 4438, 4449, 4451, 4464, 4458, 4466, 4455, 4489,
-     4472, 4473, 4485, 4490, 4481,11766, 4497, 4479, 4491, 4502,
+     4472, 4473, 4485, 4490, 4481,11768, 4497, 4479, 4491, 4502,
      4506, 4496, 4510, 4527, 4513, 4517, 4530, 4532, 4523, 4521,
 
      4540, 4537, 4546, 4533, 4542, 4549, 4554, 4564, 4544, 4566,
      4570, 4572, 4571, 4578, 4568, 4562, 4569, 4581, 4600, 4588,
-     4606, 4604, 4608,11766, 4613, 4612, 4599, 4611, 4619, 4602,
+     4606, 4604, 4608,11768, 4613, 4612, 4599, 4611, 4619, 4602,
      4623, 4624, 4627, 4607, 4621, 4635, 4641, 4633, 4640, 4655,
-     4643, 4666, 4659, 4662, 4670, 4647,11766, 4673, 4660, 4668,
+     4643, 4666, 4659, 4662, 4670, 4647,11768, 4673, 4660, 4668,
      4674, 4680, 4683, 4669, 4700, 4706, 4707, 4710, 4708, 4696,
-     4716, 4717, 4715,11766, 4721, 4723, 4720, 4726, 4734, 4736,
-     4727, 4748, 4730, 4740, 4742,11766, 4751, 4747, 4754, 4753,
-     4750, 4761, 4771, 4776, 4773, 4774,11766, 4781, 4782, 4790,
+     4716, 4717, 4715,11768, 4721, 4723, 4720, 4726, 4734, 4736,
+     4727, 4748, 4730, 4740, 4742,11768, 4751, 4747, 4754, 4753,
+     4750, 4761, 4771, 4776, 4773, 4774,11768, 4781, 4782, 4790,
      4788, 4787, 4798, 4795, 4799, 4801, 4815, 4812, 4808, 4803,
 
-     4822, 4820, 4824, 4829, 4831,11766, 4834, 4830, 4828, 4867,
+     4822, 4820, 4824, 4829, 4831,11768, 4834, 4830, 4828, 4867,
      4846, 4848, 4860, 4862, 4858, 4859, 4863, 4887, 4873, 4875,
-     4884,11766, 4888, 4890, 4899, 4896, 4918, 4893, 4901, 4911,
-     4905, 4916, 4919, 4913, 4915, 4936, 4930,11766, 4933, 4926,
+     4884,11768, 4888, 4890, 4899, 4896, 4918, 4893, 4901, 4911,
+     4905, 4916, 4919, 4913, 4915, 4936, 4930,11768, 4933, 4926,
      4934, 4948, 4951, 4946, 4940, 4889, 4953, 4954, 4966, 4969,
      4957, 4973, 4968, 4984, 4991, 4996, 4976, 4990, 4997, 4986,
      4999, 5005, 5012, 5010, 5016, 5021, 5014, 5025, 5024, 5029,
      5040, 5039, 5026, 5023, 5050, 5052, 5063, 5064, 5059, 5061,
-    11766, 5068, 5066, 5065, 5057, 5073, 5080, 5084, 5069, 5077,
+    11768, 5068, 5066, 5065, 5057, 5073, 5080, 5084, 5069, 5077,
      5086, 5090, 5114, 5110, 5102, 5100, 5123, 5135, 5118, 5104,
 
      5127, 5113, 5117, 5111, 5129, 5133, 5138, 5144, 5121, 5158,
      5162, 5163, 5150, 5149, 5155, 5146, 5179, 5156, 5174, 5183,
      5173, 5177, 5184, 5189, 5190, 5193, 5191, 5166, 5200, 5197,
      5218, 5204, 5207, 5210, 5228, 5229, 5233, 5236, 5230, 5231,
-     5232, 5234,11766,11766, 5260,11766, 5250, 5249, 5253, 5261,
+     5232, 5234,11768,11768, 5260,11768, 5250, 5249, 5253, 5261,
      5263, 5270, 5267, 5265, 5268, 5269, 5278, 5291, 5286, 5287,
      5308, 5299, 5303, 5311, 5296, 5302, 5310, 5297, 5313, 5321,
-    11766, 5314,11766, 5327, 5312, 5331, 5324, 5350, 5329,11766,
-     5353,11766, 5352, 5357, 5345, 5346, 5348,11766, 5363, 5344,
+    11768, 5314,11768, 5327, 5312, 5331, 5324, 5350, 5329,11768,
+     5353,11768, 5352, 5357, 5345, 5346, 5348,11768, 5363, 5344,
      5347, 5359, 5358, 5369, 5372, 5377, 5381, 5396, 5388, 5386,
 
      5382, 5394, 5389, 5391, 5392, 5404, 5410, 5408, 5414, 5415,
      5421, 5412, 5439, 5425, 5449, 5431, 5427, 5429, 5451, 5438,
-     5456,11766, 5460, 5469, 5459, 5458, 5463, 5465, 5473, 5479,
+     5456,11768, 5460, 5469, 5459, 5458, 5463, 5465, 5473, 5479,
      5482, 5480, 5472, 5495, 5509, 5498, 5485, 5506, 5496, 5512,
      5500, 5513, 5508, 5521, 5514, 5543, 5542, 5554, 5530, 5556,
-     5553,11766, 5538, 5555, 5540, 5541, 5557, 5565,11766, 5561,
+     5553,11768, 5538, 5555, 5540, 5541, 5557, 5565,11768, 5561,
      5568, 5551, 5563, 5593, 5582, 5579, 5584, 5598, 5602, 5586,
-     5595, 5585, 5630, 5615, 5581, 5611, 5632,11766, 5610, 5612,
+     5595, 5585, 5630, 5615, 5581, 5611, 5632,11768, 5610, 5612,
      5620, 5637, 5614, 5625, 5623, 5658, 5650, 5660, 5664, 5663,
      5666, 5643, 5662, 5654, 5659, 5681, 5674, 5699, 5700, 5691,
 
      5702, 5682, 5698, 5704, 5707, 5692, 5693, 5701, 5697, 5695,
      5718, 5719, 5721, 5722, 5726, 5725, 5743, 5749, 5737, 5748,
-    11766, 5742, 5745, 5746, 5763, 5741, 5764, 5765, 5752, 5784,
-     5788, 5786,11766, 5767, 5776, 5792, 5790, 5798, 5791, 5794,
-     5777, 5782, 5811, 5827, 5816, 5829, 5825, 5823,11766, 5833,
-    11766, 5822, 5817, 5843, 5845, 5851, 5847, 5844, 5852, 5850,
-     5876, 5868, 5864, 5879, 5870, 5880, 5890, 5867, 5891, 5882,
-     5886, 5889, 5900, 5912, 5906, 5895, 5905, 5899, 5927, 5915,
-     5923, 5920, 5926, 5925, 5949, 5932, 5931,11766,11766, 5944,
-     5948, 5954, 5953, 5957, 5951, 5984, 5971, 5965, 5976, 5988,
-
-     5992, 5978, 5999, 5996, 6000, 6004, 6025,11766, 6016, 6013,
-     6010, 6029, 6019, 6012, 6017, 6009, 6015, 6040, 6024, 6052,
-     6044,11766, 6043, 6046, 6054, 6058, 6051, 6071, 6059,11766,
-     6061,11766, 6056, 6057, 6070, 6079, 6077, 6083, 6081, 6090,
-     6098, 6086, 6091, 6112, 6120, 6125, 6119, 6110, 6124, 6108,
-     6113, 6115, 6129, 6117, 6141, 6121, 6137, 6127,11766, 6159,
-     6142, 6161, 6158, 6146, 6169, 6170, 6167, 6154,11766, 6168,
-    11766, 6172, 6178, 6181, 6179, 6185, 6207, 6194, 6203, 6197,
-     6217, 6214, 6206, 6218, 6210, 6221, 6211, 6224, 6209,11766,
-     6212, 6233, 6237, 6242, 6239, 6255, 6259, 6260, 6245, 6267,
-
-    11766, 6266, 6273, 6262, 6269, 6258, 6275, 6276, 6279, 6281,
-     6292, 6287, 6289, 6294, 6297, 6304, 6308, 6290, 6316, 6305,
-     6318, 6322, 6324, 6310, 6336, 6339, 6337, 6329, 6358, 6338,
-    11766, 6345, 6343, 6350, 6351, 6354, 6378, 6368, 6375, 6383,
-     6387, 6370, 6391, 6392, 6377, 6379, 6394, 6399, 6404, 6397,
-     6409,11766, 6418, 6405, 6421, 6406, 6413, 6425, 6416, 6431,
-     6428, 6417, 6433, 6446, 6432, 6442, 6448, 6449, 6450, 6457,
-     6471, 6473, 6452, 6464, 6468, 6475, 6474, 6476, 6490, 6478,
-    11766, 6511, 6493, 6489, 6506, 6514, 6503, 6527, 6517, 6509,
-     6523, 6513, 6521, 6528, 6520, 6538, 6531, 6535, 6548, 6543,
-
-     6560, 6541,11766,11766, 6563, 6547, 6558, 6571,11766, 6568,
-     6559, 6584, 6562, 6573, 6566, 6587, 6581, 6570, 6588, 6589,
-     6593, 6579, 6611, 6613, 6595, 6608,11766, 6622, 6620, 6631,
-     6607, 6626, 6636, 6635,11766, 6623, 6641, 6643, 6639, 6646,
-     6630, 6647, 6656, 6658, 6653, 6673, 6659, 6652, 6680, 6683,
-     6664, 6694, 6685, 6689, 6698, 6679, 6686, 6711,11766, 6700,
-     6696, 6714, 6695, 6705, 6716, 6721,11766, 6725, 6726, 6732,
-     6728, 6740, 6737, 6741, 6747, 6754, 6739, 6748, 6758, 6760,
-     6768, 6762, 6763, 6764, 6759, 6775, 6786, 6789, 6785, 6780,
-     6787, 6799,11766, 6795, 6807, 6797, 6800, 6808,11766, 6819,
-
-     6838, 6834,11766, 6841, 6813, 6832, 6830, 6846,11766, 6831,
-     6844, 6835, 6850, 6827, 6854, 6833, 6858, 6857, 6862, 6856,
-     6861, 6866, 6871, 6875,11766, 6878, 6873, 6891,11766, 6895,
-     6894, 6900, 6904, 6905, 6908, 6914, 6910, 6909, 6915, 6920,
-     6907, 6924, 6931,11766, 6911, 6949,11766, 6942, 6944, 6933,
-     6934, 6935, 6958,11766, 6943, 6951, 6960, 6964, 6957, 6969,
-     6975, 6976, 6968, 6977, 6985, 6971, 6981, 6988, 6995, 7004,
-     6993, 6987, 7001, 7007, 7003,11766, 7028, 7015, 7014, 7026,
-     6991, 7018, 7030, 7031, 7027, 7042, 7036,11766,11766, 7051,
-    11766, 7056, 7045, 7052, 7055,11766, 7050, 7066, 7069, 7064,
-
-     7072, 7082, 7075, 7079, 7076, 7087, 7093,11766, 7090, 7096,
-    11766, 7092, 7098, 7110, 7099, 7111, 7100, 7109, 7131, 7134,
-     7112, 7136, 7138, 7126, 7139, 7120, 7145, 7137, 7174, 7107,
-     7180,11766, 7164, 7144, 7173, 7176, 7169, 7168, 7189, 7193,
-     7196, 7190, 7201,11766, 7200, 7202, 7212, 7213, 7215,11766,
-    11766, 7224,11766, 7216, 7226,11766, 7225, 7236, 7227, 7229,
-     7239, 7241, 7247,11766, 7248, 7255, 7258, 7252, 7265, 7274,
-    11766, 7275, 7279, 7254, 7271, 7263, 7260, 7286, 7282, 7281,
-     7317, 7292,11766, 7296, 7307, 7302, 7304, 7323, 7319, 7310,
-     7306, 7333, 7327, 7334, 7340, 7343, 7329, 7344, 7345, 7350,
-
-     7349, 7352, 7354, 7361, 7356, 7363, 7351,11766, 7371, 7385,
-     7378, 7379, 7404, 7374, 7399, 7391,11766, 7396, 7398, 7406,
-     7412,11766, 7401, 7426, 7413, 7415, 7402, 7425, 7427, 7432,
-     7430, 7436, 7441, 7453,11766, 7439, 7452, 7440, 7457, 7466,
-     7465, 7463,11766,11766, 7480,11766, 7470, 7473, 7479, 7477,
-     7484, 7493, 7488, 7501, 7505, 7498, 7500, 7508, 7513, 7504,
-     7515, 7514,11766, 7528, 7389, 7511, 7553, 7392, 7529, 7546,
-    11766, 7542, 7531,11766, 7532,11766, 7539, 7536, 7564, 7567,
-     7556, 7570, 7571, 7563, 7569, 7578,11766, 7576, 7573, 7581,
-     7580, 7586, 7605, 7610, 7611, 7591,11766, 7613, 7599, 7618,
-
-     7603,11766, 7600, 7624, 7612, 7621, 7637, 7642, 7639, 7638,
-     7614, 7648, 7645, 7658, 7656, 7644, 7663, 7652, 7650, 7671,
-     7661, 7672, 7687, 7680, 7678, 7701,11766, 7694, 7685, 7690,
-     7703, 7683, 7684, 7705, 7713, 7714, 7716, 7718, 7729, 7720,
-    11766, 7712,11766, 7731, 7728, 7719, 7746, 7730, 7759, 7755,
-     7763, 7749, 7743, 7754, 7761, 7771, 7778, 7777, 7780, 7769,
-     7770, 7787, 7809,11766, 7791, 7801, 7788, 7807, 7811, 7792,
-     7816, 7812,11766, 7819, 7805, 7806, 7829, 7818,11766, 7821,
-     7822, 7835, 7842, 7837, 7857, 7844, 7856, 7860, 7863, 7851,
-     7858, 7846, 7869, 7862, 7872, 7877, 7876,11766, 7875, 7874,
-
-     7881, 7898, 7887, 7904, 7906, 7907, 7914, 7911, 7894, 7901,
-     7917,11766, 7908, 7926, 7920, 7922,11766, 7928, 7936, 7929,
-     7939, 7955, 7958, 7941, 7942, 7944, 7956, 7963, 7981, 7950,
-     7994,11766, 7970, 7976, 7991, 7985, 7986, 7987, 7992, 7989,
-     8016, 7997, 8008, 8027,11766, 8034, 8026, 8035, 8036, 8043,
-     8024, 8033, 8029, 8055, 8053, 8052,11766, 8054, 8061, 8079,
-     8056, 8060, 8074, 8068, 8075, 8097, 8091, 8094, 8082, 8087,
-     8101, 8083, 8106, 8110, 8111, 8113, 8098, 8102, 8118, 8128,
-    11766, 8116,11766, 8121, 8126, 8143, 8155, 8151, 8145, 8159,
-     8148, 8153, 8162, 8170,11766, 8142, 8150, 8164, 8180, 8187,
-
-     8189, 8191, 8197,11766, 8188, 8185, 8193, 8194,11766, 8207,
-     8204, 8212, 8221, 8226, 8176, 8213, 8241, 8222, 8243,11766,
-     8245, 8247, 8246, 8178, 8216, 8249, 8252, 8240, 8255, 8248,
-     8261, 8266, 8265, 8263, 8268, 8272, 8289,11766, 8292, 8295,
-     8297, 8299, 8300, 8293, 8301, 8288, 8313, 8303, 8320,11766,
-     8307, 8316, 8318, 8321, 8328, 8345, 8326, 8347, 8323, 8348,
-     8350, 8353, 8355, 8339, 8340, 8343, 8366, 8367, 8364,11766,
-     8375, 8374, 8391, 8397, 8400, 8395, 8402,11766, 8398,11766,
-     8385, 8392, 8408, 8410, 8415,11766, 8417, 8423, 8418, 8425,
-     8427,11766,11766, 8435, 8405, 8429, 8446, 8440, 8448,11766,
-
-    11766, 8457,11766, 8442,11766, 8444, 8443,11766,11766, 8456,
-     8437, 8471, 8464, 8468,11766, 8469, 8476, 8477,11766, 8479,
-    11766, 8497, 8473, 8501, 8478, 8485, 8505,11766, 8492, 8512,
-     8506, 8513, 8514,11766, 8519, 8517, 8516, 8528, 8509, 8532,
-    11766, 8530, 8539, 8541, 8553, 8549, 8543, 8545, 8559, 8552,
-     8544, 8562, 8566,11766, 8568, 8565, 8589, 8579, 8590, 8585,
-     8595, 8601, 8588, 8591, 8592, 8608, 8587, 8616, 8615, 8610,
-     8618, 8623, 8638, 8639, 8629, 8642, 8628, 8643, 8650, 8652,
-     8656, 8637, 8634, 8647, 8662, 8664, 8671, 8667, 8669, 8672,
-     8690, 8681, 8693, 8683, 8694, 8691, 8677, 8700, 8686, 8696,
-
-     8702, 8698, 8711, 8709, 8717, 8713, 8715, 8727, 8722, 8733,
-     8724, 8748, 8740, 8754, 8738, 8742, 8744,11766, 8743, 8756,
-     8758, 8771, 8763, 8764, 8786, 8779, 8790, 8791, 8792, 8794,
-     8785, 8798,11766,11766,11766, 8800, 8801,11766, 8803, 8814,
-     8822, 8815, 8820,11766, 8817, 8821, 8816, 8825, 8826, 8831,
-     8830, 8849, 8836, 8852, 8853, 8854,11766, 8864, 8869, 8860,
-     8862, 8866, 8885,11766, 8877, 8888, 8872, 8876, 8882, 8898,
-     8891, 8889, 8892, 8904, 8895, 8919, 8922, 8901, 8924, 8929,
-     8916, 8912, 8932,11766, 8940, 8942, 8949, 8927, 8934, 8933,
-     8939, 8941, 8957, 8964, 8950, 8951, 8953, 8963, 8972, 8961,
-
-     8982, 8984, 8992, 8991, 8994,11766, 8976, 8996,11766, 8997,
-     8985, 8990, 9005, 9010, 9007, 9008, 9011, 9019, 9017,11766,
-    11766, 9020, 9023, 9024, 9026, 9030, 9031, 9048, 9050, 9044,
-     9052,11766, 9047, 9054, 9058, 9066, 9060, 9065,11766, 9067,
-     9071, 9075, 9073, 9095, 9092, 9083, 9091, 9086, 9093, 9107,
-     9094, 9103,11766, 9111, 9116, 9120, 9126, 9129, 9113, 9137,
-     9139, 9136, 9130, 9143, 9138, 9148,11766, 9140,11766,11766,
-    11766, 9159, 9153, 9147, 9149, 9164, 9165, 9166, 9172, 9174,
-     9175, 9168, 9170, 9185,11766, 9194,11766,11766, 9193,11766,
-     9202, 9189, 9204, 9205, 9195, 9206, 9210,11766, 9208,11766,
-
-     9219, 9221, 9228, 9238, 9239, 9242, 9229, 9249, 9233, 9257,
-     9251, 9256, 9241, 9245, 9267, 9268, 9270, 9250,11766, 9279,
-     9272, 9277, 9289, 9292,11766,11766, 9288, 9283, 9284, 9301,
-     9300, 9313, 9307, 9316, 9291, 9322, 9320, 9326, 9328, 9327,
-     9314, 9330, 9323, 9340, 9342, 9341, 9347, 9345,11766, 9354,
-     9357, 9349,11766, 9358,11766, 9372, 9373, 9375, 9348, 9369,
-     9374, 9381, 9386, 9385, 9388, 9396, 9393,11766,11766, 9400,
-     9408, 9389,11766,11766, 9405, 9406, 9409, 9411, 9428, 9427,
-     9412,11766, 9432, 9433, 9436, 9425, 9435, 9450, 9443, 9447,
-    11766, 9457,11766, 9453,11766, 9471, 9449, 9454, 9451, 9455,
-
-    11766, 9464, 9467, 9491, 9487, 9480, 9470, 9484,11766, 9481,
-     9492,11766, 9501, 9500, 9509, 9502, 9507, 9504, 9508,11766,
-     9524, 9528, 9532, 9526,11766, 9529, 9527, 9530, 9516, 9540,
-     9546, 9535, 9549, 9561,11766, 9563, 9566, 9569, 9568,11766,
-     9575,11766, 9559, 9573, 9571, 9587, 9572,11766, 9588, 9589,
-     9592, 9590,11766, 9580, 9594, 9603, 9610, 9607, 9611,11766,
-     9622, 9605,11766, 9606, 9625, 9627, 9629, 9616, 9641, 9632,
-     9630, 9646, 9647, 9644, 9657,11766,11766, 9667, 9662, 9651,
-     9658,   73, 9669, 9643, 9656, 9659, 9671, 9685, 9686, 9687,
-     9670, 9696, 9691,11766,11766, 9699, 9697, 9694,11766, 9703,
-
-     9704,11766, 9683, 9706, 9714, 9722, 9720, 9719, 9705, 9723,
-     9730, 9745, 9734, 9751, 9741, 9746, 9750,11766, 9756, 9774,
-     9757, 9753, 9759, 9778, 9787, 9789, 9792, 9775, 9794, 9777,
-     9769, 9798, 9801, 9786, 9804, 9810, 9806, 9803, 9820, 9821,
-     9822,11766, 9823, 9832, 9843, 9830, 9844, 9847, 9849, 9833,
-    11766, 9852, 9848, 9858, 9856,11766, 9862, 9857, 9868, 9863,
-     9878, 9882,11766, 9874, 9886, 9894, 9893, 9889, 9880, 9885,
-     9888, 9890, 9911,11766, 9895, 9918, 9913, 9914, 9930, 9931,
-     9937, 9933, 9938, 9924,11766, 9935,11766,11766,11766, 9941,
-     9944, 9953,11766, 9947, 9958, 9951, 9957,11766, 9952, 9981,
-
-     9973, 9988, 9974,11766,11766,11766, 9962, 9985, 9983,11766,
-     9971, 9993,11766, 9984,11766, 9995,11766, 9999,10000,10006,
-    10012,11766,10019,10011,11766,10017,10022,10015,10036,11766,
-    10030,10041,10045,10038,10033,10034,10031,10051,10061,11766,
-    11766,10064,10069,10068,10071,10075,10065,10067,10063,10077,
-    10081,10090,11766,10062,10086,11766,10097,10100,10102,10111,
-    10096,10103,10104,11766,10113,11766,10116,11766,10108,10109,
-    10124,10140,10132,10131,10134,10142,10149,10135,10145,10136,
-    10151,10161,10148,10159,10165,10173,10168,11766,11766,10194,
-    10176,11766,10192,10191,10196,11766,10178,11766,10201,11766,
-
-    10186,10188,11766,10203,10193,10205,11766,11766,10206,10207,
-    10213,10212,10215,10216,10225,11766,10223,10231,10220,10232,
-    10229,10243,10252,10259,10246,10240,10251,10262,11766,10268,
-    11766,10254,10271,10272,11766,11766,10263,10266,10276,10283,
-    10279,10280,10297,10291,10296,10288,10314,10298,10299,10293,
-    10322,10323,10330,10318,10331,10336,10341,11766,11766,11766,
-    10325,10326,10327,10343,10356,10359,10362,11766,10361,10349,
-    11766,10366,10372,10373,10358,10384,10363,10382,11766,10375,
-    10379,10376,10383,10391,10393,10399,10386,11766,10416,10417,
-    10419,10420,10407,10422,10429,10430,10431,10423,10414,10433,
-
-    10424,10439,10441,10440,11766,11766,10453,10447,11766,10455,
-    10461,11766,11766,10450,11766,10448,10449,10454,10456,10483,
-    11766,10479,10459,10468,10475,11766,10474,10482,10493,10488,
-    10497,10499,10500,10502,10501,10512,10503,10515,11766,10507,
-    10537,10516,10514,10540,10542,11766,11766,10527,10538,11766,
-    10551,10550,10539,10561,10546,10549,10559,10563,11766,10567,
-    11766,10566,10574,10569,10571,10576,10580,10588,10584,10577,
-    11766,10597,10590,10593,10601,11766,10604,10596,10608,10616,
-    10628,11766,10629,10618,10635,10636,11766,10624,10639,10645,
-    11766,11766,11766,10646,10647,10650,11766,11766,11766,10652,
-
-    10665,11766,10657,10671,10656,10659,11766,10663,11766,11766,
-    10680, 7975,10689,10682,10697,10687,11766,10688,10690,10700,
-    10683,10692,11766,10704,10708,11766,10694,10716,10717,10714,
-    10713,10723,10724,10709,10712,10733,10734,10719,10727,11766,
-    11766,10728,10735,10741,10739,10743,11766,10749,10761,10766,
-    10773,10768,10778,10781,10782,10783,10762,10772,10786,10803,
-    10797,10801,10792,10805,10795,10802,10818,10806,10821,10808,
-    10830,10826,10827,10822,10833,11766,11766,10831,10832,10840,
-    11766,10841,10842,11766,10843,11766,10855,10856,10862,10866,
-    11766,10871,10872,10874,10875,10850,11766,10870,10880,11766,
-
-    11766,10864,10865,10877,10890,10894,11766,11766,10886,10887,
-    10888,10898,11766,10901,10910,10907,10919,10914,10911,10908,
-    10930,10921,10939,11766,10925,10942,11766,11766,11766,10944,
-    10932,10951,10935,10962,10937,11766,10965,10970,10958,10969,
-    10956,10966,10964,11766,10967,10977,11766,11766,10983,10988,
-    11766,10978,11766,11766,10982,10992,11766,11766,11766,11766,
-    11766,11766,11766,11766,10993,11013,11766,11009,11014,11015,
-    11002,11007,11004,11766,11011,11028,11032,11033,11766,11037,
-    11766,11029,11038,11042,11041,11043,11766,11048,11766,11068,
-    11044,11055,11071,11070,11063,11056,11064,11073,11069,11085,
-
-    11081,11094,11093,11095,11105,11090,11103,11108,11097,11118,
-    11119,11114,11131,11123,11128,11130,11143,11132,11142,11766,
-    11766,11766,11766,11146,11136,11126,11153,11158,11164,11163,
-    11166,11165,11172,11177,11178,11179,11176,11192,11159,11185,
-    11206,11188,11195,11205,11213,11194,11216,11217,11218,11766,
-    11220,11221,11223,11766,11230,11208,11236,11238,11224,11227,
-    11242,11766,11234,11241,11766,11232,11244,11766,11766,11260,
-    11263,11259,11251,11277,11279,11261,11268,11265,11280,11282,
-    11766,11293,11766,11766,11766,11766,11283,11286,11766,11288,
-    11766,11766,11278,11294,11766,11302,11296,11306,11313,11766,
-
-    11304,11327,11300,11321,11323,11318,11330,11333,11339,11766,
-    11766,11326,11331,11349,11348,11351,11353,11766,11346,11356,
-    11365,11376,11380,11379,11382,11383,11358,11391,11766,11373,
-    11378,11385,11390,11396,11402,11395,11766,11415,11405,11414,
-    11407,11408,11435,11412,11420,11436,11437,11438,11766,11442,
-    11766,11439,11445,11440,11450,11454,11456,11461,11458,11463,
-    11766,11766,11766,11465,11453,11766,11467,11486,11470,11490,
-    11495,11494,11497,11479,11503,11507,11505,11506,11509,11512,
-    11520,11521,11523,11522,11766,11766,11511,11524,11766,11537,
-    11539,11526,11533,11555,11766,11557,11546,11558,11560,11559,
-
-    11567,11766,11562,11563,11568,11766,11571,11766,11766,11573,
-    11572,11587,11580,11581,11766,11766,11766,11646,11653,11660,
-    11667,11674,11681,11688,  100,11695,11702,11709,11716,11723,
-    11730,11737,11744,11751,11758
+    11768, 5742, 5745, 5746, 5763, 5741, 5764, 5765, 5752, 5784,
+     5788, 5786,11768, 5767, 5776, 5792, 5790, 5798, 5791, 5794,
+     5777, 5782, 5811, 5827, 5819, 5824, 5828, 5823,11768, 5829,
+    11768, 5818, 5835, 5845, 5842, 5852, 5847, 5855, 5850, 5863,
+     5865, 5868, 5864, 5879, 5871, 5880, 5886, 5872, 5891, 5875,
+     5887, 5892, 5890, 5913, 5900, 5917, 5902, 5904, 5927, 5912,
+     5920, 5919, 5921, 5929, 5943, 5936, 5930,11768,11768, 5940,
+     5948, 5949, 5952, 5957, 5962, 5980, 5982, 5978, 5972, 5988,
+
+     5969, 5993, 5992, 5984, 6004, 6005, 6033,11768, 5989, 6011,
+     6012, 6022, 6021, 6009, 6019, 6040, 6046, 6038, 6028, 6049,
+     6039,11768, 6031, 6036, 6054, 6052, 6044, 6071, 6064,11768,
+     6067,11768, 6058, 6063, 6069, 6078, 6084, 6083, 6087, 6090,
+     6093, 6094, 6098, 6097, 6127, 6128, 6126, 6117, 6131, 6114,
+     6119, 6113, 6136, 6125, 6133, 6120, 6135, 6148,11768, 6143,
+     6147, 6145, 6163, 6153, 6172, 6174, 6162, 6158,11768, 6183,
+    11768, 6176, 6175, 6185, 6180, 6190, 6182, 6199, 6204, 6201,
+     6196, 6217, 6207, 6223, 6213, 6226, 6215, 6224, 6209,11768,
+     6219, 6239, 6242, 6243, 6240, 6257, 6241, 6261, 6251, 6272,
+
+    11768, 6268, 6266, 6260, 6265, 6267, 6281, 6277, 6284, 6278,
+     6276, 6289, 6290, 6295, 6297, 6314, 6316, 6311, 6306, 6310,
+     6322, 6323, 6335, 6331, 6348, 6329, 6349, 6332, 6302, 6342,
+    11768, 6350, 6346, 6355, 6352, 6361, 6370, 6369, 6388, 6367,
+     6386, 6378, 6400, 6401, 6382, 6390, 6393, 6404, 6415, 6412,
+     6418,11768, 6423, 6406, 6427, 6409, 6417, 6429, 6410, 6437,
+     6443, 6438, 6442, 6449, 6445, 6436, 6450, 6461, 6451, 6463,
+     6476, 6485, 6453, 6465, 6469, 6480, 6474, 6482, 6479, 6500,
+    11768, 6519, 6501, 6493, 6509, 6506, 6503, 6496, 6513, 6514,
+     6523, 6520, 6525, 6527, 6551, 6529, 6552, 6538, 6535, 6559,
+
+     6563, 6567, 6549,11768,11768, 6568, 6546, 6565, 6572,11768,
+     6579, 6556, 6564, 6576, 6562, 6584, 6591, 6593, 6586, 6587,
+     6603, 6608, 6595, 6611, 6609, 6599, 6615,11768, 6624, 6618,
+     6633, 6620, 6634, 6638, 6644,11768, 6630, 6648, 6653, 6650,
+     6645, 6647, 6636, 6651, 6661, 6657, 6663, 6667, 6660, 6678,
+     6688, 6675, 6703, 6687, 6700, 6705, 6684, 6693, 6713,11768,
+     6689, 6696, 6702, 6710, 6697, 6719, 6724,11768, 6722, 6743,
+     6749, 6736, 6716, 6753, 6745, 6751, 6746, 6756, 6737, 6761,
+     6740, 6766, 6767, 6770, 6772, 6784, 6773, 6780, 6796, 6793,
+     6803, 6804, 6808,11768, 6800, 6799, 6814, 6811, 6813,11768,
+
+     6821, 6829, 6830,11768, 6849, 6819, 6842, 6838, 6854,11768,
+     6839, 6848, 6841, 6857, 6835, 6859, 6861, 6864, 6840, 6865,
+     6863, 6874, 6869, 6868, 6882,11768, 6886, 6880, 6897,11768,
+     6903, 6901, 6905, 6908, 6910, 6912, 6919, 6900, 6914, 6922,
+     6917, 6913, 6930, 6938,11768, 6943, 6956,11768, 6949, 6950,
+     6932, 6946, 6940, 6959,11768, 6957, 6966, 6963, 6962, 6979,
+     6967, 6986, 6989, 6971, 6977, 6993, 6982, 6984, 7006, 7004,
+     7005, 7012, 6996, 7013, 6999, 7007,11768, 7024, 7020, 7019,
+     7033, 7023, 7044, 7047, 7041, 7037, 7049, 7046,11768,11768,
+     7057,11768, 7063, 7051, 7061, 7071,11768, 7064, 7048, 7097,
+
+     7078, 7081, 7094, 7085, 7101, 7084, 7100, 7105,11768, 7103,
+     7109,11768, 7092, 7111, 7106, 7104, 7128, 7098, 7119, 7140,
+     7142, 7127, 7137, 7138, 7144, 7145, 7126, 7147, 7146, 7163,
+     7158, 7190,11768, 7160, 7168, 7177, 7194, 7179, 7178, 7199,
+     7195, 7210, 7201, 7188, 7212,11768, 7208, 7229, 7215, 7236,
+     7227,11768,11768, 7235,11768, 7225, 7237,11768, 7238, 7245,
+     7230, 7240, 7258, 7187, 7259,11768, 7264, 7261, 7253, 7257,
+     7276, 7267,11768, 7282, 7284, 7272, 7274, 7277, 7300, 7293,
+     7294, 7301, 7323, 7304,11768, 7303, 7315, 7314, 7332, 7334,
+     7325, 7318, 7317, 7320, 7338, 7344, 7353, 7356, 7339, 7359,
+
+     7360, 7361, 7358, 7355, 7371, 7373, 7366, 7363, 7379,11768,
+     7385, 7396, 7390, 7382, 7415, 7395, 7402, 7401,11768, 7412,
+     7406, 7409, 7416,11768, 7424, 7436, 7422, 7420, 7428, 7432,
+     7435, 7438, 7441, 7443, 7445, 7462,11768, 7449, 7463, 7458,
+     7464, 7474, 7473, 7468,11768,11768, 7491,11768, 7492, 7476,
+     7489, 7490, 7487, 7502, 7507, 7506, 7520, 7503, 7509, 7518,
+     7527, 7530, 7525, 7524,11768, 7531, 7546, 7534, 7565, 7551,
+     7558, 7559,11768, 7555, 7548,11768, 7549,11768, 7557, 7554,
+     7564, 7578, 7585, 7574, 7586, 7576, 7582, 7591,11768, 7571,
+     7595, 7596, 7603, 7584, 7618, 7617, 7620, 7631,11768, 7624,
+
+     7612, 7629, 7614,11768, 7611, 7635, 7626, 7627, 7630, 7645,
+     7646, 7652, 7651, 7660, 7658, 7666, 7670, 7667, 7676, 7672,
+     7657, 7678, 7677, 7687, 7695, 7675, 7693, 7686,11768, 7704,
+     7699, 7702, 7705, 7707, 7701, 7716, 7715, 7728, 7720, 7742,
+     7737, 7749,11768, 7738,11768, 7743, 7744, 7748, 7757, 7752,
+     7750, 7755, 7763, 7761, 7765, 7764, 7781, 7795, 7797, 7798,
+     7802, 7788, 7791, 7799, 7809,11768, 7804, 7816, 7792, 7819,
+     7823, 7811, 7814, 7837,11768, 7840, 7828, 7829, 7839, 7841,
+    11768, 7844, 7852, 7853, 7846, 7858, 7843, 7860, 7859, 7872,
+     7863, 7882, 7869, 7880, 7871, 7892, 7878, 7894, 7886, 7884,
+
+    11768, 7897, 7906, 7896, 7908, 7899, 7907, 7919, 7911, 7927,
+     7931, 7913, 7921, 7935,11768, 7930, 7934, 7947, 7954,11768,
+     7940, 7941, 7942, 7951, 7946, 7971, 7957, 7955, 7959, 7980,
+     7984, 7997, 7981, 7998,11768, 7991, 7974, 8003, 8005, 7977,
+     8002, 8018, 8008, 8027, 8022, 8012, 8039,11768, 8043, 8036,
+     8045, 8046, 8047, 8037, 8040, 8044, 8067, 8063, 8055,11768,
+     8078, 8080, 8082, 8073, 8096, 8098, 8090, 8086, 8102, 8094,
+     8113, 8079, 8103, 8117, 8107, 8110, 8115, 8123, 8126, 8122,
+     8138, 8144, 8137,11768, 8128,11768, 8140, 8143, 8155, 8162,
+     8157, 8150, 8167, 8163, 8173, 8171, 8175,11768, 8164, 8165,
+
+     8178, 8189, 8200, 8201, 8198, 8207,11768, 8199, 8202, 8205,
+     8203,11768, 8214, 8208, 8223, 8237, 8236, 8249, 8251, 8252,
+     8233, 8254,11768, 8256, 8258, 8257, 8259, 8263, 8260, 8265,
+     8277, 8266, 8283, 8270, 8285, 8281, 8301, 8279, 8289, 8304,
+    11768, 8307, 8310, 8305, 8312, 8314, 8306, 8316, 8327, 8331,
+     8321, 8332,11768, 8344, 8330, 8333, 8336, 8337, 8357, 8346,
+     8360, 8328, 8362, 8369, 8374, 8380, 8364, 8348, 8371, 8394,
+     8383, 8385,11768, 8388, 8386, 8398, 8391, 8410, 8406, 8409,
+    11768, 8407,11768, 8405, 8408, 8423, 8417, 8427,11768, 8436,
+     8425, 8442, 8430, 8447,11768,11768, 8449, 8463, 8450, 8459,
+
+     8451, 8465, 8452,11768,11768, 8464,11768, 8455,11768, 8454,
+     8469,11768,11768, 8466, 8475, 8483, 8476, 8478,11768, 8502,
+     8503, 8504,11768, 8506,11768, 8514, 8493, 8515, 8509, 8495,
+     8518,11768, 8500, 8521, 8520, 8526, 8537,11768, 8533, 8530,
+     8548, 8560, 8540, 8541,11768, 8561, 8553, 8563, 8566, 8568,
+     8559, 8564, 8573, 8575, 8585, 8588, 8576,11768, 8591, 8571,
+     8605, 8595, 8600, 8601, 8611, 8615, 8606, 8612, 8618, 8619,
+     8628, 8629, 8645, 8625, 8639, 8658, 8659, 8660, 8651, 8662,
+     8643, 8666, 8667, 8672, 8678, 8653, 8676, 8670, 8681, 8683,
+     8686, 8684, 8688, 8712, 8714, 8705, 8717, 8706, 8713, 8709,
+
+     8699, 8722, 8710, 8715, 8724, 8729, 8725, 8732, 8733, 8737,
+     8739, 8741, 8752, 8757, 8745, 8768, 8759, 8772, 8765, 8760,
+     8766,11768, 8785, 8756, 8782, 8784, 8791, 8783, 8810, 8793,
+     8809, 8812, 8815, 8819, 8811, 8820,11768,11768,11768, 8816,
+     8826,11768, 8828, 8831, 8824, 8838, 8844,11768, 8840, 8843,
+     8841, 8846, 8852, 8855, 8854, 8867, 8858, 8862, 8865, 8876,
+    11768, 8871, 8895, 8886, 8884, 8888, 8908,11768, 8903, 8909,
+     8896, 8898, 8899, 8911, 8904, 8902, 8910, 8905, 8915, 8936,
+     8945, 8943, 8951, 8952, 8933, 8938, 8948,11768, 8957, 8958,
+     8964, 8944, 8955, 8959, 8968, 8976, 8961, 8969, 8972, 8977,
+
+     8978, 8983, 8991, 8986, 9003, 9005, 9009, 9010, 9011,11768,
+     8996, 9016, 9001,11768, 9013, 9025, 9014, 9028, 9040, 9027,
+     9030, 9041, 9031, 9037,11768,11768, 9039, 9042, 9058, 9062,
+     9055, 9047, 9063, 9068, 9066, 9072,11768, 9069, 9083, 9074,
+     9087, 9094, 9089,11768, 9092, 9096, 9085, 9104, 9120, 9108,
+     9095, 9111, 9110, 9122, 9118, 9119, 9117,11768, 9116, 9143,
+     9144, 9149, 9154, 9137, 9158, 9157, 9160, 9147, 9153, 9166,
+     9167,11768, 9151,11768,11768,11768, 9181, 9164, 9175, 9188,
+     9185, 9190, 9191, 9192, 9196, 9202, 9195, 9187, 9206,11768,
+     9210,11768,11768, 9215,11768, 9222, 9212, 9230, 9228, 9224,
+
+     9231, 9233,11768, 9229,11768, 9245, 9247, 9246, 9259, 9264,
+     9260, 9251, 9270, 9257, 9269, 9273, 9277, 9263, 9267, 9288,
+     9284, 9290, 9287,11768, 9297, 9291, 9294, 9305, 9310,11768,
+    11768, 9308, 9307, 9309, 9319, 9324, 9343, 9325, 9326, 9315,
+     9344, 9337, 9340, 9350, 9339, 9334, 9351, 9342, 9365, 9367,
+     9368, 9362, 9379,11768, 9376, 9375, 9378,11768, 9372,11768,
+     9382, 9386, 9388, 9394, 9403, 9395, 9408, 9396, 9410, 9421,
+     9401, 9422,11768,11768, 9411, 9431, 9426,11768,11768, 9414,
+     9420, 9430, 9415, 9436, 9438, 9443,11768, 9442, 9446, 9463,
+     9453, 9457, 9456, 9474, 9460,11768, 9461,11768, 9465,11768,
+
+     9472, 9477, 9486, 9469, 9502, 9505,11768, 9488, 9491, 9510,
+     9511, 9506, 9492, 9515,11768, 9513, 9503,11768, 9528, 9521,
+     9523, 9508, 9525, 9531, 9530,11768, 9555, 9541, 9554, 9542,
+    11768, 9548, 9549, 9553, 9543, 9566, 9564, 9551, 9567, 9577,
+    11768, 9579, 9580, 9590, 9576,11768, 9596,11768, 9582, 9592,
+     9587, 9605, 9598,11768, 9588, 9593, 9601, 9615,11768, 9618,
+     9627, 9630, 9628, 9620, 9623,11768, 9634, 9626,11768, 9619,
+     9638, 9640, 9649, 9637, 9651, 9643, 9654, 9648, 9664, 9669,
+     9670,11768,11768, 9682, 9677, 9678, 9679,   73, 9690, 9665,
+     9666, 9667, 9689, 9703, 9705, 9707, 9683, 9714, 9712,11768,
+
+    11768, 9719, 9715, 9716,11768, 9713, 9722,11768, 9699, 9726,
+     9727, 9740, 9732, 9742, 9736, 9741, 9748, 9738, 9752, 9767,
+     9759, 9753, 9763,11768, 9781, 9782, 9764, 9774, 9791, 9794,
+     9801, 9803, 9805, 9780, 9807, 9793, 9788, 9808, 9809, 9797,
+     9820, 9818, 9821, 9833, 9829, 9830, 9831,11768, 9827, 9846,
+     9852, 9844, 9861, 9856, 9858, 9847,11768, 9866, 9860, 9868,
+     9854, 9879,11768, 9870, 9871, 9882, 9872, 9887, 9892,11768,
+     9885, 9900, 9904, 9906, 9899, 9886, 9909, 9902, 9895, 9921,
+    11768, 9911, 9916, 9919, 9926, 9935, 9944, 9949, 9937, 9950,
+     9942,11768, 9943,11768,11768,11768, 9951, 9959, 9946,11768,
+
+     9963, 9961, 9964, 9947,11768, 9979, 9980, 9984, 9999, 9983,
+    11768,11768,11768, 9971, 9992, 9991,11768, 9981,10004,11768,
+    10002,11768, 9982,11768,10007,10008,10016,10006,11768,10020,
+    10018,11768,10010,10023,10024,10045,11768,10053,10054,10055,
+    10047,10037,10040,10039,10042,10063,11768,11768,10067,10070,
+    10066,10072,10075,10073,10074,10082,10084,10078,10083,11768,
+    10081,10092,11768,10108,10102,10109,10116,10101,10100,10110,
+    11768,10104,11768,10121,11768,10113,10119,10136,10134,10141,
+    10129,10135,10147,10152,10140,10146,10144,10165,10161,10151,
+    10163,10175,10180,10167,11768,11768,10200,10184,11768,10177,
+
+    10199,10201,11768,10182,11768,10190,10206,11768,10192,10196,
+    11768,10209,10202,10210,11768,11768,10220,10204,10213,10226,
+    10211,10243,10225,11768,10245,10236,10227,10235,10238,10241,
+    10261,10258,10242,10253,10249,10266,11768,10263,11768,10269,
+    10283,10276,11768,11768,10270,10272,10279,10295,10285,10282,
+    10304,10294,10306,10287,10316,10299,10301,10297,10320,10325,
+    10335,10321,10334,10338,10345,11768,11768,11768,10327,10329,
+    10331,10348,10343,10355,10356,11768,10365,10361,11768,10362,
+    10369,10366,10358,10386,10373,10374,11768,10372,10385,10370,
+    10389,10387,10388,10392,10396,11768,10409,10410,10420,10416,
+
+    10411,10419,10426,10427,10428,10422,10412,10440,10429,10418,
+    10446,10445,11768,11768,10457,10443,11768,10461,10462,11768,
+    11768,10447,10454,11768,10441,10456,10460,10458,10464,11768,
+    10476,10468,10477,10483,11768,10481,10473,10498,10491,10492,
+    10499,10509,10495,10502,10521,10500,10526,11768,10516,10522,
+    10517,10527,10528,10540,11768,11768,10529,10531,11768,10532,
+    10547,10548,10556,10551,10557,10566,10564,11768,10560,11768,
+    10567,10576,10568,10577,10594,10573,10574,10584,10600,11768,
+    10601,10591,10596,10605,11768,10604,10603,10617,10593,10633,
+    11768,10637,10620,10644,10643,11768,10630,10651,10632,11768,
+
+    11768,11768,10653,10655,10652,11768,11768,11768,10658,10661,
+    11768,10663,10669,10649,10684,11768,10671,11768,11768,10687,
+    10670,10693,10704,10694,10706,10695,11768,10702,10700,10708,
+    10692,10698,11768,10715,10717,11768,10711,10723,10728,10716,
+    10730,10740,10744,10721,10726,10742,10749,10734,10736,11768,
+    11768,10733,10755,10750,10757,10760,11768,10768,10763,10773,
+    10764,10761,10779,10794,10796,10798,10777,10788,10804,10802,
+    10817,10806,10783,10801,10797,10815,10822,10813,10819,10839,
+    10831,10848,10850,10836,10847,11768,11768,10853,10841,10856,
+    11768,10857,10858,11768,10842,11768,10861,10862,10865,10870,
+
+    10871,11768,10872,10873,10876,10881,10864,11768,10877,10893,
+    11768,11768,10875,10885,10892,10891,10900,11768,11768,10907,
+    10902,10897,10894,11768,10910,10916,10912,10926,10920,10917,
+    10928,10944,10934,10948,11768,10936,10949,11768,11768,11768,
+    10954,10938,10947,10942,10963,10952,11768,10957,10971,10966,
+    10977,10969,10967,10973,11768,10986,10990,11768,11768,10997,
+    10987,11768,11004,11768,11768,10984,10998,11768,11768,11768,
+    11768,11768,11768,11768,11768,11768,11003,11017,11768,11012,
+    11013,11025,11014,11023,11028,11768,11038,11034,11036,11053,
+    11768,11056,11768,11035,11048,11055,11044,11052,11768,11054,
+
+    11768,11011,11049,11063,11061,11075,11081,11086,11076,11073,
+    11079,11082,11080,11095,11102,11100,11113,11094,11108,11121,
+    11109,11117,11114,11130,11133,11131,11129,11132,11142,11144,
+    11147,11768,11768,11768,11768,11140,11145,11162,11157,11160,
+    11168,11170,11179,11182,11183,11167,11176,11185,11193,11194,
+    11189,11190,11206,11197,11192,11195,11208,11209,11218,11228,
+    11230,11768,11234,11232,11235,11768,11239,11219,11243,11244,
+    11233,11231,11247,11768,11236,11238,11768,11255,11254,11768,
+    11768,11253,11267,11265,11264,11257,11259,11271,11274,11269,
+    11284,11290,11768,11293,11768,11768,11768,11768,11282,11292,
+
+    11768,11298,11768,11768,11281,11301,11768,11291,11303,11306,
+    11300,11768,11315,11318,11317,11324,11325,11320,11341,11348,
+    11343,11768,11768,11333,11334,11340,11349,11356,11352,11768,
+    11350,11357,11367,11361,11377,11382,11384,11385,11373,11396,
+    11768,11375,11383,11393,11406,11402,11408,11400,11768,11409,
+    11412,11414,11419,11423,11398,11424,11434,11426,11428,11432,
+    11768,11436,11768,11439,11449,11445,11451,11433,11448,11455,
+    11461,11472,11768,11768,11768,11460,11476,11768,11459,11489,
+    11474,11491,11495,11497,11498,11487,11508,11509,11510,11511,
+    11521,11519,11520,11512,11523,11522,11768,11768,11530,11524,
+
+    11768,11529,11539,11533,11540,11561,11768,11545,11546,11550,
+    11563,11574,11568,11768,11576,11578,11573,11768,11577,11768,
+    11768,11579,11566,11589,11583,11587,11768,11768,11768,11648,
+    11655,11662,11669,11676,11683,11690,  100,11697,11704,11711,
+    11718,11725,11732,11739,11746,11753,11760
     } ;
 
-static const flex_int16_t yy_def[4136] =
+static const flex_int16_t yy_def[4148] =
     {   0,
-     4117,    1, 4118, 4118, 4119, 4119, 4120, 4120, 4121, 4121,
-     4122, 4122, 4123, 4123, 4124, 4124, 4117, 4125, 4117, 4117,
-     4117, 4117, 4126, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4127, 4117, 4117,
-     4117, 4127, 4128, 4117, 4117, 4117, 4128, 4129, 4117, 4117,
-     4117, 4117, 4129, 4130, 4117, 4117, 4117, 4130, 4131, 4117,
-     4132, 4117, 4131, 4131, 4133, 4117, 4117, 4117, 4117, 4133,
-     4134, 4117, 4117, 4117, 4134, 4125, 4125, 4117, 4135, 4126,
-     4135, 4126, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4127, 4127, 4128, 4128, 4129, 4129,
-     4117, 4130, 4130, 4131, 4131, 4132, 4132, 4131, 4133, 4133,
-     4117, 4134, 4134, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4131, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4131, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4131,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4131,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4117, 4117, 4125, 4125, 4117, 4117, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4131, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4117, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4117, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125,
-     4131, 4131, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4131,
-     4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4117, 4117, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4117, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4131, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4117, 4125, 4125, 4125, 4131, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4117, 4117, 4125, 4125, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-
-     4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4131, 4125, 4117, 4125, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4117, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4117, 4125,
-     4117, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4117,
-     4117, 4125, 4117, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4117, 4117, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4117, 4125, 4125, 4131, 4125, 4125, 4125, 4125,
-     4117, 4125, 4125, 4117, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4117, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4117, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4131, 4125, 4117, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4117,
-     4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4117, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-
-     4117, 4125, 4117, 4125, 4117, 4125, 4125, 4117, 4117, 4125,
-     4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4117, 4125,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4131, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4117, 4117, 4117, 4125, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4117, 4117,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4117, 4125, 4117, 4117, 4125, 4117,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4117,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4131,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4117, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4125, 4125, 4117, 4125, 4117, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4117, 4125,
-     4125, 4125, 4117, 4117, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4117, 4125, 4117, 4125, 4117, 4125, 4125, 4125, 4125, 4125,
-
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-     4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4117,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-     4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4117, 4117, 4125, 4125, 4125,
-     4125, 4131, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4117, 4125, 4125, 4125, 4117, 4125,
-
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4117, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4117, 4125, 4117, 4117, 4117, 4125,
-     4125, 4125, 4117, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-
-     4125, 4125, 4125, 4117, 4117, 4117, 4125, 4125, 4125, 4117,
-     4125, 4125, 4117, 4125, 4117, 4125, 4117, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4117,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4117, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4117, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4117, 4125,
-     4125, 4117, 4125, 4125, 4125, 4117, 4125, 4117, 4125, 4117,
-
-     4125, 4125, 4117, 4125, 4125, 4125, 4117, 4117, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4117, 4125, 4125, 4125, 4117, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4117, 4117,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4117, 4117, 4125, 4125, 4117, 4125,
-     4125, 4117, 4117, 4125, 4117, 4125, 4125, 4125, 4125, 4125,
-     4117, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4117, 4117, 4125, 4125, 4117,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4117, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-     4117, 4117, 4117, 4125, 4125, 4125, 4117, 4117, 4117, 4125,
-
-     4125, 4117, 4125, 4125, 4125, 4125, 4117, 4125, 4117, 4117,
-     4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-     4125, 4125, 4117, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-     4117, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4117, 4117, 4125, 4125, 4125,
-     4117, 4125, 4125, 4117, 4125, 4117, 4125, 4125, 4125, 4125,
-     4117, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4117,
-
-     4117, 4125, 4125, 4125, 4125, 4125, 4117, 4117, 4125, 4125,
-     4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4117, 4117, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4117, 4117, 4125, 4125,
-     4117, 4125, 4117, 4117, 4125, 4125, 4117, 4117, 4117, 4117,
-     4117, 4117, 4117, 4117, 4125, 4125, 4117, 4125, 4125, 4125,
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4117, 4125,
-     4117, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-     4117, 4117, 4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-     4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4117, 4125, 4125, 4117, 4125, 4125, 4117, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4117, 4125, 4117, 4117, 4117, 4117, 4125, 4125, 4117, 4125,
-     4117, 4117, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4117,
-
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4117, 4125,
-     4117, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4117, 4117, 4117, 4125, 4125, 4117, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125, 4125,
-     4125, 4125, 4125, 4125, 4117, 4117, 4125, 4125, 4117, 4125,
-     4125, 4125, 4125, 4125, 4117, 4125, 4125, 4125, 4125, 4125,
-
-     4125, 4117, 4125, 4125, 4125, 4117, 4125, 4117, 4117, 4125,
-     4125, 4125, 4125, 4125, 4117, 4117,    0, 4117, 4117, 4117,
-     4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117,
-     4117, 4117, 4117, 4117, 4117
+     4129,    1, 4130, 4130, 4131, 4131, 4132, 4132, 4133, 4133,
+     4134, 4134, 4135, 4135, 4136, 4136, 4129, 4137, 4129, 4129,
+     4129, 4129, 4138, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4139, 4129, 4129,
+     4129, 4139, 4140, 4129, 4129, 4129, 4140, 4141, 4129, 4129,
+     4129, 4129, 4141, 4142, 4129, 4129, 4129, 4142, 4143, 4129,
+     4144, 4129, 4143, 4143, 4145, 4129, 4129, 4129, 4129, 4145,
+     4146, 4129, 4129, 4129, 4146, 4137, 4137, 4129, 4147, 4138,
+     4147, 4138, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4139, 4139, 4140, 4140, 4141, 4141,
+     4129, 4142, 4142, 4143, 4143, 4144, 4144, 4143, 4145, 4145,
+     4129, 4146, 4146, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4143, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4143, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4129, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4143,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4143,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4129, 4137, 4129, 4129, 4137, 4137, 4129, 4129, 4137,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4143, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4129, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4129, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137,
+     4143, 4143, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4143,
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4129, 4129, 4137, 4129, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4129, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4129,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4143, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137,
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4129, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137,
+     4129, 4137, 4137, 4137, 4143, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4129, 4129, 4137, 4137, 4137, 4137, 4129,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4129,
+
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4129,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4143, 4137, 4129, 4137, 4137, 4137, 4129,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4129, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4129,
+     4137, 4129, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137,
+     4137, 4129, 4129, 4137, 4129, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137,
+     4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137,
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4129, 4129, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4129, 4137, 4137, 4143, 4137, 4137,
+     4137, 4137, 4129, 4137, 4137, 4129, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137,
+
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4129, 4137, 4129, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137,
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4129,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4129, 4137, 4129, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4143, 4137, 4129, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4129, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4129, 4137,
+     4137, 4137, 4137, 4137, 4129, 4129, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4129, 4129, 4137, 4129, 4137, 4129, 4137,
+     4137, 4129, 4129, 4137, 4137, 4137, 4137, 4137, 4129, 4137,
+     4137, 4137, 4129, 4137, 4129, 4137, 4137, 4137, 4137, 4137,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4143, 4137, 4137, 4137,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4129, 4129, 4137,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129,
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4129, 4129, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4129, 4137, 4129, 4129, 4129, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129,
+     4137, 4129, 4129, 4137, 4129, 4137, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4129, 4137, 4129, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4143, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4129,
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4129, 4137, 4129,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4129, 4129, 4137, 4137, 4137, 4129, 4129, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4129, 4137, 4129,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4129, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137,
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4129, 4137, 4137, 4137, 4137, 4129, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4129, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4129, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4129, 4129, 4137, 4137, 4137, 4137, 4143, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129,
+
+     4129, 4137, 4137, 4137, 4129, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4129,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4129, 4137, 4129, 4129, 4129, 4137, 4137, 4137, 4129,
+
+     4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137,
+     4129, 4129, 4129, 4137, 4137, 4137, 4129, 4137, 4137, 4129,
+     4137, 4129, 4137, 4129, 4137, 4137, 4137, 4137, 4129, 4137,
+     4137, 4129, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129,
+     4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4129, 4137, 4129, 4137, 4129, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4129, 4129, 4137, 4137, 4129, 4137,
+
+     4137, 4137, 4129, 4137, 4129, 4137, 4137, 4129, 4137, 4137,
+     4129, 4137, 4137, 4137, 4129, 4129, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4129, 4137,
+     4137, 4137, 4129, 4129, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4129, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4129, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137,
+
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4129, 4129, 4137, 4137, 4129, 4137, 4137, 4129,
+     4129, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4129,
+     4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4129, 4129, 4137, 4137, 4129, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4129,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129,
+     4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137,
+     4129, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4129,
+
+     4129, 4129, 4137, 4137, 4137, 4129, 4129, 4129, 4137, 4137,
+     4129, 4137, 4137, 4137, 4137, 4129, 4137, 4129, 4129, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4137, 4129, 4137, 4137, 4129, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129,
+     4129, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4129, 4137, 4137, 4137,
+     4129, 4137, 4137, 4129, 4137, 4129, 4137, 4137, 4137, 4137,
+
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137,
+     4129, 4129, 4137, 4137, 4137, 4137, 4137, 4129, 4129, 4137,
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4129, 4137, 4137, 4129, 4129, 4129,
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4129, 4137, 4137, 4129, 4129, 4137,
+     4137, 4129, 4137, 4129, 4129, 4137, 4137, 4129, 4129, 4129,
+     4129, 4129, 4129, 4129, 4129, 4129, 4137, 4137, 4129, 4137,
+     4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137,
+     4129, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4129, 4137,
+
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4129, 4129, 4129, 4129, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4129, 4137, 4137, 4137, 4129, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4129, 4137, 4137, 4129, 4137, 4137, 4129,
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4129, 4137, 4129, 4129, 4129, 4129, 4137, 4137,
+
+     4129, 4137, 4129, 4129, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4129, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4129,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4129, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4129, 4137, 4129, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4129, 4129, 4129, 4137, 4137, 4129, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137, 4137,
+     4137, 4137, 4137, 4137, 4137, 4137, 4129, 4129, 4137, 4137,
+
+     4129, 4137, 4137, 4137, 4137, 4137, 4129, 4137, 4137, 4137,
+     4137, 4137, 4137, 4129, 4137, 4137, 4137, 4129, 4137, 4129,
+     4129, 4137, 4137, 4137, 4137, 4137, 4129, 4129,    0, 4129,
+     4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129,
+     4129, 4129, 4129, 4129, 4129, 4129, 4129
     } ;
 
-static const flex_int16_t yy_nxt[11833] =
+static const flex_int16_t yy_nxt[11835] =
     {   0,
        18,   19,   20,   21,   22,   23,   22,   18,   18,   18,
        18,   18,   22,   24,   25,   26,   27,   28,   29,   18,
@@ -1845,199 +1848,199 @@ static const flex_int16_t yy_nxt[11833] =
       230,  224,   87,   87,  221,  222,  237,  240,   87,  241,
       239,  242,  243,  238,  245,  244,  231,  228,   87,  246,
        87,  232,  234,   87,   87,   87,  233,  252,   87,  251,
-      166,   87, 4117,  237,  240,   87,  241,   87,  242,  243,
+      166,   87, 4129,  237,  240,   87,  241,   87,  242,  243,
       238,  245,  244,  247,  250,   87,  246,  248,  257,  254,
       253,   87,  353,  249,  252,   87,  251,   87,  255,  259,
 
        87,  258,   87,  266,  256,   87,  355,   87,  260,  359,
       247,  250,   87,  263,  248,  257,  254,  253,   87,  261,
       249,  264,  267,  262,   87,  255,  259,   87,  258,  265,
-      266,  256,   87,  272,  270,  260,  275, 4117,   87,  268,
+      266,  256,   87,  272,  270,  260,  275, 4129,   87,  268,
       263,   87,  269,  273,   87,  271,  261,   87,   87,  267,
       262,   87,  279,   87,   87,  276,  265,  284,  281,  280,
-      272,  270,  282,  275,  277,  283,  268,   87, 4117,  269,
-      273,   87,  271,   87, 4117,   87,  278,  285, 4117,  279,
-       87,   87,  276, 4117,  284,  281,  280,   87,  286,  282,
-       87,  277,  283,  169, 4117,  169,  169,  174,  169,  174,
+      272,  270,  282,  275,  277,  283,  268,   87, 4129,  269,
+      273,   87,  271,   87, 4129,   87,  278,  285, 4129,  279,
+       87,   87,  276, 4129,  284,  281,  280,   87,  286,  282,
+       87,  277,  283,  169, 4129,  169,  169,  174,  169,  174,
 
       174,  287,  174,  278,  285,   91,  288,   91,   91,  290,
        91,  179,  175,  179,  179,  286,  179,  291,   87,  295,
-      289,  296,  297,   87,  300,  298,  293, 4117,  287,   87,
+      289,  296,  297,   87,  300,  298,  293, 4129,  287,   87,
        87,   87,  299,  294,  301,   87,  290,   87,   87,  302,
-       87, 4117,  306,  177,  291,   87,  295,  289,  296,  297,
+       87, 4129,  306,  177,  291,   87,  295,  289,  296,  297,
        87,  300,  298,  293,   87,  319,  303,   87,  320,  299,
       294,  301,  304,  305,   87,   87,  302,  310,  307,  306,
       308,  311,  321,   87,  324,  312,  323,  322,  325,  327,
       328,   87,  319,  326,   87,  320,   87, 1049,   87,  304,
       305,  330,  313,  826,   87,  307,   87,  308,   87,   87,
 
-       87,  324,  312,  323,   87,  325,  327,  331,  329, 4117,
+       87,  324,  312,  323,   87,  325,  327,  331,  329, 4129,
       326,  332,   87,  333,   87,  334,   87,  362,  330,  313,
-      314,   87,   87,  337,  338,  315,   87,   87, 4117,   87,
+      314,   87,   87,  337,  338,  315,   87,   87, 4129,   87,
       316,  339,   87,  345,  331,  329,  317,  318,  332,  346,
-      333,  335,  334,   87,  336, 4117,   87,  314,   87,   87,
+      333,  335,  334,   87,  336, 4129,   87,  314,   87,   87,
       337,  338,  315,   87,  347,   87,   87,  316,  339,  348,
-      345,   87, 4117,  317,  318,  351,  346,  350,  335,  356,
-       87,  336,  340,  354,  364,  341,  352,  342,  358, 4117,
-       87,  347,  367,  357,   87,  360,  348, 4117,  363,  343,
-     4117,  344, 4117,   87,  350,  368,  369,   87,   87,  340,
+      345,   87, 4129,  317,  318,  351,  346,  350,  335,  356,
+       87,  336,  340,  354,  364,  341,  352,  342,  358, 4129,
+       87,  347,  367,  357,   87,  360,  348, 4129,  363,  343,
+     4129,  344, 4129,   87,  350,  368,  369,   87,   87,  340,
 
       354,   87,  341,  352,  342,  358,   87,   87,  365,   87,
       357,   87,  360,  366,   87,  363,  343,   87,  344,  370,
-      371,  374,  368,  369,   87,  372,   87,  377,  376, 4117,
-      375,  378,  379,   87,  373,  365,  382, 4117,  389,   87,
+      371,  374,  368,  369,   87,  372,   87,  377,  376, 4129,
+      375,  378,  379,   87,  373,  365,  382, 4129,  389,   87,
       366,   87,   87,   87,  380,  385,  370,  371,  374,   87,
        87,   87,  372,   87,  377,  376,   87,  375,  378,  379,
       383,  373,  381,  382,  387,  384,  386,   87,  392,  388,
        87,  380,  385,   87,   87,   87,  390,  391,  393,  394,
-      395,  398,  397, 4117,   87,   87,   87,   87,  396,  381,
+      395,  398,  397, 4129,   87,   87,   87,   87,  396,  381,
        87,  387,   87,  386,  399,  392,  388,  400,  402,  407,
 
       406,   87,   87,  390,  391,  403,  394,  395,  398,  397,
-       87,  401,  404,   87,  405,  396,  409,  410, 4117,   87,
-       87, 4117,  408,  414,  412,   87,   87,   87,   87,   87,
+       87,  401,  404,   87,  405,  396,  409,  410, 4129,   87,
+       87, 4129,  408,  414,  412,   87,   87,   87,   87,   87,
        87,   87,  403,  422,  411,  419,  413,  415,  401,  404,
        87,  405,   87,   87,  410,   87,  416,  417,   87,  408,
       414,  412,  175,  418,   87,  420,  421,   87,  423,   87,
        87,  411,  419,  413,  415,   87,   87,  424,  426,  425,
-      429, 4117,  427,  416,  417,  428,  434,  430,   87,   87,
-      418, 4117,  420,  421,   87,  431,  432,  435,   87,   87,
+      429, 4129,  427,  416,  417,  428,  434,  430,   87,   87,
+      418, 4129,  420,  421,   87,  431,  432,  435,   87,   87,
        87,   87,  436,  439,  424,   87,  425,  429,   87,  427,
 
        87,  433,  428,   87,  430,   87,  437,  441,   87,  438,
       452,   87,  431,  432,  435,   87,   87,   87,  442,  436,
-      439,  443,  447, 4117,  445, 4117,  444,  454,  433,  448,
-     4117,  456,   87,  437,  441,   87,  438,   87,  446,  449,
+      439,  443,  447, 4129,  445, 4129,  444,  454,  433,  448,
+     4129,  456,   87,  437,  441,   87,  438,   87,  446,  449,
       450,  461,   87,  459,   87,  442,   87,   87,  443,  447,
        87,  445,   87,  444,  451,  453,  448,   87,   87,   87,
       455,  457,   87,   87,  460,  446,  449,  450,   87,   87,
-      459,  462,  464,   87,  465,  467, 4117, 4117,  458,   87,
+      459,  462,  464,   87,  465,  467, 4129, 4129,  458,   87,
       468,  451,  453,   87,   87,   87,   87,  455,  457,   87,
-      466,  460,  469,  478, 4117,  463,   87,  471, 4117,  464,
+      466,  460,  469,  478, 4129,  463,   87,  471, 4129,  464,
 
       470,  465,  467,   87,  472,  458,   87,  468,  474,   87,
-     4117,  479,   87,  480,  473,  476,   87,  466,  525,  469,
+     4129,  479,   87,  480,  473,  476,   87,  466,  525,  469,
        87,  475,  463,   87,  471,   87,   87,  470,  481,  482,
-       87,  472,  477, 4117,   87,  474,  490,  491,  479,   87,
-      492,  473,  476,  501,   87,   87,   87, 4117,  475,  530,
+       87,  472,  477, 4129,   87,  474,  490,  491,  479,   87,
+      492,  473,  476,  501,   87,   87,   87, 4129,  475,  530,
        87,  502,   87,  500,   87,  481,  482,   87,  508,  477,
-      483,  509,   87,  490,  491,  484,   87,  492,  485, 4117,
+      483,  509,   87,  490,  491,  484,   87,  492,  485, 4129,
       501,  503,  504,  486,  487,  488,  489,   87,  502,  505,
-      500,   87,   87,   87,  506,  508, 4117,  483,   87,  518,
-     4117, 4117,  484, 4117,  516,  485,   87,  512,  503,  504,
+      500,   87,   87,   87,  506,  508, 4129,  483,   87,  518,
+     4129, 4129,  484, 4129,  516,  485,   87,  512,  503,  504,
 
       486,  487,  488,  489,  493,  517,  494,  510,  495,   87,
-      511,   87,   87,  513, 4117,  520,   87,   87,  496,  497,
+      511,   87,   87,  513, 4129,  520,   87,   87,  496,  497,
       498,  516,  499,   87,  512,   87,  514,  515,   87,  519,
-      524,  493,  517,  494,  510,  495,   87,  511,  521, 4117,
+      524,  493,  517,  494,  510,  495,   87,  511,  521, 4129,
       513,   87,  520,  523,  526,  496,  497,  498,  522,  499,
        87,   87,   87,  514,  515,   87,  519,  524,  527,   87,
-      528,  529,  535,  537,   87,  521,   87,   87, 4117,   87,
-      523,  526,  531,   87,  532,  522,  549, 4117,  536, 4117,
-      538, 4117,  541,  533,  542,  527,  539,  528,  529,  535,
+      528,  529,  535,  537,   87,  521,   87,   87, 4129,   87,
+      523,  526,  531,   87,  532,  522,  549, 4129,  536, 4129,
+      538, 4129,  541,  533,  542,  527,  539,  528,  529,  535,
       534,  543,  540,  544,   87,   87,  550,  551,   87,  531,
 
        87,  532,   87,  549,   87,  536,   87,  538,   87,  541,
       533,  542,  552,  539,  545,  553,  567,  534,  543,  540,
       571,  566,   87,  550,  569,   87,  585,  546,   87,   87,
-      547,  586,  548,   87,  568, 4117,   87,   87,   87,   87,
-       87,  545,  553,  567,  570, 4117,  587,  571,  566,  572,
-     4117,  569, 4117, 4117,  546,  583,   87,  547,   87,  548,
-      554,  568,  555,  584, 4117,  573,  574,   87,  556,  590,
-     4117,  570,  557,   87,  596,  175,  572,  558,   87,   87,
+      547,  586,  548,   87,  568, 4129,   87,   87,   87,   87,
+       87,  545,  553,  567,  570, 4129,  587,  571,  566,  572,
+     4129,  569, 4129, 4129,  546,  583,   87,  547,   87,  548,
+      554,  568,  555,  584, 4129,  573,  574,   87,  556,  590,
+     4129,  570,  557,   87,  596,  175,  572,  558,   87,   87,
       559,   87,  583,   87,  588,  592,   87,  554,  593,  555,
       584,  589,  573,  574,  591,  556,  590,   87,  659,  557,
 
-      595,  596,   87, 4117,  558,   87,   87,  559,  560,  594,
+      595,  596,   87, 4129,  558,   87,   87,  559,  560,  594,
       561,  588,  592,  597,   87,  593,  599,   87,  589,   87,
       598,  591,  610,  562,  600,  659,  563,   87,  564,   87,
       565,  617,   87,  601,   87,  560,  594,  561,  604,  605,
-      597, 4117, 4117,  599, 4117,   87,   87,  598, 4117,  606,
+      597, 4129, 4129,  599, 4129,   87,   87,  598, 4129,  606,
       562,  607,  608,  563,   87,  564,   87,  565,  575,  576,
-      601,   87,  602,   87,  611,  604,  605, 4117,  577,  578,
+      601,   87,  602,   87,  611,  604,  605, 4129,  577,  578,
       579,  580,  581,   87,   87,  582,  606,  613,  607,  608,
-      603,  609, 4117,   87,   87,  575,  576,  612,  615,  602,
+      603,  609, 4129,   87,   87,  575,  576,  612,  615,  602,
        87,  611,   87,   87,   87,  577,  578,  579,  580,  581,
 
       614,   87,  582,  616,  613,  619,  620,  603,  609,   87,
-      625,  618,   87,   87,  612,  615,   87,  621,  622, 4117,
+      625,  618,   87,   87,  612,  615,   87,  621,  622, 4129,
       628,   87,  623,  626,  624,  633,  627,  614,   87,   87,
-      616,   87,  619,  620,   87,  629, 4117,  625,  618,   87,
-      630,  631, 4117, 4117,  636,   87,   87,  628,   87,  623,
-      626,  624,  633,  627,  634,  637, 4117,   87,  632, 4117,
-      638, 4117,  629,   87,  639,   87,  641,  630,  631,  635,
+      616,   87,  619,  620,   87,  629, 4129,  625,  618,   87,
+      630,  631, 4129, 4129,  636,   87,   87,  628,   87,  623,
+      626,  624,  633,  627,  634,  637, 4129,   87,  632, 4129,
+      638, 4129,  629,   87,  639,   87,  641,  630,  631,  635,
        87,  636,   87,  652,  640,   87,  653,   87,  657,   87,
       671,  634,  637,   87,  654,  632,  655,  638,  642,  643,
-      656,  639,  658,  641,   87,  660,  635,  661,   87, 4117,
+      656,  639,  658,  641,   87,  660,  635,  661,   87, 4129,
 
       644,  640,  645,  653,  662,   87,   87,   87,   87,   87,
        87,  654,   87,  655,  664,  642,  643,  656,   87,  658,
-      665,   87,  660,  666,  661, 4117,   87,  644,  663,  645,
+      665,   87,  660,  666,  661, 4129,   87,  644,  663,  645,
       646,  662,  668,  673,   87,   87,  667,  669,  647,  648,
-       87,  664,  649,  650,   87,  670,  651,  665, 4117,  674,
-       87,   87,   87,  672,   87,  663,   87,  646, 4117,  668,
+       87,  664,  649,  650,   87,  670,  651,  665, 4129,  674,
+       87,   87,   87,  672,   87,  663,   87,  646, 4129,  668,
       673,   87,  675,  667,  669,  647,  648,  680,   87,  649,
-      650,   87,  670,  651,  676,   87,  674,  677, 4117,  678,
-      672,  681,   87,  682,  686,  683, 4117,  679,   87,  675,
+      650,   87,  670,  651,  676,   87,  674,  677, 4129,  678,
+      672,  681,   87,  682,  686,  683, 4129,  679,   87,  675,
        87,  684,   87,  689,  680,  687,   87,  688,  685,   87,
 
        87,  676,  691,  693,  677,   87,  678,  694,  681,   87,
       682,  686,  683,   87,  679,   87,   87,   87,  684,   87,
       689,  690,  687,  692,  688,  685,  695,  696,   87,  691,
-      693,   87, 4117,   87,  694,  697,   87,  698,  699, 4117,
+      693,   87, 4129,   87,  694,  697,   87,  698,  699, 4129,
       700,  702,  701,   87,  703,   87,   87,   87,  690,  704,
-      692,  709, 4117,  695,  710,  705,   87,   87,   87,   87,
+      692,  709, 4129,  695,  710,  705,   87,   87,   87,   87,
        87,   87,  697,  712,  698,  699,   87,  700,  702,  701,
        87,  703,  706,  716,  707,  708,  704,  711,  709,  715,
-      713,   87,  705,  714,   87,  718,   87,  717, 4117,  719,
-       87,   87,  720,  721,  725,   87, 4117,   87,   87,  706,
+      713,   87,  705,  714,   87,  718,   87,  717, 4129,  719,
+       87,   87,  720,  721,  725,   87, 4129,   87,   87,  706,
 
       722,  707,  708,  723,  711,   87,  715,  713,   87,   87,
       714,  724,  718,   87,  717,   87,  719,   87,  726,  720,
       721,  728,  727,  730,  734,   87,   87,  722,  732,   87,
       723,  733,  731,   87,  736,  738,   87,   87,  724,  771,
-     4117, 4117,  735,   87,  729,  726,   87,   87,  737,  727,
+     4129, 4129,  735,   87,  729,  726,   87,   87,  737,  727,
       730,  734,   87,   87,   87,  732,   87,   87,  733,  731,
        87,  736,  738,  739,  740,  741,  771,  751,  752,  735,
       750,  729,   87,   87,   87,  737,  753,   87,  754,   87,
-       87,  791,  755,  796, 4117,  805,   87,  757, 4117,  760,
+       87,  791,  755,  796, 4129,  805,   87,  757, 4129,  760,
       739,  740,  741,  742,  751,  752,  756,  750,  743,   87,
 
-      744,   87, 4117,  753,   87,  754,  745,   87,  746,  755,
+      744,   87, 4129,  753,   87,  754,  745,   87,  746,  755,
        87,  747,  748,   87,  757,   87,  760,   87,  749,   87,
-      742,  761,  758,  756,  765,  743,  759,  744, 4117,  763,
-      770, 4117,  764,  745,  768,  746, 4117,  766,  747,  748,
+      742,  761,  758,  756,  765,  743,  759,  744, 4129,  763,
+      770, 4129,  764,  745,  768,  746, 4129,  766,  747,  748,
        87,  762,   87,   87,   87,  749,   87,  767,  761,  758,
       773,  765,  769,  759,   87,  772,  763,  770,  774,  764,
        87,  768,   87,   87,  775,  777,  776,  780,  762,   87,
-      779,  778, 4117,  782,  767,   87,   87,  773,   87,  769,
+      779,  778, 4129,  782,  767,   87,   87,  773,   87,  769,
        87,  781,  772,   87,  783,  774,   87,  788,  786,  785,
        87,  775,  777,  776,  780,   87,   87,  779,  778,  784,
 
       782,   87,   87,  787,  789,   87,  790,   87,  781,   87,
-      792,  783,  793,  794,  788,  786,  785, 4117,   87,  795,
+      792,  783,  793,  794,  788,  786,  785, 4129,   87,  795,
       799,   87,  797,  801,   87,   87,  784,   87,  800,  175,
       787,  789,   87,  790,   87,  798,  804,  792,  802,  793,
       794,   87,   87,   87,   87,  803,  795,  799,   87,  797,
-      801,  806,  807,  808,  809,  800,  810, 4117, 4117,  812,
+      801,  806,  807,  808,  809,  800,  810, 4129, 4129,  812,
       811,  816,  798,   87,   87,  802,   87,  813,  814,   87,
-       87,   87,  803,   87,  815,  824,  825, 4117,  806,  827,
+       87,   87,  803,   87,  815,  824,  825, 4129,  806,  827,
        87,  809,  820,  810,   87,   87,  812,  811,  816,   87,
       817,   87,  823,   87,  813,  814,  828,  818,   87,  821,
 
       819,  815,   87,   87,  822,  829,   87,  830,   87,  820,
-      831,   87, 4117,  833,  834,  832,  837,  817,  835,  823,
+      831,   87, 4129,  833,  834,  832,  837,  817,  835,  823,
        87,  838,   87,   87,  818,  836,  840,  819,  839,   87,
-      845,   87,   87,   87,  841, 4117,  843,  844,   87,   87,
+      845,   87,   87,   87,  841, 4129,  843,  844,   87,   87,
       833,  834,   87,  837,   87,  835,  847,   87,  838,   87,
        87,  851,  836,  840,  842,  839,   87,  849,   87,  846,
        87,  841,   87,  843,  844,  848,   87,  850,  854,   87,
-      852, 4117,  858,  847,   87,  860,  856,   87,  851,   87,
+      852, 4129,  858,  847,   87,  860,  856,   87,  851,   87,
        87,  842,   87,  853,  849,  855,  846,   87,   87,   87,
        87,  857,  848,   87,  850,  854,  866,  852,   87,  859,
 
       861,  872,  860,  856,   87,  862,  865,  867,  863,  864,
-      853, 4117,  855,   87,  868,   87,   87,  869,  857,  874,
+      853, 4129,  855,   87,  868,   87,   87,  869,  857,  874,
       870,   87,   87,  866,   87,   87,  859,  861,  872,  873,
       871,  875,  862,  865,  867,  863,  864,  876,  879,   87,
       877,  868,   87,   87,  869,  881,   87,  870,  880,   87,
@@ -2047,79 +2050,79 @@ static const flex_int16_t yy_nxt[11833] =
        87,  886,  883,   87,  891,  892,  893,  885,  894,  878,
       896,  895,   87,   87,   87,  898,   87,   87,  887,  899,
 
-       87,   87,  897,  888,   87,  890,  900,  912,   87, 4117,
+       87,   87,  897,  888,   87,  890,  900,  912,   87, 4129,
        87,  891,  892,  893,  901,  894,  905,  896,  895,  904,
-       87, 4117,  898,  902,  903, 4117,  906,   87,  907,  897,
+       87, 4129,  898,  902,  903, 4129,  906,   87,  907,  897,
        87,   87,  908,  900,  909,  910,  911,   87,   87,   87,
        87,  901,  913,  905,   87,   87,  904,   87,   87,  914,
-      915,  917,   87,  906, 4117,  907,  916,   87,   87,  908,
+      915,  917,   87,  906, 4129,  907,  916,   87,   87,  908,
       918,  909,  910,  911,   87,  919,  921,  922,  923,  913,
-      920,   87,  931,   87,   87,  924, 4117,  915,  917,   87,
+      920,   87,  931,   87,   87,  924, 4129,  915,  917,   87,
        87,   87,  932,  916,  935,  941,   87,  918,  933,   87,
-       87,   87,  958,  921,  922,  923,  936,   87, 4117,  934,
+       87,   87,  958,  921,  922,  923,  936,   87, 4129,  934,
 
-     4117, 4117,  924,  925,   87,  926,   87, 4117,  937,  932,
+     4129, 4129,  924,  925,   87,  926,   87, 4129,  937,  932,
       939,  935,  927,  938,  942,  933,  947,   87,  928,  929,
       930,   87,   87,  936,   87,  940,  934,   87,   87,   87,
       925,  945,  926,   87,   87,  937,  946,  939,  943,  927,
       938,  942,   87,  947,  949,  928,  929,  930,  944,  948,
       950,   87,  940,  951,  956,  952,  959,  953,   87,  954,
        87,   87,   87,   87,  955,  943,   87,  957,   87,   87,
-      960,  949, 4117,   87,   87,  944,  948,  950,   87,   87,
-      951,  956,  952,  959,  953, 4117,  954,  961,   87,  962,
+      960,  949, 4129,   87,   87,  944,  948,  950,   87,   87,
+      951,  956,  952,  959,  953, 4129,  954,  961,   87,  962,
       964,  955,  968,  963,  957,  965,  967,  960,   87,   87,
 
       969,   87,   87,  972,  966,  970,  971,   87,   87,  973,
-     4117,   87,  975, 4117,  961,   87,  962,  964,   87,   87,
+     4129,   87,  975, 4129,  961,   87,  962,  964,   87,   87,
       963,   87,  965,  967,   87, 1008,  974,  969,  976,  977,
       972,  966,  970,  971,   87,   87,  973,   87,  978,  975,
        87,  979,  980,  981,  982,  983,  984,   87,  985,  987,
        87,   87,   87,  974,  986,  976,  977,   87,  988,   87,
-      991, 4117,   87,  989, 4117,  978,   87,   87,  979,  980,
+      991, 4129,   87,  989, 4129,  978,   87,   87,  979,  980,
       981,  982,  983,  984,   87,  985,  987,   87,  990,   87,
       993,  986,   87,  992,  994,  988,  995,  991,   87,  997,
-      989,   87,  996,  998,   87,  999,   87, 4117,   87, 1000,
+      989,   87,  996,  998,   87,  999,   87, 4129,   87, 1000,
 
      1003, 1018, 1004, 1001, 1002,  990,   87,  993, 1097,   87,
       992,  994,   87,  995,   87,   87,  997,   87,   87,  996,
       998,   87,  999, 1005,   87, 1006, 1000, 1003,   87, 1004,
-     1001, 1002, 1007, 1009, 1010,   87, 1012, 4117, 1013, 1011,
+     1001, 1002, 1007, 1009, 1010,   87, 1012, 4129, 1013, 1011,
      1015,   87, 1014,   87, 1016, 1017, 1026,   87, 1021,   87,
      1005,   87, 1006, 1022,   87,  175,   87,   87,   87, 1007,
      1009, 1010,   87, 1012,   87, 1013, 1011, 1015, 1019, 1014,
      1023, 1016, 1017, 1024, 1025, 1027, 1020, 1028,   87, 1031,
        87,   87,   87,   87,   87, 1029, 1033, 1032, 1034, 1037,
-     1030,   87,   87, 4117,   87, 1019,   87, 1023, 1036, 1064,
+     1030,   87,   87, 4129,   87, 1019,   87, 1023, 1036, 1064,
 
      1024, 1025, 1027, 1020, 1028,   87, 1031, 1035,   87,   87,
        87, 1114, 1029, 1038, 1032, 1048, 1037, 1030,   87, 1039,
-       87,   87,   87, 1040, 4117, 1036,   87,   87, 1050, 1051,
-       87,   87, 1052, 4117, 1035, 1061, 1053, 1056,   87, 1054,
-     1038,   87, 1048,   87,   87, 1116, 1039,   87,   87, 4117,
+       87,   87,   87, 1040, 4129, 1036,   87,   87, 1050, 1051,
+       87,   87, 1052, 4129, 1035, 1061, 1053, 1056,   87, 1054,
+     1038,   87, 1048,   87,   87, 1116, 1039,   87,   87, 4129,
      1040, 1041, 1055,   87, 1042, 1050, 1051, 1057, 1043, 1052,
        87, 1044, 1061, 1053, 1056, 1058, 1054, 1059, 1045, 1046,
-       87, 1047,   87, 1060, 1062, 1063,   87, 4117, 1041, 1055,
+       87, 1047,   87, 1060, 1062, 1063,   87, 4129, 1041, 1055,
        87, 1042,   87, 1073, 1057, 1043, 1074,   87, 1044,   87,
        87,   87, 1058,   87, 1059, 1045, 1046, 1081, 1047, 1075,
 
      1060, 1062, 1063, 1065, 1066,   87, 1067, 1076,   87, 1068,
-     1073, 4117, 1077, 1074, 1069, 1078,   87, 1082,   87,   87,
-     1070, 1071, 1079, 1072, 1081,   87, 1075, 4117, 1084,   87,
+     1073, 4129, 1077, 1074, 1069, 1078,   87, 1082,   87,   87,
+     1070, 1071, 1079, 1072, 1081,   87, 1075, 4129, 1084,   87,
      1065, 1066, 1083, 1067, 1076,   87, 1068, 1086, 1080, 1077,
        87, 1069, 1078, 1089, 1082,   87, 1090, 1070, 1071, 1079,
      1072, 1085, 1087,   87,   87, 1084, 1091, 1088, 1092, 1083,
-     1093,   87, 1099,   87, 1086, 1080, 1094, 1095,   87, 4117,
+     1093,   87, 1099,   87, 1086, 1080, 1094, 1095,   87, 4129,
      1089, 1100,   87, 1090, 1096, 1098, 1101,   87, 1085,   87,
-       87, 1102, 4117, 1091,   87, 1092,   87, 1093,   87, 1099,
+       87, 1102, 4129, 1091,   87, 1092,   87, 1093,   87, 1099,
        87,   87, 1105, 1094, 1095, 1106,   87, 1103, 1100,   87,
 
        87, 1096, 1098, 1101,   87, 1104, 1107, 1108, 1102, 1110,
      1109,   87, 1112,   87,   87, 1113, 1111, 1120,   87, 1105,
        87,   87, 1106,   87, 1103,   87, 1115,   87, 1119, 1121,
-     1125, 4117, 1104, 1107, 1108,   87, 1110, 1109, 1122, 1112,
+     1125, 4129, 1104, 1107, 1108,   87, 1110, 1109, 1122, 1112,
      1117, 1126, 1113, 1111, 1123, 1118, 1128,   87,   87,   87,
        87, 1124,   87, 1115,   87, 1119, 1121, 1127,   87, 1129,
-     1130, 1131,   87,   87, 1132, 1122, 1133, 1137, 1126, 4117,
+     1130, 1131,   87,   87, 1132, 1122, 1133, 1137, 1126, 4129,
        87, 1123,   87, 1128, 1135,   87, 1134, 1136, 1124,   87,
        87, 1140, 1138,   87, 1142, 1145, 1129, 1130,   87,   87,
        87,   87,   87, 1133, 1137,   87, 1139, 1143, 1141,   87,
@@ -2127,57 +2130,57 @@ static const flex_int16_t yy_nxt[11833] =
      1144, 1135,   87, 1134, 1136,   87,   87, 1146, 1140, 1138,
      1148,   87,   87, 1147, 1149,   87, 1152, 1150,   87,   87,
      1151,   87,   87, 1139, 1143, 1141,   87, 1144, 1154, 1156,
-     1153,   87,   87, 1155,   87, 1158, 1157, 1148, 4117,   87,
+     1153,   87,   87, 1155,   87, 1158, 1157, 1148, 4129,   87,
      1147, 1149,   87, 1152, 1150,   87, 1159, 1151, 1161, 1160,
      1162,   87,   87,   87, 1163, 1154, 1156, 1153,   87, 1168,
-     1155,   87, 1158, 1157, 1164, 1171, 1167, 4117, 1169, 1165,
+     1155,   87, 1158, 1157, 1164, 1171, 1167, 4129, 1169, 1165,
        87,   87,   87, 1159, 1166, 1161, 1160, 1162,   87,   87,
        87, 1163, 1170,   87, 1172,   87, 1168,   87, 1173, 1176,
        87, 1164, 1171, 1167, 1174, 1169, 1177,   87, 1178, 1180,
 
-     1179,   87, 1175, 1182,   87,   87, 1181, 4117, 1184, 1170,
+     1179,   87, 1175, 1182,   87,   87, 1181, 4129, 1184, 1170,
        87, 1172, 1183,   87,   87, 1173, 1176, 1185,   87,   87,
      1186, 1174,   87,   87,   87, 1178, 1180, 1179,   87, 1175,
      1182, 1188, 1187, 1181, 1189, 1184,   87, 1190,   87, 1183,
      1191, 1193, 1192,   87, 1185,   87, 1194, 1186, 1198, 1196,
      1197, 1201, 1199, 1212,   87, 1195,   87,   87, 1188, 1187,
        87, 1189,   87,   87, 1190,   87, 1200,   87, 1193, 1192,
-     4117,   87,   87, 1194, 1204, 1198, 1196, 1197,   87, 1199,
-     1203, 1202, 1195, 1205, 1206,   87, 4117,   87,   87,   87,
+     4129,   87,   87, 1194, 1204, 1198, 1196, 1197,   87, 1199,
+     1203, 1202, 1195, 1205, 1206,   87, 4129,   87,   87,   87,
        87, 1207,   87, 1200, 1208, 1210, 1209, 1213,   87,   87,
 
      1214, 1204,   87,   87,   87, 1211, 1215, 1203, 1202, 1217,
-     1205, 1206,   87,   87, 1218, 1216,   87, 1219, 1207, 4117,
+     1205, 1206,   87,   87, 1218, 1216,   87, 1219, 1207, 4129,
      1220, 1208, 1210, 1209, 1225, 1221, 1222, 1214,   87,   87,
        87, 1229, 1211,   87, 1223, 1224, 1217, 1226,   87, 1227,
-     1228,   87, 1216,   87, 1232, 4117,   87, 1220, 1234,   87,
+     1228,   87, 1216,   87, 1232, 4129,   87, 1220, 1234,   87,
      1230, 1225, 1221, 1222, 1231,   87, 1235,   87, 1229,   87,
      1233, 1223, 1224,   87, 1226,   87, 1236,   87,   87, 1237,
      1298,   87,   87, 1238, 1241,   87,   87, 1230, 1243, 1242,
        87, 1231, 1245, 1235, 1244, 1247, 1239, 1233, 1240, 1246,
-       87,   87,   87, 1236,   87, 1249, 1237,   87, 1248, 4117,
+       87,   87,   87, 1236,   87, 1249, 1237,   87, 1248, 4129,
 
-     1238, 1251,   87, 4117,   87, 1243,  175,   87,   87, 1245,
+     1238, 1251,   87, 4129,   87, 1243,  175,   87,   87, 1245,
        87, 1244, 1247, 1239, 1252, 1240, 1246,   87, 1250, 1253,
      1255, 1266, 1249, 1257, 1256, 1248,   87,   87, 1251,   87,
-     1254,   87, 1264, 4117,   87, 1265, 1268, 4117, 4117, 4117,
-     1267, 1252, 1299,   87,   87, 1250, 1253, 1255, 1266, 4117,
+     1254,   87, 1264, 4129,   87, 1265, 1268, 4129, 4129, 4129,
+     1267, 1252, 1299,   87,   87, 1250, 1253, 1255, 1266, 4129,
      1257, 1256,   87, 1269,   87,   87, 1274, 1254, 1258, 1264,
      1259,   87, 1265,   87, 1260,   87, 1261, 1267, 1272, 1270,
-     1271, 1262, 1273, 1275,   87,   87, 1263, 1277, 4117, 1276,
-     1269, 1291,   87, 1274,   87, 1258,   87, 1259, 4117, 1278,
+     1271, 1262, 1273, 1275,   87,   87, 1263, 1277, 4129, 1276,
+     1269, 1291,   87, 1274,   87, 1258,   87, 1259, 4129, 1278,
        87, 1260,   87, 1261, 1279, 1272, 1270, 1271, 1262, 1273,
 
      1275,   87, 1280, 1263, 1277, 1281, 1276, 1282,   87, 1285,
-     1284, 1288, 4117, 1286, 1290, 1293, 4117, 1289,   87, 1283,
+     1284, 1288, 4129, 1286, 1290, 1293, 4129, 1289,   87, 1283,
        87,   87,   87, 1287, 1302, 1292,   87,   87,   87, 1280,
        87,   87, 1281, 1294, 1282,   87, 1285, 1284, 1288,   87,
      1286, 1290, 1293, 1295, 1289, 1296, 1283, 1297, 1300, 1303,
-     1287,   87, 1292, 1304,   87, 1305,   87, 1314, 1313, 4117,
-     1294,   87, 1316, 4117,   87,   87,   87, 1317, 1315,   87,
-     1295, 4117, 1296,   87, 1297,   87, 1303,   87, 1318,   87,
+     1287,   87, 1292, 1304,   87, 1305,   87, 1314, 1313, 4129,
+     1294,   87, 1316, 4129,   87,   87,   87, 1317, 1315,   87,
+     1295, 4129, 1296,   87, 1297,   87, 1303,   87, 1318,   87,
      1304,   87, 1305, 1306, 1314, 1313, 1320, 1319, 1307, 1316,
-     1308, 1322, 1321,   87, 1317, 1315, 1309, 4117, 1326,   87,
+     1308, 1322, 1321,   87, 1317, 1315, 1309, 4129, 1326,   87,
 
        87, 1310, 1311,   87,   87, 1318,   87, 1333, 1312,   87,
      1306, 1325, 1323, 1320, 1319, 1307, 1324, 1308, 1322, 1321,
@@ -2185,39 +2188,39 @@ static const flex_int16_t yy_nxt[11833] =
        87, 1329, 1331, 1332,   87, 1312,   87,   87, 1325, 1323,
        87,   87,   87, 1324, 1335, 1336, 1337,   87, 1328, 1338,
        87,   87, 1327, 1330, 1334, 1340, 1339,   87, 1329, 1331,
-     1332, 1341, 1342, 1344, 1343, 1347, 4117, 1345, 1346,   87,
-       87, 1335,   87, 1337, 1348, 4117, 1338,   87,   87,   87,
+     1332, 1341, 1342, 1344, 1343, 1347, 4129, 1345, 1346,   87,
+       87, 1335,   87, 1337, 1348, 4129, 1338,   87,   87,   87,
        87,   87, 1340, 1339,   87,   87, 1349, 1351, 1350, 1342,
      1344, 1343, 1352,   87, 1345, 1346,   87,   87, 1353,   87,
 
      1354, 1348, 1356, 1355,   87, 1357, 1358, 1359, 1360,   87,
        87,   87, 1361, 1349, 1351, 1350, 1365,   87,   87, 1352,
-     1362, 1368, 4117,   87,   87, 1353,   87, 1354,   87, 1356,
+     1362, 1368, 4129,   87,   87, 1353,   87, 1354,   87, 1356,
      1355,   87, 1357, 1358, 1359, 1360, 1363, 1366, 1364,   87,
      1367, 1371,   87, 1365,   87,   87, 1369, 1362, 1370,   87,
-       87, 4117, 1373,   87,   87, 1374, 1375, 1372, 1376, 1379,
+       87, 4129, 1373,   87,   87, 1374, 1375, 1372, 1376, 1379,
      1378,   87,   87, 1363, 1366, 1364, 1380, 1367, 1371,   87,
-     1377, 4117, 1381, 1369,   87, 1370, 4117,   87,   87, 1373,
+     1377, 4129, 1381, 1369,   87, 1370, 4129,   87,   87, 1373,
        87, 1382, 1374, 1375, 1372, 1376,   87, 1378,   87, 1383,
        87,   87, 1393,   87, 1384, 1385, 1390, 1377,   87, 1381,
 
-     1386, 1389, 1391,   87, 1387,   87, 4117, 1388, 1382, 1403,
-     1392, 1394, 4117,   87,   87,   87, 1383,   87,   87, 1393,
+     1386, 1389, 1391,   87, 1387,   87, 4129, 1388, 1382, 1403,
+     1392, 1394, 4129,   87,   87,   87, 1383,   87,   87, 1393,
        87, 1384, 1397, 1390, 1398, 1395, 1396,   87, 1389, 1391,
        87, 1387, 1399,   87, 1388, 1402, 1400, 1392, 1394,   87,
      1401,   87, 1405,   87,   87,   87, 1406,   87, 1404, 1397,
      1407, 1398, 1395, 1396,   87,   87, 1408, 1410,   87, 1399,
-     1409, 4117, 1402, 1400, 1411, 1414, 1412, 1401, 1413,   87,
+     1409, 4129, 1402, 1400, 1411, 1414, 1412, 1401, 1413,   87,
        87, 1415,   87, 1406,   87, 1404,   87, 1407, 1416, 1417,
      1424,   87, 1418, 1408, 1410, 1420,   87, 1409,   87,   87,
        87, 1411, 1414, 1412, 1419, 1413,   87,   87, 1415, 1421,
 
        87,   87, 1422, 1423, 1425, 1416, 1417,   87,   87, 1418,
-     1426, 4117, 1420, 1428, 1427,   87, 1429, 1434, 1432,   87,
-       87, 1419,   87, 1431, 1430,   87, 1421, 1435, 4117, 1422,
+     1426, 4129, 1420, 1428, 1427,   87, 1429, 1434, 1432,   87,
+       87, 1419,   87, 1431, 1430,   87, 1421, 1435, 4129, 1422,
        87, 1425,   87, 1433, 1436,   87, 1437, 1426,   87,   87,
      1428, 1427,   87, 1429, 1439, 1432, 1438,   87, 1440,   87,
-     1431, 1430, 1441, 1443, 1444, 1442, 1445, 4117,   87,   87,
+     1431, 1430, 1441, 1443, 1444, 1442, 1445, 4129,   87,   87,
      1433,   87,   87, 1437, 1446, 1447,   87, 1448,   87, 1449,
        87, 1450, 1460, 1438, 1451, 1440,   87,   87, 1453, 1454,
      1443, 1444, 1442,   87,   87,   87,   87,   87,   87, 1452,
@@ -2227,63 +2230,63 @@ static const flex_int16_t yy_nxt[11833] =
      1459,   87,   87, 1463, 1464,   87, 1452, 1456,   87, 1466,
      1465,   87, 1455, 1467, 1468, 1470, 1457, 1458,   87, 1473,
      1471,   87,   87,   87,   87,   87, 1462, 1459,   87,   87,
-     1463,   87, 1475, 1476, 1477, 1472, 1466, 1465,   87, 4117,
+     1463,   87, 1475, 1476, 1477, 1472, 1466, 1465,   87, 4129,
      1467, 1468, 1470,   87, 1474, 1478, 1473, 1471, 1479, 1480,
        87, 1481,   87,   87, 1482, 1484,  175, 1486, 1483, 1475,
        87, 1477, 1472, 1487,   87, 1485,   87,   87, 1489,   87,
        87, 1474, 1478,   87, 1491, 1479, 1480,   87, 1481, 1488,
      1490, 1482, 1484,   87, 1486, 1483,   87, 1492, 1494, 1496,
 
-       87, 1493, 1485,   87, 1495, 1497, 1498, 4117, 1499,   87,
-       87, 1491,   87, 1502, 1503, 1500, 1488, 4117,   87,   87,
+       87, 1493, 1485,   87, 1495, 1497, 1498, 4129, 1499,   87,
+       87, 1491,   87, 1502, 1503, 1500, 1488, 4129,   87,   87,
        87,   87,   87, 1511, 1492, 1494, 1496,   87, 1493,   87,
        87, 1495, 1497, 1498,   87, 1499, 1501,   87, 1504, 1505,
      1502, 1503, 1500, 1506,   87, 1507, 1508,   87, 1510, 1509,
-       87, 1522, 1512, 1513, 1514,   87, 4117,   87,   87, 4117,
+       87, 1522, 1512, 1513, 1514,   87, 4129,   87,   87, 4129,
      1519,   87, 1521, 1501,   87, 1504, 1505,   87, 1520,   87,
        87, 1524, 1507, 1508,   87, 1510, 1509, 1515,   87, 1512,
      1513, 1514, 1523,   87,   87,   87, 1516, 1519, 1517, 1521,
-     1525, 1518, 1526, 1527,   87, 1520, 1528, 4117, 1524,   87,
+     1525, 1518, 1526, 1527,   87, 1520, 1528, 4129, 1524,   87,
 
      1530,   87,   87,   87, 1515,   87, 1529, 1533, 1534, 1523,
-     1532, 1538, 4117, 1516, 4117, 1517,   87, 1525, 1518, 1526,
+     1532, 1538, 4129, 1516, 4129, 1517,   87, 1525, 1518, 1526,
      1527, 1531,   87, 1528,   87,   87, 1536, 1530, 1535,   87,
-       87, 4117, 1537, 1529, 1539, 1534, 1540, 1532,   87,   87,
-       87,   87,   87, 1541, 1542, 1543, 1544, 4117, 1531, 4117,
-       87, 4117, 1547, 1536, 1560, 1535,   87, 1545,   87, 1537,
+       87, 4129, 1537, 1529, 1539, 1534, 1540, 1532,   87,   87,
+       87,   87,   87, 1541, 1542, 1543, 1544, 4129, 1531, 4129,
+       87, 4129, 1547, 1536, 1560, 1535,   87, 1545,   87, 1537,
        87, 1539, 1546, 1540,   87, 1550,   87, 1548,   87,   87,
      1541, 1542, 1543, 1544,   87, 1551, 1549,   87, 1552, 1547,
-     1553, 1554, 4117, 1556, 1545, 1557,   87,   87,   87, 1546,
-     1555,   87, 1550,   87, 1548,   87, 4117,   87, 1558,   87,
+     1553, 1554, 4129, 1556, 1545, 1557,   87,   87,   87, 1546,
+     1555,   87, 1550,   87, 1548,   87, 4129,   87, 1558,   87,
 
-     4117, 1563, 1551, 1549,   87, 1552, 1561, 1553, 1554, 1559,
+     4129, 1563, 1551, 1549,   87, 1552, 1561, 1553, 1554, 1559,
      1556, 1562, 1557,   87,   87, 1564, 1565, 1555,   87,   87,
      1566, 1567, 1569, 1570,   87, 1558, 1572,   87, 1563,   87,
-     1568, 4117,   87, 1561,   87,   87, 1559, 1571, 1562, 1573,
+     1568, 4129,   87, 1561,   87,   87, 1559, 1571, 1562, 1573,
      1574, 1575, 1564, 1565,   87, 1576, 1583, 1566, 1567, 1569,
      1577,   87,   87,   87, 1578,   87, 1579, 1568,   87,   87,
        87,   87, 1596, 1593, 1571, 1580, 1573, 1574, 1575, 1585,
-     1581,   87, 1576, 1583, 1582, 1584,   87, 1577, 1594, 4117,
-     4117, 1578,   87, 1579, 1601, 1599, 1595, 1598,   87,   87,
-     1593, 1597,   87, 1605,   87,   87, 1585,   87, 4117,   87,
+     1581,   87, 1576, 1583, 1582, 1584,   87, 1577, 1594, 4129,
+     4129, 1578,   87, 1579, 1601, 1599, 1595, 1598,   87,   87,
+     1593, 1597,   87, 1605,   87,   87, 1585,   87, 4129,   87,
 
      1602, 1582, 1584, 1586,   87, 1594, 1600, 1587,   87,   87,
      1588, 1589, 1599, 1595, 1598, 1590,   87,   87, 1597, 1603,
      1605, 1591,   87, 1604,   87, 1592, 1611, 1602, 1606,   87,
-     1586, 4117, 1610, 1600, 1587,   87, 1607, 1588, 1589,   87,
-     4117,   87, 1590, 1608, 1613, 1609, 1603, 1612, 1591,   87,
+     1586, 4129, 1610, 1600, 1587,   87, 1607, 1588, 1589,   87,
+     4129,   87, 1590, 1608, 1613, 1609, 1603, 1612, 1591,   87,
      1604, 1614, 1592, 1611,   87, 1606, 1621, 1615, 1617, 1610,
-     1616, 4117,   87, 1607, 1618,   87, 1619,   87, 1620, 1622,
-     1608, 1623, 1609, 4117, 1612, 1624,   87,   87,   87,   87,
+     1616, 4129,   87, 1607, 1618,   87, 1619,   87, 1620, 1622,
+     1608, 1623, 1609, 4129, 1612, 1624,   87,   87,   87,   87,
      1626,   87, 1625,   87, 1615, 1617,   87, 1616,   87, 1632,
-       87, 1618, 4117, 1619,   87, 1620, 1622,   87, 1634, 1633,
+       87, 1618, 4129, 1619,   87, 1620, 1622,   87, 1634, 1633,
 
      1635, 1636, 1624,   87, 1637,   87, 1639, 1626, 1643, 1625,
-     1627,   87,   87, 1638, 4117, 1628, 1632, 1629,   87, 1630,
+     1627,   87,   87, 1638, 4129, 1628, 1632, 1629,   87, 1630,
        87, 1631, 1644, 1640,   87, 1634, 1633, 1642,   87,   87,
        87, 1637, 1641, 1639, 1645,   87,   87, 1627, 1647, 1646,
      1638,   87, 1628, 1648, 1629,   87, 1630, 1651, 1631,   87,
-     1640, 1649,   87, 1650, 1642, 1652,   87, 1653, 4117, 1641,
+     1640, 1649,   87, 1650, 1642, 1652,   87, 1653, 4129, 1641,
        87, 1659,   87, 1654, 1656, 1647,   87, 1655, 1661,   87,
      1648,   87,   87, 1657, 1651, 1658,   87, 1660, 1649,   87,
      1650,   87, 1652,   87, 1653,   87, 1662, 1667,   87, 1664,
@@ -2292,18 +2295,18 @@ static const flex_int16_t yy_nxt[11833] =
      1657,   87, 1658,   87, 1660,   87, 1669,   87,   87,   87,
        87,   87, 1671, 1662, 1667, 1672, 1664,   87, 1673, 1668,
        87, 1674, 1675, 1663, 1665, 1670, 1666,   87, 1676, 1677,
-     1678, 1680, 1679, 1669, 1681, 1682, 4117, 1683,   87,   87,
+     1678, 1680, 1679, 1669, 1681, 1682, 4129, 1683,   87,   87,
      1685,   87, 1672,   87, 1684,   87,   87,   87, 1674, 1675,
        87,   87,   87, 1688, 1686, 1676, 1677, 1678,   87, 1679,
        87, 1681,   87,   87, 1683, 1689,   87, 1685, 1687, 1690,
-     1691, 1684,   87, 1693,   87, 1692, 1694, 1697, 4117,   87,
-       87, 1686,   87, 1695, 1696, 4117,   87, 1699, 1698, 1704,
-     4117, 1701, 1689, 1700,   87, 1687, 1690, 1691,   87,   87,
+     1691, 1684,   87, 1693,   87, 1692, 1694, 1697, 4129,   87,
+       87, 1686,   87, 1695, 1696, 4129,   87, 1699, 1698, 1704,
+     4129, 1701, 1689, 1700,   87, 1687, 1690, 1691,   87,   87,
 
      1703,   87, 1692, 1694, 1697,   87, 1702,   87,   87,   87,
      1695, 1696,   87,   87, 1699, 1698, 1704, 1705, 1701,   87,
-     1700, 1706,   87, 1708, 1707, 1709, 1710, 1703, 1714, 4117,
-     1715, 4117, 4117, 1702, 1711,   87, 1712, 1716, 4117,   87,
+     1700, 1706,   87, 1708, 1707, 1709, 1710, 1703, 1714, 4129,
+     1715, 4129, 4129, 1702, 1711,   87, 1712, 1716, 4129,   87,
      1713, 1718, 1722, 1717, 1705,   87,   87,   87, 1706,   87,
      1708, 1707, 1709, 1710,   87,   87,   87, 1719, 1720,   87,
        87, 1711,   87, 1712, 1716,   87,   87, 1713, 1725,   87,
@@ -2311,57 +2314,57 @@ static const flex_int16_t yy_nxt[11833] =
      1728,   87, 1729, 1732, 1719, 1720,   87,   87, 1735,   87,
        87, 1733,  175,   87, 1741, 1725, 1730, 1734, 1721, 1723,
 
-       87, 1724, 4117, 1727, 1726, 1740, 4117, 1728, 1736, 1729,
-       87, 4117,   87,   87, 1737,   87, 1738, 4117, 1733, 1743,
+       87, 1724, 4129, 1727, 1726, 1740, 4129, 1728, 1736, 1729,
+       87, 4129,   87,   87, 1737,   87, 1738, 4129, 1733, 1743,
        87,   87, 1739, 1730, 1734, 1744,   87,   87, 1746,   87,
      1742, 1745, 1740, 1749,   87, 1736, 1752,   87,   87, 1750,
        87, 1737,   87, 1738, 1747, 1748, 1743,   87, 1754, 1739,
      1751,   87, 1744, 1757,   87, 1746, 1756, 1742, 1745,   87,
-     1749,   87, 4117,   87, 1753, 1755, 1750,   87,   87,   87,
+     1749,   87, 4129,   87, 1753, 1755, 1750,   87,   87,   87,
        87, 1747, 1748,   87, 1758, 1754, 1760, 1751, 1761, 1759,
-     1757, 1762, 1763, 1756, 1764,   87, 1765,   87, 4117, 1771,
+     1757, 1762, 1763, 1756, 1764,   87, 1765,   87, 4129, 1771,
      1766, 1753, 1755, 1767, 1770, 1773, 1796,   87,   87,   87,
 
-     4117,   87,   87, 1760, 1768, 1761,   87, 1769, 1762, 1763,
+     4129,   87,   87, 1760, 1768, 1761,   87, 1769, 1762, 1763,
      1772, 1764,   87, 1765,   87, 1775, 1771, 1766, 1774, 1776,
      1767, 1770, 1782,   87, 1779, 1777,   87,   87,   87,   87,
      1778, 1768,   87, 1783, 1769,   87, 1784, 1772,   87, 1780,
-       87, 1781, 1775, 1785,   87, 1774, 1776, 1786, 4117, 1782,
+       87, 1781, 1775, 1785,   87, 1774, 1776, 1786, 4129, 1782,
        87, 1779,   87, 1787,   87,   87, 1790,   87,   87, 1789,
      1783, 1792, 1788, 1784, 1791,   87, 1780, 1793, 1781,   87,
-     1785, 1795,   87,   87, 1786,   87, 1794, 1797, 4117,   87,
-     1787, 4117, 1798, 1790, 1801,   87, 1789,   87, 1792, 1788,
+     1785, 1795,   87,   87, 1786,   87, 1794, 1797, 4129,   87,
+     1787, 4129, 1798, 1790, 1801,   87, 1789,   87, 1792, 1788,
        87, 1791,   87,   87, 1793, 1800,   87, 1799, 1795, 1803,
 
-     1802, 1804, 4117, 1794, 1797,   87, 1807,   87,   87, 1798,
-     1805, 1801,   87, 1806, 1809,   87, 1808, 4117, 1812, 1810,
+     1802, 1804, 4129, 1794, 1797,   87, 1807,   87,   87, 1798,
+     1805, 1801,   87, 1806, 1809,   87, 1808, 4129, 1812, 1810,
      1811, 1817, 1800,   87, 1799,   87, 1803, 1802, 1804,   87,
        87, 1814, 1818, 1807, 1816,   87,   87, 1805,   87, 1813,
      1806, 1809, 1820, 1808,   87, 1812, 1810, 1811, 1815,   87,
      1819,   87, 1821,   87, 1823,   87, 1824, 1822, 1814, 1826,
        87, 1816,   87,   87,   87,   87, 1813, 1825,   87, 1820,
-     1827, 1828, 1829, 4117, 1830, 1815, 4117, 1819,   87,   87,
-     1833, 1823, 1834, 1824, 1822, 4117, 1835, 1836, 1840,   87,
-     1841,   87, 4117, 1831, 1825, 1832,   87, 1837,   87, 1829,
+     1827, 1828, 1829, 4129, 1830, 1815, 4129, 1819,   87,   87,
+     1833, 1823, 1834, 1824, 1822, 4129, 1835, 1836, 1840,   87,
+     1841,   87, 4129, 1831, 1825, 1832,   87, 1837,   87, 1829,
 
        87, 1830,   87,   87,   87,   87, 1838,   87,   87, 1834,
      1843, 1839,   87, 1835, 1836, 1840,   87, 1841, 1842,   87,
-     1831, 1844, 1832,   87, 1837,   87, 4117, 1845, 1846,   87,
+     1831, 1844, 1832,   87, 1837,   87, 4129, 1845, 1846,   87,
      1848, 1847, 1857, 1838, 1852, 1849, 1853, 1843, 1839,   87,
      1854,   87, 1850,   87, 1855, 1842, 1858, 1851, 1856,   87,
        87, 1862,   87,   87, 1845, 1846,   87,   87, 1847, 1857,
        87, 1852,   87, 1853, 1859, 1863,   87, 1854,   87, 1860,
      1865, 1855,   87, 1858,   87, 1856, 1861,   87, 1862, 1864,
      1866, 1867, 1868,   87, 1869,   87, 1870, 1871,   87,   87,
-     1873, 1859, 1872, 4117,   87,   87, 1860,   87, 1875, 1881,
+     1873, 1859, 1872, 4129,   87,   87, 1860,   87, 1875, 1881,
 
-     4117,   87,   87, 1861, 1874,   87, 1864, 1866, 1867, 1868,
+     4129,   87,   87, 1861, 1874,   87, 1864, 1866, 1867, 1868,
      1883, 1869,   87,   87, 1871, 1876,   87, 1880,   87, 1872,
      1877, 1878,   87,   87, 1879, 1875, 1881, 1882,   87,   87,
        87, 1874,   87, 1884, 1887, 1885,   87, 1883, 1886,   87,
-     1888, 1889, 1876,   87, 1880, 4117,   87, 1877, 1878,   87,
-     1890, 1879, 1891, 1894, 1882, 1892, 4117,   87, 1893, 1895,
-     1884, 1887, 1885, 1899, 4117, 1886, 1900,   87,   87,   87,
+     1888, 1889, 1876,   87, 1880, 4129,   87, 1877, 1878,   87,
+     1890, 1879, 1891, 1894, 1882, 1892, 4129,   87, 1893, 1895,
+     1884, 1887, 1885, 1899, 4129, 1886, 1900,   87,   87,   87,
        87,   87,   87,   87, 1896,   87, 1902, 1890, 1897, 1891,
      1894, 1908, 1892, 1901, 1903, 1893, 1895, 1904,   87,   87,
      1899, 1898,   87, 1900, 1905, 1909, 1907, 1906, 1910,   87,
@@ -2372,48 +2375,48 @@ static const flex_int16_t yy_nxt[11833] =
        87, 1919, 1918, 1922, 1924,   87,   87, 1927,   87, 1912,
      1911,   87,   87, 1914, 1923, 1925, 1915,   87, 1926,   87,
        87,   87,   87,   87, 1916, 1917, 1920, 1928, 1919, 1918,
-       87, 1929, 4117,   87, 1927, 1930,   87, 1931,   87, 1932,
+       87, 1929, 4129,   87, 1927, 1930,   87, 1931,   87, 1932,
        87, 1923, 1925, 1933, 1934, 1926, 1935, 1937, 1936, 1938,
-     1939, 4117, 1941,   87,   87,   87,   87,   87, 1929,   87,
+     1939, 4129, 1941,   87,   87,   87,   87,   87, 1929,   87,
      1940,   87,   87, 1947, 1931, 1948,   87,   87,   87, 1942,
 
      1933, 1934,   87, 1935, 1937, 1936, 1938, 1939,   87, 1941,
      1943,   87, 1944, 1945, 1946, 1949,   87, 1940, 1951, 1950,
        87,   87, 1948, 1954, 1959,   87, 1942,   87,   87, 1952,
-       87,   87, 1957,   87, 1955,   87, 1953, 1943, 4117, 1944,
+       87,   87, 1957,   87, 1955,   87, 1953, 1943, 4129, 1944,
      1945, 1946, 1949,   87, 1956, 1951, 1950,   87, 1958,   87,
      1954,   87, 1965,   87,   87, 1960, 1952, 1961, 1964, 1957,
        87, 1955, 1962, 1953,   87, 1963,   87, 1966,   87, 1967,
        87, 1956, 1969, 1968, 1972, 1958, 1970,   87,   87, 1965,
-     1974, 1971, 1960, 1973, 1961, 1964, 4117, 4117,   87, 1962,
-       87, 4117, 1963, 1975, 1966,   87, 1967,   87,   87,   87,
+     1974, 1971, 1960, 1973, 1961, 1964, 4129, 4129,   87, 1962,
+       87, 4129, 1963, 1975, 1966,   87, 1967,   87,   87,   87,
 
      1968, 1972,   87, 1976,  175, 1977, 1980, 1974,   87, 1981,
      1973,   87,   87, 1978, 1979, 1984, 1982, 1985,   87,   87,
-     1975,   87, 1983, 1986,   87, 1990, 4117, 1988, 1987, 1991,
+     1975,   87, 1983, 1986,   87, 1990, 4129, 1988, 1987, 1991,
      1976, 1989, 1977, 1980,   87,   87, 1981,   87, 1992,   87,
      1978, 1979, 1984, 1982, 1985,   87, 1993,   87,   87, 1983,
      1986,   87,   87,   87, 1988, 1987, 1991, 1994, 1989, 1995,
-       87, 1996, 1997, 1998, 2000, 1992, 4117, 2001, 4117,   87,
-     1999, 2002, 2003, 1993, 2004, 4117, 2009,   87, 2006,   87,
+       87, 1996, 1997, 1998, 2000, 1992, 4129, 2001, 4129,   87,
+     1999, 2002, 2003, 1993, 2004, 4129, 2009,   87, 2006,   87,
        87,   87,   87, 2005, 1994, 2007, 1995, 2008, 2023, 1997,
        87, 2000,   87,   87,   87,   87,   87, 1999, 2002, 2003,
 
        87, 2004,   87, 2009,   87, 2006, 2010,   87, 2011, 2012,
      2005, 2013, 2007, 2014, 2008, 2015, 2016, 2018,   87, 2017,
-       87,   87, 4117,   87,   87,   87, 2031, 4117, 2024, 2028,
+       87,   87, 4129,   87,   87,   87, 2031, 4129, 2024, 2028,
      2033, 2027,   87, 2010,   87, 2011, 2012,   87, 2013, 2022,
      2014,   87, 2015, 2016, 2018, 2019, 2017, 2025, 2020,   87,
        87,   87, 2030,   87,   87, 2024, 2028, 2029, 2027,   87,
      2021, 2032,   87, 2026,   87, 2034, 2022, 2035, 2040,   87,
-     2038,   87, 2019, 2036, 2025, 2020,   87, 2037, 4117, 2030,
-     4117, 2045,   87, 2039, 2029, 2042, 4117, 2021, 2032,   87,
+     2038,   87, 2019, 2036, 2025, 2020,   87, 2037, 4129, 2030,
+     4129, 2045,   87, 2039, 2029, 2042, 4129, 2021, 2032,   87,
      2026, 2043, 2041,   87, 2035, 2040, 2044,   87,   87,   87,
 
      2036,   87,   87,   87, 2037,   87, 2046, 2047, 2048, 2049,
-     2039, 4117, 2042,   87, 4117, 2051, 2052, 2050, 2043, 2041,
-       87,   87, 2054, 2044, 2053, 2055, 2058, 2057, 2056, 4117,
-       87,   87,   87, 4117,   87, 2048,   87,   87,   87,   87,
+     2039, 4129, 2042,   87, 4129, 2051, 2052, 2050, 2043, 2041,
+       87,   87, 2054, 2044, 2053, 2055, 2058, 2057, 2056, 4129,
+       87,   87,   87, 4129,   87, 2048,   87,   87,   87,   87,
        87,   87, 2051,   87, 2050, 2060,   87, 2061, 2062, 2054,
      2059, 2053, 2055, 2058, 2057, 2056, 2063,   87,   87, 2065,
        87,   87, 2064, 2066,   87,   87, 2069, 2068, 2067, 2070,
@@ -2422,672 +2425,672 @@ static const flex_int16_t yy_nxt[11833] =
      2066,   87, 2074, 2069, 2068, 2067, 2070, 2075, 2071, 2077,
 
      2073, 2079,   87,   87,   87, 2076,   87, 2080, 2082, 2083,
-     4117, 2085, 2089, 2088, 2084,   87,   87, 2078, 2086, 2074,
-     2087,   87, 4117,   87, 2075,   87, 2077,   87, 2079,   87,
+     4129, 2085, 2089, 2088, 2084,   87,   87, 2078, 2086, 2074,
+     2087,   87, 4129,   87, 2075,   87, 2077,   87, 2079,   87,
        87,   87, 2090,   87, 2080, 2082, 2083,   87, 2085, 2089,
-     2088, 2084, 2091, 2093, 2078, 2086, 2095, 2087, 2094, 2096,
-       87, 2097, 2100, 2092, 2101,   87,   87, 2103, 2102, 2090,
-     2098,   87,   87, 2104,   87, 2099,   87, 2107,   87, 2091,
-     2093, 2105,   87, 2095, 2106, 2094, 2096, 2108, 2097, 2100,
-     2092, 2101,   87,   87,   87, 2102,   87, 2098, 2109,   87,
-       87,   87, 2099, 2110, 2107, 2111, 2112, 2114, 2105, 2113,
-
-     2116, 2106, 4117,   87, 2108, 2115,   87,   87, 2117,   87,
-     2120, 2127, 2126, 2118, 2119,   87, 2125, 4117,   87,   87,
-     2110,   87, 2111, 2112, 2114,   87, 2113, 2116,   87,   87,
-       87, 2121, 2115, 2122,   87, 2117, 2123, 2120,   87,   87,
-     2118, 2119, 2124, 2125,   87,   87, 2128, 2129, 2130, 2136,
-     2131,   87, 2132, 2133,   87, 2137, 2134, 4117, 2121,   87,
-     2122, 2135,   87, 2123,   87,   87,   87, 2140, 2141, 2124,
-       87,   87, 2143, 2128, 2129, 2130, 2136, 2131, 2139, 2132,
-     2133, 2138, 2137,   87, 2146, 2142, 2148,   87,   87, 2149,
-       87, 2153,   87,   87, 2140, 2141,   87, 2144, 2147, 2143,
-
-     4117, 2145, 2150, 2151,   87, 2139, 4117, 4117, 2138, 2152,
-       87, 2146, 2142, 2148, 2154,   87, 2149,   87, 2153, 2165,
-     4117, 2167, 2168,   87, 2144, 2147, 2155,   87, 2145, 2150,
-     2151,   87, 2158, 2156, 2157,   87, 2152, 2159,   87,   87,
-     2161, 2154, 2160,   87, 2162, 2164, 2163, 2166,   87,   87,
-     2170,   87,   87, 2155,   87,   87,   87, 2169,   87, 2171,
-     2156, 2157, 2172,   87,   87, 2176, 2180, 2161,   87, 2160,
-     4117, 2162, 2164, 2163, 2166, 2173, 2177, 2170, 2174,   87,
-     2175, 2181,   87,   87, 2169,   87, 2178, 2182, 2183, 2172,
-       87,   87, 2179,   87, 2186,   87,   87,   87,   87, 2185,
-
-       87, 2184, 2173, 2177, 2187, 2174, 2188, 2175, 2181,   87,
-       87, 2189, 2191, 2178, 2182, 2183,   87, 2192,   87, 2179,
-       87, 2186,   87, 2190, 2193,   87, 2185, 2195, 2184,   87,
-       87, 2187, 2196, 2188, 2197, 2198, 2199,   87, 2189, 2191,
-     2200, 2203, 2204, 2201, 2192, 2194, 2202,   87, 2205,   87,
-     2190,   87,   87, 4117,   87, 2206,   87, 2208,   87,   87,
-       87, 2197, 2198,   87,   87, 2207,   87, 2200,   87, 2204,
-     2201, 2209, 2194, 2202, 2210, 2212,   87, 2211, 2213, 4117,
-       87,   87, 2206, 2218, 2208,   87, 2214, 2215, 2216, 2217,
-     4117, 4117, 2207,   87, 2219, 2220, 2222,   87,   87, 2221,
-
-       87, 2210, 2212, 2223, 2211, 2213,   87,   87,   87,   87,
-     2218,   87, 2224, 2214, 2215, 2216, 2217,   87,  175, 2225,
-       87, 2219, 2220, 2222,   87, 2226, 2221, 2227, 2228, 2229,
-     2223, 2230, 2231,   87, 2233, 2235,   87, 2232, 4117, 2224,
-     2234, 2237,   87, 2238, 2240,   87,   87, 2236,   87,   87,
-       87,   87, 2226,   87, 2227, 2228,   87,   87, 2230, 2231,
-       87, 2233, 2235,   87, 2232, 2239, 2241, 2234, 2237, 2242,
-     2238, 2244,   87, 2243, 2236, 2245,   87, 2246,   87, 2247,
-     2249,   87, 2253, 2248,   87, 4117, 2252, 4117, 2254, 2250,
-     2251, 4117, 2239, 2241,   87, 2256, 2242,   87,   87,   87,
-
-     2243,   87, 2245, 2255, 2246,   87,   87, 2257,   87, 4117,
-     2248, 2264,   87, 2252,   87,   87, 2250, 2251,   87, 2258,
-       87, 2262, 2256, 2259, 2260, 2263,   87, 2261,   87,   87,
-     2255,   87, 2266,   87, 2257, 2267,   87, 4117, 2264, 2268,
-     2265, 2276, 2271,   87,   87, 2269, 2258,   87, 2262,   87,
-     2259, 2260, 2263, 2272, 2261,   87, 2274,   87, 2270, 2266,
-     2273,   87, 2267,   87, 2275, 2277, 2268, 2265,   87, 2271,
-     4117, 2278, 2269, 2279, 2280,   87,   87,   87,   87, 2282,
-     2272, 2281,   87, 2274,   87, 2270, 2283, 2273, 2287,   87,
-       87, 2275, 2284,   87, 2285, 2288, 2286,   87, 2278, 2289,
-
-     2279, 2280, 2290, 2291, 2298, 2292, 2282,   87, 2281,   87,
-     2293, 2296, 2294, 2283,   87, 2287,   87,   87,   87, 2284,
-     2297, 2285,   87, 2286, 2299, 2300,   87, 2295, 2302, 2290,
-       87,   87, 2292,   87, 2304, 2301,   87, 2293,   87, 2294,
-     2308, 2303, 2305,   87,   87,   87, 2307, 2297,   87, 2309,
-     2310, 2299,   87, 2306, 2295,   87,   87,   87, 2311, 2312,
-       87, 2304, 2301, 2316,   87, 2314, 2315,   87, 2303, 2305,
-       87,   87,   87, 2307, 2317, 2313, 2309, 2310, 2318, 4117,
-     2306,   87, 2326, 4117, 2323,   87, 2312,   87,   87,   87,
-     2316,   87, 2314, 2315, 2324, 2330,   87, 2319, 2320, 2321,
-
-     2325, 2317, 2313,   87, 2322, 4117, 2327,   87, 2328, 2329,
-       87, 2323,   87,   87,   87,   87, 2334,   87, 2331, 2333,
-     2335, 2324, 2330, 2332, 2319, 2320, 2321, 2325,   87,   87,
-     2337, 2322,   87, 2327, 2338, 2328, 2329, 2336, 2339, 4117,
-     2344, 2340,   87, 2334, 2342,   87, 2333, 2335,   87, 2341,
-       87, 2346,   87,   87, 2343, 2350,   87, 2337, 2345,   87,
-       87, 2349,   87, 2347, 2336, 2339,   87,   87, 2340, 2348,
-       87, 2342, 2351, 2352,   87, 2353, 2341,   87, 2346, 2355,
-       87, 2343,   87, 2356, 2354, 2345,   87,   87, 2349, 2357,
-     2347, 2359, 2358, 2364, 2362, 2360, 2348,   87,   87,   87,
-
-     2352,   87,   87, 2365, 2361,   87, 2355,   87, 2367,   87,
-       87, 2354,   87, 2363, 2368, 2366, 2357, 2369,   87, 2358,
-       87, 2362, 2360,   87, 2370, 2371,   87,   87,   87, 2374,
-     2365, 2361,   87, 2372,   87, 2367, 2373, 2375, 2376, 2377,
-     2363, 2368, 2366, 2379, 2369, 2378,   87,   87, 2382, 2380,
-       87, 2370,   87, 4117, 2381, 2383, 2384, 2386, 4117,   87,
-     2372,   87,   87, 2373, 2375,   87, 2377, 2385, 4117,   87,
-       87, 4117, 2378, 2389,   87,   87, 2380, 2390,   87, 2387,
-       87, 2381,   87, 2384, 2386,   87,   87, 2388, 2391, 2392,
-     2393,   87,   87, 2394, 2385,   87, 2396,   87,   87, 2395,
-
-     2389, 2397, 2399,   87, 2390, 2400, 2387, 2408, 4117, 2398,
-     4117, 2401,   87, 2402, 2388, 2391, 2392, 2393,   87,   87,
-     2394, 4117,   87, 2396,   87,   87, 2395, 2403,   87, 2399,
-     2406, 2407, 2405,   87,   87,   87, 2398,   87, 2401,   87,
-     2402, 2409, 2413, 2404,   87, 2414, 2415, 2410, 2411, 2417,
-       87, 2422, 4117,   87, 2403,   87, 2412, 2406, 2407, 2405,
-       87, 2416, 2418, 2419,   87,   87, 2430,   87, 2409, 2413,
-     2404,   87, 2414, 2415, 2410, 2411,   87, 2420,   87,   87,
-       87, 2423, 2421, 2412, 2424, 2426,   87,   87, 2416, 2418,
-     2419, 2425, 2435,   87, 2427, 2428, 2429,   87,   87,   87,
-
-     2436,   87,   87,   87, 2420, 2431, 2433,   87, 2423, 2421,
-     2434, 2424, 2426, 2432,   87, 2437, 2438, 2442, 2425,   87,
-     2443, 2427, 2428, 2429,   87,   87,   87, 2436,   87, 2441,
-     2439, 2444, 2431, 2433,   87, 2440,   87, 2434,   87,   87,
-     2432, 2447, 2437, 2438, 2442, 2445,   87,   87, 2448, 2450,
-     2446, 2449,   87, 2452, 2451, 2453, 2441, 2439,   87, 2455,
-     2454, 2458, 2440, 2456, 2457, 2460,   87, 2459, 2463,   87,
-       87,   87,   87,   87,   87, 4117, 2450,   87, 2449, 2462,
-       87, 2451, 2453,   87, 2461,   87, 2455, 2454, 2466,   87,
-     2456, 2457, 2464,   87, 2459,   87,   87,   87, 2465, 2467,
-
-       87,   87, 2468, 4117, 2469,   87, 2462, 2471, 2470, 2472,
-      175, 2461,   87, 2473,   87, 2466, 2474,   87, 2475, 2464,
-     2476, 2477, 2480, 4117, 2482, 2465, 2467, 4117, 2485, 2468,
-       87, 2469, 4117,   87,   87, 2470, 2472, 2478, 2481,   87,
-     2473, 2479, 2483,   87,   87, 2475,   87,   87,   87,   87,
-       87, 2482, 2484,   87,   87, 2485, 2486, 2488, 2491,   87,
-     2489, 2487, 2492,   87, 2478, 2481, 2490, 2494, 2479, 2483,
-       87, 2493,   87,   87,   87, 2495, 2497, 2496, 2498, 2484,
-     2502,   87,   87,   87, 2488, 2491, 2499, 2489,   87, 2492,
-       87, 2501, 2500, 2490, 2494, 2507,   87,   87, 2493,   87,
-
-     2510, 2505, 2495,   87, 2496, 2498, 2504,   87,   87, 2503,
-       87, 2508, 2506, 2499,   87,   87,   87, 2511, 2501, 2500,
-       87, 2509, 2512, 2520,   87, 4117,   87,   87, 2505, 2514,
-       87, 2521,   87, 2504,   87, 2518, 2503, 2513, 2508, 2506,
-       87, 2515,   87,   87, 2511, 2517,   87, 2519, 2509, 2512,
-     2520, 2522, 2516,   87,   87, 2523, 2514,   87, 2521, 2525,
-     2524, 2526, 2518, 2527, 2513,   87,   87,   87, 2515,   87,
-       87, 2528, 2517, 2529, 2519,   87, 2534, 2532, 2522, 2516,
-     2530,   87, 2523, 2531,   87, 2536, 2525, 2524, 2526,   87,
-       87,   87, 2533, 2535,   87,   87, 2537, 2539, 2528, 2541,
-
-     2529, 2538, 2543,   87, 2532,   87, 2540, 2530,   87, 2544,
-     2531,   87, 2536, 2542,   87,   87, 2546, 2547,   87, 2533,
-     2535,   87, 4117, 2537, 2539, 2548,   87, 2545, 2538,   87,
-     2549,   87,   87, 2540, 2550,   87, 2544,   87,   87,   87,
-     2542, 2551, 2565, 2546, 2552, 2555,   87, 2553,   87,   87,
-       87,   87, 2548, 2558, 2545, 2554, 4117, 2549, 2560,   87,
-     2556, 2550, 2557, 2559, 2562,   87, 2561, 4117, 2551, 2565,
-       87, 2552, 2555,   87, 2553,   87,   87,   87,   87, 2571,
-     2558, 2563, 2554,   87,   87, 2560, 2564, 2556, 2573, 2557,
-     2559, 2562, 4117, 2561, 2566, 2567, 2570, 2572, 2568, 2574,
-
-     2575, 4117, 2579,   87, 2576, 4117, 2571,   87,   87, 2578,
-     2577, 2569,   87,   87, 4117,   87, 2582, 2581, 4117,   87,
-     4117, 2566, 2567, 2570, 2572, 2568, 2574, 2575,   87,   87,
-     2584, 2576,   87, 2580, 2585,   87, 2578, 2577, 2569,   87,
-       87,   87, 2583, 2582, 2581, 2586, 2587, 2588, 2594, 2589,
-     2590,   87,   87, 4117,   87,   87, 2592, 2584, 2591, 4117,
-     2580, 2585, 2596,   87,   87,   87,   87, 2607,   87, 2583,
-     2598, 2593, 2586, 2587, 2588,   87, 2589, 2590,   87, 2595,
-       87, 2597, 2600, 2592, 2604, 2591,   87,   87, 2601, 2596,
-     2599,   87, 2602,   87,   87, 2606, 2603,   87, 2593,   87,
-
-     4117, 2605,   87, 2608,   87, 2610, 2595, 2609, 2597, 2600,
-       87, 2604, 2613,   87,   87, 2601, 2617, 2599,   87, 2602,
-       87,   87, 2606, 2603, 2611,   87, 2616, 2614, 2605, 2612,
-     2608,   87, 2610, 2615, 2609,   87, 2618, 2620, 2621, 2613,
-     2622,   87, 2619,   87, 2623,   87,   87, 2625, 2624,   87,
-     2626, 2628, 2629, 2616, 2614, 4117,   87, 4117,   87, 2627,
-     2615, 2632,   87, 2618, 2620, 2621,   87, 2634,   87, 2619,
-     2630, 2623,   87,   87, 2635, 2624, 2633, 2636, 2631,   87,
-     2637, 2638,   87,   87,   87, 4117, 2627, 2639,   87,   87,
-       87,   87, 2642,   87, 2634,   87, 2692, 2630, 2646, 2696,
-
-       87, 2635,   87, 2633, 2636, 2631, 2640, 2637, 2638, 2641,
-       87, 2644, 2643,   87, 2639, 2648, 2645,   87,   87, 2642,
-     2647, 2649, 2650, 2651,   87, 2646, 2653, 2657,   87, 2652,
-       87,   87, 2658, 2640, 2656,   87, 2641,   87,   87, 2643,
-       87,   87, 2648,   87, 4117,   87, 2654, 2647, 2649, 2650,
-     2651,   87,   87, 2653,   87, 2659, 2652, 2660, 2655, 2658,
-     2661, 2656, 2663, 2666,   87,   87,   87, 2662, 2664,   87,
-     2665,   87, 2668, 2654, 2669,   87, 2667, 4117,   87,   87,
-       87, 4117, 2659, 2670, 2660, 2655, 2671, 2661, 2675, 2663,
-     2666,   87,   87, 2672, 2662, 2664,   87, 2665, 2673, 2668,
-
-     2681, 2669,   87, 2667,   87,   87, 2677, 2678, 2676,   87,
-     2670, 2674,   87, 2671, 2680, 2675,   87, 2683,   87,   87,
-     2672, 2679, 2682,   87, 2686, 2673, 4117,   87, 2684, 2688,
-     2687, 2685,   87, 2677, 2678, 2676, 2697,   87, 2674,   87,
-       87, 2680, 2689,   87,   87, 2693, 2690,   87, 2679, 2682,
-      175, 2686,   87,   87,   87, 2684, 2688, 2687, 2685, 2691,
-     2694, 2698, 2699, 2700, 2701, 2695, 2703,   87,   87, 2689,
-       87,   87, 2693, 2690, 2702,   87, 2704, 2708,   87, 4117,
-     2705,   87, 2709, 2714, 2710,   87, 2691, 2711, 2698, 2699,
-     2700, 2701,   87, 2703, 2706,   87, 2713, 2717, 2722, 2712,
-
-     2715, 2702,   87,   87, 2708, 2707,   87, 2705,   87,   87,
-       87, 2710,   87, 2716, 2711,   87, 2718,   87, 2719,   87,
-       87, 2706, 2720, 2713, 2717,   87, 2712, 2715, 2721, 2723,
-       87, 2724, 2707, 4117, 2725, 2726, 4117, 2727,   87,   87,
-     2716, 2728,   87, 2718,   87, 2719, 2735, 2729, 2730,   87,
-       87,   87,   87,   87, 4117, 2721, 2723,   87, 2724, 2732,
-       87, 2725, 2726,   87, 2727, 2736, 2734, 2731, 2728, 2733,
-     2738, 2740, 2739, 2735, 2729, 2730,   87,   87,   87, 2737,
-     2741,   87, 2742,   87,   87, 2745, 2732,   87, 2743,   87,
-     4117,   87, 2736, 2734, 2731,   87, 2733,   87, 2740, 2739,
-
-       87, 2744,   87, 2746, 2747, 2748, 2737, 2741, 2749, 2742,
-       87,   87, 2745, 2750, 2751, 2743, 2752,   87, 2755,   87,
-     2756, 2753,   87,   87,   87, 2761,   87, 2763, 2744,   87,
-     2746, 2747, 2748,   87, 2754, 2749, 2757, 2767, 2759, 2764,
-       87, 2751,   87, 2752,   87, 2755, 2758, 2756, 2753, 2760,
-     2762,   87,   87,   87, 2766,   87, 2765,   87,   87,   87,
-     2768, 2754, 2769, 2757, 2767, 2759, 2764,   87,   87,   87,
-       87, 2770, 2771, 2758, 2773, 4117, 2760, 2762, 2772, 2774,
-     2775, 2766,   87, 2765, 2777,   87, 2776, 2768,   87, 2769,
-     2778, 2779, 2780,   87,   87, 4117, 2781, 2782,   87, 2771,
-
-       87, 2773,   87, 2786, 2792, 2772, 2774, 2775,   87,   87,
-       87, 2777, 2783, 2776, 2787, 2788,   87,   87, 2779,   87,
-     2789, 4117, 2784, 2781, 2782, 2785,   87,   87, 2793, 2794,
-       87,   87, 2790, 2800, 2801, 2791, 2795, 2796, 2797, 2783,
-       87, 2787, 2788, 2799,   87,   87,   87, 2789,   87, 2784,
-       87,   87, 2785, 2798, 2803,   87, 2794,   87,   87, 2790,
-       87,   87, 2791, 2795, 2796, 2797, 2802, 2804,   87, 2805,
-     2799, 2806, 2808, 2807,   87, 2809,   87, 2810, 2812, 2811,
-     2798,   87, 2813,   87, 2815,   87, 2819, 4117, 4117, 4117,
-       87, 2814, 2818, 2802, 2804,   87,   87,   87, 2806,   87,
-
-     2807,   87,   87, 2816, 2810, 2812, 2811, 2817,   87, 2813,
-     2821,   87, 2820,   87,   87,   87,   87, 2822, 2814, 2818,
-       87, 2823, 2825, 2828, 2824, 2829,   87, 2826, 2830, 2835,
-     2816, 2831, 2834,   87, 2817, 2832, 4117,   87, 4117, 2820,
-       87, 4117, 2827,   87, 2822,   87,   87,   87, 2823, 2825,
-       87, 2824, 2829,   87, 2826, 2830,   87, 2833, 2831,   87,
-     2836,   87, 2832, 2837, 2838,   87, 2839,   87,   87, 2827,
-     2841, 2840, 2842, 2845, 2843,   87, 2844, 2851,   87, 2846,
-       87,   87, 2854,   87, 2833, 3787, 3788, 2836, 4117,   87,
-     2837, 2838, 4117, 2839,   87,   87, 2847,   87, 2840, 2842,
-
-     2845, 2843,   87, 2844, 2851, 2848, 2846, 2852, 2855,   87,
-     2856, 2857, 2849, 2850,   87,   87, 2858, 2859, 2863, 2860,
-       87, 2853, 2864, 2847,   87,   87,   87, 2861,   87, 2862,
-       87,   87, 2848,   87, 2852, 2855,   87, 2856, 2857, 2849,
-     2850, 2868, 2865, 2858, 2859, 2863, 2860,   87, 2853, 2864,
-     2869, 4117, 2870, 2871, 2861,   87, 2862, 2866, 2874, 2867,
-     2872, 2873, 2875,   87, 4117,   87,   87, 2883,   87, 2865,
-     2877, 2879,   87,   87,   87,   87, 2876, 2869, 2880, 2870,
-     2871, 2884,   87, 2882, 2866, 2874, 2867, 2872, 2873, 2875,
-     2878,   87,   87,   87,   87,   87, 2881, 2877, 2879,   87,
-
-       87, 2885, 2886, 2876, 2887, 2880, 4117,   87, 2888, 2899,
-     2882, 2889, 2891,   87,   87, 2893, 2892, 2878,   87, 2890,
-     4117,   87,   87, 2881, 2898, 2900,   87, 2894, 2885, 2886,
-       87, 2895, 2896,   87, 2897, 2888,   87,   87, 2889, 2891,
-       87,   87, 2893, 2892, 2901,   87, 2890, 2904, 2902,   87,
-       87, 2898,   87, 2903, 2894,   87, 2905,   87, 2895, 2896,
-       87, 2897, 2906, 4117, 2907,   87, 2912,   87, 2909, 2911,
-     2916, 2901, 2908, 2910, 2904, 2902, 2918, 4117, 2917, 2913,
-     2903,   87,   87, 2905,   87, 2941, 4117,   87, 2933,   87,
-       87, 2907,   87, 2912,   87, 2909, 2911, 2916,   87, 2908,
-
-     2910,  175, 2914,   87, 2915, 2917, 2913, 2919, 2920,   87,
-     2921, 2922, 2924, 2925, 2923,   87, 4117,   87, 2927,   87,
-     2926, 2929, 2928, 2942,   87, 2934,   87,   87,   87, 2914,
-       87, 2915,   87,   87, 2919, 2920,   87, 2921, 2922, 2924,
-     2925, 2923, 2931,   87, 2930, 2927,   87, 2926, 2929, 2928,
-     2932,   87,   87, 2935, 2936,   87, 2937, 2938, 4117, 4117,
-       87,   87, 2939, 2940, 2944,   87, 2945, 4117, 2946, 2931,
-     2943, 2930, 2947, 4117, 2948, 2952, 2951, 2932, 4117,   87,
-       87, 2936,   87, 2937,   87,   87,   87,   87,   87, 2939,
-     2940,   87, 2949, 2945,   87, 2946, 2950, 2943, 2953, 2947,
-
-       87, 2948,   87, 2951,   87,   87, 2954,   87, 2955, 2957,
-     2956,   87, 4117, 4117, 2960, 2964, 2958, 2959, 4117, 2949,
-     2962, 4117, 2961, 2950, 2966, 2953, 4117,   87,   87, 2963,
-     2974,   87,   87, 2954,   87, 2955,   87, 2956,   87,   87,
-       87, 2960,   87, 2958, 2959, 2965,   87, 2962, 2967, 2961,
-     2968, 2966,   87, 2969, 2970,   87, 2963,   87, 2972,   87,
-       87, 2971,   87, 2976, 2973,   87, 2975,   87, 2978, 2979,
-     2977, 2980, 2965, 4117, 2981, 2967, 2984, 2968,   87,   87,
-     2969, 2970,   87, 2982,   87, 2972,   87,   87, 2971,   87,
-     2976, 2973,   87, 2975,   87, 2978, 2979, 2977, 2980, 2985,
-
-     2983, 2981, 2986,   87, 2988,   87,   87, 2989, 2987, 4117,
-     2982, 2993, 3004,   87,   87, 2990, 2991, 4117, 2994, 2992,
-     4117, 2995, 4117, 4117,   87, 2996, 2985, 2983, 2997, 2986,
-       87,   87, 2998, 3000,   87, 2987,   87,   87, 2993,   87,
-     3002,   87, 2990, 2991,   87, 2994, 2992,   87, 2995,   87,
-     2999, 3003, 2996, 3005,   87, 2997,   87,   87, 3006, 2998,
-     3000, 3007,   87, 3001,   87, 3008,   87, 3002,   87, 3009,
-     3011, 3012, 3010, 3013,   87, 3014,   87, 2999, 3003,   87,
-     3005,   87,   87,   87, 3015,   87, 3018,   87, 3007, 3020,
-     3001, 3021, 3008, 3019, 3016,   87,   87, 3011, 3012, 3010,
-
-     3013, 3017, 3014,   87, 3022, 3023, 3025,   87,   87, 4117,
-       87, 3015,   87, 3018, 3024,   87,   87,   87,   87, 3026,
-     3019, 3016, 3027, 3028,   87, 4117, 3032, 3029, 3017, 4117,
-     3030,   87, 3023, 3025, 3035, 3036,   87, 3031, 3034, 3037,
-       87, 3024, 3039, 4117,   87,   87, 3026, 3033,   87, 3027,
-     3028,   87,   87,   87, 3029,   87,   87, 3030,   87, 3038,
-     3040, 3035, 3041, 3043, 3031, 3034, 3037,   87, 3042,   87,
-     3044,   87, 3045, 3047, 3033, 3048, 3046, 3053,   87, 4117,
-       87, 3052,   87,   87,   87, 4117, 3038, 3040,   87, 3041,
-     3043,   87,   87, 3049, 3050, 3042, 3051, 3044,   87, 3045,
-
-     3047,   87, 3048, 3046,   87,   87, 3054,   87, 3052, 3055,
-     3057, 3056, 3058, 4117, 3060, 3059, 3062, 3061,   87, 3064,
-     3049, 3050, 3067, 3051,   87, 3063,   87,   87,   87,   87,
-       87,   87, 3066, 3054,   87, 3069, 3055, 3057, 3056, 3058,
-       87, 3060, 3059, 3062, 3061, 3068, 3064,   87, 3065,   87,
-     3070, 3071, 3063, 3072,   87,   87, 3073,   87, 3074, 3066,
-     3075, 3079,   87, 3076, 4117, 3077, 3080,   87,   87, 3078,
-     4117, 3081, 3068,   87, 4117, 3065,   87,   87,   87, 3085,
-     3072,   87,   87, 3073, 3087, 3074,   87, 3075, 3079,   87,
-     3076,   87, 3077, 3080, 3082,   87, 3078, 3083, 3081, 3084,
-
-     3086,   87, 3088,   87, 3089, 3090,   87, 3091,   87, 3094,
-       87,   87, 4117, 3092, 3098, 3093,   87, 3095, 3096, 3099,
-       87, 3082,   87, 3100, 3083,   87, 3084, 3086, 3097,   87,
-       87, 3089,   87,   87, 3091,   87, 3094,   87, 3103,   87,
-     3092,   87, 3093, 3106, 3095, 3096, 3099, 3101,   87, 3102,
-       87, 3104,   87, 3105,   87, 3097,   87, 3107, 3108, 3112,
-     4117,   87, 3109,   87, 3110, 3103,   87, 3111, 4117, 3113,
-     3106, 3114,   87, 3115, 3101, 3119, 3102,   87, 3104,  175,
-     3105,   87,   87,   87, 3107, 3108, 3112,   87, 3118, 3109,
-     3116, 3110, 3117,   87, 3111,   87, 3113,   87, 3114, 3120,
-
-     3115, 3121,   87,   87, 3125, 3122, 3126, 3123, 3124, 3127,
-       87, 3128, 4117, 4117, 3130, 3118, 3131, 3116,   87, 3117,
-     4117, 3129, 4117, 4117,   87,   87, 3120, 4117, 3121,   87,
-       87,   87, 3122,   87, 3123, 3124, 3127,   87, 3128,   87,
-       87, 3130,   87, 3131, 3132, 3133, 3134, 3135, 3129, 3136,
-     3138, 3137, 3141,   87,   87,   87,   87, 3139, 3140,   87,
-       87,   87, 3142, 3143,   87,   87, 4117, 3147, 3144,   87,
-       87, 3132, 3133, 3134, 3135,   87, 3136, 3138, 3137, 3141,
-     3148, 3149, 3145, 3146, 3139, 3140, 3150, 3152,   87, 3142,
-     3143,   87,   87,   87, 3147, 3144, 3151, 3153, 3154,   87,
-
-     3155,   87, 3156,   87, 4117,   87, 3157, 3148,   87, 3145,
-     3146,   87, 3158, 3150, 3152,   87,   87, 3159, 3160, 3161,
-     3167,   87, 3162, 3151,   87, 3154, 3164,   87,   87, 3156,
-       87,   87, 3163, 3157,   87, 3165, 3168,   87, 3166, 3158,
-       87, 3169, 3171,   87, 3159, 3160, 3161, 3167, 3170, 3162,
-     3172,   87, 3173, 3164, 3174,   87, 3175, 3176,   87, 3163,
-     3178,   87, 3165,   87, 3177, 3166,   87, 3180,   87, 3171,
-     3179,   87,   87,   87, 3181, 3170, 3182, 3172,   87,   87,
-       87,   87, 3183, 3184, 3176, 3185, 3186, 3178,   87,   87,
-       87, 3177,   87, 3188, 3180, 3187,   87, 3179, 3190, 3189,
-
-       87, 3181,   87,   87, 3191, 3192, 3193, 3194, 3195, 3183,
-     3184,   87, 3185, 3186, 3198,   87, 3197, 4117, 3196, 3201,
-     3188,   87, 3187,   87,   87, 3190, 3189, 3200, 3203,   87,
-       87,   87, 3192,   87, 3194,   87,   87, 3199, 3209, 3208,
-     3202, 3198, 4117, 3197,   87, 3196,   87,   87, 3205,   87,
-       87, 3204, 3206, 3207, 3200, 3203,   87, 3210,   87,   87,
-     3212, 3211,   87,   87, 3199,   87, 3208, 3202, 3215,   87,
-       87, 3214, 3220, 3213, 3216, 3205, 3218, 4117, 3204, 3206,
-     3207, 3217, 3219,   87, 3210, 3225,   87,   87, 3211,   87,
-     3221,   87, 3222,   87, 4117, 3215, 3223,   87, 3214,   87,
-
-     3213, 3216, 3224, 3218,   87,   87,   87, 4117, 3217, 3219,
-       87, 3228,   87, 3229,   87, 3235, 3230, 3221, 3231, 3222,
-     3226, 3227,   87, 3223, 3232,   87, 3234, 3233, 4117, 3224,
-       87,   87,   87,   87,   87, 3236, 3238, 3237, 3228, 3239,
-     3229, 3240,   87, 3230, 3241, 3231,   87, 3226, 3227, 3242,
-       87, 3232,   87, 3234, 3233,   87, 3243, 3244, 3245,   87,
-     3248, 3253, 3236, 3238, 3237,   87, 3239, 3246,   87,   87,
-     3247, 3241, 3250, 3249, 3251,   87,   87,   87,   87,   87,
-     3260, 3252,   87, 3243, 3244, 3245,   87,   87,   87, 3254,
-     3255, 3256,   87, 3257, 3246, 3258, 3259, 3247,   87, 3250,
-
-     3249, 3251, 3261,   87,   87,   87, 3263,   87, 3252,   87,
-     3264,   87, 3262,   87,   87, 3266, 3254, 3255, 3256, 3265,
-     3257, 3267, 3258, 3259,   87, 3268, 3269, 3270,   87, 3261,
-     3271, 4117,   87,   87,   87, 3272, 3273, 3264, 3274, 3262,
-     4117,   87, 3266,   87,   87,   87, 3265,   87, 3267,   87,
-     3276, 3277, 3268, 3269, 3270, 3275, 3279, 3271,   87, 3278,
-       87, 4117, 3272, 3273, 3281, 3274, 3280,   87,   87, 3282,
-     3283, 3285,   87, 3284, 3287, 3286, 3290,   87,   87, 4117,
-       87,   87, 3275, 3279,   87, 3288, 3278, 3289,   87,   87,
-       87, 3281, 3291, 3280, 3293,   87,  175, 3283, 3285, 3292,
-
-     3284, 3294, 3286, 3290, 3295, 3296,   87,   87, 3297,   87,
-     3298,   87, 3288, 3299, 3289, 3300,   87, 3305,   87, 3291,
-     3301, 3293,   87,   87, 3303, 3302, 3292,   87,   87, 3306,
-       87,   87, 3296, 3304, 4117, 3297, 3307, 3298, 4117,   87,
-       87, 3311, 3300, 3308, 3305, 3309,   87, 3314, 3310, 3315,
-     3312, 3303,   87,   87, 4117,   87, 3313, 3318, 3316,   87,
-     3304,   87,   87, 3307, 3321,   87,   87,   87, 3311,   87,
-     3308, 3317, 3309, 3319, 3320, 3310, 4117, 3312, 3326,   87,
-       87,   87, 3322, 3313,   87, 3316,   87,   87,   87, 3323,
-     3324, 3321, 3325,   87, 3327, 3328,   87,   87, 3317, 3330,
-
-     3319, 3320, 3329, 3333, 3332, 3326, 3331, 3337,   87, 3322,
-     3334,   87,   87,   87,   87, 3336, 3323, 3324, 4117, 3325,
-       87, 3327, 3328, 4117,   87,   87, 3330,   87,   87, 3329,
-     3335, 3332,   87, 3331, 3337,   87, 3338, 3334, 3339,   87,
-     3342, 3340, 3341, 3344,   87,   87, 3343,   87,   87, 3347,
-       87,   87, 3348, 3345, 3346, 3351, 3349, 3335, 3358, 4117,
-     4117, 3356, 3359, 3338,   87, 3339,   87,   87, 3340, 3341,
-     3344,   87,   87, 3343,   87,   87, 3347, 3350, 3352, 3348,
-     3345, 3346,   87, 3349, 3353, 3354,   87, 3355,   87,   87,
-       87, 3357,   87,   87,   87, 3360,   87, 3361, 3362, 3363,
-
-     3364, 3366, 3367,   87, 3350, 3352,   87, 3365, 3369,   87,
-       87, 3353, 3354, 4117, 3355, 3370, 3374, 3368, 3357,   87,
-       87, 4117, 3360,   87, 3361, 3371,   87, 3364, 3366, 3367,
-       87,   87, 3372, 3373, 3365, 3375, 4117, 3376, 4117,   87,
-       87,   87, 3370,   87, 3368, 3377,   87,   87,   87, 3378,
-     3383, 3382, 3371, 3381, 3380,   87, 3379, 3384, 3385, 3372,
-     3373, 3387, 3375,   87, 3376,   87,   87,   87,   87,   87,
-     3386,   87, 3377, 3388,   87, 3389, 3378, 3383, 3382,   87,
-     3381, 3380, 3390, 3379, 3384,   87, 3391, 3393,   87, 3392,
-     3395, 3394, 3404, 4117, 3397, 3396, 3399, 3386,   87, 3398,
-
-       87, 4117,   87, 3403, 4117,   87, 3405,   87,   87, 3390,
-       87,   87,   87, 3391,   87, 3406, 3392, 3395, 3394,   87,
-     3400, 3401, 3396, 3399, 3402, 3407,   87,   87,   87,   87,
-     3403,   87, 3408,   87, 3410, 3411, 3409, 3413, 3412, 4117,
-     3414, 3415,   87, 3416,   87,   87,   87, 3400, 3401,   87,
-       87, 3402, 3407, 3417, 3421,   87, 3422, 3418, 3427, 3408,
-     3419,   87, 3411, 3409,   87, 3412,   87, 3414,   87,   87,
-     3416,   87, 3420, 3423, 3424, 3428, 3429, 3426, 3431, 3425,
-       87, 3430,   87,   87, 3418,   87,   87, 3419, 3432, 3434,
-       87, 3433, 3435, 3436, 3437,   87,   87,   87,   87, 3420,
-
-     3423,   87, 3428, 3440, 3426, 3431,   87, 3438,   87,   87,
-       87, 3441, 3439, 3443, 3442, 3432, 3434, 3453, 3433, 3445,
-     3446, 3447,   87, 3444,   87,   87,   87, 3448, 4117, 4117,
-       87, 4117, 4117,   87, 3438,   87,   87, 3451,   87, 3439,
-     3443, 3442,   87,   87,   87,   87, 3445, 3446, 3447, 3452,
-     3444, 3449, 3450,   87, 3448, 3454, 3455, 3456,   87,   87,
-     3457,   87,   87, 3463, 3451, 3468, 3458, 3460, 3464,   87,
-     3462, 4117, 3469,   87, 3459, 4117, 3452, 3461, 3449, 3450,
-       87, 3465, 3454, 3455,   87,   87, 3466, 3457, 3467,   87,
-       87, 3470,   87, 3458, 3460,   87,   87, 3462,   87, 3469,
-
-     3471, 3459, 3472, 3474, 3461, 3473, 4117, 3477,   87, 3476,
-     4117, 3475, 3480,   87,   87, 3467,   87,   87, 3470, 3478,
-     3479, 3481, 4117, 3483, 3484,   87,   87, 3471,   87, 3472,
-     3474,   87, 3473,   87, 3477, 3488, 3476,   87, 3475, 3480,
-       87, 3482,   87,   87, 3489,   87, 3478, 3479, 3481,   87,
-     3483, 3484, 3485, 3486, 3487, 4117, 3492, 3491, 3490,   87,
-       87,   87,   87, 3495, 3496, 3493, 3494, 3497, 3482,   87,
-     3498,   87,   87, 3499, 3500, 3503, 4117, 4117, 3501, 3485,
-     3486, 3487,   87,   87, 3491, 3490,   87,   87,   87, 3502,
-     3495,   87, 3493, 3494, 3497,   87,   87,   87, 3507, 3504,
-
-     3499,   87,   87, 3505, 3506, 3501, 3508,   87, 3512, 3509,
-     3510, 3511, 4117,   87, 4117, 3513, 3502,   87, 3515,   87,
-     3517,   87, 3514, 3516,   87,   87, 3504,   87,   87,   87,
-     3505, 3506,   87,   87,   87, 3512, 3509, 3510, 3511, 3518,
-     3519, 3520, 3513, 4117, 3522, 4117, 3521, 3517, 3524, 3514,
-       87, 3526,   87,   87, 3523, 3525, 3529,   87, 3528, 3531,
-     4117, 4117, 3527,   87, 3535, 4117, 3518, 3519, 3520,   87,
-       87, 3522,   87, 3521,   87, 3524,   87,   87, 3526, 3530,
-       87, 3523, 3525,   87, 3532, 3528,   87, 3534, 3533, 3527,
-       87,   87,   87, 3536, 3537, 3538,   87,   87, 3539, 3540,
-
-     3544,   87, 3541, 3543, 3542, 4117, 3530, 4117, 3545, 4117,
-       87, 3532,   87,   87, 3534, 3533, 3547, 3548, 4117, 3549,
-       87, 3537,   87,   87,   87, 3539, 3540,   87, 3546, 3541,
-     3543, 3542,   87, 3550,   87, 3545, 3551, 3552,   87,   87,
-     3553, 3555, 3558, 3547, 3548,   87, 3549, 3554, 4117, 3556,
-       87,   87, 3557, 3559,   87, 3546,   87, 3560,   87, 3561,
-     3550,   87, 3564, 3551, 3552, 3562, 3563, 3553, 3555,   87,
-       87, 3567,   87,   87, 3554,   87, 3556,   87, 3566, 3557,
-       87, 3568, 3565, 4117,   87, 3569, 3561, 3571, 3570, 3564,
-       87, 3573, 3562, 3563, 3575, 3572, 3574, 3577, 3579, 3578,
-
-       87,   87,   87,   87,   87, 3566,   87,   87,   87, 3565,
-       87, 3576, 3569, 3580,   87, 3570,   87, 3581, 3573, 3582,
-       87, 3575, 3572, 3574, 3583,   87, 3578, 3584, 3588,   87,
-     3585, 3586, 4117, 3589, 3590,   87,   87, 4117, 3576,   87,
-     3580,   87,   87,   87, 3581, 3587, 3582,   87,   87, 3591,
-       87, 3583,   87, 3593, 3584,   87, 3592, 3585, 3586, 3594,
-     3589, 3590, 3596,   87, 3601, 3595, 3597, 3598, 3600, 3599,
-       87,   87, 3587,   87,   87,   87, 3591, 3605, 3603,   87,
-     3593,   87, 3602, 3592,   87, 3606, 3594,   87,   87, 3596,
-       87, 3601, 3595, 3597, 3598, 3600, 3599, 3604,   87, 3607,
-
-       87, 3608, 3610, 3612,   87, 3603, 3609,   87, 3613, 3602,
-     3611, 3614,   87, 3615, 3616,   87, 3617,   87, 3621, 3624,
-     3618, 3619, 3620, 4117, 3604,   87, 3607,   87, 3626, 3610,
-       87,   87,   87,   87, 3623,   87, 3628, 3611, 3614, 3622,
-       87, 3616,   87, 3617,   87,   87,   87, 3618, 3619, 3620,
-     3625,   87,   87, 3630,   87,   87, 3627, 3629, 4117,   87,
-     3632, 3623,   87, 3628,   87, 3631, 3622, 3634,   87, 3633,
-       87,   87, 3635, 3637, 3639, 3640, 3636, 3625, 3642,   87,
-     3630, 3638,   87, 3627, 3629,   87, 3641, 3632, 3646, 3643,
-       87,   87, 3631,   87, 3634, 3647, 3633, 3644,   87, 3635,
-
-     3637,   87,   87, 3636, 3645,   87, 3648,   87, 3638, 3650,
-       87,   87, 3649, 3641, 3652,   87, 3643, 3653,   87,   87,
-     3654, 3655,   87, 3657, 3644, 3658, 4117,   87, 3651, 3656,
-       87, 3645,   87, 3648, 3659,   87,   87,   87,   87, 3649,
-     3660, 3652, 3661, 4117, 3653, 3662, 3663, 3654, 4117, 3666,
-     3657, 3664, 3658,   87, 3665, 3651, 3656,   87, 3667, 3668,
-     3669,   87,   87, 3670,   87,   87,   87, 3660, 3673,   87,
-       87, 3671, 3662, 3663, 4117,   87, 3666, 3672, 3664, 3674,
-       87, 3665,   87, 3675, 3676, 3667, 3668, 3669,   87, 3678,
-     3677, 3679, 3680, 3681, 3682,   87, 4117,   87,   87, 3683,
-
-       87,   87,   87, 3687, 3672,   87, 3674, 3690, 3686, 3684,
-     3675,   87,   87, 3685,   87,   87, 3678, 3677,   87, 3680,
-     3681,   87,   87,   87, 3688,   87, 3683, 3689, 3691, 3692,
-       87, 3693,   87, 3695, 3690, 3686, 3684, 3694,   87, 3696,
-     3685, 3697, 3698, 3699, 3700, 3702,   87, 3701, 3705, 3703,
-     4117, 3688, 4117,   87, 3689,   87,   87, 3706,   87,   87,
-     3695,   87,   87,   87, 3694, 3707, 3696, 3709,   87,   87,
-       87, 3700,   87, 3710, 3701, 3708, 3703, 3704,   87,   87,
-       87, 3711, 3712, 3713, 3706, 3714,   87,   87,   87,   87,
-     3715, 3717,   87,   87,   87,   87, 3716, 3718,   87, 3719,
-
-       87, 3720, 3708, 3722, 3704, 3723, 3721,   87, 3711, 3712,
-     3713, 3726, 3714,   87,   87, 4117, 3727, 3715,   87, 3730,
-     3724,   87,   87, 3716, 3718, 3729, 3719,   87, 3720, 3725,
-     3722, 3732,   87, 3721, 3728, 3731,   87, 3733,   87,   87,
-       87,   87,   87, 3727, 3734, 3736,   87, 3724, 3735, 4117,
-     3740,   87, 3729,   87,   87,   87, 3725, 3737, 3732, 3738,
-     3739, 3728, 3731, 3741, 3733, 3743,   87, 3742, 3744, 3746,
-     3745, 3747, 3736, 4117, 4117, 3735,   87,   87,   87,   87,
-     3748,   87, 3750, 4117, 3737,   87, 3738, 3739,   87,   87,
-       87, 3751, 3743, 3754, 3742, 3758, 3746, 3745,   87, 3749,
-
-       87, 3752,   87, 3753, 3755,   87,   87, 3748,   87, 3750,
-       87, 4117, 3756,   87, 3757,   87,   87, 3759, 3751,   87,
-     3754, 3760, 3758,   87, 3764, 3761, 3749,   87, 3752,   87,
-     3753, 3755,   87, 3762, 3763,   87,   87, 3765, 3766, 3756,
-       87, 3757, 3771,   87, 3759, 3768, 3769,   87, 3760, 3767,
-     3770, 3764, 3761, 3772, 3774,   87, 3773,   87, 3776, 3777,
-     3762, 3763, 4117,   87, 3765, 3766, 3778,   87,   87, 3781,
-     3775, 3784, 3768, 3769,   87,   87, 3767, 3770,   87, 3779,
-     3772, 3774, 3780, 3773,   87,   87,   87, 3783, 3782,   87,
-     3785,   87, 3786, 3778, 3791,   87,   87, 3775,   87, 3789,
-
-     3790, 3802,   87, 3794,   87, 3795, 3779, 3792, 3793, 3780,
-       87, 3796, 3797, 3798, 3783, 3782, 3800, 3785, 3799,   87,
-     3801,   87,   87, 3803, 3804, 3807,   87,   87,   87,   87,
-     3794,   87, 3795,   87, 3805, 3808,   87, 3809, 3796,   87,
-     3798, 3810, 3806,   87, 3811, 3799, 3813,   87,   87, 3814,
-     3812,   87,   87,   87, 3817,   87,   87, 3818,   87, 3815,
-     3819, 3805,   87,   87, 3809, 3816,   87,   87, 3810, 3806,
-     3820, 3811,   87,   87,   87, 3822, 3814, 3812,   87, 3821,
-       87, 3817,   87, 3823, 3818, 3824, 3815, 3819,   87, 3825,
-     4117, 3826, 3816, 3827, 3828, 3829, 3830, 3820, 4117, 3831,
-
-       87,   87, 3822, 3832, 3835,   87, 3821,   87, 3837, 3836,
-     3823,   87,   87, 4117, 4117, 3845, 3825,   87, 3826, 3841,
-       87,   87,   87, 3830, 3833,   87, 3831, 3834, 3840, 3838,
-     3832,   87, 3839, 3844,   87, 3842,   87, 3843, 3847, 3848,
-       87,   87,   87, 3851,   87,   87, 3841,   87, 3846, 3849,
-     3850, 3833, 3853, 3854, 3834, 3840, 3838,   87, 3852, 3839,
-       87,   87, 3842, 3855, 3843,   87,   87, 3857, 3858,   87,
-       87,   87,   87, 3856, 3859, 3846, 3849, 3850, 3860,   87,
-       87,   87,   87, 3861, 3862, 3852, 3863, 3864, 3865,   87,
-     3855, 3866, 3867, 3870,   87,   87, 3868, 3869, 3874, 4117,
-
-     3856,   87, 4117,   87,   87,   87, 4117, 3872, 3875,   87,
-       87,   87, 3876,   87,   87, 3865,   87, 3871, 3866,   87,
-     3870, 3873, 3879, 3868, 3869,   87,   87,   87, 3878,   87,
-     3877, 3881, 3884,   87, 3872, 3875, 3883,   87, 3880, 3876,
-       87, 3882, 4117, 3885, 3871, 3886,   87,   87, 3873,   87,
-       87, 3887, 3888,   87, 3889, 3878, 4117, 3877,   87, 3884,
-       87, 3890, 3891, 3883,   87, 3880, 3892, 3895, 3882,   87,
-     3885,   87, 3886, 3893,   87, 3894,   87, 3897,   87, 3888,
-     3896,   87, 4117,   87, 3898, 3903, 3899, 3900, 3890, 3891,
-       87, 3907, 3902, 3892, 3895,   87, 3901,   87, 3904, 3905,
-
-     3893,   87, 3894,   87,   87,   87,   87, 3896,   87,   87,
-     3910, 3898, 3903, 3899, 3900, 3906,   87,   87, 3907, 3902,
-     3908,   87,   87, 3901, 3909, 3904, 3905,   87, 3911, 3914,
-     3912,   87,   87, 3915, 3918, 3913, 3919, 3910, 3916, 3917,
-     3920,   87, 3906,   87, 3921, 3922,   87, 3908,   87, 3923,
-       87, 3909,   87,   87,   87, 3911, 3914, 3912, 3926, 3925,
-     3915, 3918, 3913, 3919, 3924, 3916, 3917,   87,   87, 3936,
-     3928,   87,   87, 3927, 3929, 3930,   87,   87, 3932, 3931,
-       87,   87,   87,   87, 3934, 3926, 3925,   87, 3933, 3937,
-     3935, 3924, 4117, 4117,   87,   87, 3936, 3928, 4117, 3939,
-
-     3927, 3929,   87,   87, 3938, 3932, 3931,   87,   87,   87,
-       87, 3934,   87, 3940, 3943, 3933, 3937, 3935, 3941, 3944,
-       87, 3942, 3945, 3946,   87, 3948, 3939, 3947, 3949,   87,
-     3950, 3938,   87,   87,   87, 3954,   87, 4117, 3962, 3952,
-     3940, 3943,   87, 4117,   87, 3941, 3944,   87, 3942, 3945,
-     3946, 3951, 3948,   87, 3947, 3949, 3953,   87,   87, 3959,
-     3955, 3956,   87, 3957, 3958,   87, 3952,   87, 3961,   87,
-       87,   87, 3960, 3964, 3963,   87, 3965, 3968, 3951, 3967,
-     3966,   87,   87, 3953, 3969,   87, 3959, 3955, 3956, 4117,
-     3957, 3958,   87, 3973, 3972, 3961, 3975,   87,   87, 3960,
-
-     3964, 3963,   87,   87,   87,   87, 3967, 3966, 3970, 3974,
-     3971,   87, 3976, 3977, 3978,   87,   87,   87,   87, 3979,
-     3973, 3972, 3980, 3975,   87, 3981, 3982,   87, 3983, 3984,
-     3985,   87, 3986,   87,   87, 3970, 3974, 3971, 3987, 3976,
-     3988, 3978, 3989, 3990,   87,   87, 3979,   87, 3991, 3980,
-     3992, 3993,   87, 3982, 3995,   87,   87,   87, 3994,   87,
-       87, 3996,   87,   87, 3997, 3987,   87, 3988, 3998,   87,
-     3990,   87, 4000,   87, 3999,   87, 4001,   87, 3993, 4002,
-       87,   87, 4003,   87, 4004, 3994, 4005, 4006, 3996, 4117,
-       87, 3997, 4117, 4007, 4010, 3998, 4008, 4009,   87,   87,
-
-       87, 3999,   87, 4001,   87, 4011, 4002,   87, 4018, 4003,
-     4012, 4015, 4117, 4013, 4006, 4014,   87,   87,   87,   87,
-     4007,   87,   87, 4008, 4009,   87, 4016,   87, 4017, 4020,
-     4117, 4023,   87,   87, 4019,   87, 4021, 4012, 4015,   87,
-     4013,   87, 4014,   87, 4022,   87, 4024, 4027, 4025, 4026,
-     4028, 4029,   87, 4016, 4117, 4017, 4020,   87, 4023, 4030,
-       87, 4019,   87, 4021, 4031,   87,   87, 4036, 4037,   87,
-       87, 4022,   87, 4024, 4027, 4025, 4026, 4028,   87, 4032,
-     4033, 4034, 4038, 4039, 4035,   87, 4030,   87,   87, 4044,
-       87, 4031,   87, 4040, 4036,   87, 4041,   87, 4045, 4042,
-
-     4043, 4048, 4049, 4117,   87, 4046, 4032, 4033, 4034, 4038,
-     4047, 4035,   87, 4050, 4051,   87, 4044,   87,   87,   87,
-     4040,   87,   87, 4041,   87, 4052, 4042, 4043, 4048,   87,
-       87, 4053, 4046, 4055,   87,   87, 4054, 4047, 4056, 4057,
-     4050,   87, 4058, 4059,   87, 4060,   87,   87, 4061, 4062,
-     4063,   87, 4052,   87,   87, 4064, 4065, 4066, 4053,   87,
-     4055, 4067, 4117, 4054, 4068, 4056, 4057, 4069, 4117, 4076,
-     4059, 4073, 4060, 4117,   87,   87,   87,   87,   87,   87,
-     4074,   87, 4064, 4065,   87, 4070, 4072, 4071, 4067,   87,
-     4075, 4068,   87,   87, 4069,   87, 4076,   87, 4073, 4078,
-
-       87, 4079,   87, 4080,   87, 4077,   87, 4074, 4081,   87,
-     4084, 4082, 4070, 4072, 4071, 4085, 4083, 4075,   87, 4086,
-     4088, 4089, 4087, 4095, 4117,   87, 4078, 4117, 4079,   87,
-     4080, 4090, 4077,   87,   87, 4081,   87, 4084, 4082, 4091,
-     4093, 4117,   87, 4083,   87,   87,   87, 4088,   87, 4087,
-       87,   87, 4092, 4094, 4097, 4096, 4098, 4099, 4090,   87,
-       87,   87,   87,   87, 4100,   87, 4091, 4093, 4101, 4102,
-     4117, 4106,   87, 4105, 4108, 4109,   87, 4103,   87, 4092,
-     4094, 4097, 4096, 4098, 4099,   87, 4107, 4110, 4111, 4104,
-     4112, 4100, 4115, 4116,   87, 4101,   87,   87,   87,   87,
-
-     4105,   87,   87, 4113, 4103, 4117,   87,   87, 4117, 4117,
-       87,   87,   87, 4107, 4110, 4111, 4104, 4112, 4114,   87,
-       87, 4117, 4117, 4117, 4117, 4117,   87, 4117, 4117, 4117,
-     4113, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117,
-     4117, 4117, 4117, 4117, 4117, 4114,   48,   48,   48,   48,
-       48,   48,   48,   53,   53,   53,   53,   53,   53,   53,
-       58,   58,   58,   58,   58,   58,   58,   64,   64,   64,
-       64,   64,   64,   64,   69,   69,   69,   69,   69,   69,
-       69,   75,   75,   75,   75,   75,   75,   75,   81,   81,
-       81,   81,   81,   81,   81,   90,   90, 4117,   90,   90,
-
-       90,   90,  165,  165, 4117, 4117, 4117,  165,  165,  167,
-      167, 4117, 4117,  167, 4117,  167,  169, 4117, 4117, 4117,
-     4117, 4117,  169,  172,  172, 4117, 4117, 4117,  172,  172,
-      174, 4117, 4117, 4117, 4117, 4117,  174,  176,  176, 4117,
-      176,  176,  176,  176,  179, 4117, 4117, 4117, 4117, 4117,
-      179,  182,  182, 4117, 4117, 4117,  182,  182,   91,   91,
-     4117,   91,   91,   91,   91,   17, 4117, 4117, 4117, 4117,
-     4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117,
-     4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117,
-     4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117,
-
-     4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117,
-     4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117,
-     4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117,
-     4117, 4117
+     2088, 2084, 2091, 2095, 2078, 2086, 2094, 2087, 2101, 2096,
+       87, 2098, 2097, 2092, 2104, 2093, 2099,   87,   87, 2090,
+     2103, 2100,   87,   87, 2105, 2108,   87,   87,   87, 2091,
+     2095, 2106, 2102, 2094,   87, 2101, 2096, 2110, 2098, 2097,
+     2092,   87, 2093, 2099,   87, 2107,   87, 2103, 2100,   87,
+     2109,   87, 2108, 2111,   87, 2112, 2113, 2115, 2106, 2102,
+
+     2114, 2116,   87,   87,   87, 2117, 2119,   87, 2118, 2127,
+       87,   87, 2107, 2121,   87, 2120, 2128, 2109,   87,   87,
+     2111, 2122, 2112, 2113, 2115,   87,   87, 2114, 2116,   87,
+       87,   87, 2117, 2119, 2123, 2118, 2125, 2124, 2126,   87,
+     2121,   87, 2120,   87, 2130, 2131, 2129, 2133, 2122, 2132,
+     2135,   87,   87, 2137, 2138, 2136,   87, 2134,   87,   87,
+       87, 2123, 2141, 2125, 2124, 2126,   87, 2142,   87,   87,
+     4129, 2130, 2131, 2129, 2133,   87, 2132, 2139, 2140,   87,
+     2137, 2138,   87, 2144, 2134, 2143, 2153,   87,   87, 2141,
+     4129,   87, 4129, 2145, 2142, 2147,   87, 2146, 2151, 2149,
+
+     4129,   87, 2150, 2152, 2139, 2140, 2154, 2155,   87, 2148,
+     2144,   87, 2143, 2153, 2156, 2161, 2166,   87, 4129,   87,
+     2145,   87, 2147,   87, 2146, 2151, 2149,   87,   87, 2150,
+     2152,   87,   87, 2154, 2155, 2158, 2148, 2157, 2162, 2164,
+     2159, 2156, 2161,   87,   87, 2160, 2163, 2165,   87, 2167,
+       87,   87, 2168, 2169, 2171, 2170, 2172, 2173,   87, 2177,
+       87,   87, 2158, 2174, 2157, 2162, 2164,   87, 2175, 2178,
+       87, 2181,   87, 2163, 2165,   87, 2167,   87,   87,   87,
+     2176, 2171, 2170,   87, 2173,   87, 2179, 2182,   87, 2183,
+     2174,   87, 2180,   87, 2184, 2175, 2178,   87, 2186, 4129,
+
+     2185, 2187,   87,   87, 2188, 4129,   87, 2176,   87, 2194,
+       87, 2190, 2189, 2179, 2182, 4129, 2183,   87, 2191, 2180,
+     2192, 2184,   87,   87, 2193, 2186,   87, 2185, 2187,   87,
+     2195, 2188,   87,   87, 2196, 2197,   87,   87, 2190, 2189,
+     2206, 2198, 2199, 2200, 2203, 2191, 2201, 2192, 2204, 2202,
+     2205, 2193,   87,   87, 2207, 2210,   87, 2195,   87,   87,
+     4129, 2212, 4129, 2208,   87,   87,   87,   87, 2198, 2199,
+       87, 2203,   87, 2201,   87,   87, 2202, 2205, 2209, 2211,
+     2213, 2207,   87, 2217,   87, 2214,   87,   87, 2212, 2215,
+     2208, 2216,   87, 2218, 2226, 4129, 2222,   87, 2219, 2221,
+
+     2223,   87,   87, 4129, 2224, 2209, 2211, 2213, 2230, 2220,
+     2217,   87, 2214,   87,   87,   87, 2215, 2225, 2216,  175,
+     2218,   87,   87, 2222,   87, 2219, 2221, 2223, 2228,   87,
+     2227, 2224, 2229, 2232, 2231,   87, 2220, 2234,   87, 2236,
+       87, 2238, 2233,   87, 2225, 2235,   87, 2237,   87, 2241,
+     2239, 4129,   87, 2245,   87, 2228,   87, 2227,   87, 2229,
+     2232, 2231,   87,   87, 2234,   87, 2236, 2242, 2238, 2233,
+     2243, 2240, 2235, 2250, 2237, 2244, 2246, 2239,   87,   87,
+       87,   87,   87, 2247, 2248, 2249, 2252, 2251, 2254, 2255,
+       87, 2258, 2257, 4129, 2242, 2253,   87, 2243, 2240,   87,
+
+       87, 4129, 2244, 2246,   87,   87,   87,   87, 2256, 2278,
+     2247,   87, 2249, 2252, 2251,   87,   87,   87, 2258, 2257,
+       87, 2259, 2253,   87, 2260, 2261, 4129, 2262,   87,   87,
+     2266, 2263, 2265, 2264,   87, 2256,   87, 2267, 4129, 2268,
+     2269,   87, 4129, 4129, 2277,   87, 2275, 4129, 2259,   87,
+       87, 2260, 2261,   87, 2262,   87, 2270, 2266, 2263, 2265,
+     2264,   87,   87, 2272, 2267, 2273, 2268, 2269,   87, 2271,
+       87,   87, 2274, 2275,   87, 2279, 2276, 2281, 2280, 2289,
+     2283,   87, 4129, 2270, 2285,   87, 2282,   87,   87,   87,
+     2272,   87, 2273, 2284,   87, 2286, 2271, 2287, 2290, 2274,
+
+       87, 2288, 2279, 2276, 2281, 2280,   87, 2283,   87,   87,
+     2291, 2285, 2292, 2282, 2293, 2294, 2297,   87, 4129, 2299,
+     2284,   87, 2286, 2295, 2287,   87, 2296,   87, 2288,   87,
+     2301, 2298,   87, 2300, 2303, 4129, 2302, 2291, 2305,   87,
+       87, 2293, 2294,   87, 2304,   87, 2306, 2307,   87,   87,
+     2295,   87, 2308, 2296,   87, 2309,   87,   87, 2298, 2311,
+     2300, 2312,   87, 2302, 2317, 2305,   87, 2315,   87, 2314,
+     2310, 2304, 2313, 2306, 2307,   87,   87,   87, 2316, 2308,
+     2318,   87,   87, 2319,   87, 2324, 2311, 2327,   87,   87,
+       87, 2317,   87, 4129, 2315, 2325, 2314, 2310, 2330, 2313,
+
+       87, 2326,   87, 2339,   87, 2316, 2328, 2318,   87, 2320,
+     2321, 2322, 2324,   87, 2329,   87, 2323, 2331,   87,   87,
+     2335,   87, 2325, 2336,   87, 2330, 2332, 2334, 2326, 2337,
+     2338, 2333,   87, 2328, 2340,   87, 2320, 2321, 2322,   87,
+       87, 2329,   87, 2323, 2331,   87, 2341, 2335,   87, 2342,
+     2336, 2343,   87,   87, 2334, 2344, 2337, 2338,   87,   87,
+     2345, 2340,   87, 2346,   87, 2348,   87, 2347,   87, 2350,
+     2349, 2361, 2351, 2341,   87, 2352, 2342,   87, 2343, 2353,
+     2355, 2354, 2344, 2356, 2358,   87, 2357, 2345,   87, 2360,
+       87,   87, 2348, 2363, 2347,   87, 2350, 2349,   87, 2351,
+
+     2359,   87,   87,   87,   87, 2366,   87,   87, 2354, 2362,
+     2356,   87, 2364, 2357, 2368,   87, 2360, 2365,   87, 2367,
+     2363, 2373, 2369,   87, 2372,   87,   87, 2359, 4129, 2370,
+       87, 2376,   87, 2371,   87, 2377, 2362, 2374,   87, 2364,
+     2378, 2368,   87, 2375, 2365, 2381, 2367,   87,   87, 2369,
+       87, 2372, 2379, 2380,   87, 2384, 2370,   87, 2382,   87,
+     2371, 2383, 2377,   87, 2374, 2385, 2387, 2386, 2389,   87,
+     2375, 4129,   87,   87, 2388,   87, 2391,   87, 2393, 2379,
+     2380, 2392, 2390,   87,   87, 2382,   87,   87, 2383,   87,
+       87, 2396,   87, 2387, 2386, 2389,   87, 2394, 2395,   87,
+
+       87, 2388,   87, 2391, 2397, 2393,   87, 2398, 2392, 2390,
+     2399, 2400, 2402, 2401,   87, 4129, 2403,   87, 2396, 2409,
+     2404, 2407, 2410,   87, 2394, 2395,   87,   87,   87, 2405,
+     2408, 2397,   87, 2411, 2398,   87,   87, 2418, 2400,   87,
+     2401,   87,   87, 2403,   87, 2406, 2409, 2404, 2407,   87,
+     2412, 2413,   87, 2414, 2417,   87, 2405, 2408,   87, 2415,
+     2411,   87, 2416,   87, 2418, 2419, 2420, 2421, 2424, 2422,
+     2425, 2427, 2406, 4129, 2423,   87,   87, 2412, 2413,   87,
+     2414, 2417,   87, 2428,   87,   87, 2415, 2426,   87, 2416,
+       87, 2432,   87, 2420, 2421,   87, 2422, 2425, 2427, 2429,
+
+       87, 2423, 2430, 2433, 2431,   87,   87, 2434, 4129,   87,
+     2428,   87,   87, 2435, 2426, 2437, 4129, 2438, 2436,   87,
+     4129, 2440, 2441,   87, 2439, 2445, 2429, 2442, 2444, 2430,
+     2433, 2431,   87, 2446, 2434,   87, 2447, 2449,   87,   87,
+     2435, 2448,   87,   87, 2438, 2436, 2443,   87, 2440, 2441,
+       87, 2439,   87,   87, 2442, 2444, 2450, 2451,   87, 2452,
+       87, 2454, 2453, 2455, 2456, 2457, 2460, 2463,   87,   87,
+     2458, 2462, 2459, 2443,   87, 2465, 4129,   87,   87,   87,
+       87,   87, 2464, 4129, 2451, 2468, 2452,   87,   87, 2453,
+     2455, 2456, 2457,   87, 2463, 2461,   87, 2458,   87, 2459,
+
+       87, 2467,   87,   87,   87, 2466, 2469,  175,   87, 2464,
+     2470, 2471, 2468,   87, 2472, 2473, 2474, 4129, 2475,   87,
+     2476,   87, 2461, 2477, 2478,   87, 2479, 2480, 2467, 2482,
+     2484, 4129, 2466, 2469, 4129, 2483,   87, 2470, 2471,   87,
+       87, 2472,   87, 2474,   87, 2475, 2481,   87, 2485,   87,
+     2477,   87,   87,   87, 2480, 4129,   87, 2484,   87, 2486,
+     2487,   87, 2483, 2488, 2490, 2492, 2491, 2494, 2489,   87,
+     2493,   87, 2495, 2481, 2499, 2485, 4129,   87, 4129,   87,
+     2498, 2496,   87, 2504, 2501,   87, 2486, 2487,   87,   87,
+     2497, 2490, 2492, 2491, 2494,   87,   87, 2493,   87, 2495,
+
+     2500,   87,   87, 2502, 2503,   87,   87, 2498, 2496, 2505,
+       87, 2501, 2507, 2509, 2506, 2508,   87, 2497,   87, 2512,
+     2510,   87, 2511,   87, 4129,   87, 2513, 2500,   87, 2515,
+     2502, 2503,   87, 2516, 2514,   87, 2505, 2517,   87, 2507,
+     2520, 2506, 2508,   87,   87,   87,   87, 2510, 2518, 2511,
+     2519,   87,   87, 2513, 2521, 2522, 2515, 2523,   87,   87,
+     2516, 2514,   87,   87, 2517, 2525, 2527, 2520, 2524, 2529,
+     2526, 2528,   87, 4129, 2535, 2518,   87, 2519, 2530, 2531,
+       87, 2521, 2522,   87, 2523,   87,   87,   87,   87, 2532,
+       87, 2534, 2525, 2527, 2538, 2524,   87, 2526, 2528, 2533,
+
+       87, 2535,   87,   87, 2536, 2530, 2531, 2537, 2539, 4129,
+       87, 2540, 2543, 2549, 2542, 2545, 2532,   87, 2534, 2541,
+       87, 2538, 2546,   87,   87, 2544, 2533, 2547, 4129, 2548,
+     2550,   87, 2552,   87, 2537, 2539,   87,   87, 2540,   87,
+       87, 2542,   87,   87,   87,   87, 2541, 2551,   87, 2546,
+       87, 2553, 2544, 2554, 2547, 2555, 2548, 2550,   87, 2552,
+     2557, 2558, 2559, 2556, 2562,   87,   87,   87, 2563, 2561,
+     2565, 2560, 4129, 2564, 2551, 2566,   87,   87, 2553,   87,
+     2554,   87, 2555,   87,   87,   87,   87, 2557, 2558, 2559,
+     2556, 2562, 2572, 2567, 2597, 2563, 2561,   87, 2560,   87,
+
+     2564, 2574,   87, 2573, 2568, 2569, 2575,   87, 2570, 2576,
+     2577, 4129, 2579, 2581, 2578, 2582,   87,   87,   87, 2572,
+     2567, 2571, 4129, 2580, 4129, 2584,   87,   87, 2574,   87,
+     2573, 2568, 2569,   87,   87, 2570, 2576, 2577,   87, 2579,
+       87, 2578, 2582, 2585, 2583, 2586, 2588,   87, 2571,   87,
+     2580,   87, 2584, 2587,   87, 2590, 2589, 4129, 2591, 2593,
+     4129, 2594, 2592, 4129,   87, 2601,   87, 2595,   87,   87,
+     2585, 2583, 2586, 2588,   87,   87,   87,   87, 2599,   87,
+     2587, 2604, 2590, 2589,   87, 2591, 2593, 2600, 2594, 2592,
+     2596, 2598,   87, 2603, 2595, 2602,   87,   87,   87, 2605,
+
+       87, 2606, 2607,   87, 2608, 2599,   87, 2610, 2604, 2609,
+     2611,   87, 4129,   87, 2600,   87,   87, 2596, 2598, 2612,
+     2603,   87, 2602,   87, 2616, 2613, 2605, 2625, 2606, 2607,
+     2614, 2608,   87,   87, 2617, 2615, 2609, 2611, 2619,   87,
+       87, 2618,   87,   87, 2620, 2623, 2612, 2621, 2622, 2624,
+     4129, 2616, 2613,   87,   87, 2626,   87,   87, 2627,   87,
+     2628, 2617,   87, 2629,   87, 2619, 2631, 2632, 2618, 2630,
+     2635,   87, 2623,   87, 2621, 2622, 2624,   87,   87, 2636,
+     2640, 2633, 2626,   87, 2637, 2627, 2638, 2639, 4129, 2634,
+     4129, 4129,   87, 4129,   87,   87, 2630,   87,   87,   87,
+
+       87, 2642,   87, 4129, 2645,   87, 2636, 2640, 2633, 2641,
+       87, 2637,   87, 2638, 2639, 2646, 2634, 2643,   87, 2649,
+     2644,   87, 2647, 2650,   87, 2651, 2654, 2648, 2642,   87,
+     2653, 2645, 2660, 2655,   87,   87, 2641, 2652, 4129, 4129,
+       87,   87, 2646, 2659, 2643,   87, 2649, 2644,   87, 2656,
+     2650,   87, 2651, 2654,   87,   87, 2657, 2653, 2661,   87,
+     2655,   87, 2662,   87, 2652, 2663, 2664,   87, 2658, 2666,
+     2659,   87, 2667, 2669,   87,   87, 2656,   87, 2665, 2668,
+       87, 2672,   87, 2657,   87, 2661, 4129, 2670,   87, 2662,
+     2671, 2673, 2663, 2664, 2674, 2658, 2666,   87, 2675, 2667,
+
+     2669,   87,   87,   87, 4129, 2665, 2668,   87, 2672, 2676,
+     2678, 2679,   87,   87, 2670,   87, 2680, 2671, 2673, 2684,
+     2681, 2674, 2677, 2683, 2682, 2675,   87, 2685,   87,   87,
+       87,   87, 2686, 2687, 2689, 4129, 2676, 2678, 2679, 4129,
+     2688,   87,   87, 2680, 2690,   87,   87, 2681,   87, 2677,
+     2683, 2682, 2692, 2695, 2685, 2691, 2693,   87, 2699,   87,
+     2687, 2689, 2694,   87,   87, 2700,   87, 2688, 2696,   87,
+       87, 2690, 2697,  175, 2701, 2702, 2707, 2698, 2717, 2692,
+     2703, 2704, 2691, 2693, 2706,   87, 2712,   87,   87, 2694,
+       87, 2708, 2705,   87,   87, 2696,   87,   87,   87, 2713,
+
+     2714, 2701, 2702,   87,   87, 2709, 2711, 2703, 2704, 2716,
+       87, 2706, 2715,   87, 2721,   87, 2710,   87, 2708, 2705,
+     2720,   87, 2718,   87,   87,   87, 2713, 2714, 2719, 2723,
+       87, 2722, 2709, 2711,   87,   87, 2716, 2724, 2725, 2715,
+     2726, 2721,   87, 2710, 2727, 2728, 2729, 2720, 2730, 2718,
+       87,   87, 2731,   87, 2733, 2719,   87,   87, 2722,   87,
+     2734, 2732, 2735,   87, 2724,   87,   87, 2726,   87,   87,
+       87, 2727, 2728, 2729,   87, 2730, 2736, 2739, 2741, 2731,
+     2737, 2733, 4129, 2738,   87,   87, 2742, 2734, 2732, 2735,
+       87,   87, 2740, 2744, 2743, 2746,   87,   87, 2753,   87,
+
+     2751, 2748, 2745, 2736, 2739,   87,   87, 2737, 2747,   87,
+     2738,   87, 2750, 2742,   87,   87,   87,   87, 2749, 2740,
+     2744, 2743, 2746, 2752, 2754,   87,   87, 2751, 2748, 2745,
+     2755, 4129,   87, 2756,   87, 2747, 2757, 2759,   87, 2750,
+       87,   87, 2758,   87,   87, 2749,   87, 2760, 2761, 2764,
+     2752, 2754, 2762, 2763,   87,   87, 2766, 2755, 2765,   87,
+     2756, 4129, 2773, 2757, 2759, 2767, 2770,   87, 2768, 2758,
+     2769, 2771, 2774, 4129, 2760, 2761,   87,   87, 2775, 2762,
+     2763,   87,   87,   87, 2772, 2765, 2776,   87,   87,   87,
+     2778,   87, 2767, 2770,   87, 2768,   87, 2769, 2771, 2774,
+
+       87, 2777,   87,   87,   87, 2775, 2779, 4129, 2780, 2781,
+     4129, 2772, 2782, 2776, 2783, 2784, 2789, 2778, 2785, 2791,
+       87, 4129, 2787, 2795, 2786, 2788, 2796,   87, 2777, 2790,
+       87,   87, 2792, 2779,   87, 2780,   87,   87,   87, 2782,
+     4129,   87, 2784,   87, 2793, 2785, 2791, 2794,   87, 2787,
+       87, 2786, 2788,   87, 2797,   87, 2790, 2798,   87, 2792,
+     2799, 2800,   87, 2801, 2804, 2805, 2802,   87,   87, 2803,
+     2807, 2793, 2809, 2808, 2794, 2812,   87, 2806,   87,   87,
+       87, 2797,   87,   87, 2798,   87, 2810, 2799, 2800, 2811,
+     2801,   87,   87, 2802, 2813, 2814, 2803,   87,   87,   87,
+
+     2808, 2815,   87, 2816, 2806, 2817, 2819, 2818,   87, 4129,
+       87,   87, 2820, 2810, 2822, 2821, 2811,   87, 2823,   87,
+     2825,   87, 2814,   87, 2827,   87, 2829, 2824, 2815, 2826,
+     2816,   87, 2817,   87, 2818,   87,   87, 2828,   87, 2820,
+     2830, 2822, 2821, 2832, 2833,   87,   87,   87, 2834, 2835,
+       87, 2827,   87, 2829, 2824, 2831, 2826, 2836,   87, 2838,
+       87, 2839, 2844, 4129, 2828, 2837,   87, 2830, 2841,   87,
+       87, 2833, 2840,   87,   87, 2834, 2835, 2842, 2843,   87,
+       87,   87, 2831, 2845, 2836,   87,   87, 2847, 2846, 2844,
+       87, 2848, 2837,   87,   87, 2841,   87, 2849,   87, 2840,
+
+     2850, 4129, 4129, 2858, 2842, 2843, 2859, 2862, 2855, 4129,
+       87, 2856, 2851,   87, 2847, 2846,   87, 4129, 2848,   87,
+       87, 2852, 2860,   87, 2849, 2857, 2868, 2850, 2853, 2854,
+       87, 2861, 2863, 2859, 2862, 2855,   87,   87, 2856, 2851,
+     2866,   87,   87, 2867,   87, 2864, 2865,   87, 2852, 2860,
+     2872,   87, 2857, 2868, 2869, 2853, 2854,   87, 2861, 2863,
+     2873,   87, 2874, 2875, 2876, 2878,   87, 2866, 4129, 2870,
+     2867, 2871, 2864, 2865, 2877,   87,   87, 2879,   87,   87,
+     2881, 2869,   87,   87,   87,   87,   87, 2873, 2880, 2874,
+     2875, 2876, 2878, 2882,   87, 2883, 2870, 2884, 2871, 2885,
+
+     2886, 2877,   87, 2887, 2879, 2888,   87, 2881, 4129, 2891,
+     4129, 2892,   87, 2890, 4129, 2880, 2894,   87,   87,   87,
+     2882,   87, 2883, 2889, 2884,   87, 2885, 2886, 2895,   87,
+     2893, 2898, 2896,   87, 4129,   87, 2899,   87, 2892, 2897,
+     2890,   87,   87, 2894, 2900, 2903,   87, 2901, 2902,   87,
+     2889, 2904,   87, 2905,   87, 2895,   87, 2893, 2898, 2896,
+     2906,   87,   87, 2899, 2908,   87, 2897,   87, 2909, 2910,
+     2911, 2900, 2907, 2913, 2901, 2902,   87,   87, 2912,   87,
+     2905, 2914,   87,   87, 2915, 4129, 2916, 2906, 2917,   87,
+     2922, 2908, 2920, 2921,   87, 2909,   87, 2911, 4129, 2907,
+
+     2913,   87,   87,   87,   87, 2912,   87, 2918, 2914, 2919,
+      175, 2915,   87, 2916,   87, 2917, 2923,   87, 2926, 2920,
+     2921, 2924, 2925, 2928, 2927, 2933, 4129, 2931,   87, 2932,
+     2929, 4129, 2930, 4129, 2918, 4129, 2919,   87,   87,   87,
+       87,   87,   87, 2923,   87, 2926,   87,   87, 2924, 2925,
+     2928, 2927, 2933,   87, 2931, 2934, 2932, 2929, 2935, 2930,
+     2936, 2937,   87, 2938, 2939, 2940, 2945, 2941, 2942, 4129,
+     2946, 4129,   87, 2943, 2944,   87,   87, 2948, 4129, 2950,
+     4129, 2947, 2934, 2952, 4129, 2935, 2956, 2936,   87, 4129,
+       87,   87, 2940,   87, 2941,   87,   87,   87,   87,   87,
+
+     2943, 2944,   87, 2949,   87,   87, 2950, 2951, 2947,   87,
+     2952, 2953, 2954, 4129, 2955, 2957,   87, 2961,   87, 4129,
+       87, 2958,   87, 2959,   87, 2960, 4129, 2964,   87, 2962,
+     2949, 2963, 4129, 2968, 2951, 2978, 4129, 2965, 2953, 2954,
+       87, 2955, 2957,   87,   87,   87,   87, 2967, 2958,   87,
+     2959,   87, 2960,   87, 2964,   87, 2962, 2969, 2963, 2966,
+       87, 2970, 2971, 2974, 2965, 2972,   87,   87, 2973,   87,
+       87,   87,   87, 2975, 2967,   87,   87, 2977, 2976, 2984,
+     2979, 4129, 2980,   87, 2969,   87, 2966,   87, 2970, 2971,
+     2974, 2981, 2972, 2982, 2983, 2973,   87, 2988, 2992,   87,
+
+     2975,   87, 2985,   87, 2977, 2976, 2984, 2979,   87, 2980,
+       87, 2986, 2989,   87, 2990, 2991, 2987, 2993, 2981,   87,
+     2982, 2983,   87, 2995,   87,   87, 2994,   87, 2996, 2985,
+       87, 2997, 3000,   87, 2998, 4129, 2999,   87, 2986, 2989,
+     3001, 2990, 2991, 2987,   87,   87,   87,   87,   87,   87,
+     2995, 3002, 3003, 2994, 4129, 2996,   87, 3004, 2997, 3000,
+     3006, 2998,   87, 2999,   87, 3007,   87, 3001, 3005,   87,
+     3008, 3010, 3011, 3013, 3009,   87, 3014, 4129, 3002, 3003,
+     3016,   87, 3012, 3018, 3004, 3015,   87, 3006,   87,   87,
+       87,   87, 3007,   87,   87, 3005, 3020, 3017,   87, 3011,
+
+     3013, 3009,   87,   87,   87,   87, 3021, 3016,   87, 3012,
+     3018, 3022, 3015, 3019,   87,   87, 3025,   87, 3026, 3023,
+     3024, 3027,   87, 3020, 3017, 3028, 4129, 4129, 3029, 3031,
+     4129, 3033,   87, 3021,   87, 3032, 3034, 3030, 3022,   87,
+     3019,   87,   87,   87, 3035,   87, 3023, 3024,   87, 3037,
+     3036, 3039, 3028,   87,   87, 3029, 3031,   87, 3033,   87,
+       87, 3038, 3032, 3034, 3030,   87, 3040, 3041, 3043,   87,
+     3042, 3035,   87, 3044, 3045, 4129,   87, 3036, 3039,   87,
+       87, 3047, 3048, 3058, 3046, 4129, 3049,   87, 3038, 4129,
+     3051, 3050,   87, 3040, 4129, 3043, 3052, 3042,   87,   87,
+
+       87, 3045,   87,   87, 3057,   87, 3056,   87, 3047, 3048,
+       87, 3046,   87, 3049,   87,   87, 3053, 3051, 3050, 3054,
+     3055, 3061, 3059, 3052,   87, 3060, 3062,   87, 3063, 3064,
+       87, 3057, 3065, 3056,   87, 4129, 3068, 3072, 3066,   87,
+       87, 4129, 3067, 3053,   87,   87, 3054, 3055, 3061, 3059,
+       87,   87, 3060, 3062,   87, 3063, 3064,   87,   87, 3065,
+     3069, 3070, 3071, 3068,   87, 3066, 3073,   87,   87, 3067,
+     3074, 3075, 3076, 3079, 4129, 3077, 3078, 3084,   87, 4129,
+     3081, 4129,   87, 3080,   87, 3082, 4129, 3069, 3070, 3071,
+       87, 3083,   87, 3073, 3086, 4129, 3090,   87,   87,   87,
+
+     3079,   87, 3077, 3078, 3084,   87,   87, 3081, 3085,   87,
+     3080,   87, 3082, 3087, 3089,   87, 3088,   87, 3083, 3091,
+       87, 3086,   87,   87, 3092,   87, 3093,   87, 3094, 3095,
+     3096, 3099, 3097, 3098, 4129, 3085, 3103, 3105,   87, 3100,
+     3087, 3089, 3101, 3088,   87,   87, 3091, 3102,   87,   87,
+     3104,   87,   87,   87,   87, 3094,   87, 3096, 3099, 3097,
+     3098,   87, 3108,   87,   87, 3107, 3100, 3110,   87, 3101,
+     3106,   87,   87, 3111, 3102, 3109,   87, 3104,   87, 3113,
+       87, 3112, 3114, 3115,   87, 3116, 3117, 3118, 4129, 3108,
+     3121,   87, 3107, 3119, 3110,   87,   87, 3106,  175,   87,
+
+     3111, 3123, 3109, 3124,   87,   87, 3113,   87, 3112, 3114,
+     3115,   87, 3116, 3117, 3118, 3120, 3122, 3121, 3125, 3127,
+     3119,   87,   87,   87,   87, 3126, 3128, 3130, 3123, 3129,
+       87, 3131,   87, 3133, 4129, 3132, 4129, 3134, 4129, 3135,
+     4129, 3136, 3120, 3122, 4129, 3125, 3127, 3138,   87,   87,
+       87,   87, 3126, 3128,   87,   87, 3129, 4129,   87,   87,
+     3133, 3137, 3132,   87, 3134,   87, 3135,   87, 3136, 3139,
+       87, 3140, 3141, 3142, 3138, 3143, 3146,   87, 3144,   87,
+       87, 3148,   87,   87, 3145,   87, 3147, 3153, 3137, 3152,
+     3149,   87, 3150,   87,   87, 3151, 3139,   87, 3140, 3141,
+
+     3142,   87, 3143, 3146,   87, 3144,   87, 3154, 3148, 3157,
+       87, 3145, 3155, 3147, 3153,   87, 3152, 3149, 3156, 3150,
+     3158, 3160, 3151,   87, 3159,   87, 3161,   87, 3162, 3163,
+     3164, 3165, 3166, 3168,   87,   87, 3157,   87,   87, 3155,
+     3167,   87,   87,   87,   87, 3156, 3169,   87,   87,   87,
+       87, 3159, 3170, 3161,   87, 3162, 3163, 3164, 3165, 3166,
+     3168, 3171, 3172, 3173, 3174, 3175, 3177, 3167, 3176, 3178,
+     3179, 3180,   87, 3169, 3181,   87, 4129,   87, 3186, 3170,
+     4129, 3187,   87,   87,   87, 3182, 3183,   87, 3171, 3172,
+       87,   87, 3175, 3177,   87, 3176,   87,   87,   87, 3184,
+
+       87, 3181, 3185,   87, 3188, 3186, 3191,   87,   87, 3189,
+     3190,   87, 3182, 3183, 3192,   87,   87,   87, 3193, 3195,
+     3194, 3196,   87, 3198, 3197,   87, 3184, 3199, 3200, 3185,
+       87, 3188, 3201, 3191, 3202,   87, 3189, 3190, 3204, 3207,
+       87, 3192,   87, 4129,   87, 3193, 3195, 3194,   87,   87,
+       87, 3197,   87,   87, 3199,   87, 3203, 3206, 3209, 3201,
+     3205, 3202, 3208, 3210,   87, 3204,   87,   87, 3211,   87,
+       87, 3212, 3213, 3214, 3215, 3218,   87, 3217,   87,   87,
+       87,   87, 3216, 3203, 3206, 3209,   87, 3205, 3221, 3208,
+     3210, 3219, 3224, 3220,   87, 3211, 3222,   87, 3212, 3213,
+
+     3214,   87,   87, 3225, 3217,   87, 3226,   87,   87, 3216,
+     3223,   87, 3230,   87, 3227, 3221, 3231, 3228, 3219, 3224,
+     3220, 3229,   87, 3222,   87, 3235,   87, 3234,   87, 3241,
+     3225,   87, 4129,   87,   87,   87, 3236, 3223, 3239, 3230,
+     3242, 3227, 3237,   87, 3228, 3232, 3233,   87, 3229,   87,
+       87, 3240, 3235, 3238, 3234,   87,   87,   87,   87,   87,
+     3244,   87, 3245, 3236, 3243, 3239, 3246, 3242, 3247, 3237,
+     3248, 4129, 3232, 3233, 3249, 3251,   87, 3252, 3240, 3254,
+     3238, 3250,   87,   87, 3255, 3257,   87, 3244,   87, 3245,
+       87, 3243,   87,   87, 3256, 3247,   87,   87, 3253,   87,
+
+     3259, 3249, 3251,   87, 3252,   87,   87, 3266, 3250, 3258,
+     3260, 3255, 3257, 3263,   87, 3261, 3262, 3264, 4129, 3267,
+       87, 3256, 3269, 3265,   87, 3253,   87,   87, 4129,   87,
+       87,   87, 3270, 3268,   87,   87, 3258, 3260, 3272, 3271,
+     3263,   87, 3261, 3262, 3264,   87, 3267, 3273, 3274,   87,
+     3265,   87, 3276, 3277,   87, 3275, 3278, 4129, 4129, 3270,
+     3268,   87, 3279,   87, 3280, 3272, 3271,   87,   87,   87,
+       87, 3282,   87, 3281, 3273, 3274, 3283, 3284, 3285, 3276,
+     3277, 3288, 3275, 3278,   87,   87,   87, 3286, 3287, 3279,
+       87, 3280, 3289, 3291, 3290, 3293,   87, 3292,   87,   87,
+
+     3281, 3294,   87,   87, 3284, 3285,   87, 3295,  175,   87,
+     3297, 3299,   87, 3296, 3286, 3287,   87, 3300, 3298, 3289,
+     3291, 3290, 3301,   87, 3292, 3302,   87,   87, 3294,   87,
+       87, 3305, 3303,   87, 3295, 3304,   87, 3297, 3299, 3306,
+     3296, 3311, 3309, 3310,   87, 3298,   87,   87,   87,   87,
+     3307, 3312, 3302, 3313,   87, 3308, 4129, 3314,   87, 3303,
+     3316, 3317, 3304,   87,   87,   87, 3306, 3315, 3311, 3309,
+     3310, 3318, 3320,   87, 3321, 3319,   87, 4129,   87,   87,
+     3313,   87,   87,   87, 3314, 3322, 3323, 3316, 3317,   87,
+       87, 3324, 3326, 3327, 3315, 3325, 3328, 4129, 3318, 3329,
+
+     4129,   87, 3319, 3330,   87, 3331,   87,   87, 3339, 3336,
+     4129,   87, 3322, 3323,   87,   87, 3334,   87,   87, 3326,
+     3327,   87, 3325, 3328, 3332,   87, 3329,   87, 3333, 3335,
+     3330, 3337, 3331,   87,   87,   87, 3336, 3338, 3342, 3340,
+       87, 3341,   87, 3334, 3343, 3344, 3347,   87, 3348,   87,
+       87, 3332, 3345,   87,   87, 3333, 3335, 3349, 3337,   87,
+       87,   87, 3346, 3351, 3338,   87, 3340, 3352, 3341,   87,
+       87, 3343, 3344, 3347, 3350,   87, 3353,   87, 3355, 3345,
+     3354,   87,   87, 3356, 3349,   87, 3357, 3361, 3359, 3346,
+     3351, 3358,   87, 3362, 3352,   87,   87, 3360, 3363,   87,
+
+       87, 3350,   87, 3353,   87, 3355, 3364, 3354,   87, 3365,
+     3356,   87, 3366,   87, 3361, 3359,   87, 3369, 3358, 3367,
+     3362, 3368, 4129, 3370, 3360,   87, 3371,   87, 3375, 3372,
+       87,   87, 3373, 3364, 3374, 3376, 3377, 4129, 3379, 3378,
+     4129,   87,   87, 3381,   87,   87, 3367,   87, 3368,   87,
+       87, 3380,   87, 3371,   87, 3375, 3372, 3382, 3384, 3373,
+       87, 3374,   87, 3377,   87, 3379, 3378,   87, 3383,   87,
+       87, 3385, 3386, 3387, 3389, 3388, 3392, 3390, 3380, 3394,
+       87,   87,   87, 3391, 3382, 3384, 3393,   87,   87, 3395,
+       87, 3396,   87,   87,   87, 3383, 3397, 3399, 3385, 3386,
+
+     3387, 3389, 3388,   87, 3390,   87,   87, 3398, 3400, 3402,
+     3391, 3403, 3404, 3393, 3401,   87,   87, 3405,   87,   87,
+     3407,   87, 3406, 3397, 3399, 3408,   87,   87, 3410,   87,
+     3411,   87,   87, 3409, 3398,   87, 3402,   87, 3403, 3412,
+       87, 3401, 3413, 3414,   87, 3415, 3417, 3407, 3416, 3406,
+     3420, 3419, 3408, 3421,   87, 3410, 3418,   87,   87,   87,
+     3409, 3422,   87, 3424, 3423,   87,   87,   87, 3425,   87,
+     3414, 3428, 3415,   87, 3427, 3416,   87,   87, 3419,   87,
+     3421, 3429,   87, 3418, 3426, 3434, 3430,   87,   87, 3431,
+       87, 3423, 3433,   87, 3432, 3425, 3435, 3436, 3439, 3440,
+
+     3438, 3427, 3437,   87,   87,   87,   87, 3441,   87,   87,
+     3442, 3426, 3443, 3430, 3444, 4129,   87,   87,   87, 3433,
+     3445,   87,   87, 3435, 3447, 3439, 3440, 3438,   87,   87,
+     3446, 3448, 3449, 3451, 3441, 3450, 3453, 3452,   87, 4129,
+     3455, 3454,   87, 4129,   87, 4129,   87, 3445, 3460, 3458,
+     3463,   87,   87,   87,   87,   87, 4129, 3446,   87, 3449,
+     3451,   87, 3450, 3453, 3452,   87,   87, 3455, 3454, 3456,
+     3457,   87, 3459, 3461, 3462,   87, 3458,   87, 3464,   87,
+       87,   87, 3465, 3469, 3468, 3467, 3475,   87, 3470, 3472,
+     3466,   87,   87, 3471, 3473, 3474, 3456, 3457,   87, 3459,
+
+     3461, 3462,   87,   87, 3476, 3464,   87, 3477, 3481, 3465,
+     3469, 3468, 3467,   87, 3478, 4129, 3479, 3466, 3480,   87,
+       87,   87, 3474, 3487, 3482, 3483, 3484,   87, 3486, 3485,
+       87, 3476,   87,   87, 3477, 3481,   87, 3488, 3490, 3495,
+       87, 3478,   87, 3479,   87, 3480,   87,   87,   87, 3489,
+     3487, 3482, 3483, 3484, 3491, 3486, 3485,   87, 3496,   87,
+       87, 3492, 3493, 3494, 3488, 3490,   87, 3497,   87,   87,
+       87, 3498,   87, 3499, 3500, 3501, 3489, 3502, 3503, 3504,
+     3505, 3491, 3508,   87, 3511,   87,   87, 3506, 3492, 3493,
+     3494,   87, 3509,   87, 3497,   87, 3507,   87, 3498,   87,
+
+       87, 3500, 3501, 3510, 3502,   87, 3504,   87, 3512,   87,
+       87,   87, 3515, 3513, 3506, 3514, 3516, 3519,   87, 3509,
+     3518,   87, 3517, 3507,   87,   87,   87, 3522, 3523, 3521,
+     3510,   87, 3520, 3524,   87, 3512, 3525, 3526,   87,   87,
+     3513,   87, 3514,   87, 3519,   87, 3527, 3518,   87, 3517,
+       87, 3529, 3532, 3528, 3522,   87, 3521, 3530,   87, 3520,
+       87, 4129, 4129, 3525, 3526,   87, 3531, 3533, 3536, 3534,
+     3535, 3537, 3538, 3527,   87, 3539,   87, 3542, 3529, 3532,
+     3528,   87,   87,   87, 3530,   87,   87, 3540,   87,   87,
+       87, 3543, 3544, 3531, 3533, 3536, 3534, 3535,   87, 3538,
+
+       87, 3541,   87,   87, 3542, 3545, 3546, 3547, 3548, 3549,
+       87, 3552, 3550, 3551, 3540, 3554, 4129, 4129,   87,   87,
+       87,   87,   87,   87, 3555, 3556, 3553, 3558, 3541, 3557,
+       87,   87, 3545, 3561, 3547, 3548, 3549, 3559,   87, 3550,
+     3551,   87, 3554,   87, 3560,   87,   87,   87, 3562,   87,
+     3563, 3555, 3556, 3553, 3558,   87, 3557,   87, 3564,   87,
+     3561, 3565,   87,   87, 3559, 3566, 3567, 3568, 3569, 3570,
+     3572, 3560, 3571, 3573, 3575, 3562,   87, 3563,   87,   87,
+     3574,   87, 3576, 3577,   87, 3564,   87, 3579, 3565, 3578,
+     3585, 4129,   87,   87,   87, 3569, 3570, 3572, 3581, 3571,
+
+     3573, 3583,   87, 3580, 3587,   87,   87, 3574, 3584,   87,
+     3577,   87,   87,   87,   87, 3582, 3578,   87, 3586, 3589,
+       87,   87,   87,   87, 3588, 3581, 3590, 3593, 3583, 3591,
+     3580,   87, 3592, 3596, 4129, 3584, 3595, 3594, 3597,   87,
+       87,   87, 3582,   87, 3598, 3586, 3589,   87,   87,   87,
+     3600, 3588,   87, 3590, 3593,   87, 3591, 3602,   87, 3592,
+       87, 3599, 3601, 3595, 3594, 3597, 3603, 3604,   87, 3605,
+     3607, 3598, 3606,   87,   87,   87, 3608, 3600, 3609,   87,
+       87, 3611, 3610,   87, 3602,   87,   87, 3613, 3599, 3601,
+       87,   87, 3614, 3603, 3604, 3619, 3605, 3607, 3615, 3606,
+
+       87, 3612,   87, 3608,   87, 3609,   87, 3616, 3611, 3610,
+     3618, 3620, 3617, 3621,   87, 3622,   87, 3623, 3624,   87,
+     3625,   87, 3619,   87, 3626, 3615, 3627, 3629, 3612,   87,
+     3628,   87, 3630, 3633, 3632,   87, 3631, 3618,   87,   87,
+       87,   87, 3622,   87, 3623,   87, 3634, 3625,   87,   87,
+       87, 3626,   87, 3627, 3629, 3635, 3636, 3628, 3637,   87,
+     3639, 3632, 3638, 3631,   87,   87,   87, 3642, 3640, 3641,
+     3649, 3644, 3645, 3634,   87,   87, 3643,   87, 3648, 3647,
+       87,   87,   87, 3636,   87, 3637, 3646, 3639,   87, 3638,
+     3651, 3655,   87, 3652, 3642, 3640, 3641,   87, 3644, 3645,
+
+       87, 3650,   87, 3643, 3653,   87, 3647, 3656,   87,   87,
+     3654,   87, 3657, 3646, 3658,   87, 3659, 3661,   87, 3663,
+     3652,   87,   87, 3664,   87, 3666,   87, 3662, 3650, 3667,
+     3665, 3653, 3668,   87,   87, 3660,   87, 3654,   87, 3657,
+       87, 3658, 3669,   87, 3661,   87, 3663, 3670, 3671, 3672,
+     3679, 3675, 3666, 3673, 3662,   87, 3667, 3665, 3674,   87,
+       87, 3676, 3660, 3677,   87, 3678,   87, 3680,   87, 3669,
+       87, 3681, 3682,   87,   87, 3671, 3672,   87, 3675, 3684,
+     3673, 3685,   87, 3686,   87, 3674, 3691,   87, 3676, 3687,
+     3677, 3683, 3678, 3688,   87,   87, 3692,   87, 3681, 3696,
+
+       87,   87, 3689, 3690,   87,   87, 3684, 3694,   87,   87,
+     3686,   87,   87,   87, 3695, 3693, 3687, 3699, 3683, 3697,
+     3698, 3700, 3701, 3692,   87,   87,   87,   87,   87, 3689,
+     3690,   87, 3702, 3703, 3694,   87, 3705, 3704, 3706, 3707,
+     3708, 3695, 3693, 3709, 3699, 3710, 3697, 3698,   87,   87,
+       87,   87, 3711, 3714, 3712,   87, 3713,   87,   87,   87,
+     3703,   87, 3715, 3705, 3704,   87,   87,   87,   87, 3716,
+     3709, 3717, 3710, 3718, 3719, 3722, 4129, 3726, 3720,   87,
+       87, 3712,   87, 3713,   87,   87,   87, 3721, 3727, 3715,
+     3723, 3724, 3725,   87, 3732,   87,   87,   87, 3717,   87,
+
+       87,   87, 3722,   87, 3726, 3720, 3728,   87, 3729, 3730,
+     3733, 3736,   87, 3731, 3721,   87,   87, 3723, 3724, 3725,
+       87, 3732,   87, 3734, 3735, 3737, 3739, 3738, 3740, 3744,
+       87,   87, 3741, 3728,   87, 3729, 3730,   87,   87,   87,
+     3731,   87, 3742, 3750, 3751, 3747, 3743, 4129,   87, 3745,
+     3734, 3735, 3737, 3739, 3738,   87,   87, 3748, 3746, 3741,
+       87,   87, 3749, 3754, 3752,   87,   87,   87,   87, 3742,
+       87,   87, 3747, 3743, 3753, 3755, 3745, 3756, 3757,   87,
+     4129, 3758, 4129, 3760, 3748, 3746,   87,   87, 4129, 3749,
+       87, 3752, 3759, 3761, 4129,   87,   87, 3765, 3766,   87,
+
+     3762, 3753, 3755,   87, 3756,   87,   87,   87, 3758, 3763,
+     3760, 3764,   87,   87, 3767,   87,   87, 4129, 3768, 3759,
+     3761, 3769, 3770,   87, 3765, 3766, 3777, 3762, 3771, 4129,
+       87, 3774,   87,   87, 3773,   87, 3763, 3772, 3764,   87,
+       87, 3767,   87,   87,   87, 3768, 3775, 3776, 3769, 3770,
+     3778, 3781, 3780, 3777, 3779, 3771,   87, 3785, 3774,   87,
+     3782, 3773, 3783, 4129, 3772, 3786, 3784, 3787, 3788,   87,
+     4129,   87,   87, 3775, 3776, 3791,   87, 3778, 3790, 3780,
+     3793, 3779,   87,   87, 3785, 3789, 3792, 3782,   87, 3783,
+       87,   87,   87, 3784,   87, 3788, 3794,   87, 3795, 3796,
+
+       87, 3797,   87, 3798, 3799, 3790, 3802, 3793,   87,   87,
+       87, 3805, 3789, 3792, 3800, 3801, 3803, 3804, 3813, 3806,
+     3808, 3807, 3809,   87, 3810, 3795,   87, 3811, 3797, 3812,
+     3814,   87,   87,   87,   87, 3815, 3816,   87, 3805,   87,
+     4129,   87, 3818,   87, 3817,   87, 3806,   87, 3807, 3809,
+       87, 3810, 3819, 3821,   87,   87,   87, 3820, 3822, 3823,
+       87, 3824,   87, 3816, 3825,   87, 3829,   87, 3826,   87,
+     3827, 3817,   87,   87, 3828,   87, 3835, 3833, 3830,   87,
+     3821,   87, 3836,   87, 3820, 3822, 3823, 3831,   87,   87,
+     3834, 3825, 3837, 3829,   87, 3826,   87, 3827, 3832,   87,
+
+       87, 3828,   87,   87, 3833, 3830, 3838,   87, 3839, 3836,
+     3840, 3841,   87, 3848, 3831, 3842,   87, 3834,   87, 3837,
+     3849, 3843,   87, 3844, 3846, 3832, 3845,   87, 3850, 3847,
+     3851, 3855, 3852,   87, 4129,   87,   87,   87, 3841, 3853,
+       87,   87, 3842,   87, 3854,   87, 3856, 3849, 3843, 3857,
+     3844, 4129,   87, 3845,   87, 3850,   87, 3851,   87, 3852,
+     3858,   87, 3859, 3860, 3861, 3862, 3853, 3863, 3864, 3865,
+       87, 3854, 3867, 3868, 3869,   87, 3857, 3870,   87, 3866,
+       87,   87, 3871, 3872, 3873, 3874,   87,   87, 3875,   87,
+     3860, 3861,   87, 3876, 3863,   87,   87,   87, 3878, 3867,
+
+       87,   87, 3877,   87,   87, 3879, 3866, 3880, 3882,   87,
+       87,   87,   87, 3884,   87,   87,   87, 3881, 3883, 3886,
+       87, 3888, 4129, 3887,   87, 3878, 3889, 3885, 3891, 3877,
+       87,   87,   87,   87, 3880, 3882,   87, 3890, 3893,   87,
+     3884,   87, 3895, 3892, 3881, 3883,   87, 3894, 3888,   87,
+     3887,   87, 3896, 3889, 3885,   87,   87, 3897, 3898,   87,
+     3899, 3901, 3904, 3900, 3890,   87, 4129,   87, 3903, 3895,
+     3892, 3902, 3908,   87, 3894,   87, 3906,   87, 3909, 3896,
+     3905,   87, 3907,   87, 3897, 3898,   87,   87,   87, 3904,
+     3900,   87, 3910,   87, 3911, 3903,   87, 3913, 3902, 3908,
+
+     3912, 3914,   87, 3906, 3915,   87,   87, 3905,   87, 3907,
+       87, 3916,   87, 3917, 3918, 4129,   87, 3919, 3942, 3910,
+     3922, 3911, 3920,   87, 3913,   87,   87, 3912, 3914,   87,
+     3921, 3915, 3923, 3924, 3925, 4129,   87,   87, 3916, 3926,
+     3917, 3918,   87,   87, 3919, 3927, 3932, 3922, 3933, 3920,
+       87,   87,   87,   87, 3928, 3929,   87, 3921, 3930, 3923,
+     3924, 3925,   87, 3931,   87, 3934, 3926,   87, 3935, 3937,
+     3936, 3938, 3927,   87,   87,   87, 3939,   87, 3945, 3940,
+     3941, 3928, 3929,   87, 3943, 3930, 3944,   87,   87, 3946,
+     3931,   87,   87,   87,   87,   87, 3937, 3936, 3938, 3948,
+
+       87, 3949,   87, 3939, 3950, 3945, 3940, 3941, 3947, 3951,
+     3952, 3943,   87, 3944,   87,   87, 3946, 3953,   87,   87,
+       87,   87, 3954, 3955, 3956,   87, 3948, 3958, 3949, 3962,
+     3957, 3950, 3959,   87,   87, 3947, 3951, 3952, 3960,   87,
+     3961,   87, 4129, 3966, 3953, 4129, 3963,   87,   87, 3954,
+     3955, 3956,   87,   87, 3958, 3964,   87, 3957, 3965, 3959,
+       87, 3967, 3969, 3968, 3971, 3960, 3972, 3961,   87,   87,
+       87,   87,   87, 3963, 3974, 3976, 3970, 3973, 3975,   87,
+     3977,   87, 3964,   87,   87, 3965,   87, 3978, 3967, 3969,
+     3968, 3971, 3979, 3972, 3980, 3981,   87, 4129, 3982,   87,
+
+     3984,   87, 3976, 3970, 3973, 3975,   87,   87, 3983,   87,
+     3985, 3986, 3992, 3989, 3978,   87, 3991, 3988,   87, 3979,
+     3993,   87,   87, 3990,   87, 3982, 3987, 3984,   87,   87,
+     3995,   87,   87,   87,   87, 3983,   87, 3985, 3986, 3992,
+     3996, 3994, 3997, 3991, 3988,   87, 3998,   87,   87, 3999,
+     3990, 4001, 4000, 3987, 4002, 4003, 4004,   87,   87, 4007,
+     4005, 4009, 4006, 4008, 4016, 4012, 4017,   87, 3994,   87,
+       87,   87,   87,   87,   87,   87, 3999,   87,   87, 4000,
+     4013, 4002,   87,   87, 4011, 4014,   87, 4005, 4009, 4006,
+     4008, 4010,   87,   87,   87, 4015,   87, 4018,   87, 4019,
+
+     4020, 4021, 4022,   87,   87, 4023,   87, 4013,   87, 4024,
+       87, 4011, 4014,   87, 4027, 4030, 4032, 4029, 4010, 4025,
+       87,   87, 4015,   87, 4018, 4026, 4019, 4020, 4021,   87,
+       87,   87,   87, 4028, 4031, 4034, 4024,   87, 4129,   87,
+       87, 4027,   87, 4032, 4029,   87, 4025, 4033, 4035, 4036,
+     4037, 4038, 4026, 4129,   87, 4041,   87,   87, 4039,   87,
+     4028, 4031, 4034,   87,   87, 4040, 4042, 4043, 4051, 4049,
+     4044, 4048,   87,   87, 4033, 4035, 4036, 4037, 4038,   87,
+       87, 4045,   87, 4047, 4050, 4039, 4046,   87,   87,   87,
+     4052,   87, 4040, 4042, 4043,   87,   87, 4044, 4048, 4053,
+
+       87, 4054, 4055, 4057, 4056, 4070,   87, 4058, 4045, 4060,
+     4047, 4050,   87, 4046,   87, 4059,   87, 4052, 4061, 4062,
+     4063,   87,   87,   87,   87, 4065, 4053, 4129, 4054, 4055,
+     4064, 4056,   87, 4067, 4058,   87, 4060,   87, 4073,   87,
+     4074,   87, 4059, 4066, 4075,   87, 4062,   87,   87, 4076,
+     4068,   87, 4065,   87, 4069, 4071, 4077, 4064,   87, 4072,
+     4067, 4078,   87,   87, 4082,   87, 4079,   87, 4081, 4080,
+     4066,   87,   87,   87, 4085,   87, 4076, 4068,   87, 4083,
+     4084, 4069, 4071, 4077,   87, 4087, 4072,   87,   87, 4086,
+       87, 4082, 4088, 4079,   87, 4081, 4080, 4089,   87,   87,
+
+       87, 4085, 4090, 4129, 4092, 4091, 4083, 4084, 4093, 4129,
+     4129,   87, 4087,   87, 4094,   87, 4086, 4095, 4096, 4088,
+     4097, 4098, 4129, 4129, 4089, 4100,   87, 4099,   87, 4090,
+       87, 4092, 4091, 4101,   87, 4093,   87,   87, 4102, 4103,
+     4105, 4094, 4107, 4104, 4095, 4096, 4109,   87,   87,   87,
+       87,   87, 4100, 4106, 4099, 4108, 4110, 4114,   87,   87,
+       87,   87,   87,   87, 4111, 4102, 4103, 4105,   87,   87,
+     4104, 4112,   87, 4109, 4113, 4129, 4117, 4115,   87,   87,
+     4106, 4116, 4108, 4110,   87,   87, 4118, 4119, 4120,   87,
+     4121, 4111, 4122, 4129, 4123, 4127, 4124, 4125, 4112, 4128,
+
+       87, 4113,   87, 4117, 4115,   87, 4129,   87, 4116, 4129,
+     4129, 4129,   87,   87, 4119,   87,   87,   87,   87, 4122,
+     4126, 4123,   87, 4124, 4125, 4129,   87, 4129,   87, 4129,
+     4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129,
+     4129, 4129, 4129, 4129, 4129, 4129, 4129, 4126,   48,   48,
+       48,   48,   48,   48,   48,   53,   53,   53,   53,   53,
+       53,   53,   58,   58,   58,   58,   58,   58,   58,   64,
+       64,   64,   64,   64,   64,   64,   69,   69,   69,   69,
+       69,   69,   69,   75,   75,   75,   75,   75,   75,   75,
+       81,   81,   81,   81,   81,   81,   81,   90,   90, 4129,
+
+       90,   90,   90,   90,  165,  165, 4129, 4129, 4129,  165,
+      165,  167,  167, 4129, 4129,  167, 4129,  167,  169, 4129,
+     4129, 4129, 4129, 4129,  169,  172,  172, 4129, 4129, 4129,
+      172,  172,  174, 4129, 4129, 4129, 4129, 4129,  174,  176,
+      176, 4129,  176,  176,  176,  176,  179, 4129, 4129, 4129,
+     4129, 4129,  179,  182,  182, 4129, 4129, 4129,  182,  182,
+       91,   91, 4129,   91,   91,   91,   91,   17, 4129, 4129,
+     4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129,
+     4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129,
+     4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129,
+
+     4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129,
+     4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129,
+     4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129,
+     4129, 4129, 4129, 4129
     } ;
 
-static const flex_int16_t yy_chk[11833] =
+static const flex_int16_t yy_chk[11835] =
     {   0,
         1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
         1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
@@ -3100,8 +3103,8 @@ static const flex_int16_t yy_chk[11833] =
         7,    7,    7,   33,    7,    8,    8,    8,    8,   32,
         8,    9,    9,    9,   10,   10,   10,   19,   52,   52,
 
-     4125,   19,  238,    3,   32,   33,    4,   68,   68,    5,
-       33,    6, 3282,   13,   13,   13,   13,    7,   13,   14,
+     4137,   19,  238,    3,   32,   33,    4,   68,   68,    5,
+       33,    6, 3288,   13,   13,   13,   13,    7,   13,   14,
        14,   14,   14,    8,   14,   15,   15,   15,    9,   25,
       238,   10,   11,   11,   11,   11,   11,   11,   12,   12,
        12,   12,   12,   12,   16,   16,   16,   34,   28,   85,
@@ -3731,666 +3734,666 @@ static const flex_int16_t yy_chk[11833] =
         0, 1838, 1842, 1841, 1837, 1835, 1841, 1830, 1839, 1827,
      1840, 1842,    0, 1830, 1828, 1832, 1830, 1831, 1831, 1837,
      1839, 1836, 1843, 1840, 1832, 1835, 1836, 1838, 1838, 1842,
-     1841, 1837, 1844, 1845, 1830, 1839, 1847, 1840, 1846, 1847,
-     1843, 1848, 1852, 1844, 1853, 1845, 1853, 1855, 1854, 1843,
-     1850, 1852, 1848, 1856, 1847, 1850, 1844, 1859, 1846, 1844,
-     1845, 1857, 1850, 1847, 1858, 1846, 1847, 1860, 1848, 1852,
-     1844, 1853, 1854, 1858, 1855, 1854, 1857, 1850, 1861, 1860,
-     1856, 1859, 1850, 1862, 1859, 1863, 1864, 1866, 1857, 1865,
-
-     1868, 1858,    0, 1863, 1860, 1867, 1868, 1862, 1869, 1865,
-     1872, 1878, 1877, 1870, 1871, 1861, 1876,    0, 1864, 1866,
-     1862, 1870, 1863, 1864, 1866, 1871, 1865, 1868, 1872, 1867,
-     1869, 1873, 1867, 1874, 1876, 1869, 1874, 1872, 1878, 1873,
-     1870, 1871, 1875, 1876, 1877, 1875, 1879, 1880, 1881, 1886,
-     1882, 1874, 1883, 1884, 1880, 1887, 1885,    0, 1873, 1882,
-     1874, 1885, 1881, 1874, 1884, 1883, 1879, 1892, 1893, 1875,
-     1887, 1886, 1895, 1879, 1880, 1881, 1886, 1882, 1891, 1883,
-     1884, 1890, 1887, 1890, 1897, 1894, 1898, 1891, 1885, 1898,
-     1895, 1902, 1893, 1892, 1892, 1893, 1894, 1896, 1897, 1895,
-
-        0, 1896, 1899, 1900, 1898, 1891,    0,    0, 1890, 1901,
-     1897, 1897, 1894, 1898, 1903, 1899, 1898, 1902, 1902, 1914,
-        0, 1916, 1917, 1896, 1896, 1897, 1904, 1900, 1896, 1899,
-     1900, 1901, 1907, 1905, 1906, 1904, 1901, 1907, 1903, 1905,
-     1910, 1903, 1909, 1906, 1911, 1913, 1912, 1915, 1916, 1911,
-     1919, 1914, 1910, 1904, 1917, 1909, 1915, 1918, 1913, 1920,
-     1905, 1906, 1921, 1919, 1907, 1926, 1929, 1910, 1912, 1909,
-        0, 1911, 1913, 1912, 1915, 1923, 1927, 1919, 1924, 1918,
-     1925, 1931, 1923, 1921, 1918, 1924, 1928, 1933, 1934, 1921,
-     1927, 1920, 1928, 1925, 1937, 1933, 1934, 1926, 1929, 1936,
-
-     1931, 1935, 1923, 1927, 1938, 1924, 1939, 1925, 1931, 1935,
-     1928, 1940, 1942, 1928, 1933, 1934, 1937, 1943, 1936, 1928,
-     1939, 1937, 1938, 1941, 1944, 1942, 1936, 1945, 1935, 1940,
-     1943, 1938, 1946, 1939, 1947, 1948, 1949, 1941, 1940, 1942,
-     1950, 1953, 1954, 1951, 1943, 1944, 1952, 1950, 1955, 1948,
-     1941, 1944, 1951,    0, 1952, 1956, 1954, 1958, 1947, 1945,
-     1956, 1947, 1948, 1949, 1946, 1957, 1958, 1950, 1953, 1954,
-     1951, 1960, 1944, 1952, 1961, 1963, 1957, 1962, 1964,    0,
-     1955, 1961, 1956, 1970, 1958, 1964, 1965, 1966, 1967, 1968,
-        0,    0, 1957, 1968, 1970, 1972, 1974, 1963, 1960, 1973,
-
-     1962, 1961, 1963, 1975, 1962, 1964, 1967, 1970, 1965, 1966,
-     1970, 1972, 1976, 1965, 1966, 1967, 1968, 1973, 1975, 1977,
-     1974, 1970, 1972, 1974, 1976, 1978, 1973, 1979, 1980, 1981,
-     1975, 1982, 1983, 1978, 1985, 1987, 1980, 1984,    0, 1976,
-     1986, 1989, 1979, 1991, 1993, 1983, 1977, 1988, 1989, 1985,
-     1987, 1991, 1978, 1982, 1979, 1980, 1981, 1984, 1982, 1983,
-     1986, 1985, 1987, 1988, 1984, 1992, 1994, 1986, 1989, 1995,
-     1991, 1997, 1992, 1996, 1988, 1998, 1993, 1999, 1995, 2000,
-     2003, 1994, 2007, 2002, 1999,    0, 2006,    0, 2008, 2004,
-     2005,    0, 1992, 1994, 1996, 2010, 1995, 2006, 1997, 1998,
-
-     1996, 2004, 1998, 2009, 1999, 2002, 2000, 2011, 2005,    0,
-     2002, 2018, 2003, 2006, 2007, 2008, 2004, 2005, 2009, 2012,
-     2010, 2016, 2010, 2013, 2014, 2017, 2012, 2015, 2013, 2018,
-     2009, 2011, 2020, 2014, 2011, 2021, 2015,    0, 2018, 2022,
-     2019, 2028, 2024, 2016, 2020, 2023, 2012, 2017, 2016, 2024,
-     2013, 2014, 2017, 2025, 2015, 2019, 2026, 2021, 2023, 2020,
-     2025, 2022, 2021, 2023, 2027, 2029, 2022, 2019, 2028, 2024,
-        0, 2030, 2023, 2032, 2033, 2025, 2027, 2030, 2026, 2035,
-     2025, 2034, 2033, 2026, 2032, 2023, 2036, 2025, 2039, 2034,
-     2035, 2027, 2037, 2036, 2038, 2040, 2038, 2029, 2030, 2041,
-
-     2032, 2033, 2042, 2043, 2050, 2044, 2035, 2038, 2034, 2042,
-     2045, 2048, 2046, 2036, 2039, 2039, 2045, 2037, 2046, 2037,
-     2049, 2038, 2040, 2038, 2051, 2053, 2041, 2047, 2055, 2042,
-     2043, 2044, 2044, 2047, 2057, 2054, 2050, 2045, 2048, 2046,
-     2061, 2056, 2058, 2049, 2054, 2056, 2060, 2049, 2051, 2062,
-     2063, 2051, 2057, 2059, 2047, 2059, 2062, 2053, 2064, 2065,
-     2055, 2057, 2054, 2069, 2058, 2067, 2068, 2061, 2056, 2058,
-     2060, 2065, 2063, 2060, 2070, 2066, 2062, 2063, 2071,    0,
-     2059, 2066, 2076,    0, 2073, 2064, 2065, 2067, 2068, 2069,
-     2069, 2073, 2067, 2068, 2074, 2080, 2070, 2072, 2072, 2072,
-
-     2075, 2070, 2066, 2074, 2072,    0, 2077, 2075, 2078, 2079,
-     2071, 2073, 2072, 2077, 2076, 2078, 2084, 2080, 2082, 2083,
-     2085, 2074, 2080, 2082, 2072, 2072, 2072, 2075, 2084, 2079,
-     2087, 2072, 2083, 2077, 2088, 2078, 2079, 2086, 2089,    0,
-     2094, 2090, 2087, 2084, 2092, 2085, 2083, 2085, 2090, 2091,
-     2082, 2096, 2092, 2086, 2093, 2100, 2089, 2087, 2095, 2095,
-     2093, 2099, 2091, 2097, 2086, 2089, 2088, 2094, 2090, 2098,
-     2097, 2092, 2101, 2102, 2098, 2105, 2091, 2096, 2096, 2107,
-     2102, 2093, 2100, 2108, 2106, 2095, 2106, 2099, 2099, 2110,
-     2097, 2112, 2111, 2117, 2115, 2113, 2098, 2107, 2111, 2101,
-
-     2102, 2113, 2105, 2118, 2114, 2115, 2107, 2110, 2120, 2118,
-     2108, 2106, 2114, 2116, 2121, 2119, 2110, 2122, 2122, 2111,
-     2117, 2115, 2113, 2112, 2123, 2124, 2116, 2119, 2120, 2128,
-     2118, 2114, 2121, 2125, 2125, 2120, 2126, 2129, 2130, 2131,
-     2116, 2121, 2119, 2133, 2122, 2132, 2131, 2126, 2137, 2134,
-     2123, 2123, 2124,    0, 2136, 2138, 2139, 2141,    0, 2129,
-     2125, 2128, 2136, 2126, 2129, 2132, 2131, 2140,    0, 2141,
-     2130,    0, 2132, 2144, 2134, 2133, 2134, 2145, 2139, 2142,
-     2137, 2136, 2138, 2139, 2141, 2140, 2142, 2143, 2146, 2147,
-     2148, 2148, 2145, 2149, 2140, 2143, 2151, 2144, 2147, 2150,
-
-     2144, 2152, 2154, 2151, 2145, 2155, 2142, 2163,    0, 2153,
-        0, 2156, 2146, 2157, 2143, 2146, 2147, 2148, 2156, 2149,
-     2149,    0, 2150, 2151, 2153, 2157, 2150, 2158, 2154, 2154,
-     2161, 2162, 2160, 2152, 2163, 2161, 2153, 2155, 2156, 2160,
-     2157, 2164, 2169, 2158, 2164, 2170, 2171, 2165, 2166, 2173,
-     2158, 2177,    0, 2162, 2158, 2165, 2168, 2161, 2162, 2160,
-     2166, 2172, 2174, 2175, 2168, 2169, 2185, 2171, 2164, 2169,
-     2158, 2170, 2170, 2171, 2165, 2166, 2173, 2176, 2177, 2172,
-     2174, 2178, 2176, 2168, 2179, 2181, 2175, 2178, 2172, 2174,
-     2175, 2180, 2190, 2176, 2182, 2183, 2184, 2179, 2185, 2180,
-
-     2191, 2182, 2183, 2184, 2176, 2186, 2188, 2181, 2178, 2176,
-     2189, 2179, 2181, 2187, 2186, 2192, 2194, 2197, 2180, 2190,
-     2198, 2182, 2183, 2184, 2189, 2187, 2191, 2191, 2188, 2196,
-     2195, 2200, 2186, 2188, 2194, 2195, 2196, 2189, 2192, 2197,
-     2187, 2202, 2192, 2194, 2197, 2201, 2195, 2198, 2204, 2206,
-     2201, 2205, 2205, 2208, 2207, 2210, 2196, 2195, 2200, 2212,
-     2211, 2215, 2195, 2213, 2214, 2217, 2214, 2216, 2220, 2207,
-     2210, 2206, 2216, 2202, 2212,    0, 2206, 2201, 2205, 2219,
-     2204, 2207, 2210, 2211, 2218, 2208, 2212, 2211, 2223, 2213,
-     2213, 2214, 2221, 2215, 2216, 2220, 2218, 2217, 2222, 2224,
-
-     2221, 2219, 2226,    0, 2227, 2222, 2219, 2230, 2228, 2231,
-     2223, 2218, 2227, 2232, 2224, 2223, 2233, 2226, 2234, 2221,
-     2235, 2236, 2239,    0, 2241, 2222, 2224,    0, 2245, 2226,
-     2228, 2227,    0, 2231, 2230, 2228, 2231, 2237, 2240, 2232,
-     2232, 2238, 2242, 2233, 2234, 2234, 2241, 2235, 2238, 2237,
-     2245, 2241, 2243, 2236, 2239, 2245, 2246, 2248, 2251, 2240,
-     2249, 2246, 2252, 2242, 2237, 2240, 2250, 2255, 2238, 2242,
-     2243, 2253, 2250, 2251, 2252, 2256, 2258, 2257, 2259, 2243,
-     2263, 2248, 2255, 2249, 2248, 2251, 2260, 2249, 2246, 2252,
-     2256, 2262, 2261, 2250, 2255, 2268, 2259, 2253, 2253, 2257,
-
-     2271, 2266, 2256, 2258, 2257, 2259, 2265, 2263, 2260, 2264,
-     2266, 2269, 2267, 2260, 2261, 2262, 2264, 2272, 2262, 2261,
-     2267, 2270, 2273, 2281, 2265,    0, 2272, 2268, 2266, 2275,
-     2281, 2282, 2271, 2265, 2269, 2279, 2264, 2274, 2269, 2267,
-     2273, 2277, 2275, 2270, 2272, 2278, 2274, 2280, 2270, 2273,
-     2281, 2283, 2277, 2279, 2278, 2284, 2275, 2282, 2282, 2286,
-     2285, 2287, 2279, 2290, 2274, 2280, 2285, 2277, 2277, 2283,
-     2284, 2292, 2278, 2293, 2280, 2287, 2299, 2297, 2283, 2277,
-     2294, 2286, 2284, 2295, 2293, 2301, 2286, 2285, 2287, 2297,
-     2290, 2294, 2298, 2300, 2295, 2292, 2302, 2304, 2292, 2306,
-
-     2293, 2303, 2309, 2300, 2297, 2298, 2305, 2294, 2299, 2310,
-     2295, 2301, 2301, 2307, 2303, 2305, 2313, 2314, 2304, 2298,
-     2300, 2302,    0, 2302, 2304, 2315, 2306, 2312, 2303, 2309,
-     2316, 2312, 2307, 2305, 2317, 2310, 2310, 2313, 2315, 2317,
-     2307, 2318, 2330, 2313, 2319, 2321, 2330, 2320, 2318, 2314,
-     2316, 2321, 2315, 2324, 2312, 2320,    0, 2316, 2326, 2326,
-     2322, 2317, 2323, 2325, 2328, 2324, 2327,    0, 2318, 2330,
-     2319, 2319, 2321, 2320, 2320, 2322, 2328, 2323, 2325, 2334,
-     2324, 2329, 2320, 2334, 2327, 2326, 2329, 2322, 2336, 2323,
-     2325, 2328,    0, 2327, 2331, 2331, 2333, 2335, 2331, 2337,
-
-     2338,    0, 2342, 2333, 2339,    0, 2334, 2338, 2337, 2341,
-     2340, 2331, 2335, 2329,    0, 2336, 2346, 2345,    0, 2331,
-        0, 2331, 2331, 2333, 2335, 2331, 2337, 2338, 2339, 2342,
-     2348, 2339, 2340, 2343, 2349, 2341, 2341, 2340, 2331, 2345,
-     2343, 2346, 2347, 2346, 2345, 2352, 2354, 2355, 2362, 2357,
-     2358, 2347, 2348,    0, 2349, 2354, 2360, 2348, 2359,    0,
-     2343, 2349, 2365, 2352, 2357, 2355, 2359, 2377, 2360, 2347,
-     2367, 2361, 2352, 2354, 2355, 2358, 2357, 2358, 2361, 2363,
-     2362, 2366, 2369, 2360, 2374, 2359, 2363, 2365, 2370, 2365,
-     2368, 2368, 2372, 2374, 2366, 2376, 2373, 2367, 2361, 2377,
-
-        0, 2375, 2376, 2378, 2369, 2380, 2363, 2379, 2366, 2369,
-     2375, 2374, 2382, 2370, 2372, 2370, 2387, 2368, 2373, 2372,
-     2380, 2379, 2376, 2373, 2381, 2378, 2386, 2384, 2375, 2381,
-     2378, 2382, 2380, 2385, 2379, 2384, 2388, 2390, 2391, 2382,
-     2392, 2386, 2389, 2387, 2393, 2391, 2385, 2395, 2394, 2390,
-     2396, 2398, 2399, 2386, 2384,    0, 2381,    0, 2389, 2397,
-     2385, 2401, 2388, 2388, 2390, 2391, 2393, 2403, 2397, 2389,
-     2400, 2393, 2392, 2394, 2404, 2394, 2402, 2405, 2400, 2395,
-     2406, 2407, 2396, 2398, 2399,    0, 2397, 2409, 2401, 2400,
-     2407, 2402, 2411, 2403, 2403, 2405, 2465, 2400, 2414, 2468,
-
-     2404, 2404, 2406, 2402, 2405, 2400, 2410, 2406, 2407, 2410,
-     2409, 2413, 2412, 2414, 2409, 2416, 2413, 2411, 2412, 2411,
-     2415, 2418, 2419, 2420, 2410, 2414, 2423, 2426, 2465, 2421,
-     2416, 2468, 2427, 2410, 2425, 2418, 2410, 2419, 2415, 2412,
-     2423, 2427, 2416, 2413,    0, 2420, 2424, 2415, 2418, 2419,
-     2420, 2421, 2425, 2423, 2426, 2428, 2421, 2429, 2424, 2427,
-     2430, 2425, 2432, 2436, 2428, 2424, 2429, 2431, 2433, 2431,
-     2434, 2430, 2438, 2424, 2439, 2432, 2437,    0, 2436, 2438,
-     2433,    0, 2428, 2440, 2429, 2424, 2441, 2430, 2447, 2432,
-     2436, 2437, 2434, 2442, 2431, 2433, 2439, 2434, 2445, 2438,
-
-     2453, 2439, 2442, 2437, 2441, 2440, 2449, 2450, 2448, 2447,
-     2440, 2445, 2448, 2441, 2452, 2447, 2450, 2455, 2449, 2445,
-     2442, 2451, 2454, 2451, 2458, 2445,    0, 2453, 2456, 2460,
-     2459, 2457, 2452, 2449, 2450, 2448, 2469, 2456, 2445, 2457,
-     2454, 2452, 2461, 2460, 2455, 2466, 2462, 2458, 2451, 2454,
-     2466, 2458, 2459, 2462, 2461, 2456, 2460, 2459, 2457, 2464,
-     2467, 2470, 2472, 2473, 2475, 2467, 2478, 2464, 2469, 2461,
-     2473, 2475, 2466, 2462, 2477, 2478, 2479, 2481, 2477,    0,
-     2480, 2472, 2482, 2488, 2483, 2470, 2464, 2484, 2470, 2472,
-     2473, 2475, 2467, 2478, 2480, 2481, 2486, 2491, 2496, 2485,
-
-     2489, 2477, 2484, 2479, 2481, 2480, 2480, 2480, 2485, 2482,
-     2483, 2483, 2489, 2490, 2484, 2488, 2492, 2486, 2493, 2491,
-     2490, 2480, 2494, 2486, 2491, 2492, 2485, 2489, 2495, 2498,
-     2496, 2499, 2480,    0, 2500, 2501,    0, 2503, 2499, 2503,
-     2490, 2504, 2501, 2492, 2493, 2493, 2511, 2505, 2506, 2494,
-     2495, 2505, 2498, 2511,    0, 2495, 2498, 2500, 2499, 2508,
-     2506, 2500, 2501, 2504, 2503, 2512, 2510, 2507, 2504, 2509,
-     2514, 2516, 2515, 2511, 2505, 2506, 2507, 2510, 2509, 2513,
-     2517, 2508, 2518, 2516, 2513, 2521, 2508, 2512, 2519, 2519,
-        0, 2518, 2512, 2510, 2507, 2515, 2509, 2514, 2516, 2515,
-
-     2521, 2520, 2517, 2522, 2523, 2524, 2513, 2517, 2525, 2518,
-     2520, 2522, 2521, 2526, 2528, 2519, 2529, 2525, 2532, 2524,
-     2533, 2530, 2532, 2533, 2529, 2538, 2523, 2540, 2520, 2530,
-     2522, 2523, 2524, 2528, 2531, 2525, 2534, 2546, 2536, 2542,
-     2526, 2528, 2531, 2529, 2534, 2532, 2535, 2533, 2530, 2537,
-     2539, 2542, 2535, 2536, 2545, 2537, 2544, 2538, 2546, 2540,
-     2547, 2531, 2548, 2534, 2546, 2536, 2542, 2545, 2539, 2548,
-     2544, 2549, 2550, 2535, 2552,    0, 2537, 2539, 2551, 2553,
-     2554, 2545, 2553, 2544, 2556, 2547, 2555, 2547, 2552, 2548,
-     2557, 2558, 2559, 2554, 2550,    0, 2560, 2561, 2549, 2550,
-
-     2555, 2552, 2551, 2565, 2570, 2551, 2553, 2554, 2560, 2561,
-     2556, 2556, 2562, 2555, 2566, 2567, 2558, 2557, 2558, 2559,
-     2568,    0, 2563, 2560, 2561, 2563, 2562, 2567, 2571, 2572,
-     2565, 2570, 2569, 2580, 2581, 2569, 2574, 2575, 2576, 2562,
-     2566, 2566, 2567, 2578, 2575, 2576, 2568, 2568, 2563, 2563,
-     2569, 2572, 2563, 2577, 2583, 2571, 2572, 2578, 2574, 2569,
-     2580, 2581, 2569, 2574, 2575, 2576, 2582, 2584, 2577, 2585,
-     2578, 2586, 2588, 2587, 2582, 2589, 2584, 2590, 2592, 2591,
-     2577, 2583, 2593, 2586, 2595, 2592, 2600,    0,    0,    0,
-     2590, 2594, 2599, 2582, 2584, 2587, 2585, 2591, 2586, 2588,
-
-     2587, 2594, 2589, 2596, 2590, 2592, 2591, 2597, 2593, 2593,
-     2602, 2595, 2601, 2600, 2599, 2597, 2596, 2603, 2594, 2599,
-     2601, 2604, 2606, 2608, 2605, 2609, 2603, 2607, 2610, 2616,
-     2596, 2611, 2615, 2609, 2597, 2613,    0, 2602,    0, 2601,
-     2610,    0, 2607, 2604, 2603, 2605, 2606, 2613, 2604, 2606,
-     2608, 2605, 2609, 2607, 2607, 2610, 2611, 2614, 2611, 2615,
-     2618, 2616, 2613, 2619, 2620, 2614, 2621, 2618, 2620, 2607,
-     2623, 2622, 2624, 2627, 2625, 2619, 2626, 2630, 2621, 2628,
-     2624, 2625, 2633, 2626, 2614, 3712, 3712, 2618,    0, 2630,
-     2619, 2620,    0, 2621, 2622, 2627, 2629, 2623, 2622, 2624,
-
-     2627, 2625, 2628, 2626, 2630, 2629, 2628, 2631, 2634, 2633,
-     2635, 2636, 2629, 2629, 3712, 2634, 2637, 2638, 2642, 2639,
-     2629, 2631, 2643, 2629, 2636, 2637, 2638, 2640, 2640, 2641,
-     2635, 2639, 2629, 2631, 2631, 2634, 2642, 2635, 2636, 2629,
-     2629, 2646, 2644, 2637, 2638, 2642, 2639, 2643, 2631, 2643,
-     2647,    0, 2648, 2649, 2640, 2641, 2641, 2644, 2652, 2644,
-     2650, 2651, 2653, 2651,    0, 2647, 2644, 2662, 2653, 2644,
-     2655, 2658, 2652, 2646, 2648, 2649, 2654, 2647, 2659, 2648,
-     2649, 2663, 2650, 2661, 2644, 2652, 2644, 2650, 2651, 2653,
-     2656, 2656, 2655, 2658, 2654, 2661, 2660, 2655, 2658, 2662,
-
-     2659, 2664, 2665, 2654, 2666, 2659,    0, 2664, 2667, 2678,
-     2661, 2668, 2670, 2663, 2665, 2672, 2671, 2656, 2660, 2669,
-        0, 2669, 2672, 2660, 2677, 2679, 2670, 2673, 2664, 2665,
-     2667, 2674, 2675, 2668, 2676, 2667, 2666, 2677, 2668, 2670,
-     2671, 2678, 2672, 2671, 2680, 2673, 2669, 2685, 2682, 2674,
-     2675, 2677, 2676, 2684, 2673, 2682, 2686, 2679, 2674, 2675,
-     2684, 2676, 2687,    0, 2688, 2685, 2692, 2680, 2689, 2691,
-     2696, 2680, 2688, 2690, 2685, 2682, 2698,    0, 2697, 2693,
-     2684, 2696, 2686, 2686, 2689, 2724,    0, 2691, 2715, 2697,
-     2688, 2688, 2692, 2692, 2687, 2689, 2691, 2696, 2690, 2688,
-
-     2690, 2693, 2694, 2698, 2694, 2697, 2693, 2699, 2700, 2694,
-     2701, 2702, 2705, 2706, 2703, 2715,    0, 2724, 2708, 2699,
-     2707, 2711, 2710, 2725, 2706, 2716, 2700, 2705, 2701, 2694,
-     2702, 2694, 2707, 2708, 2699, 2700, 2703, 2701, 2702, 2705,
-     2706, 2703, 2713, 2711, 2712, 2708, 2710, 2707, 2711, 2710,
-     2714, 2712, 2716, 2717, 2718, 2725, 2719, 2721,    0,    0,
-     2713, 2718, 2722, 2723, 2727, 2714, 2728,    0, 2729, 2713,
-     2726, 2712, 2730,    0, 2731, 2735, 2734, 2714,    0, 2728,
-     2717, 2718, 2719, 2719, 2721, 2723, 2722, 2730, 2726, 2722,
-     2723, 2727, 2732, 2728, 2729, 2729, 2733, 2726, 2736, 2730,
-
-     2731, 2731, 2734, 2734, 2733, 2732, 2737, 2735, 2739, 2741,
-     2740, 2736,    0,    0, 2744, 2748, 2742, 2743,    0, 2732,
-     2746,    0, 2745, 2733, 2751, 2736,    0, 2746, 2737, 2747,
-     2759, 2739, 2744, 2737, 2740, 2739, 2741, 2740, 2742, 2743,
-     2745, 2744, 2748, 2742, 2743, 2749, 2751, 2746, 2752, 2745,
-     2753, 2751, 2747, 2754, 2755, 2752, 2747, 2753, 2757, 2749,
-     2754, 2756, 2759, 2761, 2758, 2757, 2760, 2755, 2763, 2764,
-     2762, 2765, 2749,    0, 2766, 2752, 2769, 2753, 2764, 2765,
-     2754, 2755, 2766, 2767, 2756, 2757, 2758, 2760, 2756, 2761,
-     2761, 2758, 2762, 2760, 2763, 2763, 2764, 2762, 2765, 2771,
-
-     2768, 2766, 2772, 2769, 2774, 2767, 2768, 2775, 2773,    0,
-     2767, 2781, 2795, 2772, 2771, 2776, 2777,    0, 2782, 2779,
-        0, 2783,    0,    0, 2781, 2784, 2771, 2768, 2785, 2772,
-     2773, 2782, 2787, 2789, 2776, 2773, 2774, 2779, 2781, 2775,
-     2791, 2777, 2776, 2777, 2795, 2782, 2779, 2783, 2783, 2784,
-     2788, 2794, 2784, 2796, 2785, 2785, 2787, 2789, 2797, 2787,
-     2789, 2798, 2788, 2790, 2790, 2799, 2791, 2791, 2796, 2802,
-     2806, 2807, 2804, 2810, 2794, 2811, 2811, 2788, 2794, 2798,
-     2796, 2804, 2807, 2806, 2812, 2797, 2816, 2799, 2798, 2818,
-     2790, 2820, 2799, 2817, 2813, 2810, 2802, 2806, 2807, 2804,
-
-     2810, 2814, 2811, 2813, 2822, 2823, 2825, 2814, 2816,    0,
-     2812, 2812, 2823, 2816, 2824, 2817, 2818, 2825, 2820, 2826,
-     2817, 2813, 2827, 2829, 2826,    0, 2833, 2830, 2814,    0,
-     2831, 2829, 2823, 2825, 2837, 2838, 2822, 2832, 2836, 2839,
-     2824, 2824, 2842,    0, 2827, 2831, 2826, 2835, 2839, 2827,
-     2829, 2830, 2832, 2833, 2830, 2837, 2836, 2831, 2835, 2840,
-     2843, 2837, 2844, 2846, 2832, 2836, 2839, 2838, 2845, 2842,
-     2847, 2840, 2848, 2850, 2835, 2851, 2849, 2856, 2843,    0,
-     2844, 2855, 2847, 2851, 2848,    0, 2840, 2843, 2846, 2844,
-     2846, 2850, 2845, 2852, 2852, 2845, 2853, 2847, 2849, 2848,
-
-     2850, 2852, 2851, 2849, 2856, 2853, 2857, 2855, 2855, 2858,
-     2860, 2859, 2861,    0, 2863, 2862, 2865, 2864, 2858, 2867,
-     2852, 2852, 2870, 2853, 2860, 2866, 2867, 2863, 2857, 2859,
-     2864, 2865, 2869, 2857, 2861, 2872, 2858, 2860, 2859, 2861,
-     2862, 2863, 2862, 2865, 2864, 2871, 2867, 2866, 2868, 2870,
-     2873, 2874, 2866, 2875, 2869, 2868, 2876, 2871, 2877, 2869,
-     2878, 2882, 2872, 2879,    0, 2880, 2883, 2877, 2875, 2881,
-        0, 2884, 2871, 2883,    0, 2868, 2882, 2873, 2874, 2888,
-     2875, 2876, 2878, 2876, 2890, 2877, 2884, 2878, 2882, 2879,
-     2879, 2880, 2880, 2883, 2885, 2881, 2881, 2886, 2884, 2887,
-
-     2889, 2885, 2891, 2886, 2892, 2893, 2888, 2894, 2889, 2897,
-     2887, 2890,    0, 2895, 2901, 2896, 2897, 2898, 2899, 2902,
-     2892, 2885, 2894, 2903, 2886, 2899, 2887, 2889, 2900, 2891,
-     2896, 2892, 2893, 2895, 2894, 2900, 2897, 2902, 2906, 2898,
-     2895, 2901, 2896, 2909, 2898, 2899, 2902, 2904, 2904, 2905,
-     2903, 2907, 2906, 2908, 2907, 2900, 2905, 2910, 2911, 2915,
-        0, 2909, 2912, 2911, 2913, 2906, 2908, 2914,    0, 2916,
-     2909, 2917, 2910, 2919, 2904, 2923, 2905, 2915, 2907, 2913,
-     2908, 2916, 2919, 2917, 2910, 2911, 2915, 2912, 2922, 2912,
-     2920, 2913, 2921, 2914, 2914, 2920, 2916, 2921, 2917, 2924,
-
-     2919, 2925, 2923, 2924, 2929, 2926, 2930, 2927, 2928, 2931,
-     2922, 2932,    0,    0, 2937, 2922, 2939, 2920, 2926, 2921,
-        0, 2936,    0,    0, 2931, 2925, 2924,    0, 2925, 2927,
-     2928, 2929, 2926, 2930, 2927, 2928, 2931, 2932, 2932, 2936,
-     2937, 2937, 2939, 2939, 2940, 2941, 2942, 2943, 2936, 2945,
-     2947, 2946, 2950, 2940, 2942, 2947, 2945, 2948, 2949, 2943,
-     2946, 2941, 2951, 2952, 2948, 2949,    0, 2956, 2953, 2951,
-     2950, 2940, 2941, 2942, 2943, 2953, 2945, 2947, 2946, 2950,
-     2958, 2959, 2954, 2955, 2948, 2949, 2960, 2962, 2952, 2951,
-     2952, 2954, 2955, 2956, 2956, 2953, 2961, 2963, 2965, 2960,
-
-     2966, 2961, 2967, 2958,    0, 2962, 2968, 2958, 2959, 2954,
-     2955, 2967, 2969, 2960, 2962, 2968, 2965, 2970, 2971, 2972,
-     2978, 2969, 2973, 2961, 2963, 2965, 2975, 2966, 2972, 2967,
-     2971, 2973, 2974, 2968, 2975, 2976, 2979, 2970, 2977, 2969,
-     2978, 2980, 2982, 2974, 2970, 2971, 2972, 2978, 2981, 2973,
-     2983, 2982, 2985, 2975, 2986, 2981, 2987, 2988, 2976, 2974,
-     2990, 2977, 2976, 2979, 2989, 2977, 2988, 2992, 2980, 2982,
-     2991, 2983, 2990, 2989, 2993, 2981, 2994, 2983, 2991, 2985,
-     2992, 2986, 2995, 2996, 2988, 2997, 2998, 2990, 2987, 2995,
-     2996, 2989, 2997, 3000, 2992, 2999, 2993, 2991, 3002, 3001,
-
-     3000, 2993, 2998, 2994, 3003, 3004, 3005, 3007, 3008, 2995,
-     2996, 2999, 2997, 2998, 3012, 3007, 3011,    0, 3010, 3015,
-     3000, 3001, 2999, 3002, 3011, 3002, 3001, 3014, 3017, 3012,
-     3004, 3003, 3004, 3005, 3007, 3008, 3010, 3013, 3025, 3024,
-     3016, 3012,    0, 3011, 3013, 3010, 3015, 3016, 3019, 3014,
-     3017, 3018, 3022, 3023, 3014, 3017, 3019, 3026, 3018, 3022,
-     3028, 3027, 3023, 3024, 3013, 3025, 3024, 3016, 3031, 3026,
-     3027, 3030, 3037, 3029, 3033, 3019, 3035,    0, 3018, 3022,
-     3023, 3034, 3036, 3030, 3026, 3043, 3033, 3028, 3027, 3029,
-     3038, 3031, 3040, 3034,    0, 3031, 3041, 3035, 3030, 3037,
-
-     3029, 3033, 3042, 3035, 3038, 3036, 3040,    0, 3034, 3036,
-     3041, 3045, 3043, 3046, 3042, 3052, 3047, 3038, 3048, 3040,
-     3044, 3044, 3046, 3041, 3049, 3048, 3051, 3050,    0, 3042,
-     3047, 3045, 3049, 3051, 3044, 3054, 3056, 3055, 3045, 3057,
-     3046, 3058, 3052, 3047, 3059, 3048, 3050, 3044, 3044, 3060,
-     3054, 3049, 3059, 3051, 3050, 3055, 3061, 3062, 3063, 3056,
-     3066, 3075, 3054, 3056, 3055, 3057, 3057, 3064, 3058, 3063,
-     3065, 3059, 3072, 3068, 3073, 3062, 3060, 3065, 3061, 3068,
-     3082, 3074, 3064, 3061, 3062, 3063, 3074, 3066, 3075, 3076,
-     3077, 3078, 3073, 3079, 3064, 3080, 3081, 3065, 3072, 3072,
-
-     3068, 3073, 3083, 3076, 3077, 3078, 3086, 3082, 3074, 3083,
-     3089, 3079, 3084, 3080, 3081, 3092, 3076, 3077, 3078, 3091,
-     3079, 3093, 3080, 3081, 3084, 3094, 3095, 3096, 3092, 3083,
-     3097,    0, 3089, 3086, 3095, 3099, 3101, 3089, 3102, 3084,
-        0, 3091, 3092, 3093, 3094, 3096, 3091, 3099, 3093, 3097,
-     3104, 3105, 3094, 3095, 3096, 3103, 3107, 3097, 3101, 3106,
-     3102,    0, 3099, 3101, 3109, 3102, 3108, 3103, 3107, 3110,
-     3111, 3113, 3109, 3112, 3115, 3114, 3118, 3104, 3105,    0,
-     3113, 3106, 3103, 3107, 3114, 3116, 3106, 3117, 3108, 3118,
-     3111, 3109, 3120, 3108, 3122, 3112, 3110, 3111, 3113, 3121,
-
-     3112, 3123, 3114, 3118, 3124, 3127, 3115, 3116, 3128, 3117,
-     3129, 3121, 3116, 3130, 3117, 3131, 3122, 3135, 3120, 3120,
-     3132, 3122, 3128, 3129, 3133, 3132, 3121, 3127, 3123, 3136,
-     3135, 3124, 3127, 3134,    0, 3128, 3137, 3129,    0, 3131,
-     3130, 3141, 3131, 3138, 3135, 3139, 3133, 3144, 3140, 3145,
-     3142, 3133, 3132, 3141,    0, 3134, 3143, 3148, 3146, 3137,
-     3134, 3136, 3143, 3137, 3152, 3138, 3140, 3139, 3141, 3142,
-     3138, 3147, 3139, 3150, 3151, 3140,    0, 3142, 3159, 3144,
-     3146, 3145, 3154, 3143, 3148, 3146, 3147, 3159, 3152, 3156,
-     3157, 3152, 3158, 3150, 3160, 3161, 3151, 3154, 3147, 3163,
-
-     3150, 3151, 3162, 3166, 3165, 3159, 3164, 3172, 3160, 3154,
-     3167, 3156, 3157, 3161, 3158, 3171, 3156, 3157,    0, 3158,
-     3162, 3160, 3161,    0, 3164, 3163, 3163, 3165, 3172, 3162,
-     3170, 3165, 3167, 3164, 3172, 3166, 3175, 3167, 3176, 3170,
-     3179, 3177, 3178, 3181, 3175, 3176, 3180, 3171, 3177, 3185,
-     3178, 3181, 3186, 3183, 3184, 3189, 3187, 3170, 3199,    0,
-        0, 3197, 3200, 3175, 3186, 3176, 3180, 3179, 3177, 3178,
-     3181, 3183, 3184, 3180, 3187, 3185, 3185, 3188, 3190, 3186,
-     3183, 3184, 3189, 3187, 3192, 3194, 3190, 3196, 3197, 3188,
-     3199, 3198, 3194, 3198, 3200, 3202, 3192, 3203, 3204, 3205,
-
-     3206, 3208, 3210, 3202, 3188, 3190, 3203, 3207, 3213, 3207,
-     3196, 3192, 3194,    0, 3196, 3214, 3218, 3211, 3198, 3206,
-     3210,    0, 3202, 3208, 3203, 3215, 3205, 3206, 3208, 3210,
-     3204, 3211, 3216, 3217, 3207, 3219,    0, 3221,    0, 3214,
-     3213, 3216, 3214, 3218, 3211, 3222, 3217, 3219, 3215, 3223,
-     3229, 3228, 3215, 3227, 3226, 3229, 3224, 3230, 3231, 3216,
-     3217, 3233, 3219, 3221, 3221, 3224, 3227, 3222, 3226, 3228,
-     3232, 3223, 3222, 3234, 3232, 3236, 3223, 3229, 3228, 3230,
-     3227, 3226, 3237, 3224, 3230, 3231, 3238, 3241, 3233, 3239,
-     3244, 3243, 3254,    0, 3246, 3245, 3247, 3232, 3243, 3246,
-
-     3234,    0, 3236, 3252,    0, 3237, 3255, 3239, 3238, 3237,
-     3245, 3247, 3244, 3238, 3241, 3256, 3239, 3244, 3243, 3254,
-     3249, 3250, 3245, 3247, 3251, 3257, 3246, 3249, 3250, 3252,
-     3252, 3251, 3258, 3255, 3261, 3262, 3259, 3265, 3264,    0,
-     3266, 3267, 3256, 3268, 3262, 3264, 3258, 3249, 3250, 3257,
-     3259, 3251, 3257, 3269, 3273, 3268, 3274, 3270, 3280, 3258,
-     3271, 3261, 3262, 3259, 3265, 3264, 3266, 3266, 3267, 3271,
-     3268, 3270, 3272, 3275, 3278, 3281, 3283, 3279, 3284, 3278,
-     3269, 3283, 3284, 3274, 3270, 3272, 3273, 3271, 3285, 3287,
-     3280, 3286, 3288, 3289, 3290, 3285, 3275, 3281, 3286, 3272,
-
-     3275, 3279, 3281, 3293, 3279, 3284, 3278, 3291, 3283, 3291,
-     3287, 3296, 3292, 3298, 3297, 3285, 3287, 3309, 3286, 3301,
-     3303, 3304, 3303, 3300, 3288, 3289, 3290, 3305,    0,    0,
-     3293,    0,    0, 3298, 3291, 3292, 3297, 3307, 3296, 3292,
-     3298, 3297, 3300, 3301, 3309, 3304, 3301, 3303, 3304, 3308,
-     3300, 3306, 3306, 3305, 3305, 3310, 3311, 3312, 3308, 3307,
-     3313, 3306, 3310, 3319, 3307, 3322, 3314, 3315, 3319, 3311,
-     3317,    0, 3323, 3313, 3314,    0, 3308, 3316, 3306, 3306,
-     3315, 3320, 3310, 3311, 3312, 3316, 3320, 3313, 3321, 3317,
-     3314, 3324, 3322, 3314, 3315, 3319, 3321, 3317, 3323, 3323,
-
-     3325, 3314, 3326, 3328, 3316, 3327,    0, 3331, 3331, 3330,
-        0, 3329, 3334, 3320, 3328, 3321, 3330, 3324, 3324, 3332,
-     3333, 3335,    0, 3337, 3338, 3334, 3325, 3325, 3326, 3326,
-     3328, 3327, 3327, 3329, 3331, 3343, 3330, 3332, 3329, 3334,
-     3333, 3336, 3338, 3335, 3344, 3337, 3332, 3333, 3335, 3336,
-     3337, 3338, 3339, 3340, 3341,    0, 3347, 3346, 3345, 3339,
-     3340, 3341, 3343, 3350, 3352, 3348, 3349, 3353, 3336, 3346,
-     3354, 3344, 3350, 3355, 3357, 3360,    0,    0, 3358, 3339,
-     3340, 3341, 3345, 3347, 3346, 3345, 3348, 3353, 3349, 3359,
-     3350, 3352, 3348, 3349, 3353, 3355, 3358, 3354, 3365, 3361,
-
-     3355, 3357, 3360, 3362, 3364, 3358, 3366, 3359, 3370, 3367,
-     3368, 3369,    0, 3364,    0, 3371, 3359, 3361, 3373, 3369,
-     3375, 3362, 3372, 3373, 3370, 3365, 3361, 3371, 3368, 3372,
-     3362, 3364, 3367, 3366, 3375, 3370, 3367, 3368, 3369, 3376,
-     3377, 3378, 3371,    0, 3380,    0, 3379, 3375, 3382, 3372,
-     3373, 3384, 3377, 3378, 3381, 3383, 3391, 3376, 3390, 3394,
-        0,    0, 3386, 3384, 3399,    0, 3376, 3377, 3378, 3379,
-     3380, 3380, 3382, 3379, 3386, 3382, 3381, 3383, 3384, 3392,
-     3390, 3381, 3383, 3391, 3395, 3390, 3394, 3397, 3396, 3386,
-     3396, 3399, 3392, 3400, 3401, 3402, 3397, 3395, 3403, 3407,
-
-     3412, 3407, 3408, 3411, 3409,    0, 3392,    0, 3414,    0,
-     3411, 3395, 3401, 3403, 3397, 3396, 3418, 3419,    0, 3420,
-     3400, 3401, 3409, 3414, 3408, 3403, 3407, 3402, 3416, 3408,
-     3411, 3409, 3412, 3421, 3416, 3414, 3423, 3424, 3418, 3419,
-     3426, 3428, 3431, 3418, 3419, 3420, 3420, 3427,    0, 3429,
-     3424, 3421, 3429, 3432, 3428, 3416, 3426, 3433, 3423, 3434,
-     3421, 3427, 3437, 3423, 3424, 3435, 3436, 3426, 3428, 3431,
-     3437, 3442, 3435, 3436, 3427, 3429, 3429, 3434, 3439, 3429,
-     3432, 3443, 3438,    0, 3433, 3444, 3434, 3446, 3445, 3437,
-     3438, 3448, 3435, 3436, 3450, 3447, 3449, 3452, 3455, 3454,
-
-     3439, 3454, 3449, 3442, 3447, 3439, 3448, 3444, 3443, 3438,
-     3445, 3451, 3444, 3457, 3446, 3445, 3450, 3458, 3448, 3459,
-     3451, 3450, 3447, 3449, 3460, 3455, 3454, 3461, 3467, 3452,
-     3462, 3463,    0, 3469, 3470, 3461, 3457,    0, 3451, 3458,
-     3457, 3459, 3462, 3463, 3458, 3465, 3459, 3469, 3470, 3471,
-     3460, 3460, 3465, 3473, 3461, 3467, 3472, 3462, 3463, 3474,
-     3469, 3470, 3476, 3471, 3481, 3475, 3477, 3478, 3480, 3479,
-     3474, 3473, 3465, 3475, 3478, 3480, 3471, 3485, 3483, 3472,
-     3473, 3476, 3482, 3472, 3479, 3486, 3474, 3483, 3477, 3476,
-     3481, 3481, 3475, 3477, 3478, 3480, 3479, 3484, 3484, 3487,
-
-     3482, 3490, 3491, 3494, 3485, 3483, 3490, 3487, 3495, 3482,
-     3493, 3497, 3486, 3499, 3501, 3491, 3502, 3497, 3509, 3512,
-     3504, 3505, 3506,    0, 3484, 3501, 3487, 3502, 3514, 3491,
-     3494, 3493, 3505, 3490, 3511, 3495, 3517, 3493, 3497, 3510,
-     3499, 3501, 3504, 3502, 3506, 3509, 3510, 3504, 3505, 3506,
-     3513, 3512, 3511, 3519, 3513, 3514, 3515, 3518,    0, 3519,
-     3521, 3511, 3517, 3517, 3515, 3520, 3510, 3523, 3521, 3522,
-     3518, 3520, 3524, 3526, 3528, 3530, 3525, 3513, 3533, 3526,
-     3519, 3527, 3522, 3515, 3518, 3525, 3532, 3521, 3539, 3534,
-     3527, 3523, 3520, 3532, 3523, 3540, 3522, 3537, 3524, 3524,
-
-     3526, 3528, 3537, 3525, 3538, 3538, 3541, 3530, 3527, 3543,
-     3533, 3534, 3542, 3532, 3544, 3539, 3534, 3545, 3541, 3542,
-     3546, 3547, 3540, 3549, 3537, 3550,    0, 3546, 3543, 3548,
-     3544, 3538, 3550, 3541, 3551, 3545, 3543, 3548, 3549, 3542,
-     3552, 3544, 3553,    0, 3545, 3554, 3555, 3546,    0, 3561,
-     3549, 3556, 3550, 3547, 3557, 3543, 3548, 3554, 3562, 3563,
-     3564, 3551, 3552, 3565, 3561, 3562, 3563, 3552, 3569, 3553,
-     3555, 3566, 3554, 3555,    0, 3556, 3561, 3567, 3556, 3570,
-     3557, 3557, 3564, 3572, 3573, 3562, 3563, 3564, 3570, 3575,
-     3574, 3576, 3577, 3577, 3578, 3565,    0, 3575, 3566, 3580,
-
-     3569, 3567, 3577, 3584, 3567, 3572, 3570, 3587, 3583, 3581,
-     3572, 3573, 3574, 3582, 3580, 3582, 3575, 3574, 3581, 3577,
-     3577, 3578, 3583, 3576, 3585, 3587, 3580, 3586, 3589, 3590,
-     3584, 3591, 3585, 3593, 3587, 3583, 3581, 3592, 3586, 3594,
-     3582, 3595, 3596, 3597, 3598, 3600, 3593, 3599, 3603, 3601,
-        0, 3585,    0, 3599, 3586, 3589, 3590, 3604, 3591, 3592,
-     3593, 3594, 3598, 3601, 3592, 3607, 3594, 3610, 3595, 3596,
-     3597, 3598, 3600, 3611, 3599, 3608, 3601, 3602, 3602, 3604,
-     3603, 3614, 3616, 3617, 3604, 3618, 3608, 3616, 3617, 3614,
-     3619, 3622, 3607, 3618, 3610, 3619, 3620, 3623, 3623, 3624,
-
-     3611, 3625, 3608, 3628, 3602, 3629, 3627, 3624, 3614, 3616,
-     3617, 3632, 3618, 3627, 3625,    0, 3633, 3619, 3622, 3636,
-     3630, 3628, 3620, 3620, 3623, 3635, 3624, 3630, 3625, 3631,
-     3628, 3638, 3629, 3627, 3634, 3637, 3631, 3640, 3632, 3633,
-     3635, 3634, 3637, 3633, 3641, 3643, 3640, 3630, 3642,    0,
-     3649, 3636, 3635, 3643, 3638, 3642, 3631, 3644, 3638, 3645,
-     3648, 3634, 3637, 3651, 3640, 3653, 3648, 3652, 3654, 3656,
-     3655, 3657, 3643,    0,    0, 3642, 3641, 3649, 3653, 3644,
-     3658, 3645, 3662,    0, 3644, 3655, 3645, 3648, 3656, 3652,
-     3651, 3663, 3653, 3666, 3652, 3670, 3656, 3655, 3657, 3660,
-
-     3654, 3664, 3658, 3665, 3667, 3662, 3660, 3658, 3664, 3662,
-     3665,    0, 3668, 3663, 3669, 3666, 3670, 3672, 3663, 3667,
-     3666, 3673, 3670, 3669, 3678, 3674, 3660, 3668, 3664, 3673,
-     3665, 3667, 3674, 3675, 3677, 3678, 3672, 3679, 3679, 3668,
-     3675, 3669, 3685, 3677, 3672, 3681, 3683, 3679, 3673, 3680,
-     3684, 3678, 3674, 3686, 3689, 3680, 3688, 3684, 3694, 3695,
-     3675, 3677,    0, 3688, 3679, 3679, 3696, 3681, 3683, 3703,
-     3690, 3706, 3681, 3683, 3685, 3686, 3680, 3684, 3689, 3700,
-     3686, 3689, 3701, 3688, 3690, 3694, 3695, 3705, 3704, 3696,
-     3708, 3700, 3711, 3696, 3714, 3705, 3703, 3690, 3706, 3713,
-
-     3713, 3727, 3708, 3716, 3701, 3718, 3700, 3715, 3715, 3701,
-     3704, 3719, 3720, 3721, 3705, 3704, 3724, 3708, 3722, 3711,
-     3725, 3714, 3721, 3728, 3729, 3731, 3716, 3718, 3713, 3719,
-     3716, 3722, 3718, 3727, 3730, 3732, 3715, 3733, 3719, 3720,
-     3721, 3734, 3730, 3724, 3735, 3722, 3737, 3725, 3734, 3738,
-     3736, 3735, 3731, 3730, 3743, 3728, 3729, 3744, 3738, 3739,
-     3745, 3730, 3732, 3733, 3733, 3742, 3739, 3742, 3734, 3730,
-     3746, 3735, 3736, 3737, 3743, 3749, 3738, 3736, 3745, 3748,
-     3744, 3743, 3746, 3750, 3744, 3751, 3739, 3745, 3748, 3752,
-        0, 3753, 3742, 3754, 3755, 3756, 3757, 3746,    0, 3758,
-
-     3749, 3757, 3749, 3759, 3761, 3750, 3748, 3752, 3762, 3761,
-     3750, 3758, 3751,    0,    0, 3770, 3752, 3753, 3753, 3766,
-     3754, 3755, 3756, 3757, 3760, 3759, 3758, 3760, 3765, 3763,
-     3759, 3763, 3764, 3769, 3765, 3767, 3761, 3768, 3772, 3773,
-     3762, 3766, 3760, 3778, 3764, 3768, 3766, 3770, 3771, 3774,
-     3775, 3760, 3780, 3782, 3760, 3765, 3763, 3767, 3779, 3764,
-     3769, 3774, 3767, 3783, 3768, 3772, 3773, 3787, 3788, 3771,
-     3778, 3779, 3775, 3785, 3789, 3771, 3774, 3775, 3790, 3780,
-     3782, 3783, 3785, 3792, 3793, 3779, 3794, 3795, 3796, 3796,
-     3783, 3798, 3799, 3804, 3787, 3788, 3802, 3803, 3809,    0,
-
-     3785, 3789,    0, 3802, 3803, 3790,    0, 3806, 3810, 3798,
-     3792, 3793, 3811, 3794, 3795, 3796, 3804, 3805, 3798, 3799,
-     3804, 3806, 3815, 3802, 3803, 3809, 3810, 3811, 3814, 3805,
-     3812, 3817, 3820, 3806, 3806, 3810, 3819, 3812, 3816, 3811,
-     3814, 3818,    0, 3821, 3805, 3822, 3816, 3820, 3806, 3815,
-     3819, 3823, 3825, 3818, 3826, 3814,    0, 3812, 3817, 3820,
-     3822, 3830, 3831, 3819, 3825, 3816, 3832, 3835, 3818, 3821,
-     3821, 3831, 3822, 3833, 3833, 3834, 3835, 3838, 3823, 3825,
-     3837, 3826,    0, 3830, 3839, 3845, 3840, 3841, 3830, 3831,
-     3832, 3852, 3843, 3832, 3835, 3841, 3842, 3839, 3846, 3849,
-
-     3833, 3834, 3834, 3843, 3837, 3842, 3845, 3837, 3840, 3838,
-     3865, 3839, 3845, 3840, 3841, 3850, 3846, 3852, 3852, 3843,
-     3855, 3855, 3849, 3842, 3856, 3846, 3849, 3850, 3866, 3870,
-     3868, 3856, 3865, 3871, 3873, 3869, 3875, 3865, 3872, 3872,
-     3876, 3871, 3850, 3873, 3877, 3878, 3872, 3855, 3868, 3880,
-     3875, 3856, 3866, 3869, 3870, 3866, 3870, 3868, 3884, 3883,
-     3871, 3873, 3869, 3875, 3882, 3872, 3872, 3876, 3882, 3896,
-     3886, 3877, 3878, 3885, 3888, 3890, 3880, 3883, 3892, 3891,
-     3885, 3884, 3886, 3891, 3894, 3884, 3883, 3888, 3893, 3897,
-     3895, 3882,    0,    0, 3892, 3896, 3896, 3886,    0, 3899,
-
-     3885, 3888, 3895, 3897, 3898, 3892, 3891, 3890, 3899, 3894,
-     3893, 3894, 3898, 3900, 3903, 3893, 3897, 3895, 3901, 3904,
-     3901, 3902, 3905, 3906, 3900, 3908, 3899, 3907, 3909, 3906,
-     3910, 3898, 3903, 3902, 3904, 3914, 3909,    0, 3926, 3912,
-     3900, 3903, 3907,    0, 3905, 3901, 3904, 3908, 3902, 3905,
-     3906, 3911, 3908, 3912, 3907, 3909, 3913, 3910, 3911, 3919,
-     3915, 3916, 3914, 3917, 3918, 3926, 3912, 3915, 3925, 3916,
-     3913, 3918, 3924, 3928, 3927, 3925, 3929, 3932, 3911, 3931,
-     3930, 3919, 3917, 3913, 3933, 3924, 3919, 3915, 3916,    0,
-     3917, 3918, 3927, 3937, 3936, 3925, 3939, 3928, 3939, 3924,
-
-     3928, 3927, 3930, 3929, 3932, 3931, 3931, 3930, 3934, 3938,
-     3935, 3933, 3940, 3941, 3942, 3937, 3934, 3935, 3936, 3943,
-     3937, 3936, 3944, 3939, 3940, 3945, 3946, 3942, 3947, 3948,
-     3949, 3938, 3951, 3946, 3943, 3934, 3938, 3935, 3952, 3940,
-     3953, 3942, 3955, 3956, 3944, 3941, 3943, 3956, 3957, 3944,
-     3958, 3959, 3945, 3946, 3961, 3947, 3948, 3949, 3960, 3951,
-     3952, 3963, 3953, 3959, 3964, 3952, 3960, 3953, 3966, 3955,
-     3956, 3966, 3970, 3963, 3967, 3957, 3971, 3958, 3959, 3972,
-     3964, 3961, 3973, 3967, 3974, 3960, 3975, 3976, 3963,    0,
-     3973, 3964,    0, 3977, 3980, 3966, 3978, 3979, 3972, 3970,
-
-     3976, 3967, 3971, 3971, 3978, 3982, 3972, 3977, 3997, 3973,
-     3987, 3993,    0, 3988, 3976, 3990, 3974, 3993, 3975, 3979,
-     3977, 3980, 3987, 3978, 3979, 3988, 3994, 3990, 3996, 3999,
-        0, 4003, 3982, 3994, 3998, 3997, 4001, 3987, 3993, 4003,
-     3988, 3996, 3990, 4001, 4002, 3998, 4004, 4007, 4005, 4006,
-     4008, 4009, 3999, 3994,    0, 3996, 3999, 4006, 4003, 4012,
-     4004, 3998, 4005, 4001, 4013, 4012, 4002, 4019, 4020, 4007,
-     4013, 4002, 4008, 4004, 4007, 4005, 4006, 4008, 4009, 4014,
-     4015, 4016, 4021, 4022, 4017, 4019, 4012, 4015, 4014, 4027,
-     4016, 4013, 4017, 4023, 4019, 4020, 4024, 4027, 4028, 4025,
-
-     4026, 4032, 4033,    0, 4021, 4030, 4014, 4015, 4016, 4021,
-     4031, 4017, 4030, 4034, 4035, 4022, 4027, 4031, 4024, 4023,
-     4023, 4025, 4026, 4024, 4032, 4036, 4025, 4026, 4032, 4033,
-     4028, 4038, 4030, 4040, 4036, 4034, 4039, 4031, 4041, 4042,
-     4034, 4035, 4043, 4044, 4039, 4045, 4041, 4042, 4046, 4047,
-     4048, 4044, 4036, 4040, 4038, 4050, 4052, 4053, 4038, 4045,
-     4040, 4054,    0, 4039, 4054, 4041, 4042, 4055,    0, 4065,
-     4044, 4059, 4045,    0, 4043, 4046, 4047, 4048, 4052, 4054,
-     4060, 4050, 4050, 4052, 4053, 4056, 4058, 4057, 4054, 4055,
-     4064, 4054, 4065, 4056, 4055, 4057, 4065, 4059, 4059, 4068,
-
-     4058, 4069, 4060, 4070, 4064, 4067, 4067, 4060, 4071, 4069,
-     4074, 4072, 4056, 4058, 4057, 4075, 4073, 4064, 4074, 4076,
-     4078, 4079, 4077, 4087,    0, 4068, 4068,    0, 4069, 4070,
-     4070, 4080, 4067, 4072, 4071, 4071, 4073, 4074, 4072, 4081,
-     4083,    0, 4075, 4073, 4077, 4078, 4076, 4078, 4079, 4077,
-     4087, 4080, 4082, 4084, 4090, 4088, 4091, 4092, 4080, 4081,
-     4082, 4084, 4083, 4088, 4093, 4092, 4081, 4083, 4094, 4096,
-        0, 4100, 4093, 4099, 4103, 4104, 4090, 4097, 4091, 4082,
-     4084, 4090, 4088, 4091, 4092, 4097, 4101, 4105, 4107, 4098,
-     4110, 4093, 4113, 4114, 4094, 4094, 4096, 4098, 4100, 4099,
-
-     4099, 4103, 4104, 4111, 4097,    0, 4101, 4105,    0,    0,
-     4107, 4111, 4110, 4101, 4105, 4107, 4098, 4110, 4112, 4113,
-     4114,    0,    0,    0,    0,    0, 4112,    0,    0,    0,
-     4111,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-        0,    0,    0,    0,    0, 4112, 4118, 4118, 4118, 4118,
-     4118, 4118, 4118, 4119, 4119, 4119, 4119, 4119, 4119, 4119,
-     4120, 4120, 4120, 4120, 4120, 4120, 4120, 4121, 4121, 4121,
-     4121, 4121, 4121, 4121, 4122, 4122, 4122, 4122, 4122, 4122,
-     4122, 4123, 4123, 4123, 4123, 4123, 4123, 4123, 4124, 4124,
-     4124, 4124, 4124, 4124, 4124, 4126, 4126,    0, 4126, 4126,
-
-     4126, 4126, 4127, 4127,    0,    0,    0, 4127, 4127, 4128,
-     4128,    0,    0, 4128,    0, 4128, 4129,    0,    0,    0,
-        0,    0, 4129, 4130, 4130,    0,    0,    0, 4130, 4130,
-     4131,    0,    0,    0,    0,    0, 4131, 4132, 4132,    0,
-     4132, 4132, 4132, 4132, 4133,    0,    0,    0,    0,    0,
-     4133, 4134, 4134,    0,    0,    0, 4134, 4134, 4135, 4135,
-        0, 4135, 4135, 4135, 4135, 4117, 4117, 4117, 4117, 4117,
-     4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117,
-     4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117,
-     4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117,
-
-     4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117,
-     4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117,
-     4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117, 4117,
-     4117, 4117
+     1841, 1837, 1844, 1846, 1830, 1839, 1845, 1840, 1852, 1847,
+     1843, 1848, 1847, 1844, 1855, 1844, 1850, 1852, 1845, 1843,
+     1854, 1850, 1848, 1846, 1856, 1859, 1844, 1847, 1850, 1844,
+     1846, 1857, 1853, 1845, 1853, 1852, 1847, 1861, 1848, 1847,
+     1844, 1855, 1844, 1850, 1854, 1858, 1857, 1854, 1850, 1859,
+     1860, 1856, 1859, 1862, 1858, 1863, 1864, 1866, 1857, 1853,
+
+     1865, 1867, 1860, 1863, 1861, 1868, 1870, 1862, 1869, 1877,
+     1865, 1868, 1858, 1872, 1870, 1871, 1878, 1860, 1864, 1866,
+     1862, 1873, 1863, 1864, 1866, 1867, 1871, 1865, 1867, 1873,
+     1869, 1872, 1868, 1870, 1874, 1869, 1875, 1874, 1876, 1875,
+     1872, 1877, 1871, 1878, 1880, 1881, 1879, 1883, 1873, 1882,
+     1885, 1880, 1874, 1886, 1887, 1885, 1876, 1884, 1882, 1881,
+     1883, 1874, 1892, 1875, 1874, 1876, 1879, 1893, 1884, 1887,
+        0, 1880, 1881, 1879, 1883, 1886, 1882, 1890, 1891, 1890,
+     1886, 1887, 1885, 1895, 1884, 1894, 1901, 1891, 1892, 1892,
+        0, 1893,    0, 1896, 1893, 1897, 1894, 1896, 1899, 1898,
+
+        0, 1895, 1898, 1900, 1890, 1891, 1902, 1903, 1901, 1897,
+     1895, 1899, 1894, 1901, 1904, 1909, 1914, 1898,    0, 1896,
+     1896, 1897, 1897, 1904, 1896, 1899, 1898, 1900, 1909, 1898,
+     1900, 1903, 1902, 1902, 1903, 1906, 1897, 1905, 1910, 1912,
+     1907, 1904, 1909, 1905, 1906, 1907, 1911, 1913, 1914, 1915,
+     1910, 1911, 1916, 1917, 1919, 1918, 1920, 1921, 1915, 1926,
+     1913, 1912, 1906, 1923, 1905, 1910, 1912, 1919, 1924, 1927,
+     1923, 1929, 1907, 1911, 1913, 1924, 1915, 1918, 1921, 1916,
+     1925, 1919, 1918, 1927, 1921, 1917, 1928, 1931, 1920, 1933,
+     1923, 1926, 1928, 1925, 1934, 1924, 1927, 1933, 1936,    0,
+
+     1935, 1937, 1934, 1929, 1938,    0, 1931, 1925, 1935, 1944,
+     1928, 1940, 1939, 1928, 1931,    0, 1933, 1936, 1941, 1928,
+     1942, 1934, 1938, 1937, 1943, 1936, 1939, 1935, 1937, 1940,
+     1944, 1938, 1941, 1942, 1945, 1946, 1944, 1943, 1940, 1939,
+     1955, 1947, 1948, 1949, 1952, 1941, 1950, 1942, 1953, 1951,
+     1954, 1943, 1952, 1950, 1956, 1960, 1948, 1944, 1951, 1956,
+        0, 1962,    0, 1957, 1954, 1947, 1945, 1946, 1947, 1948,
+     1949, 1952, 1955, 1950, 1957, 1953, 1951, 1954, 1958, 1961,
+     1963, 1956, 1960, 1967, 1962, 1964, 1961, 1958, 1962, 1965,
+     1957, 1966, 1964, 1968, 1977,    0, 1973, 1968, 1970, 1972,
+
+     1974, 1967, 1963,    0, 1975, 1958, 1961, 1963, 1981, 1970,
+     1967, 1965, 1964, 1966, 1973, 1972, 1965, 1976, 1966, 1975,
+     1968, 1977, 1970, 1973, 1974, 1970, 1972, 1974, 1979, 1976,
+     1978, 1975, 1980, 1983, 1982, 1981, 1970, 1985, 1978, 1987,
+     1980, 1989, 1984, 1979, 1976, 1986, 1983, 1988, 1989, 1993,
+     1991,    0, 1985, 1997, 1987, 1979, 1982, 1978, 1991, 1980,
+     1983, 1982, 1984, 1988, 1985, 1986, 1987, 1994, 1989, 1984,
+     1995, 1992, 1986, 2003, 1988, 1996, 1998, 1991, 1992, 1995,
+     1997, 1993, 1994, 1999, 2000, 2002, 2005, 2004, 2007, 2008,
+     1999, 2011, 2010,    0, 1994, 2006, 1996, 1995, 1992, 2004,
+
+     1998,    0, 1996, 1998, 2005, 2003, 2006, 2002, 2009, 2029,
+     1999, 2000, 2002, 2005, 2004, 2011, 2008, 2010, 2011, 2010,
+     2007, 2012, 2006, 2009, 2013, 2014,    0, 2015, 2012, 2013,
+     2019, 2016, 2018, 2017, 2014, 2009, 2015, 2020,    0, 2021,
+     2022, 2029,    0,    0, 2028, 2019, 2026,    0, 2012, 2020,
+     2018, 2013, 2014, 2016, 2015, 2017, 2023, 2019, 2016, 2018,
+     2017, 2021, 2022, 2024, 2020, 2025, 2021, 2022, 2026, 2023,
+     2024, 2028, 2025, 2026, 2023, 2030, 2027, 2033, 2032, 2040,
+     2035, 2030,    0, 2023, 2037, 2033, 2034, 2025, 2027, 2032,
+     2024, 2035, 2025, 2036, 2034, 2038, 2023, 2038, 2041, 2025,
+
+     2036, 2039, 2030, 2027, 2033, 2032, 2040, 2035, 2038, 2037,
+     2042, 2037, 2043, 2034, 2044, 2045, 2048, 2042,    0, 2050,
+     2036, 2045, 2038, 2046, 2038, 2041, 2047, 2039, 2039, 2046,
+     2053, 2049, 2047, 2051, 2055,    0, 2054, 2042, 2057, 2043,
+     2044, 2044, 2045, 2048, 2056, 2054, 2058, 2059, 2056, 2059,
+     2046, 2050, 2060, 2047, 2049, 2061, 2057, 2051, 2049, 2063,
+     2051, 2064, 2053, 2054, 2069, 2057, 2055, 2067, 2058, 2066,
+     2062, 2056, 2065, 2058, 2059, 2066, 2060, 2062, 2068, 2060,
+     2070, 2063, 2061, 2071, 2065, 2073, 2063, 2076, 2064, 2067,
+     2069, 2069, 2073,    0, 2067, 2074, 2066, 2062, 2079, 2065,
+
+     2068, 2075, 2070, 2088, 2074, 2068, 2077, 2070, 2075, 2072,
+     2072, 2072, 2073, 2077, 2078, 2071, 2072, 2080, 2079, 2076,
+     2084, 2078, 2074, 2085, 2072, 2079, 2082, 2083, 2075, 2086,
+     2087, 2082, 2084, 2077, 2089, 2088, 2072, 2072, 2072, 2080,
+     2083, 2078, 2087, 2072, 2080, 2086, 2090, 2084, 2085, 2091,
+     2085, 2092, 2089, 2090, 2083, 2093, 2086, 2087, 2082, 2092,
+     2094, 2089, 2091, 2095, 2093, 2097, 2094, 2096, 2096, 2099,
+     2098, 2113, 2100, 2090, 2099, 2101, 2091, 2098, 2092, 2102,
+     2106, 2103, 2093, 2107, 2109, 2107, 2108, 2094, 2103, 2112,
+     2095, 2097, 2097, 2115, 2096, 2112, 2099, 2098, 2100, 2100,
+
+     2111, 2115, 2101, 2113, 2108, 2118, 2102, 2106, 2103, 2114,
+     2107, 2109, 2116, 2108, 2120, 2114, 2112, 2117, 2111, 2119,
+     2115, 2125, 2121, 2116, 2124, 2119, 2120, 2111,    0, 2122,
+     2117, 2129, 2118, 2123, 2123, 2130, 2114, 2126, 2126, 2116,
+     2131, 2120, 2121, 2127, 2117, 2134, 2119, 2122, 2125, 2121,
+     2124, 2124, 2132, 2133, 2127, 2138, 2122, 2130, 2135, 2132,
+     2123, 2137, 2130, 2129, 2126, 2139, 2141, 2140, 2143, 2137,
+     2127,    0, 2131, 2133, 2142, 2143, 2145, 2134, 2147, 2132,
+     2133, 2146, 2144, 2135, 2141, 2135, 2142, 2138, 2137, 2140,
+     2144, 2150, 2139, 2141, 2140, 2143, 2146, 2148, 2149, 2149,
+
+     2145, 2142, 2147, 2145, 2151, 2147, 2148, 2152, 2146, 2144,
+     2153, 2154, 2156, 2155, 2152,    0, 2157, 2150, 2150, 2163,
+     2158, 2161, 2164, 2157, 2148, 2149, 2154, 2151, 2161, 2159,
+     2162, 2151, 2158, 2165, 2152, 2162, 2165, 2173, 2154, 2155,
+     2155, 2163, 2153, 2157, 2156, 2159, 2163, 2158, 2161, 2164,
+     2166, 2167, 2159, 2169, 2172, 2173, 2159, 2162, 2166, 2170,
+     2165, 2169, 2171, 2167, 2173, 2174, 2175, 2176, 2178, 2177,
+     2179, 2181, 2159,    0, 2177, 2172, 2179, 2166, 2167, 2181,
+     2169, 2172, 2170, 2182, 2175, 2177, 2170, 2180, 2171, 2171,
+     2176, 2186, 2174, 2175, 2176, 2178, 2177, 2179, 2181, 2183,
+
+     2180, 2177, 2184, 2187, 2185, 2182, 2183, 2188,    0, 2184,
+     2182, 2185, 2187, 2189, 2180, 2191,    0, 2192, 2190, 2188,
+        0, 2195, 2196, 2186, 2193, 2199, 2183, 2196, 2198, 2184,
+     2187, 2185, 2190, 2201, 2188, 2189, 2202, 2203, 2196, 2195,
+     2189, 2202, 2191, 2192, 2192, 2190, 2197, 2193, 2195, 2196,
+     2198, 2193, 2199, 2197, 2196, 2198, 2205, 2206, 2206, 2207,
+     2201, 2209, 2208, 2211, 2212, 2213, 2216, 2219, 2202, 2203,
+     2214, 2218, 2215, 2197, 2215, 2221,    0, 2208, 2211, 2219,
+     2213, 2207, 2220,    0, 2206, 2224, 2207, 2212, 2205, 2208,
+     2211, 2212, 2213, 2209, 2219, 2217, 2214, 2214, 2216, 2215,
+
+     2217, 2223, 2221, 2218, 2220, 2222, 2225, 2224, 2223, 2220,
+     2227, 2228, 2224, 2222, 2229, 2231, 2232,    0, 2233, 2228,
+     2234, 2225, 2217, 2235, 2236, 2227, 2237, 2238, 2223, 2240,
+     2242,    0, 2222, 2225,    0, 2241, 2229, 2227, 2228, 2238,
+     2232, 2229, 2231, 2232, 2233, 2233, 2239, 2234, 2243, 2235,
+     2235, 2236, 2242, 2239, 2238,    0, 2241, 2242, 2237, 2244,
+     2246, 2240, 2241, 2247, 2249, 2251, 2250, 2253, 2247, 2243,
+     2252, 2251, 2254, 2239, 2259, 2243,    0, 2244,    0, 2253,
+     2258, 2256, 2246, 2264, 2261, 2252, 2244, 2246, 2249, 2250,
+     2257, 2249, 2251, 2250, 2253, 2247, 2256, 2252, 2254, 2254,
+
+     2260, 2259, 2258, 2262, 2263, 2257, 2261, 2258, 2256, 2265,
+     2264, 2261, 2267, 2269, 2266, 2268, 2265, 2257, 2260, 2272,
+     2270, 2267, 2271, 2268,    0, 2262, 2273, 2260, 2263, 2275,
+     2262, 2263, 2266, 2276, 2274, 2273, 2265, 2278, 2275, 2267,
+     2280, 2266, 2268, 2270, 2271, 2269, 2276, 2270, 2278, 2271,
+     2279, 2272, 2274, 2273, 2281, 2282, 2275, 2283, 2280, 2279,
+     2276, 2274, 2282, 2278, 2278, 2285, 2287, 2280, 2284, 2291,
+     2286, 2288, 2281,    0, 2299, 2278, 2286, 2279, 2293, 2294,
+     2285, 2281, 2282, 2283, 2283, 2288, 2284, 2299, 2287, 2295,
+     2294, 2298, 2285, 2287, 2302, 2284, 2291, 2286, 2288, 2296,
+
+     2295, 2299, 2293, 2298, 2300, 2293, 2294, 2301, 2303,    0,
+     2296, 2304, 2307, 2315, 2306, 2310, 2295, 2301, 2298, 2305,
+     2302, 2302, 2311, 2306, 2304, 2308, 2296, 2313,    0, 2314,
+     2316, 2313, 2318, 2303, 2301, 2303, 2300, 2318, 2304, 2307,
+     2305, 2306, 2310, 2316, 2308, 2315, 2305, 2317, 2311, 2311,
+     2314, 2319, 2308, 2320, 2313, 2321, 2314, 2316, 2319, 2318,
+     2322, 2323, 2324, 2321, 2327, 2327, 2322, 2317, 2328, 2326,
+     2330, 2325,    0, 2329, 2317, 2330, 2323, 2324, 2319, 2320,
+     2320, 2321, 2321, 2325, 2326, 2329, 2328, 2322, 2323, 2324,
+     2321, 2327, 2334, 2331, 2364, 2328, 2326, 2331, 2325, 2334,
+
+     2329, 2336, 2330, 2335, 2332, 2332, 2337, 2335, 2332, 2338,
+     2339,    0, 2341, 2343, 2340, 2344, 2336, 2339, 2338, 2334,
+     2331, 2332,    0, 2342,    0, 2347, 2364, 2344, 2336, 2332,
+     2335, 2332, 2332, 2337, 2341, 2332, 2338, 2339, 2340, 2341,
+     2343, 2340, 2344, 2348, 2345, 2349, 2351, 2347, 2332, 2342,
+     2342, 2345, 2347, 2350, 2349, 2356, 2354,    0, 2357, 2360,
+        0, 2361, 2359,    0, 2356, 2369, 2351, 2362, 2348, 2361,
+     2348, 2345, 2349, 2351, 2354, 2350, 2357, 2359, 2367, 2362,
+     2350, 2372, 2356, 2354, 2360, 2357, 2360, 2368, 2361, 2359,
+     2363, 2365, 2369, 2371, 2362, 2370, 2370, 2363, 2365, 2374,
+
+     2368, 2375, 2376, 2367, 2377, 2367, 2372, 2379, 2372, 2378,
+     2380, 2376,    0, 2377, 2368, 2371, 2378, 2363, 2365, 2381,
+     2371, 2374, 2370, 2375, 2384, 2382, 2374, 2394, 2375, 2376,
+     2383, 2377, 2380, 2381, 2386, 2383, 2378, 2380, 2388, 2379,
+     2382, 2387, 2386, 2384, 2389, 2392, 2381, 2390, 2391, 2393,
+        0, 2384, 2382, 2388, 2387, 2395, 2393, 2392, 2396, 2394,
+     2397, 2386, 2383, 2398, 2391, 2388, 2400, 2401, 2387, 2399,
+     2403, 2389, 2392, 2390, 2390, 2391, 2393, 2395, 2399, 2404,
+     2408, 2402, 2395, 2396, 2405, 2396, 2406, 2407,    0, 2402,
+        0,    0, 2397,    0, 2404, 2398, 2399, 2403, 2400, 2401,
+
+     2402, 2411, 2408,    0, 2413, 2407, 2404, 2408, 2402, 2409,
+     2405, 2405, 2406, 2406, 2407, 2414, 2402, 2412, 2409, 2416,
+     2412, 2414, 2415, 2417, 2411, 2418, 2422, 2415, 2411, 2413,
+     2421, 2413, 2428, 2423, 2416, 2412, 2409, 2420,    0,    0,
+     2418, 2417, 2414, 2427, 2412, 2421, 2416, 2412, 2422, 2425,
+     2417, 2420, 2418, 2422, 2415, 2423, 2426, 2421, 2429, 2428,
+     2423, 2427, 2430, 2425, 2420, 2431, 2432, 2429, 2426, 2434,
+     2427, 2430, 2435, 2438, 2431, 2426, 2425, 2432, 2433, 2436,
+     2433, 2441, 2434, 2426, 2435, 2429,    0, 2439, 2438, 2430,
+     2440, 2442, 2431, 2432, 2443, 2426, 2434, 2440, 2444, 2435,
+
+     2438, 2436, 2439, 2441,    0, 2433, 2436, 2444, 2441, 2447,
+     2449, 2450, 2443, 2442, 2439, 2450, 2451, 2440, 2442, 2455,
+     2452, 2443, 2447, 2454, 2453, 2444, 2453, 2456, 2451, 2452,
+     2447, 2449, 2457, 2458, 2460,    0, 2447, 2449, 2450,    0,
+     2459, 2454, 2458, 2451, 2461, 2456, 2455, 2452, 2459, 2447,
+     2454, 2453, 2463, 2467, 2456, 2462, 2464, 2460, 2470, 2457,
+     2458, 2460, 2466, 2464, 2463, 2471, 2461, 2459, 2468, 2462,
+     2466, 2461, 2469, 2468, 2472, 2474, 2481, 2469, 2490, 2463,
+     2475, 2477, 2462, 2464, 2480, 2467, 2484, 2475, 2477, 2466,
+     2470, 2482, 2479, 2480, 2474, 2468, 2479, 2471, 2472, 2485,
+
+     2486, 2472, 2474, 2481, 2469, 2482, 2483, 2475, 2477, 2488,
+     2490, 2480, 2487, 2484, 2494, 2486, 2482, 2482, 2482, 2479,
+     2493, 2487, 2491, 2494, 2483, 2485, 2485, 2486, 2492, 2496,
+     2488, 2495, 2482, 2483, 2491, 2492, 2488, 2497, 2498, 2487,
+     2500, 2494, 2493, 2482, 2501, 2502, 2503, 2493, 2505, 2491,
+     2505, 2501, 2506, 2503, 2508, 2492, 2496, 2495, 2495, 2497,
+     2509, 2507, 2510, 2500, 2497, 2507, 2508, 2500, 2502, 2509,
+     2498, 2501, 2502, 2503, 2506, 2505, 2511, 2514, 2516, 2506,
+     2512, 2508,    0, 2513, 2510, 2511, 2517, 2509, 2507, 2510,
+     2513, 2512, 2515, 2519, 2518, 2521, 2521, 2515, 2528, 2514,
+
+     2526, 2523, 2520, 2511, 2514, 2516, 2518, 2512, 2522, 2517,
+     2513, 2520, 2525, 2517, 2526, 2519, 2523, 2522, 2524, 2515,
+     2519, 2518, 2521, 2527, 2530, 2528, 2524, 2526, 2523, 2520,
+     2531,    0, 2527, 2532, 2525, 2522, 2533, 2535, 2531, 2525,
+     2535, 2532, 2534, 2530, 2533, 2524, 2534, 2536, 2537, 2540,
+     2527, 2530, 2538, 2539, 2537, 2536, 2542, 2531, 2541, 2539,
+     2532,    0, 2551, 2533, 2535, 2544, 2548, 2538, 2546, 2534,
+     2547, 2549, 2552,    0, 2536, 2537, 2541, 2544, 2553, 2538,
+     2539, 2540, 2546, 2547, 2550, 2541, 2554, 2548, 2542, 2551,
+     2556, 2550, 2544, 2548, 2552, 2546, 2549, 2547, 2549, 2552,
+
+     2554, 2555, 2553, 2556, 2555, 2553, 2557,    0, 2558, 2559,
+        0, 2550, 2560, 2554, 2561, 2562, 2567, 2556, 2563, 2569,
+     2557,    0, 2565, 2572, 2564, 2565, 2573, 2562, 2555, 2568,
+     2563, 2569, 2570, 2557, 2558, 2558, 2559, 2560, 2564, 2560,
+        0, 2561, 2562, 2567, 2571, 2563, 2569, 2571, 2565, 2565,
+     2572, 2564, 2565, 2573, 2574, 2568, 2568, 2576, 2570, 2570,
+     2577, 2578, 2571, 2579, 2583, 2584, 2580, 2577, 2578, 2582,
+     2586, 2571, 2588, 2587, 2571, 2591, 2574, 2585, 2579, 2576,
+     2580, 2574, 2587, 2582, 2576, 2585, 2589, 2577, 2578, 2590,
+     2579, 2583, 2584, 2580, 2592, 2593, 2582, 2586, 2589, 2588,
+
+     2587, 2594, 2591, 2595, 2585, 2596, 2598, 2597, 2593,    0,
+     2595, 2590, 2599, 2589, 2602, 2600, 2590, 2597, 2603, 2594,
+     2605, 2592, 2593, 2600, 2607, 2599, 2609, 2604, 2594, 2606,
+     2595, 2596, 2596, 2598, 2597, 2604, 2602, 2608, 2606, 2599,
+     2610, 2602, 2600, 2611, 2612, 2603, 2607, 2605, 2613, 2614,
+     2609, 2607, 2612, 2609, 2604, 2610, 2606, 2616, 2608, 2618,
+     2613, 2619, 2625,    0, 2608, 2617, 2610, 2610, 2622, 2616,
+     2611, 2612, 2621, 2617, 2614, 2613, 2614, 2623, 2624, 2621,
+     2622, 2623, 2610, 2626, 2616, 2625, 2618, 2628, 2627, 2625,
+     2624, 2629, 2617, 2619, 2628, 2622, 2627, 2630, 2629, 2621,
+
+     2631,    0,    0, 2636, 2623, 2624, 2637, 2640, 2633,    0,
+     2626, 2634, 2632, 2637, 2628, 2627, 2640,    0, 2629, 2630,
+     2633, 2632, 2638, 2631, 2630, 2634, 2646, 2631, 2632, 2632,
+     2636, 2639, 2641, 2637, 2640, 2633, 2632, 2634, 2634, 2632,
+     2644, 2641, 2638, 2645, 2639, 2642, 2643, 2643, 2632, 2638,
+     2649, 2646, 2634, 2646, 2647, 2632, 2632, 2642, 2639, 2641,
+     2650, 2645, 2651, 2652, 2653, 2655, 2644, 2644,    0, 2647,
+     2645, 2647, 2642, 2643, 2654, 2650, 2654, 2656, 2647, 2655,
+     2658, 2647, 2649, 2656, 2651, 2652, 2653, 2650, 2657, 2651,
+     2652, 2653, 2655, 2659, 2659, 2661, 2647, 2662, 2647, 2663,
+
+     2664, 2654, 2658, 2665, 2656, 2666, 2657, 2658,    0, 2669,
+        0, 2670, 2664, 2668,    0, 2657, 2672, 2661, 2672, 2662,
+     2659, 2663, 2661, 2667, 2662, 2668, 2663, 2664, 2673, 2667,
+     2671, 2676, 2674, 2670,    0, 2665, 2677, 2666, 2670, 2675,
+     2668, 2669, 2673, 2672, 2678, 2681, 2675, 2679, 2680, 2676,
+     2667, 2682, 2671, 2683, 2677, 2673, 2674, 2671, 2676, 2674,
+     2685, 2680, 2678, 2677, 2688, 2679, 2675, 2685, 2689, 2690,
+     2691, 2678, 2687, 2692, 2679, 2680, 2683, 2681, 2691, 2687,
+     2683, 2693, 2688, 2682, 2694,    0, 2695, 2685, 2696, 2692,
+     2701, 2688, 2699, 2700, 2689, 2689, 2691, 2691,    0, 2687,
+
+     2692, 2690, 2694, 2699, 2700, 2691, 2693, 2697, 2693, 2697,
+     2696, 2694, 2695, 2695, 2697, 2696, 2702, 2701, 2705, 2699,
+     2700, 2703, 2704, 2708, 2706, 2714,    0, 2711, 2702, 2713,
+     2709,    0, 2710,    0, 2697,    0, 2697, 2705, 2708, 2703,
+     2704, 2709, 2711, 2702, 2710, 2705, 2706, 2714, 2703, 2704,
+     2708, 2706, 2714, 2713, 2711, 2715, 2713, 2709, 2716, 2710,
+     2717, 2718, 2715, 2719, 2720, 2721, 2727, 2722, 2724,    0,
+     2728,    0, 2721, 2725, 2726, 2717, 2716, 2730,    0, 2732,
+        0, 2729, 2715, 2734,    0, 2716, 2738, 2717, 2718,    0,
+     2719, 2720, 2721, 2722, 2722, 2724, 2726, 2725, 2727, 2729,
+
+     2725, 2726, 2728, 2731, 2730, 2732, 2732, 2733, 2729, 2734,
+     2734, 2735, 2736,    0, 2737, 2739, 2731, 2744, 2738,    0,
+     2736, 2740, 2733, 2742, 2735, 2743,    0, 2747, 2739, 2745,
+     2731, 2746,    0, 2751, 2733, 2762,    0, 2748, 2735, 2736,
+     2737, 2737, 2739, 2740, 2744, 2747, 2742, 2750, 2740, 2743,
+     2742, 2745, 2743, 2746, 2747, 2748, 2745, 2752, 2746, 2749,
+     2751, 2754, 2755, 2758, 2748, 2756, 2749, 2762, 2757, 2755,
+     2750, 2752, 2756, 2759, 2750, 2757, 2758, 2761, 2760, 2768,
+     2763,    0, 2764, 2754, 2752, 2760, 2749, 2768, 2754, 2755,
+     2758, 2765, 2756, 2766, 2767, 2757, 2759, 2772, 2777, 2761,
+
+     2759, 2763, 2769, 2767, 2761, 2760, 2768, 2763, 2764, 2764,
+     2769, 2770, 2774, 2765, 2775, 2776, 2771, 2778, 2765, 2766,
+     2766, 2767, 2771, 2780, 2772, 2775, 2779, 2774, 2782, 2769,
+     2777, 2784, 2787, 2770, 2785,    0, 2786, 2776, 2770, 2774,
+     2788, 2775, 2776, 2771, 2784, 2779, 2782, 2785, 2780, 2778,
+     2780, 2790, 2791, 2779,    0, 2782, 2787, 2792, 2784, 2787,
+     2794, 2785, 2786, 2786, 2791, 2797, 2788, 2788, 2793, 2793,
+     2798, 2800, 2801, 2803, 2799, 2790, 2806,    0, 2790, 2791,
+     2810, 2792, 2802, 2814, 2792, 2808, 2794, 2794, 2797, 2799,
+     2801, 2803, 2797, 2810, 2808, 2793, 2816, 2811, 2800, 2801,
+
+     2803, 2799, 2798, 2806, 2802, 2814, 2817, 2810, 2811, 2802,
+     2814, 2818, 2808, 2815, 2815, 2817, 2822, 2818, 2824, 2820,
+     2821, 2826, 2816, 2816, 2811, 2827,    0,    0, 2828, 2830,
+        0, 2833, 2827, 2817, 2830, 2831, 2834, 2829, 2818, 2833,
+     2815, 2820, 2821, 2822, 2835, 2824, 2820, 2821, 2829, 2837,
+     2836, 2840, 2827, 2826, 2828, 2828, 2830, 2831, 2833, 2835,
+     2834, 2839, 2831, 2834, 2829, 2836, 2841, 2842, 2844, 2840,
+     2843, 2835, 2839, 2846, 2847,    0, 2837, 2836, 2840, 2843,
+     2844, 2849, 2850, 2860, 2848,    0, 2851, 2841, 2839,    0,
+     2853, 2852, 2847, 2841,    0, 2844, 2854, 2843, 2851, 2842,
+
+     2846, 2847, 2848, 2852, 2859, 2849, 2857, 2850, 2849, 2850,
+     2860, 2848, 2853, 2851, 2854, 2857, 2855, 2853, 2852, 2856,
+     2856, 2863, 2861, 2854, 2855, 2862, 2864, 2856, 2865, 2866,
+     2859, 2859, 2867, 2857, 2862,    0, 2870, 2874, 2868, 2863,
+     2864,    0, 2869, 2855, 2861, 2867, 2856, 2856, 2863, 2861,
+     2865, 2868, 2862, 2864, 2866, 2865, 2866, 2869, 2870, 2867,
+     2871, 2872, 2873, 2870, 2874, 2868, 2875, 2871, 2872, 2869,
+     2876, 2877, 2878, 2881,    0, 2879, 2880, 2886, 2875,    0,
+     2883,    0, 2881, 2882, 2873, 2884,    0, 2871, 2872, 2873,
+     2879, 2885, 2886, 2875, 2888,    0, 2892, 2876, 2877, 2878,
+
+     2881, 2880, 2879, 2880, 2886, 2882, 2883, 2883, 2887, 2888,
+     2882, 2884, 2884, 2889, 2891, 2887, 2890, 2885, 2885, 2893,
+     2889, 2888, 2890, 2892, 2894, 2891, 2895, 2893, 2896, 2897,
+     2898, 2901, 2899, 2900,    0, 2887, 2905, 2907, 2901, 2902,
+     2889, 2891, 2903, 2890, 2896, 2898, 2893, 2904, 2900, 2903,
+     2906, 2894, 2899, 2895, 2904, 2896, 2897, 2898, 2901, 2899,
+     2900, 2902, 2910, 2905, 2907, 2909, 2902, 2912, 2906, 2903,
+     2908, 2908, 2909, 2913, 2904, 2911, 2910, 2906, 2911, 2915,
+     2912, 2914, 2916, 2917, 2915, 2918, 2919, 2920,    0, 2910,
+     2924, 2913, 2909, 2921, 2912, 2924, 2914, 2908, 2917, 2920,
+
+     2913, 2926, 2911, 2927, 2919, 2921, 2915, 2916, 2914, 2916,
+     2917, 2918, 2918, 2919, 2920, 2923, 2925, 2924, 2928, 2930,
+     2921, 2925, 2928, 2926, 2923, 2929, 2931, 2933, 2926, 2932,
+     2927, 2934, 2930, 2936,    0, 2935,    0, 2940,    0, 2941,
+        0, 2943, 2923, 2925,    0, 2928, 2930, 2945, 2931, 2929,
+     2935, 2932, 2929, 2931, 2933, 2940, 2932,    0, 2934, 2936,
+     2936, 2944, 2935, 2945, 2940, 2941, 2941, 2943, 2943, 2946,
+     2944, 2947, 2949, 2950, 2945, 2951, 2954, 2946, 2952, 2949,
+     2951, 2956, 2950, 2947, 2953, 2952, 2955, 2962, 2944, 2960,
+     2957, 2953, 2958, 2955, 2954, 2959, 2946, 2957, 2947, 2949,
+
+     2950, 2958, 2951, 2954, 2959, 2952, 2956, 2963, 2956, 2966,
+     2962, 2953, 2964, 2955, 2962, 2960, 2960, 2957, 2965, 2958,
+     2967, 2970, 2959, 2965, 2969, 2964, 2971, 2966, 2972, 2973,
+     2974, 2975, 2976, 2978, 2963, 2971, 2966, 2972, 2973, 2964,
+     2977, 2976, 2969, 2975, 2978, 2965, 2979, 2967, 2970, 2977,
+     2974, 2969, 2980, 2971, 2979, 2972, 2973, 2974, 2975, 2976,
+     2978, 2981, 2982, 2983, 2984, 2985, 2987, 2977, 2986, 2989,
+     2990, 2991, 2985, 2979, 2992, 2980,    0, 2986, 2997, 2980,
+        0, 2998, 2982, 2992, 2981, 2993, 2994, 2987, 2981, 2982,
+     2983, 2984, 2985, 2987, 2993, 2986, 2989, 2990, 2994, 2995,
+
+     2997, 2992, 2996, 2991, 2999, 2997, 3002, 2995, 2998, 3000,
+     3001, 2999, 2993, 2994, 3003, 2996, 3000, 3001, 3004, 3006,
+     3005, 3007, 3002, 3009, 3008, 3004, 2995, 3011, 3012, 2996,
+     3003, 2999, 3013, 3002, 3015, 3011, 3000, 3001, 3017, 3020,
+     3013, 3003, 3005,    0, 3006, 3004, 3006, 3005, 3007, 3008,
+     3009, 3008, 3015, 3017, 3011, 3012, 3016, 3019, 3022, 3013,
+     3018, 3015, 3021, 3023, 3016, 3017, 3020, 3018, 3024, 3021,
+     3023, 3027, 3028, 3029, 3030, 3033, 3024, 3032, 3027, 3019,
+     3022, 3028, 3031, 3016, 3019, 3022, 3032, 3018, 3036, 3021,
+     3023, 3034, 3040, 3035, 3031, 3024, 3038, 3029, 3027, 3028,
+
+     3029, 3030, 3033, 3041, 3032, 3035, 3042, 3034, 3038, 3031,
+     3039, 3036, 3047, 3040, 3043, 3036, 3048, 3045, 3034, 3040,
+     3035, 3046, 3039, 3038, 3047, 3051, 3041, 3050, 3043, 3057,
+     3041, 3045,    0, 3042, 3051, 3046, 3052, 3039, 3055, 3047,
+     3059, 3043, 3053, 3048, 3045, 3049, 3049, 3050, 3046, 3053,
+     3052, 3056, 3051, 3054, 3050, 3059, 3057, 3055, 3056, 3049,
+     3061, 3054, 3062, 3052, 3060, 3055, 3063, 3059, 3064, 3053,
+     3065,    0, 3049, 3049, 3066, 3068, 3064, 3069, 3056, 3071,
+     3054, 3067, 3060, 3061, 3073, 3078, 3068, 3061, 3062, 3062,
+     3073, 3060, 3069, 3063, 3077, 3064, 3066, 3065, 3070, 3067,
+
+     3080, 3066, 3068, 3078, 3069, 3070, 3071, 3087, 3067, 3079,
+     3081, 3073, 3078, 3084, 3079, 3082, 3083, 3085,    0, 3088,
+     3077, 3077, 3091, 3086, 3081, 3070, 3088, 3080,    0, 3082,
+     3083, 3084, 3094, 3089, 3087, 3085, 3079, 3081, 3097, 3096,
+     3084, 3086, 3082, 3083, 3085, 3089, 3088, 3098, 3099, 3091,
+     3086, 3097, 3101, 3102, 3094, 3100, 3104,    0,    0, 3094,
+     3089, 3096, 3106, 3100, 3107, 3097, 3096, 3099, 3104, 3098,
+     3101, 3109, 3102, 3108, 3098, 3099, 3110, 3111, 3112, 3101,
+     3102, 3115, 3100, 3104, 3106, 3108, 3107, 3113, 3114, 3106,
+     3112, 3107, 3116, 3118, 3117, 3120, 3114, 3119, 3109, 3111,
+
+     3108, 3121, 3118, 3110, 3111, 3112, 3119, 3122, 3115, 3113,
+     3125, 3127, 3116, 3123, 3113, 3114, 3117, 3128, 3126, 3116,
+     3118, 3117, 3129, 3121, 3119, 3132, 3123, 3120, 3121, 3122,
+     3126, 3135, 3133, 3127, 3122, 3134, 3125, 3125, 3127, 3136,
+     3123, 3140, 3138, 3139, 3128, 3126, 3133, 3132, 3134, 3129,
+     3137, 3141, 3132, 3142, 3140, 3137,    0, 3143, 3135, 3133,
+     3145, 3146, 3134, 3136, 3138, 3139, 3136, 3144, 3140, 3138,
+     3139, 3147, 3149, 3146, 3150, 3148, 3142,    0, 3145, 3143,
+     3142, 3148, 3137, 3141, 3143, 3151, 3152, 3145, 3146, 3144,
+     3147, 3153, 3156, 3157, 3144, 3155, 3159,    0, 3147, 3161,
+
+        0, 3152, 3148, 3162, 3149, 3163, 3150, 3151, 3171, 3168,
+        0, 3159, 3151, 3152, 3156, 3155, 3166, 3157, 3153, 3156,
+     3157, 3161, 3155, 3159, 3164, 3162, 3161, 3163, 3165, 3167,
+     3162, 3169, 3163, 3164, 3166, 3168, 3168, 3170, 3176, 3172,
+     3171, 3175, 3165, 3166, 3177, 3180, 3183, 3167, 3184, 3169,
+     3175, 3164, 3181, 3180, 3183, 3165, 3167, 3185, 3169, 3181,
+     3170, 3172, 3182, 3188, 3170, 3177, 3172, 3189, 3175, 3182,
+     3176, 3177, 3180, 3183, 3186, 3184, 3190, 3185, 3192, 3181,
+     3191, 3188, 3186, 3193, 3185, 3189, 3194, 3201, 3197, 3182,
+     3188, 3195, 3191, 3202, 3189, 3193, 3192, 3199, 3203, 3195,
+
+     3197, 3186, 3190, 3190, 3199, 3192, 3204, 3191, 3204, 3205,
+     3193, 3201, 3206, 3194, 3201, 3197, 3202, 3210, 3195, 3208,
+     3202, 3209,    0, 3211, 3199, 3203, 3212, 3208, 3217, 3213,
+     3209, 3213, 3214, 3204, 3216, 3219, 3220,    0, 3222, 3221,
+        0, 3205, 3217, 3224, 3206, 3212, 3208, 3222, 3209, 3210,
+     3211, 3223, 3216, 3212, 3214, 3217, 3213, 3225, 3228, 3214,
+     3220, 3216, 3221, 3220, 3223, 3222, 3221, 3219, 3227, 3225,
+     3224, 3229, 3230, 3232, 3234, 3233, 3237, 3235, 3223, 3239,
+     3228, 3230, 3235, 3236, 3225, 3228, 3238, 3232, 3233, 3240,
+     3238, 3242, 3234, 3229, 3227, 3227, 3243, 3245, 3229, 3230,
+
+     3232, 3234, 3233, 3237, 3235, 3236, 3239, 3244, 3247, 3250,
+     3236, 3251, 3252, 3238, 3249, 3245, 3240, 3252, 3242, 3243,
+     3255, 3249, 3253, 3243, 3245, 3256, 3251, 3255, 3258, 3244,
+     3260, 3250, 3256, 3257, 3244, 3247, 3250, 3253, 3251, 3261,
+     3257, 3249, 3262, 3263, 3252, 3264, 3267, 3255, 3265, 3253,
+     3271, 3270, 3256, 3272, 3258, 3258, 3268, 3260, 3270, 3264,
+     3257, 3273, 3265, 3275, 3274, 3268, 3261, 3263, 3276, 3262,
+     3263, 3279, 3264, 3267, 3278, 3265, 3274, 3271, 3270, 3272,
+     3272, 3280, 3276, 3268, 3277, 3286, 3281, 3278, 3273, 3284,
+     3275, 3274, 3285, 3277, 3284, 3276, 3287, 3289, 3291, 3292,
+
+     3290, 3278, 3289, 3279, 3290, 3291, 3292, 3293, 3280, 3281,
+     3294, 3277, 3295, 3281, 3296,    0, 3285, 3286, 3287, 3285,
+     3297, 3284, 3297, 3287, 3299, 3291, 3292, 3290, 3293, 3289,
+     3298, 3302, 3303, 3306, 3293, 3304, 3309, 3307, 3309,    0,
+     3311, 3310, 3294,    0, 3295,    0, 3296, 3297, 3315, 3313,
+     3318, 3299, 3306, 3298, 3303, 3304,    0, 3298, 3302, 3303,
+     3306, 3307, 3304, 3309, 3307, 3310, 3311, 3311, 3310, 3312,
+     3312, 3313, 3314, 3316, 3317, 3315, 3313, 3318, 3319, 3312,
+     3316, 3314, 3320, 3323, 3322, 3321, 3328, 3317, 3325, 3326,
+     3320, 3319, 3322, 3325, 3326, 3327, 3312, 3312, 3321, 3314,
+
+     3316, 3317, 3323, 3327, 3329, 3319, 3320, 3330, 3334, 3320,
+     3323, 3322, 3321, 3328, 3331,    0, 3332, 3320, 3333, 3334,
+     3325, 3326, 3327, 3340, 3335, 3336, 3337, 3337, 3339, 3338,
+     3329, 3329, 3336, 3330, 3330, 3334, 3340, 3341, 3343, 3349,
+     3331, 3331, 3332, 3332, 3333, 3333, 3335, 3338, 3339, 3342,
+     3340, 3335, 3336, 3337, 3344, 3339, 3338, 3342, 3350, 3341,
+     3343, 3345, 3346, 3347, 3341, 3343, 3349, 3351, 3345, 3346,
+     3347, 3352, 3344, 3353, 3354, 3355, 3342, 3356, 3358, 3359,
+     3360, 3344, 3364, 3352, 3367, 3350, 3356, 3361, 3345, 3346,
+     3347, 3351, 3365, 3361, 3351, 3354, 3362, 3355, 3352, 3359,
+
+     3353, 3354, 3355, 3366, 3356, 3358, 3359, 3360, 3368, 3364,
+     3365, 3367, 3372, 3369, 3361, 3371, 3373, 3376, 3362, 3365,
+     3375, 3366, 3374, 3362, 3371, 3376, 3368, 3379, 3380, 3378,
+     3366, 3369, 3377, 3380, 3379, 3368, 3382, 3383, 3375, 3372,
+     3369, 3378, 3371, 3373, 3376, 3374, 3384, 3375, 3377, 3374,
+     3382, 3386, 3389, 3385, 3379, 3383, 3378, 3387, 3384, 3377,
+     3380,    0,    0, 3382, 3383, 3385, 3388, 3390, 3397, 3391,
+     3393, 3398, 3399, 3384, 3386, 3401, 3389, 3404, 3386, 3389,
+     3385, 3391, 3393, 3387, 3387, 3399, 3404, 3402, 3388, 3390,
+     3397, 3406, 3407, 3388, 3390, 3397, 3391, 3393, 3398, 3399,
+
+     3402, 3403, 3401, 3403, 3404, 3408, 3409, 3410, 3414, 3415,
+     3414, 3419, 3416, 3418, 3402, 3423,    0,    0, 3406, 3407,
+     3418, 3423, 3410, 3408, 3425, 3426, 3421, 3428, 3403, 3427,
+     3416, 3415, 3408, 3433, 3410, 3414, 3415, 3430, 3409, 3416,
+     3418, 3421, 3423, 3419, 3431, 3428, 3425, 3426, 3434, 3433,
+     3435, 3425, 3426, 3421, 3428, 3427, 3427, 3431, 3436, 3430,
+     3433, 3436, 3434, 3435, 3430, 3438, 3439, 3440, 3441, 3442,
+     3444, 3431, 3443, 3445, 3449, 3434, 3442, 3435, 3444, 3443,
+     3446, 3445, 3450, 3451, 3436, 3436, 3441, 3453, 3436, 3452,
+     3459,    0, 3438, 3439, 3440, 3441, 3442, 3444, 3455, 3443,
+
+     3445, 3457, 3446, 3454, 3462, 3451, 3449, 3446, 3458, 3450,
+     3451, 3452, 3454, 3455, 3453, 3456, 3452, 3458, 3461, 3465,
+     3461, 3456, 3459, 3457, 3464, 3455, 3466, 3469, 3457, 3467,
+     3454, 3462, 3468, 3474,    0, 3458, 3472, 3470, 3476, 3469,
+     3468, 3465, 3456, 3472, 3477, 3461, 3465, 3464, 3466, 3470,
+     3479, 3464, 3476, 3466, 3469, 3467, 3467, 3481, 3477, 3468,
+     3474, 3478, 3480, 3472, 3470, 3476, 3482, 3483, 3481, 3484,
+     3486, 3477, 3485, 3479, 3482, 3478, 3487, 3479, 3488, 3485,
+     3480, 3490, 3489, 3487, 3481, 3486, 3483, 3492, 3478, 3480,
+     3490, 3484, 3493, 3482, 3483, 3500, 3484, 3486, 3494, 3485,
+
+     3489, 3491, 3491, 3487, 3488, 3488, 3494, 3497, 3490, 3489,
+     3498, 3501, 3497, 3502, 3492, 3504, 3500, 3506, 3507, 3493,
+     3509, 3504, 3500, 3498, 3510, 3494, 3512, 3514, 3491, 3506,
+     3513, 3509, 3517, 3520, 3519, 3510, 3518, 3498, 3501, 3497,
+     3502, 3513, 3504, 3518, 3506, 3507, 3521, 3509, 3512, 3514,
+     3521, 3510, 3519, 3512, 3514, 3522, 3523, 3513, 3525, 3517,
+     3527, 3519, 3526, 3518, 3523, 3520, 3527, 3530, 3528, 3529,
+     3538, 3532, 3533, 3521, 3528, 3526, 3531, 3529, 3536, 3535,
+     3530, 3533, 3522, 3523, 3525, 3525, 3534, 3527, 3535, 3526,
+     3541, 3547, 3534, 3542, 3530, 3528, 3529, 3532, 3532, 3533,
+
+     3531, 3540, 3538, 3531, 3545, 3536, 3535, 3548, 3540, 3545,
+     3546, 3546, 3549, 3534, 3550, 3542, 3551, 3552, 3547, 3554,
+     3542, 3550, 3541, 3555, 3549, 3557, 3554, 3553, 3540, 3558,
+     3556, 3545, 3559, 3552, 3548, 3551, 3558, 3546, 3556, 3549,
+     3557, 3550, 3560, 3551, 3552, 3553, 3554, 3561, 3562, 3563,
+     3573, 3569, 3557, 3564, 3553, 3555, 3558, 3556, 3565, 3559,
+     3562, 3570, 3551, 3571, 3560, 3572, 3569, 3574, 3570, 3560,
+     3571, 3575, 3577, 3563, 3561, 3562, 3563, 3564, 3569, 3580,
+     3564, 3581, 3573, 3582, 3565, 3565, 3586, 3572, 3570, 3583,
+     3571, 3578, 3572, 3584, 3574, 3575, 3588, 3583, 3575, 3592,
+
+     3578, 3580, 3585, 3585, 3577, 3582, 3580, 3590, 3581, 3590,
+     3582, 3588, 3585, 3586, 3591, 3589, 3583, 3595, 3578, 3593,
+     3594, 3597, 3598, 3588, 3589, 3584, 3592, 3593, 3591, 3585,
+     3585, 3594, 3599, 3600, 3590, 3595, 3602, 3601, 3603, 3604,
+     3605, 3591, 3589, 3606, 3595, 3607, 3593, 3594, 3597, 3598,
+     3601, 3607, 3608, 3611, 3609, 3600, 3610, 3610, 3602, 3599,
+     3600, 3606, 3612, 3602, 3601, 3603, 3604, 3605, 3609, 3615,
+     3606, 3616, 3607, 3618, 3619, 3625,    0, 3629, 3622, 3608,
+     3625, 3609, 3616, 3610, 3612, 3611, 3622, 3623, 3631, 3612,
+     3626, 3627, 3628, 3623, 3637, 3626, 3615, 3628, 3616, 3627,
+
+     3618, 3619, 3625, 3629, 3629, 3622, 3632, 3632, 3633, 3634,
+     3638, 3641, 3637, 3636, 3623, 3631, 3633, 3626, 3627, 3628,
+     3636, 3637, 3634, 3639, 3640, 3642, 3644, 3643, 3645, 3650,
+     3639, 3640, 3646, 3632, 3643, 3633, 3634, 3638, 3641, 3646,
+     3636, 3644, 3647, 3658, 3660, 3653, 3649,    0, 3642, 3651,
+     3639, 3640, 3642, 3644, 3643, 3649, 3651, 3654, 3652, 3646,
+     3645, 3650, 3657, 3663, 3661, 3647, 3652, 3653, 3657, 3647,
+     3658, 3660, 3653, 3649, 3662, 3664, 3651, 3665, 3666, 3654,
+        0, 3667,    0, 3671, 3654, 3652, 3661, 3662,    0, 3657,
+     3664, 3661, 3669, 3672,    0, 3663, 3665, 3676, 3677, 3669,
+
+     3673, 3662, 3664, 3667, 3665, 3666, 3671, 3673, 3667, 3674,
+     3671, 3675, 3676, 3677, 3678, 3672, 3674,    0, 3679, 3669,
+     3672, 3681, 3682, 3678, 3676, 3677, 3689, 3673, 3683,    0,
+     3682, 3687, 3689, 3675, 3686, 3683, 3674, 3684, 3675, 3679,
+     3681, 3678, 3687, 3686, 3684, 3679, 3688, 3688, 3681, 3682,
+     3690, 3694, 3693, 3689, 3692, 3683, 3688, 3699, 3687, 3693,
+     3695, 3686, 3697,    0, 3684, 3703, 3698, 3704, 3705, 3697,
+        0, 3699, 3690, 3688, 3688, 3712, 3692, 3690, 3710, 3693,
+     3714, 3692, 3695, 3694, 3699, 3709, 3713, 3695, 3714, 3697,
+     3698, 3705, 3703, 3698, 3704, 3705, 3715, 3709, 3717, 3720,
+
+     3710, 3721, 3712, 3722, 3722, 3710, 3724, 3714, 3713, 3721,
+     3717, 3726, 3709, 3713, 3723, 3723, 3725, 3725, 3737, 3728,
+     3730, 3729, 3731, 3715, 3732, 3717, 3720, 3734, 3721, 3735,
+     3738, 3731, 3722, 3724, 3726, 3739, 3740, 3732, 3726, 3729,
+        0, 3728, 3741, 3723, 3740, 3725, 3728, 3730, 3729, 3731,
+     3737, 3732, 3742, 3744, 3734, 3740, 3735, 3743, 3745, 3746,
+     3744, 3747, 3738, 3740, 3748, 3745, 3754, 3739, 3749, 3741,
+     3752, 3740, 3752, 3748, 3753, 3749, 3761, 3759, 3755, 3742,
+     3744, 3746, 3762, 3743, 3743, 3745, 3746, 3756, 3747, 3754,
+     3760, 3748, 3763, 3754, 3753, 3749, 3755, 3752, 3758, 3756,
+
+     3762, 3753, 3759, 3761, 3759, 3755, 3764, 3758, 3765, 3762,
+     3766, 3767, 3760, 3772, 3756, 3768, 3767, 3760, 3763, 3763,
+     3773, 3769, 3773, 3770, 3771, 3758, 3770, 3768, 3774, 3771,
+     3775, 3779, 3776, 3764,    0, 3765, 3775, 3766, 3767, 3777,
+     3774, 3770, 3768, 3769, 3778, 3772, 3780, 3773, 3769, 3781,
+     3770,    0, 3778, 3770, 3776, 3774, 3771, 3775, 3779, 3776,
+     3782, 3777, 3783, 3784, 3785, 3788, 3777, 3789, 3790, 3792,
+     3781, 3778, 3795, 3797, 3798, 3784, 3781, 3799, 3780, 3793,
+     3789, 3795, 3800, 3801, 3803, 3804, 3785, 3782, 3805, 3783,
+     3784, 3785, 3788, 3806, 3789, 3790, 3792, 3793, 3809, 3795,
+
+     3797, 3798, 3807, 3807, 3799, 3810, 3793, 3813, 3815, 3800,
+     3801, 3803, 3804, 3817, 3813, 3805, 3809, 3814, 3816, 3820,
+     3806, 3822,    0, 3821, 3814, 3809, 3823, 3817, 3826, 3807,
+     3816, 3815, 3810, 3823, 3813, 3815, 3822, 3825, 3828, 3817,
+     3817, 3821, 3830, 3827, 3814, 3816, 3820, 3829, 3822, 3825,
+     3821, 3827, 3831, 3823, 3817, 3826, 3830, 3832, 3833, 3829,
+     3834, 3837, 3843, 3836, 3825, 3828,    0, 3831, 3842, 3830,
+     3827, 3841, 3848, 3833, 3829, 3836, 3845, 3842, 3849, 3831,
+     3844, 3844, 3846, 3832, 3832, 3833, 3843, 3834, 3837, 3843,
+     3836, 3846, 3850, 3841, 3851, 3842, 3848, 3853, 3841, 3848,
+
+     3852, 3854, 3845, 3845, 3856, 3850, 3853, 3844, 3852, 3846,
+     3849, 3857, 3854, 3860, 3861,    0, 3851, 3863, 3902, 3850,
+     3877, 3851, 3866, 3866, 3853, 3856, 3861, 3852, 3854, 3857,
+     3867, 3856, 3878, 3880, 3881,    0, 3860, 3867, 3857, 3882,
+     3860, 3861, 3877, 3863, 3863, 3883, 3888, 3877, 3889, 3866,
+     3902, 3880, 3881, 3883, 3884, 3884, 3878, 3867, 3885, 3878,
+     3880, 3881, 3884, 3887, 3882, 3890, 3882, 3885, 3892, 3895,
+     3894, 3896, 3883, 3888, 3894, 3889, 3897, 3887, 3905, 3898,
+     3900, 3884, 3884, 3897, 3903, 3885, 3904, 3895, 3903, 3906,
+     3887, 3898, 3890, 3900, 3896, 3892, 3895, 3894, 3896, 3908,
+
+     3905, 3909, 3904, 3897, 3910, 3905, 3898, 3900, 3907, 3911,
+     3912, 3903, 3910, 3904, 3906, 3909, 3906, 3913, 3911, 3913,
+     3907, 3912, 3914, 3915, 3916, 3908, 3908, 3918, 3909, 3922,
+     3917, 3910, 3919, 3918, 3914, 3907, 3911, 3912, 3920, 3916,
+     3921, 3915,    0, 3926, 3913,    0, 3923, 3919, 3921, 3914,
+     3915, 3916, 3917, 3923, 3918, 3924, 3922, 3917, 3925, 3919,
+     3920, 3927, 3929, 3928, 3931, 3920, 3936, 3921, 3927, 3924,
+     3926, 3928, 3925, 3923, 3938, 3940, 3930, 3937, 3939, 3936,
+     3941, 3929, 3924, 3930, 3937, 3925, 3931, 3942, 3927, 3929,
+     3928, 3931, 3943, 3936, 3944, 3945, 3939,    0, 3946, 3940,
+
+     3948, 3938, 3940, 3930, 3937, 3939, 3946, 3941, 3947, 3942,
+     3949, 3950, 3956, 3953, 3942, 3947, 3955, 3952, 3943, 3943,
+     3957, 3944, 3945, 3954, 3948, 3946, 3951, 3948, 3951, 3952,
+     3959, 3955, 3949, 3950, 3956, 3947, 3954, 3949, 3950, 3956,
+     3960, 3958, 3961, 3955, 3952, 3953, 3963, 3957, 3958, 3964,
+     3954, 3967, 3965, 3951, 3968, 3969, 3970, 3959, 3968, 3973,
+     3971, 3976, 3972, 3975, 3986, 3982, 3987, 3960, 3958, 3961,
+     3972, 3964, 3971, 3963, 3965, 3975, 3964, 3976, 3967, 3965,
+     3983, 3968, 3969, 3970, 3979, 3984, 3973, 3971, 3976, 3972,
+     3975, 3978, 3982, 3979, 3978, 3985, 3986, 3988, 3987, 3989,
+
+     3990, 3991, 3992, 3985, 3984, 3994, 3983, 3983, 3990, 3999,
+     3988, 3979, 3984, 3989, 4005, 4009, 4011, 4008, 3978, 4000,
+     4005, 3999, 3985, 3991, 3988, 4002, 3989, 3990, 3991, 3992,
+     4008, 4000, 3994, 4006, 4010, 4014, 3999, 4002,    0, 4011,
+     4006, 4005, 4009, 4011, 4008, 4010, 4000, 4013, 4015, 4016,
+     4017, 4018, 4002,    0, 4013, 4021, 4015, 4014, 4019, 4018,
+     4006, 4010, 4014, 4016, 4017, 4020, 4024, 4025, 4034, 4032,
+     4026, 4031, 4024, 4025, 4013, 4015, 4016, 4017, 4018, 4026,
+     4019, 4027, 4021, 4029, 4033, 4019, 4028, 4020, 4027, 4031,
+     4035, 4029, 4020, 4024, 4025, 4028, 4032, 4026, 4031, 4036,
+
+     4034, 4037, 4038, 4040, 4039, 4055, 4033, 4042, 4027, 4044,
+     4029, 4033, 4039, 4028, 4042, 4043, 4035, 4035, 4045, 4046,
+     4047, 4036, 4043, 4037, 4038, 4050, 4036,    0, 4037, 4038,
+     4048, 4039, 4044, 4052, 4042, 4040, 4044, 4055, 4058, 4048,
+     4059, 4046, 4043, 4051, 4060, 4045, 4046, 4047, 4050, 4062,
+     4053, 4051, 4050, 4052, 4054, 4056, 4064, 4048, 4053, 4057,
+     4052, 4065, 4054, 4056, 4068, 4058, 4066, 4059, 4067, 4066,
+     4051, 4060, 4068, 4057, 4071, 4062, 4062, 4053, 4064, 4069,
+     4070, 4054, 4056, 4064, 4066, 4076, 4057, 4069, 4065, 4072,
+     4067, 4068, 4077, 4066, 4070, 4067, 4066, 4079, 4079, 4076,
+
+     4071, 4071, 4080,    0, 4082, 4081, 4069, 4070, 4083,    0,
+        0, 4072, 4076, 4081, 4084, 4077, 4072, 4085, 4086, 4077,
+     4087, 4088,    0,    0, 4079, 4090, 4086, 4089, 4080, 4080,
+     4082, 4082, 4081, 4091, 4083, 4083, 4084, 4085, 4092, 4093,
+     4095, 4084, 4099, 4094, 4085, 4086, 4102, 4087, 4088, 4089,
+     4090, 4094, 4090, 4096, 4089, 4100, 4103, 4108, 4092, 4093,
+     4091, 4096, 4095, 4100, 4104, 4092, 4093, 4095, 4102, 4099,
+     4094, 4105, 4104, 4102, 4106,    0, 4111, 4109, 4103, 4105,
+     4096, 4110, 4100, 4103, 4108, 4109, 4112, 4113, 4115, 4110,
+     4116, 4104, 4117,    0, 4119, 4125, 4122, 4123, 4105, 4126,
+
+     4106, 4106, 4111, 4111, 4109, 4123,    0, 4113, 4110,    0,
+        0,    0, 4117, 4112, 4113, 4115, 4119, 4116, 4122, 4117,
+     4124, 4119, 4125, 4122, 4123,    0, 4126,    0, 4124,    0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0, 4124, 4130, 4130,
+     4130, 4130, 4130, 4130, 4130, 4131, 4131, 4131, 4131, 4131,
+     4131, 4131, 4132, 4132, 4132, 4132, 4132, 4132, 4132, 4133,
+     4133, 4133, 4133, 4133, 4133, 4133, 4134, 4134, 4134, 4134,
+     4134, 4134, 4134, 4135, 4135, 4135, 4135, 4135, 4135, 4135,
+     4136, 4136, 4136, 4136, 4136, 4136, 4136, 4138, 4138,    0,
+
+     4138, 4138, 4138, 4138, 4139, 4139,    0,    0,    0, 4139,
+     4139, 4140, 4140,    0,    0, 4140,    0, 4140, 4141,    0,
+        0,    0,    0,    0, 4141, 4142, 4142,    0,    0,    0,
+     4142, 4142, 4143,    0,    0,    0,    0,    0, 4143, 4144,
+     4144,    0, 4144, 4144, 4144, 4144, 4145,    0,    0,    0,
+        0,    0, 4145, 4146, 4146,    0,    0,    0, 4146, 4146,
+     4147, 4147,    0, 4147, 4147, 4147, 4147, 4129, 4129, 4129,
+     4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129,
+     4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129,
+     4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129,
+
+     4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129,
+     4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129,
+     4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129, 4129,
+     4129, 4129, 4129, 4129
     } ;
 
 static yy_state_type yy_last_accepting_state;
@@ -4596,7 +4599,7 @@ static void config_end_include(void)
         }
 #endif
 
-#line 4597 "<stdout>"
+#line 4600 "<stdout>"
 #define YY_NO_INPUT 1
 #line 191 "util/configlexer.lex"
 #ifndef YY_NO_UNPUT
@@ -4605,9 +4608,9 @@ static void config_end_include(void)
 #ifndef YY_NO_INPUT
 #define YY_NO_INPUT 1
 #endif
-#line 4606 "<stdout>"
+#line 4609 "<stdout>"
 
-#line 4608 "<stdout>"
+#line 4611 "<stdout>"
 
 #define INITIAL 0
 #define quotedstring 1
@@ -4831,7 +4834,7 @@ YY_DECL
 	{
 #line 211 "util/configlexer.lex"
 
-#line 4832 "<stdout>"
+#line 4835 "<stdout>"
 
 	while ( /*CONSTCOND*/1 )		/* loops until end-of-file is reached */
 		{
@@ -4864,13 +4867,13 @@ yy_match:
 			while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
 				{
 				yy_current_state = (int) yy_def[yy_current_state];
-				if ( yy_current_state >= 4118 )
+				if ( yy_current_state >= 4130 )
 					yy_c = yy_meta[yy_c];
 				}
 			yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
 			++yy_cp;
 			}
-		while ( yy_base[yy_current_state] != 11766 );
+		while ( yy_base[yy_current_state] != 11768 );
 
 yy_find_action:
 		yy_act = yy_accept[yy_current_state];
@@ -6824,40 +6827,45 @@ YY_RULE_SETUP
 { YDVAR(1, VAR_MAX_GLOBAL_QUOTA) }
 	YY_BREAK
 case 384:
-/* rule 384 can match eol */
 YY_RULE_SETUP
 #line 609 "util/configlexer.lex"
+{ YDVAR(1, VAR_ITER_SCRUB_PROMISCUOUS) }
+	YY_BREAK
+case 385:
+/* rule 385 can match eol */
+YY_RULE_SETUP
+#line 610 "util/configlexer.lex"
 { LEXOUT(("NL\n")); cfg_parser->line++; }
 	YY_BREAK
 /* Quoted strings. Strip leading and ending quotes */
-case 385:
+case 386:
 YY_RULE_SETUP
-#line 612 "util/configlexer.lex"
+#line 613 "util/configlexer.lex"
 { BEGIN(quotedstring); LEXOUT(("QS ")); }
 	YY_BREAK
 case YY_STATE_EOF(quotedstring):
-#line 613 "util/configlexer.lex"
+#line 614 "util/configlexer.lex"
 {
         yyerror("EOF inside quoted string");
 	if(--num_args == 0) { BEGIN(INITIAL); }
 	else		    { BEGIN(val); }
 }
 	YY_BREAK
-case 386:
+case 387:
 YY_RULE_SETUP
-#line 618 "util/configlexer.lex"
+#line 619 "util/configlexer.lex"
 { LEXOUT(("STR(%s) ", yytext)); yymore(); }
 	YY_BREAK
-case 387:
-/* rule 387 can match eol */
+case 388:
+/* rule 388 can match eol */
 YY_RULE_SETUP
-#line 619 "util/configlexer.lex"
+#line 620 "util/configlexer.lex"
 { yyerror("newline inside quoted string, no end \"");
 			  cfg_parser->line++; BEGIN(INITIAL); }
 	YY_BREAK
-case 388:
+case 389:
 YY_RULE_SETUP
-#line 621 "util/configlexer.lex"
+#line 622 "util/configlexer.lex"
 {
         LEXOUT(("QE "));
 	if(--num_args == 0) { BEGIN(INITIAL); }
@@ -6870,34 +6878,34 @@ YY_RULE_SETUP
 }
 	YY_BREAK
 /* Single Quoted strings. Strip leading and ending quotes */
-case 389:
+case 390:
 YY_RULE_SETUP
-#line 633 "util/configlexer.lex"
+#line 634 "util/configlexer.lex"
 { BEGIN(singlequotedstr); LEXOUT(("SQS ")); }
 	YY_BREAK
 case YY_STATE_EOF(singlequotedstr):
-#line 634 "util/configlexer.lex"
+#line 635 "util/configlexer.lex"
 {
         yyerror("EOF inside quoted string");
 	if(--num_args == 0) { BEGIN(INITIAL); }
 	else		    { BEGIN(val); }
 }
 	YY_BREAK
-case 390:
+case 391:
 YY_RULE_SETUP
-#line 639 "util/configlexer.lex"
+#line 640 "util/configlexer.lex"
 { LEXOUT(("STR(%s) ", yytext)); yymore(); }
 	YY_BREAK
-case 391:
-/* rule 391 can match eol */
+case 392:
+/* rule 392 can match eol */
 YY_RULE_SETUP
-#line 640 "util/configlexer.lex"
+#line 641 "util/configlexer.lex"
 { yyerror("newline inside quoted string, no end '");
 			     cfg_parser->line++; BEGIN(INITIAL); }
 	YY_BREAK
-case 392:
+case 393:
 YY_RULE_SETUP
-#line 642 "util/configlexer.lex"
+#line 643 "util/configlexer.lex"
 {
         LEXOUT(("SQE "));
 	if(--num_args == 0) { BEGIN(INITIAL); }
@@ -6910,38 +6918,38 @@ YY_RULE_SETUP
 }
 	YY_BREAK
 /* include: directive */
-case 393:
+case 394:
 YY_RULE_SETUP
-#line 654 "util/configlexer.lex"
+#line 655 "util/configlexer.lex"
 {
 	LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); }
 	YY_BREAK
 case YY_STATE_EOF(include):
-#line 656 "util/configlexer.lex"
+#line 657 "util/configlexer.lex"
 {
         yyerror("EOF inside include directive");
         BEGIN(inc_prev);
 }
 	YY_BREAK
-case 394:
-YY_RULE_SETUP
-#line 660 "util/configlexer.lex"
-{ LEXOUT(("ISP ")); /* ignore */ }
-	YY_BREAK
 case 395:
-/* rule 395 can match eol */
 YY_RULE_SETUP
 #line 661 "util/configlexer.lex"
-{ LEXOUT(("NL\n")); cfg_parser->line++;}
+{ LEXOUT(("ISP ")); /* ignore */ }
 	YY_BREAK
 case 396:
+/* rule 396 can match eol */
 YY_RULE_SETUP
 #line 662 "util/configlexer.lex"
-{ LEXOUT(("IQS ")); BEGIN(include_quoted); }
+{ LEXOUT(("NL\n")); cfg_parser->line++;}
 	YY_BREAK
 case 397:
 YY_RULE_SETUP
 #line 663 "util/configlexer.lex"
+{ LEXOUT(("IQS ")); BEGIN(include_quoted); }
+	YY_BREAK
+case 398:
+YY_RULE_SETUP
+#line 664 "util/configlexer.lex"
 {
 	LEXOUT(("Iunquotedstr(%s) ", yytext));
 	config_start_include_glob(yytext, 0);
@@ -6949,27 +6957,27 @@ YY_RULE_SETUP
 }
 	YY_BREAK
 case YY_STATE_EOF(include_quoted):
-#line 668 "util/configlexer.lex"
+#line 669 "util/configlexer.lex"
 {
         yyerror("EOF inside quoted string");
         BEGIN(inc_prev);
 }
 	YY_BREAK
-case 398:
+case 399:
 YY_RULE_SETUP
-#line 672 "util/configlexer.lex"
+#line 673 "util/configlexer.lex"
 { LEXOUT(("ISTR(%s) ", yytext)); yymore(); }
 	YY_BREAK
-case 399:
-/* rule 399 can match eol */
+case 400:
+/* rule 400 can match eol */
 YY_RULE_SETUP
-#line 673 "util/configlexer.lex"
+#line 674 "util/configlexer.lex"
 { yyerror("newline before \" in include name");
 				  cfg_parser->line++; BEGIN(inc_prev); }
 	YY_BREAK
-case 400:
+case 401:
 YY_RULE_SETUP
-#line 675 "util/configlexer.lex"
+#line 676 "util/configlexer.lex"
 {
 	LEXOUT(("IQE "));
 	yytext[yyleng - 1] = '\0';
@@ -6979,7 +6987,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case YY_STATE_EOF(INITIAL):
 case YY_STATE_EOF(val):
-#line 681 "util/configlexer.lex"
+#line 682 "util/configlexer.lex"
 {
 	LEXOUT(("LEXEOF "));
 	yy_set_bol(1); /* Set beginning of line, so "^" rules match.  */
@@ -6994,39 +7002,39 @@ case YY_STATE_EOF(val):
 }
 	YY_BREAK
 /* include-toplevel: directive */
-case 401:
+case 402:
 YY_RULE_SETUP
-#line 695 "util/configlexer.lex"
+#line 696 "util/configlexer.lex"
 {
 	LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include_toplevel);
 }
 	YY_BREAK
 case YY_STATE_EOF(include_toplevel):
-#line 698 "util/configlexer.lex"
+#line 699 "util/configlexer.lex"
 {
 	yyerror("EOF inside include_toplevel directive");
 	BEGIN(inc_prev);
 }
 	YY_BREAK
-case 402:
-YY_RULE_SETUP
-#line 702 "util/configlexer.lex"
-{ LEXOUT(("ITSP ")); /* ignore */ }
-	YY_BREAK
 case 403:
-/* rule 403 can match eol */
 YY_RULE_SETUP
 #line 703 "util/configlexer.lex"
-{ LEXOUT(("NL\n")); cfg_parser->line++; }
+{ LEXOUT(("ITSP ")); /* ignore */ }
 	YY_BREAK
 case 404:
+/* rule 404 can match eol */
 YY_RULE_SETUP
 #line 704 "util/configlexer.lex"
-{ LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); }
+{ LEXOUT(("NL\n")); cfg_parser->line++; }
 	YY_BREAK
 case 405:
 YY_RULE_SETUP
 #line 705 "util/configlexer.lex"
+{ LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); }
+	YY_BREAK
+case 406:
+YY_RULE_SETUP
+#line 706 "util/configlexer.lex"
 {
 	LEXOUT(("ITunquotedstr(%s) ", yytext));
 	config_start_include_glob(yytext, 1);
@@ -7035,29 +7043,29 @@ YY_RULE_SETUP
 }
 	YY_BREAK
 case YY_STATE_EOF(include_toplevel_quoted):
-#line 711 "util/configlexer.lex"
+#line 712 "util/configlexer.lex"
 {
 	yyerror("EOF inside quoted string");
 	BEGIN(inc_prev);
 }
 	YY_BREAK
-case 406:
+case 407:
 YY_RULE_SETUP
-#line 715 "util/configlexer.lex"
+#line 716 "util/configlexer.lex"
 { LEXOUT(("ITSTR(%s) ", yytext)); yymore(); }
 	YY_BREAK
-case 407:
-/* rule 407 can match eol */
+case 408:
+/* rule 408 can match eol */
 YY_RULE_SETUP
-#line 716 "util/configlexer.lex"
+#line 717 "util/configlexer.lex"
 {
 	yyerror("newline before \" in include name");
 	cfg_parser->line++; BEGIN(inc_prev);
 }
 	YY_BREAK
-case 408:
+case 409:
 YY_RULE_SETUP
-#line 720 "util/configlexer.lex"
+#line 721 "util/configlexer.lex"
 {
 	LEXOUT(("ITQE "));
 	yytext[yyleng - 1] = '\0';
@@ -7066,33 +7074,33 @@ YY_RULE_SETUP
 	return (VAR_FORCE_TOPLEVEL);
 }
 	YY_BREAK
-case 409:
+case 410:
 YY_RULE_SETUP
-#line 728 "util/configlexer.lex"
+#line 729 "util/configlexer.lex"
 { LEXOUT(("unquotedstr(%s) ", yytext));
 			if(--num_args == 0) { BEGIN(INITIAL); }
 			yylval.str = strdup(yytext); return STRING_ARG; }
 	YY_BREAK
-case 410:
+case 411:
 YY_RULE_SETUP
-#line 732 "util/configlexer.lex"
+#line 733 "util/configlexer.lex"
 {
 	ub_c_error_msg("unknown keyword '%s'", yytext);
 	}
 	YY_BREAK
-case 411:
+case 412:
 YY_RULE_SETUP
-#line 736 "util/configlexer.lex"
+#line 737 "util/configlexer.lex"
 {
 	ub_c_error_msg("stray '%s'", yytext);
 	}
 	YY_BREAK
-case 412:
+case 413:
 YY_RULE_SETUP
-#line 740 "util/configlexer.lex"
+#line 741 "util/configlexer.lex"
 ECHO;
 	YY_BREAK
-#line 7093 "<stdout>"
+#line 7101 "<stdout>"
 
 	case YY_END_OF_BUFFER:
 		{
@@ -7387,7 +7395,7 @@ static int yy_get_next_buffer (void)
 		while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
 			{
 			yy_current_state = (int) yy_def[yy_current_state];
-			if ( yy_current_state >= 4118 )
+			if ( yy_current_state >= 4130 )
 				yy_c = yy_meta[yy_c];
 			}
 		yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
@@ -7415,11 +7423,11 @@ static int yy_get_next_buffer (void)
 	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
 		{
 		yy_current_state = (int) yy_def[yy_current_state];
-		if ( yy_current_state >= 4118 )
+		if ( yy_current_state >= 4130 )
 			yy_c = yy_meta[yy_c];
 		}
 	yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
-	yy_is_jam = (yy_current_state == 4117);
+	yy_is_jam = (yy_current_state == 4129);
 
 		return yy_is_jam ? 0 : yy_current_state;
 }
@@ -8058,6 +8066,6 @@ void yyfree (void * ptr )
 
 #define YYTABLES_NAME "yytables"
 
-#line 740 "util/configlexer.lex"
+#line 741 "util/configlexer.lex"
 
 
diff --git a/contrib/unbound/util/configlexer.lex b/contrib/unbound/util/configlexer.lex
index 214aa6dea5ad..f8f2d30b9e22 100644
--- a/contrib/unbound/util/configlexer.lex
+++ b/contrib/unbound/util/configlexer.lex
@@ -607,6 +607,7 @@ proxy-protocol-port{COLON}	{ YDVAR(1, VAR_PROXY_PROTOCOL_PORT) }
 iter-scrub-ns{COLON}		{ YDVAR(1, VAR_ITER_SCRUB_NS) }
 iter-scrub-cname{COLON}		{ YDVAR(1, VAR_ITER_SCRUB_CNAME) }
 max-global-quota{COLON}		{ YDVAR(1, VAR_MAX_GLOBAL_QUOTA) }
+iter-scrub-promiscuous{COLON}	{ YDVAR(1, VAR_ITER_SCRUB_PROMISCUOUS) }
 <INITIAL,val>{NEWLINE}		{ LEXOUT(("NL\n")); cfg_parser->line++; }
 
 	/* Quoted strings. Strip leading and ending quotes */
diff --git a/contrib/unbound/util/configparser.c b/contrib/unbound/util/configparser.c
index 10eb29579c41..031240d2d7c9 100644
--- a/contrib/unbound/util/configparser.c
+++ b/contrib/unbound/util/configparser.c
@@ -1,4 +1,4 @@
-/* A Bison parser, made by GNU Bison 3.7.6.  */
+/* A Bison parser, made by GNU Bison 3.8.2.  */
 
 /* Bison implementation for Yacc-like parsers in C
 
@@ -46,10 +46,10 @@
    USER NAME SPACE" below.  */
 
 /* Identify Bison output, and Bison version.  */
-#define YYBISON 30706
+#define YYBISON 30802
 
 /* Bison version string.  */
-#define YYBISON_VERSION "3.7.6"
+#define YYBISON_VERSION "3.8.2"
 
 /* Skeleton name.  */
 #define YYSKELETON_NAME "yacc.c"
@@ -503,411 +503,413 @@ enum yysymbol_kind_t
   YYSYMBOL_VAR_MAX_GLOBAL_QUOTA = 374,     /* VAR_MAX_GLOBAL_QUOTA  */
   YYSYMBOL_VAR_HARDEN_UNVERIFIED_GLUE = 375, /* VAR_HARDEN_UNVERIFIED_GLUE  */
   YYSYMBOL_VAR_LOG_TIME_ISO = 376,         /* VAR_LOG_TIME_ISO  */
-  YYSYMBOL_YYACCEPT = 377,                 /* $accept  */
-  YYSYMBOL_toplevelvars = 378,             /* toplevelvars  */
-  YYSYMBOL_toplevelvar = 379,              /* toplevelvar  */
-  YYSYMBOL_force_toplevel = 380,           /* force_toplevel  */
-  YYSYMBOL_serverstart = 381,              /* serverstart  */
-  YYSYMBOL_contents_server = 382,          /* contents_server  */
-  YYSYMBOL_content_server = 383,           /* content_server  */
-  YYSYMBOL_stub_clause = 384,              /* stub_clause  */
-  YYSYMBOL_stubstart = 385,                /* stubstart  */
-  YYSYMBOL_contents_stub = 386,            /* contents_stub  */
-  YYSYMBOL_content_stub = 387,             /* content_stub  */
-  YYSYMBOL_forward_clause = 388,           /* forward_clause  */
-  YYSYMBOL_forwardstart = 389,             /* forwardstart  */
-  YYSYMBOL_contents_forward = 390,         /* contents_forward  */
-  YYSYMBOL_content_forward = 391,          /* content_forward  */
-  YYSYMBOL_view_clause = 392,              /* view_clause  */
-  YYSYMBOL_viewstart = 393,                /* viewstart  */
-  YYSYMBOL_contents_view = 394,            /* contents_view  */
-  YYSYMBOL_content_view = 395,             /* content_view  */
-  YYSYMBOL_authstart = 396,                /* authstart  */
-  YYSYMBOL_contents_auth = 397,            /* contents_auth  */
-  YYSYMBOL_content_auth = 398,             /* content_auth  */
-  YYSYMBOL_rpz_tag = 399,                  /* rpz_tag  */
-  YYSYMBOL_rpz_action_override = 400,      /* rpz_action_override  */
-  YYSYMBOL_rpz_cname_override = 401,       /* rpz_cname_override  */
-  YYSYMBOL_rpz_log = 402,                  /* rpz_log  */
-  YYSYMBOL_rpz_log_name = 403,             /* rpz_log_name  */
-  YYSYMBOL_rpz_signal_nxdomain_ra = 404,   /* rpz_signal_nxdomain_ra  */
-  YYSYMBOL_rpzstart = 405,                 /* rpzstart  */
-  YYSYMBOL_contents_rpz = 406,             /* contents_rpz  */
-  YYSYMBOL_content_rpz = 407,              /* content_rpz  */
-  YYSYMBOL_server_num_threads = 408,       /* server_num_threads  */
-  YYSYMBOL_server_verbosity = 409,         /* server_verbosity  */
-  YYSYMBOL_server_statistics_interval = 410, /* server_statistics_interval  */
-  YYSYMBOL_server_statistics_cumulative = 411, /* server_statistics_cumulative  */
-  YYSYMBOL_server_extended_statistics = 412, /* server_extended_statistics  */
-  YYSYMBOL_server_statistics_inhibit_zero = 413, /* server_statistics_inhibit_zero  */
-  YYSYMBOL_server_shm_enable = 414,        /* server_shm_enable  */
-  YYSYMBOL_server_shm_key = 415,           /* server_shm_key  */
-  YYSYMBOL_server_port = 416,              /* server_port  */
-  YYSYMBOL_server_send_client_subnet = 417, /* server_send_client_subnet  */
-  YYSYMBOL_server_client_subnet_zone = 418, /* server_client_subnet_zone  */
-  YYSYMBOL_server_client_subnet_always_forward = 419, /* server_client_subnet_always_forward  */
-  YYSYMBOL_server_client_subnet_opcode = 420, /* server_client_subnet_opcode  */
-  YYSYMBOL_server_max_client_subnet_ipv4 = 421, /* server_max_client_subnet_ipv4  */
-  YYSYMBOL_server_max_client_subnet_ipv6 = 422, /* server_max_client_subnet_ipv6  */
-  YYSYMBOL_server_min_client_subnet_ipv4 = 423, /* server_min_client_subnet_ipv4  */
-  YYSYMBOL_server_min_client_subnet_ipv6 = 424, /* server_min_client_subnet_ipv6  */
-  YYSYMBOL_server_max_ecs_tree_size_ipv4 = 425, /* server_max_ecs_tree_size_ipv4  */
-  YYSYMBOL_server_max_ecs_tree_size_ipv6 = 426, /* server_max_ecs_tree_size_ipv6  */
-  YYSYMBOL_server_interface = 427,         /* server_interface  */
-  YYSYMBOL_server_outgoing_interface = 428, /* server_outgoing_interface  */
-  YYSYMBOL_server_outgoing_range = 429,    /* server_outgoing_range  */
-  YYSYMBOL_server_outgoing_port_permit = 430, /* server_outgoing_port_permit  */
-  YYSYMBOL_server_outgoing_port_avoid = 431, /* server_outgoing_port_avoid  */
-  YYSYMBOL_server_outgoing_num_tcp = 432,  /* server_outgoing_num_tcp  */
-  YYSYMBOL_server_incoming_num_tcp = 433,  /* server_incoming_num_tcp  */
-  YYSYMBOL_server_interface_automatic = 434, /* server_interface_automatic  */
-  YYSYMBOL_server_interface_automatic_ports = 435, /* server_interface_automatic_ports  */
-  YYSYMBOL_server_do_ip4 = 436,            /* server_do_ip4  */
-  YYSYMBOL_server_do_ip6 = 437,            /* server_do_ip6  */
-  YYSYMBOL_server_do_nat64 = 438,          /* server_do_nat64  */
-  YYSYMBOL_server_do_udp = 439,            /* server_do_udp  */
-  YYSYMBOL_server_do_tcp = 440,            /* server_do_tcp  */
-  YYSYMBOL_server_prefer_ip4 = 441,        /* server_prefer_ip4  */
-  YYSYMBOL_server_prefer_ip6 = 442,        /* server_prefer_ip6  */
-  YYSYMBOL_server_tcp_mss = 443,           /* server_tcp_mss  */
-  YYSYMBOL_server_outgoing_tcp_mss = 444,  /* server_outgoing_tcp_mss  */
-  YYSYMBOL_server_tcp_idle_timeout = 445,  /* server_tcp_idle_timeout  */
-  YYSYMBOL_server_max_reuse_tcp_queries = 446, /* server_max_reuse_tcp_queries  */
-  YYSYMBOL_server_tcp_reuse_timeout = 447, /* server_tcp_reuse_timeout  */
-  YYSYMBOL_server_tcp_auth_query_timeout = 448, /* server_tcp_auth_query_timeout  */
-  YYSYMBOL_server_tcp_keepalive = 449,     /* server_tcp_keepalive  */
-  YYSYMBOL_server_tcp_keepalive_timeout = 450, /* server_tcp_keepalive_timeout  */
-  YYSYMBOL_server_sock_queue_timeout = 451, /* server_sock_queue_timeout  */
-  YYSYMBOL_server_tcp_upstream = 452,      /* server_tcp_upstream  */
-  YYSYMBOL_server_udp_upstream_without_downstream = 453, /* server_udp_upstream_without_downstream  */
-  YYSYMBOL_server_ssl_upstream = 454,      /* server_ssl_upstream  */
-  YYSYMBOL_server_ssl_service_key = 455,   /* server_ssl_service_key  */
-  YYSYMBOL_server_ssl_service_pem = 456,   /* server_ssl_service_pem  */
-  YYSYMBOL_server_ssl_port = 457,          /* server_ssl_port  */
-  YYSYMBOL_server_tls_cert_bundle = 458,   /* server_tls_cert_bundle  */
-  YYSYMBOL_server_tls_win_cert = 459,      /* server_tls_win_cert  */
-  YYSYMBOL_server_tls_additional_port = 460, /* server_tls_additional_port  */
-  YYSYMBOL_server_tls_ciphers = 461,       /* server_tls_ciphers  */
-  YYSYMBOL_server_tls_ciphersuites = 462,  /* server_tls_ciphersuites  */
-  YYSYMBOL_server_tls_session_ticket_keys = 463, /* server_tls_session_ticket_keys  */
-  YYSYMBOL_server_tls_use_sni = 464,       /* server_tls_use_sni  */
-  YYSYMBOL_server_https_port = 465,        /* server_https_port  */
-  YYSYMBOL_server_http_endpoint = 466,     /* server_http_endpoint  */
-  YYSYMBOL_server_http_max_streams = 467,  /* server_http_max_streams  */
-  YYSYMBOL_server_http_query_buffer_size = 468, /* server_http_query_buffer_size  */
-  YYSYMBOL_server_http_response_buffer_size = 469, /* server_http_response_buffer_size  */
-  YYSYMBOL_server_http_nodelay = 470,      /* server_http_nodelay  */
-  YYSYMBOL_server_http_notls_downstream = 471, /* server_http_notls_downstream  */
-  YYSYMBOL_server_quic_port = 472,         /* server_quic_port  */
-  YYSYMBOL_server_quic_size = 473,         /* server_quic_size  */
-  YYSYMBOL_server_use_systemd = 474,       /* server_use_systemd  */
-  YYSYMBOL_server_do_daemonize = 475,      /* server_do_daemonize  */
-  YYSYMBOL_server_use_syslog = 476,        /* server_use_syslog  */
-  YYSYMBOL_server_log_time_ascii = 477,    /* server_log_time_ascii  */
-  YYSYMBOL_server_log_time_iso = 478,      /* server_log_time_iso  */
-  YYSYMBOL_server_log_queries = 479,       /* server_log_queries  */
-  YYSYMBOL_server_log_replies = 480,       /* server_log_replies  */
-  YYSYMBOL_server_log_tag_queryreply = 481, /* server_log_tag_queryreply  */
-  YYSYMBOL_server_log_servfail = 482,      /* server_log_servfail  */
-  YYSYMBOL_server_log_destaddr = 483,      /* server_log_destaddr  */
-  YYSYMBOL_server_log_local_actions = 484, /* server_log_local_actions  */
-  YYSYMBOL_server_chroot = 485,            /* server_chroot  */
-  YYSYMBOL_server_username = 486,          /* server_username  */
-  YYSYMBOL_server_directory = 487,         /* server_directory  */
-  YYSYMBOL_server_logfile = 488,           /* server_logfile  */
-  YYSYMBOL_server_pidfile = 489,           /* server_pidfile  */
-  YYSYMBOL_server_root_hints = 490,        /* server_root_hints  */
-  YYSYMBOL_server_dlv_anchor_file = 491,   /* server_dlv_anchor_file  */
-  YYSYMBOL_server_dlv_anchor = 492,        /* server_dlv_anchor  */
-  YYSYMBOL_server_auto_trust_anchor_file = 493, /* server_auto_trust_anchor_file  */
-  YYSYMBOL_server_trust_anchor_file = 494, /* server_trust_anchor_file  */
-  YYSYMBOL_server_trusted_keys_file = 495, /* server_trusted_keys_file  */
-  YYSYMBOL_server_trust_anchor = 496,      /* server_trust_anchor  */
-  YYSYMBOL_server_trust_anchor_signaling = 497, /* server_trust_anchor_signaling  */
-  YYSYMBOL_server_root_key_sentinel = 498, /* server_root_key_sentinel  */
-  YYSYMBOL_server_domain_insecure = 499,   /* server_domain_insecure  */
-  YYSYMBOL_server_hide_identity = 500,     /* server_hide_identity  */
-  YYSYMBOL_server_hide_version = 501,      /* server_hide_version  */
-  YYSYMBOL_server_hide_trustanchor = 502,  /* server_hide_trustanchor  */
-  YYSYMBOL_server_hide_http_user_agent = 503, /* server_hide_http_user_agent  */
-  YYSYMBOL_server_identity = 504,          /* server_identity  */
-  YYSYMBOL_server_version = 505,           /* server_version  */
-  YYSYMBOL_server_http_user_agent = 506,   /* server_http_user_agent  */
-  YYSYMBOL_server_nsid = 507,              /* server_nsid  */
-  YYSYMBOL_server_so_rcvbuf = 508,         /* server_so_rcvbuf  */
-  YYSYMBOL_server_so_sndbuf = 509,         /* server_so_sndbuf  */
-  YYSYMBOL_server_so_reuseport = 510,      /* server_so_reuseport  */
-  YYSYMBOL_server_ip_transparent = 511,    /* server_ip_transparent  */
-  YYSYMBOL_server_ip_freebind = 512,       /* server_ip_freebind  */
-  YYSYMBOL_server_ip_dscp = 513,           /* server_ip_dscp  */
-  YYSYMBOL_server_stream_wait_size = 514,  /* server_stream_wait_size  */
-  YYSYMBOL_server_edns_buffer_size = 515,  /* server_edns_buffer_size  */
-  YYSYMBOL_server_msg_buffer_size = 516,   /* server_msg_buffer_size  */
-  YYSYMBOL_server_msg_cache_size = 517,    /* server_msg_cache_size  */
-  YYSYMBOL_server_msg_cache_slabs = 518,   /* server_msg_cache_slabs  */
-  YYSYMBOL_server_num_queries_per_thread = 519, /* server_num_queries_per_thread  */
-  YYSYMBOL_server_jostle_timeout = 520,    /* server_jostle_timeout  */
-  YYSYMBOL_server_delay_close = 521,       /* server_delay_close  */
-  YYSYMBOL_server_udp_connect = 522,       /* server_udp_connect  */
-  YYSYMBOL_server_unblock_lan_zones = 523, /* server_unblock_lan_zones  */
-  YYSYMBOL_server_insecure_lan_zones = 524, /* server_insecure_lan_zones  */
-  YYSYMBOL_server_rrset_cache_size = 525,  /* server_rrset_cache_size  */
-  YYSYMBOL_server_rrset_cache_slabs = 526, /* server_rrset_cache_slabs  */
-  YYSYMBOL_server_infra_host_ttl = 527,    /* server_infra_host_ttl  */
-  YYSYMBOL_server_infra_lame_ttl = 528,    /* server_infra_lame_ttl  */
-  YYSYMBOL_server_infra_cache_numhosts = 529, /* server_infra_cache_numhosts  */
-  YYSYMBOL_server_infra_cache_lame_size = 530, /* server_infra_cache_lame_size  */
-  YYSYMBOL_server_infra_cache_slabs = 531, /* server_infra_cache_slabs  */
-  YYSYMBOL_server_infra_cache_min_rtt = 532, /* server_infra_cache_min_rtt  */
-  YYSYMBOL_server_infra_cache_max_rtt = 533, /* server_infra_cache_max_rtt  */
-  YYSYMBOL_server_infra_keep_probing = 534, /* server_infra_keep_probing  */
-  YYSYMBOL_server_target_fetch_policy = 535, /* server_target_fetch_policy  */
-  YYSYMBOL_server_harden_short_bufsize = 536, /* server_harden_short_bufsize  */
-  YYSYMBOL_server_harden_large_queries = 537, /* server_harden_large_queries  */
-  YYSYMBOL_server_harden_glue = 538,       /* server_harden_glue  */
-  YYSYMBOL_server_harden_unverified_glue = 539, /* server_harden_unverified_glue  */
-  YYSYMBOL_server_harden_dnssec_stripped = 540, /* server_harden_dnssec_stripped  */
-  YYSYMBOL_server_harden_below_nxdomain = 541, /* server_harden_below_nxdomain  */
-  YYSYMBOL_server_harden_referral_path = 542, /* server_harden_referral_path  */
-  YYSYMBOL_server_harden_algo_downgrade = 543, /* server_harden_algo_downgrade  */
-  YYSYMBOL_server_harden_unknown_additional = 544, /* server_harden_unknown_additional  */
-  YYSYMBOL_server_use_caps_for_id = 545,   /* server_use_caps_for_id  */
-  YYSYMBOL_server_caps_whitelist = 546,    /* server_caps_whitelist  */
-  YYSYMBOL_server_private_address = 547,   /* server_private_address  */
-  YYSYMBOL_server_private_domain = 548,    /* server_private_domain  */
-  YYSYMBOL_server_prefetch = 549,          /* server_prefetch  */
-  YYSYMBOL_server_prefetch_key = 550,      /* server_prefetch_key  */
-  YYSYMBOL_server_deny_any = 551,          /* server_deny_any  */
-  YYSYMBOL_server_unwanted_reply_threshold = 552, /* server_unwanted_reply_threshold  */
-  YYSYMBOL_server_do_not_query_address = 553, /* server_do_not_query_address  */
-  YYSYMBOL_server_do_not_query_localhost = 554, /* server_do_not_query_localhost  */
-  YYSYMBOL_server_access_control = 555,    /* server_access_control  */
-  YYSYMBOL_server_interface_action = 556,  /* server_interface_action  */
-  YYSYMBOL_server_module_conf = 557,       /* server_module_conf  */
-  YYSYMBOL_server_val_override_date = 558, /* server_val_override_date  */
-  YYSYMBOL_server_val_sig_skew_min = 559,  /* server_val_sig_skew_min  */
-  YYSYMBOL_server_val_sig_skew_max = 560,  /* server_val_sig_skew_max  */
-  YYSYMBOL_server_val_max_restart = 561,   /* server_val_max_restart  */
-  YYSYMBOL_server_cache_max_ttl = 562,     /* server_cache_max_ttl  */
-  YYSYMBOL_server_cache_max_negative_ttl = 563, /* server_cache_max_negative_ttl  */
-  YYSYMBOL_server_cache_min_negative_ttl = 564, /* server_cache_min_negative_ttl  */
-  YYSYMBOL_server_cache_min_ttl = 565,     /* server_cache_min_ttl  */
-  YYSYMBOL_server_bogus_ttl = 566,         /* server_bogus_ttl  */
-  YYSYMBOL_server_val_clean_additional = 567, /* server_val_clean_additional  */
-  YYSYMBOL_server_val_permissive_mode = 568, /* server_val_permissive_mode  */
-  YYSYMBOL_server_aggressive_nsec = 569,   /* server_aggressive_nsec  */
-  YYSYMBOL_server_ignore_cd_flag = 570,    /* server_ignore_cd_flag  */
-  YYSYMBOL_server_disable_edns_do = 571,   /* server_disable_edns_do  */
-  YYSYMBOL_server_serve_expired = 572,     /* server_serve_expired  */
-  YYSYMBOL_server_serve_expired_ttl = 573, /* server_serve_expired_ttl  */
-  YYSYMBOL_server_serve_expired_ttl_reset = 574, /* server_serve_expired_ttl_reset  */
-  YYSYMBOL_server_serve_expired_reply_ttl = 575, /* server_serve_expired_reply_ttl  */
-  YYSYMBOL_server_serve_expired_client_timeout = 576, /* server_serve_expired_client_timeout  */
-  YYSYMBOL_server_ede_serve_expired = 577, /* server_ede_serve_expired  */
-  YYSYMBOL_server_serve_original_ttl = 578, /* server_serve_original_ttl  */
-  YYSYMBOL_server_fake_dsa = 579,          /* server_fake_dsa  */
-  YYSYMBOL_server_fake_sha1 = 580,         /* server_fake_sha1  */
-  YYSYMBOL_server_val_log_level = 581,     /* server_val_log_level  */
-  YYSYMBOL_server_val_nsec3_keysize_iterations = 582, /* server_val_nsec3_keysize_iterations  */
-  YYSYMBOL_server_zonemd_permissive_mode = 583, /* server_zonemd_permissive_mode  */
-  YYSYMBOL_server_add_holddown = 584,      /* server_add_holddown  */
-  YYSYMBOL_server_del_holddown = 585,      /* server_del_holddown  */
-  YYSYMBOL_server_keep_missing = 586,      /* server_keep_missing  */
-  YYSYMBOL_server_permit_small_holddown = 587, /* server_permit_small_holddown  */
-  YYSYMBOL_server_key_cache_size = 588,    /* server_key_cache_size  */
-  YYSYMBOL_server_key_cache_slabs = 589,   /* server_key_cache_slabs  */
-  YYSYMBOL_server_neg_cache_size = 590,    /* server_neg_cache_size  */
-  YYSYMBOL_server_local_zone = 591,        /* server_local_zone  */
-  YYSYMBOL_server_local_data = 592,        /* server_local_data  */
-  YYSYMBOL_server_local_data_ptr = 593,    /* server_local_data_ptr  */
-  YYSYMBOL_server_minimal_responses = 594, /* server_minimal_responses  */
-  YYSYMBOL_server_rrset_roundrobin = 595,  /* server_rrset_roundrobin  */
-  YYSYMBOL_server_unknown_server_time_limit = 596, /* server_unknown_server_time_limit  */
-  YYSYMBOL_server_discard_timeout = 597,   /* server_discard_timeout  */
-  YYSYMBOL_server_wait_limit = 598,        /* server_wait_limit  */
-  YYSYMBOL_server_wait_limit_cookie = 599, /* server_wait_limit_cookie  */
-  YYSYMBOL_server_wait_limit_netblock = 600, /* server_wait_limit_netblock  */
-  YYSYMBOL_server_wait_limit_cookie_netblock = 601, /* server_wait_limit_cookie_netblock  */
-  YYSYMBOL_server_max_udp_size = 602,      /* server_max_udp_size  */
-  YYSYMBOL_server_dns64_prefix = 603,      /* server_dns64_prefix  */
-  YYSYMBOL_server_dns64_synthall = 604,    /* server_dns64_synthall  */
-  YYSYMBOL_server_dns64_ignore_aaaa = 605, /* server_dns64_ignore_aaaa  */
-  YYSYMBOL_server_nat64_prefix = 606,      /* server_nat64_prefix  */
-  YYSYMBOL_server_define_tag = 607,        /* server_define_tag  */
-  YYSYMBOL_server_local_zone_tag = 608,    /* server_local_zone_tag  */
-  YYSYMBOL_server_access_control_tag = 609, /* server_access_control_tag  */
-  YYSYMBOL_server_access_control_tag_action = 610, /* server_access_control_tag_action  */
-  YYSYMBOL_server_access_control_tag_data = 611, /* server_access_control_tag_data  */
-  YYSYMBOL_server_local_zone_override = 612, /* server_local_zone_override  */
-  YYSYMBOL_server_access_control_view = 613, /* server_access_control_view  */
-  YYSYMBOL_server_interface_tag = 614,     /* server_interface_tag  */
-  YYSYMBOL_server_interface_tag_action = 615, /* server_interface_tag_action  */
-  YYSYMBOL_server_interface_tag_data = 616, /* server_interface_tag_data  */
-  YYSYMBOL_server_interface_view = 617,    /* server_interface_view  */
-  YYSYMBOL_server_response_ip_tag = 618,   /* server_response_ip_tag  */
-  YYSYMBOL_server_ip_ratelimit = 619,      /* server_ip_ratelimit  */
-  YYSYMBOL_server_ip_ratelimit_cookie = 620, /* server_ip_ratelimit_cookie  */
-  YYSYMBOL_server_ratelimit = 621,         /* server_ratelimit  */
-  YYSYMBOL_server_ip_ratelimit_size = 622, /* server_ip_ratelimit_size  */
-  YYSYMBOL_server_ratelimit_size = 623,    /* server_ratelimit_size  */
-  YYSYMBOL_server_ip_ratelimit_slabs = 624, /* server_ip_ratelimit_slabs  */
-  YYSYMBOL_server_ratelimit_slabs = 625,   /* server_ratelimit_slabs  */
-  YYSYMBOL_server_ratelimit_for_domain = 626, /* server_ratelimit_for_domain  */
-  YYSYMBOL_server_ratelimit_below_domain = 627, /* server_ratelimit_below_domain  */
-  YYSYMBOL_server_ip_ratelimit_factor = 628, /* server_ip_ratelimit_factor  */
-  YYSYMBOL_server_ratelimit_factor = 629,  /* server_ratelimit_factor  */
-  YYSYMBOL_server_ip_ratelimit_backoff = 630, /* server_ip_ratelimit_backoff  */
-  YYSYMBOL_server_ratelimit_backoff = 631, /* server_ratelimit_backoff  */
-  YYSYMBOL_server_outbound_msg_retry = 632, /* server_outbound_msg_retry  */
-  YYSYMBOL_server_max_sent_count = 633,    /* server_max_sent_count  */
-  YYSYMBOL_server_max_query_restarts = 634, /* server_max_query_restarts  */
-  YYSYMBOL_server_low_rtt = 635,           /* server_low_rtt  */
-  YYSYMBOL_server_fast_server_num = 636,   /* server_fast_server_num  */
-  YYSYMBOL_server_fast_server_permil = 637, /* server_fast_server_permil  */
-  YYSYMBOL_server_qname_minimisation = 638, /* server_qname_minimisation  */
-  YYSYMBOL_server_qname_minimisation_strict = 639, /* server_qname_minimisation_strict  */
-  YYSYMBOL_server_pad_responses = 640,     /* server_pad_responses  */
-  YYSYMBOL_server_pad_responses_block_size = 641, /* server_pad_responses_block_size  */
-  YYSYMBOL_server_pad_queries = 642,       /* server_pad_queries  */
-  YYSYMBOL_server_pad_queries_block_size = 643, /* server_pad_queries_block_size  */
-  YYSYMBOL_server_ipsecmod_enabled = 644,  /* server_ipsecmod_enabled  */
-  YYSYMBOL_server_ipsecmod_ignore_bogus = 645, /* server_ipsecmod_ignore_bogus  */
-  YYSYMBOL_server_ipsecmod_hook = 646,     /* server_ipsecmod_hook  */
-  YYSYMBOL_server_ipsecmod_max_ttl = 647,  /* server_ipsecmod_max_ttl  */
-  YYSYMBOL_server_ipsecmod_whitelist = 648, /* server_ipsecmod_whitelist  */
-  YYSYMBOL_server_ipsecmod_strict = 649,   /* server_ipsecmod_strict  */
-  YYSYMBOL_server_edns_client_string = 650, /* server_edns_client_string  */
-  YYSYMBOL_server_edns_client_string_opcode = 651, /* server_edns_client_string_opcode  */
-  YYSYMBOL_server_ede = 652,               /* server_ede  */
-  YYSYMBOL_server_dns_error_reporting = 653, /* server_dns_error_reporting  */
-  YYSYMBOL_server_proxy_protocol_port = 654, /* server_proxy_protocol_port  */
-  YYSYMBOL_stub_name = 655,                /* stub_name  */
-  YYSYMBOL_stub_host = 656,                /* stub_host  */
-  YYSYMBOL_stub_addr = 657,                /* stub_addr  */
-  YYSYMBOL_stub_first = 658,               /* stub_first  */
-  YYSYMBOL_stub_no_cache = 659,            /* stub_no_cache  */
-  YYSYMBOL_stub_ssl_upstream = 660,        /* stub_ssl_upstream  */
-  YYSYMBOL_stub_tcp_upstream = 661,        /* stub_tcp_upstream  */
-  YYSYMBOL_stub_prime = 662,               /* stub_prime  */
-  YYSYMBOL_forward_name = 663,             /* forward_name  */
-  YYSYMBOL_forward_host = 664,             /* forward_host  */
-  YYSYMBOL_forward_addr = 665,             /* forward_addr  */
-  YYSYMBOL_forward_first = 666,            /* forward_first  */
-  YYSYMBOL_forward_no_cache = 667,         /* forward_no_cache  */
-  YYSYMBOL_forward_ssl_upstream = 668,     /* forward_ssl_upstream  */
-  YYSYMBOL_forward_tcp_upstream = 669,     /* forward_tcp_upstream  */
-  YYSYMBOL_auth_name = 670,                /* auth_name  */
-  YYSYMBOL_auth_zonefile = 671,            /* auth_zonefile  */
-  YYSYMBOL_auth_master = 672,              /* auth_master  */
-  YYSYMBOL_auth_url = 673,                 /* auth_url  */
-  YYSYMBOL_auth_allow_notify = 674,        /* auth_allow_notify  */
-  YYSYMBOL_auth_zonemd_check = 675,        /* auth_zonemd_check  */
-  YYSYMBOL_auth_zonemd_reject_absence = 676, /* auth_zonemd_reject_absence  */
-  YYSYMBOL_auth_for_downstream = 677,      /* auth_for_downstream  */
-  YYSYMBOL_auth_for_upstream = 678,        /* auth_for_upstream  */
-  YYSYMBOL_auth_fallback_enabled = 679,    /* auth_fallback_enabled  */
-  YYSYMBOL_view_name = 680,                /* view_name  */
-  YYSYMBOL_view_local_zone = 681,          /* view_local_zone  */
-  YYSYMBOL_view_response_ip = 682,         /* view_response_ip  */
-  YYSYMBOL_view_response_ip_data = 683,    /* view_response_ip_data  */
-  YYSYMBOL_view_local_data = 684,          /* view_local_data  */
-  YYSYMBOL_view_local_data_ptr = 685,      /* view_local_data_ptr  */
-  YYSYMBOL_view_first = 686,               /* view_first  */
-  YYSYMBOL_rcstart = 687,                  /* rcstart  */
-  YYSYMBOL_contents_rc = 688,              /* contents_rc  */
-  YYSYMBOL_content_rc = 689,               /* content_rc  */
-  YYSYMBOL_rc_control_enable = 690,        /* rc_control_enable  */
-  YYSYMBOL_rc_control_port = 691,          /* rc_control_port  */
-  YYSYMBOL_rc_control_interface = 692,     /* rc_control_interface  */
-  YYSYMBOL_rc_control_use_cert = 693,      /* rc_control_use_cert  */
-  YYSYMBOL_rc_server_key_file = 694,       /* rc_server_key_file  */
-  YYSYMBOL_rc_server_cert_file = 695,      /* rc_server_cert_file  */
-  YYSYMBOL_rc_control_key_file = 696,      /* rc_control_key_file  */
-  YYSYMBOL_rc_control_cert_file = 697,     /* rc_control_cert_file  */
-  YYSYMBOL_dtstart = 698,                  /* dtstart  */
-  YYSYMBOL_contents_dt = 699,              /* contents_dt  */
-  YYSYMBOL_content_dt = 700,               /* content_dt  */
-  YYSYMBOL_dt_dnstap_enable = 701,         /* dt_dnstap_enable  */
-  YYSYMBOL_dt_dnstap_bidirectional = 702,  /* dt_dnstap_bidirectional  */
-  YYSYMBOL_dt_dnstap_socket_path = 703,    /* dt_dnstap_socket_path  */
-  YYSYMBOL_dt_dnstap_ip = 704,             /* dt_dnstap_ip  */
-  YYSYMBOL_dt_dnstap_tls = 705,            /* dt_dnstap_tls  */
-  YYSYMBOL_dt_dnstap_tls_server_name = 706, /* dt_dnstap_tls_server_name  */
-  YYSYMBOL_dt_dnstap_tls_cert_bundle = 707, /* dt_dnstap_tls_cert_bundle  */
-  YYSYMBOL_dt_dnstap_tls_client_key_file = 708, /* dt_dnstap_tls_client_key_file  */
-  YYSYMBOL_dt_dnstap_tls_client_cert_file = 709, /* dt_dnstap_tls_client_cert_file  */
-  YYSYMBOL_dt_dnstap_send_identity = 710,  /* dt_dnstap_send_identity  */
-  YYSYMBOL_dt_dnstap_send_version = 711,   /* dt_dnstap_send_version  */
-  YYSYMBOL_dt_dnstap_identity = 712,       /* dt_dnstap_identity  */
-  YYSYMBOL_dt_dnstap_version = 713,        /* dt_dnstap_version  */
-  YYSYMBOL_dt_dnstap_log_resolver_query_messages = 714, /* dt_dnstap_log_resolver_query_messages  */
-  YYSYMBOL_dt_dnstap_log_resolver_response_messages = 715, /* dt_dnstap_log_resolver_response_messages  */
-  YYSYMBOL_dt_dnstap_log_client_query_messages = 716, /* dt_dnstap_log_client_query_messages  */
-  YYSYMBOL_dt_dnstap_log_client_response_messages = 717, /* dt_dnstap_log_client_response_messages  */
-  YYSYMBOL_dt_dnstap_log_forwarder_query_messages = 718, /* dt_dnstap_log_forwarder_query_messages  */
-  YYSYMBOL_dt_dnstap_log_forwarder_response_messages = 719, /* dt_dnstap_log_forwarder_response_messages  */
-  YYSYMBOL_dt_dnstap_sample_rate = 720,    /* dt_dnstap_sample_rate  */
-  YYSYMBOL_pythonstart = 721,              /* pythonstart  */
-  YYSYMBOL_contents_py = 722,              /* contents_py  */
-  YYSYMBOL_content_py = 723,               /* content_py  */
-  YYSYMBOL_py_script = 724,                /* py_script  */
-  YYSYMBOL_dynlibstart = 725,              /* dynlibstart  */
-  YYSYMBOL_contents_dl = 726,              /* contents_dl  */
-  YYSYMBOL_content_dl = 727,               /* content_dl  */
-  YYSYMBOL_dl_file = 728,                  /* dl_file  */
-  YYSYMBOL_server_disable_dnssec_lame_check = 729, /* server_disable_dnssec_lame_check  */
-  YYSYMBOL_server_log_identity = 730,      /* server_log_identity  */
-  YYSYMBOL_server_response_ip = 731,       /* server_response_ip  */
-  YYSYMBOL_server_response_ip_data = 732,  /* server_response_ip_data  */
-  YYSYMBOL_dnscstart = 733,                /* dnscstart  */
-  YYSYMBOL_contents_dnsc = 734,            /* contents_dnsc  */
-  YYSYMBOL_content_dnsc = 735,             /* content_dnsc  */
-  YYSYMBOL_dnsc_dnscrypt_enable = 736,     /* dnsc_dnscrypt_enable  */
-  YYSYMBOL_dnsc_dnscrypt_port = 737,       /* dnsc_dnscrypt_port  */
-  YYSYMBOL_dnsc_dnscrypt_provider = 738,   /* dnsc_dnscrypt_provider  */
-  YYSYMBOL_dnsc_dnscrypt_provider_cert = 739, /* dnsc_dnscrypt_provider_cert  */
-  YYSYMBOL_dnsc_dnscrypt_provider_cert_rotated = 740, /* dnsc_dnscrypt_provider_cert_rotated  */
-  YYSYMBOL_dnsc_dnscrypt_secret_key = 741, /* dnsc_dnscrypt_secret_key  */
-  YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_size = 742, /* dnsc_dnscrypt_shared_secret_cache_size  */
-  YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_slabs = 743, /* dnsc_dnscrypt_shared_secret_cache_slabs  */
-  YYSYMBOL_dnsc_dnscrypt_nonce_cache_size = 744, /* dnsc_dnscrypt_nonce_cache_size  */
-  YYSYMBOL_dnsc_dnscrypt_nonce_cache_slabs = 745, /* dnsc_dnscrypt_nonce_cache_slabs  */
-  YYSYMBOL_cachedbstart = 746,             /* cachedbstart  */
-  YYSYMBOL_contents_cachedb = 747,         /* contents_cachedb  */
-  YYSYMBOL_content_cachedb = 748,          /* content_cachedb  */
-  YYSYMBOL_cachedb_backend_name = 749,     /* cachedb_backend_name  */
-  YYSYMBOL_cachedb_secret_seed = 750,      /* cachedb_secret_seed  */
-  YYSYMBOL_cachedb_no_store = 751,         /* cachedb_no_store  */
-  YYSYMBOL_cachedb_check_when_serve_expired = 752, /* cachedb_check_when_serve_expired  */
-  YYSYMBOL_redis_server_host = 753,        /* redis_server_host  */
-  YYSYMBOL_redis_replica_server_host = 754, /* redis_replica_server_host  */
-  YYSYMBOL_redis_server_port = 755,        /* redis_server_port  */
-  YYSYMBOL_redis_replica_server_port = 756, /* redis_replica_server_port  */
-  YYSYMBOL_redis_server_path = 757,        /* redis_server_path  */
-  YYSYMBOL_redis_replica_server_path = 758, /* redis_replica_server_path  */
-  YYSYMBOL_redis_server_password = 759,    /* redis_server_password  */
-  YYSYMBOL_redis_replica_server_password = 760, /* redis_replica_server_password  */
-  YYSYMBOL_redis_timeout = 761,            /* redis_timeout  */
-  YYSYMBOL_redis_replica_timeout = 762,    /* redis_replica_timeout  */
-  YYSYMBOL_redis_command_timeout = 763,    /* redis_command_timeout  */
-  YYSYMBOL_redis_replica_command_timeout = 764, /* redis_replica_command_timeout  */
-  YYSYMBOL_redis_connect_timeout = 765,    /* redis_connect_timeout  */
-  YYSYMBOL_redis_replica_connect_timeout = 766, /* redis_replica_connect_timeout  */
-  YYSYMBOL_redis_expire_records = 767,     /* redis_expire_records  */
-  YYSYMBOL_redis_logical_db = 768,         /* redis_logical_db  */
-  YYSYMBOL_redis_replica_logical_db = 769, /* redis_replica_logical_db  */
-  YYSYMBOL_server_tcp_connection_limit = 770, /* server_tcp_connection_limit  */
-  YYSYMBOL_server_answer_cookie = 771,     /* server_answer_cookie  */
-  YYSYMBOL_server_cookie_secret = 772,     /* server_cookie_secret  */
-  YYSYMBOL_server_cookie_secret_file = 773, /* server_cookie_secret_file  */
-  YYSYMBOL_server_iter_scrub_ns = 774,     /* server_iter_scrub_ns  */
-  YYSYMBOL_server_iter_scrub_cname = 775,  /* server_iter_scrub_cname  */
-  YYSYMBOL_server_max_global_quota = 776,  /* server_max_global_quota  */
-  YYSYMBOL_ipsetstart = 777,               /* ipsetstart  */
-  YYSYMBOL_contents_ipset = 778,           /* contents_ipset  */
-  YYSYMBOL_content_ipset = 779,            /* content_ipset  */
-  YYSYMBOL_ipset_name_v4 = 780,            /* ipset_name_v4  */
-  YYSYMBOL_ipset_name_v6 = 781             /* ipset_name_v6  */
+  YYSYMBOL_VAR_ITER_SCRUB_PROMISCUOUS = 377, /* VAR_ITER_SCRUB_PROMISCUOUS  */
+  YYSYMBOL_YYACCEPT = 378,                 /* $accept  */
+  YYSYMBOL_toplevelvars = 379,             /* toplevelvars  */
+  YYSYMBOL_toplevelvar = 380,              /* toplevelvar  */
+  YYSYMBOL_force_toplevel = 381,           /* force_toplevel  */
+  YYSYMBOL_serverstart = 382,              /* serverstart  */
+  YYSYMBOL_contents_server = 383,          /* contents_server  */
+  YYSYMBOL_content_server = 384,           /* content_server  */
+  YYSYMBOL_stub_clause = 385,              /* stub_clause  */
+  YYSYMBOL_stubstart = 386,                /* stubstart  */
+  YYSYMBOL_contents_stub = 387,            /* contents_stub  */
+  YYSYMBOL_content_stub = 388,             /* content_stub  */
+  YYSYMBOL_forward_clause = 389,           /* forward_clause  */
+  YYSYMBOL_forwardstart = 390,             /* forwardstart  */
+  YYSYMBOL_contents_forward = 391,         /* contents_forward  */
+  YYSYMBOL_content_forward = 392,          /* content_forward  */
+  YYSYMBOL_view_clause = 393,              /* view_clause  */
+  YYSYMBOL_viewstart = 394,                /* viewstart  */
+  YYSYMBOL_contents_view = 395,            /* contents_view  */
+  YYSYMBOL_content_view = 396,             /* content_view  */
+  YYSYMBOL_authstart = 397,                /* authstart  */
+  YYSYMBOL_contents_auth = 398,            /* contents_auth  */
+  YYSYMBOL_content_auth = 399,             /* content_auth  */
+  YYSYMBOL_rpz_tag = 400,                  /* rpz_tag  */
+  YYSYMBOL_rpz_action_override = 401,      /* rpz_action_override  */
+  YYSYMBOL_rpz_cname_override = 402,       /* rpz_cname_override  */
+  YYSYMBOL_rpz_log = 403,                  /* rpz_log  */
+  YYSYMBOL_rpz_log_name = 404,             /* rpz_log_name  */
+  YYSYMBOL_rpz_signal_nxdomain_ra = 405,   /* rpz_signal_nxdomain_ra  */
+  YYSYMBOL_rpzstart = 406,                 /* rpzstart  */
+  YYSYMBOL_contents_rpz = 407,             /* contents_rpz  */
+  YYSYMBOL_content_rpz = 408,              /* content_rpz  */
+  YYSYMBOL_server_num_threads = 409,       /* server_num_threads  */
+  YYSYMBOL_server_verbosity = 410,         /* server_verbosity  */
+  YYSYMBOL_server_statistics_interval = 411, /* server_statistics_interval  */
+  YYSYMBOL_server_statistics_cumulative = 412, /* server_statistics_cumulative  */
+  YYSYMBOL_server_extended_statistics = 413, /* server_extended_statistics  */
+  YYSYMBOL_server_statistics_inhibit_zero = 414, /* server_statistics_inhibit_zero  */
+  YYSYMBOL_server_shm_enable = 415,        /* server_shm_enable  */
+  YYSYMBOL_server_shm_key = 416,           /* server_shm_key  */
+  YYSYMBOL_server_port = 417,              /* server_port  */
+  YYSYMBOL_server_send_client_subnet = 418, /* server_send_client_subnet  */
+  YYSYMBOL_server_client_subnet_zone = 419, /* server_client_subnet_zone  */
+  YYSYMBOL_server_client_subnet_always_forward = 420, /* server_client_subnet_always_forward  */
+  YYSYMBOL_server_client_subnet_opcode = 421, /* server_client_subnet_opcode  */
+  YYSYMBOL_server_max_client_subnet_ipv4 = 422, /* server_max_client_subnet_ipv4  */
+  YYSYMBOL_server_max_client_subnet_ipv6 = 423, /* server_max_client_subnet_ipv6  */
+  YYSYMBOL_server_min_client_subnet_ipv4 = 424, /* server_min_client_subnet_ipv4  */
+  YYSYMBOL_server_min_client_subnet_ipv6 = 425, /* server_min_client_subnet_ipv6  */
+  YYSYMBOL_server_max_ecs_tree_size_ipv4 = 426, /* server_max_ecs_tree_size_ipv4  */
+  YYSYMBOL_server_max_ecs_tree_size_ipv6 = 427, /* server_max_ecs_tree_size_ipv6  */
+  YYSYMBOL_server_interface = 428,         /* server_interface  */
+  YYSYMBOL_server_outgoing_interface = 429, /* server_outgoing_interface  */
+  YYSYMBOL_server_outgoing_range = 430,    /* server_outgoing_range  */
+  YYSYMBOL_server_outgoing_port_permit = 431, /* server_outgoing_port_permit  */
+  YYSYMBOL_server_outgoing_port_avoid = 432, /* server_outgoing_port_avoid  */
+  YYSYMBOL_server_outgoing_num_tcp = 433,  /* server_outgoing_num_tcp  */
+  YYSYMBOL_server_incoming_num_tcp = 434,  /* server_incoming_num_tcp  */
+  YYSYMBOL_server_interface_automatic = 435, /* server_interface_automatic  */
+  YYSYMBOL_server_interface_automatic_ports = 436, /* server_interface_automatic_ports  */
+  YYSYMBOL_server_do_ip4 = 437,            /* server_do_ip4  */
+  YYSYMBOL_server_do_ip6 = 438,            /* server_do_ip6  */
+  YYSYMBOL_server_do_nat64 = 439,          /* server_do_nat64  */
+  YYSYMBOL_server_do_udp = 440,            /* server_do_udp  */
+  YYSYMBOL_server_do_tcp = 441,            /* server_do_tcp  */
+  YYSYMBOL_server_prefer_ip4 = 442,        /* server_prefer_ip4  */
+  YYSYMBOL_server_prefer_ip6 = 443,        /* server_prefer_ip6  */
+  YYSYMBOL_server_tcp_mss = 444,           /* server_tcp_mss  */
+  YYSYMBOL_server_outgoing_tcp_mss = 445,  /* server_outgoing_tcp_mss  */
+  YYSYMBOL_server_tcp_idle_timeout = 446,  /* server_tcp_idle_timeout  */
+  YYSYMBOL_server_max_reuse_tcp_queries = 447, /* server_max_reuse_tcp_queries  */
+  YYSYMBOL_server_tcp_reuse_timeout = 448, /* server_tcp_reuse_timeout  */
+  YYSYMBOL_server_tcp_auth_query_timeout = 449, /* server_tcp_auth_query_timeout  */
+  YYSYMBOL_server_tcp_keepalive = 450,     /* server_tcp_keepalive  */
+  YYSYMBOL_server_tcp_keepalive_timeout = 451, /* server_tcp_keepalive_timeout  */
+  YYSYMBOL_server_sock_queue_timeout = 452, /* server_sock_queue_timeout  */
+  YYSYMBOL_server_tcp_upstream = 453,      /* server_tcp_upstream  */
+  YYSYMBOL_server_udp_upstream_without_downstream = 454, /* server_udp_upstream_without_downstream  */
+  YYSYMBOL_server_ssl_upstream = 455,      /* server_ssl_upstream  */
+  YYSYMBOL_server_ssl_service_key = 456,   /* server_ssl_service_key  */
+  YYSYMBOL_server_ssl_service_pem = 457,   /* server_ssl_service_pem  */
+  YYSYMBOL_server_ssl_port = 458,          /* server_ssl_port  */
+  YYSYMBOL_server_tls_cert_bundle = 459,   /* server_tls_cert_bundle  */
+  YYSYMBOL_server_tls_win_cert = 460,      /* server_tls_win_cert  */
+  YYSYMBOL_server_tls_additional_port = 461, /* server_tls_additional_port  */
+  YYSYMBOL_server_tls_ciphers = 462,       /* server_tls_ciphers  */
+  YYSYMBOL_server_tls_ciphersuites = 463,  /* server_tls_ciphersuites  */
+  YYSYMBOL_server_tls_session_ticket_keys = 464, /* server_tls_session_ticket_keys  */
+  YYSYMBOL_server_tls_use_sni = 465,       /* server_tls_use_sni  */
+  YYSYMBOL_server_https_port = 466,        /* server_https_port  */
+  YYSYMBOL_server_http_endpoint = 467,     /* server_http_endpoint  */
+  YYSYMBOL_server_http_max_streams = 468,  /* server_http_max_streams  */
+  YYSYMBOL_server_http_query_buffer_size = 469, /* server_http_query_buffer_size  */
+  YYSYMBOL_server_http_response_buffer_size = 470, /* server_http_response_buffer_size  */
+  YYSYMBOL_server_http_nodelay = 471,      /* server_http_nodelay  */
+  YYSYMBOL_server_http_notls_downstream = 472, /* server_http_notls_downstream  */
+  YYSYMBOL_server_quic_port = 473,         /* server_quic_port  */
+  YYSYMBOL_server_quic_size = 474,         /* server_quic_size  */
+  YYSYMBOL_server_use_systemd = 475,       /* server_use_systemd  */
+  YYSYMBOL_server_do_daemonize = 476,      /* server_do_daemonize  */
+  YYSYMBOL_server_use_syslog = 477,        /* server_use_syslog  */
+  YYSYMBOL_server_log_time_ascii = 478,    /* server_log_time_ascii  */
+  YYSYMBOL_server_log_time_iso = 479,      /* server_log_time_iso  */
+  YYSYMBOL_server_log_queries = 480,       /* server_log_queries  */
+  YYSYMBOL_server_log_replies = 481,       /* server_log_replies  */
+  YYSYMBOL_server_log_tag_queryreply = 482, /* server_log_tag_queryreply  */
+  YYSYMBOL_server_log_servfail = 483,      /* server_log_servfail  */
+  YYSYMBOL_server_log_destaddr = 484,      /* server_log_destaddr  */
+  YYSYMBOL_server_log_local_actions = 485, /* server_log_local_actions  */
+  YYSYMBOL_server_chroot = 486,            /* server_chroot  */
+  YYSYMBOL_server_username = 487,          /* server_username  */
+  YYSYMBOL_server_directory = 488,         /* server_directory  */
+  YYSYMBOL_server_logfile = 489,           /* server_logfile  */
+  YYSYMBOL_server_pidfile = 490,           /* server_pidfile  */
+  YYSYMBOL_server_root_hints = 491,        /* server_root_hints  */
+  YYSYMBOL_server_dlv_anchor_file = 492,   /* server_dlv_anchor_file  */
+  YYSYMBOL_server_dlv_anchor = 493,        /* server_dlv_anchor  */
+  YYSYMBOL_server_auto_trust_anchor_file = 494, /* server_auto_trust_anchor_file  */
+  YYSYMBOL_server_trust_anchor_file = 495, /* server_trust_anchor_file  */
+  YYSYMBOL_server_trusted_keys_file = 496, /* server_trusted_keys_file  */
+  YYSYMBOL_server_trust_anchor = 497,      /* server_trust_anchor  */
+  YYSYMBOL_server_trust_anchor_signaling = 498, /* server_trust_anchor_signaling  */
+  YYSYMBOL_server_root_key_sentinel = 499, /* server_root_key_sentinel  */
+  YYSYMBOL_server_domain_insecure = 500,   /* server_domain_insecure  */
+  YYSYMBOL_server_hide_identity = 501,     /* server_hide_identity  */
+  YYSYMBOL_server_hide_version = 502,      /* server_hide_version  */
+  YYSYMBOL_server_hide_trustanchor = 503,  /* server_hide_trustanchor  */
+  YYSYMBOL_server_hide_http_user_agent = 504, /* server_hide_http_user_agent  */
+  YYSYMBOL_server_identity = 505,          /* server_identity  */
+  YYSYMBOL_server_version = 506,           /* server_version  */
+  YYSYMBOL_server_http_user_agent = 507,   /* server_http_user_agent  */
+  YYSYMBOL_server_nsid = 508,              /* server_nsid  */
+  YYSYMBOL_server_so_rcvbuf = 509,         /* server_so_rcvbuf  */
+  YYSYMBOL_server_so_sndbuf = 510,         /* server_so_sndbuf  */
+  YYSYMBOL_server_so_reuseport = 511,      /* server_so_reuseport  */
+  YYSYMBOL_server_ip_transparent = 512,    /* server_ip_transparent  */
+  YYSYMBOL_server_ip_freebind = 513,       /* server_ip_freebind  */
+  YYSYMBOL_server_ip_dscp = 514,           /* server_ip_dscp  */
+  YYSYMBOL_server_stream_wait_size = 515,  /* server_stream_wait_size  */
+  YYSYMBOL_server_edns_buffer_size = 516,  /* server_edns_buffer_size  */
+  YYSYMBOL_server_msg_buffer_size = 517,   /* server_msg_buffer_size  */
+  YYSYMBOL_server_msg_cache_size = 518,    /* server_msg_cache_size  */
+  YYSYMBOL_server_msg_cache_slabs = 519,   /* server_msg_cache_slabs  */
+  YYSYMBOL_server_num_queries_per_thread = 520, /* server_num_queries_per_thread  */
+  YYSYMBOL_server_jostle_timeout = 521,    /* server_jostle_timeout  */
+  YYSYMBOL_server_delay_close = 522,       /* server_delay_close  */
+  YYSYMBOL_server_udp_connect = 523,       /* server_udp_connect  */
+  YYSYMBOL_server_unblock_lan_zones = 524, /* server_unblock_lan_zones  */
+  YYSYMBOL_server_insecure_lan_zones = 525, /* server_insecure_lan_zones  */
+  YYSYMBOL_server_rrset_cache_size = 526,  /* server_rrset_cache_size  */
+  YYSYMBOL_server_rrset_cache_slabs = 527, /* server_rrset_cache_slabs  */
+  YYSYMBOL_server_infra_host_ttl = 528,    /* server_infra_host_ttl  */
+  YYSYMBOL_server_infra_lame_ttl = 529,    /* server_infra_lame_ttl  */
+  YYSYMBOL_server_infra_cache_numhosts = 530, /* server_infra_cache_numhosts  */
+  YYSYMBOL_server_infra_cache_lame_size = 531, /* server_infra_cache_lame_size  */
+  YYSYMBOL_server_infra_cache_slabs = 532, /* server_infra_cache_slabs  */
+  YYSYMBOL_server_infra_cache_min_rtt = 533, /* server_infra_cache_min_rtt  */
+  YYSYMBOL_server_infra_cache_max_rtt = 534, /* server_infra_cache_max_rtt  */
+  YYSYMBOL_server_infra_keep_probing = 535, /* server_infra_keep_probing  */
+  YYSYMBOL_server_target_fetch_policy = 536, /* server_target_fetch_policy  */
+  YYSYMBOL_server_harden_short_bufsize = 537, /* server_harden_short_bufsize  */
+  YYSYMBOL_server_harden_large_queries = 538, /* server_harden_large_queries  */
+  YYSYMBOL_server_harden_glue = 539,       /* server_harden_glue  */
+  YYSYMBOL_server_harden_unverified_glue = 540, /* server_harden_unverified_glue  */
+  YYSYMBOL_server_harden_dnssec_stripped = 541, /* server_harden_dnssec_stripped  */
+  YYSYMBOL_server_harden_below_nxdomain = 542, /* server_harden_below_nxdomain  */
+  YYSYMBOL_server_harden_referral_path = 543, /* server_harden_referral_path  */
+  YYSYMBOL_server_harden_algo_downgrade = 544, /* server_harden_algo_downgrade  */
+  YYSYMBOL_server_harden_unknown_additional = 545, /* server_harden_unknown_additional  */
+  YYSYMBOL_server_use_caps_for_id = 546,   /* server_use_caps_for_id  */
+  YYSYMBOL_server_caps_whitelist = 547,    /* server_caps_whitelist  */
+  YYSYMBOL_server_private_address = 548,   /* server_private_address  */
+  YYSYMBOL_server_private_domain = 549,    /* server_private_domain  */
+  YYSYMBOL_server_prefetch = 550,          /* server_prefetch  */
+  YYSYMBOL_server_prefetch_key = 551,      /* server_prefetch_key  */
+  YYSYMBOL_server_deny_any = 552,          /* server_deny_any  */
+  YYSYMBOL_server_unwanted_reply_threshold = 553, /* server_unwanted_reply_threshold  */
+  YYSYMBOL_server_do_not_query_address = 554, /* server_do_not_query_address  */
+  YYSYMBOL_server_do_not_query_localhost = 555, /* server_do_not_query_localhost  */
+  YYSYMBOL_server_access_control = 556,    /* server_access_control  */
+  YYSYMBOL_server_interface_action = 557,  /* server_interface_action  */
+  YYSYMBOL_server_module_conf = 558,       /* server_module_conf  */
+  YYSYMBOL_server_val_override_date = 559, /* server_val_override_date  */
+  YYSYMBOL_server_val_sig_skew_min = 560,  /* server_val_sig_skew_min  */
+  YYSYMBOL_server_val_sig_skew_max = 561,  /* server_val_sig_skew_max  */
+  YYSYMBOL_server_val_max_restart = 562,   /* server_val_max_restart  */
+  YYSYMBOL_server_cache_max_ttl = 563,     /* server_cache_max_ttl  */
+  YYSYMBOL_server_cache_max_negative_ttl = 564, /* server_cache_max_negative_ttl  */
+  YYSYMBOL_server_cache_min_negative_ttl = 565, /* server_cache_min_negative_ttl  */
+  YYSYMBOL_server_cache_min_ttl = 566,     /* server_cache_min_ttl  */
+  YYSYMBOL_server_bogus_ttl = 567,         /* server_bogus_ttl  */
+  YYSYMBOL_server_val_clean_additional = 568, /* server_val_clean_additional  */
+  YYSYMBOL_server_val_permissive_mode = 569, /* server_val_permissive_mode  */
+  YYSYMBOL_server_aggressive_nsec = 570,   /* server_aggressive_nsec  */
+  YYSYMBOL_server_ignore_cd_flag = 571,    /* server_ignore_cd_flag  */
+  YYSYMBOL_server_disable_edns_do = 572,   /* server_disable_edns_do  */
+  YYSYMBOL_server_serve_expired = 573,     /* server_serve_expired  */
+  YYSYMBOL_server_serve_expired_ttl = 574, /* server_serve_expired_ttl  */
+  YYSYMBOL_server_serve_expired_ttl_reset = 575, /* server_serve_expired_ttl_reset  */
+  YYSYMBOL_server_serve_expired_reply_ttl = 576, /* server_serve_expired_reply_ttl  */
+  YYSYMBOL_server_serve_expired_client_timeout = 577, /* server_serve_expired_client_timeout  */
+  YYSYMBOL_server_ede_serve_expired = 578, /* server_ede_serve_expired  */
+  YYSYMBOL_server_serve_original_ttl = 579, /* server_serve_original_ttl  */
+  YYSYMBOL_server_fake_dsa = 580,          /* server_fake_dsa  */
+  YYSYMBOL_server_fake_sha1 = 581,         /* server_fake_sha1  */
+  YYSYMBOL_server_val_log_level = 582,     /* server_val_log_level  */
+  YYSYMBOL_server_val_nsec3_keysize_iterations = 583, /* server_val_nsec3_keysize_iterations  */
+  YYSYMBOL_server_zonemd_permissive_mode = 584, /* server_zonemd_permissive_mode  */
+  YYSYMBOL_server_add_holddown = 585,      /* server_add_holddown  */
+  YYSYMBOL_server_del_holddown = 586,      /* server_del_holddown  */
+  YYSYMBOL_server_keep_missing = 587,      /* server_keep_missing  */
+  YYSYMBOL_server_permit_small_holddown = 588, /* server_permit_small_holddown  */
+  YYSYMBOL_server_key_cache_size = 589,    /* server_key_cache_size  */
+  YYSYMBOL_server_key_cache_slabs = 590,   /* server_key_cache_slabs  */
+  YYSYMBOL_server_neg_cache_size = 591,    /* server_neg_cache_size  */
+  YYSYMBOL_server_local_zone = 592,        /* server_local_zone  */
+  YYSYMBOL_server_local_data = 593,        /* server_local_data  */
+  YYSYMBOL_server_local_data_ptr = 594,    /* server_local_data_ptr  */
+  YYSYMBOL_server_minimal_responses = 595, /* server_minimal_responses  */
+  YYSYMBOL_server_rrset_roundrobin = 596,  /* server_rrset_roundrobin  */
+  YYSYMBOL_server_unknown_server_time_limit = 597, /* server_unknown_server_time_limit  */
+  YYSYMBOL_server_discard_timeout = 598,   /* server_discard_timeout  */
+  YYSYMBOL_server_wait_limit = 599,        /* server_wait_limit  */
+  YYSYMBOL_server_wait_limit_cookie = 600, /* server_wait_limit_cookie  */
+  YYSYMBOL_server_wait_limit_netblock = 601, /* server_wait_limit_netblock  */
+  YYSYMBOL_server_wait_limit_cookie_netblock = 602, /* server_wait_limit_cookie_netblock  */
+  YYSYMBOL_server_max_udp_size = 603,      /* server_max_udp_size  */
+  YYSYMBOL_server_dns64_prefix = 604,      /* server_dns64_prefix  */
+  YYSYMBOL_server_dns64_synthall = 605,    /* server_dns64_synthall  */
+  YYSYMBOL_server_dns64_ignore_aaaa = 606, /* server_dns64_ignore_aaaa  */
+  YYSYMBOL_server_nat64_prefix = 607,      /* server_nat64_prefix  */
+  YYSYMBOL_server_define_tag = 608,        /* server_define_tag  */
+  YYSYMBOL_server_local_zone_tag = 609,    /* server_local_zone_tag  */
+  YYSYMBOL_server_access_control_tag = 610, /* server_access_control_tag  */
+  YYSYMBOL_server_access_control_tag_action = 611, /* server_access_control_tag_action  */
+  YYSYMBOL_server_access_control_tag_data = 612, /* server_access_control_tag_data  */
+  YYSYMBOL_server_local_zone_override = 613, /* server_local_zone_override  */
+  YYSYMBOL_server_access_control_view = 614, /* server_access_control_view  */
+  YYSYMBOL_server_interface_tag = 615,     /* server_interface_tag  */
+  YYSYMBOL_server_interface_tag_action = 616, /* server_interface_tag_action  */
+  YYSYMBOL_server_interface_tag_data = 617, /* server_interface_tag_data  */
+  YYSYMBOL_server_interface_view = 618,    /* server_interface_view  */
+  YYSYMBOL_server_response_ip_tag = 619,   /* server_response_ip_tag  */
+  YYSYMBOL_server_ip_ratelimit = 620,      /* server_ip_ratelimit  */
+  YYSYMBOL_server_ip_ratelimit_cookie = 621, /* server_ip_ratelimit_cookie  */
+  YYSYMBOL_server_ratelimit = 622,         /* server_ratelimit  */
+  YYSYMBOL_server_ip_ratelimit_size = 623, /* server_ip_ratelimit_size  */
+  YYSYMBOL_server_ratelimit_size = 624,    /* server_ratelimit_size  */
+  YYSYMBOL_server_ip_ratelimit_slabs = 625, /* server_ip_ratelimit_slabs  */
+  YYSYMBOL_server_ratelimit_slabs = 626,   /* server_ratelimit_slabs  */
+  YYSYMBOL_server_ratelimit_for_domain = 627, /* server_ratelimit_for_domain  */
+  YYSYMBOL_server_ratelimit_below_domain = 628, /* server_ratelimit_below_domain  */
+  YYSYMBOL_server_ip_ratelimit_factor = 629, /* server_ip_ratelimit_factor  */
+  YYSYMBOL_server_ratelimit_factor = 630,  /* server_ratelimit_factor  */
+  YYSYMBOL_server_ip_ratelimit_backoff = 631, /* server_ip_ratelimit_backoff  */
+  YYSYMBOL_server_ratelimit_backoff = 632, /* server_ratelimit_backoff  */
+  YYSYMBOL_server_outbound_msg_retry = 633, /* server_outbound_msg_retry  */
+  YYSYMBOL_server_max_sent_count = 634,    /* server_max_sent_count  */
+  YYSYMBOL_server_max_query_restarts = 635, /* server_max_query_restarts  */
+  YYSYMBOL_server_low_rtt = 636,           /* server_low_rtt  */
+  YYSYMBOL_server_fast_server_num = 637,   /* server_fast_server_num  */
+  YYSYMBOL_server_fast_server_permil = 638, /* server_fast_server_permil  */
+  YYSYMBOL_server_qname_minimisation = 639, /* server_qname_minimisation  */
+  YYSYMBOL_server_qname_minimisation_strict = 640, /* server_qname_minimisation_strict  */
+  YYSYMBOL_server_pad_responses = 641,     /* server_pad_responses  */
+  YYSYMBOL_server_pad_responses_block_size = 642, /* server_pad_responses_block_size  */
+  YYSYMBOL_server_pad_queries = 643,       /* server_pad_queries  */
+  YYSYMBOL_server_pad_queries_block_size = 644, /* server_pad_queries_block_size  */
+  YYSYMBOL_server_ipsecmod_enabled = 645,  /* server_ipsecmod_enabled  */
+  YYSYMBOL_server_ipsecmod_ignore_bogus = 646, /* server_ipsecmod_ignore_bogus  */
+  YYSYMBOL_server_ipsecmod_hook = 647,     /* server_ipsecmod_hook  */
+  YYSYMBOL_server_ipsecmod_max_ttl = 648,  /* server_ipsecmod_max_ttl  */
+  YYSYMBOL_server_ipsecmod_whitelist = 649, /* server_ipsecmod_whitelist  */
+  YYSYMBOL_server_ipsecmod_strict = 650,   /* server_ipsecmod_strict  */
+  YYSYMBOL_server_edns_client_string = 651, /* server_edns_client_string  */
+  YYSYMBOL_server_edns_client_string_opcode = 652, /* server_edns_client_string_opcode  */
+  YYSYMBOL_server_ede = 653,               /* server_ede  */
+  YYSYMBOL_server_dns_error_reporting = 654, /* server_dns_error_reporting  */
+  YYSYMBOL_server_proxy_protocol_port = 655, /* server_proxy_protocol_port  */
+  YYSYMBOL_stub_name = 656,                /* stub_name  */
+  YYSYMBOL_stub_host = 657,                /* stub_host  */
+  YYSYMBOL_stub_addr = 658,                /* stub_addr  */
+  YYSYMBOL_stub_first = 659,               /* stub_first  */
+  YYSYMBOL_stub_no_cache = 660,            /* stub_no_cache  */
+  YYSYMBOL_stub_ssl_upstream = 661,        /* stub_ssl_upstream  */
+  YYSYMBOL_stub_tcp_upstream = 662,        /* stub_tcp_upstream  */
+  YYSYMBOL_stub_prime = 663,               /* stub_prime  */
+  YYSYMBOL_forward_name = 664,             /* forward_name  */
+  YYSYMBOL_forward_host = 665,             /* forward_host  */
+  YYSYMBOL_forward_addr = 666,             /* forward_addr  */
+  YYSYMBOL_forward_first = 667,            /* forward_first  */
+  YYSYMBOL_forward_no_cache = 668,         /* forward_no_cache  */
+  YYSYMBOL_forward_ssl_upstream = 669,     /* forward_ssl_upstream  */
+  YYSYMBOL_forward_tcp_upstream = 670,     /* forward_tcp_upstream  */
+  YYSYMBOL_auth_name = 671,                /* auth_name  */
+  YYSYMBOL_auth_zonefile = 672,            /* auth_zonefile  */
+  YYSYMBOL_auth_master = 673,              /* auth_master  */
+  YYSYMBOL_auth_url = 674,                 /* auth_url  */
+  YYSYMBOL_auth_allow_notify = 675,        /* auth_allow_notify  */
+  YYSYMBOL_auth_zonemd_check = 676,        /* auth_zonemd_check  */
+  YYSYMBOL_auth_zonemd_reject_absence = 677, /* auth_zonemd_reject_absence  */
+  YYSYMBOL_auth_for_downstream = 678,      /* auth_for_downstream  */
+  YYSYMBOL_auth_for_upstream = 679,        /* auth_for_upstream  */
+  YYSYMBOL_auth_fallback_enabled = 680,    /* auth_fallback_enabled  */
+  YYSYMBOL_view_name = 681,                /* view_name  */
+  YYSYMBOL_view_local_zone = 682,          /* view_local_zone  */
+  YYSYMBOL_view_response_ip = 683,         /* view_response_ip  */
+  YYSYMBOL_view_response_ip_data = 684,    /* view_response_ip_data  */
+  YYSYMBOL_view_local_data = 685,          /* view_local_data  */
+  YYSYMBOL_view_local_data_ptr = 686,      /* view_local_data_ptr  */
+  YYSYMBOL_view_first = 687,               /* view_first  */
+  YYSYMBOL_rcstart = 688,                  /* rcstart  */
+  YYSYMBOL_contents_rc = 689,              /* contents_rc  */
+  YYSYMBOL_content_rc = 690,               /* content_rc  */
+  YYSYMBOL_rc_control_enable = 691,        /* rc_control_enable  */
+  YYSYMBOL_rc_control_port = 692,          /* rc_control_port  */
+  YYSYMBOL_rc_control_interface = 693,     /* rc_control_interface  */
+  YYSYMBOL_rc_control_use_cert = 694,      /* rc_control_use_cert  */
+  YYSYMBOL_rc_server_key_file = 695,       /* rc_server_key_file  */
+  YYSYMBOL_rc_server_cert_file = 696,      /* rc_server_cert_file  */
+  YYSYMBOL_rc_control_key_file = 697,      /* rc_control_key_file  */
+  YYSYMBOL_rc_control_cert_file = 698,     /* rc_control_cert_file  */
+  YYSYMBOL_dtstart = 699,                  /* dtstart  */
+  YYSYMBOL_contents_dt = 700,              /* contents_dt  */
+  YYSYMBOL_content_dt = 701,               /* content_dt  */
+  YYSYMBOL_dt_dnstap_enable = 702,         /* dt_dnstap_enable  */
+  YYSYMBOL_dt_dnstap_bidirectional = 703,  /* dt_dnstap_bidirectional  */
+  YYSYMBOL_dt_dnstap_socket_path = 704,    /* dt_dnstap_socket_path  */
+  YYSYMBOL_dt_dnstap_ip = 705,             /* dt_dnstap_ip  */
+  YYSYMBOL_dt_dnstap_tls = 706,            /* dt_dnstap_tls  */
+  YYSYMBOL_dt_dnstap_tls_server_name = 707, /* dt_dnstap_tls_server_name  */
+  YYSYMBOL_dt_dnstap_tls_cert_bundle = 708, /* dt_dnstap_tls_cert_bundle  */
+  YYSYMBOL_dt_dnstap_tls_client_key_file = 709, /* dt_dnstap_tls_client_key_file  */
+  YYSYMBOL_dt_dnstap_tls_client_cert_file = 710, /* dt_dnstap_tls_client_cert_file  */
+  YYSYMBOL_dt_dnstap_send_identity = 711,  /* dt_dnstap_send_identity  */
+  YYSYMBOL_dt_dnstap_send_version = 712,   /* dt_dnstap_send_version  */
+  YYSYMBOL_dt_dnstap_identity = 713,       /* dt_dnstap_identity  */
+  YYSYMBOL_dt_dnstap_version = 714,        /* dt_dnstap_version  */
+  YYSYMBOL_dt_dnstap_log_resolver_query_messages = 715, /* dt_dnstap_log_resolver_query_messages  */
+  YYSYMBOL_dt_dnstap_log_resolver_response_messages = 716, /* dt_dnstap_log_resolver_response_messages  */
+  YYSYMBOL_dt_dnstap_log_client_query_messages = 717, /* dt_dnstap_log_client_query_messages  */
+  YYSYMBOL_dt_dnstap_log_client_response_messages = 718, /* dt_dnstap_log_client_response_messages  */
+  YYSYMBOL_dt_dnstap_log_forwarder_query_messages = 719, /* dt_dnstap_log_forwarder_query_messages  */
+  YYSYMBOL_dt_dnstap_log_forwarder_response_messages = 720, /* dt_dnstap_log_forwarder_response_messages  */
+  YYSYMBOL_dt_dnstap_sample_rate = 721,    /* dt_dnstap_sample_rate  */
+  YYSYMBOL_pythonstart = 722,              /* pythonstart  */
+  YYSYMBOL_contents_py = 723,              /* contents_py  */
+  YYSYMBOL_content_py = 724,               /* content_py  */
+  YYSYMBOL_py_script = 725,                /* py_script  */
+  YYSYMBOL_dynlibstart = 726,              /* dynlibstart  */
+  YYSYMBOL_contents_dl = 727,              /* contents_dl  */
+  YYSYMBOL_content_dl = 728,               /* content_dl  */
+  YYSYMBOL_dl_file = 729,                  /* dl_file  */
+  YYSYMBOL_server_disable_dnssec_lame_check = 730, /* server_disable_dnssec_lame_check  */
+  YYSYMBOL_server_log_identity = 731,      /* server_log_identity  */
+  YYSYMBOL_server_response_ip = 732,       /* server_response_ip  */
+  YYSYMBOL_server_response_ip_data = 733,  /* server_response_ip_data  */
+  YYSYMBOL_dnscstart = 734,                /* dnscstart  */
+  YYSYMBOL_contents_dnsc = 735,            /* contents_dnsc  */
+  YYSYMBOL_content_dnsc = 736,             /* content_dnsc  */
+  YYSYMBOL_dnsc_dnscrypt_enable = 737,     /* dnsc_dnscrypt_enable  */
+  YYSYMBOL_dnsc_dnscrypt_port = 738,       /* dnsc_dnscrypt_port  */
+  YYSYMBOL_dnsc_dnscrypt_provider = 739,   /* dnsc_dnscrypt_provider  */
+  YYSYMBOL_dnsc_dnscrypt_provider_cert = 740, /* dnsc_dnscrypt_provider_cert  */
+  YYSYMBOL_dnsc_dnscrypt_provider_cert_rotated = 741, /* dnsc_dnscrypt_provider_cert_rotated  */
+  YYSYMBOL_dnsc_dnscrypt_secret_key = 742, /* dnsc_dnscrypt_secret_key  */
+  YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_size = 743, /* dnsc_dnscrypt_shared_secret_cache_size  */
+  YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_slabs = 744, /* dnsc_dnscrypt_shared_secret_cache_slabs  */
+  YYSYMBOL_dnsc_dnscrypt_nonce_cache_size = 745, /* dnsc_dnscrypt_nonce_cache_size  */
+  YYSYMBOL_dnsc_dnscrypt_nonce_cache_slabs = 746, /* dnsc_dnscrypt_nonce_cache_slabs  */
+  YYSYMBOL_cachedbstart = 747,             /* cachedbstart  */
+  YYSYMBOL_contents_cachedb = 748,         /* contents_cachedb  */
+  YYSYMBOL_content_cachedb = 749,          /* content_cachedb  */
+  YYSYMBOL_cachedb_backend_name = 750,     /* cachedb_backend_name  */
+  YYSYMBOL_cachedb_secret_seed = 751,      /* cachedb_secret_seed  */
+  YYSYMBOL_cachedb_no_store = 752,         /* cachedb_no_store  */
+  YYSYMBOL_cachedb_check_when_serve_expired = 753, /* cachedb_check_when_serve_expired  */
+  YYSYMBOL_redis_server_host = 754,        /* redis_server_host  */
+  YYSYMBOL_redis_replica_server_host = 755, /* redis_replica_server_host  */
+  YYSYMBOL_redis_server_port = 756,        /* redis_server_port  */
+  YYSYMBOL_redis_replica_server_port = 757, /* redis_replica_server_port  */
+  YYSYMBOL_redis_server_path = 758,        /* redis_server_path  */
+  YYSYMBOL_redis_replica_server_path = 759, /* redis_replica_server_path  */
+  YYSYMBOL_redis_server_password = 760,    /* redis_server_password  */
+  YYSYMBOL_redis_replica_server_password = 761, /* redis_replica_server_password  */
+  YYSYMBOL_redis_timeout = 762,            /* redis_timeout  */
+  YYSYMBOL_redis_replica_timeout = 763,    /* redis_replica_timeout  */
+  YYSYMBOL_redis_command_timeout = 764,    /* redis_command_timeout  */
+  YYSYMBOL_redis_replica_command_timeout = 765, /* redis_replica_command_timeout  */
+  YYSYMBOL_redis_connect_timeout = 766,    /* redis_connect_timeout  */
+  YYSYMBOL_redis_replica_connect_timeout = 767, /* redis_replica_connect_timeout  */
+  YYSYMBOL_redis_expire_records = 768,     /* redis_expire_records  */
+  YYSYMBOL_redis_logical_db = 769,         /* redis_logical_db  */
+  YYSYMBOL_redis_replica_logical_db = 770, /* redis_replica_logical_db  */
+  YYSYMBOL_server_tcp_connection_limit = 771, /* server_tcp_connection_limit  */
+  YYSYMBOL_server_answer_cookie = 772,     /* server_answer_cookie  */
+  YYSYMBOL_server_cookie_secret = 773,     /* server_cookie_secret  */
+  YYSYMBOL_server_cookie_secret_file = 774, /* server_cookie_secret_file  */
+  YYSYMBOL_server_iter_scrub_ns = 775,     /* server_iter_scrub_ns  */
+  YYSYMBOL_server_iter_scrub_cname = 776,  /* server_iter_scrub_cname  */
+  YYSYMBOL_server_max_global_quota = 777,  /* server_max_global_quota  */
+  YYSYMBOL_server_iter_scrub_promiscuous = 778, /* server_iter_scrub_promiscuous  */
+  YYSYMBOL_ipsetstart = 779,               /* ipsetstart  */
+  YYSYMBOL_contents_ipset = 780,           /* contents_ipset  */
+  YYSYMBOL_content_ipset = 781,            /* content_ipset  */
+  YYSYMBOL_ipset_name_v4 = 782,            /* ipset_name_v4  */
+  YYSYMBOL_ipset_name_v6 = 783             /* ipset_name_v6  */
 };
 typedef enum yysymbol_kind_t yysymbol_kind_t;
 
@@ -1065,12 +1067,18 @@ typedef int yy_state_fast_t;
 # define YY_USE(E) /* empty */
 #endif
 
-#if defined __GNUC__ && ! defined __ICC && 407 <= __GNUC__ * 100 + __GNUC_MINOR__
 /* Suppress an incorrect diagnostic about yylval being uninitialized.  */
-# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN                            \
+#if defined __GNUC__ && ! defined __ICC && 406 <= __GNUC__ * 100 + __GNUC_MINOR__
+# if __GNUC__ * 100 + __GNUC_MINOR__ < 407
+#  define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN                           \
+    _Pragma ("GCC diagnostic push")                                     \
+    _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"")
+# else
+#  define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN                           \
     _Pragma ("GCC diagnostic push")                                     \
     _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"")              \
     _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
+# endif
 # define YY_IGNORE_MAYBE_UNINITIALIZED_END      \
     _Pragma ("GCC diagnostic pop")
 #else
@@ -1229,19 +1237,19 @@ union yyalloc
 /* YYFINAL -- State number of the termination state.  */
 #define YYFINAL  2
 /* YYLAST -- Last index in YYTABLE.  */
-#define YYLAST   805
+#define YYLAST   807
 
 /* YYNTOKENS -- Number of terminals.  */
-#define YYNTOKENS  377
+#define YYNTOKENS  378
 /* YYNNTS -- Number of nonterminals.  */
-#define YYNNTS  405
+#define YYNNTS  406
 /* YYNRULES -- Number of rules.  */
-#define YYNRULES  784
+#define YYNRULES  786
 /* YYNSTATES -- Number of states.  */
-#define YYNSTATES  1174
+#define YYNSTATES  1177
 
 /* YYMAXUTOK -- Last valid token kind.  */
-#define YYMAXUTOK   631
+#define YYMAXUTOK   632
 
 
 /* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM
@@ -1318,92 +1326,92 @@ static const yytype_int16 yytranslate[] =
      345,   346,   347,   348,   349,   350,   351,   352,   353,   354,
      355,   356,   357,   358,   359,   360,   361,   362,   363,   364,
      365,   366,   367,   368,   369,   370,   371,   372,   373,   374,
-     375,   376
+     375,   376,   377
 };
 
 #if YYDEBUG
-  /* YYRLINE[YYN] -- Source line where rule number YYN was defined.  */
+/* YYRLINE[YYN] -- Source line where rule number YYN was defined.  */
 static const yytype_int16 yyrline[] =
 {
-       0,   220,   220,   220,   221,   221,   222,   222,   223,   223,
-     223,   224,   224,   225,   225,   226,   226,   227,   229,   236,
-     242,   243,   244,   244,   244,   245,   245,   246,   246,   246,
-     247,   247,   247,   248,   248,   248,   249,   249,   250,   251,
-     251,   251,   252,   252,   252,   253,   253,   254,   254,   255,
-     255,   256,   256,   257,   257,   258,   258,   259,   259,   260,
-     260,   261,   261,   261,   262,   262,   263,   263,   263,   264,
-     264,   264,   265,   265,   266,   266,   267,   267,   268,   268,
-     269,   269,   269,   270,   270,   271,   271,   272,   272,   272,
-     273,   273,   274,   274,   275,   275,   276,   276,   276,   277,
-     277,   278,   278,   279,   279,   280,   280,   281,   281,   282,
-     282,   283,   283,   284,   284,   285,   285,   285,   286,   286,
-     286,   287,   287,   287,   288,   288,   288,   288,   289,   290,
-     290,   290,   291,   291,   291,   292,   292,   293,   293,   294,
-     294,   294,   295,   295,   295,   296,   296,   297,   297,   297,
-     298,   299,   299,   299,   300,   300,   300,   301,   301,   302,
-     302,   303,   303,   304,   305,   305,   306,   306,   307,   307,
-     308,   308,   309,   309,   310,   310,   311,   311,   312,   312,
-     313,   313,   314,   314,   315,   316,   316,   317,   317,   317,
-     318,   318,   319,   319,   320,   320,   321,   321,   321,   322,
-     322,   323,   324,   324,   325,   325,   326,   327,   327,   328,
-     328,   329,   329,   329,   330,   330,   331,   331,   331,   332,
-     332,   332,   333,   333,   334,   335,   335,   336,   336,   337,
-     337,   338,   338,   339,   339,   339,   340,   340,   340,   341,
-     341,   341,   342,   342,   343,   343,   343,   344,   344,   345,
-     345,   346,   346,   347,   347,   347,   348,   348,   349,   349,
-     350,   350,   351,   351,   352,   352,   353,   353,   354,   355,
-     355,   356,   356,   357,   357,   358,   358,   358,   359,   359,
-     361,   369,   383,   384,   385,   385,   385,   385,   385,   386,
-     386,   386,   388,   396,   410,   411,   412,   412,   412,   412,
-     413,   413,   413,   415,   423,   437,   438,   439,   439,   439,
-     439,   440,   440,   440,   442,   463,   464,   465,   465,   465,
-     465,   466,   466,   466,   467,   467,   467,   470,   489,   506,
-     514,   524,   531,   541,   560,   561,   562,   562,   562,   562,
-     562,   563,   563,   563,   564,   564,   564,   564,   566,   575,
-     584,   595,   604,   613,   622,   631,   642,   651,   663,   677,
-     692,   703,   720,   737,   754,   771,   786,   801,   814,   829,
-     838,   847,   856,   865,   874,   883,   890,   899,   908,   917,
-     926,   935,   944,   953,   962,   971,   984,   995,  1006,  1017,
-    1026,  1039,  1052,  1061,  1070,  1079,  1086,  1093,  1102,  1109,
-    1118,  1126,  1133,  1140,  1148,  1157,  1165,  1181,  1189,  1197,
-    1205,  1213,  1221,  1234,  1241,  1250,  1259,  1273,  1282,  1291,
-    1300,  1309,  1318,  1327,  1336,  1345,  1352,  1359,  1385,  1393,
-    1400,  1407,  1414,  1421,  1429,  1437,  1445,  1452,  1463,  1474,
-    1481,  1490,  1499,  1508,  1517,  1524,  1531,  1538,  1554,  1562,
-    1570,  1580,  1590,  1600,  1614,  1622,  1635,  1646,  1654,  1667,
-    1676,  1685,  1694,  1703,  1713,  1723,  1731,  1744,  1753,  1761,
-    1770,  1778,  1791,  1800,  1809,  1819,  1826,  1836,  1846,  1856,
-    1866,  1876,  1886,  1896,  1906,  1916,  1926,  1933,  1940,  1947,
-    1956,  1965,  1974,  1983,  1990,  2000,  2008,  2017,  2024,  2042,
-    2055,  2068,  2081,  2090,  2099,  2108,  2117,  2126,  2136,  2146,
-    2157,  2166,  2175,  2184,  2193,  2202,  2211,  2220,  2229,  2238,
-    2251,  2264,  2273,  2280,  2289,  2298,  2307,  2316,  2326,  2334,
-    2347,  2355,  2411,  2418,  2433,  2443,  2453,  2460,  2467,  2474,
-    2481,  2496,  2511,  2518,  2525,  2534,  2542,  2549,  2563,  2584,
-    2605,  2617,  2629,  2641,  2650,  2671,  2683,  2695,  2704,  2725,
-    2734,  2743,  2752,  2760,  2768,  2781,  2794,  2809,  2824,  2833,
-    2842,  2852,  2862,  2871,  2880,  2889,  2895,  2904,  2913,  2923,
-    2933,  2943,  2952,  2962,  2971,  2984,  2997,  3009,  3023,  3035,
-    3049,  3058,  3069,  3078,  3087,  3094,  3104,  3111,  3118,  3127,
-    3136,  3146,  3156,  3166,  3176,  3183,  3190,  3199,  3208,  3218,
-    3228,  3238,  3245,  3252,  3259,  3267,  3277,  3287,  3297,  3307,
-    3317,  3327,  3383,  3393,  3401,  3409,  3424,  3433,  3439,  3440,
-    3441,  3441,  3441,  3442,  3442,  3442,  3443,  3443,  3445,  3455,
-    3464,  3471,  3478,  3485,  3492,  3499,  3506,  3512,  3513,  3514,
-    3514,  3514,  3515,  3515,  3515,  3516,  3517,  3517,  3518,  3518,
-    3519,  3519,  3520,  3521,  3522,  3523,  3524,  3525,  3526,  3528,
-    3537,  3547,  3554,  3561,  3570,  3577,  3584,  3591,  3598,  3607,
-    3616,  3623,  3630,  3640,  3650,  3660,  3670,  3680,  3690,  3701,
-    3707,  3708,  3709,  3711,  3718,  3724,  3725,  3726,  3728,  3735,
-    3745,  3752,  3761,  3769,  3775,  3776,  3778,  3778,  3778,  3779,
-    3779,  3780,  3781,  3782,  3783,  3784,  3786,  3795,  3804,  3811,
-    3820,  3827,  3836,  3844,  3857,  3865,  3878,  3884,  3885,  3886,
-    3886,  3887,  3887,  3888,  3888,  3889,  3889,  3890,  3890,  3891,
-    3891,  3892,  3892,  3893,  3893,  3894,  3894,  3895,  3895,  3896,
-    3898,  3910,  3922,  3935,  3948,  3960,  3972,  3987,  4002,  4014,
-    4026,  4038,  4050,  4063,  4076,  4089,  4102,  4115,  4128,  4141,
-    4156,  4171,  4182,  4191,  4207,  4214,  4223,  4232,  4241,  4247,
-    4248,  4249,  4249,  4251,  4266
+       0,   221,   221,   221,   222,   222,   223,   223,   224,   224,
+     224,   225,   225,   226,   226,   227,   227,   228,   230,   237,
+     243,   244,   245,   245,   245,   246,   246,   247,   247,   247,
+     248,   248,   248,   249,   249,   249,   250,   250,   251,   252,
+     252,   252,   253,   253,   253,   254,   254,   255,   255,   256,
+     256,   257,   257,   258,   258,   259,   259,   260,   260,   261,
+     261,   262,   262,   262,   263,   263,   264,   264,   264,   265,
+     265,   265,   266,   266,   267,   267,   268,   268,   269,   269,
+     270,   270,   270,   271,   271,   272,   272,   273,   273,   273,
+     274,   274,   275,   275,   276,   276,   277,   277,   277,   278,
+     278,   279,   279,   280,   280,   281,   281,   282,   282,   283,
+     283,   284,   284,   285,   285,   286,   286,   286,   287,   287,
+     287,   288,   288,   288,   289,   289,   289,   289,   290,   291,
+     291,   291,   292,   292,   292,   293,   293,   294,   294,   295,
+     295,   295,   296,   296,   296,   297,   297,   298,   298,   298,
+     299,   300,   300,   300,   301,   301,   301,   302,   302,   303,
+     303,   304,   304,   305,   306,   306,   307,   307,   308,   308,
+     309,   309,   310,   310,   311,   311,   312,   312,   313,   313,
+     314,   314,   315,   315,   316,   317,   317,   318,   318,   318,
+     319,   319,   320,   320,   321,   321,   322,   322,   322,   323,
+     323,   324,   325,   325,   326,   326,   327,   328,   328,   329,
+     329,   330,   330,   330,   331,   331,   332,   332,   332,   333,
+     333,   333,   334,   334,   335,   336,   336,   337,   337,   338,
+     338,   339,   339,   340,   340,   340,   341,   341,   341,   342,
+     342,   342,   343,   343,   344,   344,   344,   345,   345,   346,
+     346,   347,   347,   348,   348,   348,   349,   349,   350,   350,
+     351,   351,   352,   352,   353,   353,   354,   354,   355,   356,
+     356,   357,   357,   358,   358,   359,   359,   359,   360,   360,
+     360,   362,   370,   384,   385,   386,   386,   386,   386,   386,
+     387,   387,   387,   389,   397,   411,   412,   413,   413,   413,
+     413,   414,   414,   414,   416,   424,   438,   439,   440,   440,
+     440,   440,   441,   441,   441,   443,   464,   465,   466,   466,
+     466,   466,   467,   467,   467,   468,   468,   468,   471,   490,
+     507,   515,   525,   532,   542,   561,   562,   563,   563,   563,
+     563,   563,   564,   564,   564,   565,   565,   565,   565,   567,
+     576,   585,   596,   605,   614,   623,   632,   643,   652,   664,
+     678,   693,   704,   721,   738,   755,   772,   787,   802,   815,
+     830,   839,   848,   857,   866,   875,   884,   891,   900,   909,
+     918,   927,   936,   945,   954,   963,   972,   985,   996,  1007,
+    1018,  1027,  1040,  1053,  1062,  1071,  1080,  1087,  1094,  1103,
+    1110,  1119,  1127,  1134,  1141,  1149,  1158,  1166,  1184,  1192,
+    1200,  1208,  1216,  1224,  1237,  1244,  1253,  1262,  1276,  1285,
+    1294,  1303,  1312,  1321,  1330,  1339,  1348,  1355,  1362,  1388,
+    1396,  1403,  1410,  1417,  1424,  1432,  1440,  1448,  1455,  1466,
+    1477,  1484,  1493,  1502,  1511,  1520,  1527,  1534,  1541,  1557,
+    1565,  1573,  1583,  1593,  1603,  1617,  1625,  1638,  1649,  1657,
+    1670,  1679,  1688,  1697,  1706,  1716,  1726,  1734,  1747,  1756,
+    1764,  1773,  1781,  1794,  1803,  1812,  1822,  1829,  1839,  1849,
+    1859,  1869,  1879,  1889,  1899,  1909,  1919,  1929,  1936,  1943,
+    1950,  1959,  1968,  1977,  1986,  1993,  2003,  2011,  2020,  2027,
+    2045,  2058,  2071,  2084,  2093,  2102,  2111,  2120,  2129,  2139,
+    2149,  2160,  2169,  2178,  2187,  2196,  2205,  2214,  2223,  2232,
+    2241,  2254,  2267,  2276,  2283,  2292,  2301,  2310,  2319,  2329,
+    2337,  2350,  2358,  2414,  2421,  2436,  2446,  2456,  2463,  2470,
+    2477,  2484,  2499,  2514,  2521,  2528,  2537,  2545,  2552,  2566,
+    2587,  2608,  2620,  2632,  2644,  2653,  2674,  2686,  2698,  2707,
+    2728,  2737,  2746,  2755,  2763,  2771,  2784,  2797,  2812,  2827,
+    2836,  2845,  2855,  2865,  2874,  2883,  2892,  2898,  2907,  2916,
+    2926,  2936,  2946,  2955,  2965,  2974,  2987,  3000,  3012,  3026,
+    3038,  3052,  3061,  3072,  3081,  3090,  3097,  3107,  3114,  3121,
+    3130,  3139,  3149,  3159,  3169,  3179,  3186,  3193,  3202,  3211,
+    3221,  3231,  3241,  3248,  3255,  3262,  3270,  3280,  3290,  3300,
+    3310,  3320,  3330,  3386,  3396,  3404,  3412,  3427,  3436,  3442,
+    3443,  3444,  3444,  3444,  3445,  3445,  3445,  3446,  3446,  3448,
+    3458,  3467,  3474,  3481,  3488,  3495,  3502,  3509,  3515,  3516,
+    3517,  3517,  3517,  3518,  3518,  3518,  3519,  3520,  3520,  3521,
+    3521,  3522,  3522,  3523,  3524,  3525,  3526,  3527,  3528,  3529,
+    3531,  3540,  3550,  3557,  3564,  3573,  3580,  3587,  3594,  3601,
+    3610,  3619,  3626,  3633,  3643,  3653,  3663,  3673,  3683,  3693,
+    3704,  3710,  3711,  3712,  3714,  3721,  3727,  3728,  3729,  3731,
+    3738,  3748,  3755,  3764,  3772,  3778,  3779,  3781,  3781,  3781,
+    3782,  3782,  3783,  3784,  3785,  3786,  3787,  3789,  3798,  3807,
+    3814,  3823,  3830,  3839,  3847,  3860,  3868,  3881,  3887,  3888,
+    3889,  3889,  3890,  3890,  3891,  3891,  3892,  3892,  3893,  3893,
+    3894,  3894,  3895,  3895,  3896,  3896,  3897,  3897,  3898,  3898,
+    3899,  3901,  3913,  3925,  3938,  3951,  3963,  3975,  3990,  4005,
+    4017,  4029,  4041,  4053,  4066,  4079,  4092,  4105,  4118,  4131,
+    4144,  4159,  4174,  4185,  4194,  4210,  4217,  4226,  4235,  4244,
+    4254,  4260,  4261,  4262,  4262,  4264,  4279
 };
 #endif
 
@@ -1567,19 +1575,19 @@ static const char *const yytname[] =
   "VAR_DISABLE_EDNS_DO", "VAR_CACHEDB_NO_STORE", "VAR_LOG_DESTADDR",
   "VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED", "VAR_COOKIE_SECRET_FILE",
   "VAR_ITER_SCRUB_NS", "VAR_ITER_SCRUB_CNAME", "VAR_MAX_GLOBAL_QUOTA",
-  "VAR_HARDEN_UNVERIFIED_GLUE", "VAR_LOG_TIME_ISO", "$accept",
-  "toplevelvars", "toplevelvar", "force_toplevel", "serverstart",
-  "contents_server", "content_server", "stub_clause", "stubstart",
-  "contents_stub", "content_stub", "forward_clause", "forwardstart",
-  "contents_forward", "content_forward", "view_clause", "viewstart",
-  "contents_view", "content_view", "authstart", "contents_auth",
-  "content_auth", "rpz_tag", "rpz_action_override", "rpz_cname_override",
-  "rpz_log", "rpz_log_name", "rpz_signal_nxdomain_ra", "rpzstart",
-  "contents_rpz", "content_rpz", "server_num_threads", "server_verbosity",
-  "server_statistics_interval", "server_statistics_cumulative",
-  "server_extended_statistics", "server_statistics_inhibit_zero",
-  "server_shm_enable", "server_shm_key", "server_port",
-  "server_send_client_subnet", "server_client_subnet_zone",
+  "VAR_HARDEN_UNVERIFIED_GLUE", "VAR_LOG_TIME_ISO",
+  "VAR_ITER_SCRUB_PROMISCUOUS", "$accept", "toplevelvars", "toplevelvar",
+  "force_toplevel", "serverstart", "contents_server", "content_server",
+  "stub_clause", "stubstart", "contents_stub", "content_stub",
+  "forward_clause", "forwardstart", "contents_forward", "content_forward",
+  "view_clause", "viewstart", "contents_view", "content_view", "authstart",
+  "contents_auth", "content_auth", "rpz_tag", "rpz_action_override",
+  "rpz_cname_override", "rpz_log", "rpz_log_name",
+  "rpz_signal_nxdomain_ra", "rpzstart", "contents_rpz", "content_rpz",
+  "server_num_threads", "server_verbosity", "server_statistics_interval",
+  "server_statistics_cumulative", "server_extended_statistics",
+  "server_statistics_inhibit_zero", "server_shm_enable", "server_shm_key",
+  "server_port", "server_send_client_subnet", "server_client_subnet_zone",
   "server_client_subnet_always_forward", "server_client_subnet_opcode",
   "server_max_client_subnet_ipv4", "server_max_client_subnet_ipv6",
   "server_min_client_subnet_ipv4", "server_min_client_subnet_ipv6",
@@ -1733,8 +1741,8 @@ static const char *const yytname[] =
   "server_tcp_connection_limit", "server_answer_cookie",
   "server_cookie_secret", "server_cookie_secret_file",
   "server_iter_scrub_ns", "server_iter_scrub_cname",
-  "server_max_global_quota", "ipsetstart", "contents_ipset",
-  "content_ipset", "ipset_name_v4", "ipset_name_v6", YY_NULLPTR
+  "server_max_global_quota", "server_iter_scrub_promiscuous", "ipsetstart",
+  "contents_ipset", "content_ipset", "ipset_name_v4", "ipset_name_v6", YY_NULLPTR
 };
 
 static const char *
@@ -1744,52 +1752,6 @@ yysymbol_name (yysymbol_kind_t yysymbol)
 }
 #endif
 
-#ifdef YYPRINT
-/* YYTOKNUM[NUM] -- (External) token number corresponding to the
-   (internal) symbol number NUM (which must be that of a token).  */
-static const yytype_int16 yytoknum[] =
-{
-       0,   256,   257,   258,   259,   260,   261,   262,   263,   264,
-     265,   266,   267,   268,   269,   270,   271,   272,   273,   274,
-     275,   276,   277,   278,   279,   280,   281,   282,   283,   284,
-     285,   286,   287,   288,   289,   290,   291,   292,   293,   294,
-     295,   296,   297,   298,   299,   300,   301,   302,   303,   304,
-     305,   306,   307,   308,   309,   310,   311,   312,   313,   314,
-     315,   316,   317,   318,   319,   320,   321,   322,   323,   324,
-     325,   326,   327,   328,   329,   330,   331,   332,   333,   334,
-     335,   336,   337,   338,   339,   340,   341,   342,   343,   344,
-     345,   346,   347,   348,   349,   350,   351,   352,   353,   354,
-     355,   356,   357,   358,   359,   360,   361,   362,   363,   364,
-     365,   366,   367,   368,   369,   370,   371,   372,   373,   374,
-     375,   376,   377,   378,   379,   380,   381,   382,   383,   384,
-     385,   386,   387,   388,   389,   390,   391,   392,   393,   394,
-     395,   396,   397,   398,   399,   400,   401,   402,   403,   404,
-     405,   406,   407,   408,   409,   410,   411,   412,   413,   414,
-     415,   416,   417,   418,   419,   420,   421,   422,   423,   424,
-     425,   426,   427,   428,   429,   430,   431,   432,   433,   434,
-     435,   436,   437,   438,   439,   440,   441,   442,   443,   444,
-     445,   446,   447,   448,   449,   450,   451,   452,   453,   454,
-     455,   456,   457,   458,   459,   460,   461,   462,   463,   464,
-     465,   466,   467,   468,   469,   470,   471,   472,   473,   474,
-     475,   476,   477,   478,   479,   480,   481,   482,   483,   484,
-     485,   486,   487,   488,   489,   490,   491,   492,   493,   494,
-     495,   496,   497,   498,   499,   500,   501,   502,   503,   504,
-     505,   506,   507,   508,   509,   510,   511,   512,   513,   514,
-     515,   516,   517,   518,   519,   520,   521,   522,   523,   524,
-     525,   526,   527,   528,   529,   530,   531,   532,   533,   534,
-     535,   536,   537,   538,   539,   540,   541,   542,   543,   544,
-     545,   546,   547,   548,   549,   550,   551,   552,   553,   554,
-     555,   556,   557,   558,   559,   560,   561,   562,   563,   564,
-     565,   566,   567,   568,   569,   570,   571,   572,   573,   574,
-     575,   576,   577,   578,   579,   580,   581,   582,   583,   584,
-     585,   586,   587,   588,   589,   590,   591,   592,   593,   594,
-     595,   596,   597,   598,   599,   600,   601,   602,   603,   604,
-     605,   606,   607,   608,   609,   610,   611,   612,   613,   614,
-     615,   616,   617,   618,   619,   620,   621,   622,   623,   624,
-     625,   626,   627,   628,   629,   630,   631
-};
-#endif
-
 #define YYPACT_NINF (-310)
 
 #define yypact_value_is_default(Yyn) \
@@ -1800,8 +1762,8 @@ static const yytype_int16 yytoknum[] =
 #define yytable_value_is_error(Yyn) \
   0
 
-  /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
-     STATE-NUM.  */
+/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
+   STATE-NUM.  */
 static const yytype_int16 yypact[] =
 {
     -310,   274,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
@@ -1814,29 +1776,27 @@ static const yytype_int16 yypact[] =
      246,   247,   259,   262,   263,   265,   266,   267,   268,   269,
      270,   271,   272,   277,   279,   280,   283,   284,   285,   288,
      297,   298,   313,   314,   316,   317,   319,   320,   321,   322,
-     329,   330,   345,   347,   354,   355,   357,   358,   360,   361,
-     363,   366,   367,   369,   371,   373,   374,   376,   377,   378,
-     379,   381,   386,   387,   388,   389,   390,   403,   405,   411,
-     412,   413,   414,   415,   417,   423,   424,   425,   426,   427,
-     428,   429,   430,   432,   433,   434,   435,   437,   438,   439,
-     440,   441,   442,   443,   444,   445,   446,   447,   448,   449,
-     450,   451,   452,   477,   478,   479,   480,   481,   482,   483,
-     484,   485,   486,   487,   488,   489,   490,   491,   492,   493,
-     494,   495,   496,   497,   498,   499,   500,   501,   503,   504,
-     505,   506,   507,   508,   509,   510,   511,   512,   513,   514,
-     515,   516,   517,   518,   519,   520,   522,   523,   525,   526,
-     527,   528,   529,   530,   531,   533,   534,   535,   536,   537,
-     538,   539,   540,   541,   542,   543,   544,   547,   548,   549,
-     550,   551,   552,   553,   554,   555,   556,   557,   558,   559,
-     560,   561,   562,   563,   564,   565,   566,   568,   569,   570,
-     571,   572,   573,   574,   575,   576,   577,   578,   579,   580,
-     581,   582,   583,   584,   585,   586,   587,   588,   589,   590,
-     591,   592,   593,   594,   595,   596,   597,   598,   600,   601,
-     602,   604,   605,   606,   607,   608,   610,   611,   612,   613,
-     614,   615,   616,   617,   618,   619,   620,   621,   622,   623,
-     624,   625,   626,   627,   628,   629,  -310,  -310,  -310,  -310,
-    -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-    -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
+     329,   330,   345,   347,   355,   357,   358,   360,   361,   363,
+     366,   367,   369,   371,   373,   374,   376,   377,   378,   379,
+     381,   386,   387,   388,   389,   390,   403,   405,   411,   412,
+     413,   414,   415,   417,   423,   424,   425,   426,   427,   428,
+     429,   430,   432,   433,   434,   435,   437,   438,   439,   440,
+     441,   442,   443,   444,   445,   446,   447,   448,   449,   450,
+     451,   452,   477,   478,   479,   480,   481,   482,   483,   484,
+     485,   486,   487,   488,   489,   490,   491,   492,   493,   494,
+     495,   496,   497,   498,   499,   500,   501,   503,   504,   505,
+     506,   507,   508,   509,   510,   511,   512,   513,   514,   515,
+     516,   517,   518,   519,   520,   522,   523,   525,   526,   527,
+     528,   529,   530,   531,   533,   534,   535,   536,   537,   538,
+     539,   540,   541,   542,   543,   544,   547,   548,   549,   550,
+     551,   552,   553,   554,   555,   556,   557,   558,   559,   560,
+     561,   562,   563,   564,   565,   566,   568,   569,   570,   571,
+     572,   573,   574,   575,   576,   577,   578,   579,   580,   581,
+     582,   583,   584,   585,   586,   587,   588,   589,   590,   591,
+     592,   593,   594,   595,   596,   597,   598,   600,   601,   602,
+     604,   605,   606,   607,   608,   610,   611,   612,   613,   614,
+     615,   616,   617,   618,   619,   620,   621,   622,   623,   624,
+     625,   626,   627,   628,   629,   630,   631,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
@@ -1860,57 +1820,59 @@ static const yytype_int16 yypact[] =
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-    -310,  -310,  -310,  -310,  -310,   630,   631,   632,   633,   634,
-     635,   636,   637,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-    -310,  -310,   638,   639,   640,   641,   642,   643,   644,  -310,
-    -310,  -310,  -310,  -310,  -310,  -310,  -310,   645,   646,   647,
-     648,   649,   650,   651,  -310,  -310,  -310,  -310,  -310,  -310,
-    -310,  -310,   652,   653,   654,   655,   656,   657,   658,   659,
-     660,   661,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-    -310,  -310,  -310,   662,   663,   664,   665,   666,   667,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-    -310,  -310,   668,   669,   670,   671,   672,   673,   674,   675,
-    -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,   676,
-     677,   678,   679,   680,   681,   682,   683,   684,   685,   686,
-     687,   688,   689,   690,   691,   692,   693,   694,   695,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
+    -310,  -310,  -310,  -310,  -310,  -310,  -310,   632,   633,   634,
+     635,   636,   637,   638,   639,  -310,  -310,  -310,  -310,  -310,
+    -310,  -310,  -310,  -310,   640,   641,   642,   643,   644,   645,
+     646,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,   647,
+     648,   649,   650,   651,   652,   653,  -310,  -310,  -310,  -310,
+    -310,  -310,  -310,  -310,   654,   655,   656,   657,   658,   659,
+     660,   661,   662,   663,  -310,  -310,  -310,  -310,  -310,  -310,
+    -310,  -310,  -310,  -310,  -310,   664,   665,   666,   667,   668,
+     669,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
+    -310,  -310,  -310,  -310,   670,   671,   672,   673,   674,   675,
+     676,   677,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
+    -310,   678,   679,   680,   681,   682,   683,   684,   685,   686,
+     687,   688,   689,   690,   691,   692,   693,   694,   695,   696,
+     697,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-     696,  -310,  -310,   697,  -310,  -310,   698,   699,   700,   701,
-     702,   703,   704,   705,   706,   707,  -310,  -310,  -310,  -310,
-    -310,  -310,  -310,  -310,  -310,  -310,  -310,   708,   709,   710,
+    -310,  -310,   698,  -310,  -310,   699,  -310,  -310,   700,   701,
+     702,   703,   704,   705,   706,   707,   708,   709,  -310,  -310,
+    -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,   710,
      711,   712,   713,   714,   715,   716,   717,   718,   719,   720,
-     721,   722,   723,   724,   725,   726,   727,   728,  -310,  -310,
+     721,   722,   723,   724,   725,   726,   727,   728,   729,   730,
+    -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
+    -310,  -310,   731,   732,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-     729,   730,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
+    -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,   733,
+     734,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-    -310,  -310,  -310,  -310,  -310,  -310,  -310,   731,   732,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
+    -310,   735,   736,   737,  -310,  -310,  -310,  -310,  -310,  -310,
+    -310,  -310,  -310,  -310,  -310,  -310,  -310,   738,   739,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-    -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,   733,
-     734,   735,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-    -310,  -310,  -310,  -310,  -310,   736,   737,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-    -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,   738,
-     739,   740,   741,   742,   743,  -310,  -310,  -310,  -310,  -310,
+    -310,   740,   741,   742,   743,   744,   745,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-     744,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-    -310,   745,   746,  -310,  -310,  -310,  -310,  -310,   747,  -310,
-    -310,  -310,  -310,  -310,  -310,   748,   749,   750,   751,   752,
+    -310,  -310,   746,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
+    -310,  -310,  -310,   747,   748,  -310,  -310,  -310,  -310,  -310,
+     749,  -310,  -310,  -310,  -310,  -310,  -310,   750,   751,   752,
+     753,   754,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-    -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,   753,
-    -310,  -310,   754,   755,  -310,  -310,  -310,  -310,  -310,  -310,
+    -310,  -310,   755,  -310,  -310,   756,   757,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
@@ -1919,20 +1881,20 @@ static const yytype_int16 yypact[] =
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-    -310,  -310,  -310,   756,   757,   758,  -310,  -310,  -310,  -310,
-    -310,  -310,  -310,  -310,   759,   760,  -310,  -310,  -310,  -310,
-    -310,  -310,  -310,  -310
+    -310,  -310,  -310,  -310,  -310,  -310,   758,   759,   760,  -310,
+    -310,  -310,  -310,  -310,  -310,  -310,  -310,   761,   762,  -310,
+    -310,  -310,  -310,  -310,  -310,  -310,  -310
 };
 
-  /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM.
-     Performed when YYTABLE does not specify something else to do.  Zero
-     means the default is an error.  */
+/* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM.
+   Performed when YYTABLE does not specify something else to do.  Zero
+   means the default is an error.  */
 static const yytype_int16 yydefact[] =
 {
-       2,     0,     1,    18,    19,   281,   293,   627,   689,   646,
-     304,   703,   726,   314,   778,   333,   694,     3,    17,    21,
-       5,   283,     6,   295,    10,   306,   316,   335,   629,   648,
-     691,   696,   705,   728,   780,     4,   280,   292,   303,    14,
+       2,     0,     1,    18,    19,   282,   294,   628,   690,   647,
+     305,   704,   727,   315,   780,   334,   695,     3,    17,    21,
+       5,   284,     6,   296,    10,   307,   317,   336,   630,   649,
+     692,   697,   706,   729,   782,     4,   281,   293,   304,    14,
       15,     8,     9,     7,    16,    11,    12,    13,     0,     0,
        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
@@ -1959,97 +1921,97 @@ static const yytype_int16 yydefact[] =
        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
-       0,     0,     0,     0,     0,     0,    20,    22,    23,    90,
-      93,   102,   270,   219,   220,    24,   172,   173,   174,   175,
-     176,   177,   178,   179,   180,   181,    39,    81,    25,    94,
-      95,    50,    74,    89,   266,    26,    27,    28,    31,    32,
-      29,    30,    33,    34,    35,   261,   262,   263,    36,    37,
-      38,   126,   231,   127,   129,   130,   131,   233,   238,   234,
-     250,   251,   252,   256,   132,   133,   134,   135,   136,   137,
-     138,   264,   265,   215,    91,    80,   106,   279,   124,   125,
-     243,   240,   273,   128,    40,    41,    42,    43,    44,    82,
-      96,    97,   113,    68,    78,    69,   223,   224,   107,    60,
-      61,   222,    64,    62,    63,    65,   259,   117,   121,   142,
-     154,   187,   157,   249,   118,    75,    45,    46,    47,   104,
-     143,   144,   145,   146,    48,    49,    51,    52,    54,    55,
-      53,   151,   152,   158,    56,    57,    58,    66,   278,    85,
-     122,    99,   153,   271,    92,   182,   100,   101,   119,   120,
-     241,   105,    59,    83,    86,   196,    67,    70,   108,   109,
-     110,    84,   183,   184,   111,    71,    72,    73,   232,   123,
-     272,   206,   207,   208,   209,   210,   211,   212,   213,   221,
-     112,    79,   260,   114,   115,   116,   185,    76,    77,    98,
-      87,    88,   103,   139,   140,   242,   244,   245,   246,   247,
-     248,   141,   147,   148,   149,   150,   188,   189,   191,   193,
-     194,   192,   195,   198,   199,   200,   197,   216,   155,   255,
-     156,   161,   162,   159,   160,   163,   164,   166,   165,   168,
-     167,   169,   170,   171,   235,   237,   236,   186,   201,   202,
-     203,   204,   205,   225,   227,   226,   228,   229,   230,   257,
-     258,   267,   268,   269,   190,   214,   217,   218,   239,   253,
-     254,   274,   275,   276,   277,     0,     0,     0,     0,     0,
-       0,     0,     0,   282,   284,   285,   286,   288,   289,   290,
-     291,   287,     0,     0,     0,     0,     0,     0,     0,   294,
-     296,   297,   298,   299,   300,   301,   302,     0,     0,     0,
-       0,     0,     0,     0,   305,   307,   308,   311,   312,   309,
-     313,   310,     0,     0,     0,     0,     0,     0,     0,     0,
-       0,     0,   315,   317,   318,   319,   320,   324,   325,   326,
-     321,   322,   323,     0,     0,     0,     0,     0,     0,   338,
-     342,   343,   344,   345,   346,   334,   336,   337,   339,   340,
-     341,   347,     0,     0,     0,     0,     0,     0,     0,     0,
-     628,   630,   632,   631,   637,   633,   634,   635,   636,     0,
+       0,     0,     0,     0,     0,     0,     0,    20,    22,    23,
+      90,    93,   102,   270,   219,   220,    24,   172,   173,   174,
+     175,   176,   177,   178,   179,   180,   181,    39,    81,    25,
+      94,    95,    50,    74,    89,   266,    26,    27,    28,    31,
+      32,    29,    30,    33,    34,    35,   261,   262,   263,    36,
+      37,    38,   126,   231,   127,   129,   130,   131,   233,   238,
+     234,   250,   251,   252,   256,   132,   133,   134,   135,   136,
+     137,   138,   264,   265,   215,    91,    80,   106,   279,   124,
+     125,   243,   240,   273,   128,    40,    41,    42,    43,    44,
+      82,    96,    97,   113,    68,    78,    69,   223,   224,   107,
+      60,    61,   222,    64,    62,    63,    65,   259,   117,   121,
+     142,   154,   187,   157,   249,   118,    75,    45,    46,    47,
+     104,   143,   144,   145,   146,    48,    49,    51,    52,    54,
+      55,    53,   151,   152,   158,    56,    57,    58,    66,   278,
+      85,   122,    99,   153,   271,    92,   182,   100,   101,   119,
+     120,   241,   105,    59,    83,    86,   196,    67,    70,   108,
+     109,   110,    84,   183,   184,   111,    71,    72,    73,   232,
+     123,   272,   206,   207,   208,   209,   210,   211,   212,   213,
+     221,   112,    79,   260,   114,   115,   116,   185,    76,    77,
+      98,    87,    88,   103,   139,   140,   242,   244,   245,   246,
+     247,   248,   141,   147,   148,   149,   150,   188,   189,   191,
+     193,   194,   192,   195,   198,   199,   200,   197,   216,   155,
+     255,   156,   161,   162,   159,   160,   163,   164,   166,   165,
+     168,   167,   169,   170,   171,   235,   237,   236,   186,   201,
+     202,   203,   204,   205,   225,   227,   226,   228,   229,   230,
+     257,   258,   267,   268,   269,   190,   214,   217,   218,   239,
+     253,   254,   274,   275,   276,   277,   280,     0,     0,     0,
+       0,     0,     0,     0,     0,   283,   285,   286,   287,   289,
+     290,   291,   292,   288,     0,     0,     0,     0,     0,     0,
+       0,   295,   297,   298,   299,   300,   301,   302,   303,     0,
+       0,     0,     0,     0,     0,     0,   306,   308,   309,   312,
+     313,   310,   314,   311,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,   316,   318,   319,   320,   321,   325,
+     326,   327,   322,   323,   324,     0,     0,     0,     0,     0,
+       0,   339,   343,   344,   345,   346,   347,   335,   337,   338,
+     340,   341,   342,   348,     0,     0,     0,     0,     0,     0,
+       0,     0,   629,   631,   633,   632,   638,   634,   635,   636,
+     637,     0,     0,     0,     0,     0,     0,     0,     0,     0,
        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
-       0,     0,     0,     0,     0,     0,     0,     0,     0,   647,
-     649,   651,   650,   652,   653,   654,   655,   656,   657,   658,
-     659,   660,   661,   662,   663,   664,   665,   666,   667,   668,
-       0,   690,   692,     0,   695,   697,     0,     0,     0,     0,
-       0,     0,     0,     0,     0,     0,   704,   706,   707,   708,
-     710,   711,   709,   712,   713,   714,   715,     0,     0,     0,
+       0,   648,   650,   652,   651,   653,   654,   655,   656,   657,
+     658,   659,   660,   661,   662,   663,   664,   665,   666,   667,
+     668,   669,     0,   691,   693,     0,   696,   698,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,   705,   707,
+     708,   709,   711,   712,   710,   713,   714,   715,   716,     0,
        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
-       0,     0,     0,     0,     0,     0,     0,     0,   727,   729,
-     730,   747,   749,   731,   732,   733,   734,   741,   742,   743,
-     744,   735,   736,   737,   738,   739,   740,   748,   745,   746,
-       0,     0,   779,   781,   782,   349,   348,   356,   369,   367,
-     381,   376,   377,   378,   382,   379,   380,   383,   384,   385,
-     389,   390,   391,   425,   426,   427,   428,   429,   457,   458,
-     459,   465,   466,   372,   467,   468,   471,   469,   470,   475,
-     476,   477,   493,   440,   441,   444,   445,   478,   497,   434,
-     436,   498,   506,   507,   508,   373,   456,   528,   529,   435,
-     522,   416,   368,   430,   494,   502,   480,     0,     0,   532,
-     374,   350,   415,   485,   351,   370,   371,   431,   432,   530,
-     482,   487,   488,   387,   386,   352,   533,   460,   492,   417,
-     439,   499,   500,   501,   505,   521,   433,   526,   524,   525,
-     448,   455,   489,   490,   449,   450,   481,   510,   419,   420,
-     424,   392,   394,   388,   395,   396,   397,   398,   405,   406,
-     407,   408,   409,   410,   411,   534,   535,   542,   461,   462,
-     463,   464,   472,   473,   474,   543,   544,   545,   546,     0,
-       0,     0,   483,   451,   453,   699,   559,   564,   562,   561,
-     565,   563,   572,   573,   574,     0,     0,   568,   569,   570,
-     571,   357,   358,   359,   360,   361,   362,   363,   364,   365,
-     366,   486,   503,   527,   504,   578,   579,   452,   547,     0,
-       0,     0,     0,     0,     0,   512,   513,   514,   515,   516,
-     517,   518,   519,   520,   700,   442,   443,   446,   437,   509,
-     414,   354,   355,   438,   580,   581,   582,   583,   584,   586,
-     585,   587,   588,   589,   393,   400,   575,   577,   576,   399,
-       0,   772,   773,   560,   422,   491,   536,   421,   537,   538,
-     539,     0,     0,   454,   401,   402,   404,   403,     0,   591,
-     447,   523,   375,   592,   593,     0,     0,     0,     0,     0,
-     412,   413,   594,   353,   484,   511,   423,   774,   775,   776,
-     777,   479,   418,   595,   596,   597,   602,   600,   601,   598,
-     599,   603,   604,   605,   606,   608,   609,   607,   620,     0,
-     624,   625,     0,     0,   626,   610,   618,   611,   612,   613,
-     617,   619,   614,   615,   616,   327,   328,   329,   330,   331,
-     332,   638,   640,   639,   642,   643,   644,   645,   641,   669,
-     671,   672,   673,   674,   675,   676,   677,   678,   679,   670,
-     680,   681,   682,   683,   684,   685,   686,   687,   688,   693,
-     698,   716,   717,   718,   721,   719,   720,   722,   723,   724,
-     725,   750,   751,   754,   755,   756,   757,   762,   763,   768,
-     758,   759,   760,   761,   769,   770,   764,   765,   766,   767,
-     752,   753,   783,   784,   495,   531,   558,   701,   702,   566,
-     567,   548,   549,     0,     0,     0,   553,   771,   540,   541,
-     590,   496,   557,   554,     0,     0,   621,   622,   623,   552,
-     550,   551,   555,   556
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+     728,   730,   731,   748,   750,   732,   733,   734,   735,   742,
+     743,   744,   745,   736,   737,   738,   739,   740,   741,   749,
+     746,   747,     0,     0,   781,   783,   784,   350,   349,   357,
+     370,   368,   382,   377,   378,   379,   383,   380,   381,   384,
+     385,   386,   390,   391,   392,   426,   427,   428,   429,   430,
+     458,   459,   460,   466,   467,   373,   468,   469,   472,   470,
+     471,   476,   477,   478,   494,   441,   442,   445,   446,   479,
+     498,   435,   437,   499,   507,   508,   509,   374,   457,   529,
+     530,   436,   523,   417,   369,   431,   495,   503,   481,     0,
+       0,   533,   375,   351,   416,   486,   352,   371,   372,   432,
+     433,   531,   483,   488,   489,   388,   387,   353,   534,   461,
+     493,   418,   440,   500,   501,   502,   506,   522,   434,   527,
+     525,   526,   449,   456,   490,   491,   450,   451,   482,   511,
+     420,   421,   425,   393,   395,   389,   396,   397,   398,   399,
+     406,   407,   408,   409,   410,   411,   412,   535,   536,   543,
+     462,   463,   464,   465,   473,   474,   475,   544,   545,   546,
+     547,     0,     0,     0,   484,   452,   454,   700,   560,   565,
+     563,   562,   566,   564,   573,   574,   575,     0,     0,   569,
+     570,   571,   572,   358,   359,   360,   361,   362,   363,   364,
+     365,   366,   367,   487,   504,   528,   505,   579,   580,   453,
+     548,     0,     0,     0,     0,     0,     0,   513,   514,   515,
+     516,   517,   518,   519,   520,   521,   701,   443,   444,   447,
+     438,   510,   415,   355,   356,   439,   581,   582,   583,   584,
+     585,   587,   586,   588,   589,   590,   394,   401,   576,   578,
+     577,   400,     0,   773,   774,   561,   423,   492,   537,   422,
+     538,   539,   540,     0,     0,   455,   402,   403,   405,   404,
+       0,   592,   448,   524,   376,   593,   594,     0,     0,     0,
+       0,     0,   413,   414,   595,   354,   485,   512,   424,   775,
+     776,   777,   778,   480,   419,   779,   596,   597,   598,   603,
+     601,   602,   599,   600,   604,   605,   606,   607,   609,   610,
+     608,   621,     0,   625,   626,     0,     0,   627,   611,   619,
+     612,   613,   614,   618,   620,   615,   616,   617,   328,   329,
+     330,   331,   332,   333,   639,   641,   640,   643,   644,   645,
+     646,   642,   670,   672,   673,   674,   675,   676,   677,   678,
+     679,   680,   671,   681,   682,   683,   684,   685,   686,   687,
+     688,   689,   694,   699,   717,   718,   719,   722,   720,   721,
+     723,   724,   725,   726,   751,   752,   755,   756,   757,   758,
+     763,   764,   769,   759,   760,   761,   762,   770,   771,   765,
+     766,   767,   768,   753,   754,   785,   786,   496,   532,   559,
+     702,   703,   567,   568,   549,   550,     0,     0,     0,   554,
+     772,   541,   542,   591,   497,   558,   555,     0,     0,   622,
+     623,   624,   553,   551,   552,   556,   557
 };
 
-  /* YYPGOTO[NTERM-NUM].  */
+/* YYPGOTO[NTERM-NUM].  */
 static const yytype_int16 yypgoto[] =
 {
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
@@ -2081,8 +2043,8 @@ static const yytype_int16 yypgoto[] =
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-    -310,  -310,  -310,   261,   761,   762,   763,   764,  -310,  -310,
-     765,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
+    -310,  -310,  -310,   261,   763,   764,   765,   766,  -310,  -310,
+     767,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
@@ -2092,141 +2054,141 @@ static const yytype_int16 yypgoto[] =
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
     -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,  -310,
-    -310,  -310,  -310,  -310,  -310
+    -310,  -310,  -310,  -310,  -310,  -310
 };
 
-  /* YYDEFGOTO[NTERM-NUM].  */
+/* YYDEFGOTO[NTERM-NUM].  */
 static const yytype_int16 yydefgoto[] =
 {
-       0,     1,    17,    18,    19,    35,   306,    20,    21,    36,
-     573,    22,    23,    37,   589,    24,    25,    38,   604,    26,
-      39,   622,   639,   640,   641,   642,   643,   644,    27,    40,
-     645,   307,   308,   309,   310,   311,   312,   313,   314,   315,
-     316,   317,   318,   319,   320,   321,   322,   323,   324,   325,
-     326,   327,   328,   329,   330,   331,   332,   333,   334,   335,
-     336,   337,   338,   339,   340,   341,   342,   343,   344,   345,
-     346,   347,   348,   349,   350,   351,   352,   353,   354,   355,
-     356,   357,   358,   359,   360,   361,   362,   363,   364,   365,
-     366,   367,   368,   369,   370,   371,   372,   373,   374,   375,
-     376,   377,   378,   379,   380,   381,   382,   383,   384,   385,
-     386,   387,   388,   389,   390,   391,   392,   393,   394,   395,
-     396,   397,   398,   399,   400,   401,   402,   403,   404,   405,
-     406,   407,   408,   409,   410,   411,   412,   413,   414,   415,
-     416,   417,   418,   419,   420,   421,   422,   423,   424,   425,
-     426,   427,   428,   429,   430,   431,   432,   433,   434,   435,
-     436,   437,   438,   439,   440,   441,   442,   443,   444,   445,
-     446,   447,   448,   449,   450,   451,   452,   453,   454,   455,
-     456,   457,   458,   459,   460,   461,   462,   463,   464,   465,
-     466,   467,   468,   469,   470,   471,   472,   473,   474,   475,
-     476,   477,   478,   479,   480,   481,   482,   483,   484,   485,
-     486,   487,   488,   489,   490,   491,   492,   493,   494,   495,
-     496,   497,   498,   499,   500,   501,   502,   503,   504,   505,
-     506,   507,   508,   509,   510,   511,   512,   513,   514,   515,
-     516,   517,   518,   519,   520,   521,   522,   523,   524,   525,
-     526,   527,   528,   529,   530,   531,   532,   533,   534,   535,
-     536,   537,   538,   539,   540,   541,   542,   543,   544,   545,
-     546,   547,   548,   549,   550,   551,   552,   553,   574,   575,
-     576,   577,   578,   579,   580,   581,   590,   591,   592,   593,
-     594,   595,   596,   623,   624,   625,   626,   627,   628,   629,
-     630,   631,   632,   605,   606,   607,   608,   609,   610,   611,
-      28,    41,   660,   661,   662,   663,   664,   665,   666,   667,
-     668,    29,    42,   689,   690,   691,   692,   693,   694,   695,
-     696,   697,   698,   699,   700,   701,   702,   703,   704,   705,
-     706,   707,   708,   709,    30,    43,   711,   712,    31,    44,
-     714,   715,   554,   555,   556,   557,    32,    45,   726,   727,
-     728,   729,   730,   731,   732,   733,   734,   735,   736,    33,
-      46,   758,   759,   760,   761,   762,   763,   764,   765,   766,
-     767,   768,   769,   770,   771,   772,   773,   774,   775,   776,
-     777,   778,   779,   558,   559,   560,   561,   562,   563,   564,
-      34,    47,   782,   783,   784
+       0,     1,    17,    18,    19,    35,   307,    20,    21,    36,
+     575,    22,    23,    37,   591,    24,    25,    38,   606,    26,
+      39,   624,   641,   642,   643,   644,   645,   646,    27,    40,
+     647,   308,   309,   310,   311,   312,   313,   314,   315,   316,
+     317,   318,   319,   320,   321,   322,   323,   324,   325,   326,
+     327,   328,   329,   330,   331,   332,   333,   334,   335,   336,
+     337,   338,   339,   340,   341,   342,   343,   344,   345,   346,
+     347,   348,   349,   350,   351,   352,   353,   354,   355,   356,
+     357,   358,   359,   360,   361,   362,   363,   364,   365,   366,
+     367,   368,   369,   370,   371,   372,   373,   374,   375,   376,
+     377,   378,   379,   380,   381,   382,   383,   384,   385,   386,
+     387,   388,   389,   390,   391,   392,   393,   394,   395,   396,
+     397,   398,   399,   400,   401,   402,   403,   404,   405,   406,
+     407,   408,   409,   410,   411,   412,   413,   414,   415,   416,
+     417,   418,   419,   420,   421,   422,   423,   424,   425,   426,
+     427,   428,   429,   430,   431,   432,   433,   434,   435,   436,
+     437,   438,   439,   440,   441,   442,   443,   444,   445,   446,
+     447,   448,   449,   450,   451,   452,   453,   454,   455,   456,
+     457,   458,   459,   460,   461,   462,   463,   464,   465,   466,
+     467,   468,   469,   470,   471,   472,   473,   474,   475,   476,
+     477,   478,   479,   480,   481,   482,   483,   484,   485,   486,
+     487,   488,   489,   490,   491,   492,   493,   494,   495,   496,
+     497,   498,   499,   500,   501,   502,   503,   504,   505,   506,
+     507,   508,   509,   510,   511,   512,   513,   514,   515,   516,
+     517,   518,   519,   520,   521,   522,   523,   524,   525,   526,
+     527,   528,   529,   530,   531,   532,   533,   534,   535,   536,
+     537,   538,   539,   540,   541,   542,   543,   544,   545,   546,
+     547,   548,   549,   550,   551,   552,   553,   554,   576,   577,
+     578,   579,   580,   581,   582,   583,   592,   593,   594,   595,
+     596,   597,   598,   625,   626,   627,   628,   629,   630,   631,
+     632,   633,   634,   607,   608,   609,   610,   611,   612,   613,
+      28,    41,   662,   663,   664,   665,   666,   667,   668,   669,
+     670,    29,    42,   691,   692,   693,   694,   695,   696,   697,
+     698,   699,   700,   701,   702,   703,   704,   705,   706,   707,
+     708,   709,   710,   711,    30,    43,   713,   714,    31,    44,
+     716,   717,   555,   556,   557,   558,    32,    45,   728,   729,
+     730,   731,   732,   733,   734,   735,   736,   737,   738,    33,
+      46,   760,   761,   762,   763,   764,   765,   766,   767,   768,
+     769,   770,   771,   772,   773,   774,   775,   776,   777,   778,
+     779,   780,   781,   559,   560,   561,   562,   563,   564,   565,
+     566,    34,    47,   784,   785,   786
 };
 
-  /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM.  If
-     positive, shift that token.  If negative, reduce the rule whose
-     number is the opposite.  If YYTABLE_NINF, syntax error.  */
+/* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM.  If
+   positive, shift that token.  If negative, reduce the rule whose
+   number is the opposite.  If YYTABLE_NINF, syntax error.  */
 static const yytype_int16 yytable[] =
 {
       48,    49,    50,    51,    52,    53,    54,    55,    56,    57,
       58,    59,    60,    61,    62,    63,    64,    65,    66,    67,
       68,    69,    70,    71,    72,    73,    74,    75,    76,    77,
-      78,    79,    80,    81,   780,   781,   710,   713,    82,    83,
-      84,   785,   786,   787,    85,    86,    87,    88,    89,    90,
+      78,    79,    80,    81,   782,   783,   712,   715,    82,    83,
+      84,   787,   788,   789,    85,    86,    87,    88,    89,    90,
       91,    92,    93,    94,    95,    96,    97,    98,    99,   100,
      101,   102,   103,   104,   105,   106,   107,   108,   109,   110,
      111,   112,   113,   114,   115,   116,   117,   118,   119,   120,
-     121,   122,   123,   124,   125,   652,   653,   654,   655,   656,
-     657,   658,   659,   788,   126,   127,   128,   129,   130,   789,
-     131,   132,   133,   790,   791,   134,   135,   136,   137,   138,
+     121,   122,   123,   124,   125,   654,   655,   656,   657,   658,
+     659,   660,   661,   790,   126,   127,   128,   129,   130,   791,
+     131,   132,   133,   792,   793,   134,   135,   136,   137,   138,
      139,   140,   141,   142,   143,   144,   145,   146,   147,   148,
      149,   150,   151,   152,   153,   154,   155,   156,   157,   158,
-     159,   792,   793,   794,   160,   612,   795,   161,   162,   163,
-     164,   165,   166,   167,   796,   168,   169,   170,   171,   172,
-     173,   174,   175,   176,   177,   178,   179,   180,   181,   612,
-     797,   737,   738,   739,   740,   741,   742,   743,   744,   745,
-     746,   747,   748,   749,   750,   751,   752,   753,   754,   755,
+     159,   794,   795,   796,   160,   614,   797,   161,   162,   163,
+     164,   165,   166,   167,   798,   168,   169,   170,   171,   172,
+     173,   174,   175,   176,   177,   178,   179,   180,   181,   614,
+     799,   739,   740,   741,   742,   743,   744,   745,   746,   747,
+     748,   749,   750,   751,   752,   753,   754,   755,   756,   757,
      182,   183,   184,   185,   186,   187,   188,   189,   190,   191,
      192,   193,   194,   195,   196,   197,   198,   199,   200,   201,
      202,   203,   204,   205,   206,   207,   208,   209,   210,   211,
      212,   213,   214,   215,   216,   217,   218,   219,   220,   221,
-     222,   223,   224,   225,   226,   798,   227,   799,   228,   229,
+     222,   223,   224,   225,   226,   800,   227,   801,   228,   229,
      230,   231,   232,   233,   234,   235,   236,   237,   238,   239,
-     240,   241,   242,   243,   244,   245,   246,   756,   800,   757,
-     801,   802,   803,   804,   805,   806,   807,   808,   247,   248,
-     249,   250,   251,   252,   253,   254,   255,   256,   565,   809,
-     566,   567,   810,   811,     2,   812,   813,   814,   815,   816,
-     817,   818,   819,   582,     0,     3,     4,   820,   257,   821,
-     822,   583,   584,   823,   824,   825,   258,   259,   826,   260,
-     261,   646,   262,   263,   264,   265,   266,   827,   828,   267,
+     240,   241,   242,   243,   244,   245,   246,   758,   802,   759,
+     803,   804,   805,   806,   807,   808,   809,   810,   247,   248,
+     249,   250,   251,   252,   253,   254,   255,   256,   567,   811,
+     568,   569,   812,   813,     2,   814,   815,   816,   817,   818,
+     819,   820,   821,   584,     0,     3,     4,   822,   257,   823,
+     824,   585,   586,   825,   826,   827,   258,   259,   828,   260,
+     261,   648,   262,   263,   264,   265,   266,   829,   830,   267,
      268,   269,   270,   271,   272,   273,   274,   275,   276,   277,
-     278,   279,     5,   829,   830,   280,   831,   832,     6,   833,
-     834,   835,   836,   568,   281,   282,   283,   284,   597,   837,
-     838,   285,   286,   287,   288,   289,   290,   291,   292,   293,
-     294,   295,   296,   297,   298,   839,   299,   840,   300,   301,
-     302,   303,   304,   305,   841,   842,   569,   843,   844,   570,
-     845,   846,     7,   847,   598,   599,   848,   849,   571,   850,
-     585,   851,   586,   852,   853,   587,   854,   855,   856,   857,
-       8,   858,   614,   615,   616,   617,   859,   860,   861,   862,
-     863,   600,   619,   716,   717,   718,   719,   720,   721,   722,
-     723,   724,   725,   864,   613,   865,   614,   615,   616,   617,
-     618,   866,   867,   868,   869,   870,   619,   871,   633,   634,
-     635,   636,   637,   872,   873,   874,   875,   876,   877,   878,
-     879,   638,   880,   881,   882,   883,     9,   884,   885,   886,
-     887,   888,   889,   890,   891,   892,   893,   894,   895,   896,
-     897,   898,   899,   620,   621,   669,   670,   671,   672,   673,
-     674,   675,   676,   677,   678,   679,   680,   681,   682,   683,
-     684,   685,   686,   687,   688,   601,   602,   900,   901,   902,
-     903,   904,   905,   906,   907,   908,   909,   910,   911,   912,
-     913,   914,   915,   916,   917,   918,   919,   920,   921,   922,
-     923,   924,    10,   925,   926,   927,   928,   929,   930,   931,
-     932,   933,   934,   935,   936,   937,   938,   939,   940,   941,
-     942,   603,   943,   944,    11,   945,   946,   947,   948,   949,
-     950,   951,   572,   952,   953,   954,   955,   956,   957,   958,
-     959,   960,   961,   962,   963,    12,   588,   964,   965,   966,
-     967,   968,   969,   970,   971,   972,   973,   974,   975,   976,
-     977,   978,   979,   980,   981,   982,   983,    13,   984,   985,
-     986,   987,   988,   989,   990,   991,   992,   993,   994,   995,
-     996,   997,   998,   999,  1000,  1001,  1002,  1003,  1004,  1005,
-    1006,  1007,  1008,  1009,  1010,  1011,  1012,  1013,  1014,    14,
-    1015,  1016,  1017,    15,  1018,  1019,  1020,  1021,  1022,    16,
-    1023,  1024,  1025,  1026,  1027,  1028,  1029,  1030,  1031,  1032,
-    1033,  1034,  1035,  1036,  1037,  1038,  1039,  1040,  1041,  1042,
-    1043,  1044,  1045,  1046,  1047,  1048,  1049,  1050,  1051,  1052,
-    1053,  1054,  1055,  1056,  1057,  1058,  1059,  1060,  1061,  1062,
-    1063,  1064,  1065,  1066,  1067,  1068,  1069,  1070,  1071,  1072,
-    1073,  1074,  1075,  1076,  1077,  1078,  1079,  1080,  1081,  1082,
-    1083,  1084,  1085,  1086,  1087,  1088,  1089,  1090,  1091,  1092,
-    1093,  1094,  1095,  1096,  1097,  1098,  1099,  1100,  1101,  1102,
-    1103,  1104,  1105,  1106,  1107,  1108,  1109,  1110,  1111,  1112,
-    1113,  1114,  1115,  1116,  1117,  1118,  1119,  1120,  1121,  1122,
-    1123,  1124,  1125,  1126,  1127,  1128,  1129,  1130,  1131,  1132,
-    1133,  1134,  1135,  1136,  1137,  1138,  1139,  1140,  1141,  1142,
-    1143,  1144,  1145,  1146,  1147,  1148,  1149,  1150,  1151,  1152,
-    1153,  1154,  1155,  1156,  1157,  1158,  1159,  1160,  1161,  1162,
-    1163,  1164,  1165,  1166,  1167,  1168,  1169,  1170,  1171,  1172,
-    1173,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+     278,   279,     5,   831,   832,   280,   833,   834,     6,   835,
+     836,   837,   838,   570,   281,   282,   283,   284,   599,   839,
+     840,   285,   286,   287,   288,   289,   290,   291,   292,   293,
+     294,   295,   296,   297,   298,   841,   299,   842,   300,   301,
+     302,   303,   304,   305,   306,   843,   571,   844,   845,   572,
+     846,   847,     7,   848,   600,   601,   849,   850,   573,   851,
+     587,   852,   588,   853,   854,   589,   855,   856,   857,   858,
+       8,   859,   616,   617,   618,   619,   860,   861,   862,   863,
+     864,   602,   621,   718,   719,   720,   721,   722,   723,   724,
+     725,   726,   727,   865,   615,   866,   616,   617,   618,   619,
+     620,   867,   868,   869,   870,   871,   621,   872,   635,   636,
+     637,   638,   639,   873,   874,   875,   876,   877,   878,   879,
+     880,   640,   881,   882,   883,   884,     9,   885,   886,   887,
+     888,   889,   890,   891,   892,   893,   894,   895,   896,   897,
+     898,   899,   900,   622,   623,   671,   672,   673,   674,   675,
+     676,   677,   678,   679,   680,   681,   682,   683,   684,   685,
+     686,   687,   688,   689,   690,   603,   604,   901,   902,   903,
+     904,   905,   906,   907,   908,   909,   910,   911,   912,   913,
+     914,   915,   916,   917,   918,   919,   920,   921,   922,   923,
+     924,   925,    10,   926,   927,   928,   929,   930,   931,   932,
+     933,   934,   935,   936,   937,   938,   939,   940,   941,   942,
+     943,   605,   944,   945,    11,   946,   947,   948,   949,   950,
+     951,   952,   574,   953,   954,   955,   956,   957,   958,   959,
+     960,   961,   962,   963,   964,    12,   590,   965,   966,   967,
+     968,   969,   970,   971,   972,   973,   974,   975,   976,   977,
+     978,   979,   980,   981,   982,   983,   984,    13,   985,   986,
+     987,   988,   989,   990,   991,   992,   993,   994,   995,   996,
+     997,   998,   999,  1000,  1001,  1002,  1003,  1004,  1005,  1006,
+    1007,  1008,  1009,  1010,  1011,  1012,  1013,  1014,  1015,    14,
+    1016,  1017,  1018,    15,  1019,  1020,  1021,  1022,  1023,    16,
+    1024,  1025,  1026,  1027,  1028,  1029,  1030,  1031,  1032,  1033,
+    1034,  1035,  1036,  1037,  1038,  1039,  1040,  1041,  1042,  1043,
+    1044,  1045,  1046,  1047,  1048,  1049,  1050,  1051,  1052,  1053,
+    1054,  1055,  1056,  1057,  1058,  1059,  1060,  1061,  1062,  1063,
+    1064,  1065,  1066,  1067,  1068,  1069,  1070,  1071,  1072,  1073,
+    1074,  1075,  1076,  1077,  1078,  1079,  1080,  1081,  1082,  1083,
+    1084,  1085,  1086,  1087,  1088,  1089,  1090,  1091,  1092,  1093,
+    1094,  1095,  1096,  1097,  1098,  1099,  1100,  1101,  1102,  1103,
+    1104,  1105,  1106,  1107,  1108,  1109,  1110,  1111,  1112,  1113,
+    1114,  1115,  1116,  1117,  1118,  1119,  1120,  1121,  1122,  1123,
+    1124,  1125,  1126,  1127,  1128,  1129,  1130,  1131,  1132,  1133,
+    1134,  1135,  1136,  1137,  1138,  1139,  1140,  1141,  1142,  1143,
+    1144,  1145,  1146,  1147,  1148,  1149,  1150,  1151,  1152,  1153,
+    1154,  1155,  1156,  1157,  1158,  1159,  1160,  1161,  1162,  1163,
+    1164,  1165,  1166,  1167,  1168,  1169,  1170,  1171,  1172,  1173,
+    1174,  1175,  1176,     0,     0,     0,     0,     0,     0,     0,
        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
        0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
-       0,   647,   648,   649,   650,   651
+       0,     0,     0,   649,   650,   651,   652,   653
 };
 
 static const yytype_int16 yycheck[] =
@@ -2267,7 +2229,7 @@ static const yytype_int16 yycheck[] =
       10,    10,    10,   112,   347,   348,   349,   350,    47,    10,
       10,   354,   355,   356,   357,   358,   359,   360,   361,   362,
      363,   364,   365,   366,   367,    10,   369,    10,   371,   372,
-     373,   374,   375,   376,    10,    10,   145,    10,    10,   148,
+     373,   374,   375,   376,   377,    10,   145,    10,    10,   148,
       10,    10,    98,    10,    83,    84,    10,    10,   157,    10,
      144,    10,   146,    10,    10,   149,    10,    10,    10,    10,
      116,    10,   304,   305,   306,   307,    10,    10,    10,    10,
@@ -2308,21 +2270,21 @@ static const yytype_int16 yycheck[] =
       10,    10,    10,    10,    10,    10,    10,    10,    10,    10,
       10,    10,    10,    10,    10,    10,    10,    10,    10,    10,
       10,    10,    10,    10,    10,    10,    10,    10,    10,    10,
-      10,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+      10,    10,    10,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
       -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
       -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
-      -1,    40,    40,    40,    40,    40
+      -1,    -1,    -1,    40,    40,    40,    40,    40
 };
 
-  /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
-     symbol of state STATE-NUM.  */
+/* YYSTOS[STATE-NUM] -- The symbol kind of the accessing symbol of
+   state STATE-NUM.  */
 static const yytype_int16 yystos[] =
 {
-       0,   378,     0,    11,    12,    48,    54,    98,   116,   172,
-     238,   260,   281,   303,   335,   339,   345,   379,   380,   381,
-     384,   385,   388,   389,   392,   393,   396,   405,   687,   698,
-     721,   725,   733,   746,   777,   382,   386,   390,   394,   397,
-     406,   688,   699,   722,   726,   734,   747,   778,    13,    14,
+       0,   379,     0,    11,    12,    48,    54,    98,   116,   172,
+     238,   260,   281,   303,   335,   339,   345,   380,   381,   382,
+     385,   386,   389,   390,   393,   394,   397,   406,   688,   699,
+     722,   726,   734,   747,   779,   383,   387,   391,   395,   398,
+     407,   689,   700,   723,   727,   735,   748,   780,    13,    14,
       15,    16,    17,    18,    19,    20,    21,    22,    23,    24,
       25,    26,    27,    28,    29,    30,    31,    32,    33,    34,
       35,    36,    37,    38,    39,    40,    41,    42,    43,    44,
@@ -2348,7 +2310,7 @@ static const yytype_int16 yystos[] =
      325,   326,   327,   328,   329,   330,   331,   332,   333,   334,
      338,   347,   348,   349,   350,   354,   355,   356,   357,   358,
      359,   360,   361,   362,   363,   364,   365,   366,   367,   369,
-     371,   372,   373,   374,   375,   376,   383,   408,   409,   410,
+     371,   372,   373,   374,   375,   376,   377,   384,   409,   410,
      411,   412,   413,   414,   415,   416,   417,   418,   419,   420,
      421,   422,   423,   424,   425,   426,   427,   428,   429,   430,
      431,   432,   433,   434,   435,   436,   437,   438,   439,   440,
@@ -2373,30 +2335,30 @@ static const yytype_int16 yystos[] =
      621,   622,   623,   624,   625,   626,   627,   628,   629,   630,
      631,   632,   633,   634,   635,   636,   637,   638,   639,   640,
      641,   642,   643,   644,   645,   646,   647,   648,   649,   650,
-     651,   652,   653,   654,   729,   730,   731,   732,   770,   771,
-     772,   773,   774,   775,   776,    47,    49,    50,   112,   145,
-     148,   157,   321,   387,   655,   656,   657,   658,   659,   660,
-     661,   662,    47,    55,    56,   144,   146,   149,   320,   391,
-     663,   664,   665,   666,   667,   668,   669,    47,    83,    84,
-     110,   194,   195,   240,   395,   680,   681,   682,   683,   684,
-     685,   686,    47,   302,   304,   305,   306,   307,   308,   314,
-     351,   352,   398,   670,   671,   672,   673,   674,   675,   676,
-     677,   678,   679,   340,   341,   342,   343,   344,   353,   399,
-     400,   401,   402,   403,   404,   407,   670,   671,   672,   673,
-     674,   677,    99,   100,   101,   102,   103,   104,   105,   106,
-     689,   690,   691,   692,   693,   694,   695,   696,   697,   173,
-     174,   175,   176,   177,   178,   179,   180,   181,   182,   183,
-     184,   185,   186,   187,   188,   189,   190,   191,   192,   700,
-     701,   702,   703,   704,   705,   706,   707,   708,   709,   710,
-     711,   712,   713,   714,   715,   716,   717,   718,   719,   720,
-     117,   723,   724,   346,   727,   728,   261,   262,   263,   264,
-     265,   266,   267,   268,   269,   270,   735,   736,   737,   738,
-     739,   740,   741,   742,   743,   744,   745,   282,   283,   284,
-     285,   286,   287,   288,   289,   290,   291,   292,   293,   294,
-     295,   296,   297,   298,   299,   300,   368,   370,   748,   749,
-     750,   751,   752,   753,   754,   755,   756,   757,   758,   759,
-     760,   761,   762,   763,   764,   765,   766,   767,   768,   769,
-     336,   337,   779,   780,   781,    10,    10,    10,    10,    10,
+     651,   652,   653,   654,   655,   730,   731,   732,   733,   771,
+     772,   773,   774,   775,   776,   777,   778,    47,    49,    50,
+     112,   145,   148,   157,   321,   388,   656,   657,   658,   659,
+     660,   661,   662,   663,    47,    55,    56,   144,   146,   149,
+     320,   392,   664,   665,   666,   667,   668,   669,   670,    47,
+      83,    84,   110,   194,   195,   240,   396,   681,   682,   683,
+     684,   685,   686,   687,    47,   302,   304,   305,   306,   307,
+     308,   314,   351,   352,   399,   671,   672,   673,   674,   675,
+     676,   677,   678,   679,   680,   340,   341,   342,   343,   344,
+     353,   400,   401,   402,   403,   404,   405,   408,   671,   672,
+     673,   674,   675,   678,    99,   100,   101,   102,   103,   104,
+     105,   106,   690,   691,   692,   693,   694,   695,   696,   697,
+     698,   173,   174,   175,   176,   177,   178,   179,   180,   181,
+     182,   183,   184,   185,   186,   187,   188,   189,   190,   191,
+     192,   701,   702,   703,   704,   705,   706,   707,   708,   709,
+     710,   711,   712,   713,   714,   715,   716,   717,   718,   719,
+     720,   721,   117,   724,   725,   346,   728,   729,   261,   262,
+     263,   264,   265,   266,   267,   268,   269,   270,   736,   737,
+     738,   739,   740,   741,   742,   743,   744,   745,   746,   282,
+     283,   284,   285,   286,   287,   288,   289,   290,   291,   292,
+     293,   294,   295,   296,   297,   298,   299,   300,   368,   370,
+     749,   750,   751,   752,   753,   754,   755,   756,   757,   758,
+     759,   760,   761,   762,   763,   764,   765,   766,   767,   768,
+     769,   770,   336,   337,   781,   782,   783,    10,    10,    10,
       10,    10,    10,    10,    10,    10,    10,    10,    10,    10,
       10,    10,    10,    10,    10,    10,    10,    10,    10,    10,
       10,    10,    10,    10,    10,    10,    10,    10,    10,    10,
@@ -2435,47 +2397,47 @@ static const yytype_int16 yystos[] =
       10,    10,    10,    10,    10,    10,    10,    10,    10,    10,
       10,    10,    10,    10,    10,    10,    10,    10,    10,    10,
       10,    10,    10,    10,    10,    10,    10,    10,    10,    10,
-      10,    10,    10,    10
+      10,    10,    10,    10,    10,    10,    10
 };
 
-  /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
+/* YYR1[RULE-NUM] -- Symbol kind of the left-hand side of rule RULE-NUM.  */
 static const yytype_int16 yyr1[] =
 {
-       0,   377,   378,   378,   379,   379,   379,   379,   379,   379,
-     379,   379,   379,   379,   379,   379,   379,   379,   380,   381,
-     382,   382,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     383,   383,   383,   383,   383,   383,   383,   383,   383,   383,
-     384,   385,   386,   386,   387,   387,   387,   387,   387,   387,
-     387,   387,   388,   389,   390,   390,   391,   391,   391,   391,
-     391,   391,   391,   392,   393,   394,   394,   395,   395,   395,
-     395,   395,   395,   395,   396,   397,   397,   398,   398,   398,
-     398,   398,   398,   398,   398,   398,   398,   399,   400,   401,
-     402,   403,   404,   405,   406,   406,   407,   407,   407,   407,
-     407,   407,   407,   407,   407,   407,   407,   407,   408,   409,
+       0,   378,   379,   379,   380,   380,   380,   380,   380,   380,
+     380,   380,   380,   380,   380,   380,   380,   380,   381,   382,
+     383,   383,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   384,   384,   384,   384,   384,   384,   384,   384,   384,
+     384,   385,   386,   387,   387,   388,   388,   388,   388,   388,
+     388,   388,   388,   389,   390,   391,   391,   392,   392,   392,
+     392,   392,   392,   392,   393,   394,   395,   395,   396,   396,
+     396,   396,   396,   396,   396,   397,   398,   398,   399,   399,
+     399,   399,   399,   399,   399,   399,   399,   399,   400,   401,
+     402,   403,   404,   405,   406,   407,   407,   408,   408,   408,
+     408,   408,   408,   408,   408,   408,   408,   408,   408,   409,
      410,   411,   412,   413,   414,   415,   416,   417,   418,   419,
      420,   421,   422,   423,   424,   425,   426,   427,   428,   429,
      430,   431,   432,   433,   434,   435,   436,   437,   438,   439,
@@ -2503,26 +2465,26 @@ static const yytype_int16 yyr1[] =
      650,   651,   652,   653,   654,   655,   656,   657,   658,   659,
      660,   661,   662,   663,   664,   665,   666,   667,   668,   669,
      670,   671,   672,   673,   674,   675,   676,   677,   678,   679,
-     680,   681,   682,   683,   684,   685,   686,   687,   688,   688,
-     689,   689,   689,   689,   689,   689,   689,   689,   690,   691,
-     692,   693,   694,   695,   696,   697,   698,   699,   699,   700,
-     700,   700,   700,   700,   700,   700,   700,   700,   700,   700,
-     700,   700,   700,   700,   700,   700,   700,   700,   700,   701,
+     680,   681,   682,   683,   684,   685,   686,   687,   688,   689,
+     689,   690,   690,   690,   690,   690,   690,   690,   690,   691,
+     692,   693,   694,   695,   696,   697,   698,   699,   700,   700,
+     701,   701,   701,   701,   701,   701,   701,   701,   701,   701,
+     701,   701,   701,   701,   701,   701,   701,   701,   701,   701,
      702,   703,   704,   705,   706,   707,   708,   709,   710,   711,
      712,   713,   714,   715,   716,   717,   718,   719,   720,   721,
-     722,   722,   723,   724,   725,   726,   726,   727,   728,   729,
-     730,   731,   732,   733,   734,   734,   735,   735,   735,   735,
-     735,   735,   735,   735,   735,   735,   736,   737,   738,   739,
-     740,   741,   742,   743,   744,   745,   746,   747,   747,   748,
-     748,   748,   748,   748,   748,   748,   748,   748,   748,   748,
-     748,   748,   748,   748,   748,   748,   748,   748,   748,   748,
+     722,   723,   723,   724,   725,   726,   727,   727,   728,   729,
+     730,   731,   732,   733,   734,   735,   735,   736,   736,   736,
+     736,   736,   736,   736,   736,   736,   736,   737,   738,   739,
+     740,   741,   742,   743,   744,   745,   746,   747,   748,   748,
+     749,   749,   749,   749,   749,   749,   749,   749,   749,   749,
+     749,   749,   749,   749,   749,   749,   749,   749,   749,   749,
      749,   750,   751,   752,   753,   754,   755,   756,   757,   758,
      759,   760,   761,   762,   763,   764,   765,   766,   767,   768,
      769,   770,   771,   772,   773,   774,   775,   776,   777,   778,
-     778,   779,   779,   780,   781
+     779,   780,   780,   781,   781,   782,   783
 };
 
-  /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN.  */
+/* YYR2[RULE-NUM] -- Number of symbols on the right-hand side of rule RULE-NUM.  */
 static const yytype_int8 yyr2[] =
 {
        0,     2,     0,     2,     2,     1,     1,     2,     2,     2,
@@ -2553,13 +2515,13 @@ static const yytype_int8 yyr2[] =
        1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
        1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
        1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
-       2,     1,     2,     0,     1,     1,     1,     1,     1,     1,
-       1,     1,     2,     1,     2,     0,     1,     1,     1,     1,
+       1,     2,     1,     2,     0,     1,     1,     1,     1,     1,
        1,     1,     1,     2,     1,     2,     0,     1,     1,     1,
-       1,     1,     1,     1,     1,     2,     0,     1,     1,     1,
-       1,     1,     1,     1,     1,     1,     1,     2,     2,     2,
-       2,     2,     2,     1,     2,     0,     1,     1,     1,     1,
+       1,     1,     1,     1,     2,     1,     2,     0,     1,     1,
+       1,     1,     1,     1,     1,     1,     2,     0,     1,     1,
        1,     1,     1,     1,     1,     1,     1,     1,     2,     2,
+       2,     2,     2,     2,     1,     2,     0,     1,     1,     1,
+       1,     1,     1,     1,     1,     1,     1,     1,     1,     2,
        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
@@ -2574,36 +2536,36 @@ static const yytype_int8 yyr2[] =
        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     3,     3,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     3,     3,     2,     2,
        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     3,     2,     2,     2,     2,     2,     2,     2,     2,
-       3,     3,     2,     2,     2,     2,     2,     2,     3,     3,
-       4,     4,     4,     3,     3,     4,     4,     3,     3,     2,
-       2,     2,     2,     2,     2,     2,     3,     3,     2,     2,
+       2,     2,     3,     2,     2,     2,     2,     2,     2,     2,
+       2,     3,     3,     2,     2,     2,     2,     2,     2,     3,
+       3,     4,     4,     4,     3,     3,     4,     4,     3,     3,
+       2,     2,     2,     2,     2,     2,     2,     3,     3,     2,
        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       3,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     3,     2,     2,     2,     2,     2,     2,     2,     2,
        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     3,     3,     3,     2,     2,     2,     1,     2,     0,
-       1,     1,     1,     1,     1,     1,     1,     1,     2,     2,
-       2,     2,     2,     2,     2,     2,     1,     2,     0,     1,
+       2,     2,     3,     3,     3,     2,     2,     2,     1,     2,
+       0,     1,     1,     1,     1,     1,     1,     1,     1,     2,
+       2,     2,     2,     2,     2,     2,     2,     1,     2,     0,
        1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
-       1,     1,     1,     1,     1,     1,     1,     1,     1,     2,
+       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     1,
-       2,     0,     1,     2,     1,     2,     0,     1,     2,     2,
-       2,     3,     3,     1,     2,     0,     1,     1,     1,     1,
-       1,     1,     1,     1,     1,     1,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     1,     2,     0,     1,
+       1,     2,     0,     1,     2,     1,     2,     0,     1,     2,
+       2,     2,     3,     3,     1,     2,     0,     1,     1,     1,
+       1,     1,     1,     1,     1,     1,     1,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     1,     2,     0,
        1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
        1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+       1,     2,     2,     2,     2,     2,     2,     2,     2,     2,
        2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     3,     2,     2,     2,     2,     2,     2,     1,     2,
-       0,     1,     1,     2,     2
+       2,     2,     3,     2,     2,     2,     2,     2,     2,     2,
+       1,     2,     0,     1,     1,     2,     2
 };
 
 
@@ -2615,6 +2577,7 @@ enum { YYENOMEM = -2 };
 #define YYACCEPT        goto yyacceptlab
 #define YYABORT         goto yyabortlab
 #define YYERROR         goto yyerrorlab
+#define YYNOMEM         goto yyexhaustedlab
 
 
 #define YYRECOVERING()  (!!yyerrstatus)
@@ -2655,10 +2618,7 @@ do {                                            \
     YYFPRINTF Args;                             \
 } while (0)
 
-/* This macro is provided for backward compatibility. */
-# ifndef YY_LOCATION_PRINT
-#  define YY_LOCATION_PRINT(File, Loc) ((void) 0)
-# endif
+
 
 
 # define YY_SYMBOL_PRINT(Title, Kind, Value, Location)                    \
@@ -2685,10 +2645,6 @@ yy_symbol_value_print (FILE *yyo,
   YY_USE (yyoutput);
   if (!yyvaluep)
     return;
-# ifdef YYPRINT
-  if (yykind < YYNTOKENS)
-    YYPRINT (yyo, yytoknum[yykind], *yyvaluep);
-# endif
   YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
   YY_USE (yykind);
   YY_IGNORE_MAYBE_UNINITIALIZED_END
@@ -2873,6 +2829,7 @@ yyparse (void)
   YYDPRINTF ((stderr, "Starting parse\n"));
 
   yychar = YYEMPTY; /* Cause a token to be read.  */
+
   goto yysetstate;
 
 
@@ -2898,7 +2855,7 @@ yysetstate:
 
   if (yyss + yystacksize - 1 <= yyssp)
 #if !defined yyoverflow && !defined YYSTACK_RELOCATE
-    goto yyexhaustedlab;
+    YYNOMEM;
 #else
     {
       /* Get the current used size of the three stacks, in elements.  */
@@ -2926,7 +2883,7 @@ yysetstate:
 # else /* defined YYSTACK_RELOCATE */
       /* Extend the stack our own way.  */
       if (YYMAXDEPTH <= yystacksize)
-        goto yyexhaustedlab;
+        YYNOMEM;
       yystacksize *= 2;
       if (YYMAXDEPTH < yystacksize)
         yystacksize = YYMAXDEPTH;
@@ -2937,7 +2894,7 @@ yysetstate:
           YY_CAST (union yyalloc *,
                    YYSTACK_ALLOC (YY_CAST (YYSIZE_T, YYSTACK_BYTES (yystacksize))));
         if (! yyptr)
-          goto yyexhaustedlab;
+          YYNOMEM;
         YYSTACK_RELOCATE (yyss_alloc, yyss);
         YYSTACK_RELOCATE (yyvs_alloc, yyvs);
 #  undef YYSTACK_RELOCATE
@@ -2959,6 +2916,7 @@ yysetstate:
     }
 #endif /* !defined yyoverflow && !defined YYSTACK_RELOCATE */
 
+
   if (yystate == YYFINAL)
     YYACCEPT;
 
@@ -3071,36 +3029,36 @@ yyreduce:
   switch (yyn)
     {
   case 18: /* force_toplevel: VAR_FORCE_TOPLEVEL  */
-#line 230 "util/configparser.y"
+#line 231 "util/configparser.y"
         {
 		OUTYY(("\nP(force-toplevel)\n"));
 		cfg_parser->started_toplevel = 0;
 	}
-#line 3080 "util/configparser.c"
+#line 3038 "util/configparser.c"
     break;
 
   case 19: /* serverstart: VAR_SERVER  */
-#line 237 "util/configparser.y"
+#line 238 "util/configparser.y"
         {
 		OUTYY(("\nP(server:)\n"));
 		cfg_parser->started_toplevel = 1;
 	}
-#line 3089 "util/configparser.c"
+#line 3047 "util/configparser.c"
     break;
 
-  case 280: /* stub_clause: stubstart contents_stub  */
-#line 362 "util/configparser.y"
+  case 281: /* stub_clause: stubstart contents_stub  */
+#line 363 "util/configparser.y"
         {
 		/* stub end */
 		if(cfg_parser->cfg->stubs &&
 			!cfg_parser->cfg->stubs->name)
 			yyerror("stub-zone without name");
 	}
-#line 3100 "util/configparser.c"
+#line 3058 "util/configparser.c"
     break;
 
-  case 281: /* stubstart: VAR_STUB_ZONE  */
-#line 370 "util/configparser.y"
+  case 282: /* stubstart: VAR_STUB_ZONE  */
+#line 371 "util/configparser.y"
         {
 		struct config_stub* s;
 		OUTYY(("\nP(stub_zone:)\n"));
@@ -3113,22 +3071,22 @@ yyreduce:
 			yyerror("out of memory");
 		}
 	}
-#line 3117 "util/configparser.c"
+#line 3075 "util/configparser.c"
     break;
 
-  case 292: /* forward_clause: forwardstart contents_forward  */
-#line 389 "util/configparser.y"
+  case 293: /* forward_clause: forwardstart contents_forward  */
+#line 390 "util/configparser.y"
         {
 		/* forward end */
 		if(cfg_parser->cfg->forwards &&
 			!cfg_parser->cfg->forwards->name)
 			yyerror("forward-zone without name");
 	}
-#line 3128 "util/configparser.c"
+#line 3086 "util/configparser.c"
     break;
 
-  case 293: /* forwardstart: VAR_FORWARD_ZONE  */
-#line 397 "util/configparser.y"
+  case 294: /* forwardstart: VAR_FORWARD_ZONE  */
+#line 398 "util/configparser.y"
         {
 		struct config_stub* s;
 		OUTYY(("\nP(forward_zone:)\n"));
@@ -3141,22 +3099,22 @@ yyreduce:
 			yyerror("out of memory");
 		}
 	}
-#line 3145 "util/configparser.c"
+#line 3103 "util/configparser.c"
     break;
 
-  case 303: /* view_clause: viewstart contents_view  */
-#line 416 "util/configparser.y"
+  case 304: /* view_clause: viewstart contents_view  */
+#line 417 "util/configparser.y"
         {
 		/* view end */
 		if(cfg_parser->cfg->views &&
 			!cfg_parser->cfg->views->name)
 			yyerror("view without name");
 	}
-#line 3156 "util/configparser.c"
+#line 3114 "util/configparser.c"
     break;
 
-  case 304: /* viewstart: VAR_VIEW  */
-#line 424 "util/configparser.y"
+  case 305: /* viewstart: VAR_VIEW  */
+#line 425 "util/configparser.y"
         {
 		struct config_view* s;
 		OUTYY(("\nP(view:)\n"));
@@ -3169,11 +3127,11 @@ yyreduce:
 			yyerror("out of memory");
 		}
 	}
-#line 3173 "util/configparser.c"
+#line 3131 "util/configparser.c"
     break;
 
-  case 314: /* authstart: VAR_AUTH_ZONE  */
-#line 443 "util/configparser.y"
+  case 315: /* authstart: VAR_AUTH_ZONE  */
+#line 444 "util/configparser.y"
         {
 		struct config_auth* s;
 		OUTYY(("\nP(auth_zone:)\n"));
@@ -3193,11 +3151,11 @@ yyreduce:
 			yyerror("out of memory");
 		}
 	}
-#line 3197 "util/configparser.c"
+#line 3155 "util/configparser.c"
     break;
 
-  case 327: /* rpz_tag: VAR_TAGS STRING_ARG  */
-#line 471 "util/configparser.y"
+  case 328: /* rpz_tag: VAR_TAGS STRING_ARG  */
+#line 472 "util/configparser.y"
         {
 		uint8_t* bitlist;
 		size_t len = 0;
@@ -3214,11 +3172,11 @@ yyreduce:
 
 		}
 	}
-#line 3218 "util/configparser.c"
+#line 3176 "util/configparser.c"
     break;
 
-  case 328: /* rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG  */
-#line 490 "util/configparser.y"
+  case 329: /* rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG  */
+#line 491 "util/configparser.y"
         {
 		OUTYY(("P(rpz_action_override:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "nxdomain")!=0 && strcmp((yyvsp[0].str), "nodata")!=0 &&
@@ -3233,21 +3191,21 @@ yyreduce:
 			cfg_parser->cfg->auths->rpz_action_override = (yyvsp[0].str);
 		}
 	}
-#line 3237 "util/configparser.c"
+#line 3195 "util/configparser.c"
     break;
 
-  case 329: /* rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG  */
-#line 507 "util/configparser.y"
+  case 330: /* rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG  */
+#line 508 "util/configparser.y"
         {
 		OUTYY(("P(rpz_cname_override:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->auths->rpz_cname);
 		cfg_parser->cfg->auths->rpz_cname = (yyvsp[0].str);
 	}
-#line 3247 "util/configparser.c"
+#line 3205 "util/configparser.c"
     break;
 
-  case 330: /* rpz_log: VAR_RPZ_LOG STRING_ARG  */
-#line 515 "util/configparser.y"
+  case 331: /* rpz_log: VAR_RPZ_LOG STRING_ARG  */
+#line 516 "util/configparser.y"
         {
 		OUTYY(("P(rpz_log:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3255,21 +3213,21 @@ yyreduce:
 		else cfg_parser->cfg->auths->rpz_log = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3259 "util/configparser.c"
+#line 3217 "util/configparser.c"
     break;
 
-  case 331: /* rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG  */
-#line 525 "util/configparser.y"
+  case 332: /* rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG  */
+#line 526 "util/configparser.y"
         {
 		OUTYY(("P(rpz_log_name:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->auths->rpz_log_name);
 		cfg_parser->cfg->auths->rpz_log_name = (yyvsp[0].str);
 	}
-#line 3269 "util/configparser.c"
+#line 3227 "util/configparser.c"
     break;
 
-  case 332: /* rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG  */
-#line 532 "util/configparser.y"
+  case 333: /* rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG  */
+#line 533 "util/configparser.y"
         {
 		OUTYY(("P(rpz_signal_nxdomain_ra:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3277,11 +3235,11 @@ yyreduce:
 		else cfg_parser->cfg->auths->rpz_signal_nxdomain_ra = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3281 "util/configparser.c"
+#line 3239 "util/configparser.c"
     break;
 
-  case 333: /* rpzstart: VAR_RPZ  */
-#line 542 "util/configparser.y"
+  case 334: /* rpzstart: VAR_RPZ  */
+#line 543 "util/configparser.y"
         {
 		struct config_auth* s;
 		OUTYY(("\nP(rpz:)\n"));
@@ -3299,11 +3257,11 @@ yyreduce:
 			yyerror("out of memory");
 		}
 	}
-#line 3303 "util/configparser.c"
+#line 3261 "util/configparser.c"
     break;
 
-  case 348: /* server_num_threads: VAR_NUM_THREADS STRING_ARG  */
-#line 567 "util/configparser.y"
+  case 349: /* server_num_threads: VAR_NUM_THREADS STRING_ARG  */
+#line 568 "util/configparser.y"
         {
 		OUTYY(("P(server_num_threads:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -3311,11 +3269,11 @@ yyreduce:
 		else cfg_parser->cfg->num_threads = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3315 "util/configparser.c"
+#line 3273 "util/configparser.c"
     break;
 
-  case 349: /* server_verbosity: VAR_VERBOSITY STRING_ARG  */
-#line 576 "util/configparser.y"
+  case 350: /* server_verbosity: VAR_VERBOSITY STRING_ARG  */
+#line 577 "util/configparser.y"
         {
 		OUTYY(("P(server_verbosity:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -3323,11 +3281,11 @@ yyreduce:
 		else cfg_parser->cfg->verbosity = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3327 "util/configparser.c"
+#line 3285 "util/configparser.c"
     break;
 
-  case 350: /* server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG  */
-#line 585 "util/configparser.y"
+  case 351: /* server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG  */
+#line 586 "util/configparser.y"
         {
 		OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0)
@@ -3337,11 +3295,11 @@ yyreduce:
 		else cfg_parser->cfg->stat_interval = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3341 "util/configparser.c"
+#line 3299 "util/configparser.c"
     break;
 
-  case 351: /* server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG  */
-#line 596 "util/configparser.y"
+  case 352: /* server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG  */
+#line 597 "util/configparser.y"
         {
 		OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3349,11 +3307,11 @@ yyreduce:
 		else cfg_parser->cfg->stat_cumulative = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3353 "util/configparser.c"
+#line 3311 "util/configparser.c"
     break;
 
-  case 352: /* server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG  */
-#line 605 "util/configparser.y"
+  case 353: /* server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG  */
+#line 606 "util/configparser.y"
         {
 		OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3361,11 +3319,11 @@ yyreduce:
 		else cfg_parser->cfg->stat_extended = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3365 "util/configparser.c"
+#line 3323 "util/configparser.c"
     break;
 
-  case 353: /* server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG  */
-#line 614 "util/configparser.y"
+  case 354: /* server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG  */
+#line 615 "util/configparser.y"
         {
 		OUTYY(("P(server_statistics_inhibit_zero:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3373,11 +3331,11 @@ yyreduce:
 		else cfg_parser->cfg->stat_inhibit_zero = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3377 "util/configparser.c"
+#line 3335 "util/configparser.c"
     break;
 
-  case 354: /* server_shm_enable: VAR_SHM_ENABLE STRING_ARG  */
-#line 623 "util/configparser.y"
+  case 355: /* server_shm_enable: VAR_SHM_ENABLE STRING_ARG  */
+#line 624 "util/configparser.y"
         {
 		OUTYY(("P(server_shm_enable:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3385,11 +3343,11 @@ yyreduce:
 		else cfg_parser->cfg->shm_enable = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3389 "util/configparser.c"
+#line 3347 "util/configparser.c"
     break;
 
-  case 355: /* server_shm_key: VAR_SHM_KEY STRING_ARG  */
-#line 632 "util/configparser.y"
+  case 356: /* server_shm_key: VAR_SHM_KEY STRING_ARG  */
+#line 633 "util/configparser.y"
         {
 		OUTYY(("P(server_shm_key:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0)
@@ -3399,11 +3357,11 @@ yyreduce:
 		else cfg_parser->cfg->shm_key = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3403 "util/configparser.c"
+#line 3361 "util/configparser.c"
     break;
 
-  case 356: /* server_port: VAR_PORT STRING_ARG  */
-#line 643 "util/configparser.y"
+  case 357: /* server_port: VAR_PORT STRING_ARG  */
+#line 644 "util/configparser.y"
         {
 		OUTYY(("P(server_port:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -3411,11 +3369,11 @@ yyreduce:
 		else cfg_parser->cfg->port = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3415 "util/configparser.c"
+#line 3373 "util/configparser.c"
     break;
 
-  case 357: /* server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG  */
-#line 652 "util/configparser.y"
+  case 358: /* server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG  */
+#line 653 "util/configparser.y"
         {
 	#ifdef CLIENT_SUBNET
 		OUTYY(("P(server_send_client_subnet:%s)\n", (yyvsp[0].str)));
@@ -3426,11 +3384,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 3430 "util/configparser.c"
+#line 3388 "util/configparser.c"
     break;
 
-  case 358: /* server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG  */
-#line 664 "util/configparser.y"
+  case 359: /* server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG  */
+#line 665 "util/configparser.y"
         {
 	#ifdef CLIENT_SUBNET
 		OUTYY(("P(server_client_subnet_zone:%s)\n", (yyvsp[0].str)));
@@ -3442,11 +3400,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 3446 "util/configparser.c"
+#line 3404 "util/configparser.c"
     break;
 
-  case 359: /* server_client_subnet_always_forward: VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG  */
-#line 678 "util/configparser.y"
+  case 360: /* server_client_subnet_always_forward: VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG  */
+#line 679 "util/configparser.y"
         {
 	#ifdef CLIENT_SUBNET
 		OUTYY(("P(server_client_subnet_always_forward:%s)\n", (yyvsp[0].str)));
@@ -3460,11 +3418,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 3464 "util/configparser.c"
+#line 3422 "util/configparser.c"
     break;
 
-  case 360: /* server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG  */
-#line 693 "util/configparser.y"
+  case 361: /* server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG  */
+#line 694 "util/configparser.y"
         {
 	#ifdef CLIENT_SUBNET
 		OUTYY(("P(client_subnet_opcode:%s)\n", (yyvsp[0].str)));
@@ -3474,11 +3432,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 3478 "util/configparser.c"
+#line 3436 "util/configparser.c"
     break;
 
-  case 361: /* server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG  */
-#line 704 "util/configparser.y"
+  case 362: /* server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG  */
+#line 705 "util/configparser.y"
         {
 	#ifdef CLIENT_SUBNET
 		OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[0].str)));
@@ -3494,11 +3452,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 3498 "util/configparser.c"
+#line 3456 "util/configparser.c"
     break;
 
-  case 362: /* server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG  */
-#line 721 "util/configparser.y"
+  case 363: /* server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG  */
+#line 722 "util/configparser.y"
         {
 	#ifdef CLIENT_SUBNET
 		OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[0].str)));
@@ -3514,11 +3472,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 3518 "util/configparser.c"
+#line 3476 "util/configparser.c"
     break;
 
-  case 363: /* server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG  */
-#line 738 "util/configparser.y"
+  case 364: /* server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG  */
+#line 739 "util/configparser.y"
         {
 	#ifdef CLIENT_SUBNET
 		OUTYY(("P(min_client_subnet_ipv4:%s)\n", (yyvsp[0].str)));
@@ -3534,11 +3492,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 3538 "util/configparser.c"
+#line 3496 "util/configparser.c"
     break;
 
-  case 364: /* server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG  */
-#line 755 "util/configparser.y"
+  case 365: /* server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG  */
+#line 756 "util/configparser.y"
         {
 	#ifdef CLIENT_SUBNET
 		OUTYY(("P(min_client_subnet_ipv6:%s)\n", (yyvsp[0].str)));
@@ -3554,11 +3512,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 3558 "util/configparser.c"
+#line 3516 "util/configparser.c"
     break;
 
-  case 365: /* server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG  */
-#line 772 "util/configparser.y"
+  case 366: /* server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG  */
+#line 773 "util/configparser.y"
         {
 	#ifdef CLIENT_SUBNET
 		OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", (yyvsp[0].str)));
@@ -3572,11 +3530,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 3576 "util/configparser.c"
+#line 3534 "util/configparser.c"
     break;
 
-  case 366: /* server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG  */
-#line 787 "util/configparser.y"
+  case 367: /* server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG  */
+#line 788 "util/configparser.y"
         {
 	#ifdef CLIENT_SUBNET
 		OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", (yyvsp[0].str)));
@@ -3590,11 +3548,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 3594 "util/configparser.c"
+#line 3552 "util/configparser.c"
     break;
 
-  case 367: /* server_interface: VAR_INTERFACE STRING_ARG  */
-#line 802 "util/configparser.y"
+  case 368: /* server_interface: VAR_INTERFACE STRING_ARG  */
+#line 803 "util/configparser.y"
         {
 		OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str)));
 		if(cfg_parser->cfg->num_ifs == 0)
@@ -3606,11 +3564,11 @@ yyreduce:
 		else
 			cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str);
 	}
-#line 3610 "util/configparser.c"
+#line 3568 "util/configparser.c"
     break;
 
-  case 368: /* server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG  */
-#line 815 "util/configparser.y"
+  case 369: /* server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG  */
+#line 816 "util/configparser.y"
         {
 		OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str)));
 		if(cfg_parser->cfg->num_out_ifs == 0)
@@ -3624,11 +3582,11 @@ yyreduce:
 			cfg_parser->cfg->out_ifs[
 				cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str);
 	}
-#line 3628 "util/configparser.c"
+#line 3586 "util/configparser.c"
     break;
 
-  case 369: /* server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG  */
-#line 830 "util/configparser.y"
+  case 370: /* server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG  */
+#line 831 "util/configparser.y"
         {
 		OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -3636,11 +3594,11 @@ yyreduce:
 		else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3640 "util/configparser.c"
+#line 3598 "util/configparser.c"
     break;
 
-  case 370: /* server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG  */
-#line 839 "util/configparser.y"
+  case 371: /* server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG  */
+#line 840 "util/configparser.y"
         {
 		OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str)));
 		if(!cfg_mark_ports((yyvsp[0].str), 1,
@@ -3648,11 +3606,11 @@ yyreduce:
 			yyerror("port number or range (\"low-high\") expected");
 		free((yyvsp[0].str));
 	}
-#line 3652 "util/configparser.c"
+#line 3610 "util/configparser.c"
     break;
 
-  case 371: /* server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG  */
-#line 848 "util/configparser.y"
+  case 372: /* server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG  */
+#line 849 "util/configparser.y"
         {
 		OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str)));
 		if(!cfg_mark_ports((yyvsp[0].str), 0,
@@ -3660,11 +3618,11 @@ yyreduce:
 			yyerror("port number or range (\"low-high\") expected");
 		free((yyvsp[0].str));
 	}
-#line 3664 "util/configparser.c"
+#line 3622 "util/configparser.c"
     break;
 
-  case 372: /* server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG  */
-#line 857 "util/configparser.y"
+  case 373: /* server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG  */
+#line 858 "util/configparser.y"
         {
 		OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -3672,11 +3630,11 @@ yyreduce:
 		else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3676 "util/configparser.c"
+#line 3634 "util/configparser.c"
     break;
 
-  case 373: /* server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG  */
-#line 866 "util/configparser.y"
+  case 374: /* server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG  */
+#line 867 "util/configparser.y"
         {
 		OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -3684,11 +3642,11 @@ yyreduce:
 		else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3688 "util/configparser.c"
+#line 3646 "util/configparser.c"
     break;
 
-  case 374: /* server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG  */
-#line 875 "util/configparser.y"
+  case 375: /* server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG  */
+#line 876 "util/configparser.y"
         {
 		OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3696,21 +3654,21 @@ yyreduce:
 		else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3700 "util/configparser.c"
+#line 3658 "util/configparser.c"
     break;
 
-  case 375: /* server_interface_automatic_ports: VAR_INTERFACE_AUTOMATIC_PORTS STRING_ARG  */
-#line 884 "util/configparser.y"
+  case 376: /* server_interface_automatic_ports: VAR_INTERFACE_AUTOMATIC_PORTS STRING_ARG  */
+#line 885 "util/configparser.y"
         {
 		OUTYY(("P(server_interface_automatic_ports:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->if_automatic_ports);
 		cfg_parser->cfg->if_automatic_ports = (yyvsp[0].str);
 	}
-#line 3710 "util/configparser.c"
+#line 3668 "util/configparser.c"
     break;
 
-  case 376: /* server_do_ip4: VAR_DO_IP4 STRING_ARG  */
-#line 891 "util/configparser.y"
+  case 377: /* server_do_ip4: VAR_DO_IP4 STRING_ARG  */
+#line 892 "util/configparser.y"
         {
 		OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3718,11 +3676,11 @@ yyreduce:
 		else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3722 "util/configparser.c"
+#line 3680 "util/configparser.c"
     break;
 
-  case 377: /* server_do_ip6: VAR_DO_IP6 STRING_ARG  */
-#line 900 "util/configparser.y"
+  case 378: /* server_do_ip6: VAR_DO_IP6 STRING_ARG  */
+#line 901 "util/configparser.y"
         {
 		OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3730,11 +3688,11 @@ yyreduce:
 		else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3734 "util/configparser.c"
+#line 3692 "util/configparser.c"
     break;
 
-  case 378: /* server_do_nat64: VAR_DO_NAT64 STRING_ARG  */
-#line 909 "util/configparser.y"
+  case 379: /* server_do_nat64: VAR_DO_NAT64 STRING_ARG  */
+#line 910 "util/configparser.y"
         {
 		OUTYY(("P(server_do_nat64:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3742,11 +3700,11 @@ yyreduce:
 		else cfg_parser->cfg->do_nat64 = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3746 "util/configparser.c"
+#line 3704 "util/configparser.c"
     break;
 
-  case 379: /* server_do_udp: VAR_DO_UDP STRING_ARG  */
-#line 918 "util/configparser.y"
+  case 380: /* server_do_udp: VAR_DO_UDP STRING_ARG  */
+#line 919 "util/configparser.y"
         {
 		OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3754,11 +3712,11 @@ yyreduce:
 		else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3758 "util/configparser.c"
+#line 3716 "util/configparser.c"
     break;
 
-  case 380: /* server_do_tcp: VAR_DO_TCP STRING_ARG  */
-#line 927 "util/configparser.y"
+  case 381: /* server_do_tcp: VAR_DO_TCP STRING_ARG  */
+#line 928 "util/configparser.y"
         {
 		OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3766,11 +3724,11 @@ yyreduce:
 		else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3770 "util/configparser.c"
+#line 3728 "util/configparser.c"
     break;
 
-  case 381: /* server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG  */
-#line 936 "util/configparser.y"
+  case 382: /* server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG  */
+#line 937 "util/configparser.y"
         {
 		OUTYY(("P(server_prefer_ip4:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3778,11 +3736,11 @@ yyreduce:
 		else cfg_parser->cfg->prefer_ip4 = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3782 "util/configparser.c"
+#line 3740 "util/configparser.c"
     break;
 
-  case 382: /* server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG  */
-#line 945 "util/configparser.y"
+  case 383: /* server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG  */
+#line 946 "util/configparser.y"
         {
 		OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3790,23 +3748,23 @@ yyreduce:
 		else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3794 "util/configparser.c"
+#line 3752 "util/configparser.c"
     break;
 
-  case 383: /* server_tcp_mss: VAR_TCP_MSS STRING_ARG  */
-#line 954 "util/configparser.y"
+  case 384: /* server_tcp_mss: VAR_TCP_MSS STRING_ARG  */
+#line 955 "util/configparser.y"
         {
 		OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
-				yyerror("number expected");
+			yyerror("number expected");
 		else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3806 "util/configparser.c"
+#line 3764 "util/configparser.c"
     break;
 
-  case 384: /* server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG  */
-#line 963 "util/configparser.y"
+  case 385: /* server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG  */
+#line 964 "util/configparser.y"
         {
 		OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -3814,11 +3772,11 @@ yyreduce:
 		else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3818 "util/configparser.c"
+#line 3776 "util/configparser.c"
     break;
 
-  case 385: /* server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG  */
-#line 972 "util/configparser.y"
+  case 386: /* server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG  */
+#line 973 "util/configparser.y"
         {
 		OUTYY(("P(server_tcp_idle_timeout:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -3830,11 +3788,11 @@ yyreduce:
 		else cfg_parser->cfg->tcp_idle_timeout = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3834 "util/configparser.c"
+#line 3792 "util/configparser.c"
     break;
 
-  case 386: /* server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG  */
-#line 985 "util/configparser.y"
+  case 387: /* server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG  */
+#line 986 "util/configparser.y"
         {
 		OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -3844,11 +3802,11 @@ yyreduce:
 		else cfg_parser->cfg->max_reuse_tcp_queries = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3848 "util/configparser.c"
+#line 3806 "util/configparser.c"
     break;
 
-  case 387: /* server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG  */
-#line 996 "util/configparser.y"
+  case 388: /* server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG  */
+#line 997 "util/configparser.y"
         {
 		OUTYY(("P(server_tcp_reuse_timeout:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -3858,11 +3816,11 @@ yyreduce:
 		else cfg_parser->cfg->tcp_reuse_timeout = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3862 "util/configparser.c"
+#line 3820 "util/configparser.c"
     break;
 
-  case 388: /* server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG  */
-#line 1007 "util/configparser.y"
+  case 389: /* server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG  */
+#line 1008 "util/configparser.y"
         {
 		OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -3872,11 +3830,11 @@ yyreduce:
 		else cfg_parser->cfg->tcp_auth_query_timeout = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3876 "util/configparser.c"
+#line 3834 "util/configparser.c"
     break;
 
-  case 389: /* server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG  */
-#line 1018 "util/configparser.y"
+  case 390: /* server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG  */
+#line 1019 "util/configparser.y"
         {
 		OUTYY(("P(server_tcp_keepalive:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3884,11 +3842,11 @@ yyreduce:
 		else cfg_parser->cfg->do_tcp_keepalive = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3888 "util/configparser.c"
+#line 3846 "util/configparser.c"
     break;
 
-  case 390: /* server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG  */
-#line 1027 "util/configparser.y"
+  case 391: /* server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG  */
+#line 1028 "util/configparser.y"
         {
 		OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -3900,11 +3858,11 @@ yyreduce:
 		else cfg_parser->cfg->tcp_keepalive_timeout = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3904 "util/configparser.c"
+#line 3862 "util/configparser.c"
     break;
 
-  case 391: /* server_sock_queue_timeout: VAR_SOCK_QUEUE_TIMEOUT STRING_ARG  */
-#line 1040 "util/configparser.y"
+  case 392: /* server_sock_queue_timeout: VAR_SOCK_QUEUE_TIMEOUT STRING_ARG  */
+#line 1041 "util/configparser.y"
         {
 		OUTYY(("P(server_sock_queue_timeout:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -3916,11 +3874,11 @@ yyreduce:
 		else cfg_parser->cfg->sock_queue_timeout = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3920 "util/configparser.c"
+#line 3878 "util/configparser.c"
     break;
 
-  case 392: /* server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG  */
-#line 1053 "util/configparser.y"
+  case 393: /* server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG  */
+#line 1054 "util/configparser.y"
         {
 		OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3928,11 +3886,11 @@ yyreduce:
 		else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3932 "util/configparser.c"
+#line 3890 "util/configparser.c"
     break;
 
-  case 393: /* server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG  */
-#line 1062 "util/configparser.y"
+  case 394: /* server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG  */
+#line 1063 "util/configparser.y"
         {
 		OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3940,11 +3898,11 @@ yyreduce:
 		else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3944 "util/configparser.c"
+#line 3902 "util/configparser.c"
     break;
 
-  case 394: /* server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG  */
-#line 1071 "util/configparser.y"
+  case 395: /* server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG  */
+#line 1072 "util/configparser.y"
         {
 		OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -3952,31 +3910,31 @@ yyreduce:
 		else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 3956 "util/configparser.c"
+#line 3914 "util/configparser.c"
     break;
 
-  case 395: /* server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG  */
-#line 1080 "util/configparser.y"
+  case 396: /* server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG  */
+#line 1081 "util/configparser.y"
         {
 		OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->ssl_service_key);
 		cfg_parser->cfg->ssl_service_key = (yyvsp[0].str);
 	}
-#line 3966 "util/configparser.c"
+#line 3924 "util/configparser.c"
     break;
 
-  case 396: /* server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG  */
-#line 1087 "util/configparser.y"
+  case 397: /* server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG  */
+#line 1088 "util/configparser.y"
         {
 		OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->ssl_service_pem);
 		cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str);
 	}
-#line 3976 "util/configparser.c"
+#line 3934 "util/configparser.c"
     break;
 
-  case 397: /* server_ssl_port: VAR_SSL_PORT STRING_ARG  */
-#line 1094 "util/configparser.y"
+  case 398: /* server_ssl_port: VAR_SSL_PORT STRING_ARG  */
+#line 1095 "util/configparser.y"
         {
 		OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -3984,21 +3942,21 @@ yyreduce:
 		else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 3988 "util/configparser.c"
+#line 3946 "util/configparser.c"
     break;
 
-  case 398: /* server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG  */
-#line 1103 "util/configparser.y"
+  case 399: /* server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG  */
+#line 1104 "util/configparser.y"
         {
 		OUTYY(("P(server_tls_cert_bundle:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->tls_cert_bundle);
 		cfg_parser->cfg->tls_cert_bundle = (yyvsp[0].str);
 	}
-#line 3998 "util/configparser.c"
+#line 3956 "util/configparser.c"
     break;
 
-  case 399: /* server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG  */
-#line 1110 "util/configparser.y"
+  case 400: /* server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG  */
+#line 1111 "util/configparser.y"
         {
 		OUTYY(("P(server_tls_win_cert:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4006,53 +3964,53 @@ yyreduce:
 		else cfg_parser->cfg->tls_win_cert = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4010 "util/configparser.c"
+#line 3968 "util/configparser.c"
     break;
 
-  case 400: /* server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG  */
-#line 1119 "util/configparser.y"
+  case 401: /* server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG  */
+#line 1120 "util/configparser.y"
         {
 		OUTYY(("P(server_tls_additional_port:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
 			(yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 4021 "util/configparser.c"
+#line 3979 "util/configparser.c"
     break;
 
-  case 401: /* server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG  */
-#line 1127 "util/configparser.y"
+  case 402: /* server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG  */
+#line 1128 "util/configparser.y"
         {
 		OUTYY(("P(server_tls_ciphers:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->tls_ciphers);
 		cfg_parser->cfg->tls_ciphers = (yyvsp[0].str);
 	}
-#line 4031 "util/configparser.c"
+#line 3989 "util/configparser.c"
     break;
 
-  case 402: /* server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG  */
-#line 1134 "util/configparser.y"
+  case 403: /* server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG  */
+#line 1135 "util/configparser.y"
         {
 		OUTYY(("P(server_tls_ciphersuites:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->tls_ciphersuites);
 		cfg_parser->cfg->tls_ciphersuites = (yyvsp[0].str);
 	}
-#line 4041 "util/configparser.c"
+#line 3999 "util/configparser.c"
     break;
 
-  case 403: /* server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG  */
-#line 1141 "util/configparser.y"
+  case 404: /* server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG  */
+#line 1142 "util/configparser.y"
         {
 		OUTYY(("P(server_tls_session_ticket_keys:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
 			(yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 4052 "util/configparser.c"
+#line 4010 "util/configparser.c"
     break;
 
-  case 404: /* server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG  */
-#line 1149 "util/configparser.y"
+  case 405: /* server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG  */
+#line 1150 "util/configparser.y"
         {
 		OUTYY(("P(server_tls_use_sni:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4060,11 +4018,11 @@ yyreduce:
 		else cfg_parser->cfg->tls_use_sni = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4064 "util/configparser.c"
+#line 4022 "util/configparser.c"
     break;
 
-  case 405: /* server_https_port: VAR_HTTPS_PORT STRING_ARG  */
-#line 1158 "util/configparser.y"
+  case 406: /* server_https_port: VAR_HTTPS_PORT STRING_ARG  */
+#line 1159 "util/configparser.y"
         {
 		OUTYY(("P(server_https_port:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -4072,31 +4030,33 @@ yyreduce:
 		else cfg_parser->cfg->https_port = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4076 "util/configparser.c"
+#line 4034 "util/configparser.c"
     break;
 
-  case 406: /* server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG  */
-#line 1166 "util/configparser.y"
+  case 407: /* server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG  */
+#line 1167 "util/configparser.y"
         {
 		OUTYY(("P(server_http_endpoint:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->http_endpoint);
 		if((yyvsp[0].str) && (yyvsp[0].str)[0] != '/') {
 			cfg_parser->cfg->http_endpoint = malloc(strlen((yyvsp[0].str))+2);
-			if(!cfg_parser->cfg->http_endpoint)
+			if(cfg_parser->cfg->http_endpoint) {
+				cfg_parser->cfg->http_endpoint[0] = '/';
+				memmove(cfg_parser->cfg->http_endpoint+1, (yyvsp[0].str),
+					strlen((yyvsp[0].str))+1);
+			} else {
 				yyerror("out of memory");
-			cfg_parser->cfg->http_endpoint[0] = '/';
-			memmove(cfg_parser->cfg->http_endpoint+1, (yyvsp[0].str),
-				strlen((yyvsp[0].str))+1);
+			}
 			free((yyvsp[0].str));
 		} else {
 			cfg_parser->cfg->http_endpoint = (yyvsp[0].str);
 		}
 	}
-#line 4096 "util/configparser.c"
+#line 4056 "util/configparser.c"
     break;
 
-  case 407: /* server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG  */
-#line 1182 "util/configparser.y"
+  case 408: /* server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG  */
+#line 1185 "util/configparser.y"
         {
 		OUTYY(("P(server_http_max_streams:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -4104,11 +4064,11 @@ yyreduce:
 		else cfg_parser->cfg->http_max_streams = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4108 "util/configparser.c"
+#line 4068 "util/configparser.c"
     break;
 
-  case 408: /* server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG  */
-#line 1190 "util/configparser.y"
+  case 409: /* server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG  */
+#line 1193 "util/configparser.y"
         {
 		OUTYY(("P(server_http_query_buffer_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str),
@@ -4116,11 +4076,11 @@ yyreduce:
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 4120 "util/configparser.c"
+#line 4080 "util/configparser.c"
     break;
 
-  case 409: /* server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG  */
-#line 1198 "util/configparser.y"
+  case 410: /* server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG  */
+#line 1201 "util/configparser.y"
         {
 		OUTYY(("P(server_http_response_buffer_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str),
@@ -4128,11 +4088,11 @@ yyreduce:
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 4132 "util/configparser.c"
+#line 4092 "util/configparser.c"
     break;
 
-  case 410: /* server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG  */
-#line 1206 "util/configparser.y"
+  case 411: /* server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG  */
+#line 1209 "util/configparser.y"
         {
 		OUTYY(("P(server_http_nodelay:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4140,11 +4100,11 @@ yyreduce:
 		else cfg_parser->cfg->http_nodelay = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4144 "util/configparser.c"
+#line 4104 "util/configparser.c"
     break;
 
-  case 411: /* server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG  */
-#line 1214 "util/configparser.y"
+  case 412: /* server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG  */
+#line 1217 "util/configparser.y"
         {
 		OUTYY(("P(server_http_notls_downstream:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4152,11 +4112,11 @@ yyreduce:
 		else cfg_parser->cfg->http_notls_downstream = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4156 "util/configparser.c"
+#line 4116 "util/configparser.c"
     break;
 
-  case 412: /* server_quic_port: VAR_QUIC_PORT STRING_ARG  */
-#line 1222 "util/configparser.y"
+  case 413: /* server_quic_port: VAR_QUIC_PORT STRING_ARG  */
+#line 1225 "util/configparser.y"
         {
 		OUTYY(("P(server_quic_port:%s)\n", (yyvsp[0].str)));
 #ifndef HAVE_NGTCP2
@@ -4169,22 +4129,22 @@ yyreduce:
 		else cfg_parser->cfg->quic_port = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4173 "util/configparser.c"
+#line 4133 "util/configparser.c"
     break;
 
-  case 413: /* server_quic_size: VAR_QUIC_SIZE STRING_ARG  */
-#line 1235 "util/configparser.y"
+  case 414: /* server_quic_size: VAR_QUIC_SIZE STRING_ARG  */
+#line 1238 "util/configparser.y"
         {
 		OUTYY(("P(server_quic_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->quic_size))
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 4184 "util/configparser.c"
+#line 4144 "util/configparser.c"
     break;
 
-  case 414: /* server_use_systemd: VAR_USE_SYSTEMD STRING_ARG  */
-#line 1242 "util/configparser.y"
+  case 415: /* server_use_systemd: VAR_USE_SYSTEMD STRING_ARG  */
+#line 1245 "util/configparser.y"
         {
 		OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4192,11 +4152,11 @@ yyreduce:
 		else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4196 "util/configparser.c"
+#line 4156 "util/configparser.c"
     break;
 
-  case 415: /* server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG  */
-#line 1251 "util/configparser.y"
+  case 416: /* server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG  */
+#line 1254 "util/configparser.y"
         {
 		OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4204,11 +4164,11 @@ yyreduce:
 		else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4208 "util/configparser.c"
+#line 4168 "util/configparser.c"
     break;
 
-  case 416: /* server_use_syslog: VAR_USE_SYSLOG STRING_ARG  */
-#line 1260 "util/configparser.y"
+  case 417: /* server_use_syslog: VAR_USE_SYSLOG STRING_ARG  */
+#line 1263 "util/configparser.y"
         {
 		OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4221,11 +4181,11 @@ yyreduce:
 #endif
 		free((yyvsp[0].str));
 	}
-#line 4225 "util/configparser.c"
+#line 4185 "util/configparser.c"
     break;
 
-  case 417: /* server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG  */
-#line 1274 "util/configparser.y"
+  case 418: /* server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG  */
+#line 1277 "util/configparser.y"
         {
 		OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4233,11 +4193,11 @@ yyreduce:
 		else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4237 "util/configparser.c"
+#line 4197 "util/configparser.c"
     break;
 
-  case 418: /* server_log_time_iso: VAR_LOG_TIME_ISO STRING_ARG  */
-#line 1283 "util/configparser.y"
+  case 419: /* server_log_time_iso: VAR_LOG_TIME_ISO STRING_ARG  */
+#line 1286 "util/configparser.y"
         {
 		OUTYY(("P(server_log_time_iso:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4245,11 +4205,11 @@ yyreduce:
 		else cfg_parser->cfg->log_time_iso = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4249 "util/configparser.c"
+#line 4209 "util/configparser.c"
     break;
 
-  case 419: /* server_log_queries: VAR_LOG_QUERIES STRING_ARG  */
-#line 1292 "util/configparser.y"
+  case 420: /* server_log_queries: VAR_LOG_QUERIES STRING_ARG  */
+#line 1295 "util/configparser.y"
         {
 		OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4257,11 +4217,11 @@ yyreduce:
 		else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4261 "util/configparser.c"
+#line 4221 "util/configparser.c"
     break;
 
-  case 420: /* server_log_replies: VAR_LOG_REPLIES STRING_ARG  */
-#line 1301 "util/configparser.y"
+  case 421: /* server_log_replies: VAR_LOG_REPLIES STRING_ARG  */
+#line 1304 "util/configparser.y"
         {
 		OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4269,11 +4229,11 @@ yyreduce:
 		else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4273 "util/configparser.c"
+#line 4233 "util/configparser.c"
     break;
 
-  case 421: /* server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG  */
-#line 1310 "util/configparser.y"
+  case 422: /* server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG  */
+#line 1313 "util/configparser.y"
         {
 		OUTYY(("P(server_log_tag_queryreply:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4281,11 +4241,11 @@ yyreduce:
 		else cfg_parser->cfg->log_tag_queryreply = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4285 "util/configparser.c"
+#line 4245 "util/configparser.c"
     break;
 
-  case 422: /* server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG  */
-#line 1319 "util/configparser.y"
+  case 423: /* server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG  */
+#line 1322 "util/configparser.y"
         {
 		OUTYY(("P(server_log_servfail:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4293,11 +4253,11 @@ yyreduce:
 		else cfg_parser->cfg->log_servfail = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4297 "util/configparser.c"
+#line 4257 "util/configparser.c"
     break;
 
-  case 423: /* server_log_destaddr: VAR_LOG_DESTADDR STRING_ARG  */
-#line 1328 "util/configparser.y"
+  case 424: /* server_log_destaddr: VAR_LOG_DESTADDR STRING_ARG  */
+#line 1331 "util/configparser.y"
         {
 		OUTYY(("P(server_log_destaddr:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4305,11 +4265,11 @@ yyreduce:
 		else cfg_parser->cfg->log_destaddr = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4309 "util/configparser.c"
+#line 4269 "util/configparser.c"
     break;
 
-  case 424: /* server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG  */
-#line 1337 "util/configparser.y"
+  case 425: /* server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG  */
+#line 1340 "util/configparser.y"
         {
 		OUTYY(("P(server_log_local_actions:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4317,31 +4277,31 @@ yyreduce:
 		else cfg_parser->cfg->log_local_actions = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4321 "util/configparser.c"
+#line 4281 "util/configparser.c"
     break;
 
-  case 425: /* server_chroot: VAR_CHROOT STRING_ARG  */
-#line 1346 "util/configparser.y"
+  case 426: /* server_chroot: VAR_CHROOT STRING_ARG  */
+#line 1349 "util/configparser.y"
         {
 		OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->chrootdir);
 		cfg_parser->cfg->chrootdir = (yyvsp[0].str);
 	}
-#line 4331 "util/configparser.c"
+#line 4291 "util/configparser.c"
     break;
 
-  case 426: /* server_username: VAR_USERNAME STRING_ARG  */
-#line 1353 "util/configparser.y"
+  case 427: /* server_username: VAR_USERNAME STRING_ARG  */
+#line 1356 "util/configparser.y"
         {
 		OUTYY(("P(server_username:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->username);
 		cfg_parser->cfg->username = (yyvsp[0].str);
 	}
-#line 4341 "util/configparser.c"
+#line 4301 "util/configparser.c"
     break;
 
-  case 427: /* server_directory: VAR_DIRECTORY STRING_ARG  */
-#line 1360 "util/configparser.y"
+  case 428: /* server_directory: VAR_DIRECTORY STRING_ARG  */
+#line 1363 "util/configparser.y"
         {
 		OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->directory);
@@ -4366,105 +4326,105 @@ yyreduce:
 			}
 		}
 	}
-#line 4370 "util/configparser.c"
+#line 4330 "util/configparser.c"
     break;
 
-  case 428: /* server_logfile: VAR_LOGFILE STRING_ARG  */
-#line 1386 "util/configparser.y"
+  case 429: /* server_logfile: VAR_LOGFILE STRING_ARG  */
+#line 1389 "util/configparser.y"
         {
 		OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->logfile);
 		cfg_parser->cfg->logfile = (yyvsp[0].str);
 		cfg_parser->cfg->use_syslog = 0;
 	}
-#line 4381 "util/configparser.c"
+#line 4341 "util/configparser.c"
     break;
 
-  case 429: /* server_pidfile: VAR_PIDFILE STRING_ARG  */
-#line 1394 "util/configparser.y"
+  case 430: /* server_pidfile: VAR_PIDFILE STRING_ARG  */
+#line 1397 "util/configparser.y"
         {
 		OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->pidfile);
 		cfg_parser->cfg->pidfile = (yyvsp[0].str);
 	}
-#line 4391 "util/configparser.c"
+#line 4351 "util/configparser.c"
     break;
 
-  case 430: /* server_root_hints: VAR_ROOT_HINTS STRING_ARG  */
-#line 1401 "util/configparser.y"
+  case 431: /* server_root_hints: VAR_ROOT_HINTS STRING_ARG  */
+#line 1404 "util/configparser.y"
         {
 		OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 4401 "util/configparser.c"
+#line 4361 "util/configparser.c"
     break;
 
-  case 431: /* server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG  */
-#line 1408 "util/configparser.y"
+  case 432: /* server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG  */
+#line 1411 "util/configparser.y"
         {
 		OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str)));
 		log_warn("option dlv-anchor-file ignored: DLV is decommissioned");
 		free((yyvsp[0].str));
 	}
-#line 4411 "util/configparser.c"
+#line 4371 "util/configparser.c"
     break;
 
-  case 432: /* server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG  */
-#line 1415 "util/configparser.y"
+  case 433: /* server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG  */
+#line 1418 "util/configparser.y"
         {
 		OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str)));
 		log_warn("option dlv-anchor ignored: DLV is decommissioned");
 		free((yyvsp[0].str));
 	}
-#line 4421 "util/configparser.c"
+#line 4381 "util/configparser.c"
     break;
 
-  case 433: /* server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG  */
-#line 1422 "util/configparser.y"
+  case 434: /* server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG  */
+#line 1425 "util/configparser.y"
         {
 		OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->
 			auto_trust_anchor_file_list, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 4432 "util/configparser.c"
+#line 4392 "util/configparser.c"
     break;
 
-  case 434: /* server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG  */
-#line 1430 "util/configparser.y"
+  case 435: /* server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG  */
+#line 1433 "util/configparser.y"
         {
 		OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->
 			trust_anchor_file_list, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 4443 "util/configparser.c"
+#line 4403 "util/configparser.c"
     break;
 
-  case 435: /* server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG  */
-#line 1438 "util/configparser.y"
+  case 436: /* server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG  */
+#line 1441 "util/configparser.y"
         {
 		OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->
 			trusted_keys_file_list, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 4454 "util/configparser.c"
+#line 4414 "util/configparser.c"
     break;
 
-  case 436: /* server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG  */
-#line 1446 "util/configparser.y"
+  case 437: /* server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG  */
+#line 1449 "util/configparser.y"
         {
 		OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 4464 "util/configparser.c"
+#line 4424 "util/configparser.c"
     break;
 
-  case 437: /* server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG  */
-#line 1453 "util/configparser.y"
+  case 438: /* server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG  */
+#line 1456 "util/configparser.y"
         {
 		OUTYY(("P(server_trust_anchor_signaling:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4474,11 +4434,11 @@ yyreduce:
 				(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4478 "util/configparser.c"
+#line 4438 "util/configparser.c"
     break;
 
-  case 438: /* server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG  */
-#line 1464 "util/configparser.y"
+  case 439: /* server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG  */
+#line 1467 "util/configparser.y"
         {
 		OUTYY(("P(server_root_key_sentinel:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4488,21 +4448,21 @@ yyreduce:
 				(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4492 "util/configparser.c"
+#line 4452 "util/configparser.c"
     break;
 
-  case 439: /* server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG  */
-#line 1475 "util/configparser.y"
+  case 440: /* server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG  */
+#line 1478 "util/configparser.y"
         {
 		OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 4502 "util/configparser.c"
+#line 4462 "util/configparser.c"
     break;
 
-  case 440: /* server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG  */
-#line 1482 "util/configparser.y"
+  case 441: /* server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG  */
+#line 1485 "util/configparser.y"
         {
 		OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4510,11 +4470,11 @@ yyreduce:
 		else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4514 "util/configparser.c"
+#line 4474 "util/configparser.c"
     break;
 
-  case 441: /* server_hide_version: VAR_HIDE_VERSION STRING_ARG  */
-#line 1491 "util/configparser.y"
+  case 442: /* server_hide_version: VAR_HIDE_VERSION STRING_ARG  */
+#line 1494 "util/configparser.y"
         {
 		OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4522,11 +4482,11 @@ yyreduce:
 		else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4526 "util/configparser.c"
+#line 4486 "util/configparser.c"
     break;
 
-  case 442: /* server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG  */
-#line 1500 "util/configparser.y"
+  case 443: /* server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG  */
+#line 1503 "util/configparser.y"
         {
 		OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4534,11 +4494,11 @@ yyreduce:
 		else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4538 "util/configparser.c"
+#line 4498 "util/configparser.c"
     break;
 
-  case 443: /* server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG  */
-#line 1509 "util/configparser.y"
+  case 444: /* server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG  */
+#line 1512 "util/configparser.y"
         {
 		OUTYY(("P(server_hide_user_agent:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4546,41 +4506,41 @@ yyreduce:
 		else cfg_parser->cfg->hide_http_user_agent = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4550 "util/configparser.c"
+#line 4510 "util/configparser.c"
     break;
 
-  case 444: /* server_identity: VAR_IDENTITY STRING_ARG  */
-#line 1518 "util/configparser.y"
+  case 445: /* server_identity: VAR_IDENTITY STRING_ARG  */
+#line 1521 "util/configparser.y"
         {
 		OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->identity);
 		cfg_parser->cfg->identity = (yyvsp[0].str);
 	}
-#line 4560 "util/configparser.c"
+#line 4520 "util/configparser.c"
     break;
 
-  case 445: /* server_version: VAR_VERSION STRING_ARG  */
-#line 1525 "util/configparser.y"
+  case 446: /* server_version: VAR_VERSION STRING_ARG  */
+#line 1528 "util/configparser.y"
         {
 		OUTYY(("P(server_version:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->version);
 		cfg_parser->cfg->version = (yyvsp[0].str);
 	}
-#line 4570 "util/configparser.c"
+#line 4530 "util/configparser.c"
     break;
 
-  case 446: /* server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG  */
-#line 1532 "util/configparser.y"
+  case 447: /* server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG  */
+#line 1535 "util/configparser.y"
         {
 		OUTYY(("P(server_http_user_agent:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->http_user_agent);
 		cfg_parser->cfg->http_user_agent = (yyvsp[0].str);
 	}
-#line 4580 "util/configparser.c"
+#line 4540 "util/configparser.c"
     break;
 
-  case 447: /* server_nsid: VAR_NSID STRING_ARG  */
-#line 1539 "util/configparser.y"
+  case 448: /* server_nsid: VAR_NSID STRING_ARG  */
+#line 1542 "util/configparser.y"
         {
 		OUTYY(("P(server_nsid:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->nsid_cfg_str);
@@ -4595,33 +4555,33 @@ yyreduce:
 			yyerror("the NSID must be either a hex string or an "
 			    "ascii character string prepended with ascii_.");
 	}
-#line 4599 "util/configparser.c"
+#line 4559 "util/configparser.c"
     break;
 
-  case 448: /* server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG  */
-#line 1555 "util/configparser.y"
+  case 449: /* server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG  */
+#line 1558 "util/configparser.y"
         {
 		OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf))
 			yyerror("buffer size expected");
 		free((yyvsp[0].str));
 	}
-#line 4610 "util/configparser.c"
+#line 4570 "util/configparser.c"
     break;
 
-  case 449: /* server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG  */
-#line 1563 "util/configparser.y"
+  case 450: /* server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG  */
+#line 1566 "util/configparser.y"
         {
 		OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf))
 			yyerror("buffer size expected");
 		free((yyvsp[0].str));
 	}
-#line 4621 "util/configparser.c"
+#line 4581 "util/configparser.c"
     break;
 
-  case 450: /* server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG  */
-#line 1571 "util/configparser.y"
+  case 451: /* server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG  */
+#line 1574 "util/configparser.y"
         {
 		OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4630,11 +4590,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4634 "util/configparser.c"
+#line 4594 "util/configparser.c"
     break;
 
-  case 451: /* server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG  */
-#line 1581 "util/configparser.y"
+  case 452: /* server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG  */
+#line 1584 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4643,11 +4603,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4647 "util/configparser.c"
+#line 4607 "util/configparser.c"
     break;
 
-  case 452: /* server_ip_freebind: VAR_IP_FREEBIND STRING_ARG  */
-#line 1591 "util/configparser.y"
+  case 453: /* server_ip_freebind: VAR_IP_FREEBIND STRING_ARG  */
+#line 1594 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4656,11 +4616,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4660 "util/configparser.c"
+#line 4620 "util/configparser.c"
     break;
 
-  case 453: /* server_ip_dscp: VAR_IP_DSCP STRING_ARG  */
-#line 1601 "util/configparser.y"
+  case 454: /* server_ip_dscp: VAR_IP_DSCP STRING_ARG  */
+#line 1604 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_dscp:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -4673,22 +4633,22 @@ yyreduce:
 			cfg_parser->cfg->ip_dscp = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4677 "util/configparser.c"
+#line 4637 "util/configparser.c"
     break;
 
-  case 454: /* server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG  */
-#line 1615 "util/configparser.y"
+  case 455: /* server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG  */
+#line 1618 "util/configparser.y"
         {
 		OUTYY(("P(server_stream_wait_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->stream_wait_size))
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 4688 "util/configparser.c"
+#line 4648 "util/configparser.c"
     break;
 
-  case 455: /* server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG  */
-#line 1623 "util/configparser.y"
+  case 456: /* server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG  */
+#line 1626 "util/configparser.y"
         {
 		OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -4700,11 +4660,11 @@ yyreduce:
 		else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4704 "util/configparser.c"
+#line 4664 "util/configparser.c"
     break;
 
-  case 456: /* server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG  */
-#line 1636 "util/configparser.y"
+  case 457: /* server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG  */
+#line 1639 "util/configparser.y"
         {
 		OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -4714,22 +4674,22 @@ yyreduce:
 		else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4718 "util/configparser.c"
+#line 4678 "util/configparser.c"
     break;
 
-  case 457: /* server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG  */
-#line 1647 "util/configparser.y"
+  case 458: /* server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG  */
+#line 1650 "util/configparser.y"
         {
 		OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size))
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 4729 "util/configparser.c"
+#line 4689 "util/configparser.c"
     break;
 
-  case 458: /* server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG  */
-#line 1655 "util/configparser.y"
+  case 459: /* server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG  */
+#line 1658 "util/configparser.y"
         {
 		OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0) {
@@ -4741,11 +4701,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 4745 "util/configparser.c"
+#line 4705 "util/configparser.c"
     break;
 
-  case 459: /* server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG  */
-#line 1668 "util/configparser.y"
+  case 460: /* server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG  */
+#line 1671 "util/configparser.y"
         {
 		OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -4753,11 +4713,11 @@ yyreduce:
 		else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4757 "util/configparser.c"
+#line 4717 "util/configparser.c"
     break;
 
-  case 460: /* server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG  */
-#line 1677 "util/configparser.y"
+  case 461: /* server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG  */
+#line 1680 "util/configparser.y"
         {
 		OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -4765,11 +4725,11 @@ yyreduce:
 		else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4769 "util/configparser.c"
+#line 4729 "util/configparser.c"
     break;
 
-  case 461: /* server_delay_close: VAR_DELAY_CLOSE STRING_ARG  */
-#line 1686 "util/configparser.y"
+  case 462: /* server_delay_close: VAR_DELAY_CLOSE STRING_ARG  */
+#line 1689 "util/configparser.y"
         {
 		OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -4777,11 +4737,11 @@ yyreduce:
 		else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4781 "util/configparser.c"
+#line 4741 "util/configparser.c"
     break;
 
-  case 462: /* server_udp_connect: VAR_UDP_CONNECT STRING_ARG  */
-#line 1695 "util/configparser.y"
+  case 463: /* server_udp_connect: VAR_UDP_CONNECT STRING_ARG  */
+#line 1698 "util/configparser.y"
         {
 		OUTYY(("P(server_udp_connect:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4789,11 +4749,11 @@ yyreduce:
 		else cfg_parser->cfg->udp_connect = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4793 "util/configparser.c"
+#line 4753 "util/configparser.c"
     break;
 
-  case 463: /* server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG  */
-#line 1704 "util/configparser.y"
+  case 464: /* server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG  */
+#line 1707 "util/configparser.y"
         {
 		OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4802,11 +4762,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4806 "util/configparser.c"
+#line 4766 "util/configparser.c"
     break;
 
-  case 464: /* server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG  */
-#line 1714 "util/configparser.y"
+  case 465: /* server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG  */
+#line 1717 "util/configparser.y"
         {
 		OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4815,22 +4775,22 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4819 "util/configparser.c"
+#line 4779 "util/configparser.c"
     break;
 
-  case 465: /* server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG  */
-#line 1724 "util/configparser.y"
+  case 466: /* server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG  */
+#line 1727 "util/configparser.y"
         {
 		OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size))
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 4830 "util/configparser.c"
+#line 4790 "util/configparser.c"
     break;
 
-  case 466: /* server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG  */
-#line 1732 "util/configparser.y"
+  case 467: /* server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG  */
+#line 1735 "util/configparser.y"
         {
 		OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0) {
@@ -4842,11 +4802,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 4846 "util/configparser.c"
+#line 4806 "util/configparser.c"
     break;
 
-  case 467: /* server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG  */
-#line 1745 "util/configparser.y"
+  case 468: /* server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG  */
+#line 1748 "util/configparser.y"
         {
 		OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -4854,22 +4814,22 @@ yyreduce:
 		else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4858 "util/configparser.c"
+#line 4818 "util/configparser.c"
     break;
 
-  case 468: /* server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG  */
-#line 1754 "util/configparser.y"
+  case 469: /* server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG  */
+#line 1757 "util/configparser.y"
         {
 		OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str)));
 		verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
 			"removed, use infra-host-ttl)", (yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4869 "util/configparser.c"
+#line 4829 "util/configparser.c"
     break;
 
-  case 469: /* server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG  */
-#line 1762 "util/configparser.y"
+  case 470: /* server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG  */
+#line 1765 "util/configparser.y"
         {
 		OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -4877,22 +4837,22 @@ yyreduce:
 		else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4881 "util/configparser.c"
+#line 4841 "util/configparser.c"
     break;
 
-  case 470: /* server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG  */
-#line 1771 "util/configparser.y"
+  case 471: /* server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG  */
+#line 1774 "util/configparser.y"
         {
 		OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str)));
 		verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
 			"(option removed, use infra-cache-numhosts)", (yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4892 "util/configparser.c"
+#line 4852 "util/configparser.c"
     break;
 
-  case 471: /* server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG  */
-#line 1779 "util/configparser.y"
+  case 472: /* server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG  */
+#line 1782 "util/configparser.y"
         {
 		OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0) {
@@ -4904,11 +4864,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 4908 "util/configparser.c"
+#line 4868 "util/configparser.c"
     break;
 
-  case 472: /* server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG  */
-#line 1792 "util/configparser.y"
+  case 473: /* server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG  */
+#line 1795 "util/configparser.y"
         {
 		OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -4916,11 +4876,11 @@ yyreduce:
 		else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4920 "util/configparser.c"
+#line 4880 "util/configparser.c"
     break;
 
-  case 473: /* server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG  */
-#line 1801 "util/configparser.y"
+  case 474: /* server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG  */
+#line 1804 "util/configparser.y"
         {
 		OUTYY(("P(server_infra_cache_max_rtt:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -4928,11 +4888,11 @@ yyreduce:
 		else cfg_parser->cfg->infra_cache_max_rtt = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4932 "util/configparser.c"
+#line 4892 "util/configparser.c"
     break;
 
-  case 474: /* server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG  */
-#line 1810 "util/configparser.y"
+  case 475: /* server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG  */
+#line 1813 "util/configparser.y"
         {
 		OUTYY(("P(server_infra_keep_probing:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4941,21 +4901,21 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4945 "util/configparser.c"
+#line 4905 "util/configparser.c"
     break;
 
-  case 475: /* server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG  */
-#line 1820 "util/configparser.y"
+  case 476: /* server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG  */
+#line 1823 "util/configparser.y"
         {
 		OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->target_fetch_policy);
 		cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str);
 	}
-#line 4955 "util/configparser.c"
+#line 4915 "util/configparser.c"
     break;
 
-  case 476: /* server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG  */
-#line 1827 "util/configparser.y"
+  case 477: /* server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG  */
+#line 1830 "util/configparser.y"
         {
 		OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4964,11 +4924,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4968 "util/configparser.c"
+#line 4928 "util/configparser.c"
     break;
 
-  case 477: /* server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG  */
-#line 1837 "util/configparser.y"
+  case 478: /* server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG  */
+#line 1840 "util/configparser.y"
         {
 		OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4977,11 +4937,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4981 "util/configparser.c"
+#line 4941 "util/configparser.c"
     break;
 
-  case 478: /* server_harden_glue: VAR_HARDEN_GLUE STRING_ARG  */
-#line 1847 "util/configparser.y"
+  case 479: /* server_harden_glue: VAR_HARDEN_GLUE STRING_ARG  */
+#line 1850 "util/configparser.y"
         {
 		OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4990,11 +4950,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4994 "util/configparser.c"
+#line 4954 "util/configparser.c"
     break;
 
-  case 479: /* server_harden_unverified_glue: VAR_HARDEN_UNVERIFIED_GLUE STRING_ARG  */
-#line 1857 "util/configparser.y"
+  case 480: /* server_harden_unverified_glue: VAR_HARDEN_UNVERIFIED_GLUE STRING_ARG  */
+#line 1860 "util/configparser.y"
        {
                OUTYY(("P(server_harden_unverified_glue:%s)\n", (yyvsp[0].str)));
                if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5003,11 +4963,11 @@ yyreduce:
                        (strcmp((yyvsp[0].str), "yes")==0);
                free((yyvsp[0].str));
        }
-#line 5007 "util/configparser.c"
+#line 4967 "util/configparser.c"
     break;
 
-  case 480: /* server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG  */
-#line 1867 "util/configparser.y"
+  case 481: /* server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG  */
+#line 1870 "util/configparser.y"
         {
 		OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5016,11 +4976,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5020 "util/configparser.c"
+#line 4980 "util/configparser.c"
     break;
 
-  case 481: /* server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG  */
-#line 1877 "util/configparser.y"
+  case 482: /* server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG  */
+#line 1880 "util/configparser.y"
         {
 		OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5029,11 +4989,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5033 "util/configparser.c"
+#line 4993 "util/configparser.c"
     break;
 
-  case 482: /* server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG  */
-#line 1887 "util/configparser.y"
+  case 483: /* server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG  */
+#line 1890 "util/configparser.y"
         {
 		OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5042,11 +5002,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5046 "util/configparser.c"
+#line 5006 "util/configparser.c"
     break;
 
-  case 483: /* server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG  */
-#line 1897 "util/configparser.y"
+  case 484: /* server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG  */
+#line 1900 "util/configparser.y"
         {
 		OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5055,11 +5015,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5059 "util/configparser.c"
+#line 5019 "util/configparser.c"
     break;
 
-  case 484: /* server_harden_unknown_additional: VAR_HARDEN_UNKNOWN_ADDITIONAL STRING_ARG  */
-#line 1907 "util/configparser.y"
+  case 485: /* server_harden_unknown_additional: VAR_HARDEN_UNKNOWN_ADDITIONAL STRING_ARG  */
+#line 1910 "util/configparser.y"
         {
 		OUTYY(("P(server_harden_unknown_additional:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5068,11 +5028,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5072 "util/configparser.c"
+#line 5032 "util/configparser.c"
     break;
 
-  case 485: /* server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG  */
-#line 1917 "util/configparser.y"
+  case 486: /* server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG  */
+#line 1920 "util/configparser.y"
         {
 		OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5081,41 +5041,41 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5085 "util/configparser.c"
+#line 5045 "util/configparser.c"
     break;
 
-  case 486: /* server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG  */
-#line 1927 "util/configparser.y"
+  case 487: /* server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG  */
+#line 1930 "util/configparser.y"
         {
 		OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 5095 "util/configparser.c"
+#line 5055 "util/configparser.c"
     break;
 
-  case 487: /* server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG  */
-#line 1934 "util/configparser.y"
+  case 488: /* server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG  */
+#line 1937 "util/configparser.y"
         {
 		OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 5105 "util/configparser.c"
+#line 5065 "util/configparser.c"
     break;
 
-  case 488: /* server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG  */
-#line 1941 "util/configparser.y"
+  case 489: /* server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG  */
+#line 1944 "util/configparser.y"
         {
 		OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 5115 "util/configparser.c"
+#line 5075 "util/configparser.c"
     break;
 
-  case 489: /* server_prefetch: VAR_PREFETCH STRING_ARG  */
-#line 1948 "util/configparser.y"
+  case 490: /* server_prefetch: VAR_PREFETCH STRING_ARG  */
+#line 1951 "util/configparser.y"
         {
 		OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5123,11 +5083,11 @@ yyreduce:
 		else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5127 "util/configparser.c"
+#line 5087 "util/configparser.c"
     break;
 
-  case 490: /* server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG  */
-#line 1957 "util/configparser.y"
+  case 491: /* server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG  */
+#line 1960 "util/configparser.y"
         {
 		OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5135,11 +5095,11 @@ yyreduce:
 		else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5139 "util/configparser.c"
+#line 5099 "util/configparser.c"
     break;
 
-  case 491: /* server_deny_any: VAR_DENY_ANY STRING_ARG  */
-#line 1966 "util/configparser.y"
+  case 492: /* server_deny_any: VAR_DENY_ANY STRING_ARG  */
+#line 1969 "util/configparser.y"
         {
 		OUTYY(("P(server_deny_any:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5147,11 +5107,11 @@ yyreduce:
 		else cfg_parser->cfg->deny_any = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5151 "util/configparser.c"
+#line 5111 "util/configparser.c"
     break;
 
-  case 492: /* server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG  */
-#line 1975 "util/configparser.y"
+  case 493: /* server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG  */
+#line 1978 "util/configparser.y"
         {
 		OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5159,21 +5119,21 @@ yyreduce:
 		else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5163 "util/configparser.c"
+#line 5123 "util/configparser.c"
     break;
 
-  case 493: /* server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG  */
-#line 1984 "util/configparser.y"
+  case 494: /* server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG  */
+#line 1987 "util/configparser.y"
         {
 		OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 5173 "util/configparser.c"
+#line 5133 "util/configparser.c"
     break;
 
-  case 494: /* server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG  */
-#line 1991 "util/configparser.y"
+  case 495: /* server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG  */
+#line 1994 "util/configparser.y"
         {
 		OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5182,22 +5142,22 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5186 "util/configparser.c"
+#line 5146 "util/configparser.c"
     break;
 
-  case 495: /* server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG  */
-#line 2001 "util/configparser.y"
+  case 496: /* server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG  */
+#line 2004 "util/configparser.y"
         {
 		OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		validate_acl_action((yyvsp[0].str));
 		if(!cfg_str2list_insert(&cfg_parser->cfg->acls, (yyvsp[-1].str), (yyvsp[0].str)))
 			fatal_exit("out of memory adding acl");
 	}
-#line 5197 "util/configparser.c"
+#line 5157 "util/configparser.c"
     break;
 
-  case 496: /* server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG  */
-#line 2009 "util/configparser.y"
+  case 497: /* server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG  */
+#line 2012 "util/configparser.y"
         {
 		OUTYY(("P(server_interface_action:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		validate_acl_action((yyvsp[0].str));
@@ -5205,21 +5165,21 @@ yyreduce:
 			&cfg_parser->cfg->interface_actions, (yyvsp[-1].str), (yyvsp[0].str)))
 			fatal_exit("out of memory adding acl");
 	}
-#line 5209 "util/configparser.c"
+#line 5169 "util/configparser.c"
     break;
 
-  case 497: /* server_module_conf: VAR_MODULE_CONF STRING_ARG  */
-#line 2018 "util/configparser.y"
+  case 498: /* server_module_conf: VAR_MODULE_CONF STRING_ARG  */
+#line 2021 "util/configparser.y"
         {
 		OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->module_conf);
 		cfg_parser->cfg->module_conf = (yyvsp[0].str);
 	}
-#line 5219 "util/configparser.c"
+#line 5179 "util/configparser.c"
     break;
 
-  case 498: /* server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG  */
-#line 2025 "util/configparser.y"
+  case 499: /* server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG  */
+#line 2028 "util/configparser.y"
         {
 		OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str)));
 		if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) {
@@ -5236,11 +5196,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 5240 "util/configparser.c"
+#line 5200 "util/configparser.c"
     break;
 
-  case 499: /* server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG  */
-#line 2043 "util/configparser.y"
+  case 500: /* server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG  */
+#line 2046 "util/configparser.y"
         {
 		OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str)));
 		if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) {
@@ -5252,11 +5212,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 5256 "util/configparser.c"
+#line 5216 "util/configparser.c"
     break;
 
-  case 500: /* server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG  */
-#line 2056 "util/configparser.y"
+  case 501: /* server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG  */
+#line 2059 "util/configparser.y"
         {
 		OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str)));
 		if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) {
@@ -5268,11 +5228,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 5272 "util/configparser.c"
+#line 5232 "util/configparser.c"
     break;
 
-  case 501: /* server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG  */
-#line 2069 "util/configparser.y"
+  case 502: /* server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG  */
+#line 2072 "util/configparser.y"
         {
 		OUTYY(("P(server_val_max_restart:%s)\n", (yyvsp[0].str)));
 		if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) {
@@ -5284,11 +5244,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 5288 "util/configparser.c"
+#line 5248 "util/configparser.c"
     break;
 
-  case 502: /* server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG  */
-#line 2082 "util/configparser.y"
+  case 503: /* server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG  */
+#line 2085 "util/configparser.y"
         {
 		OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5296,11 +5256,11 @@ yyreduce:
 		else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5300 "util/configparser.c"
+#line 5260 "util/configparser.c"
     break;
 
-  case 503: /* server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG  */
-#line 2091 "util/configparser.y"
+  case 504: /* server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG  */
+#line 2094 "util/configparser.y"
         {
 		OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5308,11 +5268,11 @@ yyreduce:
 		else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5312 "util/configparser.c"
+#line 5272 "util/configparser.c"
     break;
 
-  case 504: /* server_cache_min_negative_ttl: VAR_CACHE_MIN_NEGATIVE_TTL STRING_ARG  */
-#line 2100 "util/configparser.y"
+  case 505: /* server_cache_min_negative_ttl: VAR_CACHE_MIN_NEGATIVE_TTL STRING_ARG  */
+#line 2103 "util/configparser.y"
         {
 		OUTYY(("P(server_cache_min_negative_ttl:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5320,11 +5280,11 @@ yyreduce:
 		else cfg_parser->cfg->min_negative_ttl = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5324 "util/configparser.c"
+#line 5284 "util/configparser.c"
     break;
 
-  case 505: /* server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG  */
-#line 2109 "util/configparser.y"
+  case 506: /* server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG  */
+#line 2112 "util/configparser.y"
         {
 		OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5332,11 +5292,11 @@ yyreduce:
 		else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5336 "util/configparser.c"
+#line 5296 "util/configparser.c"
     break;
 
-  case 506: /* server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG  */
-#line 2118 "util/configparser.y"
+  case 507: /* server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG  */
+#line 2121 "util/configparser.y"
         {
 		OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5344,11 +5304,11 @@ yyreduce:
 		else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5348 "util/configparser.c"
+#line 5308 "util/configparser.c"
     break;
 
-  case 507: /* server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG  */
-#line 2127 "util/configparser.y"
+  case 508: /* server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG  */
+#line 2130 "util/configparser.y"
         {
 		OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5357,11 +5317,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5361 "util/configparser.c"
+#line 5321 "util/configparser.c"
     break;
 
-  case 508: /* server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG  */
-#line 2137 "util/configparser.y"
+  case 509: /* server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG  */
+#line 2140 "util/configparser.y"
         {
 		OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5370,11 +5330,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5374 "util/configparser.c"
+#line 5334 "util/configparser.c"
     break;
 
-  case 509: /* server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG  */
-#line 2147 "util/configparser.y"
+  case 510: /* server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG  */
+#line 2150 "util/configparser.y"
         {
 		OUTYY(("P(server_aggressive_nsec:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5384,11 +5344,11 @@ yyreduce:
 				(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5388 "util/configparser.c"
+#line 5348 "util/configparser.c"
     break;
 
-  case 510: /* server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG  */
-#line 2158 "util/configparser.y"
+  case 511: /* server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG  */
+#line 2161 "util/configparser.y"
         {
 		OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5396,11 +5356,11 @@ yyreduce:
 		else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5400 "util/configparser.c"
+#line 5360 "util/configparser.c"
     break;
 
-  case 511: /* server_disable_edns_do: VAR_DISABLE_EDNS_DO STRING_ARG  */
-#line 2167 "util/configparser.y"
+  case 512: /* server_disable_edns_do: VAR_DISABLE_EDNS_DO STRING_ARG  */
+#line 2170 "util/configparser.y"
         {
 		OUTYY(("P(server_disable_edns_do:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5408,11 +5368,11 @@ yyreduce:
 		else cfg_parser->cfg->disable_edns_do = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5412 "util/configparser.c"
+#line 5372 "util/configparser.c"
     break;
 
-  case 512: /* server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG  */
-#line 2176 "util/configparser.y"
+  case 513: /* server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG  */
+#line 2179 "util/configparser.y"
         {
 		OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5420,11 +5380,11 @@ yyreduce:
 		else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5424 "util/configparser.c"
+#line 5384 "util/configparser.c"
     break;
 
-  case 513: /* server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG  */
-#line 2185 "util/configparser.y"
+  case 514: /* server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG  */
+#line 2188 "util/configparser.y"
         {
 		OUTYY(("P(server_serve_expired_ttl:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5432,11 +5392,11 @@ yyreduce:
 		else cfg_parser->cfg->serve_expired_ttl = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5436 "util/configparser.c"
+#line 5396 "util/configparser.c"
     break;
 
-  case 514: /* server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG  */
-#line 2194 "util/configparser.y"
+  case 515: /* server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG  */
+#line 2197 "util/configparser.y"
         {
 		OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5444,11 +5404,11 @@ yyreduce:
 		else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5448 "util/configparser.c"
+#line 5408 "util/configparser.c"
     break;
 
-  case 515: /* server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG  */
-#line 2203 "util/configparser.y"
+  case 516: /* server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG  */
+#line 2206 "util/configparser.y"
         {
 		OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5456,11 +5416,11 @@ yyreduce:
 		else cfg_parser->cfg->serve_expired_reply_ttl = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5460 "util/configparser.c"
+#line 5420 "util/configparser.c"
     break;
 
-  case 516: /* server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG  */
-#line 2212 "util/configparser.y"
+  case 517: /* server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG  */
+#line 2215 "util/configparser.y"
         {
 		OUTYY(("P(server_serve_expired_client_timeout:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5468,11 +5428,11 @@ yyreduce:
 		else cfg_parser->cfg->serve_expired_client_timeout = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5472 "util/configparser.c"
+#line 5432 "util/configparser.c"
     break;
 
-  case 517: /* server_ede_serve_expired: VAR_EDE_SERVE_EXPIRED STRING_ARG  */
-#line 2221 "util/configparser.y"
+  case 518: /* server_ede_serve_expired: VAR_EDE_SERVE_EXPIRED STRING_ARG  */
+#line 2224 "util/configparser.y"
         {
 		OUTYY(("P(server_ede_serve_expired:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5480,11 +5440,11 @@ yyreduce:
 		else cfg_parser->cfg->ede_serve_expired = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5484 "util/configparser.c"
+#line 5444 "util/configparser.c"
     break;
 
-  case 518: /* server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG  */
-#line 2230 "util/configparser.y"
+  case 519: /* server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG  */
+#line 2233 "util/configparser.y"
         {
 		OUTYY(("P(server_serve_original_ttl:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5492,11 +5452,11 @@ yyreduce:
 		else cfg_parser->cfg->serve_original_ttl = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5496 "util/configparser.c"
+#line 5456 "util/configparser.c"
     break;
 
-  case 519: /* server_fake_dsa: VAR_FAKE_DSA STRING_ARG  */
-#line 2239 "util/configparser.y"
+  case 520: /* server_fake_dsa: VAR_FAKE_DSA STRING_ARG  */
+#line 2242 "util/configparser.y"
         {
 		OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5508,11 +5468,11 @@ yyreduce:
 #endif
 		free((yyvsp[0].str));
 	}
-#line 5512 "util/configparser.c"
+#line 5472 "util/configparser.c"
     break;
 
-  case 520: /* server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG  */
-#line 2252 "util/configparser.y"
+  case 521: /* server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG  */
+#line 2255 "util/configparser.y"
         {
 		OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5524,11 +5484,11 @@ yyreduce:
 #endif
 		free((yyvsp[0].str));
 	}
-#line 5528 "util/configparser.c"
+#line 5488 "util/configparser.c"
     break;
 
-  case 521: /* server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG  */
-#line 2265 "util/configparser.y"
+  case 522: /* server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG  */
+#line 2268 "util/configparser.y"
         {
 		OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5536,21 +5496,21 @@ yyreduce:
 		else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5540 "util/configparser.c"
+#line 5500 "util/configparser.c"
     break;
 
-  case 522: /* server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG  */
-#line 2274 "util/configparser.y"
+  case 523: /* server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG  */
+#line 2277 "util/configparser.y"
         {
 		OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->val_nsec3_key_iterations);
 		cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str);
 	}
-#line 5550 "util/configparser.c"
+#line 5510 "util/configparser.c"
     break;
 
-  case 523: /* server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG  */
-#line 2281 "util/configparser.y"
+  case 524: /* server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG  */
+#line 2284 "util/configparser.y"
         {
 		OUTYY(("P(server_zonemd_permissive_mode:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5558,11 +5518,11 @@ yyreduce:
 		else	cfg_parser->cfg->zonemd_permissive_mode = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5562 "util/configparser.c"
+#line 5522 "util/configparser.c"
     break;
 
-  case 524: /* server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG  */
-#line 2290 "util/configparser.y"
+  case 525: /* server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG  */
+#line 2293 "util/configparser.y"
         {
 		OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5570,11 +5530,11 @@ yyreduce:
 		else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5574 "util/configparser.c"
+#line 5534 "util/configparser.c"
     break;
 
-  case 525: /* server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG  */
-#line 2299 "util/configparser.y"
+  case 526: /* server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG  */
+#line 2302 "util/configparser.y"
         {
 		OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5582,11 +5542,11 @@ yyreduce:
 		else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5586 "util/configparser.c"
+#line 5546 "util/configparser.c"
     break;
 
-  case 526: /* server_keep_missing: VAR_KEEP_MISSING STRING_ARG  */
-#line 2308 "util/configparser.y"
+  case 527: /* server_keep_missing: VAR_KEEP_MISSING STRING_ARG  */
+#line 2311 "util/configparser.y"
         {
 		OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5594,11 +5554,11 @@ yyreduce:
 		else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5598 "util/configparser.c"
+#line 5558 "util/configparser.c"
     break;
 
-  case 527: /* server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG  */
-#line 2317 "util/configparser.y"
+  case 528: /* server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG  */
+#line 2320 "util/configparser.y"
         {
 		OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5607,22 +5567,22 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5611 "util/configparser.c"
+#line 5571 "util/configparser.c"
     break;
 
-  case 528: /* server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG  */
-#line 2327 "util/configparser.y"
+  case 529: /* server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG  */
+#line 2330 "util/configparser.y"
         {
 		OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size))
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 5622 "util/configparser.c"
+#line 5582 "util/configparser.c"
     break;
 
-  case 529: /* server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG  */
-#line 2335 "util/configparser.y"
+  case 530: /* server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG  */
+#line 2338 "util/configparser.y"
         {
 		OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0) {
@@ -5634,22 +5594,22 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 5638 "util/configparser.c"
+#line 5598 "util/configparser.c"
     break;
 
-  case 530: /* server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG  */
-#line 2348 "util/configparser.y"
+  case 531: /* server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG  */
+#line 2351 "util/configparser.y"
         {
 		OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size))
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 5649 "util/configparser.c"
+#line 5609 "util/configparser.c"
     break;
 
-  case 531: /* server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG  */
-#line 2356 "util/configparser.y"
+  case 532: /* server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG  */
+#line 2359 "util/configparser.y"
         {
 		OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 &&
@@ -5704,21 +5664,21 @@ yyreduce:
 				fatal_exit("out of memory adding local-zone");
 		}
 	}
-#line 5708 "util/configparser.c"
+#line 5668 "util/configparser.c"
     break;
 
-  case 532: /* server_local_data: VAR_LOCAL_DATA STRING_ARG  */
-#line 2412 "util/configparser.y"
+  case 533: /* server_local_data: VAR_LOCAL_DATA STRING_ARG  */
+#line 2415 "util/configparser.y"
         {
 		OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str)))
 			fatal_exit("out of memory adding local-data");
 	}
-#line 5718 "util/configparser.c"
+#line 5678 "util/configparser.c"
     break;
 
-  case 533: /* server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG  */
-#line 2419 "util/configparser.y"
+  case 534: /* server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG  */
+#line 2422 "util/configparser.y"
         {
 		char* ptr;
 		OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str)));
@@ -5732,11 +5692,11 @@ yyreduce:
 			yyerror("local-data-ptr could not be reversed");
 		}
 	}
-#line 5736 "util/configparser.c"
+#line 5696 "util/configparser.c"
     break;
 
-  case 534: /* server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG  */
-#line 2434 "util/configparser.y"
+  case 535: /* server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG  */
+#line 2437 "util/configparser.y"
         {
 		OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5745,11 +5705,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5749 "util/configparser.c"
+#line 5709 "util/configparser.c"
     break;
 
-  case 535: /* server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG  */
-#line 2444 "util/configparser.y"
+  case 536: /* server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG  */
+#line 2447 "util/configparser.y"
         {
 		OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5758,51 +5718,51 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5762 "util/configparser.c"
+#line 5722 "util/configparser.c"
     break;
 
-  case 536: /* server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG  */
-#line 2454 "util/configparser.y"
+  case 537: /* server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG  */
+#line 2457 "util/configparser.y"
         {
 		OUTYY(("P(server_unknown_server_time_limit:%s)\n", (yyvsp[0].str)));
 		cfg_parser->cfg->unknown_server_time_limit = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5772 "util/configparser.c"
+#line 5732 "util/configparser.c"
     break;
 
-  case 537: /* server_discard_timeout: VAR_DISCARD_TIMEOUT STRING_ARG  */
-#line 2461 "util/configparser.y"
+  case 538: /* server_discard_timeout: VAR_DISCARD_TIMEOUT STRING_ARG  */
+#line 2464 "util/configparser.y"
         {
 		OUTYY(("P(server_discard_timeout:%s)\n", (yyvsp[0].str)));
 		cfg_parser->cfg->discard_timeout = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5782 "util/configparser.c"
+#line 5742 "util/configparser.c"
     break;
 
-  case 538: /* server_wait_limit: VAR_WAIT_LIMIT STRING_ARG  */
-#line 2468 "util/configparser.y"
+  case 539: /* server_wait_limit: VAR_WAIT_LIMIT STRING_ARG  */
+#line 2471 "util/configparser.y"
         {
 		OUTYY(("P(server_wait_limit:%s)\n", (yyvsp[0].str)));
 		cfg_parser->cfg->wait_limit = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5792 "util/configparser.c"
+#line 5752 "util/configparser.c"
     break;
 
-  case 539: /* server_wait_limit_cookie: VAR_WAIT_LIMIT_COOKIE STRING_ARG  */
-#line 2475 "util/configparser.y"
+  case 540: /* server_wait_limit_cookie: VAR_WAIT_LIMIT_COOKIE STRING_ARG  */
+#line 2478 "util/configparser.y"
         {
 		OUTYY(("P(server_wait_limit_cookie:%s)\n", (yyvsp[0].str)));
 		cfg_parser->cfg->wait_limit_cookie = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5802 "util/configparser.c"
+#line 5762 "util/configparser.c"
     break;
 
-  case 540: /* server_wait_limit_netblock: VAR_WAIT_LIMIT_NETBLOCK STRING_ARG STRING_ARG  */
-#line 2482 "util/configparser.y"
+  case 541: /* server_wait_limit_netblock: VAR_WAIT_LIMIT_NETBLOCK STRING_ARG STRING_ARG  */
+#line 2485 "util/configparser.y"
         {
 		OUTYY(("P(server_wait_limit_netblock:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) {
@@ -5816,11 +5776,11 @@ yyreduce:
 					"wait-limit-netblock");
 		}
 	}
-#line 5820 "util/configparser.c"
+#line 5780 "util/configparser.c"
     break;
 
-  case 541: /* server_wait_limit_cookie_netblock: VAR_WAIT_LIMIT_COOKIE_NETBLOCK STRING_ARG STRING_ARG  */
-#line 2497 "util/configparser.y"
+  case 542: /* server_wait_limit_cookie_netblock: VAR_WAIT_LIMIT_COOKIE_NETBLOCK STRING_ARG STRING_ARG  */
+#line 2500 "util/configparser.y"
         {
 		OUTYY(("P(server_wait_limit_cookie_netblock:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) {
@@ -5834,31 +5794,31 @@ yyreduce:
 					"wait-limit-cookie-netblock");
 		}
 	}
-#line 5838 "util/configparser.c"
+#line 5798 "util/configparser.c"
     break;
 
-  case 542: /* server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG  */
-#line 2512 "util/configparser.y"
+  case 543: /* server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG  */
+#line 2515 "util/configparser.y"
         {
 		OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str)));
 		cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5848 "util/configparser.c"
+#line 5808 "util/configparser.c"
     break;
 
-  case 543: /* server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG  */
-#line 2519 "util/configparser.y"
+  case 544: /* server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG  */
+#line 2522 "util/configparser.y"
         {
 		OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dns64_prefix);
 		cfg_parser->cfg->dns64_prefix = (yyvsp[0].str);
 	}
-#line 5858 "util/configparser.c"
+#line 5818 "util/configparser.c"
     break;
 
-  case 544: /* server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG  */
-#line 2526 "util/configparser.y"
+  case 545: /* server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG  */
+#line 2529 "util/configparser.y"
         {
 		OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5866,32 +5826,32 @@ yyreduce:
 		else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5870 "util/configparser.c"
+#line 5830 "util/configparser.c"
     break;
 
-  case 545: /* server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG  */
-#line 2535 "util/configparser.y"
+  case 546: /* server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG  */
+#line 2538 "util/configparser.y"
         {
 		OUTYY(("P(dns64_ignore_aaaa:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
 			(yyvsp[0].str)))
 			fatal_exit("out of memory adding dns64-ignore-aaaa");
 	}
-#line 5881 "util/configparser.c"
+#line 5841 "util/configparser.c"
     break;
 
-  case 546: /* server_nat64_prefix: VAR_NAT64_PREFIX STRING_ARG  */
-#line 2543 "util/configparser.y"
+  case 547: /* server_nat64_prefix: VAR_NAT64_PREFIX STRING_ARG  */
+#line 2546 "util/configparser.y"
         {
 		OUTYY(("P(nat64_prefix:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->nat64_prefix);
 		cfg_parser->cfg->nat64_prefix = (yyvsp[0].str);
 	}
-#line 5891 "util/configparser.c"
+#line 5851 "util/configparser.c"
     break;
 
-  case 547: /* server_define_tag: VAR_DEFINE_TAG STRING_ARG  */
-#line 2550 "util/configparser.y"
+  case 548: /* server_define_tag: VAR_DEFINE_TAG STRING_ARG  */
+#line 2553 "util/configparser.y"
         {
 		char* p, *s = (yyvsp[0].str);
 		OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str)));
@@ -5904,11 +5864,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 5908 "util/configparser.c"
+#line 5868 "util/configparser.c"
     break;
 
-  case 548: /* server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG  */
-#line 2564 "util/configparser.y"
+  case 549: /* server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG  */
+#line 2567 "util/configparser.y"
         {
 		size_t len = 0;
 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str),
@@ -5928,11 +5888,11 @@ yyreduce:
 			}
 		}
 	}
-#line 5932 "util/configparser.c"
+#line 5892 "util/configparser.c"
     break;
 
-  case 549: /* server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG  */
-#line 2585 "util/configparser.y"
+  case 550: /* server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG  */
+#line 2588 "util/configparser.y"
         {
 		size_t len = 0;
 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str),
@@ -5952,11 +5912,11 @@ yyreduce:
 			}
 		}
 	}
-#line 5956 "util/configparser.c"
+#line 5916 "util/configparser.c"
     break;
 
-  case 550: /* server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG  */
-#line 2606 "util/configparser.y"
+  case 551: /* server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG  */
+#line 2609 "util/configparser.y"
         {
 		OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str)));
 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
@@ -5967,11 +5927,11 @@ yyreduce:
 			free((yyvsp[0].str));
 		}
 	}
-#line 5971 "util/configparser.c"
+#line 5931 "util/configparser.c"
     break;
 
-  case 551: /* server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG  */
-#line 2618 "util/configparser.y"
+  case 552: /* server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG  */
+#line 2621 "util/configparser.y"
         {
 		OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str)));
 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
@@ -5982,11 +5942,11 @@ yyreduce:
 			free((yyvsp[0].str));
 		}
 	}
-#line 5986 "util/configparser.c"
+#line 5946 "util/configparser.c"
     break;
 
-  case 552: /* server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG  */
-#line 2630 "util/configparser.y"
+  case 553: /* server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG  */
+#line 2633 "util/configparser.y"
         {
 		OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str)));
 		if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
@@ -5997,11 +5957,11 @@ yyreduce:
 			free((yyvsp[0].str));
 		}
 	}
-#line 6001 "util/configparser.c"
+#line 5961 "util/configparser.c"
     break;
 
-  case 553: /* server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG  */
-#line 2642 "util/configparser.y"
+  case 554: /* server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG  */
+#line 2645 "util/configparser.y"
         {
 		OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
@@ -6009,11 +5969,11 @@ yyreduce:
 			yyerror("out of memory");
 		}
 	}
-#line 6013 "util/configparser.c"
+#line 5973 "util/configparser.c"
     break;
 
-  case 554: /* server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG  */
-#line 2651 "util/configparser.y"
+  case 555: /* server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG  */
+#line 2654 "util/configparser.y"
         {
 		size_t len = 0;
 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str),
@@ -6033,11 +5993,11 @@ yyreduce:
 			}
 		}
 	}
-#line 6037 "util/configparser.c"
+#line 5997 "util/configparser.c"
     break;
 
-  case 555: /* server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG  */
-#line 2672 "util/configparser.y"
+  case 556: /* server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG  */
+#line 2675 "util/configparser.y"
         {
 		OUTYY(("P(server_interface_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str)));
 		if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_actions,
@@ -6048,11 +6008,11 @@ yyreduce:
 			free((yyvsp[0].str));
 		}
 	}
-#line 6052 "util/configparser.c"
+#line 6012 "util/configparser.c"
     break;
 
-  case 556: /* server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG  */
-#line 2684 "util/configparser.y"
+  case 557: /* server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG  */
+#line 2687 "util/configparser.y"
         {
 		OUTYY(("P(server_interface_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str)));
 		if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_datas,
@@ -6063,11 +6023,11 @@ yyreduce:
 			free((yyvsp[0].str));
 		}
 	}
-#line 6067 "util/configparser.c"
+#line 6027 "util/configparser.c"
     break;
 
-  case 557: /* server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG  */
-#line 2696 "util/configparser.y"
+  case 558: /* server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG  */
+#line 2699 "util/configparser.y"
         {
 		OUTYY(("P(server_interface_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(!cfg_str2list_insert(&cfg_parser->cfg->interface_view,
@@ -6075,11 +6035,11 @@ yyreduce:
 			yyerror("out of memory");
 		}
 	}
-#line 6079 "util/configparser.c"
+#line 6039 "util/configparser.c"
     break;
 
-  case 558: /* server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG  */
-#line 2705 "util/configparser.y"
+  case 559: /* server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG  */
+#line 2708 "util/configparser.y"
         {
 		size_t len = 0;
 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str),
@@ -6099,11 +6059,11 @@ yyreduce:
 			}
 		}
 	}
-#line 6103 "util/configparser.c"
+#line 6063 "util/configparser.c"
     break;
 
-  case 559: /* server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG  */
-#line 2726 "util/configparser.y"
+  case 560: /* server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG  */
+#line 2729 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6111,11 +6071,11 @@ yyreduce:
 		else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6115 "util/configparser.c"
+#line 6075 "util/configparser.c"
     break;
 
-  case 560: /* server_ip_ratelimit_cookie: VAR_IP_RATELIMIT_COOKIE STRING_ARG  */
-#line 2735 "util/configparser.y"
+  case 561: /* server_ip_ratelimit_cookie: VAR_IP_RATELIMIT_COOKIE STRING_ARG  */
+#line 2738 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_ratelimit_cookie:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6123,11 +6083,11 @@ yyreduce:
 		else cfg_parser->cfg->ip_ratelimit_cookie = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6127 "util/configparser.c"
+#line 6087 "util/configparser.c"
     break;
 
-  case 561: /* server_ratelimit: VAR_RATELIMIT STRING_ARG  */
-#line 2744 "util/configparser.y"
+  case 562: /* server_ratelimit: VAR_RATELIMIT STRING_ARG  */
+#line 2747 "util/configparser.y"
         {
 		OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6135,33 +6095,33 @@ yyreduce:
 		else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6139 "util/configparser.c"
+#line 6099 "util/configparser.c"
     break;
 
-  case 562: /* server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG  */
-#line 2753 "util/configparser.y"
+  case 563: /* server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG  */
+#line 2756 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size))
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 6150 "util/configparser.c"
+#line 6110 "util/configparser.c"
     break;
 
-  case 563: /* server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG  */
-#line 2761 "util/configparser.y"
+  case 564: /* server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG  */
+#line 2764 "util/configparser.y"
         {
 		OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size))
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 6161 "util/configparser.c"
+#line 6121 "util/configparser.c"
     break;
 
-  case 564: /* server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG  */
-#line 2769 "util/configparser.y"
+  case 565: /* server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG  */
+#line 2772 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0) {
@@ -6173,11 +6133,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 6177 "util/configparser.c"
+#line 6137 "util/configparser.c"
     break;
 
-  case 565: /* server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG  */
-#line 2782 "util/configparser.y"
+  case 566: /* server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG  */
+#line 2785 "util/configparser.y"
         {
 		OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0) {
@@ -6189,11 +6149,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 6193 "util/configparser.c"
+#line 6153 "util/configparser.c"
     break;
 
-  case 566: /* server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG  */
-#line 2795 "util/configparser.y"
+  case 567: /* server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG  */
+#line 2798 "util/configparser.y"
         {
 		OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) {
@@ -6207,11 +6167,11 @@ yyreduce:
 					"ratelimit-for-domain");
 		}
 	}
-#line 6211 "util/configparser.c"
+#line 6171 "util/configparser.c"
     break;
 
-  case 567: /* server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG  */
-#line 2810 "util/configparser.y"
+  case 568: /* server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG  */
+#line 2813 "util/configparser.y"
         {
 		OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) {
@@ -6225,11 +6185,11 @@ yyreduce:
 					"ratelimit-below-domain");
 		}
 	}
-#line 6229 "util/configparser.c"
+#line 6189 "util/configparser.c"
     break;
 
-  case 568: /* server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG  */
-#line 2825 "util/configparser.y"
+  case 569: /* server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG  */
+#line 2828 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6237,11 +6197,11 @@ yyreduce:
 		else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6241 "util/configparser.c"
+#line 6201 "util/configparser.c"
     break;
 
-  case 569: /* server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG  */
-#line 2834 "util/configparser.y"
+  case 570: /* server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG  */
+#line 2837 "util/configparser.y"
         {
 		OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6249,11 +6209,11 @@ yyreduce:
 		else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6253 "util/configparser.c"
+#line 6213 "util/configparser.c"
     break;
 
-  case 570: /* server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG  */
-#line 2843 "util/configparser.y"
+  case 571: /* server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG  */
+#line 2846 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_ratelimit_backoff:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6262,11 +6222,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6266 "util/configparser.c"
+#line 6226 "util/configparser.c"
     break;
 
-  case 571: /* server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG  */
-#line 2853 "util/configparser.y"
+  case 572: /* server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG  */
+#line 2856 "util/configparser.y"
         {
 		OUTYY(("P(server_ratelimit_backoff:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6275,11 +6235,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6279 "util/configparser.c"
+#line 6239 "util/configparser.c"
     break;
 
-  case 572: /* server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG  */
-#line 2863 "util/configparser.y"
+  case 573: /* server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG  */
+#line 2866 "util/configparser.y"
         {
 		OUTYY(("P(server_outbound_msg_retry:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6287,11 +6247,11 @@ yyreduce:
 		else cfg_parser->cfg->outbound_msg_retry = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6291 "util/configparser.c"
+#line 6251 "util/configparser.c"
     break;
 
-  case 573: /* server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG  */
-#line 2872 "util/configparser.y"
+  case 574: /* server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG  */
+#line 2875 "util/configparser.y"
         {
 		OUTYY(("P(server_max_sent_count:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6299,11 +6259,11 @@ yyreduce:
 		else cfg_parser->cfg->max_sent_count = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6303 "util/configparser.c"
+#line 6263 "util/configparser.c"
     break;
 
-  case 574: /* server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG  */
-#line 2881 "util/configparser.y"
+  case 575: /* server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG  */
+#line 2884 "util/configparser.y"
         {
 		OUTYY(("P(server_max_query_restarts:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6311,20 +6271,20 @@ yyreduce:
 		else cfg_parser->cfg->max_query_restarts = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6315 "util/configparser.c"
+#line 6275 "util/configparser.c"
     break;
 
-  case 575: /* server_low_rtt: VAR_LOW_RTT STRING_ARG  */
-#line 2890 "util/configparser.y"
+  case 576: /* server_low_rtt: VAR_LOW_RTT STRING_ARG  */
+#line 2893 "util/configparser.y"
         {
 		OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
 		free((yyvsp[0].str));
 	}
-#line 6324 "util/configparser.c"
+#line 6284 "util/configparser.c"
     break;
 
-  case 576: /* server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG  */
-#line 2896 "util/configparser.y"
+  case 577: /* server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG  */
+#line 2899 "util/configparser.y"
         {
 		OUTYY(("P(server_fast_server_num:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) <= 0)
@@ -6332,11 +6292,11 @@ yyreduce:
 		else cfg_parser->cfg->fast_server_num = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6336 "util/configparser.c"
+#line 6296 "util/configparser.c"
     break;
 
-  case 577: /* server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG  */
-#line 2905 "util/configparser.y"
+  case 578: /* server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG  */
+#line 2908 "util/configparser.y"
         {
 		OUTYY(("P(server_fast_server_permil:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6344,11 +6304,11 @@ yyreduce:
 		else cfg_parser->cfg->fast_server_permil = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6348 "util/configparser.c"
+#line 6308 "util/configparser.c"
     break;
 
-  case 578: /* server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG  */
-#line 2914 "util/configparser.y"
+  case 579: /* server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG  */
+#line 2917 "util/configparser.y"
         {
 		OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6357,11 +6317,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6361 "util/configparser.c"
+#line 6321 "util/configparser.c"
     break;
 
-  case 579: /* server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG  */
-#line 2924 "util/configparser.y"
+  case 580: /* server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG  */
+#line 2927 "util/configparser.y"
         {
 		OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6370,11 +6330,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6374 "util/configparser.c"
+#line 6334 "util/configparser.c"
     break;
 
-  case 580: /* server_pad_responses: VAR_PAD_RESPONSES STRING_ARG  */
-#line 2934 "util/configparser.y"
+  case 581: /* server_pad_responses: VAR_PAD_RESPONSES STRING_ARG  */
+#line 2937 "util/configparser.y"
         {
 		OUTYY(("P(server_pad_responses:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6383,11 +6343,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6387 "util/configparser.c"
+#line 6347 "util/configparser.c"
     break;
 
-  case 581: /* server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG  */
-#line 2944 "util/configparser.y"
+  case 582: /* server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG  */
+#line 2947 "util/configparser.y"
         {
 		OUTYY(("P(server_pad_responses_block_size:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -6395,11 +6355,11 @@ yyreduce:
 		else cfg_parser->cfg->pad_responses_block_size = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6399 "util/configparser.c"
+#line 6359 "util/configparser.c"
     break;
 
-  case 582: /* server_pad_queries: VAR_PAD_QUERIES STRING_ARG  */
-#line 2953 "util/configparser.y"
+  case 583: /* server_pad_queries: VAR_PAD_QUERIES STRING_ARG  */
+#line 2956 "util/configparser.y"
         {
 		OUTYY(("P(server_pad_queries:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6408,11 +6368,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6412 "util/configparser.c"
+#line 6372 "util/configparser.c"
     break;
 
-  case 583: /* server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG  */
-#line 2963 "util/configparser.y"
+  case 584: /* server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG  */
+#line 2966 "util/configparser.y"
         {
 		OUTYY(("P(server_pad_queries_block_size:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -6420,11 +6380,11 @@ yyreduce:
 		else cfg_parser->cfg->pad_queries_block_size = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6424 "util/configparser.c"
+#line 6384 "util/configparser.c"
     break;
 
-  case 584: /* server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG  */
-#line 2972 "util/configparser.y"
+  case 585: /* server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG  */
+#line 2975 "util/configparser.y"
         {
 	#ifdef USE_IPSECMOD
 		OUTYY(("P(server_ipsecmod_enabled:%s)\n", (yyvsp[0].str)));
@@ -6436,11 +6396,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 6440 "util/configparser.c"
+#line 6400 "util/configparser.c"
     break;
 
-  case 585: /* server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG  */
-#line 2985 "util/configparser.y"
+  case 586: /* server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG  */
+#line 2988 "util/configparser.y"
         {
 	#ifdef USE_IPSECMOD
 		OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", (yyvsp[0].str)));
@@ -6452,11 +6412,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 6456 "util/configparser.c"
+#line 6416 "util/configparser.c"
     break;
 
-  case 586: /* server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG  */
-#line 2998 "util/configparser.y"
+  case 587: /* server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG  */
+#line 3001 "util/configparser.y"
         {
 	#ifdef USE_IPSECMOD
 		OUTYY(("P(server_ipsecmod_hook:%s)\n", (yyvsp[0].str)));
@@ -6467,11 +6427,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 6471 "util/configparser.c"
+#line 6431 "util/configparser.c"
     break;
 
-  case 587: /* server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG  */
-#line 3010 "util/configparser.y"
+  case 588: /* server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG  */
+#line 3013 "util/configparser.y"
         {
 	#ifdef USE_IPSECMOD
 		OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", (yyvsp[0].str)));
@@ -6484,11 +6444,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 6488 "util/configparser.c"
+#line 6448 "util/configparser.c"
     break;
 
-  case 588: /* server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG  */
-#line 3024 "util/configparser.y"
+  case 589: /* server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG  */
+#line 3027 "util/configparser.y"
         {
 	#ifdef USE_IPSECMOD
 		OUTYY(("P(server_ipsecmod_whitelist:%s)\n", (yyvsp[0].str)));
@@ -6499,11 +6459,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 6503 "util/configparser.c"
+#line 6463 "util/configparser.c"
     break;
 
-  case 589: /* server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG  */
-#line 3036 "util/configparser.y"
+  case 590: /* server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG  */
+#line 3039 "util/configparser.y"
         {
 	#ifdef USE_IPSECMOD
 		OUTYY(("P(server_ipsecmod_strict:%s)\n", (yyvsp[0].str)));
@@ -6516,11 +6476,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 6520 "util/configparser.c"
+#line 6480 "util/configparser.c"
     break;
 
-  case 590: /* server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG  */
-#line 3050 "util/configparser.y"
+  case 591: /* server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG  */
+#line 3053 "util/configparser.y"
         {
 		OUTYY(("P(server_edns_client_string:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(!cfg_str2list_insert(
@@ -6528,11 +6488,11 @@ yyreduce:
 			fatal_exit("out of memory adding "
 				"edns-client-string");
 	}
-#line 6532 "util/configparser.c"
+#line 6492 "util/configparser.c"
     break;
 
-  case 591: /* server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG  */
-#line 3059 "util/configparser.y"
+  case 592: /* server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG  */
+#line 3062 "util/configparser.y"
         {
 		OUTYY(("P(edns_client_string_opcode:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6542,11 +6502,11 @@ yyreduce:
 		else cfg_parser->cfg->edns_client_string_opcode = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6546 "util/configparser.c"
+#line 6506 "util/configparser.c"
     break;
 
-  case 592: /* server_ede: VAR_EDE STRING_ARG  */
-#line 3070 "util/configparser.y"
+  case 593: /* server_ede: VAR_EDE STRING_ARG  */
+#line 3073 "util/configparser.y"
         {
 		OUTYY(("P(server_ede:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6554,11 +6514,11 @@ yyreduce:
 		else cfg_parser->cfg->ede = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6558 "util/configparser.c"
+#line 6518 "util/configparser.c"
     break;
 
-  case 593: /* server_dns_error_reporting: VAR_DNS_ERROR_REPORTING STRING_ARG  */
-#line 3079 "util/configparser.y"
+  case 594: /* server_dns_error_reporting: VAR_DNS_ERROR_REPORTING STRING_ARG  */
+#line 3082 "util/configparser.y"
         {
 		OUTYY(("P(server_dns_error_reporting:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6566,21 +6526,21 @@ yyreduce:
 		else cfg_parser->cfg->dns_error_reporting = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6570 "util/configparser.c"
+#line 6530 "util/configparser.c"
     break;
 
-  case 594: /* server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG  */
-#line 3088 "util/configparser.y"
+  case 595: /* server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG  */
+#line 3091 "util/configparser.y"
         {
 		OUTYY(("P(server_proxy_protocol_port:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->proxy_protocol_port, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 6580 "util/configparser.c"
+#line 6540 "util/configparser.c"
     break;
 
-  case 595: /* stub_name: VAR_NAME STRING_ARG  */
-#line 3095 "util/configparser.y"
+  case 596: /* stub_name: VAR_NAME STRING_ARG  */
+#line 3098 "util/configparser.y"
         {
 		OUTYY(("P(name:%s)\n", (yyvsp[0].str)));
 		if(cfg_parser->cfg->stubs->name)
@@ -6589,31 +6549,31 @@ yyreduce:
 		free(cfg_parser->cfg->stubs->name);
 		cfg_parser->cfg->stubs->name = (yyvsp[0].str);
 	}
-#line 6593 "util/configparser.c"
+#line 6553 "util/configparser.c"
     break;
 
-  case 596: /* stub_host: VAR_STUB_HOST STRING_ARG  */
-#line 3105 "util/configparser.y"
+  case 597: /* stub_host: VAR_STUB_HOST STRING_ARG  */
+#line 3108 "util/configparser.y"
         {
 		OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 6603 "util/configparser.c"
+#line 6563 "util/configparser.c"
     break;
 
-  case 597: /* stub_addr: VAR_STUB_ADDR STRING_ARG  */
-#line 3112 "util/configparser.y"
+  case 598: /* stub_addr: VAR_STUB_ADDR STRING_ARG  */
+#line 3115 "util/configparser.y"
         {
 		OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 6613 "util/configparser.c"
+#line 6573 "util/configparser.c"
     break;
 
-  case 598: /* stub_first: VAR_STUB_FIRST STRING_ARG  */
-#line 3119 "util/configparser.y"
+  case 599: /* stub_first: VAR_STUB_FIRST STRING_ARG  */
+#line 3122 "util/configparser.y"
         {
 		OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6621,11 +6581,11 @@ yyreduce:
 		else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6625 "util/configparser.c"
+#line 6585 "util/configparser.c"
     break;
 
-  case 599: /* stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG  */
-#line 3128 "util/configparser.y"
+  case 600: /* stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG  */
+#line 3131 "util/configparser.y"
         {
 		OUTYY(("P(stub-no-cache:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6633,11 +6593,11 @@ yyreduce:
 		else cfg_parser->cfg->stubs->no_cache=(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6637 "util/configparser.c"
+#line 6597 "util/configparser.c"
     break;
 
-  case 600: /* stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG  */
-#line 3137 "util/configparser.y"
+  case 601: /* stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG  */
+#line 3140 "util/configparser.y"
         {
 		OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6646,11 +6606,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6650 "util/configparser.c"
+#line 6610 "util/configparser.c"
     break;
 
-  case 601: /* stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG  */
-#line 3147 "util/configparser.y"
+  case 602: /* stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG  */
+#line 3150 "util/configparser.y"
         {
                 OUTYY(("P(stub-tcp-upstream:%s)\n", (yyvsp[0].str)));
                 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6659,11 +6619,11 @@ yyreduce:
                         (strcmp((yyvsp[0].str), "yes")==0);
                 free((yyvsp[0].str));
         }
-#line 6663 "util/configparser.c"
+#line 6623 "util/configparser.c"
     break;
 
-  case 602: /* stub_prime: VAR_STUB_PRIME STRING_ARG  */
-#line 3157 "util/configparser.y"
+  case 603: /* stub_prime: VAR_STUB_PRIME STRING_ARG  */
+#line 3160 "util/configparser.y"
         {
 		OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6672,11 +6632,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6676 "util/configparser.c"
+#line 6636 "util/configparser.c"
     break;
 
-  case 603: /* forward_name: VAR_NAME STRING_ARG  */
-#line 3167 "util/configparser.y"
+  case 604: /* forward_name: VAR_NAME STRING_ARG  */
+#line 3170 "util/configparser.y"
         {
 		OUTYY(("P(name:%s)\n", (yyvsp[0].str)));
 		if(cfg_parser->cfg->forwards->name)
@@ -6685,31 +6645,31 @@ yyreduce:
 		free(cfg_parser->cfg->forwards->name);
 		cfg_parser->cfg->forwards->name = (yyvsp[0].str);
 	}
-#line 6689 "util/configparser.c"
+#line 6649 "util/configparser.c"
     break;
 
-  case 604: /* forward_host: VAR_FORWARD_HOST STRING_ARG  */
-#line 3177 "util/configparser.y"
+  case 605: /* forward_host: VAR_FORWARD_HOST STRING_ARG  */
+#line 3180 "util/configparser.y"
         {
 		OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 6699 "util/configparser.c"
+#line 6659 "util/configparser.c"
     break;
 
-  case 605: /* forward_addr: VAR_FORWARD_ADDR STRING_ARG  */
-#line 3184 "util/configparser.y"
+  case 606: /* forward_addr: VAR_FORWARD_ADDR STRING_ARG  */
+#line 3187 "util/configparser.y"
         {
 		OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 6709 "util/configparser.c"
+#line 6669 "util/configparser.c"
     break;
 
-  case 606: /* forward_first: VAR_FORWARD_FIRST STRING_ARG  */
-#line 3191 "util/configparser.y"
+  case 607: /* forward_first: VAR_FORWARD_FIRST STRING_ARG  */
+#line 3194 "util/configparser.y"
         {
 		OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6717,11 +6677,11 @@ yyreduce:
 		else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6721 "util/configparser.c"
+#line 6681 "util/configparser.c"
     break;
 
-  case 607: /* forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG  */
-#line 3200 "util/configparser.y"
+  case 608: /* forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG  */
+#line 3203 "util/configparser.y"
         {
 		OUTYY(("P(forward-no-cache:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6729,11 +6689,11 @@ yyreduce:
 		else cfg_parser->cfg->forwards->no_cache=(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6733 "util/configparser.c"
+#line 6693 "util/configparser.c"
     break;
 
-  case 608: /* forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG  */
-#line 3209 "util/configparser.y"
+  case 609: /* forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG  */
+#line 3212 "util/configparser.y"
         {
 		OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6742,11 +6702,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6746 "util/configparser.c"
+#line 6706 "util/configparser.c"
     break;
 
-  case 609: /* forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG  */
-#line 3219 "util/configparser.y"
+  case 610: /* forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG  */
+#line 3222 "util/configparser.y"
         {
                 OUTYY(("P(forward-tcp-upstream:%s)\n", (yyvsp[0].str)));
                 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6755,11 +6715,11 @@ yyreduce:
                         (strcmp((yyvsp[0].str), "yes")==0);
                 free((yyvsp[0].str));
         }
-#line 6759 "util/configparser.c"
+#line 6719 "util/configparser.c"
     break;
 
-  case 610: /* auth_name: VAR_NAME STRING_ARG  */
-#line 3229 "util/configparser.y"
+  case 611: /* auth_name: VAR_NAME STRING_ARG  */
+#line 3232 "util/configparser.y"
         {
 		OUTYY(("P(name:%s)\n", (yyvsp[0].str)));
 		if(cfg_parser->cfg->auths->name)
@@ -6768,52 +6728,52 @@ yyreduce:
 		free(cfg_parser->cfg->auths->name);
 		cfg_parser->cfg->auths->name = (yyvsp[0].str);
 	}
-#line 6772 "util/configparser.c"
+#line 6732 "util/configparser.c"
     break;
 
-  case 611: /* auth_zonefile: VAR_ZONEFILE STRING_ARG  */
-#line 3239 "util/configparser.y"
+  case 612: /* auth_zonefile: VAR_ZONEFILE STRING_ARG  */
+#line 3242 "util/configparser.y"
         {
 		OUTYY(("P(zonefile:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->auths->zonefile);
 		cfg_parser->cfg->auths->zonefile = (yyvsp[0].str);
 	}
-#line 6782 "util/configparser.c"
+#line 6742 "util/configparser.c"
     break;
 
-  case 612: /* auth_master: VAR_MASTER STRING_ARG  */
-#line 3246 "util/configparser.y"
+  case 613: /* auth_master: VAR_MASTER STRING_ARG  */
+#line 3249 "util/configparser.y"
         {
 		OUTYY(("P(master:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 6792 "util/configparser.c"
+#line 6752 "util/configparser.c"
     break;
 
-  case 613: /* auth_url: VAR_URL STRING_ARG  */
-#line 3253 "util/configparser.y"
+  case 614: /* auth_url: VAR_URL STRING_ARG  */
+#line 3256 "util/configparser.y"
         {
 		OUTYY(("P(url:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 6802 "util/configparser.c"
+#line 6762 "util/configparser.c"
     break;
 
-  case 614: /* auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG  */
-#line 3260 "util/configparser.y"
+  case 615: /* auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG  */
+#line 3263 "util/configparser.y"
         {
 		OUTYY(("P(allow-notify:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
 			(yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 6813 "util/configparser.c"
+#line 6773 "util/configparser.c"
     break;
 
-  case 615: /* auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG  */
-#line 3268 "util/configparser.y"
+  case 616: /* auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG  */
+#line 3271 "util/configparser.y"
         {
 		OUTYY(("P(zonemd-check:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6822,11 +6782,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6826 "util/configparser.c"
+#line 6786 "util/configparser.c"
     break;
 
-  case 616: /* auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG  */
-#line 3278 "util/configparser.y"
+  case 617: /* auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG  */
+#line 3281 "util/configparser.y"
         {
 		OUTYY(("P(zonemd-reject-absence:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6835,11 +6795,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6839 "util/configparser.c"
+#line 6799 "util/configparser.c"
     break;
 
-  case 617: /* auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG  */
-#line 3288 "util/configparser.y"
+  case 618: /* auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG  */
+#line 3291 "util/configparser.y"
         {
 		OUTYY(("P(for-downstream:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6848,11 +6808,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6852 "util/configparser.c"
+#line 6812 "util/configparser.c"
     break;
 
-  case 618: /* auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG  */
-#line 3298 "util/configparser.y"
+  case 619: /* auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG  */
+#line 3301 "util/configparser.y"
         {
 		OUTYY(("P(for-upstream:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6861,11 +6821,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6865 "util/configparser.c"
+#line 6825 "util/configparser.c"
     break;
 
-  case 619: /* auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG  */
-#line 3308 "util/configparser.y"
+  case 620: /* auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG  */
+#line 3311 "util/configparser.y"
         {
 		OUTYY(("P(fallback-enabled:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6874,11 +6834,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6878 "util/configparser.c"
+#line 6838 "util/configparser.c"
     break;
 
-  case 620: /* view_name: VAR_NAME STRING_ARG  */
-#line 3318 "util/configparser.y"
+  case 621: /* view_name: VAR_NAME STRING_ARG  */
+#line 3321 "util/configparser.y"
         {
 		OUTYY(("P(name:%s)\n", (yyvsp[0].str)));
 		if(cfg_parser->cfg->views->name)
@@ -6887,11 +6847,11 @@ yyreduce:
 		free(cfg_parser->cfg->views->name);
 		cfg_parser->cfg->views->name = (yyvsp[0].str);
 	}
-#line 6891 "util/configparser.c"
+#line 6851 "util/configparser.c"
     break;
 
-  case 621: /* view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG  */
-#line 3328 "util/configparser.y"
+  case 622: /* view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG  */
+#line 3331 "util/configparser.y"
         {
 		OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 &&
@@ -6946,11 +6906,11 @@ yyreduce:
 				fatal_exit("out of memory adding local-zone");
 		}
 	}
-#line 6950 "util/configparser.c"
+#line 6910 "util/configparser.c"
     break;
 
-  case 622: /* view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG  */
-#line 3384 "util/configparser.y"
+  case 623: /* view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG  */
+#line 3387 "util/configparser.y"
         {
 		OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		validate_respip_action((yyvsp[0].str));
@@ -6959,33 +6919,33 @@ yyreduce:
 			fatal_exit("out of memory adding per-view "
 				"response-ip action");
 	}
-#line 6963 "util/configparser.c"
+#line 6923 "util/configparser.c"
     break;
 
-  case 623: /* view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG  */
-#line 3394 "util/configparser.y"
+  case 624: /* view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG  */
+#line 3397 "util/configparser.y"
         {
 		OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str)));
 		if(!cfg_str2list_insert(
 			&cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str)))
 			fatal_exit("out of memory adding response-ip-data");
 	}
-#line 6974 "util/configparser.c"
+#line 6934 "util/configparser.c"
     break;
 
-  case 624: /* view_local_data: VAR_LOCAL_DATA STRING_ARG  */
-#line 3402 "util/configparser.y"
+  case 625: /* view_local_data: VAR_LOCAL_DATA STRING_ARG  */
+#line 3405 "util/configparser.y"
         {
 		OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) {
 			fatal_exit("out of memory adding local-data");
 		}
 	}
-#line 6985 "util/configparser.c"
+#line 6945 "util/configparser.c"
     break;
 
-  case 625: /* view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG  */
-#line 3410 "util/configparser.y"
+  case 626: /* view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG  */
+#line 3413 "util/configparser.y"
         {
 		char* ptr;
 		OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str)));
@@ -6999,11 +6959,11 @@ yyreduce:
 			yyerror("local-data-ptr could not be reversed");
 		}
 	}
-#line 7003 "util/configparser.c"
+#line 6963 "util/configparser.c"
     break;
 
-  case 626: /* view_first: VAR_VIEW_FIRST STRING_ARG  */
-#line 3425 "util/configparser.y"
+  case 627: /* view_first: VAR_VIEW_FIRST STRING_ARG  */
+#line 3428 "util/configparser.y"
         {
 		OUTYY(("P(view-first:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7011,20 +6971,20 @@ yyreduce:
 		else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7015 "util/configparser.c"
+#line 6975 "util/configparser.c"
     break;
 
-  case 627: /* rcstart: VAR_REMOTE_CONTROL  */
-#line 3434 "util/configparser.y"
+  case 628: /* rcstart: VAR_REMOTE_CONTROL  */
+#line 3437 "util/configparser.y"
         {
 		OUTYY(("\nP(remote-control:)\n"));
 		cfg_parser->started_toplevel = 1;
 	}
-#line 7024 "util/configparser.c"
+#line 6984 "util/configparser.c"
     break;
 
-  case 638: /* rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG  */
-#line 3446 "util/configparser.y"
+  case 639: /* rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG  */
+#line 3449 "util/configparser.y"
         {
 		OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7033,11 +6993,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7037 "util/configparser.c"
+#line 6997 "util/configparser.c"
     break;
 
-  case 639: /* rc_control_port: VAR_CONTROL_PORT STRING_ARG  */
-#line 3456 "util/configparser.y"
+  case 640: /* rc_control_port: VAR_CONTROL_PORT STRING_ARG  */
+#line 3459 "util/configparser.y"
         {
 		OUTYY(("P(control_port:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -7045,80 +7005,80 @@ yyreduce:
 		else cfg_parser->cfg->control_port = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 7049 "util/configparser.c"
+#line 7009 "util/configparser.c"
     break;
 
-  case 640: /* rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG  */
-#line 3465 "util/configparser.y"
+  case 641: /* rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG  */
+#line 3468 "util/configparser.y"
         {
 		OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 7059 "util/configparser.c"
+#line 7019 "util/configparser.c"
     break;
 
-  case 641: /* rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG  */
-#line 3472 "util/configparser.y"
+  case 642: /* rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG  */
+#line 3475 "util/configparser.y"
         {
 		OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str)));
 		cfg_parser->cfg->control_use_cert = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7069 "util/configparser.c"
+#line 7029 "util/configparser.c"
     break;
 
-  case 642: /* rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG  */
-#line 3479 "util/configparser.y"
+  case 643: /* rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG  */
+#line 3482 "util/configparser.y"
         {
 		OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->server_key_file);
 		cfg_parser->cfg->server_key_file = (yyvsp[0].str);
 	}
-#line 7079 "util/configparser.c"
+#line 7039 "util/configparser.c"
     break;
 
-  case 643: /* rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG  */
-#line 3486 "util/configparser.y"
+  case 644: /* rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG  */
+#line 3489 "util/configparser.y"
         {
 		OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->server_cert_file);
 		cfg_parser->cfg->server_cert_file = (yyvsp[0].str);
 	}
-#line 7089 "util/configparser.c"
+#line 7049 "util/configparser.c"
     break;
 
-  case 644: /* rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG  */
-#line 3493 "util/configparser.y"
+  case 645: /* rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG  */
+#line 3496 "util/configparser.y"
         {
 		OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->control_key_file);
 		cfg_parser->cfg->control_key_file = (yyvsp[0].str);
 	}
-#line 7099 "util/configparser.c"
+#line 7059 "util/configparser.c"
     break;
 
-  case 645: /* rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG  */
-#line 3500 "util/configparser.y"
+  case 646: /* rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG  */
+#line 3503 "util/configparser.y"
         {
 		OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->control_cert_file);
 		cfg_parser->cfg->control_cert_file = (yyvsp[0].str);
 	}
-#line 7109 "util/configparser.c"
+#line 7069 "util/configparser.c"
     break;
 
-  case 646: /* dtstart: VAR_DNSTAP  */
-#line 3507 "util/configparser.y"
+  case 647: /* dtstart: VAR_DNSTAP  */
+#line 3510 "util/configparser.y"
         {
 		OUTYY(("\nP(dnstap:)\n"));
 		cfg_parser->started_toplevel = 1;
 	}
-#line 7118 "util/configparser.c"
+#line 7078 "util/configparser.c"
     break;
 
-  case 669: /* dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG  */
-#line 3529 "util/configparser.y"
+  case 670: /* dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG  */
+#line 3532 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7126,11 +7086,11 @@ yyreduce:
 		else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7130 "util/configparser.c"
+#line 7090 "util/configparser.c"
     break;
 
-  case 670: /* dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG  */
-#line 3538 "util/configparser.y"
+  case 671: /* dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG  */
+#line 3541 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_bidirectional:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7139,31 +7099,31 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7143 "util/configparser.c"
+#line 7103 "util/configparser.c"
     break;
 
-  case 671: /* dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG  */
-#line 3548 "util/configparser.y"
+  case 672: /* dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG  */
+#line 3551 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnstap_socket_path);
 		cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str);
 	}
-#line 7153 "util/configparser.c"
+#line 7113 "util/configparser.c"
     break;
 
-  case 672: /* dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG  */
-#line 3555 "util/configparser.y"
+  case 673: /* dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG  */
+#line 3558 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_ip:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnstap_ip);
 		cfg_parser->cfg->dnstap_ip = (yyvsp[0].str);
 	}
-#line 7163 "util/configparser.c"
+#line 7123 "util/configparser.c"
     break;
 
-  case 673: /* dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG  */
-#line 3562 "util/configparser.y"
+  case 674: /* dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG  */
+#line 3565 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_tls:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7171,51 +7131,51 @@ yyreduce:
 		else cfg_parser->cfg->dnstap_tls = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7175 "util/configparser.c"
+#line 7135 "util/configparser.c"
     break;
 
-  case 674: /* dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG  */
-#line 3571 "util/configparser.y"
+  case 675: /* dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG  */
+#line 3574 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnstap_tls_server_name);
 		cfg_parser->cfg->dnstap_tls_server_name = (yyvsp[0].str);
 	}
-#line 7185 "util/configparser.c"
+#line 7145 "util/configparser.c"
     break;
 
-  case 675: /* dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG  */
-#line 3578 "util/configparser.y"
+  case 676: /* dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG  */
+#line 3581 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnstap_tls_cert_bundle);
 		cfg_parser->cfg->dnstap_tls_cert_bundle = (yyvsp[0].str);
 	}
-#line 7195 "util/configparser.c"
+#line 7155 "util/configparser.c"
     break;
 
-  case 676: /* dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG  */
-#line 3585 "util/configparser.y"
+  case 677: /* dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG  */
+#line 3588 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnstap_tls_client_key_file);
 		cfg_parser->cfg->dnstap_tls_client_key_file = (yyvsp[0].str);
 	}
-#line 7205 "util/configparser.c"
+#line 7165 "util/configparser.c"
     break;
 
-  case 677: /* dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG  */
-#line 3592 "util/configparser.y"
+  case 678: /* dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG  */
+#line 3595 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnstap_tls_client_cert_file);
 		cfg_parser->cfg->dnstap_tls_client_cert_file = (yyvsp[0].str);
 	}
-#line 7215 "util/configparser.c"
+#line 7175 "util/configparser.c"
     break;
 
-  case 678: /* dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG  */
-#line 3599 "util/configparser.y"
+  case 679: /* dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG  */
+#line 3602 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7223,11 +7183,11 @@ yyreduce:
 		else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7227 "util/configparser.c"
+#line 7187 "util/configparser.c"
     break;
 
-  case 679: /* dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG  */
-#line 3608 "util/configparser.y"
+  case 680: /* dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG  */
+#line 3611 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7235,31 +7195,31 @@ yyreduce:
 		else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7239 "util/configparser.c"
+#line 7199 "util/configparser.c"
     break;
 
-  case 680: /* dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG  */
-#line 3617 "util/configparser.y"
+  case 681: /* dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG  */
+#line 3620 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnstap_identity);
 		cfg_parser->cfg->dnstap_identity = (yyvsp[0].str);
 	}
-#line 7249 "util/configparser.c"
+#line 7209 "util/configparser.c"
     break;
 
-  case 681: /* dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG  */
-#line 3624 "util/configparser.y"
+  case 682: /* dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG  */
+#line 3627 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnstap_version);
 		cfg_parser->cfg->dnstap_version = (yyvsp[0].str);
 	}
-#line 7259 "util/configparser.c"
+#line 7219 "util/configparser.c"
     break;
 
-  case 682: /* dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG  */
-#line 3631 "util/configparser.y"
+  case 683: /* dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG  */
+#line 3634 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7268,11 +7228,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7272 "util/configparser.c"
+#line 7232 "util/configparser.c"
     break;
 
-  case 683: /* dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG  */
-#line 3641 "util/configparser.y"
+  case 684: /* dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG  */
+#line 3644 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7281,11 +7241,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7285 "util/configparser.c"
+#line 7245 "util/configparser.c"
     break;
 
-  case 684: /* dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG  */
-#line 3651 "util/configparser.y"
+  case 685: /* dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG  */
+#line 3654 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7294,11 +7254,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7298 "util/configparser.c"
+#line 7258 "util/configparser.c"
     break;
 
-  case 685: /* dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG  */
-#line 3661 "util/configparser.y"
+  case 686: /* dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG  */
+#line 3664 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7307,11 +7267,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7311 "util/configparser.c"
+#line 7271 "util/configparser.c"
     break;
 
-  case 686: /* dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG  */
-#line 3671 "util/configparser.y"
+  case 687: /* dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG  */
+#line 3674 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7320,11 +7280,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7324 "util/configparser.c"
+#line 7284 "util/configparser.c"
     break;
 
-  case 687: /* dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG  */
-#line 3681 "util/configparser.y"
+  case 688: /* dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG  */
+#line 3684 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7333,11 +7293,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7337 "util/configparser.c"
+#line 7297 "util/configparser.c"
     break;
 
-  case 688: /* dt_dnstap_sample_rate: VAR_DNSTAP_SAMPLE_RATE STRING_ARG  */
-#line 3691 "util/configparser.y"
+  case 689: /* dt_dnstap_sample_rate: VAR_DNSTAP_SAMPLE_RATE STRING_ARG  */
+#line 3694 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_sample_rate:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -7347,49 +7307,49 @@ yyreduce:
 		else	cfg_parser->cfg->dnstap_sample_rate = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 7351 "util/configparser.c"
+#line 7311 "util/configparser.c"
     break;
 
-  case 689: /* pythonstart: VAR_PYTHON  */
-#line 3702 "util/configparser.y"
+  case 690: /* pythonstart: VAR_PYTHON  */
+#line 3705 "util/configparser.y"
         {
 		OUTYY(("\nP(python:)\n"));
 		cfg_parser->started_toplevel = 1;
 	}
-#line 7360 "util/configparser.c"
+#line 7320 "util/configparser.c"
     break;
 
-  case 693: /* py_script: VAR_PYTHON_SCRIPT STRING_ARG  */
-#line 3712 "util/configparser.y"
+  case 694: /* py_script: VAR_PYTHON_SCRIPT STRING_ARG  */
+#line 3715 "util/configparser.y"
         {
 		OUTYY(("P(python-script:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 7370 "util/configparser.c"
+#line 7330 "util/configparser.c"
     break;
 
-  case 694: /* dynlibstart: VAR_DYNLIB  */
-#line 3719 "util/configparser.y"
+  case 695: /* dynlibstart: VAR_DYNLIB  */
+#line 3722 "util/configparser.y"
         {
 		OUTYY(("\nP(dynlib:)\n"));
 		cfg_parser->started_toplevel = 1;
 	}
-#line 7379 "util/configparser.c"
+#line 7339 "util/configparser.c"
     break;
 
-  case 698: /* dl_file: VAR_DYNLIB_FILE STRING_ARG  */
-#line 3729 "util/configparser.y"
+  case 699: /* dl_file: VAR_DYNLIB_FILE STRING_ARG  */
+#line 3732 "util/configparser.y"
         {
 		OUTYY(("P(dynlib-file:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 7389 "util/configparser.c"
+#line 7349 "util/configparser.c"
     break;
 
-  case 699: /* server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG  */
-#line 3736 "util/configparser.y"
+  case 700: /* server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG  */
+#line 3739 "util/configparser.y"
         {
 		OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str)));
 		if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7398,21 +7358,21 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7402 "util/configparser.c"
+#line 7362 "util/configparser.c"
     break;
 
-  case 700: /* server_log_identity: VAR_LOG_IDENTITY STRING_ARG  */
-#line 3746 "util/configparser.y"
+  case 701: /* server_log_identity: VAR_LOG_IDENTITY STRING_ARG  */
+#line 3749 "util/configparser.y"
         {
 		OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->log_identity);
 		cfg_parser->cfg->log_identity = (yyvsp[0].str);
 	}
-#line 7412 "util/configparser.c"
+#line 7372 "util/configparser.c"
     break;
 
-  case 701: /* server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG  */
-#line 3753 "util/configparser.y"
+  case 702: /* server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG  */
+#line 3756 "util/configparser.y"
         {
 		OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		validate_respip_action((yyvsp[0].str));
@@ -7420,31 +7380,31 @@ yyreduce:
 			(yyvsp[-1].str), (yyvsp[0].str)))
 			fatal_exit("out of memory adding response-ip");
 	}
-#line 7424 "util/configparser.c"
+#line 7384 "util/configparser.c"
     break;
 
-  case 702: /* server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG  */
-#line 3762 "util/configparser.y"
+  case 703: /* server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG  */
+#line 3765 "util/configparser.y"
         {
 		OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str)));
 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
 			(yyvsp[-1].str), (yyvsp[0].str)))
 			fatal_exit("out of memory adding response-ip-data");
 	}
-#line 7435 "util/configparser.c"
+#line 7395 "util/configparser.c"
     break;
 
-  case 703: /* dnscstart: VAR_DNSCRYPT  */
-#line 3770 "util/configparser.y"
+  case 704: /* dnscstart: VAR_DNSCRYPT  */
+#line 3773 "util/configparser.y"
         {
 		OUTYY(("\nP(dnscrypt:)\n"));
 		cfg_parser->started_toplevel = 1;
 	}
-#line 7444 "util/configparser.c"
+#line 7404 "util/configparser.c"
     break;
 
-  case 716: /* dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG  */
-#line 3787 "util/configparser.y"
+  case 717: /* dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG  */
+#line 3790 "util/configparser.y"
         {
 		OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7452,11 +7412,11 @@ yyreduce:
 		else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7456 "util/configparser.c"
+#line 7416 "util/configparser.c"
     break;
 
-  case 717: /* dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG  */
-#line 3796 "util/configparser.y"
+  case 718: /* dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG  */
+#line 3799 "util/configparser.y"
         {
 		OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -7464,21 +7424,21 @@ yyreduce:
 		else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 7468 "util/configparser.c"
+#line 7428 "util/configparser.c"
     break;
 
-  case 718: /* dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG  */
-#line 3805 "util/configparser.y"
+  case 719: /* dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG  */
+#line 3808 "util/configparser.y"
         {
 		OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnscrypt_provider);
 		cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str);
 	}
-#line 7478 "util/configparser.c"
+#line 7438 "util/configparser.c"
     break;
 
-  case 719: /* dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG  */
-#line 3812 "util/configparser.y"
+  case 720: /* dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG  */
+#line 3815 "util/configparser.y"
         {
 		OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str)));
 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str)))
@@ -7486,21 +7446,21 @@ yyreduce:
 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str)))
 			fatal_exit("out of memory adding dnscrypt-provider-cert");
 	}
-#line 7490 "util/configparser.c"
+#line 7450 "util/configparser.c"
     break;
 
-  case 720: /* dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG  */
-#line 3821 "util/configparser.y"
+  case 721: /* dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG  */
+#line 3824 "util/configparser.y"
         {
 		OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str)))
 			fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
 	}
-#line 7500 "util/configparser.c"
+#line 7460 "util/configparser.c"
     break;
 
-  case 721: /* dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG  */
-#line 3828 "util/configparser.y"
+  case 722: /* dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG  */
+#line 3831 "util/configparser.y"
         {
 		OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str)));
 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str)))
@@ -7508,22 +7468,22 @@ yyreduce:
 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str)))
 			fatal_exit("out of memory adding dnscrypt-secret-key");
 	}
-#line 7512 "util/configparser.c"
+#line 7472 "util/configparser.c"
     break;
 
-  case 722: /* dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG  */
-#line 3837 "util/configparser.y"
+  case 723: /* dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG  */
+#line 3840 "util/configparser.y"
   {
 	OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str)));
 	if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
 		yyerror("memory size expected");
 	free((yyvsp[0].str));
   }
-#line 7523 "util/configparser.c"
+#line 7483 "util/configparser.c"
     break;
 
-  case 723: /* dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG  */
-#line 3845 "util/configparser.y"
+  case 724: /* dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG  */
+#line 3848 "util/configparser.y"
   {
 	OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str)));
 	if(atoi((yyvsp[0].str)) == 0) {
@@ -7535,22 +7495,22 @@ yyreduce:
 	}
 	free((yyvsp[0].str));
   }
-#line 7539 "util/configparser.c"
+#line 7499 "util/configparser.c"
     break;
 
-  case 724: /* dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG  */
-#line 3858 "util/configparser.y"
+  case 725: /* dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG  */
+#line 3861 "util/configparser.y"
   {
 	OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str)));
 	if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size))
 		yyerror("memory size expected");
 	free((yyvsp[0].str));
   }
-#line 7550 "util/configparser.c"
+#line 7510 "util/configparser.c"
     break;
 
-  case 725: /* dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG  */
-#line 3866 "util/configparser.y"
+  case 726: /* dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG  */
+#line 3869 "util/configparser.y"
   {
 	OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str)));
 	if(atoi((yyvsp[0].str)) == 0) {
@@ -7562,20 +7522,20 @@ yyreduce:
 	}
 	free((yyvsp[0].str));
   }
-#line 7566 "util/configparser.c"
+#line 7526 "util/configparser.c"
     break;
 
-  case 726: /* cachedbstart: VAR_CACHEDB  */
-#line 3879 "util/configparser.y"
+  case 727: /* cachedbstart: VAR_CACHEDB  */
+#line 3882 "util/configparser.y"
         {
 		OUTYY(("\nP(cachedb:)\n"));
 		cfg_parser->started_toplevel = 1;
 	}
-#line 7575 "util/configparser.c"
+#line 7535 "util/configparser.c"
     break;
 
-  case 750: /* cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG  */
-#line 3899 "util/configparser.y"
+  case 751: /* cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG  */
+#line 3902 "util/configparser.y"
         {
 	#ifdef USE_CACHEDB
 		OUTYY(("P(backend:%s)\n", (yyvsp[0].str)));
@@ -7586,11 +7546,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 7590 "util/configparser.c"
+#line 7550 "util/configparser.c"
     break;
 
-  case 751: /* cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG  */
-#line 3911 "util/configparser.y"
+  case 752: /* cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG  */
+#line 3914 "util/configparser.y"
         {
 	#ifdef USE_CACHEDB
 		OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str)));
@@ -7601,11 +7561,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 7605 "util/configparser.c"
+#line 7565 "util/configparser.c"
     break;
 
-  case 752: /* cachedb_no_store: VAR_CACHEDB_NO_STORE STRING_ARG  */
-#line 3923 "util/configparser.y"
+  case 753: /* cachedb_no_store: VAR_CACHEDB_NO_STORE STRING_ARG  */
+#line 3926 "util/configparser.y"
         {
 	#ifdef USE_CACHEDB
 		OUTYY(("P(cachedb_no_store:%s)\n", (yyvsp[0].str)));
@@ -7617,11 +7577,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7621 "util/configparser.c"
+#line 7581 "util/configparser.c"
     break;
 
-  case 753: /* cachedb_check_when_serve_expired: VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED STRING_ARG  */
-#line 3936 "util/configparser.y"
+  case 754: /* cachedb_check_when_serve_expired: VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED STRING_ARG  */
+#line 3939 "util/configparser.y"
         {
 	#ifdef USE_CACHEDB
 		OUTYY(("P(cachedb_check_when_serve_expired:%s)\n", (yyvsp[0].str)));
@@ -7633,11 +7593,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7637 "util/configparser.c"
+#line 7597 "util/configparser.c"
     break;
 
-  case 754: /* redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG  */
-#line 3949 "util/configparser.y"
+  case 755: /* redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG  */
+#line 3952 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str)));
@@ -7648,11 +7608,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 7652 "util/configparser.c"
+#line 7612 "util/configparser.c"
     break;
 
-  case 755: /* redis_replica_server_host: VAR_CACHEDB_REDISREPLICAHOST STRING_ARG  */
-#line 3961 "util/configparser.y"
+  case 756: /* redis_replica_server_host: VAR_CACHEDB_REDISREPLICAHOST STRING_ARG  */
+#line 3964 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_replica_server_host:%s)\n", (yyvsp[0].str)));
@@ -7663,11 +7623,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 7667 "util/configparser.c"
+#line 7627 "util/configparser.c"
     break;
 
-  case 756: /* redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG  */
-#line 3973 "util/configparser.y"
+  case 757: /* redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG  */
+#line 3976 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		int port;
@@ -7681,11 +7641,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7685 "util/configparser.c"
+#line 7645 "util/configparser.c"
     break;
 
-  case 757: /* redis_replica_server_port: VAR_CACHEDB_REDISREPLICAPORT STRING_ARG  */
-#line 3988 "util/configparser.y"
+  case 758: /* redis_replica_server_port: VAR_CACHEDB_REDISREPLICAPORT STRING_ARG  */
+#line 3991 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		int port;
@@ -7699,11 +7659,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7703 "util/configparser.c"
+#line 7663 "util/configparser.c"
     break;
 
-  case 758: /* redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG  */
-#line 4003 "util/configparser.y"
+  case 759: /* redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG  */
+#line 4006 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_server_path:%s)\n", (yyvsp[0].str)));
@@ -7714,11 +7674,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 7718 "util/configparser.c"
+#line 7678 "util/configparser.c"
     break;
 
-  case 759: /* redis_replica_server_path: VAR_CACHEDB_REDISREPLICAPATH STRING_ARG  */
-#line 4015 "util/configparser.y"
+  case 760: /* redis_replica_server_path: VAR_CACHEDB_REDISREPLICAPATH STRING_ARG  */
+#line 4018 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_replica_server_path:%s)\n", (yyvsp[0].str)));
@@ -7729,11 +7689,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 7733 "util/configparser.c"
+#line 7693 "util/configparser.c"
     break;
 
-  case 760: /* redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG  */
-#line 4027 "util/configparser.y"
+  case 761: /* redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG  */
+#line 4030 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_server_password:%s)\n", (yyvsp[0].str)));
@@ -7744,11 +7704,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 7748 "util/configparser.c"
+#line 7708 "util/configparser.c"
     break;
 
-  case 761: /* redis_replica_server_password: VAR_CACHEDB_REDISREPLICAPASSWORD STRING_ARG  */
-#line 4039 "util/configparser.y"
+  case 762: /* redis_replica_server_password: VAR_CACHEDB_REDISREPLICAPASSWORD STRING_ARG  */
+#line 4042 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_replica_server_password:%s)\n", (yyvsp[0].str)));
@@ -7759,11 +7719,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 7763 "util/configparser.c"
+#line 7723 "util/configparser.c"
     break;
 
-  case 762: /* redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG  */
-#line 4051 "util/configparser.y"
+  case 763: /* redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG  */
+#line 4054 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str)));
@@ -7775,11 +7735,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7779 "util/configparser.c"
+#line 7739 "util/configparser.c"
     break;
 
-  case 763: /* redis_replica_timeout: VAR_CACHEDB_REDISREPLICATIMEOUT STRING_ARG  */
-#line 4064 "util/configparser.y"
+  case 764: /* redis_replica_timeout: VAR_CACHEDB_REDISREPLICATIMEOUT STRING_ARG  */
+#line 4067 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_replica_timeout:%s)\n", (yyvsp[0].str)));
@@ -7791,11 +7751,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7795 "util/configparser.c"
+#line 7755 "util/configparser.c"
     break;
 
-  case 764: /* redis_command_timeout: VAR_CACHEDB_REDISCOMMANDTIMEOUT STRING_ARG  */
-#line 4077 "util/configparser.y"
+  case 765: /* redis_command_timeout: VAR_CACHEDB_REDISCOMMANDTIMEOUT STRING_ARG  */
+#line 4080 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_command_timeout:%s)\n", (yyvsp[0].str)));
@@ -7807,11 +7767,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7811 "util/configparser.c"
+#line 7771 "util/configparser.c"
     break;
 
-  case 765: /* redis_replica_command_timeout: VAR_CACHEDB_REDISREPLICACOMMANDTIMEOUT STRING_ARG  */
-#line 4090 "util/configparser.y"
+  case 766: /* redis_replica_command_timeout: VAR_CACHEDB_REDISREPLICACOMMANDTIMEOUT STRING_ARG  */
+#line 4093 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_replica_command_timeout:%s)\n", (yyvsp[0].str)));
@@ -7823,11 +7783,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7827 "util/configparser.c"
+#line 7787 "util/configparser.c"
     break;
 
-  case 766: /* redis_connect_timeout: VAR_CACHEDB_REDISCONNECTTIMEOUT STRING_ARG  */
-#line 4103 "util/configparser.y"
+  case 767: /* redis_connect_timeout: VAR_CACHEDB_REDISCONNECTTIMEOUT STRING_ARG  */
+#line 4106 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_connect_timeout:%s)\n", (yyvsp[0].str)));
@@ -7839,11 +7799,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7843 "util/configparser.c"
+#line 7803 "util/configparser.c"
     break;
 
-  case 767: /* redis_replica_connect_timeout: VAR_CACHEDB_REDISREPLICACONNECTTIMEOUT STRING_ARG  */
-#line 4116 "util/configparser.y"
+  case 768: /* redis_replica_connect_timeout: VAR_CACHEDB_REDISREPLICACONNECTTIMEOUT STRING_ARG  */
+#line 4119 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_replica_connect_timeout:%s)\n", (yyvsp[0].str)));
@@ -7855,11 +7815,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7859 "util/configparser.c"
+#line 7819 "util/configparser.c"
     break;
 
-  case 768: /* redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG  */
-#line 4129 "util/configparser.y"
+  case 769: /* redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG  */
+#line 4132 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_expire_records:%s)\n", (yyvsp[0].str)));
@@ -7871,11 +7831,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7875 "util/configparser.c"
+#line 7835 "util/configparser.c"
     break;
 
-  case 769: /* redis_logical_db: VAR_CACHEDB_REDISLOGICALDB STRING_ARG  */
-#line 4142 "util/configparser.y"
+  case 770: /* redis_logical_db: VAR_CACHEDB_REDISLOGICALDB STRING_ARG  */
+#line 4145 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		int db;
@@ -7889,11 +7849,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7893 "util/configparser.c"
+#line 7853 "util/configparser.c"
     break;
 
-  case 770: /* redis_replica_logical_db: VAR_CACHEDB_REDISREPLICALOGICALDB STRING_ARG  */
-#line 4157 "util/configparser.y"
+  case 771: /* redis_replica_logical_db: VAR_CACHEDB_REDISREPLICALOGICALDB STRING_ARG  */
+#line 4160 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		int db;
@@ -7907,11 +7867,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7911 "util/configparser.c"
+#line 7871 "util/configparser.c"
     break;
 
-  case 771: /* server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG  */
-#line 4172 "util/configparser.y"
+  case 772: /* server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG  */
+#line 4175 "util/configparser.y"
         {
 		OUTYY(("P(server_tcp_connection_limit:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if (atoi((yyvsp[0].str)) < 0)
@@ -7921,11 +7881,11 @@ yyreduce:
 				fatal_exit("out of memory adding tcp connection limit");
 		}
 	}
-#line 7925 "util/configparser.c"
+#line 7885 "util/configparser.c"
     break;
 
-  case 772: /* server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG  */
-#line 4183 "util/configparser.y"
+  case 773: /* server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG  */
+#line 4186 "util/configparser.y"
         {
 		OUTYY(("P(server_answer_cookie:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7933,11 +7893,11 @@ yyreduce:
 		else cfg_parser->cfg->do_answer_cookie = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7937 "util/configparser.c"
+#line 7897 "util/configparser.c"
     break;
 
-  case 773: /* server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG  */
-#line 4192 "util/configparser.y"
+  case 774: /* server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG  */
+#line 4195 "util/configparser.y"
         {
 		uint8_t secret[32];
 		size_t secret_len = sizeof(secret);
@@ -7952,21 +7912,21 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 7956 "util/configparser.c"
+#line 7916 "util/configparser.c"
     break;
 
-  case 774: /* server_cookie_secret_file: VAR_COOKIE_SECRET_FILE STRING_ARG  */
-#line 4208 "util/configparser.y"
+  case 775: /* server_cookie_secret_file: VAR_COOKIE_SECRET_FILE STRING_ARG  */
+#line 4211 "util/configparser.y"
         {
 		OUTYY(("P(cookie_secret_file:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->cookie_secret_file);
 		cfg_parser->cfg->cookie_secret_file = (yyvsp[0].str);
 	}
-#line 7966 "util/configparser.c"
+#line 7926 "util/configparser.c"
     break;
 
-  case 775: /* server_iter_scrub_ns: VAR_ITER_SCRUB_NS STRING_ARG  */
-#line 4215 "util/configparser.y"
+  case 776: /* server_iter_scrub_ns: VAR_ITER_SCRUB_NS STRING_ARG  */
+#line 4218 "util/configparser.y"
         {
 		OUTYY(("P(server_iter_scrub_ns:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -7974,11 +7934,11 @@ yyreduce:
 		else cfg_parser->cfg->iter_scrub_ns = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 7978 "util/configparser.c"
+#line 7938 "util/configparser.c"
     break;
 
-  case 776: /* server_iter_scrub_cname: VAR_ITER_SCRUB_CNAME STRING_ARG  */
-#line 4224 "util/configparser.y"
+  case 777: /* server_iter_scrub_cname: VAR_ITER_SCRUB_CNAME STRING_ARG  */
+#line 4227 "util/configparser.y"
         {
 		OUTYY(("P(server_iter_scrub_cname:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -7986,11 +7946,11 @@ yyreduce:
 		else cfg_parser->cfg->iter_scrub_cname = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 7990 "util/configparser.c"
+#line 7950 "util/configparser.c"
     break;
 
-  case 777: /* server_max_global_quota: VAR_MAX_GLOBAL_QUOTA STRING_ARG  */
-#line 4233 "util/configparser.y"
+  case 778: /* server_max_global_quota: VAR_MAX_GLOBAL_QUOTA STRING_ARG  */
+#line 4236 "util/configparser.y"
         {
 		OUTYY(("P(server_max_global_quota:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -7998,20 +7958,33 @@ yyreduce:
 		else cfg_parser->cfg->max_global_quota = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 8002 "util/configparser.c"
+#line 7962 "util/configparser.c"
+    break;
+
+  case 779: /* server_iter_scrub_promiscuous: VAR_ITER_SCRUB_PROMISCUOUS STRING_ARG  */
+#line 4245 "util/configparser.y"
+        {
+		OUTYY(("P(server_iter_scrub_promiscuous:%s)\n", (yyvsp[0].str)));
+		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
+			yyerror("expected yes or no.");
+		else cfg_parser->cfg->iter_scrub_promiscuous =
+			(strcmp((yyvsp[0].str), "yes")==0);
+		free((yyvsp[0].str));
+	}
+#line 7975 "util/configparser.c"
     break;
 
-  case 778: /* ipsetstart: VAR_IPSET  */
-#line 4242 "util/configparser.y"
+  case 780: /* ipsetstart: VAR_IPSET  */
+#line 4255 "util/configparser.y"
         {
 		OUTYY(("\nP(ipset:)\n"));
 		cfg_parser->started_toplevel = 1;
 	}
-#line 8011 "util/configparser.c"
+#line 7984 "util/configparser.c"
     break;
 
-  case 783: /* ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG  */
-#line 4252 "util/configparser.y"
+  case 785: /* ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG  */
+#line 4265 "util/configparser.y"
         {
 	#ifdef USE_IPSET
 		OUTYY(("P(name-v4:%s)\n", (yyvsp[0].str)));
@@ -8025,11 +7998,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 8029 "util/configparser.c"
+#line 8002 "util/configparser.c"
     break;
 
-  case 784: /* ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG  */
-#line 4267 "util/configparser.y"
+  case 786: /* ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG  */
+#line 4280 "util/configparser.y"
         {
 	#ifdef USE_IPSET
 		OUTYY(("P(name-v6:%s)\n", (yyvsp[0].str)));
@@ -8043,11 +8016,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 8047 "util/configparser.c"
+#line 8020 "util/configparser.c"
     break;
 
 
-#line 8051 "util/configparser.c"
+#line 8024 "util/configparser.c"
 
       default: break;
     }
@@ -8129,6 +8102,7 @@ yyerrorlab:
      label yyerrorlab therefore never appears in user code.  */
   if (0)
     YYERROR;
+  ++yynerrs;
 
   /* Do not reclaim the symbols of the rule whose action triggered
      this YYERROR.  */
@@ -8189,7 +8163,7 @@ yyerrlab1:
 `-------------------------------------*/
 yyacceptlab:
   yyresult = 0;
-  goto yyreturn;
+  goto yyreturnlab;
 
 
 /*-----------------------------------.
@@ -8197,24 +8171,22 @@ yyacceptlab:
 `-----------------------------------*/
 yyabortlab:
   yyresult = 1;
-  goto yyreturn;
+  goto yyreturnlab;
 
 
-#if !defined yyoverflow
-/*-------------------------------------------------.
-| yyexhaustedlab -- memory exhaustion comes here.  |
-`-------------------------------------------------*/
+/*-----------------------------------------------------------.
+| yyexhaustedlab -- YYNOMEM (memory exhaustion) comes here.  |
+`-----------------------------------------------------------*/
 yyexhaustedlab:
   yyerror (YY_("memory exhausted"));
   yyresult = 2;
-  goto yyreturn;
-#endif
+  goto yyreturnlab;
 
 
-/*-------------------------------------------------------.
-| yyreturn -- parsing is finished, clean up and return.  |
-`-------------------------------------------------------*/
-yyreturn:
+/*----------------------------------------------------------.
+| yyreturnlab -- parsing is finished, clean up and return.  |
+`----------------------------------------------------------*/
+yyreturnlab:
   if (yychar != YYEMPTY)
     {
       /* Make sure we have latest lookahead translation.  See comments at
@@ -8241,7 +8213,7 @@ yyreturn:
   return yyresult;
 }
 
-#line 4281 "util/configparser.y"
+#line 4294 "util/configparser.y"
 
 
 /* parse helper routines could be here */
diff --git a/contrib/unbound/util/configparser.h b/contrib/unbound/util/configparser.h
index 50ed20eef7a9..6fab5a35acdf 100644
--- a/contrib/unbound/util/configparser.h
+++ b/contrib/unbound/util/configparser.h
@@ -1,4 +1,4 @@
-/* A Bison parser, made by GNU Bison 3.7.6.  */
+/* A Bison parser, made by GNU Bison 3.8.2.  */
 
 /* Bison interface for Yacc-like parsers in C
 
@@ -427,7 +427,8 @@ extern int yydebug;
     VAR_ITER_SCRUB_CNAME = 628,    /* VAR_ITER_SCRUB_CNAME  */
     VAR_MAX_GLOBAL_QUOTA = 629,    /* VAR_MAX_GLOBAL_QUOTA  */
     VAR_HARDEN_UNVERIFIED_GLUE = 630, /* VAR_HARDEN_UNVERIFIED_GLUE  */
-    VAR_LOG_TIME_ISO = 631         /* VAR_LOG_TIME_ISO  */
+    VAR_LOG_TIME_ISO = 631,        /* VAR_LOG_TIME_ISO  */
+    VAR_ITER_SCRUB_PROMISCUOUS = 632 /* VAR_ITER_SCRUB_PROMISCUOUS  */
   };
   typedef enum yytokentype yytoken_kind_t;
 #endif
@@ -810,6 +811,7 @@ extern int yydebug;
 #define VAR_MAX_GLOBAL_QUOTA 629
 #define VAR_HARDEN_UNVERIFIED_GLUE 630
 #define VAR_LOG_TIME_ISO 631
+#define VAR_ITER_SCRUB_PROMISCUOUS 632
 
 /* Value type.  */
 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
@@ -819,7 +821,7 @@ union YYSTYPE
 
 	char*	str;
 
-#line 823 "util/configparser.h"
+#line 825 "util/configparser.h"
 
 };
 typedef union YYSTYPE YYSTYPE;
@@ -830,6 +832,8 @@ typedef union YYSTYPE YYSTYPE;
 
 extern YYSTYPE yylval;
 
+
 int yyparse (void);
 
+
 #endif /* !YY_YY_UTIL_CONFIGPARSER_H_INCLUDED  */
diff --git a/contrib/unbound/util/configparser.y b/contrib/unbound/util/configparser.y
index ebb23f41cbd3..bef1fd38d1dd 100644
--- a/contrib/unbound/util/configparser.y
+++ b/contrib/unbound/util/configparser.y
@@ -215,6 +215,7 @@ extern struct config_parser_state* cfg_parser;
 %token VAR_LOG_DESTADDR VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED
 %token VAR_COOKIE_SECRET_FILE VAR_ITER_SCRUB_NS VAR_ITER_SCRUB_CNAME
 %token VAR_MAX_GLOBAL_QUOTA VAR_HARDEN_UNVERIFIED_GLUE VAR_LOG_TIME_ISO
+%token VAR_ITER_SCRUB_PROMISCUOUS
 
 %%
 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@@ -356,7 +357,7 @@ content_server: server_num_threads | server_verbosity | server_port |
 	server_harden_unknown_additional | server_disable_edns_do |
 	server_log_destaddr | server_cookie_secret_file |
 	server_iter_scrub_ns | server_iter_scrub_cname | server_max_global_quota |
-	server_harden_unverified_glue | server_log_time_iso
+	server_harden_unverified_glue | server_log_time_iso | server_iter_scrub_promiscuous
 	;
 stub_clause: stubstart contents_stub
 	{
@@ -954,7 +955,7 @@ server_tcp_mss: VAR_TCP_MSS STRING_ARG
 	{
 		OUTYY(("P(server_tcp_mss:%s)\n", $2));
 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
-				yyerror("number expected");
+			yyerror("number expected");
 		else cfg_parser->cfg->tcp_mss = atoi($2);
 		free($2);
 	}
@@ -1168,11 +1169,13 @@ server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
 		free(cfg_parser->cfg->http_endpoint);
 		if($2 && $2[0] != '/') {
 			cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2);
-			if(!cfg_parser->cfg->http_endpoint)
+			if(cfg_parser->cfg->http_endpoint) {
+				cfg_parser->cfg->http_endpoint[0] = '/';
+				memmove(cfg_parser->cfg->http_endpoint+1, $2,
+					strlen($2)+1);
+			} else {
 				yyerror("out of memory");
-			cfg_parser->cfg->http_endpoint[0] = '/';
-			memmove(cfg_parser->cfg->http_endpoint+1, $2,
-				strlen($2)+1);
+			}
 			free($2);
 		} else {
 			cfg_parser->cfg->http_endpoint = $2;
@@ -4238,6 +4241,16 @@ server_max_global_quota: VAR_MAX_GLOBAL_QUOTA STRING_ARG
 		free($2);
 	}
 	;
+server_iter_scrub_promiscuous: VAR_ITER_SCRUB_PROMISCUOUS STRING_ARG
+	{
+		OUTYY(("P(server_iter_scrub_promiscuous:%s)\n", $2));
+		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+			yyerror("expected yes or no.");
+		else cfg_parser->cfg->iter_scrub_promiscuous =
+			(strcmp($2, "yes")==0);
+		free($2);
+	}
+	;
 ipsetstart: VAR_IPSET
 	{
 		OUTYY(("\nP(ipset:)\n"));
diff --git a/contrib/unbound/util/data/dname.c b/contrib/unbound/util/data/dname.c
index f08760e2f9fc..5370aa6f9585 100644
--- a/contrib/unbound/util/data/dname.c
+++ b/contrib/unbound/util/data/dname.c
@@ -57,7 +57,7 @@ query_dname_len(sldns_buffer* query)
 		if(sldns_buffer_remaining(query) < 1)
 			return 0; /* parse error, need label len */
 		labellen = sldns_buffer_read_u8(query);
-		if(labellen&0xc0)
+		if((labellen&0xc0))
 			return 0; /* no compression allowed in queries */
 		len += labellen + 1;
 		if(len > LDNS_MAX_DOMAINLEN)
@@ -79,7 +79,7 @@ dname_valid(uint8_t* dname, size_t maxlen)
 		return 0; /* too short, shortest is '0' root label */
 	labellen = *dname++;
 	while(labellen) {
-		if(labellen&0xc0)
+		if((labellen&0xc0))
 			return 0; /* no compression ptrs allowed */
 		len += labellen + 1;
 		if(len >= LDNS_MAX_DOMAINLEN)
@@ -644,20 +644,22 @@ void dname_str(uint8_t* dname, char* str)
 	if(!dname || !*dname) {
 		*s++ = '.';
 		*s = 0;
-		goto out;
+		return;
 	}
 	lablen = *dname++;
 	while(lablen) {
-		if(lablen > LDNS_MAX_LABELLEN) {
-			*s++ = '#';
-			*s = 0;
-			goto out;
-		}
 		len += lablen+1;
 		if(len >= LDNS_MAX_DOMAINLEN) {
+			if ((s-str) >= (LDNS_MAX_DOMAINLEN-1))
+				s = str + LDNS_MAX_DOMAINLEN - 2;
 			*s++ = '&';
 			*s = 0;
-			goto out;
+			return;
+		}
+		if(lablen > LDNS_MAX_LABELLEN) {
+			*s++ = '#';
+			*s = 0;
+			return;
 		}
 		while(lablen--) {
 			if(isalnum((unsigned char)*dname)
@@ -673,10 +675,6 @@ void dname_str(uint8_t* dname, char* str)
 		lablen = *dname++;
 	}
 	*s = 0;
-
-out:
-	log_assert(s - str < LDNS_MAX_DOMAINLEN);
-	return;
 }
 
 int 
@@ -728,7 +726,7 @@ dname_is_root(uint8_t* dname)
 	return (len == 0);
 }
 
-void 
+void
 dname_remove_label(uint8_t** dname, size_t* len)
 {
 	size_t lablen;
@@ -742,7 +740,23 @@ dname_remove_label(uint8_t** dname, size_t* len)
 	*dname += lablen+1;
 }
 
-void 
+int
+dname_remove_label_limit_len(uint8_t** dname, size_t* len, size_t lenlimit)
+{
+	size_t lablen;
+	log_assert(dname && *dname && len);
+	lablen = (*dname)[0];
+	log_assert(!LABEL_IS_PTR(lablen));
+	log_assert(*len > lablen);
+	if(lablen == 0)
+		return 0; /* do not modify root label */
+	if(*len - (lablen + 1) < lenlimit) return 0;
+	*len -= lablen+1;
+	*dname += lablen+1;
+	return 1;
+}
+
+void
 dname_remove_labels(uint8_t** dname, size_t* len, int n)
 {
 	int i;
diff --git a/contrib/unbound/util/data/dname.h b/contrib/unbound/util/data/dname.h
index 6e4cf7ea3be7..f68c64a03f0d 100644
--- a/contrib/unbound/util/data/dname.h
+++ b/contrib/unbound/util/data/dname.h
@@ -262,11 +262,24 @@ int dname_is_root(uint8_t* dname);
  * Snip off first label from a dname, returning the parent zone.
  * @param dname: from what to strip off. uncompressed wireformat.
  * @param len: length, adjusted to become less.
- * return stripped off, or "." if input was ".".
+ * return dname stripped off, or "." if input was ".".
  */
 void dname_remove_label(uint8_t** dname, size_t* len);
 
 /**
+ * Same as dname_remove_label but fails if removal would surpass lenlimit.
+ * If no failure,
+ * snip off first label from a dname, returning the parent zone.
+ * @param dname: from what to strip off. uncompressed wireformat.
+ * @param len: length, adjusted to become less.
+ * @param lenlimit: length limit that we can't surpass (usually the zone apex).
+ * @return
+ *	o 1,  and dname stripped off, or "." if input was ".", else
+ *	o 0, if going up would surpass lenlimit.
+ */
+int dname_remove_label_limit_len(uint8_t** dname, size_t* len, size_t lenlimit);
+
+/**
  * Snip off first N labels from a dname, returning the parent zone.
  * @param dname: from what to strip off. uncompressed wireformat.
  * @param len: length, adjusted to become less.
diff --git a/contrib/unbound/util/data/msgencode.c b/contrib/unbound/util/data/msgencode.c
index 6d116fb52d6d..84aa3b9e75ae 100644
--- a/contrib/unbound/util/data/msgencode.c
+++ b/contrib/unbound/util/data/msgencode.c
@@ -365,7 +365,7 @@ compress_any_dname(uint8_t* dname, sldns_buffer* pkt, int labs,
 
 /** return true if type needs domain name compression in rdata */
 static const sldns_rr_descriptor*
-type_rdata_compressable(struct ub_packed_rrset_key* key)
+type_rdata_compressible(struct ub_packed_rrset_key* key)
 {
 	uint16_t t = ntohs(key->rk.type);
 	if(sldns_rr_descript(t) && 
@@ -486,7 +486,7 @@ packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt,
 		adjust = SERVE_ORIGINAL_TTL ? data->ttl_add : timenow;
 
 	if(do_data) {
-		const sldns_rr_descriptor* c = type_rdata_compressable(key);
+		const sldns_rr_descriptor* c = type_rdata_compressible(key);
 		for(i=0; i<data->count; i++) {
 			/* rrset roundrobin */
 			j = (i + rr_offset) % data->count;
@@ -1021,7 +1021,7 @@ reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep,
 		flags |= BIT_AA;
 		flags &= ~BIT_AD;
 	}
-	log_assert(flags & BIT_QR); /* QR bit must be on in our replies */
+	log_assert((flags & BIT_QR)); /* QR bit must be on in our replies */
 	if(udpsize < LDNS_HEADER_SIZE)
 		return 0;
 	/* currently edns does not change during calculations;
diff --git a/contrib/unbound/util/data/msgencode.h b/contrib/unbound/util/data/msgencode.h
index 6aff06099ee9..08fcb59b8e36 100644
--- a/contrib/unbound/util/data/msgencode.h
+++ b/contrib/unbound/util/data/msgencode.h
@@ -117,7 +117,7 @@ uint16_t calc_edns_field_size(struct edns_data* edns);
 uint16_t calc_edns_option_size(struct edns_data* edns, uint16_t code);
 
 /**
- * Calculate the size of the EDE option(s) in packet. Also calculate seperately
+ * Calculate the size of the EDE option(s) in packet. Also calculate separately
  * the size of the EXTRA-TEXT field(s) in case we can trim them to fit.
  * In this case include any LDNS_EDE_OTHER options in their entirety since they
  * are useless without extra text.
diff --git a/contrib/unbound/util/data/msgparse.h b/contrib/unbound/util/data/msgparse.h
index 62f0d5aacd80..7de4e394f2ae 100644
--- a/contrib/unbound/util/data/msgparse.h
+++ b/contrib/unbound/util/data/msgparse.h
@@ -308,16 +308,16 @@ int parse_extract_edns_from_response_msg(struct msg_parse* msg,
 /**
  * Skip RRs from packet
  * @param pkt: the packet. position at start must be right after the query
- *	section. At end, right after EDNS data or no movement if failed.
+ *	section. At end, right after EDNS data or partial movement if failed.
  * @param num: Limit of the number of records we want to parse.
- * @return: 0 on success, 1 on failure.
+ * @return: 1 on success, 0 on failure.
  */
 int skip_pkt_rrs(struct sldns_buffer* pkt, int num);
 
 /**
  * If EDNS data follows a query section, extract it and initialize edns struct.
  * @param pkt: the packet. position at start must be right after the query
- *	section. At end, right after EDNS data or no movement if failed.
+ *	section. At end, right after EDNS data or partial movement if failed.
  * @param edns: the edns data allocated by the caller. Does not have to be
  *	initialised.
  * @param cfg: the configuration (with nsid value etc.)
diff --git a/contrib/unbound/util/data/msgreply.c b/contrib/unbound/util/data/msgreply.c
index e98dce133039..02e1230e96e7 100644
--- a/contrib/unbound/util/data/msgreply.c
+++ b/contrib/unbound/util/data/msgreply.c
@@ -251,7 +251,7 @@ rdata_copy(sldns_buffer* pkt, struct packed_rrset_data* data, uint8_t* to,
 
 	*rr_ttl = sldns_read_uint32(rr->ttl_data);
 	/* RFC 2181 Section 8. if msb of ttl is set treat as if zero. */
-	if(*rr_ttl & 0x80000000U)
+	if((*rr_ttl & 0x80000000U))
 		*rr_ttl = 0;
 	if(type == LDNS_RR_TYPE_SOA && section == LDNS_SECTION_AUTHORITY) {
 		/* negative response. see if TTL of SOA record larger than the
@@ -984,14 +984,14 @@ log_reply_info(enum verbosity_value v, struct query_info *qinf,
 		if(daddr->ss_family == AF_INET6) {
 			struct sockaddr_in6 *d = (struct sockaddr_in6 *)daddr;
 			if(inet_ntop(d->sin6_family, &d->sin6_addr, da,
-				sizeof(*d)) == 0)
+				sizeof(da)) == 0)
 				snprintf(dest_buf, sizeof(dest_buf),
 					"(inet_ntop_error)");
 			port = ntohs(d->sin6_port);
 		} else if(daddr->ss_family == AF_INET) {
 			struct sockaddr_in *d = (struct sockaddr_in *)daddr;
 			if(inet_ntop(d->sin_family, &d->sin_addr, da,
-				sizeof(*d)) == 0)
+				sizeof(da)) == 0)
 				snprintf(dest_buf, sizeof(dest_buf),
 					"(inet_ntop_error)");
 			port = ntohs(d->sin_port);
@@ -1129,7 +1129,7 @@ int edns_opt_list_append_ede(struct edns_option** list, struct regional* region,
 	prevp = list;
 	while(*prevp != NULL)
 		prevp = &((*prevp)->next);
-	verbose(VERB_ALGO, "attached EDE code: %d with message: %s", code, (txt?txt:"\"\""));
+	verbose(VERB_ALGO, "attached EDE code: %d with message: '%s'", code, (txt?txt:""));
 	*prevp = opt;
 	return 1;
 }
@@ -1471,3 +1471,22 @@ struct edns_option* edns_opt_list_find(struct edns_option* list, uint16_t code)
 	}
 	return NULL;
 }
+
+int local_alias_shallow_copy_qname(struct local_rrset* local_alias, uint8_t** qname,
+	size_t* qname_len)
+{
+	struct ub_packed_rrset_key* rrset = local_alias->rrset;
+	struct packed_rrset_data* d = rrset->entry.data;
+
+	/* Sanity check: our current implementation only supports
+	    * a single CNAME RRset as a local alias. */
+	if(local_alias->next ||
+		rrset->rk.type != htons(LDNS_RR_TYPE_CNAME) ||
+		d->count != 1) {
+		log_err("assumption failure: unexpected local alias");
+		return 0;
+	}
+	*qname = d->rr_data[0] + 2;
+	*qname_len = d->rr_len[0] - 2;
+	return 1;
+}
diff --git a/contrib/unbound/util/data/msgreply.h b/contrib/unbound/util/data/msgreply.h
index 9c701f07d0c4..1ec4e850b8e1 100644
--- a/contrib/unbound/util/data/msgreply.h
+++ b/contrib/unbound/util/data/msgreply.h
@@ -597,7 +597,7 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len,
 			char text[sizeof(TXT) - 1];			\
 		} ede = { htons(CODE), TXT };				\
                 verbose(VERB_ALGO, "attached EDE code: %d with"		\
-                        " message: %s", CODE, TXT);			\
+                        " message: '%s'", CODE, TXT);			\
 		edns_opt_list_append((LIST), LDNS_EDNS_EDE, 		\
 			sizeof(uint16_t) + sizeof(TXT) - 1,		\
 			(void *)&ede, (REGION));			\
@@ -801,4 +801,14 @@ int edns_opt_compare(struct edns_option* p, struct edns_option* q);
  */
 int edns_opt_list_compare(struct edns_option* p, struct edns_option* q);
 
+/**
+ * Swallow copy the local_alias into the given qname and qname_len.
+ * @param local_alias: the local_alias.
+ * @param qname: the qname to copy to.
+ * @param qname_len: the qname_len to copy to.
+ * @return false on current local_alias assumptions, true otherwise.
+ */
+int local_alias_shallow_copy_qname(struct local_rrset* local_alias, uint8_t** qname,
+	size_t* qname_len);
+
 #endif /* UTIL_DATA_MSGREPLY_H */
diff --git a/contrib/unbound/util/iana_ports.inc b/contrib/unbound/util/iana_ports.inc
index 198a47eb1777..6d8cfd27b88e 100644
--- a/contrib/unbound/util/iana_ports.inc
+++ b/contrib/unbound/util/iana_ports.inc
@@ -3873,6 +3873,7 @@
 4486,
 4488,
 4500,
+4503,
 4534,
 4535,
 4536,
@@ -3979,6 +3980,7 @@
 4790,
 4791,
 4792,
+4793,
 4800,
 4801,
 4802,
diff --git a/contrib/unbound/util/mini_event.c b/contrib/unbound/util/mini_event.c
index c05dc668c676..2be42b2ccf05 100644
--- a/contrib/unbound/util/mini_event.c
+++ b/contrib/unbound/util/mini_event.c
@@ -297,10 +297,10 @@ int event_add(struct event* ev, struct timeval* tv)
 		return -1;
 	if( (ev->ev_events&(EV_READ|EV_WRITE)) && ev->ev_fd != -1) {
 		ev->ev_base->fds[ev->ev_fd] = ev;
-		if(ev->ev_events&EV_READ) {
+		if((ev->ev_events&EV_READ)) {
 			FD_SET(FD_SET_T ev->ev_fd, &ev->ev_base->reads);
 		}
-		if(ev->ev_events&EV_WRITE) {
+		if((ev->ev_events&EV_WRITE)) {
 			FD_SET(FD_SET_T ev->ev_fd, &ev->ev_base->writes);
 		}
 		FD_SET(FD_SET_T ev->ev_fd, &ev->ev_base->content);
diff --git a/contrib/unbound/util/net_help.c b/contrib/unbound/util/net_help.c
index 8eca6b757ca8..6ce0d9131300 100644
--- a/contrib/unbound/util/net_help.c
+++ b/contrib/unbound/util/net_help.c
@@ -317,6 +317,11 @@ int netblockstrtoaddr(const char* str, int port, struct sockaddr_storage* addr,
 			log_err("cannot parse netblock: '%s'", str);
 			return 0;
 		}
+		if(*net < 0) {
+			log_err("netblock value %d is negative in: '%s'",
+				*net, str);
+			return 0;
+		}
 		strlcpy(buf, str, sizeof(buf));
 		s = strchr(buf, '/');
 		if(s) *s = 0;
@@ -430,6 +435,8 @@ int netblockdnametoaddr(uint8_t* dname, size_t dnamelen,
 	*net = atoi(buff);
 	if(*net == 0 && strcmp(buff, "0") != 0)
 		return 0;
+	if(*net < 0)
+		return 0;
 	dname += nlablen;
 	dname++;
 	if(!ipdnametoaddr(dname, dnamelen-1-nlablen, addr, addrlen, af))
@@ -797,7 +804,7 @@ addr_mask(struct sockaddr_storage* addr, socklen_t len, int net)
 		s = (uint8_t*)&((struct sockaddr_in*)addr)->sin_addr;
 		max = 32;
 	}
-	if(net >= max)
+	if(net >= max || net < 0)
 		return;
 	for(i=net/8+1; i<max/8; i++) {
 		s[i] = 0;
@@ -1028,7 +1035,7 @@ void log_crypto_err_code(const char* str, unsigned long err)
 }
 
 #ifdef HAVE_SSL
-/** Print crypt erro with SSL_get_error want code and err_get_error code */
+/** Print crypt error with SSL_get_error want code and err_get_error code */
 static void log_crypto_err_io_code_arg(const char* str, int r,
 	unsigned long err, int err_present)
 {
@@ -1252,6 +1259,14 @@ listen_sslctx_setup(void* ctxt)
 		return 0;
 	}
 #endif
+#if defined(SSL_OP_NO_TLSv1_2) && defined(SSL_OP_NO_TLSv1_3)
+	/* if we have tls 1.3 disable 1.2 */
+	if((SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2) & SSL_OP_NO_TLSv1_2)
+		!= SSL_OP_NO_TLSv1_2){
+		log_crypto_err("could not set SSL_OP_NO_TLSv1_2");
+		return 0;
+	}
+#endif
 #if defined(SSL_OP_NO_RENEGOTIATION)
 	/* disable client renegotiation */
 	if((SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION) &
@@ -1305,7 +1320,7 @@ listen_sslctx_setup_2(void* ctxt)
 	if(!SSL_CTX_set_ecdh_auto(ctx,1)) {
 		log_crypto_err("Error in SSL_CTX_ecdh_auto, not enabling ECDHE");
 	}
-#elif defined(USE_ECDSA) && defined(HAVE_SSL_CTX_SET_TMP_ECDH)
+#elif defined(USE_ECDSA) && HAVE_DECL_SSL_CTX_SET_TMP_ECDH
 	if(1) {
 		EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
 		if (!ecdh) {
diff --git a/contrib/unbound/util/netevent.c b/contrib/unbound/util/netevent.c
index 0d0fff429c03..aedcb5e07a30 100644
--- a/contrib/unbound/util/netevent.c
+++ b/contrib/unbound/util/netevent.c
@@ -1083,6 +1083,11 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg)
 			} else if( cmsg->cmsg_level == SOL_SOCKET &&
 				cmsg->cmsg_type == SO_TIMESTAMP) {
 				memmove(&rep.c->recv_tv, CMSG_DATA(cmsg), sizeof(struct timeval));
+#elif defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP)
+			} else if( cmsg->cmsg_level == SOL_SOCKET &&
+				cmsg->cmsg_type == SCM_TIMESTAMP) {
+				/* FreeBSD and also Linux. */
+				memmove(&rep.c->recv_tv, CMSG_DATA(cmsg), sizeof(struct timeval));
 #endif /* HAVE_LINUX_NET_TSTAMP_H */
 			}
 		}
@@ -3213,6 +3218,9 @@ comm_point_tcp_accept_callback(int fd, short event, void* arg)
 	}
 	/* accept incoming connection. */
 	c_hdl = c->tcp_free;
+	/* Should not happen: inconsistent tcp_free state in
+	 * accept_callback. */
+	log_assert(c_hdl->is_in_tcp_free);
 	/* clear leftover flags from previous use, and then set the
 	 * correct event base for the event structure for libevent */
 	ub_event_free(c_hdl->ev->ev);
@@ -3287,10 +3295,15 @@ comm_point_tcp_accept_callback(int fd, short event, void* arg)
 #endif
 	}
 
+	/* Paranoia: Check that the state has not changed from above: */
+	/* Should not happen: tcp_free state changed within accept_callback. */
+	log_assert(c_hdl == c->tcp_free);
+	log_assert(c_hdl->is_in_tcp_free);
 	/* grab the tcp handler buffers */
 	c->cur_tcp_count++;
 	c->tcp_free = c_hdl->tcp_free;
 	c_hdl->tcp_free = NULL;
+	c_hdl->is_in_tcp_free = 0;
 	if(!c->tcp_free) {
 		/* stop accepting incoming queries for now. */
 		comm_point_stop_listening(c);
@@ -3311,12 +3324,14 @@ reclaim_tcp_handler(struct comm_point* c)
 #endif
 	}
 	comm_point_close(c);
-	if(c->tcp_parent) {
-		if(c != c->tcp_parent->tcp_free) {
-			c->tcp_parent->cur_tcp_count--;
-			c->tcp_free = c->tcp_parent->tcp_free;
-			c->tcp_parent->tcp_free = c;
-		}
+	if(c->tcp_parent && !c->is_in_tcp_free) {
+		/* Should not happen: bad tcp_free state in reclaim_tcp. */
+		log_assert(c->tcp_free == NULL);
+		log_assert(c->tcp_parent->cur_tcp_count > 0);
+		c->tcp_parent->cur_tcp_count--;
+		c->tcp_free = c->tcp_parent->tcp_free;
+		c->tcp_parent->tcp_free = c;
+		c->is_in_tcp_free = 1;
 		if(!c->tcp_free) {
 			/* re-enable listening on accept socket */
 			comm_point_start_listening(c->tcp_parent, -1, -1);
@@ -4630,7 +4645,7 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
 	}
 #endif
 
-	if(event&UB_EV_TIMEOUT) {
+	if((event&UB_EV_TIMEOUT)) {
 		verbose(VERB_QUERY, "tcp took too long, dropped");
 		reclaim_tcp_handler(c);
 		if(!c->tcp_do_close) {
@@ -4640,7 +4655,7 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
 		}
 		return;
 	}
-	if(event&UB_EV_READ
+	if((event&UB_EV_READ)
 #ifdef USE_MSG_FASTOPEN
 		&& !(c->tcp_do_fastopen && (event&UB_EV_WRITE))
 #endif
@@ -4665,7 +4680,7 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
 			tcp_more_read_again(fd, c);
 		return;
 	}
-	if(event&UB_EV_WRITE) {
+	if((event&UB_EV_WRITE)) {
 		int has_tcpq = (c->tcp_req_info != NULL);
 		int* morewrite = c->tcp_more_write_again;
 		if(!comm_point_tcp_handle_write(fd, c)) {
@@ -4702,12 +4717,14 @@ reclaim_http_handler(struct comm_point* c)
 #endif
 	}
 	comm_point_close(c);
-	if(c->tcp_parent) {
-		if(c != c->tcp_parent->tcp_free) {
-			c->tcp_parent->cur_tcp_count--;
-			c->tcp_free = c->tcp_parent->tcp_free;
-			c->tcp_parent->tcp_free = c;
-		}
+	if(c->tcp_parent && !c->is_in_tcp_free) {
+		/* Should not happen: bad tcp_free state in reclaim_http. */
+		log_assert(c->tcp_free == NULL);
+		log_assert(c->tcp_parent->cur_tcp_count > 0);
+		c->tcp_parent->cur_tcp_count--;
+		c->tcp_free = c->tcp_parent->tcp_free;
+		c->tcp_parent->tcp_free = c;
+		c->is_in_tcp_free = 1;
 		if(!c->tcp_free) {
 			/* re-enable listening on accept socket */
 			comm_point_start_listening(c->tcp_parent, -1, -1);
@@ -5144,6 +5161,15 @@ ssize_t http2_recv_cb(nghttp2_session* ATTR_UNUSED(session), uint8_t* buf,
 
 	log_assert(h2_session->c->type == comm_http);
 	log_assert(h2_session->c->h2_session);
+	if(++h2_session->reads_count > h2_session->c->http2_max_streams) {
+		/* We are somewhat arbitrarily capping the amount of
+		 * consecutive reads on the HTTP2 session to the number of max
+		 * allowed streams.
+		 * When we reach the cap, error out with NGHTTP2_ERR_WOULDBLOCK
+		 * to signal nghttp2_session_recv() to stop reading for now. */
+		h2_session->reads_count = 0;
+		return NGHTTP2_ERR_WOULDBLOCK;
+	}
 
 #ifdef HAVE_SSL
 	if(h2_session->c->ssl) {
@@ -5177,7 +5203,7 @@ ssize_t http2_recv_cb(nghttp2_session* ATTR_UNUSED(session), uint8_t* buf,
 	}
 #endif /* HAVE_SSL */
 
-	ret = recv(h2_session->c->fd, buf, len, MSG_DONTWAIT);
+	ret = recv(h2_session->c->fd, (void*)buf, len, MSG_DONTWAIT);
 	if(ret == 0) {
 		return NGHTTP2_ERR_EOF;
 	} else if(ret < 0) {
@@ -5505,7 +5531,7 @@ ssize_t http2_send_cb(nghttp2_session* ATTR_UNUSED(session), const uint8_t* buf,
 	}
 #endif /* HAVE_SSL */
 
-	ret = send(h2_session->c->fd, buf, len, 0);
+	ret = send(h2_session->c->fd, (void*)buf, len, 0);
 	if(ret == 0) {
 		return NGHTTP2_ERR_CALLBACK_FAILURE;
 	} else if(ret < 0) {
@@ -5648,7 +5674,7 @@ comm_point_http_handle_callback(int fd, short event, void* arg)
 	log_assert(c->type == comm_http);
 	ub_comm_base_now(c->ev->base);
 
-	if(event&UB_EV_TIMEOUT) {
+	if((event&UB_EV_TIMEOUT)) {
 		verbose(VERB_QUERY, "http took too long, dropped");
 		reclaim_http_handler(c);
 		if(!c->tcp_do_close) {
@@ -5658,7 +5684,7 @@ comm_point_http_handle_callback(int fd, short event, void* arg)
 		}
 		return;
 	}
-	if(event&UB_EV_READ) {
+	if((event&UB_EV_READ)) {
 		if(!comm_point_http_handle_read(fd, c)) {
 			reclaim_http_handler(c);
 			if(!c->tcp_do_close) {
@@ -5670,7 +5696,7 @@ comm_point_http_handle_callback(int fd, short event, void* arg)
 		}
 		return;
 	}
-	if(event&UB_EV_WRITE) {
+	if((event&UB_EV_WRITE)) {
 		if(!comm_point_http_handle_write(fd, c)) {
 			reclaim_http_handler(c);
 			if(!c->tcp_do_close) {
@@ -5691,7 +5717,7 @@ void comm_point_local_handle_callback(int fd, short event, void* arg)
 	log_assert(c->type == comm_local);
 	ub_comm_base_now(c->ev->base);
 
-	if(event&UB_EV_READ) {
+	if((event&UB_EV_READ)) {
 		if(!comm_point_tcp_handle_read(fd, c, 1)) {
 			fptr_ok(fptr_whitelist_comm_point(c->callback));
 			(void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED,
@@ -5710,7 +5736,7 @@ void comm_point_raw_handle_callback(int ATTR_UNUSED(fd),
 	log_assert(c->type == comm_raw);
 	ub_comm_base_now(c->ev->base);
 
-	if(event&UB_EV_TIMEOUT)
+	if((event&UB_EV_TIMEOUT))
 		err = NETEVENT_TIMEOUT;
 	fptr_ok(fptr_whitelist_comm_point_raw(c->callback));
 	(void)(*c->callback)(c, c->cb_arg, err, NULL);
@@ -5743,6 +5769,7 @@ comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_udp;
 	c->tcp_do_close = 0;
 	c->do_not_close = 0;
@@ -5807,6 +5834,7 @@ comm_point_create_udp_ancil(struct comm_base *base, int fd,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_udp;
 	c->tcp_do_close = 0;
 	c->do_not_close = 0;
@@ -5874,6 +5902,7 @@ comm_point_create_doq(struct comm_base *base, int fd, sldns_buffer* buffer,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_doq;
 	c->tcp_do_close = 0;
 	c->do_not_close = 0;
@@ -5974,6 +6003,7 @@ comm_point_create_tcp_handler(struct comm_base *base,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_tcp;
 	c->tcp_do_close = 0;
 	c->do_not_close = 0;
@@ -6011,6 +6041,7 @@ comm_point_create_tcp_handler(struct comm_base *base,
 	/* add to parent free list */
 	c->tcp_free = parent->tcp_free;
 	parent->tcp_free = c;
+	c->is_in_tcp_free = 1;
 	/* ub_event stuff */
 	evbits = UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT;
 	c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits,
@@ -6073,6 +6104,7 @@ comm_point_create_http_handler(struct comm_base *base,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_http;
 	c->tcp_do_close = 1;
 	c->do_not_close = 0;
@@ -6131,6 +6163,7 @@ comm_point_create_http_handler(struct comm_base *base,
 	/* add to parent free list */
 	c->tcp_free = parent->tcp_free;
 	parent->tcp_free = c;
+	c->is_in_tcp_free = 1;
 	/* ub_event stuff */
 	evbits = UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT;
 	c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits,
@@ -6192,6 +6225,7 @@ comm_point_create_tcp(struct comm_base *base, int fd, int num,
 		return NULL;
 	}
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_tcp_accept;
 	c->tcp_do_close = 0;
 	c->do_not_close = 0;
@@ -6286,6 +6320,7 @@ comm_point_create_tcp_out(struct comm_base *base, size_t bufsize,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_tcp;
 	c->tcp_do_close = 0;
 	c->do_not_close = 0;
@@ -6350,6 +6385,7 @@ comm_point_create_http_out(struct comm_base *base, size_t bufsize,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_http;
 	c->tcp_do_close = 0;
 	c->do_not_close = 0;
@@ -6420,6 +6456,7 @@ comm_point_create_local(struct comm_base *base, int fd, size_t bufsize,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_local;
 	c->tcp_do_close = 0;
 	c->do_not_close = 1;
@@ -6483,6 +6520,7 @@ comm_point_create_raw(struct comm_base* base, int fd, int writing,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_raw;
 	c->tcp_do_close = 0;
 	c->do_not_close = 1;
diff --git a/contrib/unbound/util/netevent.h b/contrib/unbound/util/netevent.h
index 96de0032cef6..c5114bbbef27 100644
--- a/contrib/unbound/util/netevent.h
+++ b/contrib/unbound/util/netevent.h
@@ -238,6 +238,8 @@ struct comm_point {
 	/** linked list of free tcp_handlers to use for new queries.
 	    For tcp_accept the first entry, for tcp_handlers the next one. */
 	struct comm_point* tcp_free;
+	/** Whether this struct is in its parent's tcp_free list */
+	int is_in_tcp_free;
 
 	/* -------- SSL TCP DNS ------- */
 	/** the SSL object with rw bio (owned) or for commaccept ctx ref */
@@ -937,6 +939,8 @@ struct http2_session {
 	/** comm point containing buffer used to build answer in worker or
 	 * module */
 	struct comm_point* c;
+	/** count the number of consecutive reads on the session */
+	uint32_t reads_count;
 	/** session is instructed to get dropped (comm port will be closed) */
 	int is_drop;
 	/** postpone dropping the session, can be used to prevent dropping
diff --git a/contrib/unbound/util/random.c b/contrib/unbound/util/random.c
index 6eb102c634b9..92a4f6dd0bd6 100644
--- a/contrib/unbound/util/random.c
+++ b/contrib/unbound/util/random.c
@@ -78,6 +78,37 @@
  */
 #define MAX_VALUE 0x7fffffff
 
+/* If the build mode is for fuzzing this removes randomness from the output.
+ * This helps fuzz engines from having state increase due to the randomness. */
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+struct ub_randstate {
+       unsigned int dummy;
+};
+
+struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from))
+{
+       struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s));
+       if(!s) {
+               log_err("malloc failure in random init");
+               return NULL;
+       }
+       return s;
+}
+
+long int ub_random(struct ub_randstate* state)
+{
+       state->dummy++;
+       return (long int)(state->dummy & MAX_VALUE);
+}
+
+long int
+ub_random_max(struct ub_randstate* state, long int x)
+{
+       state->dummy++;
+       return ((long int)state->dummy % x);
+}
+#else /* !FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
+
 #if defined(HAVE_SSL) || defined(HAVE_LIBBSD)
 struct ub_randstate* 
 ub_initstate(struct ub_randstate* ATTR_UNUSED(from))
@@ -200,6 +231,8 @@ ub_random_max(struct ub_randstate* state, long int x)
 }
 #endif /* HAVE_NSS or HAVE_NETTLE and !HAVE_LIBBSD */
 
+#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
+
 void 
 ub_randfree(struct ub_randstate* s)
 {
diff --git a/contrib/unbound/validator/val_sigcrypt.c b/contrib/unbound/validator/val_sigcrypt.c
index 9251d2b1f38a..86de6fb8e80f 100644
--- a/contrib/unbound/validator/val_sigcrypt.c
+++ b/contrib/unbound/validator/val_sigcrypt.c
@@ -57,6 +57,7 @@
 #include "sldns/sbuffer.h"
 #include "sldns/parseutil.h"
 #include "sldns/wire2str.h"
+#include "services/mesh.h"
 
 #include <ctype.h>
 #if !defined(HAVE_SSL) && !defined(HAVE_NSS) && !defined(HAVE_NETTLE)
@@ -1677,6 +1678,10 @@ dnskey_verify_rrset_sig(struct regional* region, sldns_buffer* buf,
 	/* verify */
 	sec = verify_canonrrset(buf, (int)sig[2+2],
 		sigblock, sigblock_len, key, keylen, reason);
+
+	/* count validation operation */
+	if(qstate && qstate->env && qstate->env->mesh)
+		qstate->env->mesh->val_ops++;
 	
 	if(sec == sec_status_secure) {
 		/* check if TTL is too high - reduce if so */
diff --git a/contrib/unbound/validator/validator.c b/contrib/unbound/validator/validator.c
index a0550b484eae..5817fc8085a2 100644
--- a/contrib/unbound/validator/validator.c
+++ b/contrib/unbound/validator/validator.c
@@ -76,7 +76,7 @@ static void process_ds_response(struct module_qstate* qstate,
 	struct module_qstate* sub_qstate);
 
 
-/* Updates the suplied EDE (RFC8914) code selectively so we don't lose
+/* Updates the supplied EDE (RFC8914) code selectively so we don't lose
  * a more specific code */
 static void
 update_reason_bogus(struct reply_info* rep, sldns_ede_code reason_bogus)
@@ -399,7 +399,7 @@ needs_validation(struct module_qstate* qstate, int ret_rc,
 	 * For DNS64 bit_cd signals no dns64 processing, but we want to
 	 * provide validation there too */
 	/*
-	if(qstate->query_flags & BIT_CD) {
+	if((qstate->query_flags & BIT_CD)) {
 		verbose(VERB_ALGO, "not validating response due to CD bit");
 		return 0;
 	}
@@ -2593,8 +2593,17 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq,
 
 	/* Update rep->reason_bogus as it is the one being cached */
 	update_reason_bogus(vq->orig_msg->rep, errinf_to_reason_bogus(qstate));
+	if(vq->orig_msg->rep->security != sec_status_bogus &&
+		vq->orig_msg->rep->security != sec_status_secure_sentinel_fail
+		&& vq->orig_msg->rep->reason_bogus == LDNS_EDE_DNSSEC_BOGUS) {
+		/* Not interested in any DNSSEC EDE here, validator by default
+		 * uses LDNS_EDE_DNSSEC_BOGUS;
+		 * TODO revisit default value for the module */
+		vq->orig_msg->rep->reason_bogus = LDNS_EDE_NONE;
+	}
+
 	/* store results in cache */
-	if(qstate->query_flags&BIT_RD) {
+	if((qstate->query_flags&BIT_RD)) {
 		/* if secure, this will override cache anyway, no need
 		 * to check if from parentNS */
 		if(!qstate->no_cache_store) {
@@ -2908,7 +2917,7 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq,
 		struct ub_packed_rrset_key* ds;
 		enum sec_status sec;
 		ds = reply_find_answer_rrset(qinfo, msg->rep);
-		/* If there was no DS rrset, then we have mis-classified 
+		/* If there was no DS rrset, then we have misclassified
 		 * this message. */
 		if(!ds) {
 			log_warn("internal error: POSITIVE DS response was "
@@ -3460,7 +3469,7 @@ val_inform_super(struct module_qstate* qstate, int id,
 		if(suspend) {
 			/* deep copy the return_msg to vq->sub_ds_msg; it will
 			 * be resumed later in the super state with the caveat
-			 * that the initial calculations will be re-caclulated
+			 * that the initial calculations will be re-calculated
 			 * and re-suspended there before continuing. */
 			vq->sub_ds_msg = dns_msg_deepcopy_region(
 				qstate->return_msg, super->region);
diff --git a/contrib/unbound/winrc/win_svc.c b/contrib/unbound/winrc/win_svc.c
index 40e12f1cff87..429b045dc289 100644
--- a/contrib/unbound/winrc/win_svc.c
+++ b/contrib/unbound/winrc/win_svc.c
@@ -328,6 +328,7 @@ service_init(int r, struct daemon** d, struct config_file** c)
 			return 0;
 		}
 		log_warn("could not open config file, using defaults");
+		config_auto_slab_values(cfg);
 	}
 	if(!r) report_status(SERVICE_START_PENDING, NO_ERROR, 2600);
 
diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.include.dist
index 59fc34860a03..688845cf11ea 100644
--- a/etc/mtree/BSD.include.dist
+++ b/etc/mtree/BSD.include.dist
@@ -187,8 +187,6 @@
         ..
         wg
         ..
-        wi
-        ..
     ..
     devdctl
     ..
diff --git a/lib/libc/inet/inet_net_ntop.c b/lib/libc/inet/inet_net_ntop.c
index f523e460e8bb..141a7c9a327f 100644
--- a/lib/libc/inet/inet_net_ntop.c
+++ b/lib/libc/inet/inet_net_ntop.c
@@ -1,20 +1,23 @@
-/*-
- * SPDX-License-Identifier: ISC
+/*	$OpenBSD: inet_net_ntop.c,v 1.9 2019/07/03 03:24:04 deraadt Exp $	*/
+
+/*
+ * Copyright (c) 2012 by Gilles Chehade <gilles@openbsd.org>
+ * Copyright (c) 1996 by Internet Software Consortium.
  *
- * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 1996,1999 by Internet Software Consortium.
+ * SPDX-License-Identifier: ISC
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
- * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
@@ -35,18 +38,10 @@ static const char rcsid[] = "$Id: inet_net_ntop.c,v 1.5 2006/06/20 02:50:14 mark
 
 #include "port_after.h"
 
-#ifdef SPRINTF_CHAR
-# define SPRINTF(x) strlen(sprintf/**/x)
-#else
-# define SPRINTF(x) ((size_t)sprintf x)
-#endif
-
-static char *	inet_net_ntop_ipv4(const u_char *src, int bits, char *dst,
-		    size_t size);
-static char *	inet_net_ntop_ipv6(const u_char *src, int bits, char *dst,
-		    size_t size);
+static char *inet_net_ntop_ipv4(const u_char *, int, char *, size_t);
+static char *inet_net_ntop_ipv6(const u_char *, int, char *, size_t);
 
-/*%
+/*
  * char *
  * inet_net_ntop(af, src, bits, dst, size)
  *	convert network number from network to presentation format.
@@ -70,7 +65,7 @@ inet_net_ntop(int af, const void *src, int bits, char *dst, size_t size)
 	}
 }
 
-/*%
+/*
  * static char *
  * inet_net_ntop_ipv4(src, bits, dst, size)
  *	convert IPv4 network number from network to presentation format.
@@ -87,53 +82,63 @@ static char *
 inet_net_ntop_ipv4(const u_char *src, int bits, char *dst, size_t size)
 {
 	char *odst = dst;
-	char *t;
 	u_int m;
 	int b;
+	char *ep;
+	int advance;
+
+	ep = dst + size;
+	if (ep <= dst)
+		goto emsgsize;
 
 	if (bits < 0 || bits > 32) {
 		errno = EINVAL;
 		return (NULL);
 	}
-
 	if (bits == 0) {
-		if (size < sizeof "0")
+		if (ep - dst < sizeof "0")
 			goto emsgsize;
 		*dst++ = '0';
-		size--;
 		*dst = '\0';
 	}
 
 	/* Format whole octets. */
 	for (b = bits / 8; b > 0; b--) {
-		if (size <= sizeof "255.")
+		if (ep - dst < sizeof "255.")
 			goto emsgsize;
-		t = dst;
-		dst += SPRINTF((dst, "%u", *src++));
+		advance = snprintf(dst, ep - dst, "%u", *src++);
+		if (advance <= 0 || advance >= ep - dst)
+			goto emsgsize;
+		dst += advance;
 		if (b > 1) {
+			if (dst + 1 >= ep)
+				goto emsgsize;
 			*dst++ = '.';
 			*dst = '\0';
 		}
-		size -= (size_t)(dst - t);
 	}
 
 	/* Format partial octet. */
 	b = bits % 8;
 	if (b > 0) {
-		if (size <= sizeof ".255")
+		if (ep - dst < sizeof ".255")
 			goto emsgsize;
-		t = dst;
 		if (dst != odst)
 			*dst++ = '.';
 		m = ((1 << b) - 1) << (8 - b);
-		dst += SPRINTF((dst, "%u", *src & m));
-		size -= (size_t)(dst - t);
+		advance = snprintf(dst, ep - dst, "%u", *src & m);
+		if (advance <= 0 || advance >= ep - dst)
+			goto emsgsize;
+		dst += advance;
 	}
 
 	/* Format CIDR /width. */
-	if (size <= sizeof "/32")
+	if (ep - dst < sizeof "/32")
+		goto emsgsize;
+	advance = snprintf(dst, ep - dst, "/%u", bits);
+	if (advance <= 0 || advance >= ep - dst)
 		goto emsgsize;
-	dst += SPRINTF((dst, "/%u", bits));
+	dst += advance;
 	return (odst);
 
  emsgsize:
@@ -141,132 +146,27 @@ inet_net_ntop_ipv4(const u_char *src, int bits, char *dst, size_t size)
 	return (NULL);
 }
 
-/*%
- * static char *
- * inet_net_ntop_ipv6(src, bits, fakebits, dst, size)
- *	convert IPv6 network number from network to presentation format.
- *	generates CIDR style result always. Picks the shortest representation
- *	unless the IP is really IPv4.
- *	always prints specified number of bits (bits).
- * return:
- *	pointer to dst, or NULL if an error occurred (check errno).
- * note:
- *	network byte order assumed.  this means 192.5.5.240/28 has
- *	0b11110000 in its fourth octet.
- * author:
- *	Vadim Kogan (UCB), June 2001
- *  Original version (IPv4) by Paul Vixie (ISC), July 1996
- */
-
 static char *
-inet_net_ntop_ipv6(const u_char *src, int bits, char *dst, size_t size) {
-	u_int	m;
-	int	b;
-	int	p;
-	int	zero_s, zero_l, tmp_zero_s, tmp_zero_l;
-	int	i;
-	int	is_ipv4 = 0;
-	unsigned char inbuf[16];
-	char outbuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255/128")];
-	char	*cp;
-	int	words;
-	u_char	*s;
+inet_net_ntop_ipv6(const u_char *src, int bits, char *dst, size_t size)
+{
+	int	ret;
+	char	buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255:255:255:255/128")];
 
 	if (bits < 0 || bits > 128) {
 		errno = EINVAL;
 		return (NULL);
 	}
 
-	cp = outbuf;
-
-	if (bits == 0) {
-		*cp++ = ':';
-		*cp++ = ':';
-		*cp = '\0';
-	} else {
-		/* Copy src to private buffer.  Zero host part. */
-		p = (bits + 7) / 8;
-		memcpy(inbuf, src, p);
-		memset(inbuf + p, 0, 16 - p);
-		b = bits % 8;
-		if (b != 0) {
-			m = ~0 << (8 - b);
-			inbuf[p-1] &= m;
-		}
-
-		s = inbuf;
-
-		/* how many words need to be displayed in output */
-		words = (bits + 15) / 16;
-		if (words == 1)
-			words = 2;
-
-		/* Find the longest substring of zero's */
-		zero_s = zero_l = tmp_zero_s = tmp_zero_l = 0;
-		for (i = 0; i < (words * 2); i += 2) {
-			if ((s[i] | s[i+1]) == 0) {
-				if (tmp_zero_l == 0)
-					tmp_zero_s = i / 2;
-				tmp_zero_l++;
-			} else {
-				if (tmp_zero_l && zero_l < tmp_zero_l) {
-					zero_s = tmp_zero_s;
-					zero_l = tmp_zero_l;
-					tmp_zero_l = 0;
-				}
-			}
-		}
-
-		if (tmp_zero_l && zero_l < tmp_zero_l) {
-			zero_s = tmp_zero_s;
-			zero_l = tmp_zero_l;
-		}
-
-		if (zero_l != words && zero_s == 0 && ((zero_l == 6) ||
-		    ((zero_l == 5 && s[10] == 0xff && s[11] == 0xff) ||
-		    ((zero_l == 7 && s[14] != 0 && s[15] != 1)))))
-			is_ipv4 = 1;
-
-		/* Format whole words. */
-		for (p = 0; p < words; p++) {
-			if (zero_l != 0 && p >= zero_s && p < zero_s + zero_l) {
-				/* Time to skip some zeros */
-				if (p == zero_s)
-					*cp++ = ':';
-				if (p == words - 1)
-					*cp++ = ':';
-				s++;
-				s++;
-				continue;
-			}
+	if (inet_ntop(AF_INET6, src, buf, size) == NULL)
+		return (NULL);
 
-			if (is_ipv4 && p > 5 ) {
-				*cp++ = (p == 6) ? ':' : '.';
-				cp += SPRINTF((cp, "%u", *s++));
-				/* we can potentially drop the last octet */
-				if (p != 7 || bits > 120) {
-					*cp++ = '.';
-					cp += SPRINTF((cp, "%u", *s++));
-				}
-			} else {
-				if (cp != outbuf)
-					*cp++ = ':';
-				cp += SPRINTF((cp, "%x", *s * 256 + s[1]));
-				s += 2;
-			}
-		}
+	ret = snprintf(dst, size, "%s/%d", buf, bits);
+	if (ret < 0 || ret >= size) {
+		errno = EMSGSIZE;
+		return (NULL);
 	}
-	/* Format CIDR /width. */
-	sprintf(cp, "/%u", bits);
-	if (strlen(outbuf) + 1 > size)
-		goto emsgsize;
-	strcpy(dst, outbuf);
 
 	return (dst);
-
-emsgsize:
-	errno = EMSGSIZE;
-	return (NULL);
 }
 
 /*
@@ -275,5 +175,3 @@ emsgsize:
  */
 #undef inet_net_ntop
 __weak_reference(__inet_net_ntop, inet_net_ntop);
-
-/*! \file */
diff --git a/lib/libc/inet/inet_net_pton.c b/lib/libc/inet/inet_net_pton.c
index 9fe41702738d..fb015318c369 100644
--- a/lib/libc/inet/inet_net_pton.c
+++ b/lib/libc/inet/inet_net_pton.c
@@ -1,20 +1,23 @@
-/*-
- * SPDX-License-Identifier: ISC
+/*	$OpenBSD: inet_net_pton.c,v 1.14 2022/12/27 17:10:06 jmc Exp $	*/
+
+/*
+ * Copyright (c) 2012 by Gilles Chehade <gilles@openbsd.org>
+ * Copyright (c) 1996,1999 by Internet Software Consortium.
  *
- * Copyright (C) 2004, 2005, 2008  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1996, 1998, 1999, 2001, 2003  Internet Software Consortium.
+ * SPDX-License-Identifier: ISC
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
@@ -26,7 +29,6 @@ static const char rcsid[] = "$Id: inet_net_pton.c,v 1.10 2008/11/14 02:36:51 mar
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
-#include <arpa/nameser.h>
 #include <arpa/inet.h>
 
 #include <assert.h>
@@ -38,13 +40,37 @@ static const char rcsid[] = "$Id: inet_net_pton.c,v 1.10 2008/11/14 02:36:51 mar
 
 #include "port_after.h"
 
-#ifdef SPRINTF_CHAR
-# define SPRINTF(x) strlen(sprintf/**/x)
-#else
-# define SPRINTF(x) ((size_t)sprintf x)
-#endif
+static int	inet_net_pton_ipv4(const char *, u_char *, size_t);
+static int	inet_net_pton_ipv6(const char *, u_char *, size_t);
 
-/*%
+/*
+ * static int
+ * inet_net_pton(af, src, dst, size)
+ *	convert network number from presentation to network format.
+ *	accepts hex octets, hex strings, decimal octets, and /CIDR.
+ *	"size" is in bytes and describes "dst".
+ * return:
+ *	number of bits, either imputed classfully or specified with /CIDR,
+ *	or -1 if some failure occurred (check errno).  ENOENT means it was
+ *	not a valid network specification.
+ * author:
+ *	Paul Vixie (ISC), June 1996
+ */
+int
+inet_net_pton(int af, const char *src, void *dst, size_t size)
+{
+	switch (af) {
+	case AF_INET:
+		return (inet_net_pton_ipv4(src, dst, size));
+	case AF_INET6:
+		return (inet_net_pton_ipv6(src, dst, size));
+	default:
+		errno = EAFNOSUPPORT;
+		return (-1);
+	}
+}
+
+/*
  * static int
  * inet_net_pton_ipv4(src, dst, size)
  *	convert IPv4 network number from presentation to network format.
@@ -61,22 +87,24 @@ static const char rcsid[] = "$Id: inet_net_pton.c,v 1.10 2008/11/14 02:36:51 mar
  *	Paul Vixie (ISC), June 1996
  */
 static int
-inet_net_pton_ipv4(const char *src, u_char *dst, size_t size) {
-	static const char xdigits[] = "0123456789abcdef";
-	static const char digits[] = "0123456789";
-	int n, ch, tmp = 0, dirty, bits;
+inet_net_pton_ipv4(const char *src, u_char *dst, size_t size)
+{
+	static const char
+		xdigits[] = "0123456789abcdef",
+		digits[] = "0123456789";
+	int n, ch, tmp, dirty, bits;
 	const u_char *odst = dst;
 
-	ch = *src++;
+	ch = (unsigned char)*src++;
 	if (ch == '0' && (src[0] == 'x' || src[0] == 'X')
-	    && isascii((unsigned char)(src[1]))
-	    && isxdigit((unsigned char)(src[1]))) {
+	    && isascii((unsigned char)src[1]) && isxdigit((unsigned char)src[1])) {
 		/* Hexadecimal: Eat nybble string. */
-		if (size <= 0U)
+		if (size == 0)
 			goto emsgsize;
-		dirty = 0;
-		src++;	/*%< skip x or X. */
-		while ((ch = *src++) != '\0' && isascii(ch) && isxdigit(ch)) {
+		tmp = 0, dirty = 0;
+		src++;	/* skip x or X. */
+		while ((ch = (unsigned char)*src++) != '\0' &&
+		    isascii(ch) && isxdigit(ch)) {
 			if (isupper(ch))
 				ch = tolower(ch);
 			n = strchr(xdigits, ch) - xdigits;
@@ -86,14 +114,14 @@ inet_net_pton_ipv4(const char *src, u_char *dst, size_t size) {
 			else
 				tmp = (tmp << 4) | n;
 			if (++dirty == 2) {
-				if (size-- <= 0U)
+				if (size-- == 0)
 					goto emsgsize;
 				*dst++ = (u_char) tmp;
 				dirty = 0;
 			}
 		}
-		if (dirty) {  /*%< Odd trailing nybble? */
-			if (size-- <= 0U)
+		if (dirty) {  /* Odd trailing nybble? */
+			if (size-- == 0)
 				goto emsgsize;
 			*dst++ = (u_char) (tmp << 4);
 		}
@@ -108,16 +136,16 @@ inet_net_pton_ipv4(const char *src, u_char *dst, size_t size) {
 				tmp += n;
 				if (tmp > 255)
 					goto enoent;
-			} while ((ch = *src++) != '\0' &&
+			} while ((ch = (unsigned char)*src++) != '\0' &&
 				 isascii(ch) && isdigit(ch));
-			if (size-- <= 0U)
+			if (size-- == 0)
 				goto emsgsize;
 			*dst++ = (u_char) tmp;
 			if (ch == '\0' || ch == '/')
 				break;
 			if (ch != '.')
 				goto enoent;
-			ch = *src++;
+			ch = (unsigned char)*src++;
 			if (!isascii(ch) || !isdigit(ch))
 				goto enoent;
 		}
@@ -125,10 +153,10 @@ inet_net_pton_ipv4(const char *src, u_char *dst, size_t size) {
 		goto enoent;
 
 	bits = -1;
-	if (ch == '/' && isascii((unsigned char)(src[0])) &&
-	    isdigit((unsigned char)(src[0])) && dst > odst) {
+	if (ch == '/' && isascii((unsigned char)src[0]) &&
+	    isdigit((unsigned char)src[0]) && dst > odst) {
 		/* CIDR width specifier.  Nothing can follow it. */
-		ch = *src++;	/*%< Skip over the /. */
+		ch = (unsigned char)*src++;	/* Skip over the /. */
 		bits = 0;
 		do {
 			n = strchr(digits, ch) - digits;
@@ -136,8 +164,9 @@ inet_net_pton_ipv4(const char *src, u_char *dst, size_t size) {
 			bits *= 10;
 			bits += n;
 			if (bits > 32)
-				goto enoent;
-		} while ((ch = *src++) != '\0' && isascii(ch) && isdigit(ch));
+				goto emsgsize;
+		} while ((ch = (unsigned char)*src++) != '\0' &&
+			 isascii(ch) && isdigit(ch));
 		if (ch != '\0')
 			goto enoent;
 	}
@@ -151,29 +180,23 @@ inet_net_pton_ipv4(const char *src, u_char *dst, size_t size) {
 		goto enoent;
 	/* If no CIDR spec was given, infer width from net class. */
 	if (bits == -1) {
-		if (*odst >= 240)	/*%< Class E */
+		if (*odst >= 240)	/* Class E */
 			bits = 32;
-		else if (*odst >= 224)	/*%< Class D */
-			bits = 8;
-		else if (*odst >= 192)	/*%< Class C */
+		else if (*odst >= 224)	/* Class D */
+			bits = 4;
+		else if (*odst >= 192)	/* Class C */
 			bits = 24;
-		else if (*odst >= 128)	/*%< Class B */
+		else if (*odst >= 128)	/* Class B */
 			bits = 16;
-		else			/*%< Class A */
+		else			/* Class A */
 			bits = 8;
 		/* If imputed mask is narrower than specified octets, widen. */
 		if (bits < ((dst - odst) * 8))
 			bits = (dst - odst) * 8;
-		/*
-		 * If there are no additional bits specified for a class D
-		 * address adjust bits to 4.
-		 */
-		if (bits == 8 && *odst == 224)
-			bits = 4;
 	}
 	/* Extend network to cover the actual mask. */
 	while (bits > ((dst - odst) * 8)) {
-		if (size-- <= 0U)
+		if (size-- == 0)
 			goto emsgsize;
 		*dst++ = '\0';
 	}
@@ -188,222 +211,48 @@ inet_net_pton_ipv4(const char *src, u_char *dst, size_t size) {
 	return (-1);
 }
 
-static int
-getbits(const char *src, int *bitsp) {
-	static const char digits[] = "0123456789";
-	int n;
-	int val;
-	char ch;
-
-	val = 0;
-	n = 0;
-	while ((ch = *src++) != '\0') {
-		const char *pch;
-
-		pch = strchr(digits, ch);
-		if (pch != NULL) {
-			if (n++ != 0 && val == 0)	/*%< no leading zeros */
-				return (0);
-			val *= 10;
-			val += (pch - digits);
-			if (val > 128)			/*%< range */
-				return (0);
-			continue;
-		}
-		return (0);
-	}
-	if (n == 0)
-		return (0);
-	*bitsp = val;
-	return (1);
-}
 
 static int
-getv4(const char *src, u_char *dst, int *bitsp) {
-	static const char digits[] = "0123456789";
-	u_char *odst = dst;
-	int n;
-	u_int val;
-	char ch;
-
-	val = 0;
-	n = 0;
-	while ((ch = *src++) != '\0') {
-		const char *pch;
+inet_net_pton_ipv6(const char *src, u_char *dst, size_t size)
+{
+	struct in6_addr	 in6;
+	int		 ret;
+	int		 bits;
+	size_t		 bytes;
+	char		 buf[INET6_ADDRSTRLEN + sizeof("/128")];
+	char		*sep;
+	const char	*errstr;
 
-		pch = strchr(digits, ch);
-		if (pch != NULL) {
-			if (n++ != 0 && val == 0)	/*%< no leading zeros */
-				return (0);
-			val *= 10;
-			val += (pch - digits);
-			if (val > 255)			/*%< range */
-				return (0);
-			continue;
-		}
-		if (ch == '.' || ch == '/') {
-			if (dst - odst > 3)		/*%< too many octets? */
-				return (0);
-			*dst++ = val;
-			if (ch == '/')
-				return (getbits(src, bitsp));
-			val = 0;
-			n = 0;
-			continue;
-		}
-		return (0);
+	if (strlcpy(buf, src, sizeof buf) >= sizeof buf) {
+		errno = EMSGSIZE;
+		return (-1);
 	}
-	if (n == 0)
-		return (0);
-	if (dst - odst > 3)		/*%< too many octets? */
-		return (0);
-	*dst++ = val;
-	return (1);
-}
 
-static int
-inet_net_pton_ipv6(const char *src, u_char *dst, size_t size) {
-	static const char xdigits_l[] = "0123456789abcdef",
-			  xdigits_u[] = "0123456789ABCDEF";
-	u_char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
-	const char *xdigits, *curtok;
-	int ch, saw_xdigit;
-	u_int val;
-	int digits;
-	int bits;
-	size_t bytes;
-	int words;
-	int ipv4;
+	sep = strchr(buf, '/');
+	if (sep != NULL)
+		*sep++ = '\0';
 
-	memset((tp = tmp), '\0', NS_IN6ADDRSZ);
-	endp = tp + NS_IN6ADDRSZ;
-	colonp = NULL;
-	/* Leading :: requires some special handling. */
-	if (*src == ':')
-		if (*++src != ':')
-			goto enoent;
-	curtok = src;
-	saw_xdigit = 0;
-	val = 0;
-	digits = 0;
-	bits = -1;
-	ipv4 = 0;
-	while ((ch = *src++) != '\0') {
-		const char *pch;
+	ret = inet_pton(AF_INET6, buf, &in6);
+	if (ret != 1)
+		return (-1);
 
-		if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
-			pch = strchr((xdigits = xdigits_u), ch);
-		if (pch != NULL) {
-			val <<= 4;
-			val |= (pch - xdigits);
-			if (++digits > 4)
-				goto enoent;
-			saw_xdigit = 1;
-			continue;
-		}
-		if (ch == ':') {
-			curtok = src;
-			if (!saw_xdigit) {
-				if (colonp)
-					goto enoent;
-				colonp = tp;
-				continue;
-			} else if (*src == '\0')
-				goto enoent;
-			if (tp + NS_INT16SZ > endp)
-				return (0);
-			*tp++ = (u_char) (val >> 8) & 0xff;
-			*tp++ = (u_char) val & 0xff;
-			saw_xdigit = 0;
-			digits = 0;
-			val = 0;
-			continue;
-		}
-		if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
-		     getv4(curtok, tp, &bits) > 0) {
-			tp += NS_INADDRSZ;
-			saw_xdigit = 0;
-			ipv4 = 1;
-			break;	/*%< '\\0' was seen by inet_pton4(). */
-		}
-		if (ch == '/' && getbits(src, &bits) > 0)
-			break;
-		goto enoent;
-	}
-	if (saw_xdigit) {
-		if (tp + NS_INT16SZ > endp)
-			goto enoent;
-		*tp++ = (u_char) (val >> 8) & 0xff;
-		*tp++ = (u_char) val & 0xff;
-	}
-	if (bits == -1)
+	if (sep == NULL)
 		bits = 128;
-
-	words = (bits + 15) / 16;
-	if (words < 2)
-		words = 2;
-	if (ipv4)
-		words = 8;
-	endp =  tmp + 2 * words;
-
-	if (colonp != NULL) {
-		/*
-		 * Since some memmove()'s erroneously fail to handle
-		 * overlapping regions, we'll do the shift by hand.
-		 */
-		const int n = tp - colonp;
-		int i;
-
-		if (tp == endp)
-			goto enoent;
-		for (i = 1; i <= n; i++) {
-			endp[- i] = colonp[n - i];
-			colonp[n - i] = 0;
+	else {
+		bits = strtonum(sep, 0, 128, &errstr);
+		if (errstr) {
+			errno = EINVAL;
+			return (-1);
 		}
-		tp = endp;
 	}
-	if (tp != endp)
-		goto enoent;
 
 	bytes = (bits + 7) / 8;
-	if (bytes > size)
-		goto emsgsize;
-	memcpy(dst, tmp, bytes);
-	return (bits);
-
- enoent:
-	errno = ENOENT;
-	return (-1);
-
- emsgsize:
-	errno = EMSGSIZE;
-	return (-1);
-}
-
-/*%
- * int
- * inet_net_pton(af, src, dst, size)
- *	convert network number from presentation to network format.
- *	accepts hex octets, hex strings, decimal octets, and /CIDR.
- *	"size" is in bytes and describes "dst".
- * return:
- *	number of bits, either imputed classfully or specified with /CIDR,
- *	or -1 if some failure occurred (check errno).  ENOENT means it was
- *	not a valid network specification.
- * author:
- *	Paul Vixie (ISC), June 1996
- */
-int
-inet_net_pton(int af, const char *src, void *dst, size_t size) {
-	switch (af) {
-	case AF_INET:
-		return (inet_net_pton_ipv4(src, dst, size));
-	case AF_INET6:
-		return (inet_net_pton_ipv6(src, dst, size));
-	default:
-		errno = EAFNOSUPPORT;
+	if (bytes > size) {
+		errno = EMSGSIZE;
 		return (-1);
 	}
+	memcpy(dst, &in6.s6_addr, bytes);
+	return (bits);
 }
 
 /*
@@ -412,5 +261,3 @@ inet_net_pton(int af, const char *src, void *dst, size_t size) {
  */
 #undef inet_net_pton
 __weak_reference(__inet_net_pton, inet_net_pton);
-
-/*! \file */
diff --git a/lib/libc/stdtime/strptime.3 b/lib/libc/stdtime/strptime.3
index 7df73d2d080a..9456fa757b85 100644
--- a/lib/libc/stdtime/strptime.3
+++ b/lib/libc/stdtime/strptime.3
@@ -171,7 +171,7 @@ is taken as noon.
 The
 .Fa %Z
 format specifier only accepts time zone abbreviations of the local time zone,
-or the value "GMT".
+and the values "GMT", "UTC", or "Z".
 This limitation is because of ambiguity due to of the over loading of time
 zone abbreviations.
 One such example is
diff --git a/lib/libc/stdtime/strptime.c b/lib/libc/stdtime/strptime.c
index e9ffe7180916..b89e140aa8d5 100644
--- a/lib/libc/stdtime/strptime.c
+++ b/lib/libc/stdtime/strptime.c
@@ -554,7 +554,8 @@ label:
 				zonestr[cp - buf] = '\0';
 				tzset();
 				if (0 == strcmp(zonestr, "GMT") ||
-				    0 == strcmp(zonestr, "UTC")) {
+				    0 == strcmp(zonestr, "UTC") ||
+				    0 == strcmp(zonestr, "Z")) {
 				    *GMTp = 1;
 				} else if (0 == strcmp(zonestr, tzname[0])) {
 				    tm->tm_isdst = 0;
diff --git a/lib/libc/tests/net/Makefile b/lib/libc/tests/net/Makefile
index d939edeeb00d..88ceda5e11ae 100644
--- a/lib/libc/tests/net/Makefile
+++ b/lib/libc/tests/net/Makefile
@@ -5,8 +5,10 @@ ATF_TESTS_C+=	ether_test
 ATF_TESTS_C+=	eui64_aton_test
 ATF_TESTS_C+=	eui64_ntoa_test
 ATF_TESTS_CXX+=	link_addr_test
+ATF_TESTS_CXX+=	inet_net_test
 
 CXXSTD.link_addr_test=	c++20
+CXXSTD.inet_net_test=	c++20
 
 CFLAGS+=	-I${.CURDIR}
 
diff --git a/lib/libc/tests/net/inet_net_test.cc b/lib/libc/tests/net/inet_net_test.cc
new file mode 100644
index 000000000000..60b60b152eca
--- /dev/null
+++ b/lib/libc/tests/net/inet_net_test.cc
@@ -0,0 +1,333 @@
+/*
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 2025 Lexi Winter <ivy@FreeBSD.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Tests for inet_net_pton() and inet_net_ntop().
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <ranges>
+#include <string>
+#include <vector>
+
+#include <atf-c++.hpp>
+
+using namespace std::literals;
+
+/*
+ * inet_net_ntop() and inet_net_pton() for IPv4.
+ */
+ATF_TEST_CASE_WITHOUT_HEAD(inet_net_inet4)
+ATF_TEST_CASE_BODY(inet_net_inet4)
+{
+	/*
+	 * Define a list of addresses we want to check.  Each address is passed
+	 * to inet_net_pton() to convert it to an in_addr, then we convert the
+	 * in_addr back to a string and compare it with the expected value.  We
+	 * want to test over-long prefixes here (such as 10.0.0.1/8), so we also
+	 * specify what the result is expected to be.
+	 */
+
+	struct test_addr {
+		std::string input;
+		int bits;
+		std::string output;
+	};
+
+	auto test_addrs = std::vector<test_addr>{
+		// Simple prefixes that fall on octet boundaries.
+		{ "10.0.0.0/8",		8,	"10/8" },
+		{ "10.1.0.0/16",	16,	"10.1/16" },
+		{ "10.1.2.0/24",	24,	"10.1.2/24" },
+		{ "10.1.2.3/32",	32,	"10.1.2.3/32" },
+
+		// Simple prefixes with the short-form address.
+		{ "10/8",		8,	"10/8" },
+		{ "10.1/16",		16,	"10.1/16" },
+		{ "10.1.2/24",		24,	"10.1.2/24" },
+
+		// A prefix that doesn't fall on an octet boundary.
+		{ "10.1.64/18",		18,	"10.1.64/18" },
+
+		// An overlong prefix with bits that aren't part of the prefix.
+		{ "10.0.0.1/8",		8,	"10/8" },
+	};
+
+	for (auto const &addr: test_addrs) {
+		/*
+		 * Convert the input string to an in_addr + bits, and make
+		 * sure the result produces the number of bits we expected.
+		 */
+
+		auto in = in_addr{};
+		auto bits = inet_net_pton(AF_INET, addr.input.c_str(),
+		    &in, sizeof(in));
+		ATF_REQUIRE(bits != -1);
+		ATF_REQUIRE_EQ(bits, addr.bits);
+
+		/*
+		 * Convert the in_addr back to a string
+		 */
+
+		/*
+		 * XXX: Should there be a constant for the size of the result
+		 * buffer?  For now, use ADDRSTRLEN + 3 ("/32") + 1 (NUL).
+		 *
+		 * Fill the buffer with 'Z', so we can check the result was
+		 * properly terminated.
+		 */
+		auto strbuf = std::vector<char>(INET_ADDRSTRLEN + 3 + 1, 'Z');
+		auto ret = inet_net_ntop(AF_INET, &in, bits,
+		    strbuf.data(), strbuf.size());
+		ATF_REQUIRE(ret != NULL);
+		ATF_REQUIRE_EQ(ret, strbuf.data());
+
+		/* Make sure the result was NUL-terminated and find the NUL */
+		ATF_REQUIRE(strbuf.size() >= 1);
+		auto end = std::ranges::find(strbuf, '\0');
+		ATF_REQUIRE(end != strbuf.end());
+
+		/*
+		 * Check the result matches what we expect.  Use a temporary
+		 * string here instead of std::ranges::equal because this
+		 * means ATF can print the mismatch.
+		 */
+		auto str = std::string(std::ranges::begin(strbuf), end);
+		ATF_REQUIRE_EQ(str, addr.output);
+	}
+}
+
+/*
+ * inet_net_ntop() and inet_net_pton() for IPv6.
+ */
+ATF_TEST_CASE_WITHOUT_HEAD(inet_net_inet6)
+ATF_TEST_CASE_BODY(inet_net_inet6)
+{
+	/*
+	 * Define a list of addresses we want to check.  Each address is
+	 * passed to inet_net_pton() to convert it to an in6_addr, then we
+	 * convert the in6_addr back to a string and compare it with the
+	 * expected value.  We want to test over-long prefixes here (such
+	 * as 2001:db8::1/32), so we also specify what the result is
+	 * expected to be.
+	 */
+
+	struct test_addr {
+		std::string input;
+		int bits;
+		std::string output;
+	};
+
+	auto test_addrs = std::vector<test_addr>{
+		// A prefix with a trailing ::
+		{ "2001:db8::/32",	32,	"2001:db8::/32" },
+
+		// A prefix with a leading ::.  Note that the output is
+		// different from the input because inet_ntop() renders
+		// this prefix with an IPv4 suffix for legacy reasons.
+		{ "::ffff:0:0/96",	96,	"::ffff:0.0.0.0/96" },
+
+		// The same prefix but with the IPv4 legacy form as input.
+		{ "::ffff:0.0.0.0/96",	96,	"::ffff:0.0.0.0/96" },
+
+		// A prefix with an infix ::.
+		{ "2001:db8::1/128",	128,	"2001:db8::1/128" },
+
+		// A prefix with bits set which are outside the prefix;
+		// these should be silently ignored.
+		{ "2001:db8:1:1:1:1:1:1/32", 32, "2001:db8::/32" },
+
+		// As above but with infix ::.
+		{ "2001:db8::1/32",	32,	"2001:db8::/32" },
+
+		// A prefix with only ::, commonly used to represent the
+		// entire address space.
+		{ "::/0",		0,	"::/0" },
+
+		// A single address with no ::.
+		{ "2001:db8:1:1:1:1:1:1/128", 128, "2001:db8:1:1:1:1:1:1/128" },
+
+		// A prefix with no ::.
+		{ "2001:db8:1:1:0:0:0:0/64", 64, "2001:db8:1:1::/64" },
+
+		// A prefix which isn't on a 16-bit boundary.
+		{ "2001:db8:c000::/56",	56,	"2001:db8:c000::/56" },
+
+		// A prefix which isn't on a nibble boundary.
+		{ "2001:db8:c100::/57",	57,	"2001:db8:c100::/57" },
+
+		// An address without a prefix length, which should be treated
+		// as a /128.
+		{ "2001:db8::",		128,	"2001:db8::/128" },
+		{ "2001:db8::1",	128,	"2001:db8::1/128" },
+
+		// Test vectors provided in PR bin/289198.
+		{ "fe80::1/64",		64,	"fe80::/64" },
+		{ "fe80::f000:74ff:fe54:bed2/64",
+					64,	"fe80::/64" },
+		{ "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/64",
+					64,	"ffff:ffff:ffff:ffff::/64" },
+		{ "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", 128,
+		    "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128" },
+	};
+
+	for (auto const &addr: test_addrs) {
+		/*
+		 * Convert the input string to an in6_addr + bits, and make
+		 * sure the result produces the number of bits we expected.
+		 */
+
+		auto in6 = in6_addr{};
+		errno = 0;
+		auto bits = inet_net_pton(AF_INET6, addr.input.c_str(),
+		    &in6, sizeof(in6));
+		ATF_REQUIRE(bits != -1);
+		ATF_REQUIRE_EQ(bits, addr.bits);
+
+		/*
+		 * Convert the in6_addr back to a string
+		 */
+
+		/*
+		 * XXX: Should there be a constant for the size of the result
+		 * buffer?  For now, use ADDRSTRLEN + 4 ("/128") + 1 (NUL).
+		 *
+		 * Fill the buffer with 'Z', so we can check the result was
+		 * properly terminated.
+		 */
+		auto strbuf = std::vector<char>(INET6_ADDRSTRLEN + 4 + 1, 'Z');
+		auto ret = inet_net_ntop(AF_INET6, &in6, bits,
+		    strbuf.data(), strbuf.size());
+		ATF_REQUIRE(ret != NULL);
+		ATF_REQUIRE_EQ(ret, strbuf.data());
+
+		/* Make sure the result was NUL-terminated and find the NUL */
+		ATF_REQUIRE(strbuf.size() >= 1);
+		auto end = std::ranges::find(strbuf, '\0');
+		ATF_REQUIRE(end != strbuf.end());
+
+		/*
+		 * Check the result matches what we expect.  Use a temporary
+		 * string here instead of std::ranges::equal because this
+		 * means ATF can print the mismatch.
+		 */
+		auto str = std::string(std::ranges::begin(strbuf), end);
+		ATF_REQUIRE_EQ(str, addr.output);
+	}
+}
+
+ATF_TEST_CASE_WITHOUT_HEAD(inet_net_pton_invalid)
+ATF_TEST_CASE_BODY(inet_net_pton_invalid)
+{
+	auto ret = int{};
+	auto addr4 = in_addr{};
+	auto str4 = "10.0.0.0"s;
+	auto addr6 = in6_addr{};
+	auto str6 = "2001:db8::"s;
+
+	/* Passing an address which is too short should be an error */
+	ret = inet_net_pton(AF_INET6, str6.c_str(), &addr6, sizeof(addr6) - 1);
+	ATF_REQUIRE_EQ(ret, -1);
+
+	ret = inet_net_pton(AF_INET, str4.c_str(), &addr4, sizeof(addr4) - 1);
+	ATF_REQUIRE_EQ(ret, -1);
+
+	/* Test some generally invalid addresses. */
+	auto invalid4 = std::vector<std::string>{
+		// Prefix length too big
+		"10.0.0.0/33",
+		// Prefix length is negative
+		"10.0.0.0/-1",
+		// Prefix length is not a number
+		"10.0.0.0/foo",
+		// Input is not a network prefix
+		"this is not an IP address",
+	};
+
+	for (auto const &addr: invalid4) {
+		auto ret = inet_net_pton(AF_INET, addr.c_str(), &addr4,
+		    sizeof(addr4));
+		ATF_REQUIRE_EQ(ret, -1);
+	}
+
+	auto invalid6 = std::vector<std::string>{
+		// Prefix length too big
+		"2001:db8::/129",
+		// Prefix length is negative
+		"2001:db8::/-1",
+		// Prefix length is not a number
+		"2001:db8::/foo",
+		// Input is not a network prefix
+		"this is not an IP address",
+	};
+
+	for (auto const &addr: invalid6) {
+		auto ret = inet_net_pton(AF_INET6, addr.c_str(), &addr6,
+		    sizeof(addr6));
+		ATF_REQUIRE_EQ(ret, -1);
+	}
+}
+
+ATF_TEST_CASE_WITHOUT_HEAD(inet_net_ntop_invalid)
+ATF_TEST_CASE_BODY(inet_net_ntop_invalid)
+{
+	auto addr4 = in_addr{};
+	auto addr6 = in6_addr{};
+	auto strbuf = std::vector<char>(INET6_ADDRSTRLEN + 4 + 1);
+
+	/*
+	 * Passing a buffer which is too small should not overrun the buffer.
+	 * Test this by initialising the buffer to 'Z', and only providing
+	 * part of it to the function.
+	 */
+
+	std::ranges::fill(strbuf, 'Z');
+	auto ret = inet_net_ntop(AF_INET6, &addr6, 128, strbuf.data(), 1);
+	ATF_REQUIRE_EQ(ret, nullptr);
+	ATF_REQUIRE_EQ(strbuf[1], 'Z');
+
+	std::ranges::fill(strbuf, 'Z');
+	ret = inet_net_ntop(AF_INET, &addr4, 32, strbuf.data(), 1);
+	ATF_REQUIRE_EQ(ret, nullptr);
+	ATF_REQUIRE_EQ(strbuf[1], 'Z');
+
+	/* Check that invalid prefix lengths return an error */
+
+	ret = inet_net_ntop(AF_INET6, &addr6, 129, strbuf.data(), strbuf.size());
+	ATF_REQUIRE_EQ(ret, nullptr);
+	ret = inet_net_ntop(AF_INET6, &addr6, -1, strbuf.data(), strbuf.size());
+	ATF_REQUIRE_EQ(ret, nullptr);
+
+	ret = inet_net_ntop(AF_INET, &addr4, 33, strbuf.data(), strbuf.size());
+	ATF_REQUIRE_EQ(ret, nullptr);
+	ret = inet_net_ntop(AF_INET, &addr4, -1, strbuf.data(), strbuf.size());
+	ATF_REQUIRE_EQ(ret, nullptr);
+}
+
+ATF_INIT_TEST_CASES(tcs)
+{
+	ATF_ADD_TEST_CASE(tcs, inet_net_inet4);
+	ATF_ADD_TEST_CASE(tcs, inet_net_inet6);
+	ATF_ADD_TEST_CASE(tcs, inet_net_pton_invalid);
+	ATF_ADD_TEST_CASE(tcs, inet_net_ntop_invalid);
+}
diff --git a/lib/libunbound/config.h b/lib/libunbound/config.h
index 96489476fcf3..71da02b98c51 100644
--- a/lib/libunbound/config.h
+++ b/lib/libunbound/config.h
@@ -884,7 +884,7 @@
 #define PACKAGE_NAME "unbound"
 
 /* Define to the full name and version of this package. */
-#define PACKAGE_STRING "unbound 1.23.1"
+#define PACKAGE_STRING "unbound 1.24.1"
 
 /* Define to the one symbol short name of this package. */
 #define PACKAGE_TARNAME "unbound"
@@ -893,7 +893,7 @@
 #define PACKAGE_URL ""
 
 /* Define to the version of this package. */
-#define PACKAGE_VERSION "1.23.1"
+#define PACKAGE_VERSION "1.24.1"
 
 /* default pidfile location */
 #define PIDFILE "/var/unbound/unbound.pid"
diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
index b27129a555c4..cda86cf48001 100644
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@@ -2750,7 +2750,7 @@ __elfN(parse_notes)(struct image_params *imgp, Elf_Note *checknote,
 		}
 		if ((const char *)note_end - (const char *)note <
 		    sizeof(Elf_Note)) {
-			uprintf("ELF note to short\n");
+			uprintf("ELF note too short\n");
 			goto retf;
 		}
 		if (note->n_namesz != checknote->n_namesz ||
@@ -2758,9 +2758,9 @@ __elfN(parse_notes)(struct image_params *imgp, Elf_Note *checknote,
 		    note->n_type != checknote->n_type)
 			goto nextnote;
 		note_name = (const char *)(note + 1);
-		if (note_name + checknote->n_namesz >=
-		    (const char *)note_end || strncmp(note_vendor,
-		    note_name, checknote->n_namesz) != 0)
+		if (note_name + roundup2(note->n_namesz, ELF_NOTE_ROUNDSIZE) +
+		    note->n_descsz >= (const char *)note_end ||
+		    strncmp(note_vendor, note_name, checknote->n_namesz) != 0)
 			goto nextnote;
 
 		if (cb(note, cb_arg, &res))
diff --git a/sys/kern/subr_kdb.c b/sys/kern/subr_kdb.c
index 14e153ec7da2..6758b69369cc 100644
--- a/sys/kern/subr_kdb.c
+++ b/sys/kern/subr_kdb.c
@@ -318,7 +318,7 @@ kdb_reboot(void)
 #define	KEY_CRTLP	16	/* ^P */
 #define	KEY_CRTLR	18	/* ^R */
 
-/* States of th KDB "alternate break sequence" detecting state machine. */
+/* States of the KDB "alternate break sequence" detecting state machine. */
 enum {
 	KDB_ALT_BREAK_SEEN_NONE,
 	KDB_ALT_BREAK_SEEN_CR,
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 03315344a455..a6fd5feddf9e 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -2668,6 +2668,7 @@ in_pcbinshash_internal(struct inpcb *inp, struct mbuf *m)
 	struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
 	struct inpcbport *phd;
 	u_int32_t hashkey_faddr;
+	bool connected;
 
 	INP_WLOCK_ASSERT(inp);
 	INP_HASH_WLOCK_ASSERT(pcbinfo);
@@ -2676,11 +2677,15 @@ in_pcbinshash_internal(struct inpcb *inp, struct mbuf *m)
 	    ("in_pcbinshash: INP_INHASHLIST"));
 
 #ifdef INET6
-	if (inp->inp_vflag & INP_IPV6)
+	if (inp->inp_vflag & INP_IPV6) {
 		hashkey_faddr = INP6_PCBHASHKEY(&inp->in6p_faddr);
-	else
+		connected = !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr);
+	} else
 #endif
-	hashkey_faddr = inp->inp_faddr.s_addr;
+	{
+		hashkey_faddr = inp->inp_faddr.s_addr;
+		connected = inp->inp_faddr.s_addr != INADDR_ANY;
+	}
 
 	pcbhash = &pcbinfo->ipi_hashbase[INP_PCBHASH(hashkey_faddr,
 		 inp->inp_lport, inp->inp_fport, pcbinfo->ipi_hashmask)];
@@ -2689,10 +2694,12 @@ in_pcbinshash_internal(struct inpcb *inp, struct mbuf *m)
 	    INP_PCBPORTHASH(inp->inp_lport, pcbinfo->ipi_porthashmask)];
 
 	/*
-	 * Add entry to load balance group.
-	 * Only do this if SO_REUSEPORT_LB is set.
+	 * Ignore SO_REUSEPORT_LB if the socket is connected.  Really this case
+	 * should be an error, but for UDP sockets it is not, and some
+	 * applications erroneously set it on connected UDP sockets, so we can't
+	 * change this without breaking compatibility.
 	 */
-	if ((inp->inp_flags2 & INP_REUSEPORT_LB) != 0) {
+	if (!connected && (inp->inp_flags2 & INP_REUSEPORT_LB) != 0) {
 		int error = in_pcbinslbgrouphash(inp, M_NODOM);
 		if (error != 0)
 			return (error);
@@ -2761,6 +2768,7 @@ in_pcbrehash_mbuf(struct inpcb *inp, struct mbuf *m)
 	struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
 	struct inpcbhead *head;
 	u_int32_t hashkey_faddr;
+	bool connected;
 
 	INP_WLOCK_ASSERT(inp);
 	INP_HASH_WLOCK_ASSERT(pcbinfo);
@@ -2769,11 +2777,19 @@ in_pcbrehash_mbuf(struct inpcb *inp, struct mbuf *m)
 	    ("in_pcbrehash: !INP_INHASHLIST"));
 
 #ifdef INET6
-	if (inp->inp_vflag & INP_IPV6)
+	if (inp->inp_vflag & INP_IPV6) {
 		hashkey_faddr = INP6_PCBHASHKEY(&inp->in6p_faddr);
-	else
+		connected = !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr);
+	} else
 #endif
-	hashkey_faddr = inp->inp_faddr.s_addr;
+	{
+		hashkey_faddr = inp->inp_faddr.s_addr;
+		connected = inp->inp_faddr.s_addr != INADDR_ANY;
+	}
+
+	/* See the comment in in_pcbinshash(). */
+	if (connected && (inp->inp_flags2 & INP_REUSEPORT_LB) != 0)
+		in_pcbremlbgrouphash(inp);
 
 	head = &pcbinfo->ipi_hashbase[INP_PCBHASH(hashkey_faddr,
 		inp->inp_lport, inp->inp_fport, pcbinfo->ipi_hashmask)];
diff --git a/sys/netpfil/ipfilter/netinet/ip_htable.c b/sys/netpfil/ipfilter/netinet/ip_htable.c
index b47a1aa2d795..b56909a02bc3 100644
--- a/sys/netpfil/ipfilter/netinet/ip_htable.c
+++ b/sys/netpfil/ipfilter/netinet/ip_htable.c
@@ -235,6 +235,8 @@ ipf_htable_stats_get(ipf_main_softc_t *softc, void *arg, iplookupop_t *op)
 		return (EINVAL);
 	}
 
+	bzero(&stats, sizeof(stats));
+
 	stats.iphs_tables = softh->ipf_htables[op->iplo_unit + 1];
 	stats.iphs_numtables = softh->ipf_nhtables[op->iplo_unit + 1];
 	stats.iphs_numnodes = softh->ipf_nhtnodes[op->iplo_unit + 1];
diff --git a/sys/netpfil/ipfilter/netinet/ip_nat.c b/sys/netpfil/ipfilter/netinet/ip_nat.c
index 35b18575ac6f..8b343acf1211 100644
--- a/sys/netpfil/ipfilter/netinet/ip_nat.c
+++ b/sys/netpfil/ipfilter/netinet/ip_nat.c
@@ -1775,6 +1775,7 @@ ipf_nat_getent(ipf_main_softc_t *softc, caddr_t data, int getlock)
 		IPFERROR(60029);
 		return (ENOMEM);
 	}
+	bzero(ipn, ipns.ipn_dsize);
 
 	if (getlock) {
 		READ_ENTER(&softc->ipf_nat);
diff --git a/tests/sys/netinet/so_reuseport_lb_test.c b/tests/sys/netinet/so_reuseport_lb_test.c
index 5d3b2ab03af8..ff9ba3142f03 100644
--- a/tests/sys/netinet/so_reuseport_lb_test.c
+++ b/tests/sys/netinet/so_reuseport_lb_test.c
@@ -29,6 +29,8 @@
 
 #include <sys/cdefs.h>
 #include <sys/param.h>
+#include <sys/filio.h>
+#include <sys/ioccom.h>
 #include <sys/socket.h>
 
 #include <netinet/in.h>
@@ -236,10 +238,156 @@ ATF_TC_BODY(basic_ipv6, tc)
 	}
 }
 
+/*
+ * The kernel erroneously permits calling connect() on a UDP socket with
+ * SO_REUSEPORT_LB set.  Verify that packets sent to the bound address are
+ * dropped unless they come from the connected address.
+ */
+ATF_TC_WITHOUT_HEAD(connect_udp);
+ATF_TC_BODY(connect_udp, tc)
+{
+	struct sockaddr_in sin = {
+		.sin_family = AF_INET,
+		.sin_len = sizeof(sin),
+		.sin_addr = { htonl(INADDR_LOOPBACK) },
+	};
+	ssize_t n;
+	int error, len, s1, s2, s3;
+	char ch;
+
+	s1 = socket(PF_INET, SOCK_DGRAM, 0);
+	ATF_REQUIRE(s1 >= 0);
+	s2 = socket(PF_INET, SOCK_DGRAM, 0);
+	ATF_REQUIRE(s2 >= 0);
+	s3 = socket(PF_INET, SOCK_DGRAM, 0);
+	ATF_REQUIRE(s3 >= 0);
+
+	error = setsockopt(s1, SOL_SOCKET, SO_REUSEPORT_LB, (int[]){1},
+	    sizeof(int));
+	ATF_REQUIRE_MSG(error == 0,
+	    "setsockopt(SO_REUSEPORT_LB) failed: %s", strerror(errno));
+	error = bind(s1, (struct sockaddr *)&sin, sizeof(sin));
+	ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno));
+
+	error = bind(s2, (struct sockaddr *)&sin, sizeof(sin));
+	ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno));
+
+	error = bind(s3, (struct sockaddr *)&sin, sizeof(sin));
+	ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno));
+
+	/* Connect to an address not owned by s2. */
+	error = getsockname(s3, (struct sockaddr *)&sin,
+	    (socklen_t[]){sizeof(sin)});
+	ATF_REQUIRE(error == 0);
+	error = connect(s1, (struct sockaddr *)&sin, sizeof(sin));
+	ATF_REQUIRE_MSG(error == 0, "connect() failed: %s", strerror(errno));
+
+	/* Try to send a packet to s1 from s2. */
+	error = getsockname(s1, (struct sockaddr *)&sin,
+	    (socklen_t[]){sizeof(sin)});
+	ATF_REQUIRE(error == 0);
+
+	ch = 42;
+	n = sendto(s2, &ch, sizeof(ch), 0, (struct sockaddr *)&sin,
+	    sizeof(sin));
+	ATF_REQUIRE(n == 1);
+
+	/* Give the packet some time to arrive. */
+	usleep(100000);
+
+	/* s1 is connected to s3 and shouldn't receive from s2. */
+	error = ioctl(s1, FIONREAD, &len);
+	ATF_REQUIRE(error == 0);
+	ATF_REQUIRE_MSG(len == 0, "unexpected data available");
+
+	/* ... but s3 can of course send to s1. */
+	n = sendto(s3, &ch, sizeof(ch), 0, (struct sockaddr *)&sin,
+	    sizeof(sin));
+	ATF_REQUIRE(n == 1);
+	usleep(100000);
+	error = ioctl(s1, FIONREAD, &len);
+	ATF_REQUIRE(error == 0);
+	ATF_REQUIRE_MSG(len >= 1, "expected data available");
+}
+
+/*
+ * The kernel erroneously permits calling connect() on a UDP socket with
+ * SO_REUSEPORT_LB set.  Verify that packets sent to the bound address are
+ * dropped unless they come from the connected address.
+ */
+ATF_TC_WITHOUT_HEAD(connect_udp6);
+ATF_TC_BODY(connect_udp6, tc)
+{
+	struct sockaddr_in6 sin6 = {
+		.sin6_family = AF_INET6,
+		.sin6_len = sizeof(sin6),
+		.sin6_addr = IN6ADDR_LOOPBACK_INIT,
+	};
+	ssize_t n;
+	int error, len, s1, s2, s3;
+	char ch;
+
+	s1 = socket(PF_INET6, SOCK_DGRAM, 0);
+	ATF_REQUIRE(s1 >= 0);
+	s2 = socket(PF_INET6, SOCK_DGRAM, 0);
+	ATF_REQUIRE(s2 >= 0);
+	s3 = socket(PF_INET6, SOCK_DGRAM, 0);
+	ATF_REQUIRE(s3 >= 0);
+
+	error = setsockopt(s1, SOL_SOCKET, SO_REUSEPORT_LB, (int[]){1},
+	    sizeof(int));
+	ATF_REQUIRE_MSG(error == 0,
+	    "setsockopt(SO_REUSEPORT_LB) failed: %s", strerror(errno));
+	error = bind(s1, (struct sockaddr *)&sin6, sizeof(sin6));
+	ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno));
+
+	error = bind(s2, (struct sockaddr *)&sin6, sizeof(sin6));
+	ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno));
+
+	error = bind(s3, (struct sockaddr *)&sin6, sizeof(sin6));
+	ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno));
+
+	/* Connect to an address not owned by s2. */
+	error = getsockname(s3, (struct sockaddr *)&sin6,
+	    (socklen_t[]){sizeof(sin6)});
+	ATF_REQUIRE(error == 0);
+	error = connect(s1, (struct sockaddr *)&sin6, sizeof(sin6));
+	ATF_REQUIRE_MSG(error == 0, "connect() failed: %s", strerror(errno));
+
+	/* Try to send a packet to s1 from s2. */
+	error = getsockname(s1, (struct sockaddr *)&sin6,
+	    (socklen_t[]){sizeof(sin6)});
+	ATF_REQUIRE(error == 0);
+
+	ch = 42;
+	n = sendto(s2, &ch, sizeof(ch), 0, (struct sockaddr *)&sin6,
+	    sizeof(sin6));
+	ATF_REQUIRE(n == 1);
+
+	/* Give the packet some time to arrive. */
+	usleep(100000);
+
+	/* s1 is connected to s3 and shouldn't receive from s2. */
+	error = ioctl(s1, FIONREAD, &len);
+	ATF_REQUIRE(error == 0);
+	ATF_REQUIRE_MSG(len >= 0, "unexpected data available");
+
+	/* ... but s3 can of course send to s1. */
+	n = sendto(s3, &ch, sizeof(ch), 0, (struct sockaddr *)&sin6,
+	    sizeof(sin6));
+	ATF_REQUIRE(n == 1);
+	usleep(100000);
+	error = ioctl(s1, FIONREAD, &len);
+	ATF_REQUIRE(error == 0);
+	ATF_REQUIRE_MSG(len >= 1, "expected data available");
+}
+
 ATF_TP_ADD_TCS(tp)
 {
 	ATF_TP_ADD_TC(tp, basic_ipv4);
 	ATF_TP_ADD_TC(tp, basic_ipv6);
+	ATF_TP_ADD_TC(tp, connect_udp);
+	ATF_TP_ADD_TC(tp, connect_udp6);
 
 	return (atf_no_error());
 }
diff --git a/usr.sbin/pmcstat/pmcpl_callgraph.c b/usr.sbin/pmcstat/pmcpl_callgraph.c
index 2ba6dfc0f8d5..247be5a76982 100644
--- a/usr.sbin/pmcstat/pmcpl_callgraph.c
+++ b/usr.sbin/pmcstat/pmcpl_callgraph.c
@@ -363,7 +363,7 @@ pmcpl_cg_process(struct pmcstat_process *pp, struct pmcstat_pmcrecord *pmcr,
 	 * - Find the function that overlaps the return address.
 	 * - If found: use the start address of the function.
 	 *   If not found (say an object's symbol table is not present or
-	 *   is incomplete), round down to th gprof bucket granularity.
+	 *   is incomplete), round down to the gprof bucket granularity.
 	 * - Convert return virtual address to an offset in the image.
 	 * - Look for a child with the same {offset,image} tuple,
 	 *   inserting one if needed.
diff --git a/usr.sbin/unbound/setup/local-unbound-setup.sh b/usr.sbin/unbound/setup/local-unbound-setup.sh
index d52534b46fa3..90e255204135 100755
--- a/usr.sbin/unbound/setup/local-unbound-setup.sh
+++ b/usr.sbin/unbound/setup/local-unbound-setup.sh
@@ -261,6 +261,7 @@ gen_unbound_conf() {
 	if [ "${use_tls}" = "yes" ] ; then
 		echo "        tls-system-cert: yes"
 	fi
+	echo "        so-sndbuf: 0"
 	echo ""
 	if [ -f "${forward_conf}" ] ; then
 		echo "include: ${forward_conf}"