From 45d6379135504814ab723b57f0eb8be23393a51d Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sat, 27 Apr 2024 09:24:22 +0200
Subject: Adding upstream version 1:9.16.44.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 bin/confgen/Makefile.in                          |  97 +++++++
 bin/confgen/ddns-confgen.c                       | 311 +++++++++++++++++++++++
 bin/confgen/ddns-confgen.rst                     |  88 +++++++
 bin/confgen/include/.clang-format                |   1 +
 bin/confgen/include/confgen/os.h                 |  36 +++
 bin/confgen/keygen.c                             | 204 +++++++++++++++
 bin/confgen/keygen.h                             |  44 ++++
 bin/confgen/rndc-confgen.c                       | 284 +++++++++++++++++++++
 bin/confgen/rndc-confgen.rst                     | 106 ++++++++
 bin/confgen/tsig-keygen.rst                      |  50 ++++
 bin/confgen/unix/Makefile.in                     |  30 +++
 bin/confgen/unix/os.c                            |  36 +++
 bin/confgen/util.c                               |  49 ++++
 bin/confgen/util.h                               |  46 ++++
 bin/confgen/win32/confgentool.vcxproj.filters.in |  39 +++
 bin/confgen/win32/confgentool.vcxproj.in         | 120 +++++++++
 bin/confgen/win32/confgentool.vcxproj.user       |   3 +
 bin/confgen/win32/ddnsconfgen.vcxproj.filters.in |  18 ++
 bin/confgen/win32/ddnsconfgen.vcxproj.in         | 132 ++++++++++
 bin/confgen/win32/ddnsconfgen.vcxproj.user       |   3 +
 bin/confgen/win32/os.c                           |  27 ++
 bin/confgen/win32/rndcconfgen.vcxproj.filters.in |  18 ++
 bin/confgen/win32/rndcconfgen.vcxproj.in         | 121 +++++++++
 bin/confgen/win32/rndcconfgen.vcxproj.user       |   3 +
 24 files changed, 1866 insertions(+)
 create mode 100644 bin/confgen/Makefile.in
 create mode 100644 bin/confgen/ddns-confgen.c
 create mode 100644 bin/confgen/ddns-confgen.rst
 create mode 120000 bin/confgen/include/.clang-format
 create mode 100644 bin/confgen/include/confgen/os.h
 create mode 100644 bin/confgen/keygen.c
 create mode 100644 bin/confgen/keygen.h
 create mode 100644 bin/confgen/rndc-confgen.c
 create mode 100644 bin/confgen/rndc-confgen.rst
 create mode 100644 bin/confgen/tsig-keygen.rst
 create mode 100644 bin/confgen/unix/Makefile.in
 create mode 100644 bin/confgen/unix/os.c
 create mode 100644 bin/confgen/util.c
 create mode 100644 bin/confgen/util.h
 create mode 100644 bin/confgen/win32/confgentool.vcxproj.filters.in
 create mode 100644 bin/confgen/win32/confgentool.vcxproj.in
 create mode 100644 bin/confgen/win32/confgentool.vcxproj.user
 create mode 100644 bin/confgen/win32/ddnsconfgen.vcxproj.filters.in
 create mode 100644 bin/confgen/win32/ddnsconfgen.vcxproj.in
 create mode 100644 bin/confgen/win32/ddnsconfgen.vcxproj.user
 create mode 100644 bin/confgen/win32/os.c
 create mode 100644 bin/confgen/win32/rndcconfgen.vcxproj.filters.in
 create mode 100644 bin/confgen/win32/rndcconfgen.vcxproj.in
 create mode 100644 bin/confgen/win32/rndcconfgen.vcxproj.user

(limited to 'bin/confgen')

diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
new file mode 100644
index 0000000..daab83a
--- /dev/null
+++ b/bin/confgen/Makefile.in
@@ -0,0 +1,97 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+srcdir =	@srcdir@
+VPATH =		@srcdir@
+top_srcdir =	@top_srcdir@
+
+# Attempt to disable parallel processing.
+.NOTPARALLEL:
+.NO_PARALLEL:
+
+VERSION=@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
+	${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
+ISCCCLIBS =	../../lib/isccc/libisccc.@A@
+ISCLIBS =	../../lib/isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ @NO_LIBTOOL_ISCLIBS@
+DNSLIBS =	../../lib/dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@
+BIND9LIBS =	../../lib/bind9/libbind9.@A@
+
+ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
+ISCCCDEPLIBS =	../../lib/isccc/libisccc.@A@
+ISCDEPLIBS =	../../lib/isc/libisc.@A@
+DNSDEPLIBS =	../../lib/dns/libdns.@A@
+BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
+
+RNDCLIBS =	${ISCCFGLIBS} ${ISCCCLIBS} ${BIND9LIBS} ${DNSLIBS} ${ISCLIBS} @LIBS@
+RNDCDEPLIBS =	${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${BIND9DEPLIBS} ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
+
+NOSYMLIBS =	${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
+
+CONFDEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
+
+SRCS=		rndc-confgen.c ddns-confgen.c
+
+SUBDIRS =	unix
+
+TARGETS =	rndc-confgen@EXEEXT@ ddns-confgen@EXEEXT@ tsig-keygen@EXEEXT@
+
+UOBJS =		unix/os.@O@
+
+@BIND9_MAKE_RULES@
+
+rndc-confgen.@O@: rndc-confgen.c
+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+		-DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \
+		-c ${srcdir}/rndc-confgen.c
+
+ddns-confgen.@O@: ddns-confgen.c
+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c
+
+rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS}
+	export BASEOBJS="rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
+	${FINALBUILDCMD}
+
+ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS}
+	export BASEOBJS="ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
+	${FINALBUILDCMD}
+
+# make a link in the build directory to assist with testing
+tsig-keygen@EXEEXT@: ddns-confgen@EXEEXT@
+	rm -f tsig-keygen@EXEEXT@
+	${LINK_PROGRAM} ddns-confgen@EXEEXT@ tsig-keygen@EXEEXT@
+
+installdirs:
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
+
+install:: rndc-confgen@EXEEXT@ ddns-confgen@EXEEXT@ installdirs
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} rndc-confgen@EXEEXT@ ${DESTDIR}${sbindir}
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} ddns-confgen@EXEEXT@ ${DESTDIR}${sbindir}
+	(cd ${DESTDIR}${sbindir}; rm -f tsig-keygen@EXEEXT@; ${LINK_PROGRAM} ddns-confgen@EXEEXT@ tsig-keygen@EXEEXT@)
+
+uninstall::
+	rm -f ${DESTDIR}${sbindir}/tsig-keygen@EXEEXT@
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/ddns-confgen@EXEEXT@
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/rndc-confgen@EXEEXT@
+
+clean distclean maintainer-clean::
+	rm -f ${TARGETS}
diff --git a/bin/confgen/ddns-confgen.c b/bin/confgen/ddns-confgen.c
new file mode 100644
index 0000000..0afe087
--- /dev/null
+++ b/bin/confgen/ddns-confgen.c
@@ -0,0 +1,311 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*! \file */
+
+/**
+ * ddns-confgen generates configuration files for dynamic DNS. It can
+ * be used as a convenient alternative to writing the ddns.key file
+ * and the corresponding key and update-policy statements in named.conf.
+ */
+
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdlib.h>
+
+#include <isc/assertions.h>
+#include <isc/base64.h>
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/file.h>
+#include <isc/mem.h>
+#include <isc/net.h>
+#include <isc/print.h>
+#include <isc/result.h>
+#include <isc/string.h>
+#include <isc/time.h>
+#include <isc/util.h>
+
+#if USE_PKCS11
+#include <pk11/result.h>
+#endif /* if USE_PKCS11 */
+
+#include <dns/keyvalues.h>
+#include <dns/name.h>
+#include <dns/result.h>
+
+#include <dst/dst.h>
+
+#include <confgen/os.h>
+
+#include "keygen.h"
+#include "util.h"
+
+#define KEYGEN_DEFAULT	"tsig-key"
+#define CONFGEN_DEFAULT "ddns-key"
+
+static char program[256];
+const char *progname;
+static enum { progmode_keygen, progmode_confgen } progmode;
+bool verbose = false; /* needed by util.c but not used here */
+
+ISC_PLATFORM_NORETURN_PRE static void
+usage(int status) ISC_PLATFORM_NORETURN_POST;
+
+static void
+usage(int status) {
+	if (progmode == progmode_confgen) {
+		fprintf(stderr, "\
+Usage:\n\
+ %s [-a alg] [-k keyname] [-q] [-s name | -z zone]\n\
+  -a alg:        algorithm (default hmac-sha256)\n\
+  -k keyname:    name of the key as it will be used in named.conf\n\
+  -s name:       domain name to be updated using the created key\n\
+  -z zone:       name of the zone as it will be used in named.conf\n\
+  -q:            quiet mode: print the key, with no explanatory text\n",
+			progname);
+	} else {
+		fprintf(stderr, "\
+Usage:\n\
+ %s [-a alg] [keyname]\n\
+  -a alg:        algorithm (default hmac-sha256)\n\n",
+			progname);
+	}
+
+	exit(status);
+}
+
+int
+main(int argc, char **argv) {
+	isc_result_t result = ISC_R_SUCCESS;
+	bool show_final_mem = false;
+	bool quiet = false;
+	isc_buffer_t key_txtbuffer;
+	char key_txtsecret[256];
+	isc_mem_t *mctx = NULL;
+	const char *keyname = NULL;
+	const char *zone = NULL;
+	const char *self_domain = NULL;
+	char *keybuf = NULL;
+	dns_secalg_t alg = DST_ALG_HMACSHA256;
+	const char *algname;
+	int keysize = 256;
+	int len = 0;
+	int ch;
+
+#if USE_PKCS11
+	pk11_result_register();
+#endif /* if USE_PKCS11 */
+	dns_result_register();
+
+	result = isc_file_progname(*argv, program, sizeof(program));
+	if (result != ISC_R_SUCCESS) {
+		memmove(program, "tsig-keygen", 11);
+	}
+	progname = program;
+
+	/*
+	 * Libtool doesn't preserve the program name prior to final
+	 * installation.  Remove the libtool prefix ("lt-").
+	 */
+	if (strncmp(progname, "lt-", 3) == 0) {
+		progname += 3;
+	}
+
+#define PROGCMP(X) \
+	(strcasecmp(progname, X) == 0 || strcasecmp(progname, X ".exe") == 0)
+
+	if (PROGCMP("tsig-keygen")) {
+		progmode = progmode_keygen;
+		quiet = true;
+	} else if (PROGCMP("ddns-confgen")) {
+		progmode = progmode_confgen;
+	} else {
+		UNREACHABLE();
+	}
+
+	isc_commandline_errprint = false;
+
+	while ((ch = isc_commandline_parse(argc, argv, "a:hk:Mmr:qs:y:z:")) !=
+	       -1)
+	{
+		switch (ch) {
+		case 'a':
+			algname = isc_commandline_argument;
+			alg = alg_fromtext(algname);
+			if (alg == DST_ALG_UNKNOWN) {
+				fatal("Unsupported algorithm '%s'", algname);
+			}
+			keysize = alg_bits(alg);
+			break;
+		case 'h':
+			usage(0);
+		case 'k':
+		case 'y':
+			if (progmode == progmode_confgen) {
+				keyname = isc_commandline_argument;
+			} else {
+				usage(1);
+			}
+			break;
+		case 'M':
+			isc_mem_debugging = ISC_MEM_DEBUGTRACE;
+			break;
+		case 'm':
+			show_final_mem = true;
+			break;
+		case 'q':
+			if (progmode == progmode_confgen) {
+				quiet = true;
+			} else {
+				usage(1);
+			}
+			break;
+		case 'r':
+			fatal("The -r option has been deprecated.");
+			break;
+		case 's':
+			if (progmode == progmode_confgen) {
+				self_domain = isc_commandline_argument;
+			} else {
+				usage(1);
+			}
+			break;
+		case 'z':
+			if (progmode == progmode_confgen) {
+				zone = isc_commandline_argument;
+			} else {
+				usage(1);
+			}
+			break;
+		case '?':
+			if (isc_commandline_option != '?') {
+				fprintf(stderr, "%s: invalid argument -%c\n",
+					program, isc_commandline_option);
+				usage(1);
+			} else {
+				usage(0);
+			}
+			break;
+		default:
+			fprintf(stderr, "%s: unhandled option -%c\n", program,
+				isc_commandline_option);
+			exit(1);
+		}
+	}
+
+	if (progmode == progmode_keygen) {
+		keyname = argv[isc_commandline_index++];
+	}
+
+	POST(argv);
+
+	if (self_domain != NULL && zone != NULL) {
+		usage(1); /* -s and -z cannot coexist */
+	}
+
+	if (argc > isc_commandline_index) {
+		usage(1);
+	}
+
+	/* Use canonical algorithm name */
+	algname = alg_totext(alg);
+
+	isc_mem_create(&mctx);
+
+	if (keyname == NULL) {
+		const char *suffix = NULL;
+
+		keyname = ((progmode == progmode_keygen) ? KEYGEN_DEFAULT
+							 : CONFGEN_DEFAULT);
+		if (self_domain != NULL) {
+			suffix = self_domain;
+		} else if (zone != NULL) {
+			suffix = zone;
+		}
+		if (suffix != NULL) {
+			len = strlen(keyname) + strlen(suffix) + 2;
+			keybuf = isc_mem_get(mctx, len);
+			snprintf(keybuf, len, "%s.%s", keyname, suffix);
+			keyname = (const char *)keybuf;
+		}
+	}
+
+	isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
+
+	generate_key(mctx, alg, keysize, &key_txtbuffer);
+
+	if (!quiet) {
+		printf("\
+# To activate this key, place the following in named.conf, and\n\
+# in a separate keyfile on the system or systems from which nsupdate\n\
+# will be run:\n");
+	}
+
+	printf("\
+key \"%s\" {\n\
+	algorithm %s;\n\
+	secret \"%.*s\";\n\
+};\n",
+	       keyname, algname, (int)isc_buffer_usedlength(&key_txtbuffer),
+	       (char *)isc_buffer_base(&key_txtbuffer));
+
+	if (!quiet) {
+		if (self_domain != NULL) {
+			printf("\n\
+# Then, in the \"zone\" statement for the zone containing the\n\
+# name \"%s\", place an \"update-policy\" statement\n\
+# like this one, adjusted as needed for your preferred permissions:\n\
+update-policy {\n\
+	  grant %s name %s ANY;\n\
+};\n",
+			       self_domain, keyname, self_domain);
+		} else if (zone != NULL) {
+			printf("\n\
+# Then, in the \"zone\" definition statement for \"%s\",\n\
+# place an \"update-policy\" statement like this one, adjusted as \n\
+# needed for your preferred permissions:\n\
+update-policy {\n\
+	  grant %s zonesub ANY;\n\
+};\n",
+			       zone, keyname);
+		} else {
+			printf("\n\
+# Then, in the \"zone\" statement for each zone you wish to dynamically\n\
+# update, place an \"update-policy\" statement granting update permission\n\
+# to this key.  For example, the following statement grants this key\n\
+# permission to update any name within the zone:\n\
+update-policy {\n\
+	grant %s zonesub ANY;\n\
+};\n",
+			       keyname);
+		}
+
+		printf("\n\
+# After the keyfile has been placed, the following command will\n\
+# execute nsupdate using this key:\n\
+nsupdate -k <keyfile>\n");
+	}
+
+	if (keybuf != NULL) {
+		isc_mem_put(mctx, keybuf, len);
+	}
+
+	if (show_final_mem) {
+		isc_mem_stats(mctx, stderr);
+	}
+
+	isc_mem_destroy(&mctx);
+
+	return (0);
+}
diff --git a/bin/confgen/ddns-confgen.rst b/bin/confgen/ddns-confgen.rst
new file mode 100644
index 0000000..52ae412
--- /dev/null
+++ b/bin/confgen/ddns-confgen.rst
@@ -0,0 +1,88 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+.. highlight: console
+
+.. BEWARE: Do not forget to edit also tsig-keygen.rst!
+
+.. _man_ddns-confgen:
+
+ddns-confgen - TSIG key generation tool
+---------------------------------------
+
+Synopsis
+~~~~~~~~
+:program:`ddns-confgen` [**-a** algorithm] [**-h**] [**-k** keyname] [**-q**] [**-s** name] [**-z** zone]
+
+Description
+~~~~~~~~~~~
+
+``ddns-confgen`` is an utility that generates keys for use in TSIG signing.
+The resulting keys can be used, for example, to secure dynamic DNS updates
+to a zone, or for the ``rndc`` command channel.
+
+The key name can specified using ``-k`` parameter and defaults to ``ddns-key``.
+The generated key is accompanied by configuration text and instructions that
+can be used with ``nsupdate`` and ``named`` when setting up dynamic DNS,
+including an example ``update-policy`` statement.
+(This usage is similar to the ``rndc-confgen`` command for setting up
+command-channel security.)
+
+Note that ``named`` itself can configure a local DDNS key for use with
+``nsupdate -l``; it does this when a zone is configured with
+``update-policy local;``. ``ddns-confgen`` is only needed when a more
+elaborate configuration is required: for instance, if ``nsupdate`` is to
+be used from a remote system.
+
+Options
+~~~~~~~
+
+``-a algorithm``
+   This option specifies the algorithm to use for the TSIG key. Available
+   choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
+   and hmac-sha512. The default is hmac-sha256. Options are
+   case-insensitive, and the "hmac-" prefix may be omitted.
+
+``-h``
+   This option prints a short summary of options and arguments.
+
+``-k keyname``
+   This option specifies the key name of the DDNS authentication key. The
+   default is ``ddns-key`` when neither the ``-s`` nor ``-z`` option is
+   specified; otherwise, the default is ``ddns-key`` as a separate label
+   followed by the argument of the option, e.g., ``ddns-key.example.com.``
+   The key name must have the format of a valid domain name, consisting of
+   letters, digits, hyphens, and periods.
+
+``-q``
+   This option enables quiet mode, which prints only the key, with no
+   explanatory text or usage examples. This is essentially identical to
+   ``tsig-keygen``.
+
+``-s name``
+   This option generates a configuration example to allow dynamic updates
+   of a single hostname. The example ``named.conf`` text shows how to set
+   an update policy for the specified name using the "name" nametype. The
+   default key name is ``ddns-key.name``. Note that the "self" nametype
+   cannot be used, since the name to be updated may differ from the key
+   name. This option cannot be used with the ``-z`` option.
+
+``-z zone``
+   This option generates a configuration example to allow
+   dynamic updates of a zone. The example ``named.conf`` text shows how
+   to set an update policy for the specified zone using the "zonesub"
+   nametype, allowing updates to all subdomain names within that zone.
+   This option cannot be used with the ``-s`` option.
+
+See Also
+~~~~~~~~
+
+:manpage:`nsupdate(1)`, :manpage:`named.conf(5)`, :manpage:`named(8)`, BIND 9 Administrator Reference Manual.
diff --git a/bin/confgen/include/.clang-format b/bin/confgen/include/.clang-format
new file mode 120000
index 0000000..0e62f72
--- /dev/null
+++ b/bin/confgen/include/.clang-format
@@ -0,0 +1 @@
+../../../.clang-format.headers
\ No newline at end of file
diff --git a/bin/confgen/include/confgen/os.h b/bin/confgen/include/confgen/os.h
new file mode 100644
index 0000000..9754c17
--- /dev/null
+++ b/bin/confgen/include/confgen/os.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*! \file */
+
+#ifndef RNDC_OS_H
+#define RNDC_OS_H 1
+
+#include <stdio.h>
+
+#include <isc/lang.h>
+
+ISC_LANG_BEGINDECLS
+
+int
+set_user(FILE *fd, const char *user);
+/*%<
+ * Set the owner of the file referenced by 'fd' to 'user'.
+ * Returns:
+ *   0 		success
+ *   -1 	insufficient permissions, or 'user' does not exist.
+ */
+
+ISC_LANG_ENDDECLS
+
+#endif /* ifndef RNDC_OS_H */
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
new file mode 100644
index 0000000..73f976c
--- /dev/null
+++ b/bin/confgen/keygen.c
@@ -0,0 +1,204 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*! \file */
+
+#include "keygen.h"
+#include <stdarg.h>
+#include <stdlib.h>
+
+#include <isc/base64.h>
+#include <isc/buffer.h>
+#include <isc/file.h>
+#include <isc/mem.h>
+#include <isc/print.h>
+#include <isc/result.h>
+#include <isc/string.h>
+
+#include <pk11/site.h>
+
+#include <dns/keyvalues.h>
+#include <dns/name.h>
+
+#include <dst/dst.h>
+
+#include <confgen/os.h>
+
+#include "util.h"
+
+/*%
+ * Convert algorithm type to string.
+ */
+const char *
+alg_totext(dns_secalg_t alg) {
+	switch (alg) {
+	case DST_ALG_HMACMD5:
+		return ("hmac-md5");
+	case DST_ALG_HMACSHA1:
+		return ("hmac-sha1");
+	case DST_ALG_HMACSHA224:
+		return ("hmac-sha224");
+	case DST_ALG_HMACSHA256:
+		return ("hmac-sha256");
+	case DST_ALG_HMACSHA384:
+		return ("hmac-sha384");
+	case DST_ALG_HMACSHA512:
+		return ("hmac-sha512");
+	default:
+		return ("(unknown)");
+	}
+}
+
+/*%
+ * Convert string to algorithm type.
+ */
+dns_secalg_t
+alg_fromtext(const char *name) {
+	const char *p = name;
+	if (strncasecmp(p, "hmac-", 5) == 0) {
+		p = &name[5];
+	}
+
+	if (strcasecmp(p, "md5") == 0) {
+		return (DST_ALG_HMACMD5);
+	}
+	if (strcasecmp(p, "sha1") == 0) {
+		return (DST_ALG_HMACSHA1);
+	}
+	if (strcasecmp(p, "sha224") == 0) {
+		return (DST_ALG_HMACSHA224);
+	}
+	if (strcasecmp(p, "sha256") == 0) {
+		return (DST_ALG_HMACSHA256);
+	}
+	if (strcasecmp(p, "sha384") == 0) {
+		return (DST_ALG_HMACSHA384);
+	}
+	if (strcasecmp(p, "sha512") == 0) {
+		return (DST_ALG_HMACSHA512);
+	}
+	return (DST_ALG_UNKNOWN);
+}
+
+/*%
+ * Return default keysize for a given algorithm type.
+ */
+int
+alg_bits(dns_secalg_t alg) {
+	switch (alg) {
+	case DST_ALG_HMACMD5:
+		return (128);
+	case DST_ALG_HMACSHA1:
+		return (160);
+	case DST_ALG_HMACSHA224:
+		return (224);
+	case DST_ALG_HMACSHA256:
+		return (256);
+	case DST_ALG_HMACSHA384:
+		return (384);
+	case DST_ALG_HMACSHA512:
+		return (512);
+	default:
+		return (0);
+	}
+}
+
+/*%
+ * Generate a key of size 'keysize' and place it in 'key_txtbuffer'
+ */
+void
+generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
+	     isc_buffer_t *key_txtbuffer) {
+	isc_result_t result = ISC_R_SUCCESS;
+	isc_buffer_t key_rawbuffer;
+	isc_region_t key_rawregion;
+	char key_rawsecret[64];
+	dst_key_t *key = NULL;
+
+	switch (alg) {
+	case DST_ALG_HMACMD5:
+	case DST_ALG_HMACSHA1:
+	case DST_ALG_HMACSHA224:
+	case DST_ALG_HMACSHA256:
+		if (keysize < 1 || keysize > 512) {
+			fatal("keysize %d out of range (must be 1-512)\n",
+			      keysize);
+		}
+		break;
+	case DST_ALG_HMACSHA384:
+	case DST_ALG_HMACSHA512:
+		if (keysize < 1 || keysize > 1024) {
+			fatal("keysize %d out of range (must be 1-1024)\n",
+			      keysize);
+		}
+		break;
+	default:
+		fatal("unsupported algorithm %d\n", alg);
+	}
+
+	DO("initialize dst library", dst_lib_init(mctx, NULL));
+
+	DO("generate key",
+	   dst_key_generate(dns_rootname, alg, keysize, 0, 0, DNS_KEYPROTO_ANY,
+			    dns_rdataclass_in, mctx, &key, NULL));
+
+	isc_buffer_init(&key_rawbuffer, &key_rawsecret, sizeof(key_rawsecret));
+
+	DO("dump key to buffer", dst_key_tobuffer(key, &key_rawbuffer));
+
+	isc_buffer_usedregion(&key_rawbuffer, &key_rawregion);
+
+	DO("bsse64 encode secret",
+	   isc_base64_totext(&key_rawregion, -1, "", key_txtbuffer));
+
+	if (key != NULL) {
+		dst_key_free(&key);
+	}
+
+	dst_lib_destroy();
+}
+
+/*%
+ * Write a key file to 'keyfile'.  If 'user' is non-NULL,
+ * make that user the owner of the file.  The key will have
+ * the name 'keyname' and the secret in the buffer 'secret'.
+ */
+void
+write_key_file(const char *keyfile, const char *user, const char *keyname,
+	       isc_buffer_t *secret, dns_secalg_t alg) {
+	isc_result_t result;
+	const char *algname = alg_totext(alg);
+	FILE *fd = NULL;
+
+	DO("create keyfile", isc_file_safecreate(keyfile, &fd));
+
+	if (user != NULL) {
+		if (set_user(fd, user) == -1) {
+			fatal("unable to set file owner\n");
+		}
+	}
+
+	fprintf(fd,
+		"key \"%s\" {\n\talgorithm %s;\n"
+		"\tsecret \"%.*s\";\n};\n",
+		keyname, algname, (int)isc_buffer_usedlength(secret),
+		(char *)isc_buffer_base(secret));
+	fflush(fd);
+	if (ferror(fd)) {
+		fatal("write to %s failed\n", keyfile);
+	}
+	if (fclose(fd)) {
+		fatal("fclose(%s) failed\n", keyfile);
+	}
+	fprintf(stderr, "wrote key file \"%s\"\n", keyfile);
+}
diff --git a/bin/confgen/keygen.h b/bin/confgen/keygen.h
new file mode 100644
index 0000000..6519b20
--- /dev/null
+++ b/bin/confgen/keygen.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#ifndef RNDC_KEYGEN_H
+#define RNDC_KEYGEN_H 1
+
+/*! \file */
+
+#include <isc/buffer.h>
+#include <isc/lang.h>
+#include <isc/mem.h>
+
+#include <dns/secalg.h>
+
+ISC_LANG_BEGINDECLS
+
+void
+generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
+	     isc_buffer_t *key_txtbuffer);
+
+void
+write_key_file(const char *keyfile, const char *user, const char *keyname,
+	       isc_buffer_t *secret, dns_secalg_t alg);
+
+const char *
+alg_totext(dns_secalg_t alg);
+dns_secalg_t
+alg_fromtext(const char *name);
+int
+alg_bits(dns_secalg_t alg);
+
+ISC_LANG_ENDDECLS
+
+#endif /* RNDC_KEYGEN_H */
diff --git a/bin/confgen/rndc-confgen.c b/bin/confgen/rndc-confgen.c
new file mode 100644
index 0000000..cfbb295
--- /dev/null
+++ b/bin/confgen/rndc-confgen.c
@@ -0,0 +1,284 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*! \file */
+
+/**
+ * rndc-confgen generates configuration files for rndc. It can be used
+ * as a convenient alternative to writing the rndc.conf file and the
+ * corresponding controls and key statements in named.conf by hand.
+ * Alternatively, it can be run with the -a option to set up a
+ * rndc.key file and avoid the need for a rndc.conf file and a
+ * controls statement altogether.
+ */
+
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdlib.h>
+
+#include <isc/assertions.h>
+#include <isc/base64.h>
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/file.h>
+#include <isc/mem.h>
+#include <isc/net.h>
+#include <isc/print.h>
+#include <isc/result.h>
+#include <isc/string.h>
+#include <isc/time.h>
+#include <isc/util.h>
+
+#include <pk11/site.h>
+
+#include <dns/keyvalues.h>
+#include <dns/name.h>
+
+#include <dst/dst.h>
+
+#include <confgen/os.h>
+
+#include "keygen.h"
+#include "util.h"
+
+#define DEFAULT_KEYNAME "rndc-key"
+#define DEFAULT_SERVER	"127.0.0.1"
+#define DEFAULT_PORT	953
+
+static char program[256];
+const char *progname;
+
+bool verbose = false;
+
+const char *keyfile, *keydef;
+
+ISC_PLATFORM_NORETURN_PRE static void
+usage(int status) ISC_PLATFORM_NORETURN_POST;
+
+static void
+usage(int status) {
+	fprintf(stderr, "\
+Usage:\n\
+ %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] \
+[-s addr] [-t chrootdir] [-u user]\n\
+  -a:		 generate just the key clause and write it to keyfile (%s)\n\
+  -A alg:	 algorithm (default hmac-sha256)\n\
+  -b bits:	 from 1 through 512, default 256; total length of the secret\n\
+  -c keyfile:	 specify an alternate key file (requires -a)\n\
+  -k keyname:	 the name as it will be used  in named.conf and rndc.conf\n\
+  -p port:	 the port named will listen on and rndc will connect to\n\
+  -s addr:	 the address to which rndc should connect\n\
+  -t chrootdir:	 write a keyfile in chrootdir as well (requires -a)\n\
+  -u user:	 set the keyfile owner to \"user\" (requires -a)\n",
+		progname, keydef);
+
+	exit(status);
+}
+
+int
+main(int argc, char **argv) {
+	bool show_final_mem = false;
+	isc_buffer_t key_txtbuffer;
+	char key_txtsecret[256];
+	isc_mem_t *mctx = NULL;
+	isc_result_t result = ISC_R_SUCCESS;
+	const char *keyname = NULL;
+	const char *serveraddr = NULL;
+	dns_secalg_t alg;
+	const char *algname;
+	char *p;
+	int ch;
+	int port;
+	int keysize = -1;
+	struct in_addr addr4_dummy;
+	struct in6_addr addr6_dummy;
+	char *chrootdir = NULL;
+	char *user = NULL;
+	bool keyonly = false;
+	int len;
+
+	keydef = keyfile = RNDC_KEYFILE;
+
+	result = isc_file_progname(*argv, program, sizeof(program));
+	if (result != ISC_R_SUCCESS) {
+		memmove(program, "rndc-confgen", 13);
+	}
+	progname = program;
+
+	keyname = DEFAULT_KEYNAME;
+	alg = DST_ALG_HMACSHA256;
+	serveraddr = DEFAULT_SERVER;
+	port = DEFAULT_PORT;
+
+	isc_commandline_errprint = false;
+
+	while ((ch = isc_commandline_parse(argc, argv,
+					   "aA:b:c:hk:Mmp:r:s:t:u:Vy")) != -1)
+	{
+		switch (ch) {
+		case 'a':
+			keyonly = true;
+			break;
+		case 'A':
+			algname = isc_commandline_argument;
+			alg = alg_fromtext(algname);
+			if (alg == DST_ALG_UNKNOWN) {
+				fatal("Unsupported algorithm '%s'", algname);
+			}
+			break;
+		case 'b':
+			keysize = strtol(isc_commandline_argument, &p, 10);
+			if (*p != '\0' || keysize < 0) {
+				fatal("-b requires a non-negative number");
+			}
+			break;
+		case 'c':
+			keyfile = isc_commandline_argument;
+			break;
+		case 'h':
+			usage(0);
+		case 'k':
+		case 'y': /* Compatible with rndc -y. */
+			keyname = isc_commandline_argument;
+			break;
+		case 'M':
+			isc_mem_debugging = ISC_MEM_DEBUGTRACE;
+			break;
+
+		case 'm':
+			show_final_mem = true;
+			break;
+		case 'p':
+			port = strtol(isc_commandline_argument, &p, 10);
+			if (*p != '\0' || port < 0 || port > 65535) {
+				fatal("port '%s' out of range",
+				      isc_commandline_argument);
+			}
+			break;
+		case 'r':
+			fatal("The -r option has been deprecated.");
+			break;
+		case 's':
+			serveraddr = isc_commandline_argument;
+			if (inet_pton(AF_INET, serveraddr, &addr4_dummy) != 1 &&
+			    inet_pton(AF_INET6, serveraddr, &addr6_dummy) != 1)
+			{
+				fatal("-s should be an IPv4 or IPv6 address");
+			}
+			break;
+		case 't':
+			chrootdir = isc_commandline_argument;
+			break;
+		case 'u':
+			user = isc_commandline_argument;
+			break;
+		case 'V':
+			verbose = true;
+			break;
+		case '?':
+			if (isc_commandline_option != '?') {
+				fprintf(stderr, "%s: invalid argument -%c\n",
+					program, isc_commandline_option);
+				usage(1);
+			} else {
+				usage(0);
+			}
+			break;
+		default:
+			fprintf(stderr, "%s: unhandled option -%c\n", program,
+				isc_commandline_option);
+			exit(1);
+		}
+	}
+
+	argc -= isc_commandline_index;
+	argv += isc_commandline_index;
+	POST(argv);
+
+	if (argc > 0) {
+		usage(1);
+	}
+
+	if (alg == DST_ALG_HMACMD5) {
+		fprintf(stderr, "warning: use of hmac-md5 for RNDC keys "
+				"is deprecated; hmac-sha256 is now "
+				"recommended.\n");
+	}
+
+	if (keysize < 0) {
+		keysize = alg_bits(alg);
+	}
+	algname = alg_totext(alg);
+
+	isc_mem_create(&mctx);
+	isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
+
+	generate_key(mctx, alg, keysize, &key_txtbuffer);
+
+	if (keyonly) {
+		write_key_file(keyfile, chrootdir == NULL ? user : NULL,
+			       keyname, &key_txtbuffer, alg);
+
+		if (chrootdir != NULL) {
+			char *buf;
+			len = strlen(chrootdir) + strlen(keyfile) + 2;
+			buf = isc_mem_get(mctx, len);
+			snprintf(buf, len, "%s%s%s", chrootdir,
+				 (*keyfile != '/') ? "/" : "", keyfile);
+
+			write_key_file(buf, user, keyname, &key_txtbuffer, alg);
+			isc_mem_put(mctx, buf, len);
+		}
+	} else {
+		printf("\
+# Start of rndc.conf\n\
+key \"%s\" {\n\
+	algorithm %s;\n\
+	secret \"%.*s\";\n\
+};\n\
+\n\
+options {\n\
+	default-key \"%s\";\n\
+	default-server %s;\n\
+	default-port %d;\n\
+};\n\
+# End of rndc.conf\n\
+\n\
+# Use with the following in named.conf, adjusting the allow list as needed:\n\
+# key \"%s\" {\n\
+# 	algorithm %s;\n\
+# 	secret \"%.*s\";\n\
+# };\n\
+# \n\
+# controls {\n\
+# 	inet %s port %d\n\
+# 		allow { %s; } keys { \"%s\"; };\n\
+# };\n\
+# End of named.conf\n",
+		       keyname, algname,
+		       (int)isc_buffer_usedlength(&key_txtbuffer),
+		       (char *)isc_buffer_base(&key_txtbuffer), keyname,
+		       serveraddr, port, keyname, algname,
+		       (int)isc_buffer_usedlength(&key_txtbuffer),
+		       (char *)isc_buffer_base(&key_txtbuffer), serveraddr,
+		       port, serveraddr, keyname);
+	}
+
+	if (show_final_mem) {
+		isc_mem_stats(mctx, stderr);
+	}
+
+	isc_mem_destroy(&mctx);
+
+	return (0);
+}
diff --git a/bin/confgen/rndc-confgen.rst b/bin/confgen/rndc-confgen.rst
new file mode 100644
index 0000000..d90acba
--- /dev/null
+++ b/bin/confgen/rndc-confgen.rst
@@ -0,0 +1,106 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+.. highlight: console
+
+.. _man_rndc-confgen:
+
+rndc-confgen - rndc key generation tool
+---------------------------------------
+
+Synopsis
+~~~~~~~~
+
+:program:`rndc-confgen` [**-a**] [**-A** algorithm] [**-b** keysize] [**-c** keyfile] [**-h**] [**-k** keyname] [**-p** port] [**-s** address] [**-t** chrootdir] [**-u** user]
+
+Description
+~~~~~~~~~~~
+
+``rndc-confgen`` generates configuration files for ``rndc``. It can be
+used as a convenient alternative to writing the ``rndc.conf`` file and
+the corresponding ``controls`` and ``key`` statements in ``named.conf``
+by hand. Alternatively, it can be run with the ``-a`` option to set up a
+``rndc.key`` file and avoid the need for a ``rndc.conf`` file and a
+``controls`` statement altogether.
+
+Options
+~~~~~~~
+
+``-a``
+   This option sets automatic ``rndc`` configuration, which creates a file ``rndc.key``
+   in ``/etc`` (or a different ``sysconfdir`` specified when BIND
+   was built) that is read by both ``rndc`` and ``named`` on startup.
+   The ``rndc.key`` file defines a default command channel and
+   authentication key allowing ``rndc`` to communicate with ``named`` on
+   the local host with no further configuration.
+
+   If a more elaborate configuration than that generated by
+   ``rndc-confgen -a`` is required, for example if rndc is to be used
+   remotely, run ``rndc-confgen`` without the ``-a`` option
+   and set up ``rndc.conf`` and ``named.conf`` as directed.
+
+``-A algorithm``
+   This option specifies the algorithm to use for the TSIG key. Available choices
+   are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, and
+   hmac-sha512. The default is hmac-sha256.
+
+``-b keysize``
+   This option specifies the size of the authentication key in bits. The size must be between
+   1 and 512 bits; the default is the hash size.
+
+``-c keyfile``
+   This option is used with the ``-a`` option to specify an alternate location for
+   ``rndc.key``.
+
+``-h``
+   This option prints a short summary of the options and arguments to
+   ``rndc-confgen``.
+
+``-k keyname``
+   This option specifies the key name of the ``rndc`` authentication key. This must be a
+   valid domain name. The default is ``rndc-key``.
+
+``-p port``
+   This option specifies the command channel port where ``named`` listens for
+   connections from ``rndc``. The default is 953.
+
+``-s address``
+   This option specifies the IP address where ``named`` listens for command-channel
+   connections from ``rndc``. The default is the loopback address
+   127.0.0.1.
+
+``-t chrootdir``
+   This option is used with the ``-a`` option to specify a directory where ``named``
+   runs chrooted. An additional copy of the ``rndc.key`` is
+   written relative to this directory, so that it is found by the
+   chrooted ``named``.
+
+``-u user``
+   This option is used with the ``-a`` option to set the owner of the generated ``rndc.key`` file.
+   If ``-t`` is also specified, only the file in the chroot
+   area has its owner changed.
+
+Examples
+~~~~~~~~
+
+To allow ``rndc`` to be used with no manual configuration, run:
+
+``rndc-confgen -a``
+
+To print a sample ``rndc.conf`` file and the corresponding ``controls`` and
+``key`` statements to be manually inserted into ``named.conf``, run:
+
+``rndc-confgen``
+
+See Also
+~~~~~~~~
+
+:manpage:`rndc(8)`, :manpage:`rndc.conf(5)`, :manpage:`named(8)`, BIND 9 Administrator Reference Manual.
diff --git a/bin/confgen/tsig-keygen.rst b/bin/confgen/tsig-keygen.rst
new file mode 100644
index 0000000..a127407
--- /dev/null
+++ b/bin/confgen/tsig-keygen.rst
@@ -0,0 +1,50 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+.. highlight: console
+
+.. BEWARE: Do not forget to edit also ddns-confgen.rst!
+
+.. _man_tsig-keygen:
+
+tsig-keygen - TSIG key generation tool
+--------------------------------------
+
+Synopsis
+~~~~~~~~
+:program:`tsig-keygen` [**-a** algorithm] [**-h**] [name]
+
+Description
+~~~~~~~~~~~
+
+``tsig-keygen`` is an utility that generates keys for use in TSIG signing.
+The resulting keys can be used, for example, to secure dynamic DNS updates
+to a zone, or for the ``rndc`` command channel.
+
+A domain name can be specified on the command line to be used as the name
+of the generated key. If no name is specified, the default is ``tsig-key``.
+
+Options
+~~~~~~~
+
+``-a algorithm``
+   This option specifies the algorithm to use for the TSIG key. Available
+   choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
+   and hmac-sha512. The default is hmac-sha256. Options are
+   case-insensitive, and the "hmac-" prefix may be omitted.
+
+``-h``
+   This option prints a short summary of options and arguments.
+
+See Also
+~~~~~~~~
+
+:manpage:`nsupdate(1)`, :manpage:`named.conf(5)`, :manpage:`named(8)`, BIND 9 Administrator Reference Manual.
diff --git a/bin/confgen/unix/Makefile.in b/bin/confgen/unix/Makefile.in
new file mode 100644
index 0000000..cad563e
--- /dev/null
+++ b/bin/confgen/unix/Makefile.in
@@ -0,0 +1,30 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+srcdir =	@srcdir@
+VPATH =		@srcdir@
+top_srcdir =	@top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES =	-I${srcdir}/include -I${srcdir}/../include \
+		${DNS_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+OBJS =		os.@O@
+
+SRCS =		os.c
+
+TARGETS =	${OBJS}
+
+@BIND9_MAKE_RULES@
diff --git a/bin/confgen/unix/os.c b/bin/confgen/unix/os.c
new file mode 100644
index 0000000..445d64b
--- /dev/null
+++ b/bin/confgen/unix/os.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*! \file */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <confgen/os.h>
+
+int
+set_user(FILE *fd, const char *user) {
+	struct passwd *pw;
+
+	pw = getpwnam(user);
+	if (pw == NULL) {
+		errno = EINVAL;
+		return (-1);
+	}
+	return (fchown(fileno(fd), pw->pw_uid, -1));
+}
diff --git a/bin/confgen/util.c b/bin/confgen/util.c
new file mode 100644
index 0000000..3b3587c
--- /dev/null
+++ b/bin/confgen/util.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*! \file */
+
+#include "util.h"
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <isc/print.h>
+
+extern bool verbose;
+extern const char *progname;
+
+void
+notify(const char *fmt, ...) {
+	va_list ap;
+
+	if (verbose) {
+		va_start(ap, fmt);
+		vfprintf(stderr, fmt, ap);
+		va_end(ap);
+		fputs("\n", stderr);
+	}
+}
+
+void
+fatal(const char *format, ...) {
+	va_list args;
+
+	fprintf(stderr, "%s: ", progname);
+	va_start(args, format);
+	vfprintf(stderr, format, args);
+	va_end(args);
+	fprintf(stderr, "\n");
+	exit(1);
+}
diff --git a/bin/confgen/util.h b/bin/confgen/util.h
new file mode 100644
index 0000000..2d3c664
--- /dev/null
+++ b/bin/confgen/util.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#ifndef RNDC_UTIL_H
+#define RNDC_UTIL_H 1
+
+/*! \file */
+
+#include <isc/formatcheck.h>
+#include <isc/lang.h>
+#include <isc/platform.h>
+
+#define NS_CONTROL_PORT 953
+
+#undef DO
+#define DO(name, function)                                                \
+	do {                                                              \
+		result = function;                                        \
+		if (result != ISC_R_SUCCESS)                              \
+			fatal("%s: %s", name, isc_result_totext(result)); \
+		else                                                      \
+			notify("%s", name);                               \
+	} while (0)
+
+ISC_LANG_BEGINDECLS
+
+void
+notify(const char *fmt, ...) ISC_FORMAT_PRINTF(1, 2);
+
+ISC_PLATFORM_NORETURN_PRE void
+fatal(const char *format, ...)
+	ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
+
+ISC_LANG_ENDDECLS
+
+#endif /* RNDC_UTIL_H */
diff --git a/bin/confgen/win32/confgentool.vcxproj.filters.in b/bin/confgen/win32/confgentool.vcxproj.filters.in
new file mode 100644
index 0000000..231e4e1
--- /dev/null
+++ b/bin/confgen/win32/confgentool.vcxproj.filters.in
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\keygen.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\util.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\include\confgen\os.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\keygen.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\util.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="os.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/bin/confgen/win32/confgentool.vcxproj.in b/bin/confgen/win32/confgentool.vcxproj.in
new file mode 100644
index 0000000..26e4461
--- /dev/null
+++ b/bin/confgen/win32/confgentool.vcxproj.in
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|@PLATFORM@">
+      <Configuration>Debug</Configuration>
+      <Platform>@PLATFORM@</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|@PLATFORM@">
+      <Configuration>Release</Configuration>
+      <Platform>@PLATFORM@</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{64964B03-4815-41F0-9057-E766A94AF197}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>confgentool</RootNamespace>
+    @WINDOWS_TARGET_PLATFORM_VERSION@
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <CharacterSet>MultiByte</CharacterSet>
+    @PLATFORM_TOOLSET@
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+    @PLATFORM_TOOLSET@
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>.\$(Configuration)\</OutDir>
+    <IntDir>.\$(Configuration)\</IntDir>
+    <IntDirSharingDetected>None</IntDirSharingDetected>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>.\$(Configuration)\</OutDir>
+    <IntDir>.\$(Configuration)\</IntDir>
+    <IntDirSharingDetected>None</IntDirSharingDetected>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <TreatWarningAsError>false</TreatWarningAsError>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
+      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
+      <BrowseInformation>true</BrowseInformation>
+      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
+      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
+    <ClCompile>
+      <WarningLevel>Level1</WarningLevel>
+      <TreatWarningAsError>true</TreatWarningAsError>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <WholeProgramOptimization>false</WholeProgramOptimization>
+      <StringPooling>true</StringPooling>
+      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
+      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
+      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
+      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <LinkTimeCodeGeneration>false</LinkTimeCodeGeneration>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClInclude Include="..\include\confgen\os.h" />
+    <ClInclude Include="..\keygen.h" />
+    <ClInclude Include="..\util.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\keygen.c" />
+    <ClCompile Include="..\util.c" />
+    <ClCompile Include="os.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/bin/confgen/win32/confgentool.vcxproj.user b/bin/confgen/win32/confgentool.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/bin/confgen/win32/confgentool.vcxproj.user
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+</Project>
\ No newline at end of file
diff --git a/bin/confgen/win32/ddnsconfgen.vcxproj.filters.in b/bin/confgen/win32/ddnsconfgen.vcxproj.filters.in
new file mode 100644
index 0000000..ccdaa81
--- /dev/null
+++ b/bin/confgen/win32/ddnsconfgen.vcxproj.filters.in
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\ddns-confgen.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/bin/confgen/win32/ddnsconfgen.vcxproj.in b/bin/confgen/win32/ddnsconfgen.vcxproj.in
new file mode 100644
index 0000000..ce37aed
--- /dev/null
+++ b/bin/confgen/win32/ddnsconfgen.vcxproj.in
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|@PLATFORM@">
+      <Configuration>Debug</Configuration>
+      <Platform>@PLATFORM@</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|@PLATFORM@">
+      <Configuration>Release</Configuration>
+      <Platform>@PLATFORM@</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{1EA4FC64-F33B-4A50-970A-EA052BBE9CF1}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>ddnsconfgen</RootNamespace>
+    @WINDOWS_TARGET_PLATFORM_VERSION@
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <CharacterSet>MultiByte</CharacterSet>
+    @PLATFORM_TOOLSET@
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+    @PLATFORM_TOOLSET@
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
+    <IntDir>.\$(Configuration)\</IntDir>
+    <IntDirSharingDetected>None</IntDirSharingDetected>
+    <TargetName>ddns-confgen</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
+    <IntDir>.\$(Configuration)\</IntDir>
+    <IntDirSharingDetected>None</IntDirSharingDetected>
+    <TargetName>ddns-confgen</TargetName>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <TreatWarningAsError>false</TreatWarningAsError>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
+      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
+      <BrowseInformation>true</BrowseInformation>
+      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
+      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
+      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>@OPENSSL_LIBCRYPTO@@OPENSSL_LIBSSL@confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+    <PostBuildEvent>
+      <Command>cd ..\..\..\Build\$(Configuration)
+copy /Y ddns-confgen.exe tsig-keygen.exe
+copy /Y ddns-confgen.ilk tsig-keygen.ilk
+</Command>
+    </PostBuildEvent>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
+    <ClCompile>
+      <WarningLevel>Level1</WarningLevel>
+      <TreatWarningAsError>true</TreatWarningAsError>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <WholeProgramOptimization>false</WholeProgramOptimization>
+      <StringPooling>true</StringPooling>
+      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
+      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
+      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
+      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
+      <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
+      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>@OPENSSL_LIBCRYPTO@@OPENSSL_LIBSSL@confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+    <PostBuildEvent>
+      <Command>cd ..\..\..\Build\$(Configuration)
+copy /Y ddns-confgen.exe tsig-keygen.exe
+</Command>
+    </PostBuildEvent>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\ddns-confgen.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/bin/confgen/win32/ddnsconfgen.vcxproj.user b/bin/confgen/win32/ddnsconfgen.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/bin/confgen/win32/ddnsconfgen.vcxproj.user
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+</Project>
\ No newline at end of file
diff --git a/bin/confgen/win32/os.c b/bin/confgen/win32/os.c
new file mode 100644
index 0000000..ee8314e
--- /dev/null
+++ b/bin/confgen/win32/os.c
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <io.h>
+#include <stdio.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <confgen/os.h>
+
+int
+set_user(FILE *fd, const char *user) {
+	return (0);
+}
diff --git a/bin/confgen/win32/rndcconfgen.vcxproj.filters.in b/bin/confgen/win32/rndcconfgen.vcxproj.filters.in
new file mode 100644
index 0000000..20f6b5a
--- /dev/null
+++ b/bin/confgen/win32/rndcconfgen.vcxproj.filters.in
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\rndc-confgen.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/bin/confgen/win32/rndcconfgen.vcxproj.in b/bin/confgen/win32/rndcconfgen.vcxproj.in
new file mode 100644
index 0000000..5ddabd1
--- /dev/null
+++ b/bin/confgen/win32/rndcconfgen.vcxproj.in
@@ -0,0 +1,121 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|@PLATFORM@">
+      <Configuration>Debug</Configuration>
+      <Platform>@PLATFORM@</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|@PLATFORM@">
+      <Configuration>Release</Configuration>
+      <Platform>@PLATFORM@</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{1E2C1635-3093-4D59-80E7-4743AC10F22F}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>rndcconfgen</RootNamespace>
+    @WINDOWS_TARGET_PLATFORM_VERSION@
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <CharacterSet>MultiByte</CharacterSet>
+    @PLATFORM_TOOLSET@
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+    @PLATFORM_TOOLSET@
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
+    <IntDir>.\$(Configuration)\</IntDir>
+    <IntDirSharingDetected>None</IntDirSharingDetected>
+    <TargetName>rndc-confgen</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
+    <IntDir>.\$(Configuration)\</IntDir>
+    <IntDirSharingDetected>None</IntDirSharingDetected>
+    <TargetName>rndc-confgen</TargetName>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <TreatWarningAsError>false</TreatWarningAsError>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
+      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
+      <BrowseInformation>true</BrowseInformation>
+      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
+      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
+      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>@OPENSSL_LIBCRYPTO@@OPENSSL_LIBSSL@confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
+    <ClCompile>
+      <WarningLevel>Level1</WarningLevel>
+      <TreatWarningAsError>true</TreatWarningAsError>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <WholeProgramOptimization>false</WholeProgramOptimization>
+      <StringPooling>true</StringPooling>
+      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
+      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
+      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
+      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
+      <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
+      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>@OPENSSL_LIBCRYPTO@@OPENSSL_LIBSSL@confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\rndc-confgen.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/bin/confgen/win32/rndcconfgen.vcxproj.user b/bin/confgen/win32/rndcconfgen.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/bin/confgen/win32/rndcconfgen.vcxproj.user
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+</Project>
\ No newline at end of file
-- 
cgit v1.2.3