Adding basic unbound support.

author: Tobias Markmann <tm@ayena.de> 2012-03-12 17:32:02 (GMT)
committer: Tobias Markmann <tm@ayena.de> 2012-03-21 20:41:16 (GMT)
commit: 2878d950c11526094dc2faeb2caeeb1004f1690d (patch)
tree: 891760e443f9c90135165bb4ec29c72647179bcf /3rdParty/Ldns/src/include/ldns
parent: 2fa37f2976b933ca0bcf5f85dd1615805776d67d (diff)
download: swift-contrib-2878d950c11526094dc2faeb2caeeb1004f1690d.zip
swift-contrib-2878d950c11526094dc2faeb2caeeb1004f1690d.tar.bz2
34 files changed, 12023 insertions, 0 deletions
diff --git a/3rdParty/Ldns/src/include/ldns/buffer.h b/3rdParty/Ldns/src/include/ldns/buffer.h
new file mode 100644
index 0000000..03df14c
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/buffer.h
@@ -0,0 +1,644 @@
+/*
+ * buffer.h -- generic memory buffer.
+ *
+ * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
+ *
+ * See LICENSE for the license.
+ *
+ *
+ * The buffer module implements a generic buffer.  The API is based on
+ * the java.nio.Buffer interface.
+ */
+
+#ifndef LDNS_BUFFER_H
+#define LDNS_BUFFER_H
+
+#include <assert.h>
+#include <stdarg.h>
+#include <string.h>
+
+#include <ldns/error.h>
+#include <ldns/common.h>
+
+#include "ldns/util.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * number of initial bytes in buffer of
+ * which we cannot tell the size before hand
+ */
+#define LDNS_MIN_BUFLEN	512
+
+/**
+ * \file buffer.h
+ *
+ * This file contains the definition of ldns_buffer, and functions to manipulate those.
+ */
+
+/** 
+ * implementation of buffers to ease operations
+ *
+ * ldns_buffers can contain arbitrary information, per octet. You can write
+ * to the current end of a buffer, read from the current position, and
+ * access any data within it.
+ *
+ * Example use of buffers is in the source code of \ref host2str.c
+ */
+struct ldns_struct_buffer
+{
+	/** The current position used for reading/writing */ 
+	size_t   _position;
+
+	/** The read/write limit */
+	size_t   _limit;
+
+	/** The amount of data the buffer can contain */
+	size_t   _capacity;
+
+	/** The data contained in the buffer */
+	uint8_t *_data;
+
+	/** If the buffer is fixed it cannot be resized */
+	unsigned _fixed : 1;
+
+	/** The current state of the buffer. If writing to the buffer fails
+	 * for any reason, this value is changed. This way, you can perform
+	 * multiple writes in sequence and check for success afterwards. */
+	ldns_status _status;
+};
+typedef struct ldns_struct_buffer ldns_buffer;
+
+
+#ifdef NDEBUG
+INLINE void
+ldns_buffer_invariant(ldns_buffer *ATTR_UNUSED(buffer))
+{
+}
+#else
+INLINE void
+ldns_buffer_invariant(ldns_buffer *buffer)
+{
+	assert(buffer != NULL);
+	assert(buffer->_position <= buffer->_limit);
+	assert(buffer->_limit <= buffer->_capacity);
+	assert(buffer->_data != NULL);
+}
+#endif
+
+/**
+ * creates a new buffer with the specified capacity.
+ *
+ * \param[in] capacity the size (in bytes) to allocate for the buffer
+ * \return the created buffer
+ */
+ldns_buffer *ldns_buffer_new(size_t capacity);
+
+/**
+ * creates a buffer with the specified data.  The data IS copied
+ * and MEMORY allocations are done.  The buffer is not fixed and can
+ * be resized using buffer_reserve().
+ *
+ * \param[in] buffer pointer to the buffer to put the data in
+ * \param[in] data the data to encapsulate in the buffer
+ * \param[in] size the size of the data
+ */
+void ldns_buffer_new_frm_data(ldns_buffer *buffer, void *data, size_t size);
+
+/**
+ * clears the buffer and make it ready for writing.  The buffer's limit
+ * is set to the capacity and the position is set to 0.
+ * \param[in] buffer the buffer to clear
+ */
+INLINE void ldns_buffer_clear(ldns_buffer *buffer)
+{
+	ldns_buffer_invariant(buffer);
+
+	/* reset status here? */
+
+	buffer->_position = 0;
+	buffer->_limit = buffer->_capacity;
+}
+
+/**
+ * makes the buffer ready for reading the data that has been written to
+ * the buffer.  The buffer's limit is set to the current position and
+ * the position is set to 0.
+ *
+ * \param[in] buffer the buffer to flip
+ * \return void
+ */
+INLINE void ldns_buffer_flip(ldns_buffer *buffer)
+{
+	ldns_buffer_invariant(buffer);
+
+	buffer->_limit = buffer->_position;
+	buffer->_position = 0;
+}
+
+/**
+ * make the buffer ready for re-reading the data.  The buffer's
+ * position is reset to 0.
+ * \param[in] buffer the buffer to rewind
+ */
+INLINE void ldns_buffer_rewind(ldns_buffer *buffer)
+{
+	ldns_buffer_invariant(buffer);
+
+	buffer->_position = 0;
+}
+
+/**
+ * returns the current position in the buffer (as a number of bytes)
+ * \param[in] buffer the buffer
+ * \return the current position
+ */
+INLINE size_t
+ldns_buffer_position(ldns_buffer *buffer)
+{
+	return buffer->_position;
+}
+
+/**
+ * sets the buffer's position to MARK.  The position must be less than
+ * or equal to the buffer's limit.
+ * \param[in] buffer the buffer
+ * \param[in] mark the mark to use
+ */
+INLINE void
+ldns_buffer_set_position(ldns_buffer *buffer, size_t mark)
+{
+	assert(mark <= buffer->_limit);
+	buffer->_position = mark;
+}
+
+/**
+ * changes the buffer's position by COUNT bytes.  The position must not
+ * be moved behind the buffer's limit or before the beginning of the
+ * buffer.
+ * \param[in] buffer the buffer
+ * \param[in] count the count to use
+ */
+INLINE void
+ldns_buffer_skip(ldns_buffer *buffer, ssize_t count)
+{
+	assert(buffer->_position + count <= buffer->_limit);
+	buffer->_position += count;
+}
+
+/**
+ * returns the maximum size of the buffer
+ * \param[in] buffer
+ * \return the size
+ */
+INLINE size_t
+ldns_buffer_limit(ldns_buffer *buffer)
+{
+	return buffer->_limit;
+}
+
+/**
+ * changes the buffer's limit.  If the buffer's position is greater
+ * than the new limit the position is set to the limit.
+ * \param[in] buffer the buffer
+ * \param[in] limit the new limit
+ */
+INLINE void
+ldns_buffer_set_limit(ldns_buffer *buffer, size_t limit)
+{
+	assert(limit <= buffer->_capacity);
+	buffer->_limit = limit;
+	if (buffer->_position > buffer->_limit)
+		buffer->_position = buffer->_limit;
+}
+
+/**
+ * returns the number of bytes the buffer can hold.
+ * \param[in] buffer the buffer
+ * \return the number of bytes
+ */
+INLINE size_t
+ldns_buffer_capacity(ldns_buffer *buffer)
+{
+	return buffer->_capacity;
+}
+
+/**
+ * changes the buffer's capacity.  The data is reallocated so any
+ * pointers to the data may become invalid.  The buffer's limit is set
+ * to the buffer's new capacity.
+ * \param[in] buffer the buffer
+ * \param[in] capacity the capacity to use
+ * \return whether this failed or succeeded
+ */
+bool ldns_buffer_set_capacity(ldns_buffer *buffer, size_t capacity);
+
+/**
+ * ensures BUFFER can contain at least AMOUNT more bytes.  The buffer's
+ * capacity is increased if necessary using buffer_set_capacity().
+ *
+ * The buffer's limit is always set to the (possibly increased)
+ * capacity.
+ * \param[in] buffer the buffer
+ * \param[in] amount amount to use
+ * \return whether this failed or succeeded
+ */
+bool ldns_buffer_reserve(ldns_buffer *buffer, size_t amount);
+
+/**
+ * returns a pointer to the data at the indicated position.
+ * \param[in] buffer the buffer
+ * \param[in] at position
+ * \return the pointer to the data
+ */
+INLINE uint8_t *
+ldns_buffer_at(const ldns_buffer *buffer, size_t at)
+{
+	assert(at <= buffer->_limit);
+	return buffer->_data + at;
+}
+
+/**
+ * returns a pointer to the beginning of the buffer (the data at
+ * position 0).
+ * \param[in] buffer the buffer
+ * \return the pointer
+ */
+INLINE uint8_t *
+ldns_buffer_begin(const ldns_buffer *buffer)
+{
+	return ldns_buffer_at(buffer, 0);
+}
+
+/**
+ * returns a pointer to the end of the buffer (the data at the buffer's
+ * limit).
+ * \param[in] buffer the buffer
+ * \return the pointer
+ */
+INLINE uint8_t *
+ldns_buffer_end(ldns_buffer *buffer)
+{
+	return ldns_buffer_at(buffer, buffer->_limit);
+}
+
+/**
+ * returns a pointer to the data at the buffer's current position.
+ * \param[in] buffer the buffer
+ * \return the pointer
+ */
+INLINE uint8_t *
+ldns_buffer_current(ldns_buffer *buffer)
+{
+	return ldns_buffer_at(buffer, buffer->_position);
+}
+
+/**
+ * returns the number of bytes remaining between the indicated position and
+ * the limit.
+ * \param[in] buffer the buffer
+ * \param[in] at indicated position
+ * \return number of bytes
+ */
+INLINE size_t
+ldns_buffer_remaining_at(ldns_buffer *buffer, size_t at)
+{
+	ldns_buffer_invariant(buffer);
+	assert(at <= buffer->_limit);
+	return buffer->_limit - at;
+}
+
+/**
+ * returns the number of bytes remaining between the buffer's position and
+ * limit.
+ * \param[in] buffer the buffer
+ * \return the number of bytes
+ */
+INLINE size_t
+ldns_buffer_remaining(ldns_buffer *buffer)
+{
+	return ldns_buffer_remaining_at(buffer, buffer->_position);
+}
+
+/**
+ * checks if the buffer has at least COUNT more bytes available.
+ * Before reading or writing the caller needs to ensure enough space
+ * is available!
+ * \param[in] buffer the buffer
+ * \param[in] at indicated position
+ * \param[in] count how much is available
+ * \return true or false (as int?)
+ */
+INLINE int
+ldns_buffer_available_at(ldns_buffer *buffer, size_t at, size_t count)
+{
+	return count <= ldns_buffer_remaining_at(buffer, at);
+}
+
+/**
+ * checks if the buffer has count bytes available at the current position
+ * \param[in] buffer the buffer
+ * \param[in] count how much is available
+ * \return true or false (as int?)
+ */
+INLINE int
+ldns_buffer_available(ldns_buffer *buffer, size_t count)
+{
+	return ldns_buffer_available_at(buffer, buffer->_position, count);
+}
+
+/**
+ * writes the given data to the buffer at the specified position
+ * \param[in] buffer the buffer
+ * \param[in] at the position (in number of bytes) to write the data at
+ * \param[in] data pointer to the data to write to the buffer
+ * \param[in] count the number of bytes of data to write
+ */
+INLINE void
+ldns_buffer_write_at(ldns_buffer *buffer, size_t at, const void *data, size_t count)
+{
+	assert(ldns_buffer_available_at(buffer, at, count));
+	memcpy(buffer->_data + at, data, count);
+}
+
+/**
+ * writes count bytes of data to the current position of the buffer
+ * \param[in] buffer the buffer
+ * \param[in] data the data to write
+ * \param[in] count the lenght of the data to write
+ */
+INLINE void
+ldns_buffer_write(ldns_buffer *buffer, const void *data, size_t count)
+{
+	ldns_buffer_write_at(buffer, buffer->_position, data, count);
+	buffer->_position += count;
+}
+
+/**
+ * copies the given (null-delimited) string to the specified position at the buffer
+ * \param[in] buffer the buffer
+ * \param[in] at the position in the buffer
+ * \param[in] str the string to write
+ */
+INLINE void
+ldns_buffer_write_string_at(ldns_buffer *buffer, size_t at, const char *str)
+{
+	ldns_buffer_write_at(buffer, at, str, strlen(str));
+}
+
+/**
+ * copies the given (null-delimited) string to the current position at the buffer
+ * \param[in] buffer the buffer
+ * \param[in] str the string to write
+ */
+INLINE void
+ldns_buffer_write_string(ldns_buffer *buffer, const char *str)
+{
+	ldns_buffer_write(buffer, str, strlen(str));
+}
+
+/**
+ * writes the given byte of data at the given position in the buffer
+ * \param[in] buffer the buffer
+ * \param[in] at the position in the buffer
+ * \param[in] data the 8 bits to write
+ */
+INLINE void
+ldns_buffer_write_u8_at(ldns_buffer *buffer, size_t at, uint8_t data)
+{
+	assert(ldns_buffer_available_at(buffer, at, sizeof(data)));
+	buffer->_data[at] = data;
+}
+
+/**
+ * writes the given byte of data at the current position in the buffer
+ * \param[in] buffer the buffer
+ * \param[in] data the 8 bits to write
+ */
+INLINE void
+ldns_buffer_write_u8(ldns_buffer *buffer, uint8_t data)
+{
+	ldns_buffer_write_u8_at(buffer, buffer->_position, data);
+	buffer->_position += sizeof(data);
+}
+
+/**
+ * writes the given 2 byte integer at the given position in the buffer
+ * \param[in] buffer the buffer
+ * \param[in] at the position in the buffer
+ * \param[in] data the 16 bits to write
+ */
+INLINE void
+ldns_buffer_write_u16_at(ldns_buffer *buffer, size_t at, uint16_t data)
+{
+	assert(ldns_buffer_available_at(buffer, at, sizeof(data)));
+	ldns_write_uint16(buffer->_data + at, data);
+}
+
+/**
+ * writes the given 2 byte integer at the current position in the buffer
+ * \param[in] buffer the buffer
+ * \param[in] data the 16 bits to write
+ */
+INLINE void
+ldns_buffer_write_u16(ldns_buffer *buffer, uint16_t data)
+{
+	ldns_buffer_write_u16_at(buffer, buffer->_position, data);
+	buffer->_position += sizeof(data);
+}
+
+/**
+ * writes the given 4 byte integer at the given position in the buffer
+ * \param[in] buffer the buffer
+ * \param[in] at the position in the buffer
+ * \param[in] data the 32 bits to write
+ */
+INLINE void
+ldns_buffer_write_u32_at(ldns_buffer *buffer, size_t at, uint32_t data)
+{
+	assert(ldns_buffer_available_at(buffer, at, sizeof(data)));
+	ldns_write_uint32(buffer->_data + at, data);
+}
+
+/**
+ * writes the given 4 byte integer at the current position in the buffer
+ * \param[in] buffer the buffer
+ * \param[in] data the 32 bits to write
+ */
+INLINE void
+ldns_buffer_write_u32(ldns_buffer *buffer, uint32_t data)
+{
+	ldns_buffer_write_u32_at(buffer, buffer->_position, data);
+	buffer->_position += sizeof(data);
+}
+
+/**
+ * copies count bytes of data at the given position to the given data-array
+ * \param[in] buffer the buffer
+ * \param[in] at the position in the buffer to start
+ * \param[out] data buffer to copy to
+ * \param[in] count the length of the data to copy
+ */
+INLINE void
+ldns_buffer_read_at(ldns_buffer *buffer, size_t at, void *data, size_t count)
+{
+	assert(ldns_buffer_available_at(buffer, at, count));
+	memcpy(data, buffer->_data + at, count);
+}
+
+/**
+ * copies count bytes of data at the current position to the given data-array
+ * \param[in] buffer the buffer
+ * \param[out] data buffer to copy to
+ * \param[in] count the length of the data to copy
+ */
+INLINE void
+ldns_buffer_read(ldns_buffer *buffer, void *data, size_t count)
+{
+	ldns_buffer_read_at(buffer, buffer->_position, data, count);
+	buffer->_position += count;
+}
+
+/**
+ * returns the byte value at the given position in the buffer
+ * \param[in] buffer the buffer
+ * \param[in] at the position in the buffer
+ * \return 1 byte integer
+ */
+INLINE uint8_t
+ldns_buffer_read_u8_at(ldns_buffer *buffer, size_t at)
+{
+	assert(ldns_buffer_available_at(buffer, at, sizeof(uint8_t)));
+	return buffer->_data[at];
+}
+
+/**
+ * returns the byte value at the current position in the buffer
+ * \param[in] buffer the buffer
+ * \return 1 byte integer
+ */
+INLINE uint8_t
+ldns_buffer_read_u8(ldns_buffer *buffer)
+{
+	uint8_t result = ldns_buffer_read_u8_at(buffer, buffer->_position);
+	buffer->_position += sizeof(uint8_t);
+	return result;
+}
+
+/**
+ * returns the 2-byte integer value at the given position in the buffer
+ * \param[in] buffer the buffer
+ * \param[in] at position in the buffer
+ * \return 2 byte integer
+ */
+INLINE uint16_t
+ldns_buffer_read_u16_at(ldns_buffer *buffer, size_t at)
+{
+	assert(ldns_buffer_available_at(buffer, at, sizeof(uint16_t)));
+	return ldns_read_uint16(buffer->_data + at);
+}
+
+/**
+ * returns the 2-byte integer value at the current position in the buffer
+ * \param[in] buffer the buffer
+ * \return 2 byte integer
+ */
+INLINE uint16_t
+ldns_buffer_read_u16(ldns_buffer *buffer)
+{
+	uint16_t result = ldns_buffer_read_u16_at(buffer, buffer->_position);
+	buffer->_position += sizeof(uint16_t);
+	return result;
+}
+
+/**
+ * returns the 4-byte integer value at the given position in the buffer
+ * \param[in] buffer the buffer
+ * \param[in] at position in the buffer
+ * \return 4 byte integer
+ */
+INLINE uint32_t
+ldns_buffer_read_u32_at(ldns_buffer *buffer, size_t at)
+{
+	assert(ldns_buffer_available_at(buffer, at, sizeof(uint32_t)));
+	return ldns_read_uint32(buffer->_data + at);
+}
+
+/**
+ * returns the 4-byte integer value at the current position in the buffer
+ * \param[in] buffer the buffer
+ * \return 4 byte integer
+ */
+INLINE uint32_t
+ldns_buffer_read_u32(ldns_buffer *buffer)
+{
+	uint32_t result = ldns_buffer_read_u32_at(buffer, buffer->_position);
+	buffer->_position += sizeof(uint32_t);
+	return result;
+}
+
+/**
+ * returns the status of the buffer
+ * \param[in] buffer
+ * \return the status
+ */
+INLINE ldns_status
+ldns_buffer_status(ldns_buffer *buffer)
+{
+	return buffer->_status;
+}
+
+/**
+ * returns true if the status of the buffer is LDNS_STATUS_OK, false otherwise
+ * \param[in] buffer the buffer
+ * \return true or false
+ */
+INLINE bool
+ldns_buffer_status_ok(ldns_buffer *buffer)
+{
+	if (buffer) {
+		return ldns_buffer_status(buffer) == LDNS_STATUS_OK;
+	} else {
+		return false;
+	}
+}
+
+/**
+ * prints to the buffer, increasing the capacity if required using
+ * buffer_reserve(). The buffer's position is set to the terminating '\\0'
+ * Returns the number of characters written (not including the
+ * terminating '\\0') or -1 on failure.
+ */
+int ldns_buffer_printf(ldns_buffer *buffer, const char *format, ...);
+/*	ATTR_FORMAT(printf, 2, 3);*/
+
+/**
+ * frees the buffer.
+ * \param[in] *buffer the buffer to be freed
+ * \return void
+ */
+void ldns_buffer_free(ldns_buffer *buffer);
+
+/**
+ * Makes the buffer fixed and returns a pointer to the data.  The
+ * caller is responsible for free'ing the result.
+ * \param[in] *buffer the buffer to be exported
+ * \return void
+ */
+void *ldns_buffer_export(ldns_buffer *buffer);
+
+/**
+ * Copy contents of the other buffer to this buffer. Silently truncated
+ * if this buffer is too small.
+ * \param[out] *result resulting buffer which is copied to.
+ * \param[in] *from what to copy to result.
+ */
+void ldns_buffer_copy(ldns_buffer* result, ldns_buffer* from);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDNS_BUFFER_H */
diff --git a/3rdParty/Ldns/src/include/ldns/common.h b/3rdParty/Ldns/src/include/ldns/common.h
new file mode 100644
index 0000000..ed3847f
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/common.h
@@ -0,0 +1,69 @@
+/**
+ * \file common.h
+ *
+ * Common definitions for LDNS
+ */
+
+/**
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2004-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+#ifndef LDNS_COMMON_H
+#define LDNS_COMMON_H
+
+/*
+ * The build configuration that is used in the distributed headers,
+ * as detected and determined by the auto configure script.
+ */
+#define LDNS_BUILD_CONFIG_HAVE_SSL         1
+#define LDNS_BUILD_CONFIG_USE_ECDSA        0
+#define LDNS_BUILD_CONFIG_HAVE_INTTYPES_H  1
+#define LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT 1
+#define LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED 1
+
+/*
+ * HAVE_STDBOOL_H is not available when distributed as a library, but no build 
+ * configuration variables may be used (like those above) because the header
+ * is sometimes only available when using special compiler flags to enable the
+ * c99 environment. Because we cannot force the usage of this flag, we have to
+ * provide a default type. Below what is suggested by the autoconf manual.
+ */
+/*@ignore@*/
+/* splint barfs on this construct */
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# ifndef HAVE__BOOL
+#  ifdef __cplusplus
+typedef bool _Bool;
+#  else
+#   define _Bool signed char
+#  endif
+# endif
+# define bool _Bool
+# define false 0
+# define true 1
+# define __bool_true_false_are_defined 1
+#endif
+/*@end@*/
+
+#if LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT
+#define ATTR_FORMAT(archetype, string_index, first_to_check) \
+    __attribute__ ((format (archetype, string_index, first_to_check)))
+#else /* !LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT */
+#define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */
+#endif /* !LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT */
+
+#if defined(__cplusplus)
+#define ATTR_UNUSED(x)
+#elif LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED
+#define ATTR_UNUSED(x)  x __attribute__((unused))
+#else /* !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED */
+#define ATTR_UNUSED(x)  x
+#endif /* !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED */
+
+#endif /* LDNS_COMMON_H */
diff --git a/3rdParty/Ldns/src/include/ldns/common.h.in b/3rdParty/Ldns/src/include/ldns/common.h.in
new file mode 100644
index 0000000..98470ee
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/common.h.in
@@ -0,0 +1,69 @@
+/**
+ * \file common.h
+ *
+ * Common definitions for LDNS
+ */
+
+/**
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2004-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+#ifndef LDNS_COMMON_H
+#define LDNS_COMMON_H
+
+/*
+ * The build configuration that is used in the distributed headers,
+ * as detected and determined by the auto configure script.
+ */
+#define LDNS_BUILD_CONFIG_HAVE_SSL         @ldns_build_config_have_ssl@
+#define LDNS_BUILD_CONFIG_USE_ECDSA        @ldns_build_config_use_ecdsa@
+#define LDNS_BUILD_CONFIG_HAVE_INTTYPES_H  @ldns_build_config_have_inttypes_h@
+#define LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT @ldns_build_config_have_attr_format@
+#define LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED @ldns_build_config_have_attr_unused@
+
+/*
+ * HAVE_STDBOOL_H is not available when distributed as a library, but no build 
+ * configuration variables may be used (like those above) because the header
+ * is sometimes only available when using special compiler flags to enable the
+ * c99 environment. Because we cannot force the usage of this flag, we have to
+ * provide a default type. Below what is suggested by the autoconf manual.
+ */
+/*@ignore@*/
+/* splint barfs on this construct */
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# ifndef HAVE__BOOL
+#  ifdef __cplusplus
+typedef bool _Bool;
+#  else
+#   define _Bool signed char
+#  endif
+# endif
+# define bool _Bool
+# define false 0
+# define true 1
+# define __bool_true_false_are_defined 1
+#endif
+/*@end@*/
+
+#if LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT
+#define ATTR_FORMAT(archetype, string_index, first_to_check) \
+    __attribute__ ((format (archetype, string_index, first_to_check)))
+#else /* !LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT */
+#define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */
+#endif /* !LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT */
+
+#if defined(__cplusplus)
+#define ATTR_UNUSED(x)
+#elif LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED
+#define ATTR_UNUSED(x)  x __attribute__((unused))
+#else /* !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED */
+#define ATTR_UNUSED(x)  x
+#endif /* !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED */
+
+#endif /* LDNS_COMMON_H */
diff --git a/3rdParty/Ldns/src/include/ldns/config.h b/3rdParty/Ldns/src/include/ldns/config.h
new file mode 100644
index 0000000..e271415
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/config.h
@@ -0,0 +1,556 @@
+/* ldns/config.h.  Generated from config.h.in by configure.  */
+/* ldns/config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define if building universal (internal helper macro) */
+/* #undef AC_APPLE_UNIVERSAL_BUILD */
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#define HAVE_ARPA_INET_H 1
+
+/* Whether the C compiler accepts the "format" attribute */
+#define HAVE_ATTR_FORMAT 1
+
+/* Whether the C compiler accepts the "unused" attribute */
+#define HAVE_ATTR_UNUSED 1
+
+/* Define to 1 if you have the `b32_ntop' function. */
+/* #undef HAVE_B32_NTOP */
+
+/* Define to 1 if you have the `b32_pton' function. */
+/* #undef HAVE_B32_PTON */
+
+/* Define to 1 if you have the `b64_ntop' function. */
+/* #undef HAVE_B64_NTOP */
+
+/* Define to 1 if you have the `b64_pton' function. */
+/* #undef HAVE_B64_PTON */
+
+/* Define to 1 if you have the `bzero' function. */
+#define HAVE_BZERO 1
+
+/* Define to 1 if you have the `calloc' function. */
+#define HAVE_CALLOC 1
+
+/* Define to 1 if you have the `ctime_r' function. */
+#define HAVE_CTIME_R 1
+
+/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you
+   don't. */
+/* #undef HAVE_DECL_NID_SECP384R1 */
+
+/* Define to 1 if you have the declaration of `NID_X9_62_prime256v1', and to 0
+   if you don't. */
+/* #undef HAVE_DECL_NID_X9_62_PRIME256V1 */
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#define HAVE_DLFCN_H 1
+
+/* Define to 1 if you have the `endprotoent' function. */
+#define HAVE_ENDPROTOENT 1
+
+/* Define to 1 if you have the `endservent' function. */
+#define HAVE_ENDSERVENT 1
+
+/* Define to 1 if you have the `EVP_sha256' function. */
+#define HAVE_EVP_SHA256 1
+
+/* Define to 1 if you have the `fcntl' function. */
+#define HAVE_FCNTL 1
+
+/* Define to 1 if you have the `fork' function. */
+#define HAVE_FORK 1
+
+/* Whether getaddrinfo is available */
+#define HAVE_GETADDRINFO 1
+
+/* Define to 1 if you have the <getopt.h> header file. */
+#define HAVE_GETOPT_H 1
+
+/* Define to 1 if you have the `gmtime_r' function. */
+#define HAVE_GMTIME_R 1
+
+/* If you have HMAC_CTX_init */
+#define HAVE_HMAC_CTX_INIT 1
+
+/* Define to 1 if you have the `inet_aton' function. */
+#define HAVE_INET_ATON 1
+
+/* Define to 1 if you have the `inet_ntop' function. */
+#define HAVE_INET_NTOP 1
+
+/* Define to 1 if you have the `inet_pton' function. */
+#define HAVE_INET_PTON 1
+
+/* Define to 1 if the system has the type `intptr_t'. */
+#define HAVE_INTPTR_T 1
+
+/* define if you have inttypes.h */
+#define HAVE_INTTYPES_H 1
+
+/* if the function 'ioctlsocket' is available */
+/* #undef HAVE_IOCTLSOCKET */
+
+/* Define to 1 if you have the `isascii' function. */
+#define HAVE_ISASCII 1
+
+/* Define to 1 if you have the `isblank' function. */
+#define HAVE_ISBLANK 1
+
+/* Define to 1 if you have the `pcap' library (-lpcap). */
+/* #undef HAVE_LIBPCAP */
+
+/* Define to 1 if you have the `localtime_r' function. */
+#define HAVE_LOCALTIME_R 1
+
+/* Define to 1 if your system has a GNU libc compatible `malloc' function, and
+   to 0 otherwise. */
+#define HAVE_MALLOC 1
+
+/* Define to 1 if you have the `memmove' function. */
+#define HAVE_MEMMOVE 1
+
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the `memset' function. */
+#define HAVE_MEMSET 1
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#define HAVE_NETDB_H 1
+
+/* Define to 1 if you have the <netinet/if_ether.h> header file. */
+/* #undef HAVE_NETINET_IF_ETHER_H */
+
+/* Define to 1 if you have the <netinet/igmp.h> header file. */
+/* #undef HAVE_NETINET_IGMP_H */
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#define HAVE_NETINET_IN_H 1
+
+/* Define to 1 if you have the <netinet/in_systm.h> header file. */
+/* #undef HAVE_NETINET_IN_SYSTM_H */
+
+/* Define to 1 if you have the <netinet/ip6.h> header file. */
+/* #undef HAVE_NETINET_IP6_H */
+
+/* Define to 1 if you have the <netinet/ip_compat.h> header file. */
+/* #undef HAVE_NETINET_IP_COMPAT_H */
+
+/* Define to 1 if you have the <netinet/ip.h> header file. */
+/* #undef HAVE_NETINET_IP_H */
+
+/* Define to 1 if you have the <netinet/udp.h> header file. */
+/* #undef HAVE_NETINET_UDP_H */
+
+/* Define to 1 if you have the <net/ethernet.h> header file. */
+/* #undef HAVE_NET_ETHERNET_H */
+
+/* Define to 1 if you have the <net/if.h> header file. */
+/* #undef HAVE_NET_IF_H */
+
+/* Define to 1 if you have the <openssl/err.h> header file. */
+#define HAVE_OPENSSL_ERR_H 1
+
+/* Define to 1 if you have the <openssl/rand.h> header file. */
+#define HAVE_OPENSSL_RAND_H 1
+
+/* Define to 1 if you have the <openssl/ssl.h> header file. */
+#define HAVE_OPENSSL_SSL_H 1
+
+/* Define to 1 if you have the <pcap.h> header file. */
+/* #undef HAVE_PCAP_H */
+
+/* If available, contains the Python version number currently in use. */
+/* #undef HAVE_PYTHON */
+
+/* Define to 1 if you have the `random' function. */
+#define HAVE_RANDOM 1
+
+/* Define to 1 if your system has a GNU libc compatible `realloc' function,
+   and to 0 otherwise. */
+#define HAVE_REALLOC 1
+
+/* Define to 1 if you have the `sleep' function. */
+#define HAVE_SLEEP 1
+
+/* Define to 1 if you have the `snprintf' function. */
+#define HAVE_SNPRINTF 1
+
+/* Define if you have the SSL libraries installed. */
+#define HAVE_SSL /**/
+
+/* Define to 1 if you have the <stdarg.h> header file. */
+#define HAVE_STDARG_H 1
+
+/* Define to 1 if stdbool.h conforms to C99. */
+#define HAVE_STDBOOL_H 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#define HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the `strlcpy' function. */
+#define HAVE_STRLCPY 1
+
+/* Define to 1 if you have the `strtoul' function. */
+#define HAVE_STRTOUL 1
+
+/* Define if you have SWIG libraries and header files. */
+/* #undef HAVE_SWIG */
+
+/* Define to 1 if you have the <sys/mount.h> header file. */
+#define HAVE_SYS_MOUNT_H 1
+
+/* Define to 1 if you have the <sys/param.h> header file. */
+#define HAVE_SYS_PARAM_H 1
+
+/* define if you have sys/socket.h */
+#define HAVE_SYS_SOCKET_H 1
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* define if you have sys/types.h */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the `timegm' function. */
+#define HAVE_TIMEGM 1
+
+/* Define to 1 if you have the <time.h> header file. */
+#define HAVE_TIME_H 1
+
+/* define if you have unistd.h */
+#define HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the `vfork' function. */
+#define HAVE_VFORK 1
+
+/* Define to 1 if you have the <vfork.h> header file. */
+/* #undef HAVE_VFORK_H */
+
+/* Define to 1 if you have the <winsock2.h> header file. */
+/* #undef HAVE_WINSOCK2_H */
+
+/* Define to 1 if `fork' works. */
+#define HAVE_WORKING_FORK 1
+
+/* Define to 1 if `vfork' works. */
+#define HAVE_WORKING_VFORK 1
+
+/* Define to 1 if you have the <ws2tcpip.h> header file. */
+/* #undef HAVE_WS2TCPIP_H */
+
+/* Define to 1 if the system has the type `_Bool'. */
+#define HAVE__BOOL 1
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+   */
+#define LT_OBJDIR ".libs/"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT "libdns@nlnetlabs.nl"
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "ldns"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "ldns 1.6.12"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "libdns"
+
+/* Define to the home page for this package. */
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "1.6.12"
+
+/* The size of `time_t', as computed by sizeof. */
+#define SIZEOF_TIME_T 8
+
+/* Define to 1 if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* System configuration dir */
+#define SYSCONFDIR sysconfdir
+
+/* Define this to enable ECDSA support. */
+/* #undef USE_ECDSA */
+
+/* Define this to enable GOST support. */
+/* #undef USE_GOST */
+
+/* Define this to enable SHA256 and SHA512 support. */
+#define USE_SHA2 1
+
+/* Enable extensions on AIX 3, Interix.  */
+#ifndef _ALL_SOURCE
+# define _ALL_SOURCE 1
+#endif
+/* Enable GNU extensions on systems that have them.  */
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE 1
+#endif
+/* Enable threading extensions on Solaris.  */
+#ifndef _POSIX_PTHREAD_SEMANTICS
+# define _POSIX_PTHREAD_SEMANTICS 1
+#endif
+/* Enable extensions on HP NonStop.  */
+#ifndef _TANDEM_SOURCE
+# define _TANDEM_SOURCE 1
+#endif
+/* Enable general extensions on Solaris.  */
+#ifndef __EXTENSIONS__
+# define __EXTENSIONS__ 1
+#endif
+
+
+/* Whether the windows socket API is used */
+/* #undef USE_WINSOCK */
+
+/* the version of the windows API enabled */
+#define WINVER 0x0502
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+   significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+#  define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+/* #  undef WORDS_BIGENDIAN */
+# endif
+#endif
+
+/* Define to 1 if on MINIX. */
+/* #undef _MINIX */
+
+/* Define to 2 if the system does not provide POSIX.1 features except with
+   this defined. */
+/* #undef _POSIX_1_SOURCE */
+
+/* Define to 1 if you need to in order for `stat' and other things to work. */
+/* #undef _POSIX_SOURCE */
+
+/* Define to empty if `const' does not conform to ANSI C. */
+/* #undef const */
+
+/* in_addr_t */
+/* #undef in_addr_t */
+
+/* in_port_t */
+/* #undef in_port_t */
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+   calls it, or to nothing if 'inline' is not supported under any name.  */
+#ifndef __cplusplus
+/* #undef inline */
+#endif
+
+/* Define to `short' if <sys/types.h> does not define. */
+/* #undef int16_t */
+
+/* Define to `int' if <sys/types.h> does not define. */
+/* #undef int32_t */
+
+/* Define to `long long' if <sys/types.h> does not define. */
+/* #undef int64_t */
+
+/* Define to `char' if <sys/types.h> does not define. */
+/* #undef int8_t */
+
+/* Define to the type of a signed integer type wide enough to hold a pointer,
+   if such a type exists, and if the system does not define it. */
+/* #undef intptr_t */
+
+/* Define to rpl_malloc if the replacement function should be used. */
+/* #undef malloc */
+
+/* Define to `int' if <sys/types.h> does not define. */
+/* #undef pid_t */
+
+/* Define to rpl_realloc if the replacement function should be used. */
+/* #undef realloc */
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+/* #undef size_t */
+
+/* Define to 'int' if not defined */
+/* #undef socklen_t */
+
+/* Fallback member name for socket family in struct sockaddr_storage */
+/* #undef ss_family */
+
+/* Define to `int' if <sys/types.h> does not define. */
+/* #undef ssize_t */
+
+/* Define to `unsigned short' if <sys/types.h> does not define. */
+/* #undef uint16_t */
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+/* #undef uint32_t */
+
+/* Define to `unsigned long long' if <sys/types.h> does not define. */
+/* #undef uint64_t */
+
+/* Define to `unsigned char' if <sys/types.h> does not define. */
+/* #undef uint8_t */
+
+/* Define as `fork' if `vfork' does not work. */
+/* #undef vfork */
+
+
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <assert.h>
+
+#ifndef LITTLE_ENDIAN
+#define LITTLE_ENDIAN 1234
+#endif
+
+#ifndef BIG_ENDIAN
+#define BIG_ENDIAN 4321
+#endif
+
+#ifndef BYTE_ORDER
+#ifdef WORDS_BIGENDIAN
+#define BYTE_ORDER BIG_ENDIAN
+#else
+#define BYTE_ORDER LITTLE_ENDIAN
+#endif /* WORDS_BIGENDIAN */
+#endif /* BYTE_ORDER */
+
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#ifdef HAVE_WINSOCK2_H
+#include <winsock2.h>
+#endif
+
+#ifdef HAVE_WS2TCPIP_H
+#include <ws2tcpip.h>
+#endif
+
+
+/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */
+#ifdef HAVE_WINSOCK2_H
+#define FD_SET_T (u_int)
+#else
+#define FD_SET_T 
+#endif
+
+
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef B64_PTON
+int ldns_b64_ntop(uint8_t const *src, size_t srclength,
+	 	  char *target, size_t targsize);
+/**
+ * calculates the size needed to store the result of b64_ntop
+ */
+/*@unused@*/
+static inline size_t ldns_b64_ntop_calculate_size(size_t srcsize)
+{
+	return ((((srcsize + 2) / 3) * 4) + 1);
+}
+#endif /* !B64_PTON */
+#ifndef B64_NTOP
+int ldns_b64_pton(char const *src, uint8_t *target, size_t targsize);
+/**
+ * calculates the size needed to store the result of ldns_b64_pton
+ */
+/*@unused@*/
+static inline size_t ldns_b64_pton_calculate_size(size_t srcsize)
+{
+	return (((((srcsize + 3) / 4) * 3)) + 1);
+}
+#endif /* !B64_NTOP */
+
+#ifndef HAVE_SLEEP
+/* use windows sleep, in millisecs, instead */
+#define sleep(x) Sleep((x)*1000)
+#endif
+
+#ifndef HAVE_RANDOM
+#define srandom(x) srand(x)
+#define random(x) rand(x)
+#endif
+
+#ifndef HAVE_TIMEGM
+#include <time.h>
+time_t timegm (struct tm *tm);
+#endif /* !TIMEGM */
+#ifndef HAVE_GMTIME_R
+struct tm *gmtime_r(const time_t *timep, struct tm *result);
+#endif
+#ifndef HAVE_LOCALTIME_R
+struct tm *localtime_r(const time_t *timep, struct tm *result);
+#endif
+#ifndef HAVE_ISBLANK
+int isblank(int c);
+#endif /* !HAVE_ISBLANK */
+#ifndef HAVE_ISASCII
+int isascii(int c);
+#endif /* !HAVE_ISASCII */
+#ifndef HAVE_SNPRINTF
+#include <stdarg.h>
+int snprintf (char *str, size_t count, const char *fmt, ...);
+int vsnprintf (char *str, size_t count, const char *fmt, va_list arg);
+#endif /* HAVE_SNPRINTF */
+#ifndef HAVE_INET_PTON
+int inet_pton(int af, const char* src, void* dst);
+#endif /* HAVE_INET_PTON */
+#ifndef HAVE_INET_NTOP
+const char *inet_ntop(int af, const void *src, char *dst, size_t size);
+#endif
+#ifndef HAVE_INET_ATON
+int inet_aton(const char *cp, struct in_addr *addr);
+#endif
+#ifndef HAVE_MEMMOVE
+void *memmove(void *dest, const void *src, size_t n);
+#endif
+#ifndef HAVE_STRLCPY
+size_t strlcpy(char *dst, const char *src, size_t siz);
+#endif
+#ifdef __cplusplus
+}
+#endif
+#ifndef HAVE_GETADDRINFO
+#include "compat/fake-rfc2553.h"
+#endif
+#ifndef HAVE_STRTOUL
+#define strtoul (unsigned long)strtol
+#endif
+
diff --git a/3rdParty/Ldns/src/include/ldns/config.h.in b/3rdParty/Ldns/src/include/ldns/config.h.in
new file mode 100644
index 0000000..3393e99
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/config.h.in
@@ -0,0 +1,555 @@
+/* ldns/config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define if building universal (internal helper macro) */
+#undef AC_APPLE_UNIVERSAL_BUILD
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#undef HAVE_ARPA_INET_H
+
+/* Whether the C compiler accepts the "format" attribute */
+#undef HAVE_ATTR_FORMAT
+
+/* Whether the C compiler accepts the "unused" attribute */
+#undef HAVE_ATTR_UNUSED
+
+/* Define to 1 if you have the `b32_ntop' function. */
+#undef HAVE_B32_NTOP
+
+/* Define to 1 if you have the `b32_pton' function. */
+#undef HAVE_B32_PTON
+
+/* Define to 1 if you have the `b64_ntop' function. */
+#undef HAVE_B64_NTOP
+
+/* Define to 1 if you have the `b64_pton' function. */
+#undef HAVE_B64_PTON
+
+/* Define to 1 if you have the `bzero' function. */
+#undef HAVE_BZERO
+
+/* Define to 1 if you have the `calloc' function. */
+#undef HAVE_CALLOC
+
+/* Define to 1 if you have the `ctime_r' function. */
+#undef HAVE_CTIME_R
+
+/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you
+   don't. */
+#undef HAVE_DECL_NID_SECP384R1
+
+/* Define to 1 if you have the declaration of `NID_X9_62_prime256v1', and to 0
+   if you don't. */
+#undef HAVE_DECL_NID_X9_62_PRIME256V1
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you have the `endprotoent' function. */
+#undef HAVE_ENDPROTOENT
+
+/* Define to 1 if you have the `endservent' function. */
+#undef HAVE_ENDSERVENT
+
+/* Define to 1 if you have the `EVP_sha256' function. */
+#undef HAVE_EVP_SHA256
+
+/* Define to 1 if you have the `fcntl' function. */
+#undef HAVE_FCNTL
+
+/* Define to 1 if you have the `fork' function. */
+#undef HAVE_FORK
+
+/* Whether getaddrinfo is available */
+#undef HAVE_GETADDRINFO
+
+/* Define to 1 if you have the <getopt.h> header file. */
+#undef HAVE_GETOPT_H
+
+/* Define to 1 if you have the `gmtime_r' function. */
+#undef HAVE_GMTIME_R
+
+/* If you have HMAC_CTX_init */
+#undef HAVE_HMAC_CTX_INIT
+
+/* Define to 1 if you have the `inet_aton' function. */
+#undef HAVE_INET_ATON
+
+/* Define to 1 if you have the `inet_ntop' function. */
+#undef HAVE_INET_NTOP
+
+/* Define to 1 if you have the `inet_pton' function. */
+#undef HAVE_INET_PTON
+
+/* Define to 1 if the system has the type `intptr_t'. */
+#undef HAVE_INTPTR_T
+
+/* define if you have inttypes.h */
+#undef HAVE_INTTYPES_H
+
+/* if the function 'ioctlsocket' is available */
+#undef HAVE_IOCTLSOCKET
+
+/* Define to 1 if you have the `isascii' function. */
+#undef HAVE_ISASCII
+
+/* Define to 1 if you have the `isblank' function. */
+#undef HAVE_ISBLANK
+
+/* Define to 1 if you have the `pcap' library (-lpcap). */
+#undef HAVE_LIBPCAP
+
+/* Define to 1 if you have the `localtime_r' function. */
+#undef HAVE_LOCALTIME_R
+
+/* Define to 1 if your system has a GNU libc compatible `malloc' function, and
+   to 0 otherwise. */
+#undef HAVE_MALLOC
+
+/* Define to 1 if you have the `memmove' function. */
+#undef HAVE_MEMMOVE
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the `memset' function. */
+#undef HAVE_MEMSET
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#undef HAVE_NETDB_H
+
+/* Define to 1 if you have the <netinet/if_ether.h> header file. */
+#undef HAVE_NETINET_IF_ETHER_H
+
+/* Define to 1 if you have the <netinet/igmp.h> header file. */
+#undef HAVE_NETINET_IGMP_H
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#undef HAVE_NETINET_IN_H
+
+/* Define to 1 if you have the <netinet/in_systm.h> header file. */
+#undef HAVE_NETINET_IN_SYSTM_H
+
+/* Define to 1 if you have the <netinet/ip6.h> header file. */
+#undef HAVE_NETINET_IP6_H
+
+/* Define to 1 if you have the <netinet/ip_compat.h> header file. */
+#undef HAVE_NETINET_IP_COMPAT_H
+
+/* Define to 1 if you have the <netinet/ip.h> header file. */
+#undef HAVE_NETINET_IP_H
+
+/* Define to 1 if you have the <netinet/udp.h> header file. */
+#undef HAVE_NETINET_UDP_H
+
+/* Define to 1 if you have the <net/ethernet.h> header file. */
+#undef HAVE_NET_ETHERNET_H
+
+/* Define to 1 if you have the <net/if.h> header file. */
+#undef HAVE_NET_IF_H
+
+/* Define to 1 if you have the <openssl/err.h> header file. */
+#undef HAVE_OPENSSL_ERR_H
+
+/* Define to 1 if you have the <openssl/rand.h> header file. */
+#undef HAVE_OPENSSL_RAND_H
+
+/* Define to 1 if you have the <openssl/ssl.h> header file. */
+#undef HAVE_OPENSSL_SSL_H
+
+/* Define to 1 if you have the <pcap.h> header file. */
+#undef HAVE_PCAP_H
+
+/* If available, contains the Python version number currently in use. */
+#undef HAVE_PYTHON
+
+/* Define to 1 if you have the `random' function. */
+#undef HAVE_RANDOM
+
+/* Define to 1 if your system has a GNU libc compatible `realloc' function,
+   and to 0 otherwise. */
+#undef HAVE_REALLOC
+
+/* Define to 1 if you have the `sleep' function. */
+#undef HAVE_SLEEP
+
+/* Define to 1 if you have the `snprintf' function. */
+#undef HAVE_SNPRINTF
+
+/* Define if you have the SSL libraries installed. */
+#undef HAVE_SSL
+
+/* Define to 1 if you have the <stdarg.h> header file. */
+#undef HAVE_STDARG_H
+
+/* Define to 1 if stdbool.h conforms to C99. */
+#undef HAVE_STDBOOL_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the `strlcpy' function. */
+#undef HAVE_STRLCPY
+
+/* Define to 1 if you have the `strtoul' function. */
+#undef HAVE_STRTOUL
+
+/* Define if you have SWIG libraries and header files. */
+#undef HAVE_SWIG
+
+/* Define to 1 if you have the <sys/mount.h> header file. */
+#undef HAVE_SYS_MOUNT_H
+
+/* Define to 1 if you have the <sys/param.h> header file. */
+#undef HAVE_SYS_PARAM_H
+
+/* define if you have sys/socket.h */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* define if you have sys/types.h */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the `timegm' function. */
+#undef HAVE_TIMEGM
+
+/* Define to 1 if you have the <time.h> header file. */
+#undef HAVE_TIME_H
+
+/* define if you have unistd.h */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the `vfork' function. */
+#undef HAVE_VFORK
+
+/* Define to 1 if you have the <vfork.h> header file. */
+#undef HAVE_VFORK_H
+
+/* Define to 1 if you have the <winsock2.h> header file. */
+#undef HAVE_WINSOCK2_H
+
+/* Define to 1 if `fork' works. */
+#undef HAVE_WORKING_FORK
+
+/* Define to 1 if `vfork' works. */
+#undef HAVE_WORKING_VFORK
+
+/* Define to 1 if you have the <ws2tcpip.h> header file. */
+#undef HAVE_WS2TCPIP_H
+
+/* Define to 1 if the system has the type `_Bool'. */
+#undef HAVE__BOOL
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+   */
+#undef LT_OBJDIR
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* The size of `time_t', as computed by sizeof. */
+#undef SIZEOF_TIME_T
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* System configuration dir */
+#undef SYSCONFDIR
+
+/* Define this to enable ECDSA support. */
+#undef USE_ECDSA
+
+/* Define this to enable GOST support. */
+#undef USE_GOST
+
+/* Define this to enable SHA256 and SHA512 support. */
+#undef USE_SHA2
+
+/* Enable extensions on AIX 3, Interix.  */
+#ifndef _ALL_SOURCE
+# undef _ALL_SOURCE
+#endif
+/* Enable GNU extensions on systems that have them.  */
+#ifndef _GNU_SOURCE
+# undef _GNU_SOURCE
+#endif
+/* Enable threading extensions on Solaris.  */
+#ifndef _POSIX_PTHREAD_SEMANTICS
+# undef _POSIX_PTHREAD_SEMANTICS
+#endif
+/* Enable extensions on HP NonStop.  */
+#ifndef _TANDEM_SOURCE
+# undef _TANDEM_SOURCE
+#endif
+/* Enable general extensions on Solaris.  */
+#ifndef __EXTENSIONS__
+# undef __EXTENSIONS__
+#endif
+
+
+/* Whether the windows socket API is used */
+#undef USE_WINSOCK
+
+/* the version of the windows API enabled */
+#undef WINVER
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+   significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+#  define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+#  undef WORDS_BIGENDIAN
+# endif
+#endif
+
+/* Define to 1 if on MINIX. */
+#undef _MINIX
+
+/* Define to 2 if the system does not provide POSIX.1 features except with
+   this defined. */
+#undef _POSIX_1_SOURCE
+
+/* Define to 1 if you need to in order for `stat' and other things to work. */
+#undef _POSIX_SOURCE
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* in_addr_t */
+#undef in_addr_t
+
+/* in_port_t */
+#undef in_port_t
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+   calls it, or to nothing if 'inline' is not supported under any name.  */
+#ifndef __cplusplus
+#undef inline
+#endif
+
+/* Define to `short' if <sys/types.h> does not define. */
+#undef int16_t
+
+/* Define to `int' if <sys/types.h> does not define. */
+#undef int32_t
+
+/* Define to `long long' if <sys/types.h> does not define. */
+#undef int64_t
+
+/* Define to `char' if <sys/types.h> does not define. */
+#undef int8_t
+
+/* Define to the type of a signed integer type wide enough to hold a pointer,
+   if such a type exists, and if the system does not define it. */
+#undef intptr_t
+
+/* Define to rpl_malloc if the replacement function should be used. */
+#undef malloc
+
+/* Define to `int' if <sys/types.h> does not define. */
+#undef pid_t
+
+/* Define to rpl_realloc if the replacement function should be used. */
+#undef realloc
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#undef size_t
+
+/* Define to 'int' if not defined */
+#undef socklen_t
+
+/* Fallback member name for socket family in struct sockaddr_storage */
+#undef ss_family
+
+/* Define to `int' if <sys/types.h> does not define. */
+#undef ssize_t
+
+/* Define to `unsigned short' if <sys/types.h> does not define. */
+#undef uint16_t
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#undef uint32_t
+
+/* Define to `unsigned long long' if <sys/types.h> does not define. */
+#undef uint64_t
+
+/* Define to `unsigned char' if <sys/types.h> does not define. */
+#undef uint8_t
+
+/* Define as `fork' if `vfork' does not work. */
+#undef vfork
+
+
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <assert.h>
+
+#ifndef LITTLE_ENDIAN
+#define LITTLE_ENDIAN 1234
+#endif
+
+#ifndef BIG_ENDIAN
+#define BIG_ENDIAN 4321
+#endif
+
+#ifndef BYTE_ORDER
+#ifdef WORDS_BIGENDIAN
+#define BYTE_ORDER BIG_ENDIAN
+#else
+#define BYTE_ORDER LITTLE_ENDIAN
+#endif /* WORDS_BIGENDIAN */
+#endif /* BYTE_ORDER */
+
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#ifdef HAVE_WINSOCK2_H
+#include <winsock2.h>
+#endif
+
+#ifdef HAVE_WS2TCPIP_H
+#include <ws2tcpip.h>
+#endif
+
+
+/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */
+#ifdef HAVE_WINSOCK2_H
+#define FD_SET_T (u_int)
+#else
+#define FD_SET_T 
+#endif
+
+
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef B64_PTON
+int ldns_b64_ntop(uint8_t const *src, size_t srclength,
+	 	  char *target, size_t targsize);
+/**
+ * calculates the size needed to store the result of b64_ntop
+ */
+/*@unused@*/
+static inline size_t ldns_b64_ntop_calculate_size(size_t srcsize)
+{
+	return ((((srcsize + 2) / 3) * 4) + 1);
+}
+#endif /* !B64_PTON */
+#ifndef B64_NTOP
+int ldns_b64_pton(char const *src, uint8_t *target, size_t targsize);
+/**
+ * calculates the size needed to store the result of ldns_b64_pton
+ */
+/*@unused@*/
+static inline size_t ldns_b64_pton_calculate_size(size_t srcsize)
+{
+	return (((((srcsize + 3) / 4) * 3)) + 1);
+}
+#endif /* !B64_NTOP */
+
+#ifndef HAVE_SLEEP
+/* use windows sleep, in millisecs, instead */
+#define sleep(x) Sleep((x)*1000)
+#endif
+
+#ifndef HAVE_RANDOM
+#define srandom(x) srand(x)
+#define random(x) rand(x)
+#endif
+
+#ifndef HAVE_TIMEGM
+#include <time.h>
+time_t timegm (struct tm *tm);
+#endif /* !TIMEGM */
+#ifndef HAVE_GMTIME_R
+struct tm *gmtime_r(const time_t *timep, struct tm *result);
+#endif
+#ifndef HAVE_LOCALTIME_R
+struct tm *localtime_r(const time_t *timep, struct tm *result);
+#endif
+#ifndef HAVE_ISBLANK
+int isblank(int c);
+#endif /* !HAVE_ISBLANK */
+#ifndef HAVE_ISASCII
+int isascii(int c);
+#endif /* !HAVE_ISASCII */
+#ifndef HAVE_SNPRINTF
+#include <stdarg.h>
+int snprintf (char *str, size_t count, const char *fmt, ...);
+int vsnprintf (char *str, size_t count, const char *fmt, va_list arg);
+#endif /* HAVE_SNPRINTF */
+#ifndef HAVE_INET_PTON
+int inet_pton(int af, const char* src, void* dst);
+#endif /* HAVE_INET_PTON */
+#ifndef HAVE_INET_NTOP
+const char *inet_ntop(int af, const void *src, char *dst, size_t size);
+#endif
+#ifndef HAVE_INET_ATON
+int inet_aton(const char *cp, struct in_addr *addr);
+#endif
+#ifndef HAVE_MEMMOVE
+void *memmove(void *dest, const void *src, size_t n);
+#endif
+#ifndef HAVE_STRLCPY
+size_t strlcpy(char *dst, const char *src, size_t siz);
+#endif
+#ifdef __cplusplus
+}
+#endif
+#ifndef HAVE_GETADDRINFO
+#include "compat/fake-rfc2553.h"
+#endif
+#ifndef HAVE_STRTOUL
+#define strtoul (unsigned long)strtol
+#endif
+
diff --git a/3rdParty/Ldns/src/include/ldns/dname.h b/3rdParty/Ldns/src/include/ldns/dname.h
new file mode 100644
index 0000000..a91f075
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/dname.h
@@ -0,0 +1,201 @@
+/*
+ * dname.h
+ *
+ * dname definitions
+ *
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2004-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+/**
+ * \file dname.h
+ *
+ * dname contains function to read and manipulate domain names.
+ *
+ * Example domain names are "www.nlnetlabs.nl." and "." (the root)
+ *
+ * If a domain name ends with a dot ("."), it is called a Fully Qualified
+ * Domain Name (FQDN). In certain places (for instance when reading a zone
+ * file), an origin (which is just another domain name) non-FQDNs will be
+ * placed after the current. For instance, if i have a zone file where the
+ * origin has been set to "nl.", and my file contains the name
+ * "www.nlnetlabs", it will result in "www.nlnetlabs.nl.". Internally, dnames are
+ * always absolute (the dot is added when it is missing and there is no origin).
+ *
+ * An FQDN is also
+ * known as an absolute domain name, therefore the function to check this is
+ * called \ref ldns_dname_str_absolute
+ *
+ * Domain names are stored in \ref ldns_rdf structures, with the type
+ * \ref LDNS_RDF_TYPE_DNAME
+ *
+ * This module is *NOT* about the RR type called DNAME.
+ */
+
+
+#ifndef LDNS_DNAME_H
+#define LDNS_DNAME_H
+
+#include <ldns/common.h>
+#include <ldns/rdata.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define LDNS_DNAME_NORMALIZE        tolower
+
+/**
+ * concatenates two dnames together
+ * \param[in] rd1 the leftside
+ * \param[in] rd2 the rightside
+ * \return a new rdf with leftside/rightside
+ */
+ldns_rdf *ldns_dname_cat_clone(const ldns_rdf *rd1, const ldns_rdf *rd2);
+
+/**
+ * concatenates rd2 after rd1 (rd2 is copied, rd1 is modified)
+ * \param[in] rd1 the leftside
+ * \param[in] rd2 the rightside
+ * \return LDNS_STATUS_OK on success
+ */
+ldns_status 	ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2);
+
+/**
+ * Returns a clone of the given dname with the labels
+ * reversed
+ * \param[in] d the dname to reverse
+ * \return clone of the dname with the labels reversed.
+ */
+ldns_rdf *ldns_dname_reverse(const ldns_rdf *d);
+
+/**
+ * Clones the given dname from the nth label on
+ * \param[in] d The dname to clone
+ * \param[in] n the label nr to clone from, if this is 0, the complete
+ *              dname is cloned
+ * \return A newly allocated *rdf structure, containing the cloned dname,
+ *         or NULL if either d was NULL, not a dname, or if n >=
+ *         label_count
+ */
+ldns_rdf *
+ldns_dname_clone_from(const ldns_rdf *d, uint16_t n);
+
+/**
+ * chop one label off the left side of a dname. so
+ * wwww.nlnetlabs.nl, becomes nlnetlabs.nl
+ * This new name is a clone and must be freed with ldns_deep_free()
+ * \param[in] d the dname to chop
+ * \return the remaining dname
+ */
+ldns_rdf *ldns_dname_left_chop(const ldns_rdf *d);
+
+/**
+ * count the number of labels inside a LDNS_RDF_DNAME type rdf.
+ * \param[in] *r the rdf
+ * \return the number of labels
+ */
+uint8_t  ldns_dname_label_count(const ldns_rdf *r);
+
+/**
+ * creates a new dname rdf from a string.
+ * \param[in] str string to use
+ * \return ldns_rdf* or NULL in case of an error
+ */
+ldns_rdf *ldns_dname_new_frm_str(const char *str);
+
+/**
+ * Create a new dname rdf from a string
+ * \param[in] s the size of the new dname
+ * \param[in] *data pointer to the actual data
+ * \return ldns_rdf*
+ */
+ldns_rdf *ldns_dname_new(uint16_t s, void *data);
+
+/**
+ * Create a new dname rdf from data (the data is copied)
+ * \param[in] size the size of the data
+ * \param[in] *data pointer to the actual data
+ * \return ldns_rdf*
+ */
+ldns_rdf *ldns_dname_new_frm_data(uint16_t size, const void *data);
+
+/**
+ * Put a dname into canonical fmt - ie. lowercase it
+ * \param[in] rdf the dname to lowercase
+ * \return void
+ */
+void ldns_dname2canonical(const ldns_rdf *rdf);
+
+/**
+ * test wether the name sub falls under parent (i.e. is a subdomain
+ * of parent). This function will return false if the given dnames are
+ * equal.
+ * \param[in] sub the name to test
+ * \param[in] parent the parent's name
+ * \return true if sub falls under parent, otherwise false
+ */
+bool ldns_dname_is_subdomain(const ldns_rdf *sub, const ldns_rdf *parent);
+
+/**
+ * Compares the two dname rdf's according to the algorithm for ordering
+ * in RFC4034 Section 6.
+ * \param[in] dname1 First dname rdf to compare
+ * \param[in] dname2 Second dname rdf to compare
+ * \return -1 if dname1 comes before dname2, 1 if dname1 comes after dname2, and 0 if they are equal.
+ */
+int ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2);
+
+/**
+ * Checks whether the dname matches the given wildcard
+ * \param[in] dname The dname to check
+ * \param[in] wildcard The wildcard to check with
+ * \return 1 If the wildcard matches, OR if 'wildcard' is not a wildcard and
+ *           the names are *exactly* the same
+ *         0 If the wildcard does not match, or if it is not a wildcard and
+ *           the names are not the same
+ */
+int ldns_dname_match_wildcard(const ldns_rdf *dname, const ldns_rdf *wildcard);
+
+/**
+ * check if middle lays in the interval defined by prev and next
+ * prev <= middle < next. This is usefull for nsec checking
+ * \param[in] prev the previous dname
+ * \param[in] middle the dname to check
+ * \param[in] next the next dname
+ * return 0 on error or unknown, -1 when middle is in the interval, +1 when not
+ */
+int ldns_dname_interval(const ldns_rdf *prev, const ldns_rdf *middle, const ldns_rdf *next);
+
+/**
+ * Checks whether the given dname string is absolute (i.e. ends with a '.')
+ * \param[in] *dname_str a string representing the dname
+ * \return true or false
+ */
+bool ldns_dname_str_absolute(const char *dname_str);
+
+/**
+ * look inside the rdf and if it is an LDNS_RDF_TYPE_DNAME
+ * try and retrieve a specific label. The labels are numbered
+ * starting from 0 (left most).
+ * \param[in] rdf the rdf to look in
+ * \param[in] labelpos return the label with this number
+ * \return a ldns_rdf* with the label as name or NULL on error
+ */
+ldns_rdf * ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos);
+
+/**
+ * Check if dname is a wildcard, starts with *.
+ * \param[in] dname: the rdf to look in
+ * \return true if a wildcard, false if not.
+ */
+int ldns_dname_is_wildcard(const ldns_rdf* dname);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif	/* LDNS_DNAME_H */
diff --git a/3rdParty/Ldns/src/include/ldns/dnssec.h b/3rdParty/Ldns/src/include/ldns/dnssec.h
new file mode 100644
index 0000000..9e602b5
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/dnssec.h
@@ -0,0 +1,522 @@
+/*
+ * dnssec.h -- defines for the Domain Name System (SEC) (DNSSEC)
+ *
+ * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
+ *
+ * See LICENSE for the license.
+ *
+ * A bunch of defines that are used in the DNS
+ */
+
+/**
+ * \file dnssec.h
+ *
+ * This module contains base functions for DNSSEC operations
+ * (RFC4033 t/m RFC4035).
+ * 
+ * Since those functions heavily rely op cryptographic operations,
+ * this module is dependent on openssl.
+ * 
+ */
+ 
+
+#ifndef LDNS_DNSSEC_H
+#define LDNS_DNSSEC_H
+
+#include <ldns/common.h>
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+#include <openssl/ssl.h>
+#include <openssl/evp.h>
+#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+#include <ldns/packet.h>
+#include <ldns/keys.h>
+#include <ldns/zone.h>
+#include <ldns/resolver.h>
+#include <ldns/dnssec_zone.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define LDNS_MAX_KEYLEN		2048
+#define LDNS_DNSSEC_KEYPROTO	3
+/* default time before sigs expire */
+#define LDNS_DEFAULT_EXP_TIME	2419200 /* 4 weeks */
+
+/** return values for the old-signature callback */
+#define LDNS_SIGNATURE_LEAVE_ADD_NEW 0
+#define LDNS_SIGNATURE_LEAVE_NO_ADD 1
+#define LDNS_SIGNATURE_REMOVE_ADD_NEW 2
+#define LDNS_SIGNATURE_REMOVE_NO_ADD 3
+
+/**
+ * Returns the first RRSIG rr that corresponds to the rrset 
+ * with the given name and type
+ * 
+ * \param[in] name The dname of the RRset covered by the RRSIG to find
+ * \param[in] type The type of the RRset covered by the RRSIG to find
+ * \param[in] rrs List of rrs to search in
+ * \returns Pointer to the first RRsig ldns_rr found, or NULL if it is
+ * not present
+ */
+ldns_rr *ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name,
+									    const ldns_rr_type type,
+									    const ldns_rr_list *rrs);
+
+/**
+ * Returns the DNSKEY that corresponds to the given RRSIG rr from the list, if
+ * any
+ *
+ * \param[in] rrsig The rrsig to find the DNSKEY for
+ * \param[in] rrs The rr list to find the key in
+ * \return The DNSKEY that corresponds to the given RRSIG, or NULL if it was
+ *         not found.
+ */
+ldns_rr *ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, const ldns_rr_list *rrs);
+
+/**
+ * Returns the rdata field that contains the bitmap of the covered types of
+ * the given NSEC record
+ *
+ * \param[in] nsec The nsec to get the covered type bitmap of
+ * \return An ldns_rdf containing the bitmap, or NULL on error
+ */
+ldns_rdf *ldns_nsec_get_bitmap(ldns_rr *nsec);
+
+
+#define LDNS_NSEC3_MAX_ITERATIONS 65535
+
+/**
+ * Returns the dname of the closest (provable) encloser
+ */
+ldns_rdf *
+ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname,
+							ldns_rr_type qtype,
+							ldns_rr_list *nsec3s);
+
+/**
+ * Checks whether the packet contains rrsigs
+ */
+bool
+ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt);
+
+/**
+ * Returns a ldns_rr_list containing the signatures covering the given name
+ * and type
+ */
+ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type);
+
+/**
+ * Returns a ldns_rr_list containing the signatures covering the given type
+ */
+ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type);
+
+/** 
+ * calculates a keytag of a key for use in DNSSEC.
+ *
+ * \param[in] key the key as an RR to use for the calc.
+ * \return the keytag
+ */
+uint16_t ldns_calc_keytag(const ldns_rr *key);
+
+/**
+ * Calculates keytag of DNSSEC key, operates on wireformat rdata.
+ * \param[in] key the key as uncompressed wireformat rdata.
+ * \param[in] keysize length of key data.
+ * \return the keytag
+ */
+uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize);
+
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+/**
+ * converts a buffer holding key material to a DSA key in openssl.
+ *
+ * \param[in] key the key to convert
+ * \return a DSA * structure with the key material
+ */
+DSA *ldns_key_buf2dsa(ldns_buffer *key);
+/**
+ * Like ldns_key_buf2dsa, but uses raw buffer.
+ * \param[in] key the uncompressed wireformat of the key.
+ * \param[in] len length of key data
+ * \return a DSA * structure with the key material
+ */
+DSA *ldns_key_buf2dsa_raw(unsigned char* key, size_t len);
+
+/**
+ * Utility function to calculate hash using generic EVP_MD pointer.
+ * \param[in] data the data to hash.
+ * \param[in] len  length of data.
+ * \param[out] dest the destination of the hash, must be large enough.
+ * \param[in] md the message digest to use.
+ * \return true if worked, false on failure.
+ */
+int ldns_digest_evp(unsigned char* data, unsigned int len, 
+	unsigned char* dest, const EVP_MD* md);
+
+/**
+ * Converts a holding buffer with key material to EVP PKEY in openssl.
+ * Only available if ldns was compiled with GOST.
+ * \param[in] key data to convert
+ * \param[in] keylen length of the key data
+ * \return the key or NULL on error.
+ */
+EVP_PKEY* ldns_gost2pkey_raw(unsigned char* key, size_t keylen);
+
+/**
+ * Converts a holding buffer with key material to EVP PKEY in openssl.
+ * Only available if ldns was compiled with ECDSA.
+ * \param[in] key data to convert
+ * \param[in] keylen length of the key data
+ * \param[in] algo precise algorithm to initialize ECC group values.
+ * \return the key or NULL on error.
+ */
+EVP_PKEY* ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
+
+#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+/**
+ * converts a buffer holding key material to a RSA key in openssl.
+ *
+ * \param[in] key the key to convert
+ * \return a RSA * structure with the key material
+ */
+RSA *ldns_key_buf2rsa(ldns_buffer *key);
+
+/**
+ * Like ldns_key_buf2rsa, but uses raw buffer.
+ * \param[in] key the uncompressed wireformat of the key.
+ * \param[in] len length of key data
+ * \return a RSA * structure with the key material
+ */
+RSA *ldns_key_buf2rsa_raw(unsigned char* key, size_t len);
+#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+
+/** 
+ * returns a new DS rr that represents the given key rr.
+ *
+ * \param[in] *key the key to convert
+ * \param[in] h the hash to use LDNS_SHA1/LDNS_SHA256
+ * \return ldns_rr* a new rr pointer to a DS
+ */
+ldns_rr *ldns_key_rr2ds(const ldns_rr *key, ldns_hash h);
+
+/**
+ * Create the type bitmap for an NSEC(3) record
+ */
+ldns_rdf *
+ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
+						 size_t size,
+						 ldns_rr_type nsec_type);
+
+/**
+ * returns whether a rrset of the given type is found in the rrsets.
+ *
+ * \param[in] rrsets the rrsets to be tested
+ * \param[in] type the type to test for
+ * \return int 1 if the type was found, 0 otherwise.
+ */
+int
+ldns_dnssec_rrsets_contains_type (ldns_dnssec_rrsets *rrsets, ldns_rr_type type);
+
+/**
+ * Creates NSEC
+ */
+ldns_rr *
+ldns_dnssec_create_nsec(ldns_dnssec_name *from,
+				    ldns_dnssec_name *to,
+				    ldns_rr_type nsec_type);
+
+
+/**
+ * Creates NSEC3
+ */
+ldns_rr *
+ldns_dnssec_create_nsec3(ldns_dnssec_name *from,
+					ldns_dnssec_name *to,
+					ldns_rdf *zone_name,
+					uint8_t algorithm,
+					uint8_t flags,
+					uint16_t iterations,
+					uint8_t salt_length,
+					uint8_t *salt);
+
+/**
+ * Create a NSEC record
+ * \param[in] cur_owner the current owner which should be taken as the starting point
+ * \param[in] next_owner the rrlist which the nsec rr should point to 
+ * \param[in] rrs all rrs from the zone, to find all RR types of cur_owner in
+ * \return a ldns_rr with the nsec record in it
+ */
+ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs);
+
+/**
+ * Calculates the hashed name using the given parameters
+ * \param[in] *name The owner name to calculate the hash for 
+ * \param[in] algorithm The hash algorithm to use
+ * \param[in] iterations The number of hash iterations to use
+ * \param[in] salt_length The length of the salt in bytes
+ * \param[in] salt The salt to use
+ * \return The hashed owner name rdf, without the domain name
+ */
+ldns_rdf *ldns_nsec3_hash_name(ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt);
+
+/**
+ * Sets all the NSEC3 options. The rr to set them in must be initialized with _new() and
+ * type LDNS_RR_TYPE_NSEC3
+ * \param[in] *rr The RR to set the values in
+ * \param[in] algorithm The NSEC3 hash algorithm 
+ * \param[in] flags The flags field 
+ * \param[in] iterations The number of hash iterations
+ * \param[in] salt_length The length of the salt in bytes 
+ * \param[in] salt The salt bytes
+ */
+void ldns_nsec3_add_param_rdfs(ldns_rr *rr,
+						 uint8_t algorithm,
+						 uint8_t flags,
+						 uint16_t iterations,
+						 uint8_t salt_length,
+						 uint8_t *salt);
+
+/* this will NOT return the NSEC3  completed, you will have to run the
+   finalize function on the rrlist later! */
+ldns_rr *
+ldns_create_nsec3(ldns_rdf *cur_owner,
+                  ldns_rdf *cur_zone,
+                  ldns_rr_list *rrs,
+                  uint8_t algorithm,
+                  uint8_t flags,
+                  uint16_t iterations,
+                  uint8_t salt_length,
+                  uint8_t *salt,
+                  bool emptynonterminal);
+
+/**
+ * Returns the hash algorithm used in the given NSEC3 RR
+ * \param[in] *nsec3_rr The RR to read from
+ * \return The algorithm identifier, or 0 on error
+ */
+uint8_t ldns_nsec3_algorithm(const ldns_rr *nsec3_rr);
+
+/**
+ * Returns flags field
+ */
+uint8_t
+ldns_nsec3_flags(const ldns_rr *nsec3_rr);
+
+/**
+ * Returns true if the opt-out flag has been set in the given NSEC3 RR
+ * \param[in] *nsec3_rr The RR to read from
+ * \return true if the RR has type NSEC3 and the opt-out bit has been set, false otherwise
+ */
+bool ldns_nsec3_optout(const ldns_rr *nsec3_rr);
+
+/**
+ * Returns the number of hash iterations used in the given NSEC3 RR
+ * \param[in] *nsec3_rr The RR to read from
+ * \return The number of iterations
+ */
+uint16_t ldns_nsec3_iterations(const ldns_rr *nsec3_rr);
+
+/**
+ * Returns the salt used in the given NSEC3 RR
+ * \param[in] *nsec3_rr The RR to read from
+ * \return The salt rdf, or NULL on error
+ */
+ldns_rdf *ldns_nsec3_salt(const ldns_rr *nsec3_rr);
+
+/**
+ * Returns the length of the salt used in the given NSEC3 RR
+ * \param[in] *nsec3_rr The RR to read from
+ * \return The length of the salt in bytes
+ */
+uint8_t ldns_nsec3_salt_length(const ldns_rr *nsec3_rr);
+
+/**
+ * Returns the salt bytes used in the given NSEC3 RR
+ * \param[in] *nsec3_rr The RR to read from
+ * \return The salt in bytes, this is alloced, so you need to free it
+ */
+uint8_t *ldns_nsec3_salt_data(const ldns_rr *nsec3_rr);
+
+/**
+ * Returns the first label of the next ownername in the NSEC3 chain (ie. without the domain)
+ * \param[in] nsec3_rr The RR to read from
+ * \return The first label of the next owner name in the NSEC3 chain, or NULL on error 
+ */
+ldns_rdf *ldns_nsec3_next_owner(const ldns_rr *nsec3_rr);
+
+/**
+ * Returns the bitmap specifying the covered types of the given NSEC3 RR
+ * \param[in] *nsec3_rr The RR to read from
+ * \return The covered type bitmap rdf
+ */
+ldns_rdf *ldns_nsec3_bitmap(const ldns_rr *nsec3_rr);
+
+/**
+ * Calculates the hashed name using the parameters of the given NSEC3 RR
+ * \param[in] *nsec The RR to use the parameters from
+ * \param[in] *name The owner name to calculate the hash for 
+ * \return The hashed owner name rdf, without the domain name
+ */
+ldns_rdf *ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name);
+
+/**
+ * Checks coverage of NSEC RR type bitmap
+ * \param[in] nsec_bitmap The NSEC bitmap rdata field to check
+ * \param[in] type The type to check
+ * \return true if the NSEC RR covers the type
+ */
+bool ldns_nsec_bitmap_covers_type(const ldns_rdf *nsec_bitmap, ldns_rr_type type);
+
+/**
+ * Checks coverage of NSEC(3) RR name span
+ * Remember that nsec and name must both be in canonical form (ie use
+ * \ref ldns_rr2canonical and \ref ldns_dname2canonical prior to calling this
+ * function)
+ *
+ * \param[in] nsec The NSEC RR to check
+ * \param[in] name The owner dname to check, if the nsec record is a NSEC3 record, this should be the hashed name
+ * \return true if the NSEC RR covers the owner name
+ */
+bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name);
+
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+/**
+ * verify a packet 
+ * \param[in] p the packet
+ * \param[in] t the rr set type to check
+ * \param[in] o the rr set name to check
+ * \param[in] k list of keys
+ * \param[in] s list of sigs (may be null)
+ * \param[out] good_keys keys which validated the packet
+ * \return status 
+ * 
+ */
+ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys);
+
+/**
+ * verify a packet 
+ * \param[in] p the packet
+ * \param[in] t the rr set type to check
+ * \param[in] o the rr set name to check
+ * \param[in] k list of keys
+ * \param[in] s list of sigs (may be null)
+ * \param[in] check_time the time for which the validation is performed
+ * \param[out] good_keys keys which validated the packet
+ * \return status 
+ * 
+ */
+ldns_status ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, time_t check_time, ldns_rr_list *good_keys);
+
+#endif
+
+/**
+ * chains nsec3 list
+ */
+ldns_status
+ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs);
+
+/**
+ * compare for nsec3 sort
+ */
+int
+qsort_rr_compare_nsec3(const void *a, const void *b);
+
+/**
+ * sort nsec3 list
+ */
+void
+ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted);
+
+/** 
+ * Default callback function to always leave present signatures, and
+ * add new ones
+ * \param[in] sig The signature to check for removal (unused)
+ * \param[in] n Optional argument (unused)
+ * \return LDNS_SIGNATURE_LEAVE_ADD_NEW
+ */
+int ldns_dnssec_default_add_to_signatures(ldns_rr *sig, void *n);
+/** 
+ * Default callback function to always leave present signatures, and
+ * add no new ones for the keys of these signatures
+ * \param[in] sig The signature to check for removal (unused)
+ * \param[in] n Optional argument (unused)
+ * \return LDNS_SIGNATURE_LEAVE_NO_ADD
+ */
+int ldns_dnssec_default_leave_signatures(ldns_rr *sig, void *n);
+/** 
+ * Default callback function to always remove present signatures, but
+ * add no new ones
+ * \param[in] sig The signature to check for removal (unused)
+ * \param[in] n Optional argument (unused)
+ * \return LDNS_SIGNATURE_REMOVE_NO_ADD
+ */
+int ldns_dnssec_default_delete_signatures(ldns_rr *sig, void *n);
+/** 
+ * Default callback function to always leave present signatures, and
+ * add new ones
+ * \param[in] sig The signature to check for removal (unused)
+ * \param[in] n Optional argument (unused)
+ * \return LDNS_SIGNATURE_REMOVE_ADD_NEW
+ */
+int ldns_dnssec_default_replace_signatures(ldns_rr *sig, void *n);
+
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+/**
+ * Converts the DSA signature from ASN1 representation (RFC2459, as 
+ * used by OpenSSL) to raw signature data as used in DNS (rfc2536)
+ *
+ * \param[in] sig The signature in RFC2459 format
+ * \param[in] sig_len The length of the signature
+ * \return a new rdf with the signature
+ */
+ldns_rdf *
+ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig,
+						  const long sig_len);
+
+/**
+ * Converts the RRSIG signature RDF (in rfc2536 format) to a buffer
+ * with the signature in rfc2459 format
+ *
+ * \param[out] target_buffer buffer to place the signature data
+ * \param[in] sig_rdf The signature rdf to convert
+ * \return LDNS_STATUS_OK on success, error code otherwise
+ */
+ldns_status
+ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
+						  const ldns_rdf *sig_rdf);
+
+/**
+ * Converts the ECDSA signature from ASN1 representation (as 
+ * used by OpenSSL) to raw signature data as used in DNS
+ * This routine is only present if ldns is compiled with ecdsa support.
+ *
+ * \param[in] sig The signature in ASN1 format
+ * \param[in] sig_len The length of the signature
+ * \return a new rdf with the signature
+ */
+ldns_rdf *
+ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len);
+
+/**
+ * Converts the RRSIG signature RDF (from DNS) to a buffer with the 
+ * signature in ASN1 format as openssl uses it.
+ * This routine is only present if ldns is compiled with ecdsa support.
+ *
+ * \param[out] target_buffer buffer to place the signature data in ASN1.
+ * \param[in] sig_rdf The signature rdf to convert
+ * \return LDNS_STATUS_OK on success, error code otherwise
+ */
+ldns_status
+ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
+        const ldns_rdf *sig_rdf);
+
+#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDNS_DNSSEC_H */
diff --git a/3rdParty/Ldns/src/include/ldns/dnssec_sign.h b/3rdParty/Ldns/src/include/ldns/dnssec_sign.h
new file mode 100644
index 0000000..e77cb69
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/dnssec_sign.h
@@ -0,0 +1,383 @@
+/** dnssec_verify */
+
+#ifndef LDNS_DNSSEC_SIGN_H
+#define LDNS_DNSSEC_SIGN_H
+
+#include <ldns/dnssec.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* sign functions */
+
+/** Sign flag that makes DNSKEY type signed by all keys, not only by SEP keys*/
+#define LDNS_SIGN_DNSKEY_WITH_ZSK 1
+
+/**
+ * Create an empty RRSIG RR (i.e. without the actual signature data)
+ * \param[in] rrset The RRset to create the signature for
+ * \param[in] key The key that will create the signature
+ * \return signature rr
+ */
+ldns_rr *
+ldns_create_empty_rrsig(ldns_rr_list *rrset,
+                        ldns_key *key);
+
+/**
+ * Sign the buffer which contains the wiredata of an rrset, and the
+ * corresponding empty rrsig rr with the given key
+ * \param[in] sign_buf the buffer with data to sign
+ * \param[in] key the key to sign with
+ * \return an rdata field with the signature data
+ */
+ldns_rdf *
+ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *key);
+
+/**
+ * Sign an rrset
+ * \param[in] rrset the rrset
+ * \param[in] keys the keys to use
+ * \return a rr_list with the signatures
+ */
+ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys);
+
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+/**
+ * Sign a buffer with the DSA key (hash with SHA1)
+ * \param[in] to_sign buffer with the data
+ * \param[in] key the key to use
+ * \return a ldns_rdf with the signed data
+ */
+ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key);
+
+/**
+ * Sign data with EVP (general method for different algorithms)
+ *
+ * \param[in] to_sign The ldns_buffer containing raw data that is
+ *                    to be signed
+ * \param[in] key The EVP_PKEY key structure to sign with
+ * \param[in] digest_type The digest algorithm to use in the creation of
+ *                        the signature
+ * \return ldns_rdf for the RRSIG ldns_rr
+ */
+ldns_rdf *ldns_sign_public_evp(ldns_buffer *to_sign,
+						 EVP_PKEY *key,
+						 const EVP_MD *digest_type);
+
+/**
+ * Sign a buffer with the RSA key (hash with SHA1)
+ * \param[in] to_sign buffer with the data
+ * \param[in] key the key to use
+ * \return a ldns_rdf with the signed data
+ */
+ldns_rdf *ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key);
+
+/**
+ * Sign a buffer with the RSA key (hash with MD5)
+ * \param[in] to_sign buffer with the data
+ * \param[in] key the key to use
+ * \return a ldns_rdf with the signed data
+ */
+ldns_rdf *ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key);
+#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+
+/**
+ * Marks the names in the zone that are occluded. Those names will be skipped
+ * when walking the tree with the ldns_dnssec_name_node_next_nonglue()
+ * function. But watch out! Names that are partially occluded (like glue with
+ * the same name as the delegation) will not be marked and should specifically 
+ * be taken into account seperately.
+ *
+ * When glue_list is given (not NULL), in the process of marking the names, all
+ * glue resource records will be pushed to that list, even glue at the delegation name.
+ *
+ * \param[in] zone the zone in which to mark the names
+ * \param[in] glue_list the list to which to push the glue rrs
+ * \return LDNS_STATUS_OK on success, an error code otherwise
+ */
+ldns_status
+ldns_dnssec_zone_mark_and_get_glue(
+		ldns_dnssec_zone *zone, ldns_rr_list *glue_list);
+
+/**
+ * Marks the names in the zone that are occluded. Those names will be skipped
+ * when walking the tree with the ldns_dnssec_name_node_next_nonglue()
+ * function. But watch out! Names that are partially occluded (like glue with
+ * the same name as the delegation) will not be marked and should specifically 
+ * be taken into account seperately.
+ *
+ * \param[in] zone the zone in which to mark the names
+ * \return LDNS_STATUS_OK on succesful completion
+ */
+ldns_status
+ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone);
+
+/**
+ * Finds the first dnssec_name node in the rbtree that is not occluded.
+ * It *does* return names that are partially occluded.
+ *
+ * \param[in] node the first node to check
+ * \return the first node that has not been marked as glue, or NULL
+ * if not found (TODO: make that LDNS_RBTREE_NULL?)
+ */
+ldns_rbnode_t *ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node);
+
+/**
+ * Adds NSEC records to the given dnssec_zone
+ *
+ * \param[in] zone the zone to add the records to
+ * \param[in] new_rrs ldns_rr's created by this function are
+ *            added to this rr list, so the caller can free them later
+ * \return LDNS_STATUS_OK on success, an error code otherwise
+ */
+ldns_status ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone,
+								  ldns_rr_list *new_rrs);
+
+/**
+ * Adds NSEC3 records to the zone
+ */
+ldns_status
+ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone,
+						 ldns_rr_list *new_rrs,
+						 uint8_t algorithm,
+						 uint8_t flags,
+						 uint16_t iterations,
+						 uint8_t salt_length,
+						 uint8_t *salt);
+
+/**
+ * remove signatures if callback function tells to
+ * 
+ * \param[in] signatures list of signatures to check, and
+ *            possibly remove, depending on the value of the
+ *            callback
+ * \param[in] key_list these are marked to be used or not,
+ *            on the return value of the callback
+ * \param[in] func this function is called to specify what to
+ *            do with each signature (and corresponding key)
+ * \param[in] arg Optional argument for the callback function
+ * \returns pointer to the new signatures rrs (the original
+ *          passed to this function may have been removed)
+ */
+ldns_dnssec_rrs *ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures,
+									  ldns_key_list *key_list,
+									  int (*func)(ldns_rr *, void *),
+									  void *arg);
+
+/**
+ * Adds signatures to the zone
+ *
+ * \param[in] zone the zone to add RRSIG Resource Records to
+ * \param[in] new_rrs the RRSIG RRs that are created are also
+ *            added to this list, so the caller can free them
+ *            later
+ * \param[in] key_list list of keys to sign with.
+ * \param[in] func Callback function to decide what keys to
+ *            use and what to do with old signatures
+ * \param[in] arg Optional argument for the callback function
+ * \param[in] flags option flags for signing process. 0 makes DNSKEY
+ * RRset signed with the minimal key set, that is only SEP keys are used
+ * for signing. If there are no SEP keys available, non-SEP keys will
+ * be used. LDNS_SIGN_DNSKEY_WITH_ZSK makes DNSKEY type signed with all
+ * keys. 0 is the default.
+ * \return LDNS_STATUS_OK on success, error otherwise
+ */
+ldns_status ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone,
+					ldns_rr_list *new_rrs,
+					ldns_key_list *key_list,
+					int (*func)(ldns_rr *, void*),
+					void *arg,
+					int flags);
+
+/**
+ * Adds signatures to the zone
+ *
+ * \param[in] zone the zone to add RRSIG Resource Records to
+ * \param[in] new_rrs the RRSIG RRs that are created are also
+ *            added to this list, so the caller can free them
+ *            later
+ * \param[in] key_list list of keys to sign with.
+ * \param[in] func Callback function to decide what keys to
+ *            use and what to do with old signatures
+ * \param[in] arg Optional argument for the callback function
+ * \return LDNS_STATUS_OK on success, error otherwise
+ */
+ldns_status ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone,
+								   ldns_rr_list *new_rrs,
+								   ldns_key_list *key_list,
+								   int (*func)(ldns_rr *, void*),
+								   void *arg);
+
+/**
+ * signs the given zone with the given keys
+ * 
+ * \param[in] zone the zone to sign
+ * \param[in] key_list the list of keys to sign the zone with
+ * \param[in] new_rrs newly created resource records are added to this list, to free them later
+ * \param[in] func callback function that decides what to do with old signatures
+ *            This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values:
+ * LDNS_SIGNATURE_LEAVE_ADD_NEW:
+ * leave the signature and add a new one for the corresponding key
+ * LDNS_SIGNATURE_REMOVE_ADD_NEW:
+ * remove the signature and replace is with a new one from the same key
+ * LDNS_SIGNATURE_LEAVE_NO_ADD:
+ * leave the signature and do not add a new one with the corresponding key
+ * LDNS_SIGNATURE_REMOVE_NO_ADD:
+ * remove the signature and do not replace 
+ *
+ * \param[in] arg optional argument for the callback function
+ * \param[in] flags option flags for signing process. 0 makes DNSKEY
+ * RRset signed with the minimal key set, that is only SEP keys are used
+ * for signing. If there are no SEP keys available, non-SEP keys will
+ * be used. LDNS_SIGN_DNSKEY_WITH_ZSK makes DNSKEY type signed with all
+ * keys. 0 is the default.
+ * \return LDNS_STATUS_OK on success, an error code otherwise
+ */
+ldns_status ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone,
+					ldns_rr_list *new_rrs,
+					ldns_key_list *key_list,
+					int (*func)(ldns_rr *, void *),
+					void *arg, 
+					int flags);
+
+/**
+ * signs the given zone with the given new zone, with NSEC3
+ *
+ * \param[in] zone the zone to sign
+ * \param[in] key_list the list of keys to sign the zone with
+ * \param[in] new_rrs newly created resource records are added to this list, to free them later
+ * \param[in] func callback function that decides what to do with old signatures
+ * \param[in] arg optional argument for the callback function
+ * \param[in] algorithm the NSEC3 hashing algorithm to use
+ * \param[in] flags NSEC3 flags
+ * \param[in] iterations the number of NSEC3 hash iterations to use
+ * \param[in] salt_length the length (in octets) of the NSEC3 salt
+ * \param[in] salt the NSEC3 salt data
+ * \param[in] signflags option flags for signing process. 0 is the default.
+ * \return LDNS_STATUS_OK on success, an error code otherwise
+ */
+ldns_status ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone,
+				ldns_rr_list *new_rrs,
+				ldns_key_list *key_list,
+				int (*func)(ldns_rr *, void *),
+				void *arg,
+				uint8_t algorithm,
+				uint8_t flags,
+				uint16_t iterations,
+				uint8_t salt_length,
+				uint8_t *salt,
+				int signflags);
+
+/**
+ * signs the given zone with the given new zone, with NSEC3
+ *
+ * \param[in] zone the zone to sign
+ * \param[in] key_list the list of keys to sign the zone with
+ * \param[in] new_rrs newly created resource records are added to this list, to free them later
+ * \param[in] func callback function that decides what to do with old signatures
+ * \param[in] arg optional argument for the callback function
+ * \param[in] algorithm the NSEC3 hashing algorithm to use
+ * \param[in] flags NSEC3 flags
+ * \param[in] iterations the number of NSEC3 hash iterations to use
+ * \param[in] salt_length the length (in octets) of the NSEC3 salt
+ * \param[in] salt the NSEC3 salt data
+ * \param[in] signflags option flags for signing process. 0 is the default.
+ * \param[out] map a referenced rbtree pointer variable. The newly created 
+ *                 rbtree will contain mappings from hashed owner names to the 
+ *                 unhashed name.
+ * \return LDNS_STATUS_OK on success, an error code otherwise
+ */
+ldns_status ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
+				ldns_rr_list *new_rrs,
+				ldns_key_list *key_list,
+				int (*func)(ldns_rr *, void *),
+				void *arg,
+				uint8_t algorithm,
+				uint8_t flags,
+				uint16_t iterations,
+				uint8_t salt_length,
+				uint8_t *salt,
+				int signflags,
+				ldns_rbtree_t **map
+				);
+
+
+/**
+ * signs the given zone with the given keys
+ * 
+ * \param[in] zone the zone to sign
+ * \param[in] key_list the list of keys to sign the zone with
+ * \param[in] new_rrs newly created resource records are added to this list, to free them later
+ * \param[in] func callback function that decides what to do with old signatures
+ *            This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values:
+ * LDNS_SIGNATURE_LEAVE_ADD_NEW:
+ * leave the signature and add a new one for the corresponding key
+ * LDNS_SIGNATURE_REMOVE_ADD_NEW:
+ * remove the signature and replace is with a new one from the same key
+ * LDNS_SIGNATURE_LEAVE_NO_ADD:
+ * leave the signature and do not add a new one with the corresponding key
+ * LDNS_SIGNATURE_REMOVE_NO_ADD:
+ * remove the signature and do not replace 
+ *
+ * \param[in] arg optional argument for the callback function
+ * \return LDNS_STATUS_OK on success, an error code otherwise
+ */
+ldns_status ldns_dnssec_zone_sign(ldns_dnssec_zone *zone,
+						    ldns_rr_list *new_rrs,
+						    ldns_key_list *key_list,
+						    int (*func)(ldns_rr *, void *),
+						    void *arg);
+
+/**
+ * signs the given zone with the given new zone, with NSEC3
+ *
+ * \param[in] zone the zone to sign
+ * \param[in] key_list the list of keys to sign the zone with
+ * \param[in] new_rrs newly created resource records are added to this list, to free them later
+ * \param[in] func callback function that decides what to do with old signatures
+ * \param[in] arg optional argument for the callback function
+ * \param[in] algorithm the NSEC3 hashing algorithm to use
+ * \param[in] flags NSEC3 flags
+ * \param[in] iterations the number of NSEC3 hash iterations to use
+ * \param[in] salt_length the length (in octets) of the NSEC3 salt
+ * \param[in] salt the NSEC3 salt data
+ * \return LDNS_STATUS_OK on success, an error code otherwise
+ */
+ldns_status ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone,
+								ldns_rr_list *new_rrs,
+								ldns_key_list *key_list,
+								int (*func)(ldns_rr *, void *),
+								void *arg,
+								uint8_t algorithm,
+								uint8_t flags,
+								uint16_t iterations,
+								uint8_t salt_length,
+								uint8_t *salt);
+
+/**
+ * Signs the zone, and returns a newly allocated signed zone
+ * \param[in] zone the zone to sign
+ * \param[in] key_list list of keys to sign with
+ * \return signed zone
+ */
+ldns_zone *ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list);
+
+/**
+ * Signs the zone with NSEC3, and returns a newly allocated signed zone
+ * \param[in] zone the zone to sign
+ * \param[in] key_list list of keys to sign with
+ * \param[in] algorithm the NSEC3 hashing algorithm to use
+ * \param[in] flags NSEC3 flags
+ * \param[in] iterations the number of NSEC3 hash iterations to use
+ * \param[in] salt_length the length (in octets) of the NSEC3 salt
+ * \param[in] salt the NSEC3 salt data
+ * \return signed zone
+ */
+ldns_zone *ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt);
+ 
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/3rdParty/Ldns/src/include/ldns/dnssec_verify.h b/3rdParty/Ldns/src/include/ldns/dnssec_verify.h
new file mode 100644
index 0000000..1350f48
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/dnssec_verify.h
@@ -0,0 +1,873 @@
+/** dnssec_verify */
+
+#ifndef LDNS_DNSSEC_VERIFY_H
+#define LDNS_DNSSEC_VERIFY_H
+
+#define LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS 10
+
+#include <ldns/dnssec.h>
+#include <ldns/host2str.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Chain structure that contains all DNSSEC data needed to
+ * verify an rrset
+ */
+typedef struct ldns_dnssec_data_chain_struct ldns_dnssec_data_chain;
+struct ldns_dnssec_data_chain_struct
+{
+	ldns_rr_list *rrset;
+	ldns_rr_list *signatures;
+	ldns_rr_type parent_type;
+	ldns_dnssec_data_chain *parent;
+	ldns_pkt_rcode packet_rcode;
+	ldns_rr_type packet_qtype;
+	bool packet_nodata;
+};
+
+/**
+ * Creates a new dnssec_chain structure
+ * \return ldns_dnssec_data_chain *
+ */
+ldns_dnssec_data_chain *ldns_dnssec_data_chain_new();
+
+/**
+ * Frees a dnssec_data_chain structure
+ *
+ * \param[in] *chain The chain to free
+ */
+void ldns_dnssec_data_chain_free(ldns_dnssec_data_chain *chain);
+
+/**
+ * Frees a dnssec_data_chain structure, and all data
+ * contained therein
+ *
+ * \param[in] *chain The dnssec_data_chain to free
+ */
+void ldns_dnssec_data_chain_deep_free(ldns_dnssec_data_chain *chain);
+
+/**
+ * Prints the dnssec_data_chain to the given file stream
+ * 
+ * \param[in] *out The file stream to print to
+ * \param[in] *chain The dnssec_data_chain to print
+ */
+void ldns_dnssec_data_chain_print(FILE *out, const ldns_dnssec_data_chain *chain);
+
+/**
+ * Prints the dnssec_data_chain to the given file stream
+ * 
+ * \param[in] *out The file stream to print to
+ * \param[in] *fmt The format of the textual representation
+ * \param[in] *chain The dnssec_data_chain to print
+ */
+void ldns_dnssec_data_chain_print_fmt(FILE *out, 
+		const ldns_output_format *fmt,
+		const ldns_dnssec_data_chain *chain);
+
+/**
+ * Build an ldns_dnssec_data_chain, which contains all
+ * DNSSEC data that is needed to derive the trust tree later
+ *
+ * The data_set will be cloned
+ *
+ * \param[in] *res resolver structure for further needed queries
+ * \param[in] qflags resolution flags
+ * \param[in] *data_set The original rrset where the chain ends
+ * \param[in] *pkt optional, can contain the original packet
+ * (and hence the sigs and maybe the key)
+ * \param[in] *orig_rr The original Resource Record
+ *
+ * \return the DNSSEC data chain
+ */
+ldns_dnssec_data_chain *ldns_dnssec_build_data_chain(ldns_resolver *res,
+										   const uint16_t qflags,
+										   const ldns_rr_list *data_set,
+										   const ldns_pkt *pkt,
+										   ldns_rr *orig_rr);
+
+/**
+ * Tree structure that contains the relation of DNSSEC data,
+ * and their cryptographic status.
+ *
+ * This tree is derived from a data_chain, and can be used
+ * to look whether there is a connection between an RRSET
+ * and a trusted key. The tree only contains pointers to the
+ * data_chain, and therefore one should *never* free() the
+ * data_chain when there is still a trust tree derived from
+ * that chain.
+ *
+ * Example tree:
+ *     key   key    key
+ *       \    |    /
+ *        \   |   /
+ *         \  |  /
+ *            ds
+ *            |
+ *           key
+ *            |
+ *           key
+ *            |
+ *            rr
+ *
+ * For each signature there is a parent; if the parent
+ * pointer is null, it couldn't be found and there was no
+ * denial; otherwise is a tree which contains either a
+ * DNSKEY, a DS, or a NSEC rr
+ */
+typedef struct ldns_dnssec_trust_tree_struct ldns_dnssec_trust_tree;
+struct ldns_dnssec_trust_tree_struct
+{
+	ldns_rr *rr;
+	/* the complete rrset this rr was in */
+	ldns_rr_list *rrset;
+	ldns_dnssec_trust_tree *parents[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];
+	ldns_status parent_status[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];
+	/** for debugging, add signatures too (you might want
+	    those if they contain errors) */
+	ldns_rr *parent_signature[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];
+	size_t parent_count;
+};
+
+/**
+ * Creates a new (empty) dnssec_trust_tree structure
+ *
+ * \return ldns_dnssec_trust_tree *
+ */
+ldns_dnssec_trust_tree *ldns_dnssec_trust_tree_new();
+
+/**
+ * Frees the dnssec_trust_tree recursively
+ *
+ * There is no deep free; all data in the trust tree
+ * consists of pointers to a data_chain
+ *
+ * \param[in] tree The tree to free
+ */
+void ldns_dnssec_trust_tree_free(ldns_dnssec_trust_tree *tree);
+
+/**
+ * returns the depth of the trust tree
+ *
+ * \param[in] tree tree to calculate the depth of
+ * \return The depth of the tree
+ */
+size_t ldns_dnssec_trust_tree_depth(ldns_dnssec_trust_tree *tree);
+
+/**
+ * Prints the dnssec_trust_tree structure to the given file
+ * stream.
+ *
+ * If a link status is not LDNS_STATUS_OK; the status and
+ * relevant signatures are printed too
+ *
+ * \param[in] *out The file stream to print to
+ * \param[in] tree The trust tree to print
+ * \param[in] tabs Prepend each line with tabs*2 spaces
+ * \param[in] extended If true, add little explanation lines to the output
+ */
+void ldns_dnssec_trust_tree_print(FILE *out,
+	       	ldns_dnssec_trust_tree *tree,
+		size_t tabs,
+		bool extended);
+
+/**
+ * Prints the dnssec_trust_tree structure to the given file
+ * stream.
+ *
+ * If a link status is not LDNS_STATUS_OK; the status and
+ * relevant signatures are printed too
+ *
+ * \param[in] *out The file stream to print to
+ * \param[in] *fmt The format of the textual representation
+ * \param[in] tree The trust tree to print
+ * \param[in] tabs Prepend each line with tabs*2 spaces
+ * \param[in] extended If true, add little explanation lines to the output
+ */
+void ldns_dnssec_trust_tree_print_fmt(FILE *out,
+		const ldns_output_format *fmt,
+	       	ldns_dnssec_trust_tree *tree,
+		size_t tabs,
+		bool extended);
+
+/**
+ * Adds a trust tree as a parent for the given trust tree
+ *
+ * \param[in] *tree The tree to add the parent to
+ * \param[in] *parent The parent tree to add
+ * \param[in] *parent_signature The RRSIG relevant to this parent/child
+ *                              connection
+ * \param[in] parent_status The DNSSEC status for this parent, child and RRSIG
+ * \return LDNS_STATUS_OK if the addition succeeds, error otherwise
+ */
+ldns_status ldns_dnssec_trust_tree_add_parent(ldns_dnssec_trust_tree *tree,
+									 const ldns_dnssec_trust_tree *parent,
+									 const ldns_rr *parent_signature,
+									 const ldns_status parent_status);
+
+/**
+ * Generates a dnssec_trust_ttree for the given rr from the
+ * given data_chain
+ *
+ * This does not clone the actual data; Don't free the
+ * data_chain before you are done with this tree
+ *
+ * \param[in] *data_chain The chain to derive the trust tree from
+ * \param[in] *rr The RR this tree will be about
+ * \return ldns_dnssec_trust_tree *
+ */
+ldns_dnssec_trust_tree *ldns_dnssec_derive_trust_tree(
+                            ldns_dnssec_data_chain *data_chain,
+					   ldns_rr *rr);
+
+/**
+ * Generates a dnssec_trust_ttree for the given rr from the
+ * given data_chain
+ *
+ * This does not clone the actual data; Don't free the
+ * data_chain before you are done with this tree
+ *
+ * \param[in] *data_chain The chain to derive the trust tree from
+ * \param[in] *rr The RR this tree will be about
+ * \param[in] check_time the time for which the validation is performed
+ * \return ldns_dnssec_trust_tree *
+ */
+ldns_dnssec_trust_tree *ldns_dnssec_derive_trust_tree_time(
+		ldns_dnssec_data_chain *data_chain, 
+		ldns_rr *rr, time_t check_time);
+
+/**
+ * Sub function for derive_trust_tree that is used for a 'normal' rrset
+ *
+ * \param[in] new_tree The trust tree that we are building
+ * \param[in] data_chain The data chain containing the data for the trust tree
+ * \param[in] cur_sig_rr The currently relevant signature
+ */
+void ldns_dnssec_derive_trust_tree_normal_rrset(
+         ldns_dnssec_trust_tree *new_tree,
+	    ldns_dnssec_data_chain *data_chain,
+	    ldns_rr *cur_sig_rr);
+
+/**
+ * Sub function for derive_trust_tree that is used for a 'normal' rrset
+ *
+ * \param[in] new_tree The trust tree that we are building
+ * \param[in] data_chain The data chain containing the data for the trust tree
+ * \param[in] cur_sig_rr The currently relevant signature
+ * \param[in] check_time the time for which the validation is performed
+ */
+void ldns_dnssec_derive_trust_tree_normal_rrset_time(
+         ldns_dnssec_trust_tree *new_tree,
+	    ldns_dnssec_data_chain *data_chain,
+	    ldns_rr *cur_sig_rr, time_t check_time);
+
+
+/**
+ * Sub function for derive_trust_tree that is used for DNSKEY rrsets
+ *
+ * \param[in] new_tree The trust tree that we are building
+ * \param[in] data_chain The data chain containing the data for the trust tree
+ * \param[in] cur_rr The currently relevant DNSKEY RR
+ * \param[in] cur_sig_rr The currently relevant signature
+ */
+void ldns_dnssec_derive_trust_tree_dnskey_rrset(
+         ldns_dnssec_trust_tree *new_tree,
+	    ldns_dnssec_data_chain *data_chain,
+	    ldns_rr *cur_rr,
+	    ldns_rr *cur_sig_rr);
+
+/**
+ * Sub function for derive_trust_tree that is used for DNSKEY rrsets
+ *
+ * \param[in] new_tree The trust tree that we are building
+ * \param[in] data_chain The data chain containing the data for the trust tree
+ * \param[in] cur_rr The currently relevant DNSKEY RR
+ * \param[in] cur_sig_rr The currently relevant signature
+ * \param[in] check_time the time for which the validation is performed
+ */
+void ldns_dnssec_derive_trust_tree_dnskey_rrset_time(
+         ldns_dnssec_trust_tree *new_tree,
+	    ldns_dnssec_data_chain *data_chain,
+	    ldns_rr *cur_rr, ldns_rr *cur_sig_rr,
+	    time_t check_time);
+
+
+/**
+ * Sub function for derive_trust_tree that is used for DNSKEY rrsets
+ *
+ * \param[in] new_tree The trust tree that we are building
+ * \param[in] data_chain The data chain containing the data for the trust tree
+ * \param[in] cur_rr The currently relevant DNSKEY RR
+ * \param[in] cur_sig_rr The currently relevant signature
+ * \param[in] check_time the time for which the validation is performed
+ */
+void ldns_dnssec_derive_trust_tree_dnskey_rrset_time(
+         ldns_dnssec_trust_tree *new_tree,
+	    ldns_dnssec_data_chain *data_chain,
+	    ldns_rr *cur_rr, ldns_rr *cur_sig_rr,
+	    time_t check_time);
+
+
+/**
+ * Sub function for derive_trust_tree that is used for DS rrsets
+ *
+ * \param[in] new_tree The trust tree that we are building
+ * \param[in] data_chain The data chain containing the data for the trust tree
+ * \param[in] cur_rr The currently relevant DS RR
+ */
+void ldns_dnssec_derive_trust_tree_ds_rrset(
+         ldns_dnssec_trust_tree *new_tree,
+	    ldns_dnssec_data_chain *data_chain,
+	    ldns_rr *cur_rr);
+
+/**
+ * Sub function for derive_trust_tree that is used for DS rrsets
+ *
+ * \param[in] new_tree The trust tree that we are building
+ * \param[in] data_chain The data chain containing the data for the trust tree
+ * \param[in] cur_rr The currently relevant DS RR
+ * \param[in] check_time the time for which the validation is performed
+ */
+void ldns_dnssec_derive_trust_tree_ds_rrset_time(
+         ldns_dnssec_trust_tree *new_tree,
+	    ldns_dnssec_data_chain *data_chain,
+	    ldns_rr *cur_rr, time_t check_time);
+
+/**
+ * Sub function for derive_trust_tree that is used when there are no
+ * signatures
+ *
+ * \param[in] new_tree The trust tree that we are building
+ * \param[in] data_chain The data chain containing the data for the trust tree
+ */
+void ldns_dnssec_derive_trust_tree_no_sig(
+         ldns_dnssec_trust_tree *new_tree,
+	    ldns_dnssec_data_chain *data_chain);
+
+/**
+ * Sub function for derive_trust_tree that is used when there are no
+ * signatures
+ *
+ * \param[in] new_tree The trust tree that we are building
+ * \param[in] data_chain The data chain containing the data for the trust tree
+ * \param[in] check_time the time for which the validation is performed
+ */
+void ldns_dnssec_derive_trust_tree_no_sig_time(
+         ldns_dnssec_trust_tree *new_tree,
+	    ldns_dnssec_data_chain *data_chain,
+	    time_t check_time);
+
+
+/**
+ * Returns OK if there is a trusted path in the tree to one of 
+ * the DNSKEY or DS RRs in the given list
+ *
+ * \param *tree The trust tree so search
+ * \param *keys A ldns_rr_list of DNSKEY and DS rrs to look for
+ * \return LDNS_STATUS_OK if there is a trusted path to one of
+ *                        the keys, or the *first* error encountered
+ *                        if there were no paths
+ */
+ldns_status ldns_dnssec_trust_tree_contains_keys(
+			 ldns_dnssec_trust_tree *tree,
+			 ldns_rr_list *keys);
+
+/**
+ * Verifies a list of signatures for one rrset.
+ *
+ * \param[in] rrset the rrset to verify
+ * \param[in] rrsig a list of signatures to check
+ * \param[in] keys a list of keys to check with
+ * \param[out] good_keys  if this is a (initialized) list, the pointer to keys
+ *                        from keys that validate one of the signatures
+ *                        are added to it
+ * \return status LDNS_STATUS_OK if there is at least one correct key
+ */
+ldns_status ldns_verify(ldns_rr_list *rrset,
+				    ldns_rr_list *rrsig,
+				    const ldns_rr_list *keys,
+				    ldns_rr_list *good_keys);	
+
+/**
+ * Verifies a list of signatures for one rrset.
+ *
+ * \param[in] rrset the rrset to verify
+ * \param[in] rrsig a list of signatures to check
+ * \param[in] keys a list of keys to check with
+ * \param[in] check_time the time for which the validation is performed
+ * \param[out] good_keys  if this is a (initialized) list, the pointer to keys
+ *                        from keys that validate one of the signatures
+ *                        are added to it
+ * \return status LDNS_STATUS_OK if there is at least one correct key
+ */
+ldns_status ldns_verify_time(ldns_rr_list *rrset,
+				    ldns_rr_list *rrsig,
+				    const ldns_rr_list *keys,
+				    time_t check_time,
+				    ldns_rr_list *good_keys);	
+
+
+/**
+ * Verifies a list of signatures for one rrset, but disregard the time.
+ * Inception and Expiration are not checked.
+ *
+ * \param[in] rrset the rrset to verify
+ * \param[in] rrsig a list of signatures to check
+ * \param[in] keys a list of keys to check with
+ * \param[out] good_keys  if this is a (initialized) list, the pointer to keys
+ *                        from keys that validate one of the signatures
+ *                        are added to it
+ * \return status LDNS_STATUS_OK if there is at least one correct key
+ */
+ldns_status ldns_verify_notime(ldns_rr_list *rrset,
+				    ldns_rr_list *rrsig,
+				    const ldns_rr_list *keys,
+				    ldns_rr_list *good_keys);	
+
+/**
+ * Tries to build an authentication chain from the given 
+ * keys down to the queried domain.
+ *
+ * If we find a valid trust path, return the valid keys for the domain.
+ * 
+ * \param[in] res the current resolver
+ * \param[in] domain the domain we want valid keys for
+ * \param[in] keys the current set of trusted keys
+ * \param[out] status pointer to the status variable where the result
+ *                    code will be stored
+ * \return the set of trusted keys for the domain, or NULL if no 
+ *         trust path could be built.
+ */
+ldns_rr_list *ldns_fetch_valid_domain_keys(const ldns_resolver * res,
+								   const ldns_rdf * domain,
+								   const ldns_rr_list * keys,
+								   ldns_status *status);
+
+/**
+ * Tries to build an authentication chain from the given 
+ * keys down to the queried domain.
+ *
+ * If we find a valid trust path, return the valid keys for the domain.
+ * 
+ * \param[in] res the current resolver
+ * \param[in] domain the domain we want valid keys for
+ * \param[in] keys the current set of trusted keys
+ * \param[in] check_time the time for which the validation is performed
+ * \param[out] status pointer to the status variable where the result
+ *                    code will be stored
+ * \return the set of trusted keys for the domain, or NULL if no 
+ *         trust path could be built.
+ */
+ldns_rr_list *ldns_fetch_valid_domain_keys_time(const ldns_resolver * res,
+		const ldns_rdf * domain, const ldns_rr_list * keys,
+		time_t check_time, ldns_status *status);
+
+
+/**
+ * Validates the DNSKEY RRset for the given domain using the provided 
+ * trusted keys.
+ *
+ * \param[in] res the current resolver
+ * \param[in] domain the domain we want valid keys for
+ * \param[in] keys the current set of trusted keys
+ * \return the set of trusted keys for the domain, or NULL if the RRSET
+ *         could not be validated
+ */
+ldns_rr_list *ldns_validate_domain_dnskey (const ldns_resolver *res,
+								   const ldns_rdf *domain,
+								   const ldns_rr_list *keys);
+
+/**
+ * Validates the DNSKEY RRset for the given domain using the provided 
+ * trusted keys.
+ *
+ * \param[in] res the current resolver
+ * \param[in] domain the domain we want valid keys for
+ * \param[in] keys the current set of trusted keys
+ * \param[in] check_time the time for which the validation is performed
+ * \return the set of trusted keys for the domain, or NULL if the RRSET
+ *         could not be validated
+ */
+ldns_rr_list *ldns_validate_domain_dnskey_time(
+		const ldns_resolver *res, const ldns_rdf *domain, 
+		const ldns_rr_list *keys, time_t check_time);
+
+
+/**
+ * Validates the DS RRset for the given domain using the provided trusted keys.
+ *
+ * \param[in] res the current resolver
+ * \param[in] domain the domain we want valid keys for
+ * \param[in] keys the current set of trusted keys
+ * \return the set of trusted keys for the domain, or NULL if the RRSET could not be validated
+ */
+ldns_rr_list *ldns_validate_domain_ds(const ldns_resolver *res,
+							   const ldns_rdf *
+							   domain,
+							   const ldns_rr_list * keys);
+
+/**
+ * Validates the DS RRset for the given domain using the provided trusted keys.
+ *
+ * \param[in] res the current resolver
+ * \param[in] domain the domain we want valid keys for
+ * \param[in] keys the current set of trusted keys
+ * \param[in] check_time the time for which the validation is performed
+ * \return the set of trusted keys for the domain, or NULL if the RRSET could not be validated
+ */
+ldns_rr_list *ldns_validate_domain_ds_time(
+		const ldns_resolver *res, const ldns_rdf *domain, 
+		const ldns_rr_list * keys, time_t check_time);
+
+
+/**
+ * Verifies a list of signatures for one RRset using a valid trust path.
+ *
+ * \param[in] res the current resolver
+ * \param[in] rrset the rrset to verify
+ * \param[in] rrsigs a list of signatures to check
+ * \param[out] validating_keys  if this is a (initialized) list, the
+ *                              keys from keys that validate one of
+ *                              the signatures are added to it
+ * \return status LDNS_STATUS_OK if there is at least one correct key
+ */
+ldns_status ldns_verify_trusted(ldns_resolver *res,
+						  ldns_rr_list *rrset,
+						  ldns_rr_list *rrsigs,
+						  ldns_rr_list *validating_keys);
+
+/**
+ * Verifies a list of signatures for one RRset using a valid trust path.
+ *
+ * \param[in] res the current resolver
+ * \param[in] rrset the rrset to verify
+ * \param[in] rrsigs a list of signatures to check
+ * \param[in] check_time the time for which the validation is performed
+ * \param[out] validating_keys  if this is a (initialized) list, the
+ *                              keys from keys that validate one of
+ *                              the signatures are added to it
+ * \return status LDNS_STATUS_OK if there is at least one correct key
+ */
+ldns_status ldns_verify_trusted_time(
+		ldns_resolver *res, ldns_rr_list *rrset, 
+		ldns_rr_list *rrsigs, time_t check_time,
+		ldns_rr_list *validating_keys);
+
+
+/**
+ * denial is not just a river in egypt
+ *
+ * \param[in] rr The (query) RR to check the denial of existence for
+ * \param[in] nsecs The list of NSEC RRs that are supposed to deny the
+ *                  existence of the RR
+ * \param[in] rrsigs The RRSIG RR covering the NSEC RRs
+ * \return LDNS_STATUS_OK if the NSEC RRs deny the existence, error code
+ *                        containing the reason they do not otherwise
+ */
+ldns_status ldns_dnssec_verify_denial(ldns_rr *rr,
+							   ldns_rr_list *nsecs,
+							   ldns_rr_list *rrsigs);
+
+/**
+ * Denial of existence using NSEC3 records
+ * Since NSEC3 is a bit more complicated than normal denial, some
+ * context arguments are needed
+ *
+ * \param[in] rr The (query) RR to check the denial of existence for
+ * \param[in] nsecs The list of NSEC3 RRs that are supposed to deny the
+ *                  existence of the RR
+ * \param[in] rrsigs The RRSIG rr covering the NSEC RRs
+ * \param[in] packet_rcode The RCODE value of the packet that provided the
+ *                         NSEC3 RRs
+ * \param[in] packet_qtype The original query RR type
+ * \param[in] packet_nodata True if the providing packet had an empty ANSWER
+ *                          section
+ * \return LDNS_STATUS_OK if the NSEC3 RRs deny the existence, error code
+ *                        containing the reason they do not otherwise
+ */
+ldns_status ldns_dnssec_verify_denial_nsec3(ldns_rr *rr,
+								    ldns_rr_list *nsecs,
+								    ldns_rr_list *rrsigs,
+								    ldns_pkt_rcode packet_rcode,
+								    ldns_rr_type packet_qtype,
+								    bool packet_nodata);
+
+/**
+ * Same as ldns_status ldns_dnssec_verify_denial_nsec3 but also returns
+ * the nsec rr that matched.
+ *
+ * \param[in] rr The (query) RR to check the denial of existence for
+ * \param[in] nsecs The list of NSEC3 RRs that are supposed to deny the
+ *                  existence of the RR
+ * \param[in] rrsigs The RRSIG rr covering the NSEC RRs
+ * \param[in] packet_rcode The RCODE value of the packet that provided the
+ *                         NSEC3 RRs
+ * \param[in] packet_qtype The original query RR type
+ * \param[in] packet_nodata True if the providing packet had an empty ANSWER
+ *                          section
+ * \param[in] match On match, the given (reference to a) pointer will be set 
+ *                  to point to the matching nsec resource record.
+ * \return LDNS_STATUS_OK if the NSEC3 RRs deny the existence, error code
+ *                        containing the reason they do not otherwise
+ */
+ldns_status ldns_dnssec_verify_denial_nsec3_match(ldns_rr *rr,
+						  ldns_rr_list *nsecs,
+						  ldns_rr_list *rrsigs,
+						  ldns_pkt_rcode packet_rcode,
+						  ldns_rr_type packet_qtype,
+						  bool packet_nodata,
+						  ldns_rr **match);
+/**
+ * Verifies the already processed data in the buffers
+ * This function should probably not be used directly.
+ *
+ * \param[in] rawsig_buf Buffer containing signature data to use
+ * \param[in] verify_buf Buffer containing data to verify
+ * \param[in] key_buf Buffer containing key data to use
+ * \param[in] algo Signing algorithm
+ * \return status LDNS_STATUS_OK if the data verifies. Error if not.
+ */
+ldns_status ldns_verify_rrsig_buffers(ldns_buffer *rawsig_buf,
+							   ldns_buffer *verify_buf,
+							   ldns_buffer *key_buf,
+							   uint8_t algo);
+
+/**
+ * Like ldns_verify_rrsig_buffers, but uses raw data.
+ *
+ * \param[in] sig signature data to use
+ * \param[in] siglen length of signature data to use
+ * \param[in] verify_buf Buffer containing data to verify
+ * \param[in] key key data to use
+ * \param[in] keylen length of key data to use
+ * \param[in] algo Signing algorithm
+ * \return status LDNS_STATUS_OK if the data verifies. Error if not.
+ */
+ldns_status ldns_verify_rrsig_buffers_raw(unsigned char* sig,
+								  size_t siglen, 
+								  ldns_buffer *verify_buf,
+								  unsigned char* key,
+								  size_t keylen, 
+								  uint8_t algo);
+
+/**
+ * Verifies an rrsig. All keys in the keyset are tried.
+ * \param[in] rrset the rrset to check
+ * \param[in] rrsig the signature of the rrset
+ * \param[in] keys the keys to try
+ * \param[out] good_keys  if this is a (initialized) list, the pointer to keys
+ *                        from keys that validate one of the signatures
+ *                        are added to it
+ * \return a list of keys which validate the rrsig + rrset. Returns
+ * status LDNS_STATUS_OK if at least one key matched. Else an error.
+ */
+ldns_status ldns_verify_rrsig_keylist(ldns_rr_list *rrset,
+							   ldns_rr *rrsig,
+							   const ldns_rr_list *keys,
+							   ldns_rr_list *good_keys);
+
+/**
+ * Verifies an rrsig. All keys in the keyset are tried.
+ * \param[in] rrset the rrset to check
+ * \param[in] rrsig the signature of the rrset
+ * \param[in] keys the keys to try
+ * \param[in] check_time the time for which the validation is performed
+ * \param[out] good_keys  if this is a (initialized) list, the pointer to keys
+ *                        from keys that validate one of the signatures
+ *                        are added to it
+ * \return a list of keys which validate the rrsig + rrset. Returns
+ * status LDNS_STATUS_OK if at least one key matched. Else an error.
+ */
+ldns_status ldns_verify_rrsig_keylist_time(
+		ldns_rr_list *rrset, ldns_rr *rrsig, 
+		const ldns_rr_list *keys, time_t check_time,
+	       	ldns_rr_list *good_keys);
+
+
+/**
+ * Verifies an rrsig. All keys in the keyset are tried. Time is not checked.
+ * \param[in] rrset the rrset to check
+ * \param[in] rrsig the signature of the rrset
+ * \param[in] keys the keys to try
+ * \param[out] good_keys  if this is a (initialized) list, the pointer to keys
+ *                        from keys that validate one of the signatures
+ *                        are added to it
+ * \return a list of keys which validate the rrsig + rrset. Returns
+ * status LDNS_STATUS_OK if at least one key matched. Else an error.
+ */
+ldns_status ldns_verify_rrsig_keylist_notime(ldns_rr_list *rrset,
+							   ldns_rr *rrsig,
+							   const ldns_rr_list *keys,
+							   ldns_rr_list *good_keys);
+
+/**
+ * verify an rrsig with 1 key
+ * \param[in] rrset the rrset
+ * \param[in] rrsig the rrsig to verify
+ * \param[in] key the key to use
+ * \return status message wether verification succeeded.
+ */
+ldns_status ldns_verify_rrsig(ldns_rr_list *rrset,
+						ldns_rr *rrsig,
+						ldns_rr *key);
+
+
+/**
+ * verify an rrsig with 1 key
+ * \param[in] rrset the rrset
+ * \param[in] rrsig the rrsig to verify
+ * \param[in] key the key to use
+ * \param[in] check_time the time for which the validation is performed
+ * \return status message wether verification succeeded.
+ */
+ldns_status ldns_verify_rrsig_time(
+		ldns_rr_list *rrset, ldns_rr *rrsig, 
+		ldns_rr *key, time_t check_time);
+
+
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+/**
+ * verifies a buffer with signature data for a buffer with rrset data 
+ * with an EVP_PKEY
+ *
+ * \param[in] sig the signature data
+ * \param[in] rrset the rrset data, sorted and processed for verification
+ * \param[in] key the EVP key structure
+ * \param[in] digest_type The digest type of the signature
+ */
+ldns_status ldns_verify_rrsig_evp(ldns_buffer *sig,
+						    ldns_buffer *rrset,
+						    EVP_PKEY *key,
+						    const EVP_MD *digest_type);
+
+/**
+ * Like ldns_verify_rrsig_evp, but uses raw signature data.
+ * \param[in] sig the signature data, wireformat uncompressed
+ * \param[in] siglen length of the signature data
+ * \param[in] rrset the rrset data, sorted and processed for verification
+ * \param[in] key the EVP key structure
+ * \param[in] digest_type The digest type of the signature
+ */
+ldns_status ldns_verify_rrsig_evp_raw(unsigned char *sig,
+							   size_t siglen,
+							   ldns_buffer *rrset,
+							   EVP_PKEY *key,
+							   const EVP_MD *digest_type);
+#endif
+
+/**
+ * verifies a buffer with signature data (DSA) for a buffer with rrset data 
+ * with a buffer with key data.
+ *
+ * \param[in] sig the signature data
+ * \param[in] rrset the rrset data, sorted and processed for verification
+ * \param[in] key the key data
+ */
+ldns_status ldns_verify_rrsig_dsa(ldns_buffer *sig,
+						    ldns_buffer *rrset,
+						    ldns_buffer *key);
+
+/**
+ * verifies a buffer with signature data (RSASHA1) for a buffer with rrset data 
+ * with a buffer with key data.
+ *
+ * \param[in] sig the signature data
+ * \param[in] rrset the rrset data, sorted and processed for verification
+ * \param[in] key the key data
+ */
+ldns_status ldns_verify_rrsig_rsasha1(ldns_buffer *sig,
+							   ldns_buffer *rrset,
+							   ldns_buffer *key);
+
+/**
+ * verifies a buffer with signature data (RSAMD5) for a buffer with rrset data 
+ * with a buffer with key data.
+ *
+ * \param[in] sig the signature data
+ * \param[in] rrset the rrset data, sorted and processed for verification
+ * \param[in] key the key data
+ */
+ldns_status ldns_verify_rrsig_rsamd5(ldns_buffer *sig,
+							  ldns_buffer *rrset,
+							  ldns_buffer *key);
+
+/**
+ * Like ldns_verify_rrsig_dsa, but uses raw signature and key data.
+ * \param[in] sig raw uncompressed wireformat signature data
+ * \param[in] siglen length of signature data
+ * \param[in] rrset ldns buffer with prepared rrset data.
+ * \param[in] key raw uncompressed wireformat key data
+ * \param[in] keylen length of key data
+ */
+ldns_status ldns_verify_rrsig_dsa_raw(unsigned char* sig,
+							   size_t siglen,
+							   ldns_buffer* rrset,
+							   unsigned char* key,
+							   size_t keylen);
+
+/**
+ * Like ldns_verify_rrsig_rsasha1, but uses raw signature and key data.
+ * \param[in] sig raw uncompressed wireformat signature data
+ * \param[in] siglen length of signature data
+ * \param[in] rrset ldns buffer with prepared rrset data.
+ * \param[in] key raw uncompressed wireformat key data
+ * \param[in] keylen length of key data
+ */
+ldns_status ldns_verify_rrsig_rsasha1_raw(unsigned char* sig,
+								  size_t siglen,
+								  ldns_buffer* rrset,
+								  unsigned char* key,
+								  size_t keylen);
+
+/**
+ * Like ldns_verify_rrsig_rsasha256, but uses raw signature and key data.
+ * \param[in] sig raw uncompressed wireformat signature data
+ * \param[in] siglen length of signature data
+ * \param[in] rrset ldns buffer with prepared rrset data.
+ * \param[in] key raw uncompressed wireformat key data
+ * \param[in] keylen length of key data
+ */
+
+ldns_status ldns_verify_rrsig_rsasha256_raw(unsigned char* sig,
+								    size_t siglen,
+								    ldns_buffer* rrset,
+								    unsigned char* key,
+								    size_t keylen);
+
+/**
+ * Like ldns_verify_rrsig_rsasha512, but uses raw signature and key data.
+ * \param[in] sig raw uncompressed wireformat signature data
+ * \param[in] siglen length of signature data
+ * \param[in] rrset ldns buffer with prepared rrset data.
+ * \param[in] key raw uncompressed wireformat key data
+ * \param[in] keylen length of key data
+ */
+ldns_status ldns_verify_rrsig_rsasha512_raw(unsigned char* sig,
+								    size_t siglen,
+								    ldns_buffer* rrset,
+								    unsigned char* key,
+								    size_t keylen);
+
+/**
+ * Like ldns_verify_rrsig_rsamd5, but uses raw signature and key data.
+ * \param[in] sig raw uncompressed wireformat signature data
+ * \param[in] siglen length of signature data
+ * \param[in] rrset ldns buffer with prepared rrset data.
+ * \param[in] key raw uncompressed wireformat key data
+ * \param[in] keylen length of key data
+ */
+ldns_status ldns_verify_rrsig_rsamd5_raw(unsigned char* sig,
+								 size_t siglen,
+								 ldns_buffer* rrset,
+								 unsigned char* key,
+								 size_t keylen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/3rdParty/Ldns/src/include/ldns/dnssec_zone.h b/3rdParty/Ldns/src/include/ldns/dnssec_zone.h
new file mode 100644
index 0000000..e2dd402
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/dnssec_zone.h
@@ -0,0 +1,440 @@
+/*
+ * special zone file structures and functions for better dnssec handling
+ *
+ * A zone contains a SOA dnssec_zone_rrset, and an AVL tree of 'normal'
+ * dnssec_zone_rrsets, indexed by name and type
+ */
+
+#ifndef LDNS_DNSSEC_ZONE_H
+#define LDNS_DNSSEC_ZONE_H
+ 
+#include <ldns/ldns.h>
+#include <ldns/rbtree.h>
+#include <ldns/host2str.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Singly linked list of rrs
+ */
+typedef struct ldns_struct_dnssec_rrs ldns_dnssec_rrs;
+struct ldns_struct_dnssec_rrs
+{
+	ldns_rr *rr;
+	ldns_dnssec_rrs *next;
+};
+
+/**
+ * Singly linked list of RRsets
+ */
+typedef struct ldns_struct_dnssec_rrsets ldns_dnssec_rrsets;
+struct ldns_struct_dnssec_rrsets
+{
+	ldns_dnssec_rrs *rrs;
+	ldns_rr_type type;
+	ldns_dnssec_rrs *signatures;
+	ldns_dnssec_rrsets *next;
+};
+
+/**
+ * Structure containing all resource records for a domain name
+ * Including the derived NSEC3, if present
+ */
+typedef struct ldns_struct_dnssec_name ldns_dnssec_name;
+struct ldns_struct_dnssec_name
+{
+	/**
+	 * pointer to a dname containing the name.
+	 * Usually points to the owner name of the first RR of the first RRset
+	 */
+	ldns_rdf *name;
+	/** 
+	 * Usually, the name is a pointer to the owner name of the first rr for
+	 * this name, but sometimes there is no actual data to point to, 
+	 * for instance in
+	 * names representing empty nonterminals. If so, set alloced to true to
+	 * indicate that this data must also be freed when the name is freed
+	 */
+	bool name_alloced;
+	/**
+	 * The rrsets for this name
+	 */
+	ldns_dnssec_rrsets *rrsets;
+	/**
+	 * NSEC pointing to the next name (or NSEC3 pointing to the next NSEC3)
+	 */
+	ldns_rr *nsec;
+	/**
+	 * signatures for the NSEC record
+	 */
+	ldns_dnssec_rrs *nsec_signatures;
+	/**
+	 * Unlike what the name is_glue suggests, this field is set to true by
+	 * ldns_dnssec_zone_mark_glue() or ldns_dnssec_zone_mark_and_get_glue()
+	 * when the name, this dnssec_name struct represents, is occluded.
+	 * Names that contain other occluded rrsets and records with glue on
+	 * the delegation point will NOT have this bool set to true.
+	 * This field should NOT be read directly, but only via the 
+	 * ldns_dnssec_name_is_glue() function!
+	 */
+	bool is_glue;
+	/**
+	 * pointer to store the hashed name (only used when in an NSEC3 zone
+	 */
+	ldns_rdf *hashed_name;
+};
+
+/**
+ * Structure containing a dnssec zone
+ */
+struct ldns_struct_dnssec_zone {
+	/** points to the name containing the SOA RR */
+	ldns_dnssec_name *soa;
+	/** tree of ldns_dnssec_names */
+	ldns_rbtree_t *names;
+};
+typedef struct ldns_struct_dnssec_zone ldns_dnssec_zone;
+
+/**
+ * Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs
+ * \return the allocated data
+ */
+ldns_dnssec_rrs *ldns_dnssec_rrs_new();
+
+/**
+ * Frees the list of rrs, but *not* the individual ldns_rr records
+ * contained in the list
+ * 
+ * \param[in] rrs the data structure to free
+ */
+void ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs);
+
+/**
+ * Frees the list of rrs, and the individual ldns_rr records
+ * contained in the list
+ * 
+ * \param[in] rrs the data structure to free
+ */
+void ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs);
+
+/**
+ * Adds an RR to the list of RRs. The list will remain ordered
+ *
+ * \param[in] rrs the list to add to
+ * \param[in] rr the RR to add
+ * \return LDNS_STATUS_OK on success
+ */
+ldns_status ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr);
+
+/**
+ * Prints the given rrs to the file descriptor
+ *
+ * \param[in] out the file descriptor to print to
+ * \param[in] rrs the list of RRs to print
+ */
+void ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs);
+
+/**
+ * Prints the given rrs to the file descriptor
+ *
+ * \param[in] out the file descriptor to print to
+ * \param[in] fmt the format of the textual representation
+ * \param[in] rrs the list of RRs to print
+ */
+void ldns_dnssec_rrs_print_fmt(FILE *out, 
+		const ldns_output_format *fmt, ldns_dnssec_rrs *rrs);
+
+/**
+ * Creates a new list (entry) of RRsets
+ * \return the newly allocated structure
+ */
+ldns_dnssec_rrsets *ldns_dnssec_rrsets_new();
+
+/**
+ * Frees the list of rrsets and their rrs, but *not* the ldns_rr
+ * records in the sets
+ *
+ * \param[in] rrsets the data structure to free
+ */
+void ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets);
+
+/**
+ * Frees the list of rrsets and their rrs, and the ldns_rr
+ * records in the sets
+ *
+ * \param[in] rrsets the data structure to free
+ */
+void ldns_dnssec_rrsets_deep_free(ldns_dnssec_rrsets *rrsets);
+
+/**
+ * Returns the rr type of the rrset (that is head of the given list)
+ *
+ * \param[in] rrsets the rrset to get the type of
+ * \return the rr type
+ */
+ldns_rr_type ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets);
+
+/**
+ * Sets the RR type of the rrset (that is head of the given list)
+ *
+ * \param[in] rrsets the rrset to set the type of
+ * \param[in] type the type to set
+ * \return LDNS_STATUS_OK on success
+ */
+ldns_status ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets,
+					   ldns_rr_type type);
+
+/**
+ * Add an ldns_rr to the corresponding RRset in the given list of RRsets.
+ * If it is not present, add it as a new RRset with 1 record.
+ *
+ * \param[in] rrsets the list of rrsets to add the RR to
+ * \param[in] rr the rr to add to the list of rrsets
+ * \return LDNS_STATUS_OK on success
+ */
+ldns_status ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr);
+
+/**
+ * Print the given list of rrsets to the fiven file descriptor
+ * 
+ * \param[in] out the file descriptor to print to
+ * \param[in] rrsets the list of RRsets to print
+ * \param[in] follow if set to false, only print the first RRset
+ */ 
+void ldns_dnssec_rrsets_print(FILE *out,
+		ldns_dnssec_rrsets *rrsets,
+		bool follow);
+
+/**
+ * Print the given list of rrsets to the fiven file descriptor
+ * 
+ * \param[in] out the file descriptor to print to
+ * \param[in] fmt the format of the textual representation
+ * \param[in] rrsets the list of RRsets to print
+ * \param[in] follow if set to false, only print the first RRset
+ */ 
+void ldns_dnssec_rrsets_print_fmt(FILE *out,
+		const ldns_output_format *fmt,
+		ldns_dnssec_rrsets *rrsets,
+		bool follow);
+
+
+/**
+ * Create a new data structure for a dnssec name
+ * \return the allocated structure
+ */
+ldns_dnssec_name *ldns_dnssec_name_new();
+
+/**
+ * Create a new data structure for a dnssec name for the given RR
+ *
+ * \param[in] rr the RR to derive properties from, and to add to the name
+ */
+ldns_dnssec_name *ldns_dnssec_name_new_frm_rr(ldns_rr *rr);
+
+/**
+ * Frees the name structure and its rrs and rrsets.
+ * Individual ldns_rr records therein are not freed
+ *
+ * \param[in] name the structure to free
+ */
+void ldns_dnssec_name_free(ldns_dnssec_name *name);
+
+/**
+ * Frees the name structure and its rrs and rrsets.
+ * Individual ldns_rr records contained in the name are also freed
+ *
+ * \param[in] name the structure to free
+ */
+void ldns_dnssec_name_deep_free(ldns_dnssec_name *name);
+
+/**
+ * Returns the domain name of the given dnssec_name structure
+ *
+ * \param[in] name the dnssec name to get the domain name from
+ * \return the domain name
+ */
+ldns_rdf *ldns_dnssec_name_name(ldns_dnssec_name *name);
+
+
+/**
+ * Sets the domain name of the given dnssec_name structure
+ *
+ * \param[in] name the dnssec name to set the domain name of
+ * \param[in] dname the domain name to set it to. This data is *not* copied.
+ */
+void ldns_dnssec_name_set_name(ldns_dnssec_name *name,
+						 ldns_rdf *dname);
+/**
+ * Returns if dnssec_name structure is marked as glue.
+ * The ldns_dnssec_zone_mark_glue() function has to be called on a zone before
+ * using this function.
+ * Only names that have only glue rrsets will be marked.
+ * Names that have other occluded rrsets and names containing glue on the 
+ * delegation point will NOT be marked!
+ *
+ * \param[in] name the dnssec name to get the domain name from
+ * \return true if the structure is marked as glue, false otherwise.
+ */
+bool ldns_dnssec_name_is_glue(ldns_dnssec_name *name);
+
+/**
+ * Sets the NSEC(3) RR of the given dnssec_name structure
+ *
+ * \param[in] name the dnssec name to set the domain name of
+ * \param[in] nsec the nsec rr to set it to. This data is *not* copied.
+ */
+void ldns_dnssec_name_set_nsec(ldns_dnssec_name *name, ldns_rr *nsec);
+
+/**
+ * Compares the domain names of the two arguments in their
+ * canonical ordening.
+ * 
+ * \param[in] a The first dnssec_name to compare
+ * \param[in] b The second dnssec_name to compare
+ * \return -1 if the domain name of a comes before that of b in canonical
+ *            ordening, 1 if it is the other way around, and 0 if they are
+ *            equal
+ */
+int ldns_dnssec_name_cmp(const void *a, const void *b);
+
+/**
+ * Inserts the given rr at the right place in the current dnssec_name
+ * No checking is done whether the name matches
+ *
+ * \param[in] name The ldns_dnssec_name to add the RR to
+ * \param[in] rr The RR to add
+ * \return LDNS_STATUS_OK on success, error code otherwise
+ */
+ldns_status ldns_dnssec_name_add_rr(ldns_dnssec_name *name,
+							 ldns_rr *rr);
+
+/**
+ * Find the RRset with the given type in within this name structure
+ *
+ * \param[in] name the name to find the RRset in
+ * \param[in] type the type of the RRset to find
+ * \return the RRset, or NULL if not present
+ */
+ldns_dnssec_rrsets *ldns_dnssec_name_find_rrset(ldns_dnssec_name *name,
+									   ldns_rr_type type);
+
+/**
+ * Find the RRset with the given name and type in the zone
+ *
+ * \param[in] zone the zone structure to find the RRset in
+ * \param[in] dname the domain name of the RRset to find
+ * \param[in] type the type of the RRset to find
+ * \return the RRset, or NULL if not present
+ */
+ldns_dnssec_rrsets *ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone,
+									   ldns_rdf *dname,
+									   ldns_rr_type type);
+
+/**
+ * Prints the RRs in the  dnssec name structure to the given
+ * file descriptor
+ *
+ * \param[in] out the file descriptor to print to
+ * \param[in] name the name structure to print the contents of
+ */
+void ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name);
+
+/**
+ * Prints the RRs in the  dnssec name structure to the given
+ * file descriptor
+ *
+ * \param[in] out the file descriptor to print to
+ * \param[in] fmt the format of the textual representation
+ * \param[in] name the name structure to print the contents of
+ */
+void ldns_dnssec_name_print_fmt(FILE *out, 
+		const ldns_output_format *fmt, ldns_dnssec_name *name);
+
+/**
+ * Creates a new dnssec_zone structure
+ * \return the allocated structure
+ */
+ldns_dnssec_zone *ldns_dnssec_zone_new();
+
+/**
+ * Frees the given zone structure, and its rbtree of dnssec_names
+ * Individual ldns_rr RRs within those names are *not* freed
+ * \param[in] *zone the zone to free
+ */ 
+void ldns_dnssec_zone_free(ldns_dnssec_zone *zone);
+
+/**
+ * Frees the given zone structure, and its rbtree of dnssec_names
+ * Individual ldns_rr RRs within those names are also freed
+ * \param[in] *zone the zone to free
+ */ 
+void ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone);
+
+/**
+ * Adds the given RR to the zone.
+ * It find whether there is a dnssec_name with that name present.
+ * If so, add it to that, if not create a new one. 
+ * Special handling of NSEC and RRSIG provided
+ *
+ * \param[in] zone the zone to add the RR to
+ * \param[in] rr The RR to add
+ * \return LDNS_STATUS_OK on success, an error code otherwise
+ */
+ldns_status ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone,
+							 ldns_rr *rr);
+
+/**
+ * Prints the rbtree of ldns_dnssec_name structures to the file descriptor
+ *
+ * \param[in] out the file descriptor to print the names to
+ * \param[in] tree the tree of ldns_dnssec_name structures to print
+ * \param[in] print_soa if true, print SOA records, if false, skip them
+ */
+void ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa);
+
+/**
+ * Prints the rbtree of ldns_dnssec_name structures to the file descriptor
+ *
+ * \param[in] out the file descriptor to print the names to
+ * \param[in] fmt the format of the textual representation
+ * \param[in] tree the tree of ldns_dnssec_name structures to print
+ * \param[in] print_soa if true, print SOA records, if false, skip them
+ */
+void ldns_dnssec_zone_names_print_fmt(FILE *out, const ldns_output_format *fmt,
+		ldns_rbtree_t *tree, bool print_soa);
+
+/**
+ * Prints the complete zone to the given file descriptor
+ *
+ * \param[in] out the file descriptor to print to
+ * \param[in] zone the dnssec_zone to print
+ */
+void ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone);
+
+/**
+ * Prints the complete zone to the given file descriptor
+ *
+ * \param[in] out the file descriptor to print to
+ * \param[in] fmt the format of the textual representation
+ * \param[in] zone the dnssec_zone to print
+ */
+void ldns_dnssec_zone_print_fmt(FILE *out, 
+		const ldns_output_format *fmt, ldns_dnssec_zone *zone);
+
+/**
+ * Adds explicit dnssec_name structures for the empty nonterminals
+ * in this zone. (this is needed for NSEC3 generation)
+ *
+ * \param[in] zone the zone to check for empty nonterminals
+ * return LDNS_STATUS_OK on success.
+ */
+ldns_status ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/3rdParty/Ldns/src/include/ldns/error.h b/3rdParty/Ldns/src/include/ldns/error.h
new file mode 100644
index 0000000..99d4f0b
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/error.h
@@ -0,0 +1,121 @@
+/**
+ * \file error.h
+ *
+ * Defines error numbers and functions to translate those to a readable string.
+ *
+ */
+ 
+/**
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2005-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+#ifndef LDNS_ERROR_H
+#define LDNS_ERROR_H
+
+#include <ldns/util.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+enum ldns_enum_status {
+	LDNS_STATUS_OK,	
+	LDNS_STATUS_EMPTY_LABEL,
+	LDNS_STATUS_LABEL_OVERFLOW,
+	LDNS_STATUS_DOMAINNAME_OVERFLOW,
+	LDNS_STATUS_DOMAINNAME_UNDERFLOW,
+	LDNS_STATUS_DDD_OVERFLOW,
+	LDNS_STATUS_PACKET_OVERFLOW,
+	LDNS_STATUS_INVALID_POINTER,
+	LDNS_STATUS_MEM_ERR,
+	LDNS_STATUS_INTERNAL_ERR,
+	LDNS_STATUS_SSL_ERR,
+	LDNS_STATUS_ERR,
+	LDNS_STATUS_INVALID_INT,
+	LDNS_STATUS_INVALID_IP4,
+	LDNS_STATUS_INVALID_IP6,
+	LDNS_STATUS_INVALID_STR,
+	LDNS_STATUS_INVALID_B32_EXT,
+	LDNS_STATUS_INVALID_B64,
+	LDNS_STATUS_INVALID_HEX,
+	LDNS_STATUS_INVALID_TIME,
+	LDNS_STATUS_NETWORK_ERR,
+	LDNS_STATUS_ADDRESS_ERR,
+	LDNS_STATUS_FILE_ERR,
+	LDNS_STATUS_UNKNOWN_INET,
+	LDNS_STATUS_NOT_IMPL,
+	LDNS_STATUS_NULL,
+	LDNS_STATUS_CRYPTO_UNKNOWN_ALGO, 
+	LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL, 	
+	LDNS_STATUS_CRYPTO_NO_RRSIG,
+	LDNS_STATUS_CRYPTO_NO_DNSKEY,
+	LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY,
+	LDNS_STATUS_CRYPTO_NO_DS,
+	LDNS_STATUS_CRYPTO_NO_TRUSTED_DS,
+	LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY,
+	LDNS_STATUS_CRYPTO_VALIDATED,
+	LDNS_STATUS_CRYPTO_BOGUS,
+	LDNS_STATUS_CRYPTO_SIG_EXPIRED,
+	LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED,
+	LDNS_STATUS_CRYPTO_TSIG_BOGUS,
+	LDNS_STATUS_CRYPTO_TSIG_ERR,
+	LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION,
+	LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR,
+	LDNS_STATUS_ENGINE_KEY_NOT_LOADED,
+	LDNS_STATUS_NSEC3_ERR,
+	LDNS_STATUS_RES_NO_NS,
+	LDNS_STATUS_RES_QUERY,
+	LDNS_STATUS_WIRE_INCOMPLETE_HEADER,
+	LDNS_STATUS_WIRE_INCOMPLETE_QUESTION,
+	LDNS_STATUS_WIRE_INCOMPLETE_ANSWER,
+	LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY,
+	LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL,
+	LDNS_STATUS_NO_DATA,
+	LDNS_STATUS_CERT_BAD_ALGORITHM,
+	LDNS_STATUS_SYNTAX_TYPE_ERR,
+	LDNS_STATUS_SYNTAX_CLASS_ERR,
+	LDNS_STATUS_SYNTAX_TTL_ERR,
+	LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL,
+	LDNS_STATUS_SYNTAX_RDATA_ERR,
+	LDNS_STATUS_SYNTAX_DNAME_ERR,
+	LDNS_STATUS_SYNTAX_VERSION_ERR,
+	LDNS_STATUS_SYNTAX_ALG_ERR,
+	LDNS_STATUS_SYNTAX_KEYWORD_ERR,
+	LDNS_STATUS_SYNTAX_TTL,
+	LDNS_STATUS_SYNTAX_ORIGIN,
+	LDNS_STATUS_SYNTAX_INCLUDE,
+	LDNS_STATUS_SYNTAX_EMPTY,
+	LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW,
+	LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR,
+	LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW,
+	LDNS_STATUS_SYNTAX_BAD_ESCAPE,
+	LDNS_STATUS_SOCKET_ERROR,
+	LDNS_STATUS_SYNTAX_ERR,
+	LDNS_STATUS_DNSSEC_EXISTENCE_DENIED,
+	LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED,
+	LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED,
+	LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND,
+	LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG,
+	LDNS_STATUS_MISSING_RDATA_FIELDS_KEY
+};
+typedef enum ldns_enum_status ldns_status;
+
+extern ldns_lookup_table ldns_error_str[];
+
+/**
+ * look up a descriptive text by each error. This function
+ * could use a better name
+ * \param[in] err ldns_status number
+ * \return the string for that error
+ */
+const char *ldns_get_errorstr_by_id(ldns_status err);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDNS_ERROR_H */
diff --git a/3rdParty/Ldns/src/include/ldns/higher.h b/3rdParty/Ldns/src/include/ldns/higher.h
new file mode 100644
index 0000000..597e134
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/higher.h
@@ -0,0 +1,113 @@
+/**
+ * \file higher.h
+ *
+ * Specifies some higher level functions that could
+ * be useful for certain applications
+ */
+
+/*
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2005-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+#ifndef LDNS_HIGHER_H
+#define LDNS_HIGHER_H
+
+#include <ldns/resolver.h>
+#include <ldns/rdata.h>
+#include <ldns/rr.h>
+#include <ldns/host2str.h>
+#include <ldns/tsig.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Ask the resolver about name
+ * and return all address records
+ * \param[in] r the resolver to use
+ * \param[in] name the name to look for
+ * \param[in] c the class to use
+ * \param[in] flags give some optional flags to the query
+ */
+ldns_rr_list *ldns_get_rr_list_addr_by_name(ldns_resolver *r, ldns_rdf *name, ldns_rr_class c, uint16_t flags);
+
+/**
+ * ask the resolver about the address
+ * and return the name
+ * \param[in] r the resolver to use
+ * \param[in] addr the addr to look for
+ * \param[in] c the class to use
+ * \param[in] flags give some optional flags to the query
+ */
+ldns_rr_list *ldns_get_rr_list_name_by_addr(ldns_resolver *r, ldns_rdf *addr, ldns_rr_class c, uint16_t flags);
+
+/**
+ * wade through fp (a /etc/hosts like file)
+ * and return a rr_list containing all the 
+ * defined hosts in there
+ * \param[in] fp the file pointer to use
+ * \return ldns_rr_list * with the names
+ */
+ldns_rr_list *ldns_get_rr_list_hosts_frm_fp(FILE *fp);
+
+/**
+ * wade through fp (a /etc/hosts like file)
+ * and return a rr_list containing all the 
+ * defined hosts in there
+ * \param[in] fp the file pointer to use
+ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+ * \return ldns_rr_list * with the names
+ */
+ldns_rr_list *ldns_get_rr_list_hosts_frm_fp_l(FILE *fp, int *line_nr);
+
+/**
+ * wade through fp (a /etc/hosts like file)
+ * and return a rr_list containing all the 
+ * defined hosts in there
+ * \param[in] filename the filename to use (NULL for /etc/hosts)
+ * \return ldns_rr_list * with the names
+ */
+ldns_rr_list *ldns_get_rr_list_hosts_frm_file(char *filename);
+
+/**
+ * This function is a wrapper function for ldns_get_rr_list_name_by_addr
+ * and ldns_get_rr_list_addr_by_name. It's name is from the getaddrinfo() 
+ * library call. It tries to mimic that call, but without the lowlevel
+ * stuff.
+ * \param[in] res The resolver. If this value is NULL then a resolver will
+ * be created by ldns_getaddrinfo.
+ * \param[in] node the name or ip address to look up
+ * \param[in] c the class to look in
+ * \param[out] list put the found RR's in this list
+ * \return the number of RR found.
+ */
+uint16_t ldns_getaddrinfo(ldns_resolver *res, ldns_rdf *node, ldns_rr_class c, ldns_rr_list **list);
+
+/**
+ * Check if t is enumerated in the nsec type rdata
+ * \param[in] nsec the NSEC Record to look in
+ * \param[in] t the type to check for
+ * \return true when t is found, otherwise return false
+ */
+bool ldns_nsec_type_check(ldns_rr *nsec, ldns_rr_type t);
+
+/**
+ * Print a number of rdf's of the RR. The rdfnum-list must 
+ * be ended by -1, otherwise unpredictable things might happen.
+ * rdfs may be printed multiple times
+ * \param[in] fp FILE * to write to
+ * \param[in] r RR to write
+ * \param[in] rdfnum a list of rdf to print.
+ */
+void ldns_print_rr_rdf(FILE *fp, ldns_rr *r, int rdfnum, ...);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDNS_HIGHER_H */
diff --git a/3rdParty/Ldns/src/include/ldns/host2str.h b/3rdParty/Ldns/src/include/ldns/host2str.h
new file mode 100644
index 0000000..f0a14a4
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/host2str.h
@@ -0,0 +1,759 @@
+/**
+ * host2str.h -  txt presentation of RRs
+ *
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2005-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+/**
+ * \file
+ *
+ * Contains functions to translate the main structures to their text
+ * representation, as well as functions to print them.
+ */
+
+#ifndef LDNS_HOST2STR_H
+#define LDNS_HOST2STR_H
+
+#include <ldns/common.h>
+#include <ldns/error.h>
+#include <ldns/rr.h>
+#include <ldns/rdata.h>
+#include <ldns/packet.h>
+#include <ldns/buffer.h>
+#include <ldns/resolver.h>
+#include <ldns/zone.h>
+#include <ctype.h>
+
+#include "ldns/util.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define LDNS_APL_IP4            1
+#define LDNS_APL_IP6            2
+#define LDNS_APL_MASK           0x7f
+#define LDNS_APL_NEGATION       0x80
+
+/** 
+ * Represent a NULL pointer (in stead of a pointer to a ldns_rr as "; (null)" 
+ * as opposed to outputting nothing at all in such a case.
+ */
+#define LDNS_COMMENT_NULLS		0x0001
+/** Show key id with DNSKEY RR's as comment */
+#define LDNS_COMMENT_KEY_ID		0x0002
+/** Show if a DNSKEY is a ZSK or KSK as comment */
+#define LDNS_COMMENT_KEY_TYPE		0x0004
+/** Show DNSKEY key size as comment */
+#define LDNS_COMMENT_KEY_SIZE		0x0008
+/** Show key id, type and size as comment for DNSKEY RR's */
+#define LDNS_COMMENT_KEY		(LDNS_COMMENT_KEY_ID  \
+					|LDNS_COMMENT_KEY_TYPE\
+					|LDNS_COMMENT_KEY_SIZE)
+/** Provide bubblebabble representation for DS RR's as comment */
+#define LDNS_COMMENT_BUBBLEBABBLE	0x0010
+/** Show when a NSEC3 RR has the optout flag set as comment */
+#define LDNS_COMMENT_FLAGS		0x0020
+/** Show the unhashed owner and next owner names for NSEC3 RR's as comment */
+#define LDNS_COMMENT_NSEC3_CHAIN	0x0040
+/** Print mark up */
+#define LDNS_COMMENT_LAYOUT		0x0080
+/** Also comment KEY_ID with RRSIGS **/
+#define LDNS_COMMENT_RRSIGS		0x0100
+
+/**
+ * Output format specifier
+ *
+ * Determines how Packets, Resource Records and Resource record data fiels are
+ * formatted when printing or converting to string.
+ * Currently it is only used to specify what aspects of a Resource Record are
+ * annotated in the comment section of the textual representation the record.
+ * This is speciefed with flags and potential exra data (such as for example
+ * a lookup map of hashes to real names for annotation NSEC3 records).
+ */
+struct ldns_struct_output_format
+{
+	/** Specification of how RR's should be formatted in text */
+	int   flags;
+	/** Potential extra data to be used with formatting RR's in text */
+	void *data;
+};
+typedef struct ldns_struct_output_format ldns_output_format;
+
+/**
+ * Standard output format record that disables commenting in the textual 
+ * representation of Resource Records completely.
+ */
+extern const ldns_output_format *ldns_output_format_nocomments;
+/**
+ * Standard output format record that annotated only DNSKEY RR's with commenti
+ * text.
+ */
+extern const ldns_output_format *ldns_output_format_onlykeyids;
+/**
+ * The default output format record. Same as ldns_output_format_onlykeyids.
+ */
+extern const ldns_output_format *ldns_output_format_default;
+/**
+ * Standard output format record that shows all DNSKEY related information in
+ * the comment text, plus the optout flag when set with NSEC3's, plus the
+ * bubblebabble representation of DS RR's.
+ */
+extern const ldns_output_format *ldns_output_format_bubblebabble;
+
+/**
+ * Converts an ldns packet opcode value to its mnemonic, and adds that
+ * to the output buffer
+ * \param[in] *output the buffer to add the data to
+ * \param[in] opcode to find the string representation of
+ * \return LDNS_STATUS_OK on success, or a buffer failure mode on error
+ */
+ldns_status
+ldns_pkt_opcode2buffer_str(ldns_buffer *output, ldns_pkt_opcode opcode);
+
+/**
+ * Converts an ldns packet rcode value to its mnemonic, and adds that
+ * to the output buffer
+ * \param[in] *output the buffer to add the data to
+ * \param[in] rcode to find the string representation of
+ * \return LDNS_STATUS_OK on success, or a buffer failure mode on error
+ */
+ldns_status
+ldns_pkt_rcode2buffer_str(ldns_buffer *output, ldns_pkt_rcode rcode);
+
+/**
+ * Converts an ldns algorithm type to its mnemonic, and adds that
+ * to the output buffer
+ * \param[in] *output the buffer to add the data to
+ * \param[in] algorithm to find the string representation of
+ * \return LDNS_STATUS_OK on success, or a buffer failure mode on error
+ */
+ldns_status
+ldns_algorithm2buffer_str(ldns_buffer *output,
+                          ldns_algorithm algorithm);
+
+/**
+ * Converts an ldns certificate algorithm type to its mnemonic, 
+ * and adds that to the output buffer
+ * \param[in] *output the buffer to add the data to
+ * \param[in] cert_algorithm to find the string representation of
+ * \return LDNS_STATUS_OK on success, or a buffer failure mode on error
+ */
+ldns_status
+ldns_cert_algorithm2buffer_str(ldns_buffer *output,
+                               ldns_cert_algorithm cert_algorithm);
+
+
+/**
+ * Converts a packet opcode to its mnemonic and returns that as
+ * an allocated null-terminated string.
+ * Remember to free it.
+ *
+ * \param[in] opcode the opcode to convert to text
+ * \return null terminated char * data, or NULL on error
+ */
+char *ldns_pkt_opcode2str(ldns_pkt_opcode opcode);
+
+/**
+ * Converts a packet rcode to its mnemonic and returns that as
+ * an allocated null-terminated string.
+ * Remember to free it.
+ *
+ * \param[in] rcode the rcode to convert to text
+ * \return null terminated char * data, or NULL on error
+ */
+char *ldns_pkt_rcode2str(ldns_pkt_rcode rcode);
+
+/**
+ * Converts a signing algorithms to its mnemonic and returns that as
+ * an allocated null-terminated string.
+ * Remember to free it.
+ *
+ * \param[in] algorithm the algorithm to convert to text
+ * \return null terminated char * data, or NULL on error
+ */
+char *ldns_pkt_algorithm2str(ldns_algorithm algorithm);
+
+/**
+ * Converts a cert algorithm to its mnemonic and returns that as
+ * an allocated null-terminated string.
+ * Remember to free it.
+ *
+ * \param[in] cert_algorithm to convert to text
+ * \return null terminated char * data, or NULL on error
+ */
+char *ldns_pkt_cert_algorithm2str(ldns_cert_algorithm cert_algorithm);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_A rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_a(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_AAAA rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_aaaa(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_STR rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_str(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_B64 rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_b64(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_B32_EXT rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_b32_ext(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_HEX rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_hex(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_TYPE rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_type(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_CLASS rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_class(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_ALG rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_alg(ldns_buffer *output, const ldns_rdf *rdf);
+
+/**
+ * Converts an ldns_rr_type value to its string representation,
+ * and places it in the given buffer
+ * \param[in] *output The buffer to add the data to
+ * \param[in] type the ldns_rr_type to convert
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rr_type2buffer_str(ldns_buffer *output,
+                                    const ldns_rr_type type);
+
+/**
+ * Converts an ldns_rr_type value to its string representation,
+ * and returns that string. For unknown types, the string
+ * "TYPE<id>" is returned. This function allocates data that must be
+ * freed by the caller
+ * \param[in] type the ldns_rr_type to convert
+ * \return a newly allocated string
+ */
+char *ldns_rr_type2str(const ldns_rr_type type);
+
+/**
+ * Converts an ldns_rr_class value to its string representation,
+ * and places it in the given buffer
+ * \param[in] *output The buffer to add the data to
+ * \param[in] klass the ldns_rr_class to convert
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rr_class2buffer_str(ldns_buffer *output,
+                                     const ldns_rr_class klass);
+
+/**
+ * Converts an ldns_rr_class value to its string representation,
+ * and returns that string. For unknown types, the string
+ * "CLASS<id>" is returned. This function allocates data that must be
+ * freed by the caller
+ * \param[in] klass the ldns_rr_class to convert
+ * \return a newly allocated string
+ */
+char *ldns_rr_class2str(const ldns_rr_class klass);
+
+
+/** 
+ * Converts an LDNS_RDF_TYPE_CERT rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_cert_alg(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_LOC rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_loc(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_UNKNOWN rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_unknown(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_NSAP rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_nsap(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_ATMA rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_atma(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_WKS rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_wks(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_NSEC rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_nsec(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_PERIOD rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_period(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_TSIGTIME rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_tsigtime(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_APL rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_apl(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_INT16_DATA rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_int16_data(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_IPSECKEY rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_TSIG rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_tsig(ldns_buffer *output, const ldns_rdf *rdf);
+
+
+/**
+ * Converts the data in the rdata field to presentation
+ * format (as char *) and appends it to the given buffer
+ *
+ * \param[in] output pointer to the buffer to append the data to
+ * \param[in] rdf the pointer to the rdafa field containing the data
+ * \return status
+ */
+ldns_status ldns_rdf2buffer_str(ldns_buffer *output, const ldns_rdf *rdf);
+
+/**
+ * Converts the data in the resource record to presentation
+ * format (as char *) and appends it to the given buffer.
+ * The presentation format of DNSKEY record is annotated with comments giving
+ * the id, type and size of the key.
+ *
+ * \param[in] output pointer to the buffer to append the data to
+ * \param[in] rr the pointer to the rr field to convert
+ * \return status
+ */
+ldns_status ldns_rr2buffer_str(ldns_buffer *output, const ldns_rr *rr);
+
+/**
+ * Converts the data in the resource record to presentation
+ * format (as char *) and appends it to the given buffer.
+ * The presentation format is annotated with comments giving
+ * additional information on the record.
+ *
+ * \param[in] output pointer to the buffer to append the data to
+ * \param[in] fmt how to format the textual representation of the 
+ *            resource record.
+ * \param[in] rr the pointer to the rr field to convert
+ * \return status
+ */
+ldns_status ldns_rr2buffer_str_fmt(ldns_buffer *output, 
+		const ldns_output_format *fmt, const ldns_rr *rr);
+
+/**
+ * Converts the data in the DNS packet to presentation
+ * format (as char *) and appends it to the given buffer
+ *
+ * \param[in] output pointer to the buffer to append the data to
+ * \param[in] pkt the pointer to the packet to convert
+ * \return status
+ */
+ldns_status ldns_pkt2buffer_str(ldns_buffer *output, const ldns_pkt *pkt);
+
+/**
+ * Converts the data in the DNS packet to presentation
+ * format (as char *) and appends it to the given buffer
+ *
+ * \param[in] output pointer to the buffer to append the data to
+ * \param[in] fmt how to format the textual representation of the packet
+ * \param[in] pkt the pointer to the packet to convert
+ * \return status
+ */
+ldns_status ldns_pkt2buffer_str_fmt(ldns_buffer *output,
+		const ldns_output_format *fmt, const ldns_pkt *pkt);
+
+/** 
+ * Converts an LDNS_RDF_TYPE_NSEC3_SALT rdata element to string format and adds it to the output buffer 
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_nsec3_salt(ldns_buffer *output, const ldns_rdf *rdf);
+
+
+/**
+ * Converts the data in the DNS packet to presentation
+ * format (as char *) and appends it to the given buffer
+ *
+ * \param[in] output pointer to the buffer to append the data to
+ * \param[in] k the pointer to the private key to convert
+ * \return status
+ */
+ldns_status ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k);
+
+/**
+ * Converts an LDNS_RDF_TYPE_INT8 rdata element to string format and adds it to the output buffer
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_int8(ldns_buffer *output, const ldns_rdf *rdf);
+
+/**
+ * Converts an LDNS_RDF_TYPE_INT16 rdata element to string format and adds it to the output buffer
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_int16(ldns_buffer *output, const ldns_rdf *rdf);
+
+/**
+ * Converts an LDNS_RDF_TYPE_INT32 rdata element to string format and adds it to the output buffer
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_int32(ldns_buffer *output, const ldns_rdf *rdf);
+
+/**
+ * Converts an LDNS_RDF_TYPE_TIME rdata element to string format and adds it to the output buffer
+ * \param[in] *rdf The rdata to convert
+ * \param[in] *output The buffer to add the data to
+ * \return LDNS_STATUS_OK on success, and error status on failure
+ */
+ldns_status ldns_rdf2buffer_str_time(ldns_buffer *output, const ldns_rdf *rdf);
+
+/**
+ * Converts the data in the rdata field to presentation format and
+ * returns that as a char *.
+ * Remember to free it.
+ *
+ * \param[in] rdf The rdata field to convert
+ * \return null terminated char * data, or NULL on error
+ */
+char *ldns_rdf2str(const ldns_rdf *rdf);
+
+/**
+ * Converts the data in the resource record to presentation format and
+ * returns that as a char *.
+ * Remember to free it.
+ *
+ * \param[in] rr The rdata field to convert
+ * \return null terminated char * data, or NULL on error
+ */
+char *ldns_rr2str(const ldns_rr *rr);
+
+/**
+ * Converts the data in the resource record to presentation format and
+ * returns that as a char *.
+ * Remember to free it.
+ *
+ * \param[in] fmt how to format the resource record
+ * \param[in] rr The rdata field to convert
+ * \return null terminated char * data, or NULL on error
+ */
+char *ldns_rr2str_fmt(const ldns_output_format *fmt, const ldns_rr *rr);
+
+/**
+ * Converts the data in the DNS packet to presentation format and
+ * returns that as a char *.
+ * Remember to free it.
+ *
+ * \param[in] pkt The rdata field to convert
+ * \return null terminated char * data, or NULL on error
+ */
+char *ldns_pkt2str(const ldns_pkt *pkt);
+
+/**
+ * Converts the data in the DNS packet to presentation format and
+ * returns that as a char *.
+ * Remember to free it.
+ *
+ * \param[in] fmt how to format the packet
+ * \param[in] pkt The rdata field to convert
+ * \return null terminated char * data, or NULL on error
+ */
+char *ldns_pkt2str_fmt(const ldns_output_format *fmt, const ldns_pkt *pkt);
+
+/**
+ * Converts a private key to the test presentation fmt and
+ * returns that as a char *.
+ * Remember to free it.
+ *
+ * \param[in] k the key to convert to text
+ * \return null terminated char * data, or NULL on error
+ */
+char *ldns_key2str(const ldns_key *k);
+
+/**
+ * Converts a list of resource records to presentation format
+ * and returns that as a char *.
+ * Remember to free it.
+ *
+ * \param[in] rr_list the rr_list to convert to text
+ * \return null terminated char * data, or NULL on error
+ */
+char *ldns_rr_list2str(const ldns_rr_list *rr_list);
+
+/**
+ * Converts a list of resource records to presentation format
+ * and returns that as a char *.
+ * Remember to free it.
+ *
+ * \param[in] fmt how to format the list of resource records
+ * \param[in] rr_list the rr_list to convert to text
+ * \return null terminated char * data, or NULL on error
+ */
+char *ldns_rr_list2str_fmt(
+		const ldns_output_format *fmt, const ldns_rr_list *rr_list);
+
+/**
+ * Returns the data in the buffer as a null terminated char * string
+ * Buffer data must be char * type, and must be freed by the caller
+ *
+ * \param[in] buffer buffer containing char * data
+ * \return null terminated char * data, or NULL on error
+ */
+char *ldns_buffer2str(ldns_buffer *buffer);
+
+/**
+ * Prints the data in the rdata field to the given file stream
+ * (in presentation format)
+ *
+ * \param[in] output the file stream to print to
+ * \param[in] rdf the rdata field to print
+ * \return void
+ */
+void ldns_rdf_print(FILE *output, const ldns_rdf *rdf);
+
+/**
+ * Prints the data in the resource record to the given file stream
+ * (in presentation format)
+ *
+ * \param[in] output the file stream to print to
+ * \param[in] rr the resource record to print
+ * \return void
+ */
+void ldns_rr_print(FILE *output, const ldns_rr *rr);
+
+/**
+ * Prints the data in the resource record to the given file stream
+ * (in presentation format)
+ *
+ * \param[in] output the file stream to print to
+ * \param[in] fmt format of the textual representation
+ * \param[in] rr the resource record to print
+ * \return void
+ */
+void ldns_rr_print_fmt(FILE *output, 
+		const ldns_output_format *fmt, const ldns_rr *rr);
+
+/**
+ * Prints the data in the DNS packet to the given file stream
+ * (in presentation format)
+ *
+ * \param[in] output the file stream to print to
+ * \param[in] pkt the packet to print
+ * \return void
+ */
+void ldns_pkt_print(FILE *output, const ldns_pkt *pkt);
+
+/**
+ * Prints the data in the DNS packet to the given file stream
+ * (in presentation format)
+ *
+ * \param[in] output the file stream to print to
+ * \param[in] fmt format of the textual representation
+ * \param[in] pkt the packet to print
+ * \return void
+ */
+void ldns_pkt_print_fmt(FILE *output, 
+		const ldns_output_format *fmt, const ldns_pkt *pkt);
+
+/**
+ * Converts a rr_list to presentation format and appends it to
+ * the output buffer
+ * \param[in] output the buffer to append output to
+ * \param[in] list the ldns_rr_list to print
+ * \return ldns_status
+ */
+ldns_status ldns_rr_list2buffer_str(ldns_buffer *output, const ldns_rr_list *list);
+
+/**
+ * Converts a rr_list to presentation format and appends it to
+ * the output buffer
+ * \param[in] output the buffer to append output to
+ * \param[in] fmt format of the textual representation
+ * \param[in] list the ldns_rr_list to print
+ * \return ldns_status
+ */
+ldns_status ldns_rr_list2buffer_str_fmt(ldns_buffer *output, 
+		const ldns_output_format *fmt, const ldns_rr_list *list);
+
+/**
+ * Converts the header of a packet to presentation format and appends it to
+ * the output buffer
+ * \param[in] output the buffer to append output to
+ * \param[in] pkt the packet to convert the header of
+ * \return ldns_status
+ */
+ldns_status ldns_pktheader2buffer_str(ldns_buffer *output, const ldns_pkt *pkt);
+
+/**
+ * print a rr_list to output
+ * \param[in] output the fd to print to
+ * \param[in] list the rr_list to print
+ */
+void ldns_rr_list_print(FILE *output, const ldns_rr_list *list);
+
+/**
+ * print a rr_list to output
+ * \param[in] output the fd to print to
+ * \param[in] fmt format of the textual representation
+ * \param[in] list the rr_list to print
+ */
+void ldns_rr_list_print_fmt(FILE *output, 
+		const ldns_output_format *fmt, const ldns_rr_list *list);
+
+/**
+ * Print a resolver (in sofar that is possible) state
+ * to output.
+ * \param[in] output the fd to print to
+ * \param[in] r the resolver to print
+ */
+void ldns_resolver_print(FILE *output, const ldns_resolver *r);
+
+/**
+ * Print a resolver (in sofar that is possible) state
+ * to output.
+ * \param[in] output the fd to print to
+ * \param[in] fmt format of the textual representation
+ * \param[in] r the resolver to print
+ */
+void ldns_resolver_print_fmt(FILE *output, 
+		const ldns_output_format *fmt, const ldns_resolver *r);
+
+/**
+ * Print a zone structure * to output. Note the SOA record
+ * is included in this output
+ * \param[in] output the fd to print to
+ * \param[in] z the zone to print
+ */
+void ldns_zone_print(FILE *output, const ldns_zone *z);
+
+/**
+ * Print a zone structure * to output. Note the SOA record
+ * is included in this output
+ * \param[in] output the fd to print to
+ * \param[in] fmt format of the textual representation
+ * \param[in] z the zone to print
+ */
+void ldns_zone_print_fmt(FILE *output, 
+		const ldns_output_format *fmt, const ldns_zone *z);
+
+/**
+ * Print the ldns_rdf containing a dname to the buffer
+ * \param[in] output the buffer to print to
+ * \param[in] dname the dname to print
+ * \return ldns_status message if the printing succeeded
+ */
+ldns_status ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDNS_HOST2STR_H */
diff --git a/3rdParty/Ldns/src/include/ldns/host2wire.h b/3rdParty/Ldns/src/include/ldns/host2wire.h
new file mode 100644
index 0000000..5eafe9d
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/host2wire.h
@@ -0,0 +1,164 @@
+/*
+ * host2wire.h - 2wire conversion routines
+ *
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2005-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+/**
+ * \file
+ *
+ * Contains all functions to translate the main structures to wire format
+ */
+
+#ifndef LDNS_HOST2WIRE_H
+#define LDNS_HOST2WIRE_H
+
+#include <ldns/common.h>
+#include <ldns/error.h>
+#include <ldns/rr.h>
+#include <ldns/rdata.h>
+#include <ldns/packet.h>
+#include <ldns/buffer.h>
+#include <ctype.h>
+
+#include "ldns/util.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Copies the dname data to the buffer in wire format
+ * \param[out] *buffer buffer to append the result to
+ * \param[in] *name rdata dname to convert
+ * \return ldns_status
+ */
+ldns_status ldns_dname2buffer_wire(ldns_buffer *buffer, const ldns_rdf *name);
+
+/**
+ * Copies the rdata data to the buffer in wire format
+ * \param[out] *output buffer to append the result to
+ * \param[in] *rdf rdata to convert
+ * \return ldns_status
+ */
+ldns_status ldns_rdf2buffer_wire(ldns_buffer *output, const ldns_rdf *rdf);
+
+/**
+ * Copies the rdata data to the buffer in wire format
+ * If the rdata is a dname, the letters will be lowercased
+ * during the conversion
+ * \param[out] *output buffer to append the result to
+ * \param[in] *rdf rdata to convert
+ * \return ldns_status
+ */
+ldns_status ldns_rdf2buffer_wire_canonical(ldns_buffer *output,
+								   const ldns_rdf *rdf);
+
+/**
+ * Copies the rr data to the buffer in wire format
+ * \param[out] *output buffer to append the result to
+ * \param[in] *rr resource record to convert
+ * \param[in] section the section in the packet this rr is supposed to be in
+ *            (to determine whether to add rdata or not)
+ * \return ldns_status
+ */
+ldns_status ldns_rr2buffer_wire(ldns_buffer *output,
+						  const ldns_rr *rr,
+						  int section);
+
+/**
+ * Copies the rr data to the buffer in wire format, in canonical format
+ * according to RFC3597 (every dname in rdata fields of RR's mentioned in
+ * that RFC will be lowercased)
+ * \param[out] *output buffer to append the result to
+ * \param[in] *rr resource record to convert
+ * \param[in] section the section in the packet this rr is supposed to be in
+ *            (to determine whether to add rdata or not)
+ * \return ldns_status
+ */
+ldns_status ldns_rr2buffer_wire_canonical(ldns_buffer *output,
+								  const ldns_rr *rr,
+								  int section);
+
+
+/**
+ * Converts a rrsig to wireformat BUT EXCLUDE the rrsig rdata
+ * This is needed in DNSSEC verification
+ * \param[out] output buffer to append the result to
+ * \param[in] sigrr signature rr to operate on
+ * \return ldns_status
+ */
+ldns_status ldns_rrsig2buffer_wire(ldns_buffer *output, const ldns_rr *sigrr);
+
+/**
+ * Converts an rr's rdata to wireformat, while excluding
+ * the ownername and all the stuff before the rdata.
+ * This is needed in DNSSEC keytag calculation, the ds
+ * calcalution from the key and maybe elsewhere.
+ *
+ * \param[out] *output buffer where to put the result
+ * \param[in] *rr rr to operate on
+ * \return ldns_status
+ */
+ldns_status ldns_rr_rdata2buffer_wire(ldns_buffer *output, const ldns_rr *rr);
+
+/**
+ * Copies the packet data to the buffer in wire format
+ * \param[out] *output buffer to append the result to
+ * \param[in] *pkt packet to convert
+ * \return ldns_status
+ */
+ldns_status ldns_pkt2buffer_wire(ldns_buffer *output, const ldns_pkt *pkt);
+
+/**
+ * Copies the rr_list data to the buffer in wire format
+ * \param[out] *output buffer to append the result to
+ * \param[in] *rrlist rr_list to to convert
+ * \return ldns_status
+ */
+ldns_status ldns_rr_list2buffer_wire(ldns_buffer *output, const ldns_rr_list *rrlist);
+
+/**
+ * Allocates an array of uint8_t at dest, and puts the wireformat of the
+ * given rdf in that array. The result_size value contains the
+ * length of the array, if it succeeds, and 0 otherwise (in which case
+ * the function also returns NULL)
+ *
+ * \param[out] dest pointer to the array of bytes to be created
+ * \param[in] rdf the rdata field to convert
+ * \param[out] size the size of the converted result
+ */
+ldns_status ldns_rdf2wire(uint8_t **dest, const ldns_rdf *rdf, size_t *size);
+
+/**
+ * Allocates an array of uint8_t at dest, and puts the wireformat of the
+ * given rr in that array. The result_size value contains the
+ * length of the array, if it succeeds, and 0 otherwise (in which case
+ * the function also returns NULL)
+ *
+ * If the section argument is LDNS_SECTION_QUESTION, data like ttl and rdata
+ * are not put into the result
+ *
+ * \param[out] dest pointer to the array of bytes to be created
+ * \param[in] rr the rr to convert
+ * \param[out] size the size of the converted result
+ */
+ldns_status ldns_rr2wire(uint8_t **dest, const ldns_rr *rr, int, size_t *size);
+
+/**
+ * Allocates an array of uint8_t at dest, and puts the wireformat of the
+ * given packet in that array. The result_size value contains the
+ * length of the array, if it succeeds, and 0 otherwise (in which case
+ * the function also returns NULL)
+ */
+ldns_status ldns_pkt2wire(uint8_t **dest, const ldns_pkt *p, size_t *size);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDNS_HOST2WIRE_H */
diff --git a/3rdParty/Ldns/src/include/ldns/keys.h b/3rdParty/Ldns/src/include/ldns/keys.h
new file mode 100644
index 0000000..ad3ff25
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/keys.h
@@ -0,0 +1,615 @@
+/*
+ * 
+ * keys.h
+ *
+ * priv key definitions
+ *
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2005-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+/**
+ * \file
+ *
+ * Addendum to \ref dnssec.h, this module contains key and algorithm definitions and functions.
+ */
+ 
+
+#ifndef LDNS_KEYS_H
+#define LDNS_KEYS_H
+
+#include <ldns/common.h>
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+#include <openssl/ssl.h>
+#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+#include <ldns/dnssec.h>
+#include <ldns/util.h>
+#include <errno.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern ldns_lookup_table ldns_signing_algorithms[];
+
+#define LDNS_KEY_ZONE_KEY 0x0100   /* rfc 4034 */
+#define LDNS_KEY_SEP_KEY 0x0001    /* rfc 4034 */
+#define LDNS_KEY_REVOKE_KEY 0x0080 /* rfc 5011 */
+
+/**
+ * Algorithms used in dns
+ */
+enum ldns_enum_algorithm
+{
+        LDNS_RSAMD5             = 1,   /* RFC 4034,4035 */
+        LDNS_DH                 = 2,
+        LDNS_DSA                = 3,
+        LDNS_ECC                = 4,
+        LDNS_RSASHA1            = 5,
+        LDNS_DSA_NSEC3          = 6,
+        LDNS_RSASHA1_NSEC3      = 7,
+        LDNS_RSASHA256          = 8,   /* RFC 5702 */
+        LDNS_RSASHA512          = 10,  /* RFC 5702 */
+        LDNS_ECC_GOST           = 12,  /* RFC 5933 */
+#if LDNS_BUILD_CONFIG_USE_ECDSA
+	/* this ifdef has to be removed once it is no longer experimental,
+	 * to be able to use these values outside of the ldns library itself */
+        LDNS_ECDSAP256SHA256    = 13,  /* draft-hoffman-dnssec-ecdsa */
+        LDNS_ECDSAP384SHA384    = 14,  /* EXPERIMENTAL */
+#endif
+        LDNS_INDIRECT           = 252,
+        LDNS_PRIVATEDNS         = 253,
+        LDNS_PRIVATEOID         = 254
+};
+typedef enum ldns_enum_algorithm ldns_algorithm;
+
+/**
+ * Hashing algorithms used in the DS record
+ */
+enum ldns_enum_hash
+{
+        LDNS_SHA1               = 1,  /* RFC 4034 */
+        LDNS_SHA256             = 2,  /* RFC 4509 */
+        LDNS_HASH_GOST          = 3   /* RFC 5933 */
+#if LDNS_BUILD_CONFIG_USE_ECDSA
+	/* this ifdef has to be removed once it is no longer experimental,
+	 * to be able to use these values outside of the ldns library itself */
+        ,LDNS_SHA384             = 4   /* draft-hoffman-dnssec-ecdsa EXPERIMENTAL */
+#endif
+};
+typedef enum ldns_enum_hash ldns_hash;
+
+/**
+ * Algorithms used in dns for signing
+ */
+enum ldns_enum_signing_algorithm
+{
+	LDNS_SIGN_RSAMD5	 = LDNS_RSAMD5,
+	LDNS_SIGN_RSASHA1	 = LDNS_RSASHA1,
+	LDNS_SIGN_DSA		 = LDNS_DSA,
+	LDNS_SIGN_RSASHA1_NSEC3  = LDNS_RSASHA1_NSEC3,
+	LDNS_SIGN_RSASHA256	 = LDNS_RSASHA256,
+	LDNS_SIGN_RSASHA512	 = LDNS_RSASHA512,
+	LDNS_SIGN_DSA_NSEC3	 = LDNS_DSA_NSEC3,
+	LDNS_SIGN_ECC_GOST       = LDNS_ECC_GOST,
+#if LDNS_BUILD_CONFIG_USE_ECDSA
+	/* this ifdef has to be removed once it is no longer experimental,
+	 * to be able to use these values outside of the ldns library itself */
+        LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256,
+        LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384,
+#endif
+	LDNS_SIGN_HMACMD5	 = 157,	/* not official! This type is for TSIG, not DNSSEC */
+	LDNS_SIGN_HMACSHA1	 = 158,	/* not official! This type is for TSIG, not DNSSEC */
+	LDNS_SIGN_HMACSHA256 = 159  /* ditto */
+};
+typedef enum ldns_enum_signing_algorithm ldns_signing_algorithm;
+
+/**
+ * General key structure, can contain all types of keys that
+ * are used in DNSSEC. Mostly used to store private keys, since
+ * public keys can also be stored in a \ref ldns_rr with type
+ * \ref LDNS_RR_TYPE_DNSKEY.
+ *
+ * This structure can also store some variables that influence the
+ * signatures generated by signing with this key, for instance the
+ * inception date.
+ */
+struct ldns_struct_key {
+	ldns_signing_algorithm _alg;
+	/** Whether to use this key when signing */
+	bool _use;
+	/** Storage pointers for the types of keys supported */
+	/* TODO remove unions? */
+	struct {
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+#ifndef S_SPLINT_S
+		/* The key can be an OpenSSL EVP Key
+		 */
+		EVP_PKEY *key;
+#endif
+#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+		/**
+		 * The key can be an HMAC key
+		 */
+		struct {
+			unsigned char *key;
+			size_t size;
+		} hmac;
+		/** the key structure can also just point to some external
+		 *  key data
+		 */
+		void *external_key;
+	} _key;
+	/** Depending on the key we can have extra data */
+	union {
+                /** Some values that influence generated signatures */
+		struct {
+			/** The TTL of the rrset that is currently signed */
+			uint32_t orig_ttl;
+			/** The inception date of signatures made with this key. */
+			uint32_t inception;
+			/** The expiration date of signatures made with this key. */
+			uint32_t expiration;
+			/** The keytag of this key. */
+			uint16_t keytag;
+			/** The dnssec key flags as specified in RFC4035, like ZSK and KSK */
+			uint16_t flags;
+		}  dnssec;
+	} _extra;
+	/** Owner name of the key */
+	ldns_rdf *_pubkey_owner;
+};
+typedef struct ldns_struct_key ldns_key;
+
+/**
+ * Same as rr_list, but now for keys 
+ */
+struct ldns_struct_key_list
+{
+	size_t _key_count;
+	ldns_key **_keys;
+};
+typedef struct ldns_struct_key_list ldns_key_list;
+
+
+/**
+ * Creates a new empty key list
+ * \return a new ldns_key_list structure pointer
+ */
+ldns_key_list *ldns_key_list_new();
+
+/** 
+ * Creates a new empty key structure
+ * \return a new ldns_key * structure
+ */
+ldns_key *ldns_key_new();
+
+/**
+ * Creates a new key based on the algorithm
+ *
+ * \param[in] a The algorithm to use
+ * \param[in] size the number of bytes for the keysize
+ * \return a new ldns_key structure with the key
+ */
+ldns_key *ldns_key_new_frm_algorithm(ldns_signing_algorithm a, uint16_t size);
+
+/**
+ * Creates a new priv key based on the 
+ * contents of the file pointed by fp.
+ *
+ * The file should be in Private-key-format v1.x.
+ *
+ * \param[out] k the new ldns_key structure
+ * \param[in] fp the file pointer to use
+ * \return an error or LDNS_STATUS_OK
+ */
+ldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp);
+
+/**
+ * Creates a new private key based on the 
+ * contents of the file pointed by fp
+ *
+ * The file should be in Private-key-format v1.x.
+ *
+ * \param[out] k the new ldns_key structure
+ * \param[in] fp the file pointer to use
+ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+ * \return an error or LDNS_STATUS_OK
+ */
+ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr);
+
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+/**
+ * Read the key with the given id from the given engine and store it
+ * in the given ldns_key structure. The algorithm type is set
+ */
+ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm);
+
+
+/**
+ * frm_fp helper function. This function parses the
+ * remainder of the (RSA) priv. key file generated from bind9
+ * \param[in] fp the file to parse
+ * \return NULL on failure otherwise a RSA structure
+ */
+RSA *ldns_key_new_frm_fp_rsa(FILE *fp);
+#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+/**
+ * frm_fp helper function. This function parses the
+ * remainder of the (RSA) priv. key file generated from bind9
+ * \param[in] fp the file to parse
+ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+ * \return NULL on failure otherwise a RSA structure
+ */
+RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr);
+#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+/**
+ * frm_fp helper function. This function parses the
+ * remainder of the (DSA) priv. key file
+ * \param[in] fp the file to parse
+ * \return NULL on failure otherwise a RSA structure
+ */
+DSA *ldns_key_new_frm_fp_dsa(FILE *fp);
+#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+/**
+ * frm_fp helper function. This function parses the
+ * remainder of the (DSA) priv. key file
+ * \param[in] fp the file to parse
+ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+ * \return NULL on failure otherwise a RSA structure
+ */
+DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr);
+#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+/**
+ * frm_fp helper function. This function parses the
+ * remainder of the (HMAC-MD5) key file
+ * This function allocated a buffer that needs to be freed
+ * \param[in] fp the file to parse
+ * \param[out] hmac_size the number of bits in the resulting buffer
+ * \return NULL on failure otherwise a newly allocated char buffer
+ */
+unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size);
+#endif
+
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+/**
+ * frm_fp helper function. This function parses the
+ * remainder of the (HMAC-MD5) key file
+ * This function allocated a buffer that needs to be freed
+ * \param[in] fp the file to parse
+ * \param[in] line_nr pointer to an integer containing the current line number (for error reporting purposes)
+ * \param[out] hmac_size the number of bits in the resulting buffer
+ * \return NULL on failure otherwise a newly allocated char buffer
+ */
+unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size);
+#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+
+/* acces write functions */
+/**
+ * Set the key's algorithm
+ * \param[in] k the key
+ * \param[in] l the algorithm
+ */
+void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l);
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+/**
+ * Set the key's evp key
+ * \param[in] k the key
+ * \param[in] e the evp key
+ */
+void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e);
+
+/**
+ * Set the key's rsa data
+ * \param[in] k the key
+ * \param[in] r the rsa data
+ */
+void ldns_key_set_rsa_key(ldns_key *k, RSA *r);
+/**
+ * Set the key's dsa data
+ * \param[in] k the key
+ * \param[in] d the dsa data
+ */
+void ldns_key_set_dsa_key(ldns_key *k, DSA *d);
+
+/** 
+ * Get the PKEY id for GOST, loads GOST into openssl as a side effect.
+ * Only available if GOST is compiled into the library and openssl.
+ * \return the gost id for EVP_CTX creation.
+ */
+int ldns_key_EVP_load_gost_id(void);
+
+/** Release the engine reference held for the GOST engine. */
+void ldns_key_EVP_unload_gost(void);
+#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+
+/**
+ * Set the key's hmac data
+ * \param[in] k the key
+ * \param[in] hmac the raw key data
+ */
+void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac);
+
+/**
+ * Set the key id data. This is used if the key points to
+ * some externally stored key data
+ * 
+ * Only the pointer is set, the data there is not copied,
+ * and must be freed manually; ldns_key_deep_free() does 
+ * *not* free this data
+ * \param[in] key the key
+ * \param[in] external_key key id data
+ */
+void ldns_key_set_external_key(ldns_key *key, void *external_key);
+
+/**
+ * Set the key's hmac size
+ * \param[in] k the key
+ * \param[in] hmac_size the size of the hmac data
+ */
+void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size);
+/**
+ * Set the key's original ttl
+ * \param[in] k the key
+ * \param[in] t the ttl
+ */
+void ldns_key_set_origttl(ldns_key *k, uint32_t t);
+/**
+ * Set the key's inception date (seconds after epoch)
+ * \param[in] k the key
+ * \param[in] i the inception
+ */
+void ldns_key_set_inception(ldns_key *k, uint32_t i);
+/**
+ * Set the key's expiration date (seconds after epoch)
+ * \param[in] k the key
+ * \param[in] e the expiration
+ */
+void ldns_key_set_expiration(ldns_key *k, uint32_t e);
+/**
+ * Set the key's pubkey owner
+ * \param[in] k the key
+ * \param[in] r the owner
+ */
+void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r);
+/**
+ * Set the key's key tag
+ * \param[in] k the key
+ * \param[in] tag the keytag
+ */
+void ldns_key_set_keytag(ldns_key *k, uint16_t tag);
+/**
+ * Set the key's flags
+ * \param[in] k the key
+ * \param[in] flags the flags
+ */
+void ldns_key_set_flags(ldns_key *k, uint16_t flags);
+/**
+ * Set the keylist's key count to count
+ * \param[in] key the key
+ * \param[in] count the cuont
+ */
+void ldns_key_list_set_key_count(ldns_key_list *key, size_t count);
+
+/**     
+ * pushes a key to a keylist
+ * \param[in] key_list the key_list to push to 
+ * \param[in] key the key to push 
+ * \return false on error, otherwise true
+ */      
+bool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key);
+
+/**
+ * returns the number of keys in the key list
+ * \param[in] key_list the key_list
+ * \return the numbers of keys in the list
+ */
+size_t ldns_key_list_key_count(const ldns_key_list *key_list);
+
+/**
+ * returns a pointer to the key in the list at the given position
+ * \param[in] key the key
+ * \param[in] nr the position in the list
+ * \return the key
+ */
+ldns_key *ldns_key_list_key(const ldns_key_list *key, size_t nr);
+
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+/**
+ * returns the (openssl) RSA struct contained in the key
+ * \param[in] k the key to look in
+ * \return the RSA * structure in the key
+ */
+RSA *ldns_key_rsa_key(const ldns_key *k);
+/**
+ * returns the (openssl) EVP struct contained in the key
+ * \param[in] k the key to look in
+ * \return the RSA * structure in the key
+ */
+EVP_PKEY *ldns_key_evp_key(const ldns_key *k);
+#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+
+/**
+ * returns the (openssl) DSA struct contained in the key
+ */
+#if LDNS_BUILD_CONFIG_HAVE_SSL
+DSA *ldns_key_dsa_key(const ldns_key *k);
+#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+
+/**
+ * return the signing alg of the key
+ * \param[in] k the key
+ * \return the algorithm
+ */
+ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k);
+/**
+ * set the use flag
+ * \param[in] k the key
+ * \param[in] v the boolean value to set the _use field to
+ */
+void ldns_key_set_use(ldns_key *k, bool v);
+/**
+ * return the use flag
+ * \param[in] k the key
+ * \return the boolean value of the _use field
+ */
+bool ldns_key_use(const ldns_key *k);
+/**
+ * return the hmac key data
+ * \param[in] k the key
+ * \return the hmac key data
+ */
+unsigned char *ldns_key_hmac_key(const ldns_key *k);
+/**
+ * return the key id key data
+ * \param[in] k the key
+ * \return the key id data
+ */
+void *ldns_key_external_key(const ldns_key *k);
+/**
+ * return the hmac key size
+ * \param[in] k the key
+ * \return the hmac key size
+ */
+size_t ldns_key_hmac_size(const ldns_key *k);
+/**
+ * return the original ttl of the key
+ * \param[in] k the key
+ * \return the original ttl
+ */
+uint32_t ldns_key_origttl(const ldns_key *k);
+/**
+ * return the key's inception date
+ * \param[in] k the key
+ * \return the inception date
+ */
+uint32_t ldns_key_inception(const ldns_key *k);
+/**
+ * return the key's expiration date
+ * \param[in] k the key
+ * \return the experiration date
+ */
+uint32_t ldns_key_expiration(const ldns_key *k);
+/**
+ * return the keytag
+ * \param[in] k the key
+ * \return the keytag
+ */
+uint16_t ldns_key_keytag(const ldns_key *k);
+/**
+ * return the public key's owner
+ * \param[in] k the key
+ * \return the owner
+ */
+ldns_rdf *ldns_key_pubkey_owner(const ldns_key *k);
+/**
+ * Set the 'use' flag for all keys in the list
+ * \param[in] keys The key_list
+ * \param[in] v The value to set the use flags to
+ */
+void
+ldns_key_list_set_use(ldns_key_list *keys, bool v);
+
+/**
+ * return the flag of the key
+ * \param[in] k the key
+ * \return the flag
+ */
+uint16_t ldns_key_flags(const ldns_key *k);
+
+/**     
+ * pops the last rr from a keylist
+ * \param[in] key_list the rr_list to pop from
+ * \return NULL if nothing to pop. Otherwise the popped RR
+ */
+ldns_key *ldns_key_list_pop_key(ldns_key_list *key_list);
+
+/** 
+ * converts a ldns_key to a public key rr
+ * If the key data exists at an external point, the corresponding
+ * rdata field must still be added with ldns_rr_rdf_push() to the
+ * result rr of this function
+ *
+ * \param[in] k the ldns_key to convert
+ * \return ldns_rr representation of the key
+ */
+ldns_rr *ldns_key2rr(const ldns_key *k);
+
+/**
+ * print a private key to the file ouput
+ * 
+ * \param[in] output the FILE descriptor where to print to
+ * \param[in] k the ldns_key to print
+ */
+void ldns_key_print(FILE *output, const ldns_key *k);
+
+/**
+ * frees a key structure, but not its internal data structures
+ *
+ * \param[in] key the key object to free
+ */
+void ldns_key_free(ldns_key *key);
+
+/**
+ * frees a key structure and all its internal data structures, except
+ * the data set by ldns_key_set_external_key()
+ *
+ * \param[in] key the key object to free
+ */
+void ldns_key_deep_free(ldns_key *key);
+
+/**
+ * Frees a key list structure
+ * \param[in] key_list the key list object to free
+ */
+void ldns_key_list_free(ldns_key_list *key_list);
+
+/**
+ * Instantiates a DNSKEY or DS RR from file.
+ * \param[in] filename the file to read the record from
+ * \return the corresponding RR, or NULL if the parsing failed
+ */
+ldns_rr * ldns_read_anchor_file(const char *filename);
+
+/**
+ * Returns the 'default base name' for key files;
+ * IE. K\<zone\>+\<alg\>+\<keytag\>
+ * (without the .key or .private)
+ * The memory for this is allocated by this function,
+ * and should be freed by the caller
+ * 
+ * \param[in] key the key to get the file name from
+ * \returns A string containing the file base name
+ */
+char *ldns_key_get_file_base_name(ldns_key *key);
+
+/**
+ * See if a key algorithm is supported
+ * \param[in] algo the signing algorithm number.
+ * \returns true if supported.
+ */
+int ldns_key_algo_supported(int algo);
+
+/**
+ * Get signing algorithm by name.  Comparison is case insensitive.
+ * \param[in] name string with the name.
+ * \returns 0 on parse failure or the algorithm number.
+ */
+ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDNS_KEYS_H */
diff --git a/3rdParty/Ldns/src/include/ldns/ldns.h b/3rdParty/Ldns/src/include/ldns/ldns.h
new file mode 100644
index 0000000..6f57733
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/ldns.h
@@ -0,0 +1,155 @@
+/*
+ * dns.h -- defines for the Domain Name System
+ *
+ * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
+ *
+ * See LICENSE for the license.
+ *
+ * This library was created by:
+ * Jelte Jansen, Erik Rozendaal and Miek Gieben
+ *
+ * A bunch of defines that are used in the DNS.
+ */
+
+
+/**
+\mainpage LDNS Documentation
+
+\section introduction Introduction
+
+The goal of ldns is to simplify DNS programming, it supports recent RFCs
+like the DNSSEC documents, and allow developers to easily create software
+conforming to current RFCs, and experimental software for current Internet
+drafts. A secondary benefit of using ldns is speed, because ldns is written
+in C, and although it is not optimized for performance, it should be a lot
+faster than Perl.
+
+The first main tool to use ldns is Drill, from which part of the library was
+derived. From version 1.0.0 on, drill is included in the ldns release
+and will not be distributed seperately anymore. The library also includes some
+other examples and tools to show how it can be used. These can be found in the
+examples/ directory in the tarball.
+
+ldns depends on OpenSSL for it's cryptographic functions.
+Feature list
+
+  - Transparent IPv4 and IPv6 support (overridable if necessary),
+  - TSIG support,
+  - DNSSEC support; signing and verification,
+  - small size,
+  - online documentation as well as manual pages. 
+
+If you want to send us patches please use the code from subversion (trunk). 
+
+\section using_ldns Using ldns
+
+Almost all interaction between an application and ldns goes through the ldns
+data structures (\ref ldns_rr, \ref ldns_pkt, etc.). These are input or
+output to the functions of ldns. For example, \ref ldns_zone_new_frm_fp
+reads a zone from a \c FILE pointer, and returns an \ref ldns_zone
+structure.
+
+
+Let's use Drill as an example. Drill is a tool much like dig, whose most
+basic function is to send 1 query to a nameserver and print the response.
+
+To be able to do this, drill uses the resolver module of ldns, which acts as
+a stub resolver. The resolver module uses the net module to actually send
+the query that drill requested. It then uses the wire2host module to
+translate the response and place it in ldns' internal structures. These are
+passed back to drill, which then uses the host2str module to print the
+response in presentation format.
+
+\section gettingstarted Getting Started
+
+See the \ref design page for a very high level description of the design
+choices made for ldns. 
+
+For an overview of the functions and types ldns provides, you can check out
+the \ref ldns ldns header file descriptions.
+
+If you want to see some libdns action, you can read our tutorials:
+  - \ref tutorial1_mx
+  - \ref tutorial2_zone
+  - \ref tutorial3_signzone
+
+Or you can just use the menu above to browse through the API docs.
+
+<div style="visibility:hidden;">
+\image html LogoInGradientBar2-y100.png
+</div>
+*/
+
+/**
+ * \file ldns.h
+ *
+ * Including this file will include all ldns files, and define some lookup tables.
+ */
+
+#ifndef LDNS_DNS_H
+#define LDNS_DNS_H
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <ldns/util.h>
+#include <ldns/buffer.h>
+#include <ldns/common.h>
+#include <ldns/dname.h>
+#include <ldns/dnssec.h>
+#include <ldns/dnssec_verify.h>
+#include <ldns/dnssec_sign.h>
+#include <ldns/error.h>
+#include <ldns/higher.h>
+#include <ldns/host2str.h>
+#include <ldns/host2wire.h>
+#include <ldns/net.h>
+#include <ldns/packet.h>
+#include <ldns/rdata.h>
+#include <ldns/resolver.h>
+#include <ldns/rr.h>
+#include <ldns/str2host.h>
+#include <ldns/tsig.h>
+#include <ldns/update.h>
+#include <ldns/wire2host.h>
+#include <ldns/rr_functions.h>
+#include <ldns/keys.h>
+#include <ldns/parse.h>
+#include <ldns/zone.h>
+#include <ldns/dnssec_zone.h>
+#include <ldns/rbtree.h>
+#include <ldns/sha1.h>
+#include <ldns/sha2.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define LDNS_IP4ADDRLEN      (32/8)
+#define LDNS_IP6ADDRLEN      (128/8)
+#define LDNS_PORT	53
+#define LDNS_ROOT_LABEL_STR     "."
+#define LDNS_DEFAULT_TTL	3600
+
+/* lookup tables for standard DNS stuff  */
+
+/** Taken from RFC 2538, section 2.1.  */
+extern ldns_lookup_table ldns_certificate_types[];
+/** Taken from RFC 2535, section 7.  */
+extern ldns_lookup_table ldns_algorithms[];
+/** Taken from RFC 2538.  */
+extern ldns_lookup_table ldns_cert_algorithms[];
+/** rr types  */
+extern ldns_lookup_table ldns_rr_classes[];
+/** Response codes */
+extern ldns_lookup_table ldns_rcodes[];
+/** Operation codes */
+extern ldns_lookup_table ldns_opcodes[];
+/** EDNS flags */
+extern ldns_lookup_table ldns_edns_flags[];
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDNS_DNS_H */
diff --git a/3rdParty/Ldns/src/include/ldns/net.h b/3rdParty/Ldns/src/include/ldns/net.h
new file mode 100644
index 0000000..cd7bc4b
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/net.h
@@ -0,0 +1,208 @@
+/*
+ * net.h
+ *
+ * DNS Resolver definitions
+ *
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2005-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+#ifndef LDNS_NET_H
+#define LDNS_NET_H
+
+#include <ldns/ldns.h>
+#include <sys/socket.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define LDNS_DEFAULT_TIMEOUT_SEC 5
+#define LDNS_DEFAULT_TIMEOUT_USEC 0
+
+/**
+ * \file
+ *
+ * Contains functions to send and receive packets over a network.
+ */
+
+/**
+ * Sends a buffer to an ip using udp and return the respons as a ldns_pkt
+ * \param[in] qbin the ldns_buffer to be send
+ * \param[in] to the ip addr to send to
+ * \param[in] tolen length of the ip addr
+ * \param[in] timeout the timeout value for the network
+ * \param[out] answersize size of the packet
+ * \param[out] result packet with the answer
+ * \return status
+ */
+ldns_status ldns_udp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout, size_t *answersize);
+
+/**
+ * Send an udp query and don't wait for an answer but return
+ * the socket
+ * \param[in] qbin the ldns_buffer to be send
+ * \param[in] to the ip addr to send to
+ * \param[in] tolen length of the ip addr
+ * \param[in] timeout *unused*, was the timeout value for the network
+ * \return the socket used
+ */
+
+int ldns_udp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
+
+/**
+ * Send an tcp query and don't wait for an answer but return
+ * the socket
+ * \param[in] qbin the ldns_buffer to be send
+ * \param[in] to the ip addr to send to
+ * \param[in] tolen length of the ip addr
+ * \param[in] timeout the timeout value for the connect attempt
+ * \return the socket used
+ */
+int ldns_tcp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
+
+/**
+ * Sends a buffer to an ip using tcp and return the respons as a ldns_pkt
+ * \param[in] qbin the ldns_buffer to be send
+ * \param[in] qbin the ldns_buffer to be send
+ * \param[in] to the ip addr to send to
+ * \param[in] tolen length of the ip addr
+ * \param[in] timeout the timeout value for the network
+ * \param[out] answersize size of the packet
+ * \param[out] result packet with the answer
+ * \return status
+ */
+ldns_status ldns_tcp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout, size_t *answersize);
+
+/**
+ * Sends ptk to the nameserver at the resolver object. Returns the data
+ * as a ldns_pkt
+ * 
+ * \param[out] pkt packet received from the nameserver
+ * \param[in] r the resolver to use 
+ * \param[in] query_pkt the query to send
+ * \return status
+ */
+ldns_status ldns_send(ldns_pkt **pkt, ldns_resolver *r, const ldns_pkt *query_pkt);
+
+/**
+ * Sends and ldns_buffer (presumably containing a packet to the nameserver at the resolver object. Returns the data
+ * as a ldns_pkt
+ * 
+ * \param[out] pkt packet received from the nameserver
+ * \param[in] r the resolver to use 
+ * \param[in] qb the buffer to send
+ * \param[in] tsig_mac the tsig MAC to authenticate the response with (NULL to do no TSIG authentication)
+ * \return status
+ */
+ldns_status ldns_send_buffer(ldns_pkt **pkt, ldns_resolver *r, ldns_buffer *qb, ldns_rdf *tsig_mac);
+
+/**
+ * Create a tcp socket to the specified address
+ * \param[in] to ip and family
+ * \param[in] tolen length of to
+ * \param[in] timeout timeout for the connect attempt
+ * \return a socket descriptor
+ */
+int ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
+
+/**
+ * Create a udp socket to the specified address
+ * \param[in] to ip and family
+ * \param[in] timeout *unused*, was timeout for the socket
+ * \return a socket descriptor
+ */
+int ldns_udp_connect(const struct sockaddr_storage *to, struct timeval timeout);
+
+/**
+ * send a query via tcp to a server. Don't want for the answer
+ *
+ * \param[in] qbin the buffer to send
+ * \param[in] sockfd the socket to use
+ * \param[in] to which ip to send it
+ * \param[in] tolen socketlen
+ * \return number of bytes sent
+ */
+ssize_t ldns_tcp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, socklen_t tolen);
+
+/**
+ * send a query via udp to a server. Don;t want for the answer
+ *
+ * \param[in] qbin the buffer to send
+ * \param[in] sockfd the socket to use
+ * \param[in] to which ip to send it
+ * \param[in] tolen socketlen
+ * \return number of bytes sent
+ */
+ssize_t ldns_udp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, socklen_t tolen);
+
+/**
+ * Gives back a raw packet from the wire and reads the header data from the given
+ * socket. Allocates the data (of size size) itself, so don't forget to free
+ *
+ * \param[in] sockfd the socket to read from
+ * \param[out] size the number of bytes that are read
+ * \param[in] timeout the time allowed between packets.
+ * \return the data read
+ */
+uint8_t *ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout);
+
+/**
+ * This routine may block. Use ldns_tcp_read_wire_timeout, it checks timeouts.
+ * Gives back a raw packet from the wire and reads the header data from the given
+ * socket. Allocates the data (of size size) itself, so don't forget to free
+ *
+ * \param[in] sockfd the socket to read from
+ * \param[out] size the number of bytes that are read
+ * \return the data read
+ */
+uint8_t *ldns_tcp_read_wire(int sockfd, size_t *size);
+
+/**
+ * Gives back a raw packet from the wire and reads the header data from the given
+ * socket. Allocates the data (of size size) itself, so don't forget to free
+ *
+ * \param[in] sockfd the socket to read from
+ * \param[in] fr the address of the client (if applicable)
+ * \param[in] *frlen the lenght of the client's addr (if applicable)
+ * \param[out] size the number of bytes that are read
+ * \return the data read
+ */
+uint8_t *ldns_udp_read_wire(int sockfd, size_t *size, struct sockaddr_storage *fr, socklen_t *frlen);
+
+/**
+ * returns the native sockaddr representation from the rdf.
+ * \param[in] rd the ldns_rdf to operate on
+ * \param[in] port what port to use. 0 means; use default (53)
+ * \param[out] size what is the size of the sockaddr_storage
+ * \return struct sockaddr* the address in the format so other
+ * functions can use it (sendto)
+ */
+struct sockaddr_storage * ldns_rdf2native_sockaddr_storage(const ldns_rdf *rd, uint16_t port, size_t *size);
+
+/**
+ * returns an rdf with the sockaddr info. works for ip4 and ip6
+ * \param[in] sock the struct sockaddr_storage to convert
+ * \param[in] port what port was used. When NULL this is not set
+ * \return ldns_rdf* wth the address
+ */
+ldns_rdf * ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port);
+
+/**
+ * Prepares the resolver for an axfr query
+ * The query is sent and the answers can be read with ldns_axfr_next
+ * \param[in] resolver the resolver to use
+ * \param[in] domain the domain to exfr
+ * \param[in] c the class to use
+ * \return ldns_status the status of the transfer
+ */
+ldns_status ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class c);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  /* LDNS_NET_H */
diff --git a/3rdParty/Ldns/src/include/ldns/net.h.in b/3rdParty/Ldns/src/include/ldns/net.h.in
new file mode 100644
index 0000000..cd4cfde
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/net.h.in
@@ -0,0 +1,208 @@
+/*
+ * net.h
+ *
+ * DNS Resolver definitions
+ *
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2005-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+#ifndef LDNS_NET_H
+#define LDNS_NET_H
+
+#include <ldns/ldns.h>
+@include_sys_socket_h@
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define LDNS_DEFAULT_TIMEOUT_SEC 5
+#define LDNS_DEFAULT_TIMEOUT_USEC 0
+
+/**
+ * \file
+ *
+ * Contains functions to send and receive packets over a network.
+ */
+
+/**
+ * Sends a buffer to an ip using udp and return the respons as a ldns_pkt
+ * \param[in] qbin the ldns_buffer to be send
+ * \param[in] to the ip addr to send to
+ * \param[in] tolen length of the ip addr
+ * \param[in] timeout the timeout value for the network
+ * \param[out] answersize size of the packet
+ * \param[out] result packet with the answer
+ * \return status
+ */
+ldns_status ldns_udp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout, size_t *answersize);
+
+/**
+ * Send an udp query and don't wait for an answer but return
+ * the socket
+ * \param[in] qbin the ldns_buffer to be send
+ * \param[in] to the ip addr to send to
+ * \param[in] tolen length of the ip addr
+ * \param[in] timeout *unused*, was the timeout value for the network
+ * \return the socket used
+ */
+
+int ldns_udp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
+
+/**
+ * Send an tcp query and don't wait for an answer but return
+ * the socket
+ * \param[in] qbin the ldns_buffer to be send
+ * \param[in] to the ip addr to send to
+ * \param[in] tolen length of the ip addr
+ * \param[in] timeout the timeout value for the connect attempt
+ * \return the socket used
+ */
+int ldns_tcp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
+
+/**
+ * Sends a buffer to an ip using tcp and return the respons as a ldns_pkt
+ * \param[in] qbin the ldns_buffer to be send
+ * \param[in] qbin the ldns_buffer to be send
+ * \param[in] to the ip addr to send to
+ * \param[in] tolen length of the ip addr
+ * \param[in] timeout the timeout value for the network
+ * \param[out] answersize size of the packet
+ * \param[out] result packet with the answer
+ * \return status
+ */
+ldns_status ldns_tcp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout, size_t *answersize);
+
+/**
+ * Sends ptk to the nameserver at the resolver object. Returns the data
+ * as a ldns_pkt
+ * 
+ * \param[out] pkt packet received from the nameserver
+ * \param[in] r the resolver to use 
+ * \param[in] query_pkt the query to send
+ * \return status
+ */
+ldns_status ldns_send(ldns_pkt **pkt, ldns_resolver *r, const ldns_pkt *query_pkt);
+
+/**
+ * Sends and ldns_buffer (presumably containing a packet to the nameserver at the resolver object. Returns the data
+ * as a ldns_pkt
+ * 
+ * \param[out] pkt packet received from the nameserver
+ * \param[in] r the resolver to use 
+ * \param[in] qb the buffer to send
+ * \param[in] tsig_mac the tsig MAC to authenticate the response with (NULL to do no TSIG authentication)
+ * \return status
+ */
+ldns_status ldns_send_buffer(ldns_pkt **pkt, ldns_resolver *r, ldns_buffer *qb, ldns_rdf *tsig_mac);
+
+/**
+ * Create a tcp socket to the specified address
+ * \param[in] to ip and family
+ * \param[in] tolen length of to
+ * \param[in] timeout timeout for the connect attempt
+ * \return a socket descriptor
+ */
+int ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
+
+/**
+ * Create a udp socket to the specified address
+ * \param[in] to ip and family
+ * \param[in] timeout *unused*, was timeout for the socket
+ * \return a socket descriptor
+ */
+int ldns_udp_connect(const struct sockaddr_storage *to, struct timeval timeout);
+
+/**
+ * send a query via tcp to a server. Don't want for the answer
+ *
+ * \param[in] qbin the buffer to send
+ * \param[in] sockfd the socket to use
+ * \param[in] to which ip to send it
+ * \param[in] tolen socketlen
+ * \return number of bytes sent
+ */
+ssize_t ldns_tcp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, socklen_t tolen);
+
+/**
+ * send a query via udp to a server. Don;t want for the answer
+ *
+ * \param[in] qbin the buffer to send
+ * \param[in] sockfd the socket to use
+ * \param[in] to which ip to send it
+ * \param[in] tolen socketlen
+ * \return number of bytes sent
+ */
+ssize_t ldns_udp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, socklen_t tolen);
+
+/**
+ * Gives back a raw packet from the wire and reads the header data from the given
+ * socket. Allocates the data (of size size) itself, so don't forget to free
+ *
+ * \param[in] sockfd the socket to read from
+ * \param[out] size the number of bytes that are read
+ * \param[in] timeout the time allowed between packets.
+ * \return the data read
+ */
+uint8_t *ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout);
+
+/**
+ * This routine may block. Use ldns_tcp_read_wire_timeout, it checks timeouts.
+ * Gives back a raw packet from the wire and reads the header data from the given
+ * socket. Allocates the data (of size size) itself, so don't forget to free
+ *
+ * \param[in] sockfd the socket to read from
+ * \param[out] size the number of bytes that are read
+ * \return the data read
+ */
+uint8_t *ldns_tcp_read_wire(int sockfd, size_t *size);
+
+/**
+ * Gives back a raw packet from the wire and reads the header data from the given
+ * socket. Allocates the data (of size size) itself, so don't forget to free
+ *
+ * \param[in] sockfd the socket to read from
+ * \param[in] fr the address of the client (if applicable)
+ * \param[in] *frlen the lenght of the client's addr (if applicable)
+ * \param[out] size the number of bytes that are read
+ * \return the data read
+ */
+uint8_t *ldns_udp_read_wire(int sockfd, size_t *size, struct sockaddr_storage *fr, socklen_t *frlen);
+
+/**
+ * returns the native sockaddr representation from the rdf.
+ * \param[in] rd the ldns_rdf to operate on
+ * \param[in] port what port to use. 0 means; use default (53)
+ * \param[out] size what is the size of the sockaddr_storage
+ * \return struct sockaddr* the address in the format so other
+ * functions can use it (sendto)
+ */
+struct sockaddr_storage * ldns_rdf2native_sockaddr_storage(const ldns_rdf *rd, uint16_t port, size_t *size);
+
+/**
+ * returns an rdf with the sockaddr info. works for ip4 and ip6
+ * \param[in] sock the struct sockaddr_storage to convert
+ * \param[in] port what port was used. When NULL this is not set
+ * \return ldns_rdf* wth the address
+ */
+ldns_rdf * ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port);
+
+/**
+ * Prepares the resolver for an axfr query
+ * The query is sent and the answers can be read with ldns_axfr_next
+ * \param[in] resolver the resolver to use
+ * \param[in] domain the domain to exfr
+ * \param[in] c the class to use
+ * \return ldns_status the status of the transfer
+ */
+ldns_status ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class c);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  /* LDNS_NET_H */
diff --git a/3rdParty/Ldns/src/include/ldns/packet.h b/3rdParty/Ldns/src/include/ldns/packet.h
new file mode 100644
index 0000000..687a6a2
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/packet.h
@@ -0,0 +1,855 @@
+/*
+ * packet.h
+ *
+ * DNS packet definitions
+ *
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2005-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+/**
+ * \file
+ *
+ * Contains the definition of ldns_pkt and its parts, as well
+ * as functions to manipulate those.
+ */
+
+
+#ifndef LDNS_PACKET_H
+#define LDNS_PACKET_H
+
+#define LDNS_MAX_PACKETLEN         65535
+
+/* allow flags to be given to mk_query */
+#define LDNS_QR		1       /* QueRy - query flag */
+#define LDNS_AA		2       /* Authoritative Answer - server flag */
+#define LDNS_TC		4       /* TrunCated - server flag */
+#define LDNS_RD		8       /* Recursion Desired - query flag */
+#define LDNS_CD		16      /* Checking Disabled - query flag */
+#define LDNS_RA		32      /* Recursion Available - server flag */
+#define LDNS_AD		64      /* Authenticated Data - server flag */
+
+#include <ldns/error.h>
+#include <ldns/common.h>
+#include <ldns/rr.h>
+#include <sys/time.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* opcodes for pkt's */
+enum ldns_enum_pkt_opcode {
+	LDNS_PACKET_QUERY = 0,
+	LDNS_PACKET_IQUERY = 1,
+	LDNS_PACKET_STATUS = 2, /* there is no 3?? DNS is weird */
+	LDNS_PACKET_NOTIFY = 4,
+	LDNS_PACKET_UPDATE = 5
+};
+typedef enum ldns_enum_pkt_opcode ldns_pkt_opcode;
+
+/* rcodes for pkts */
+enum ldns_enum_pkt_rcode {
+	LDNS_RCODE_NOERROR = 0,
+	LDNS_RCODE_FORMERR = 1,
+	LDNS_RCODE_SERVFAIL = 2,
+	LDNS_RCODE_NXDOMAIN = 3,
+	LDNS_RCODE_NOTIMPL = 4,
+	LDNS_RCODE_REFUSED = 5,
+	LDNS_RCODE_YXDOMAIN = 6,
+	LDNS_RCODE_YXRRSET = 7,
+	LDNS_RCODE_NXRRSET = 8,
+	LDNS_RCODE_NOTAUTH = 9,
+	LDNS_RCODE_NOTZONE = 10
+};
+typedef enum ldns_enum_pkt_rcode ldns_pkt_rcode;
+
+/**
+ *  Header of a dns packet
+ *
+ * Contains the information about the packet itself, as specified in RFC1035
+<pre>
+4.1.1. Header section format
+
+The header contains the following fields:
+
+                                    1  1  1  1  1  1
+      0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                      ID                       |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |QR|   Opcode  |AA|TC|RD|RA|   Z    |   RCODE   |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                    QDCOUNT                    |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                    ANCOUNT                    |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                    NSCOUNT                    |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                    ARCOUNT                    |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+ID              A 16 bit identifier assigned by the program that
+                generates any kind of query.  This identifier is copied
+                the corresponding reply and can be used by the requester
+                to match up replies to outstanding queries.
+
+QR              A one bit field that specifies whether this message is a
+                query (0), or a response (1).
+
+OPCODE          A four bit field that specifies kind of query in this
+                message.  This value is set by the originator of a query
+                and copied into the response.  The values are:
+
+                0               a standard query (QUERY)
+
+                1               an inverse query (IQUERY)
+
+                2               a server status request (STATUS)
+
+                3-15            reserved for future use
+
+AA              Authoritative Answer - this bit is valid in responses,
+                and specifies that the responding name server is an
+                authority for the domain name in question section.
+
+                Note that the contents of the answer section may have
+                multiple owner names because of aliases.  The AA bit
+
+                corresponds to the name which matches the query name, or
+                the first owner name in the answer section.
+
+TC              TrunCation - specifies that this message was truncated
+                due to length greater than that permitted on the
+                transmission channel.
+
+RD              Recursion Desired - this bit may be set in a query and
+                is copied into the response.  If RD is set, it directs
+                the name server to pursue the query recursively.
+                Recursive query support is optional.
+
+RA              Recursion Available - this be is set or cleared in a
+                response, and denotes whether recursive query support is
+                available in the name server.
+
+Z               Reserved for future use.  Must be zero in all queries
+                and responses.
+
+RCODE           Response code - this 4 bit field is set as part of
+                responses.  The values have the following
+                interpretation:
+
+                0               No error condition
+
+                1               Format error - The name server was
+                                unable to interpret the query.
+
+                2               Server failure - The name server was
+                                unable to process this query due to a
+                                problem with the name server.
+
+                3               Name Error - Meaningful only for
+                                responses from an authoritative name
+                                server, this code signifies that the
+                                domain name referenced in the query does
+                                not exist.
+
+                4               Not Implemented - The name server does
+                                not support the requested kind of query.
+
+                5               Refused - The name server refuses to
+                                perform the specified operation for
+                                policy reasons.  For example, a name
+                                server may not wish to provide the
+                                information to the particular requester,
+                                or a name server may not wish to perform
+                                a particular operation (e.g., zone
+
+                                transfer) for particular data.
+
+                6-15            Reserved for future use.
+
+QDCOUNT         an unsigned 16 bit integer specifying the number of
+                entries in the question section.
+
+ANCOUNT         an unsigned 16 bit integer specifying the number of
+                resource records in the answer section.
+
+NSCOUNT         an unsigned 16 bit integer specifying the number of name
+                server resource records in the authority records
+                section.
+
+ARCOUNT         an unsigned 16 bit integer specifying the number of
+                resource records in the additional records section.
+
+</pre>
+ */
+struct ldns_struct_hdr
+{
+	/**  Id of a packet */
+	uint16_t _id;
+	/**  Query bit (0=query, 1=answer) */
+	bool _qr;
+	/**  Authoritative answer */
+	bool _aa;
+	/**  Packet truncated */
+	bool _tc;
+	/**  Recursion desired */
+	bool _rd;
+	/**  Checking disabled */
+	bool _cd;
+	/**  Recursion available */
+	bool _ra;
+	/**  Authentic data */
+	bool _ad;
+	/**  Query type */
+	ldns_pkt_opcode _opcode;	 /* XXX 8 bits? */
+	/**  Response code */
+	uint8_t _rcode;
+	/**  question sec */
+	uint16_t _qdcount;
+	/**  answer sec */
+	uint16_t _ancount;
+	/**  auth sec */
+	uint16_t _nscount;
+	/**  add sec */
+	uint16_t _arcount;
+};
+typedef struct ldns_struct_hdr ldns_hdr;
+
+/**
+ * DNS packet
+ *
+ * This structure contains a complete DNS packet (either a query or an answer)
+ *
+ * It is the complete representation of what you actually send to a
+ * nameserver, and what it sends back (assuming you are the client here).
+ */
+struct ldns_struct_pkt
+{
+	/** Header section */
+	ldns_hdr *_header;
+	/* extra items needed in a packet */
+	/** The size of the wire format of the packet in octets */
+	ldns_rdf *_answerfrom;
+        /** Timestamp of the time the packet was sent or created */
+	struct timeval timestamp;
+	/** The duration of the query this packet is an answer to */
+	uint32_t _querytime;
+	/** The size of the wire format of the packet in octets */
+	size_t _size;
+	/** Optional tsig rr */
+	ldns_rr *_tsig_rr;
+	/** EDNS0 available buffer size, see RFC2671 */
+	uint16_t _edns_udp_size;
+	/** EDNS0 Extended rcode */
+	uint8_t _edns_extended_rcode;
+	/** EDNS Version */
+	uint8_t _edns_version;
+	/** Reserved EDNS data bits */
+	uint16_t _edns_z;
+	/** Arbitrary EDNS rdata */
+	ldns_rdf *_edns_data;
+	/**  Question section */
+	ldns_rr_list	*_question;
+	/**  Answer section */
+	ldns_rr_list	*_answer;
+	/**  Authority section */
+	ldns_rr_list	*_authority;
+	/**  Additional section */
+	ldns_rr_list	*_additional;
+};
+typedef struct ldns_struct_pkt ldns_pkt;
+
+/**
+ * The sections of a packet
+ */
+enum ldns_enum_pkt_section {
+	LDNS_SECTION_QUESTION = 0,
+	LDNS_SECTION_ANSWER = 1,
+	LDNS_SECTION_AUTHORITY = 2,
+	LDNS_SECTION_ADDITIONAL = 3,
+	/** bogus section, if not interested */
+	LDNS_SECTION_ANY = 4,
+	/** used to get all non-question rrs from a packet */
+	LDNS_SECTION_ANY_NOQUESTION = 5
+};
+typedef enum ldns_enum_pkt_section ldns_pkt_section;	
+
+/**
+ * The different types of packets
+ */
+enum ldns_enum_pkt_type {
+	LDNS_PACKET_QUESTION,
+	LDNS_PACKET_REFERRAL,
+	LDNS_PACKET_ANSWER,
+	LDNS_PACKET_NXDOMAIN,
+	LDNS_PACKET_NODATA,
+	LDNS_PACKET_UNKNOWN
+};
+typedef enum ldns_enum_pkt_type ldns_pkt_type;
+
+/* prototypes */
+
+/* read */
+
+/**
+ * Read the packet id
+ * \param[in] p the packet
+ * \return the packet id
+ */
+uint16_t ldns_pkt_id(const ldns_pkt *p);
+/**
+ * Read the packet's qr bit
+ * \param[in] p the packet
+ * \return value of the bit
+ */
+bool ldns_pkt_qr(const ldns_pkt *p);
+/**
+ * Read the packet's aa bit
+ * \param[in] p the packet
+ * \return value of the bit
+ */
+bool ldns_pkt_aa(const ldns_pkt *p);
+/**
+ * Read the packet's tc bit
+ * \param[in] p the packet
+ * \return value of the bit
+ */
+bool ldns_pkt_tc(const ldns_pkt *p);
+/**
+ * Read the packet's rd bit
+ * \param[in] p the packet
+ * \return value of the bit
+ */
+bool ldns_pkt_rd(const ldns_pkt *p);
+/**
+ * Read the packet's cd bit
+ * \param[in] p the packet
+ * \return value of the bit
+ */
+bool ldns_pkt_cd(const ldns_pkt *p);
+/**
+ * Read the packet's ra bit
+ * \param[in] p the packet
+ * \return value of the bit
+ */
+bool ldns_pkt_ra(const ldns_pkt *p);
+/**
+ * Read the packet's ad bit
+ * \param[in] p the packet
+ * \return value of the bit
+ */
+bool ldns_pkt_ad(const ldns_pkt *p);
+/**
+ * Read the packet's code
+ * \param[in] p the packet
+ * \return the opcode
+ */
+ldns_pkt_opcode ldns_pkt_get_opcode(const ldns_pkt *p);
+/**
+ * Return the packet's respons code
+ * \param[in] p the packet
+ * \return the respons code
+ */
+ldns_pkt_rcode ldns_pkt_get_rcode(const ldns_pkt *p);
+/**
+ * Return the packet's qd count 
+ * \param[in] p the packet
+ * \return the qd count
+ */
+uint16_t ldns_pkt_qdcount(const ldns_pkt *p);
+/**
+ * Return the packet's an count
+ * \param[in] p the packet
+ * \return the an count
+ */
+uint16_t ldns_pkt_ancount(const ldns_pkt *p);
+/**
+ * Return the packet's ns count
+ * \param[in] p the packet
+ * \return the ns count
+ */
+uint16_t ldns_pkt_nscount(const ldns_pkt *p);
+/**
+ * Return the packet's ar count
+ * \param[in] p the packet
+ * \return the ar count
+ */
+uint16_t ldns_pkt_arcount(const ldns_pkt *p);
+
+/** 
+ * Return the packet's answerfrom
+ * \param[in] p packet
+ * \return the name of the server
+ */
+ldns_rdf *ldns_pkt_answerfrom(const ldns_pkt *p);
+
+/**
+ * Return the packet's timestamp
+ * \param[in] p the packet
+ * \return the timestamp
+ */
+struct timeval ldns_pkt_timestamp(const ldns_pkt *p);
+/**
+ * Return the packet's querytime
+ * \param[in] p the packet
+ * \return the querytime
+ */
+uint32_t ldns_pkt_querytime(const ldns_pkt *p);
+
+/**
+ * Return the packet's size in bytes
+ * \param[in] p the packet
+ * \return the size
+ */
+size_t ldns_pkt_size(const ldns_pkt *p);
+
+/**
+ * Return the packet's tsig pseudo rr's
+ * \param[in] p the packet
+ * \return the tsig rr
+ */
+ldns_rr *ldns_pkt_tsig(const ldns_pkt *p);
+
+/**
+ * Return the packet's question section
+ * \param[in] p the packet
+ * \return the section
+ */
+ldns_rr_list *ldns_pkt_question(const ldns_pkt *p);
+/**
+ * Return the packet's answer section
+ * \param[in] p the packet
+ * \return the section
+ */
+ldns_rr_list *ldns_pkt_answer(const ldns_pkt *p);
+/**
+ * Return the packet's authority section
+ * \param[in] p the packet
+ * \return the section
+ */
+ldns_rr_list *ldns_pkt_authority(const ldns_pkt *p);
+/**
+ * Return the packet's additional section
+ * \param[in] p the packet
+ * \return the section
+ */
+ldns_rr_list *ldns_pkt_additional(const ldns_pkt *p);
+/**
+ * Return the packet's question, answer, authority and additional sections
+ * concatenated, in a new rr_list clone.
+ * \param[in] p the packet
+ * \return the rrs
+ */
+ldns_rr_list *ldns_pkt_all(const ldns_pkt *p);
+/**
+ * Return the packet's answer, authority and additional sections concatenated, 
+ * in a new rr_list clone.  Like ldns_pkt_all but without the questions.
+ * \param[in] p the packet
+ * \return the rrs except the question rrs
+ */
+ldns_rr_list *ldns_pkt_all_noquestion(const ldns_pkt *p);
+
+/**
+ * return all the rr_list's in the packet. Clone the lists, instead
+ * of returning pointers. 
+ * \param[in] p the packet to look in
+ * \param[in] s what section(s) to return
+ * \return ldns_rr_list with the rr's or NULL if none were found
+ */
+ldns_rr_list *ldns_pkt_get_section_clone(const ldns_pkt *p, ldns_pkt_section s);
+
+/**
+ * return all the rr with a specific name from a packet. Optionally
+ * specify from which section in the packet
+ * \param[in] p the packet
+ * \param[in] r the name
+ * \param[in] s the packet's section
+ * \return a list with the rr's or NULL if none were found
+ */
+ldns_rr_list *ldns_pkt_rr_list_by_name(ldns_pkt *p, ldns_rdf *r, ldns_pkt_section s);
+/**
+ * return all the rr with a specific type from a packet. Optionally
+ * specify from which section in the packet
+ * \param[in] p the packet
+ * \param[in] t the type
+ * \param[in] s the packet's section
+ * \return a list with the rr's or NULL if none were found
+ */
+ldns_rr_list *ldns_pkt_rr_list_by_type(const ldns_pkt *p, ldns_rr_type t, ldns_pkt_section s);
+/**
+ * return all the rr with a specific type and type from a packet. Optionally
+ * specify from which section in the packet
+ * \param[in] packet the packet
+ * \param[in] ownername the name
+ * \param[in] type the type
+ * \param[in] sec the packet's section
+ * \return a list with the rr's or NULL if none were found
+ */
+ldns_rr_list *ldns_pkt_rr_list_by_name_and_type(const ldns_pkt *packet, const ldns_rdf *ownername, ldns_rr_type type, ldns_pkt_section sec);
+
+
+/**
+ * check to see if an rr exist in the packet
+ * \param[in] pkt the packet to examine
+ * \param[in] sec in which section to look
+ * \param[in] rr the rr to look for
+ */
+bool ldns_pkt_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr);
+
+
+/**
+ * sets the flags in a packet.
+ * \param[in] pkt the packet to operate on
+ * \param[in] flags ORed values: LDNS_QR| LDNS_AR for instance
+ * \return true on success otherwise false
+ */
+bool ldns_pkt_set_flags(ldns_pkt *pkt, uint16_t flags);
+
+/**
+ * Set the packet's id
+ * \param[in] p the packet
+ * \param[in] id the id to set
+ */
+void ldns_pkt_set_id(ldns_pkt *p, uint16_t id);
+/**
+ * Set the packet's id to a random value
+ * \param[in] p the packet
+ */
+void ldns_pkt_set_random_id(ldns_pkt *p);
+/**
+ * Set the packet's qr bit
+ * \param[in] p the packet
+ * \param[in] b the value to set (boolean)
+ */
+void ldns_pkt_set_qr(ldns_pkt *p, bool b);
+/**
+ * Set the packet's aa bit
+ * \param[in] p the packet
+ * \param[in] b the value to set (boolean)
+ */
+void ldns_pkt_set_aa(ldns_pkt *p, bool b);
+/**
+ * Set the packet's tc bit
+ * \param[in] p the packet
+ * \param[in] b the value to set (boolean)
+ */
+void ldns_pkt_set_tc(ldns_pkt *p, bool b);
+/**
+ * Set the packet's rd bit
+ * \param[in] p the packet
+ * \param[in] b the value to set (boolean)
+ */
+void ldns_pkt_set_rd(ldns_pkt *p, bool b);
+/**
+ * Set the packet's cd bit
+ * \param[in] p the packet
+ * \param[in] b the value to set (boolean)
+ */
+void ldns_pkt_set_cd(ldns_pkt *p, bool b);
+/**
+ * Set the packet's ra bit
+ * \param[in] p the packet
+ * \param[in] b the value to set (boolean)
+ */
+void ldns_pkt_set_ra(ldns_pkt *p, bool b);
+/**
+ * Set the packet's ad bit
+ * \param[in] p the packet
+ * \param[in] b the value to set (boolean)
+ */
+void ldns_pkt_set_ad(ldns_pkt *p, bool b);
+
+/**
+ * Set the packet's opcode
+ * \param[in] p the packet
+ * \param[in] c the opcode
+ */
+void ldns_pkt_set_opcode(ldns_pkt *p, ldns_pkt_opcode c);
+/**
+ * Set the packet's respons code
+ * \param[in] p the packet
+ * \param[in] c the rcode
+ */
+void ldns_pkt_set_rcode(ldns_pkt *p, uint8_t c);
+/**
+ * Set the packet's qd count
+ * \param[in] p the packet
+ * \param[in] c the count
+ */
+void ldns_pkt_set_qdcount(ldns_pkt *p, uint16_t c);
+/**
+ * Set the packet's an count
+ * \param[in] p the packet
+ * \param[in] c the count
+ */
+void ldns_pkt_set_ancount(ldns_pkt *p, uint16_t c);
+/**
+ * Set the packet's ns count
+ * \param[in] p the packet
+ * \param[in] c the count
+ */
+void ldns_pkt_set_nscount(ldns_pkt *p, uint16_t c);
+/**
+ * Set the packet's arcount
+ * \param[in] p the packet
+ * \param[in] c the count
+ */
+void ldns_pkt_set_arcount(ldns_pkt *p, uint16_t c);
+/**
+ * Set the packet's answering server
+ * \param[in] p the packet
+ * \param[in] r the address
+ */
+void ldns_pkt_set_answerfrom(ldns_pkt *p, ldns_rdf *r);
+/**
+ * Set the packet's query time
+ * \param[in] p the packet
+ * \param[in] t the querytime in msec
+ */
+void ldns_pkt_set_querytime(ldns_pkt *p, uint32_t t);
+/**
+ * Set the packet's size
+ * \param[in] p the packet
+ * \param[in] s the size
+ */
+void ldns_pkt_set_size(ldns_pkt *p, size_t s);
+
+/**
+ * Set the packet's timestamp
+ * \param[in] p the packet
+ * \param[in] timeval the timestamp
+ */
+void ldns_pkt_set_timestamp(ldns_pkt *p, struct timeval timeval);
+/**
+ * Set a packet's section count to x
+ * \param[in] p the packet
+ * \param[in] s the section
+ * \param[in] x the section count
+ */
+void ldns_pkt_set_section_count(ldns_pkt *p, ldns_pkt_section s, uint16_t x);
+/**
+ * Set the packet's tsig rr
+ * \param[in] p the packet
+ * \param[in] t the tsig rr
+ */
+void ldns_pkt_set_tsig(ldns_pkt *p, ldns_rr *t);
+
+/**
+ * looks inside the packet to determine
+ * what kind of packet it is, AUTH, NXDOMAIN, REFERRAL, etc.
+ * \param[in] p the packet to examine
+ * \return the type of packet
+ */
+ldns_pkt_type ldns_pkt_reply_type(ldns_pkt *p);
+
+/**
+ * return the packet's edns udp size
+ * \param[in] packet the packet
+ * \return the size
+ */
+uint16_t ldns_pkt_edns_udp_size(const ldns_pkt *packet);
+/**
+ * return the packet's edns extended rcode
+ * \param[in] packet the packet
+ * \return the rcode
+ */
+uint8_t ldns_pkt_edns_extended_rcode(const ldns_pkt *packet);
+/**
+ * return the packet's edns version
+ * \param[in] packet the packet
+ * \return the version
+ */
+uint8_t ldns_pkt_edns_version(const ldns_pkt *packet);
+/**
+ * return the packet's edns z value
+ * \param[in] packet the packet
+ * \return the z value
+ */
+uint16_t ldns_pkt_edns_z(const ldns_pkt *packet);
+/**
+ * return the packet's edns data
+ * \param[in] packet the packet
+ * \return the data
+ */
+ldns_rdf *ldns_pkt_edns_data(const ldns_pkt *packet);
+
+/**
+ * return the packet's edns do bit
+ * \param[in] packet the packet
+ * \return the bit's value
+ */
+bool ldns_pkt_edns_do(const ldns_pkt *packet);
+/**
+ * Set the packet's edns do bit
+ * \param[in] packet the packet
+ * \param[in] value the bit's new value
+ */
+void ldns_pkt_set_edns_do(ldns_pkt *packet, bool value);
+
+/**
+ * returns true if this packet needs and EDNS rr to be sent.
+ * At the moment the only reason is an expected packet
+ * size larger than 512 bytes, but for instance dnssec would
+ * be a good reason too.
+ *
+ * \param[in] packet the packet to check
+ * \return true if packet needs edns rr
+ */
+bool ldns_pkt_edns(const ldns_pkt *packet);
+
+/**
+ * Set the packet's edns udp size
+ * \param[in] packet the packet
+ * \param[in] s the size
+ */
+void ldns_pkt_set_edns_udp_size(ldns_pkt *packet, uint16_t s);
+/**
+ * Set the packet's edns extended rcode
+ * \param[in] packet the packet
+ * \param[in] c the code
+ */
+void ldns_pkt_set_edns_extended_rcode(ldns_pkt *packet, uint8_t c);
+/**
+ * Set the packet's edns version
+ * \param[in] packet the packet
+ * \param[in] v the version
+ */
+void ldns_pkt_set_edns_version(ldns_pkt *packet, uint8_t v);
+/**
+ * Set the packet's edns z value
+ * \param[in] packet the packet
+ * \param[in] z the value
+ */
+void ldns_pkt_set_edns_z(ldns_pkt *packet, uint16_t z);
+/**
+ * Set the packet's edns data
+ * \param[in] packet the packet
+ * \param[in] data the data
+ */
+void ldns_pkt_set_edns_data(ldns_pkt *packet, ldns_rdf *data);
+
+/**
+ * allocates and initializes a ldns_pkt structure.
+ * \return pointer to the new packet
+ */
+ldns_pkt *ldns_pkt_new();
+
+/**
+ * frees the packet structure and all data that it contains.
+ * \param[in] packet The packet structure to free
+ * \return void
+ */
+void ldns_pkt_free(ldns_pkt *packet);
+
+/**
+ * creates a query packet for the given name, type, class.
+ * \param[out] p the packet to be returned
+ * \param[in] rr_name the name to query for (as string)
+ * \param[in] rr_type the type to query for
+ * \param[in] rr_class the class to query for
+ * \param[in] flags packet flags
+ * \return LDNS_STATUS_OK or a ldns_status mesg with the error
+ */
+ldns_status ldns_pkt_query_new_frm_str(ldns_pkt **p, const char *rr_name, ldns_rr_type rr_type, ldns_rr_class rr_class , uint16_t flags);
+
+/**
+ * creates a packet with a query in it for the given name, type and class.
+ * \param[in] rr_name the name to query for
+ * \param[in] rr_type the type to query for
+ * \param[in] rr_class the class to query for
+ * \param[in] flags packet flags
+ * \return ldns_pkt* a pointer to the new pkt
+ */
+ldns_pkt *ldns_pkt_query_new(ldns_rdf *rr_name, ldns_rr_type rr_type, ldns_rr_class rr_class, uint16_t flags);
+
+/**
+ * clones the given packet, creating a fully allocated copy
+ *
+ * \param[in] pkt the packet to clone
+ * \return ldns_pkt* pointer to the new packet
+ */
+ldns_pkt *ldns_pkt_clone(ldns_pkt *pkt);
+
+/**
+ * directly set the additional section
+ * \param[in] p packet to operate on
+ * \param[in] rr rrlist to set
+ */
+void ldns_pkt_set_additional(ldns_pkt *p, ldns_rr_list *rr);
+
+/**
+ * directly set the answer section
+ * \param[in] p packet to operate on
+ * \param[in] rr rrlist to set
+ */
+void ldns_pkt_set_answer(ldns_pkt *p, ldns_rr_list *rr);
+
+/**
+ * directly set the question section
+ * \param[in] p packet to operate on
+ * \param[in] rr rrlist to set
+ */
+void ldns_pkt_set_question(ldns_pkt *p, ldns_rr_list *rr);
+
+/**
+ * directly set the auhority section
+ * \param[in] p packet to operate on
+ * \param[in] rr rrlist to set
+ */
+void ldns_pkt_set_authority(ldns_pkt *p, ldns_rr_list *rr);
+
+/**
+ * push an rr on a packet
+ * \param[in] packet packet to operate on
+ * \param[in] section where to put it
+ * \param[in] rr rr to push
+ * \return a boolean which is true when the rr was added
+ */
+bool ldns_pkt_push_rr(ldns_pkt *packet, ldns_pkt_section section, ldns_rr *rr);
+
+/**
+ * push an rr on a packet, provided the RR is not there.
+ * \param[in] pkt packet to operate on
+ * \param[in] sec where to put it
+ * \param[in] rr rr to push
+ * \return a boolean which is true when the rr was added
+ */
+bool ldns_pkt_safe_push_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr);
+
+/**
+ * push a rr_list on a packet
+ * \param[in] packet packet to operate on
+ * \param[in] section where to put it
+ * \param[in] list the rr_list to push
+ * \return a boolean which is true when the rr was added
+ */
+bool ldns_pkt_push_rr_list(ldns_pkt *packet, ldns_pkt_section section, ldns_rr_list *list);
+
+/**
+ * push an rr_list to a packet, provided the RRs are not already there.
+ * \param[in] pkt packet to operate on
+ * \param[in] sec where to put it
+ * \param[in] list the rr_list to push
+ * \return a boolean which is true when the rr was added
+ */
+bool ldns_pkt_safe_push_rr_list(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr_list *list);
+
+/**
+ * check if a packet is empty
+ * \param[in] p packet
+ * \return true: empty, false: not empty
+ */
+bool ldns_pkt_empty(ldns_pkt *p);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  /* LDNS_PACKET_H */
diff --git a/3rdParty/Ldns/src/include/ldns/parse.h b/3rdParty/Ldns/src/include/ldns/parse.h
new file mode 100644
index 0000000..0e9034c
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/parse.h
@@ -0,0 +1,167 @@
+/*
+ * parse.h 
+ *
+ * a Net::DNS like library for C
+ * LibDNS Team @ NLnet Labs
+ * (c) NLnet Labs, 2005-2006
+ * See the file LICENSE for the license
+ */
+
+#ifndef LDNS_PARSE_H
+#define LDNS_PARSE_H
+
+#include <ldns/common.h>
+#include <ldns/buffer.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define LDNS_PARSE_SKIP_SPACE		"\f\n\r\v"
+#define LDNS_PARSE_NORMAL		" \f\n\r\t\v"
+#define LDNS_PARSE_NO_NL		" \t"
+#define LDNS_MAX_LINELEN		10230
+#define LDNS_MAX_KEYWORDLEN		32
+
+
+/**
+ * \file
+ *
+ * Contains some low-level parsing functions, mostly used in the _frm_str
+ * family of functions.
+ */
+ 
+/**
+ * different type of directives in zone files
+ * We now deal with $TTL, $ORIGIN and $INCLUDE.
+ * The latter is not implemented in ldns (yet)
+ */
+enum ldns_enum_directive
+{
+	LDNS_DIR_TTL,
+	LDNS_DIR_ORIGIN,
+	LDNS_DIR_INCLUDE
+};
+typedef enum ldns_enum_directive ldns_directive;
+
+/** 
+ * returns a token/char from the stream F.
+ * This function deals with ( and ) in the stream,
+ * and ignores them when encountered
+ * \param[in] *f the file to read from
+ * \param[out] *token the read token is put here
+ * \param[in] *delim chars at which the parsing should stop
+ * \param[in] *limit how much to read. If 0 the builtin maximum is used
+ * \return 0 on error of EOF of the stream F.  Otherwise return the length of what is read
+ */
+ssize_t ldns_fget_token(FILE *f, char *token, const char *delim, size_t limit);
+
+/** 
+ * returns a token/char from the stream F.
+ * This function deals with ( and ) in the stream,
+ * and ignores when it finds them.
+ * \param[in] *f the file to read from
+ * \param[out] *token the token is put here
+ * \param[in] *delim chars at which the parsing should stop
+ * \param[in] *limit how much to read. If 0 use builtin maximum
+ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+ * \return 0 on error of EOF of F otherwise return the length of what is read
+ */
+ssize_t ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr);
+
+/**
+ * returns a token/char from the buffer b.
+ * This function deals with ( and ) in the buffer,
+ * and ignores when it finds them.
+ * \param[in] *b the buffer to read from
+ * \param[out] *token the token is put here
+ * \param[in] *delim chars at which the parsing should stop
+ * \param[in] *limit how much to read. If 0 the builtin maximum is used
+ * \returns 0 on error of EOF of b. Otherwise return the length of what is read
+ */
+ssize_t ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit);
+
+/*
+ * searches for keyword and delim in a file. Gives everything back
+ * after the keyword + k_del until we hit d_del
+ * \param[in] f file pointer to read from
+ * \param[in] keyword keyword to look for
+ * \param[in] k_del keyword delimeter 
+ * \param[out] data the data found 
+ * \param[in] d_del the data delimeter
+ * \param[in] data_limit maximum size the the data buffer
+ * \return the number of character read
+ */
+ssize_t ldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit);
+
+/*
+ * searches for keyword and delim. Gives everything back
+ * after the keyword + k_del until we hit d_del
+ * \param[in] f file pointer to read from
+ * \param[in] keyword keyword to look for
+ * \param[in] k_del keyword delimeter 
+ * \param[out] data the data found 
+ * \param[in] d_del the data delimeter
+ * \param[in] data_limit maximum size the the data buffer
+ * \param[in] line_nr pointer to an integer containing the current line number (for
+debugging purposes)
+ * \return the number of character read
+ */
+ssize_t ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit, int *line_nr);
+
+/*
+ * searches for keyword and delim in a buffer. Gives everything back
+ * after the keyword + k_del until we hit d_del
+ * \param[in] b buffer pointer to read from
+ * \param[in] keyword keyword to look for
+ * \param[in] k_del keyword delimeter 
+ * \param[out] data the data found 
+ * \param[in] d_del the data delimeter
+ * \param[in] data_limit maximum size the the data buffer
+ * \return the number of character read
+ */
+ssize_t ldns_bget_keyword_data(ldns_buffer *b, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit);
+
+/**
+ * returns the next character from a buffer. Advances the position pointer with 1.
+ * When end of buffer is reached returns EOF. This is the buffer's equivalent
+ * for getc().
+ * \param[in] *buffer buffer to read from
+ * \return EOF on failure otherwise return the character
+ */
+int ldns_bgetc(ldns_buffer *buffer);
+
+/**
+ * skips all of the characters in the given string in the buffer, moving
+ * the position to the first character that is not in *s.
+ * \param[in] *buffer buffer to use
+ * \param[in] *s characters to skip
+ * \return void
+ */
+void ldns_bskipcs(ldns_buffer *buffer, const char *s);
+
+/**
+ * skips all of the characters in the given string in the fp, moving
+ * the position to the first character that is not in *s.
+ * \param[in] *fp file to use
+ * \param[in] *s characters to skip
+ * \return void
+ */
+void ldns_fskipcs(FILE *fp, const char *s);
+
+
+/**
+ * skips all of the characters in the given string in the fp, moving
+ * the position to the first character that is not in *s.
+ * \param[in] *fp file to use
+ * \param[in] *s characters to skip
+ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+ * \return void
+ */
+void ldns_fskipcs_l(FILE *fp, const char *s, int *line_nr);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDNS_PARSE_H */
diff --git a/3rdParty/Ldns/src/include/ldns/rbtree.h b/3rdParty/Ldns/src/include/ldns/rbtree.h
new file mode 100644
index 0000000..98bd880
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/rbtree.h
@@ -0,0 +1,230 @@
+/*
+ * rbtree.h -- generic red-black tree
+ *
+ * Copyright (c) 2001-2008, NLnet Labs. All rights reserved.
+ *
+ * This software is open source.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/**
+ * \file
+ * Red black tree. Implementation taken from NSD 3.0.5, adjusted for use
+ * in unbound (memory allocation, logging and so on).
+ */
+
+#ifndef LDNS_RBTREE_H_
+#define	LDNS_RBTREE_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * This structure must be the first member of the data structure in
+ * the rbtree.  This allows easy casting between an rbnode_t and the
+ * user data (poor man's inheritance).
+ * Or you can use the data pointer member to get to your data item.
+ */
+typedef struct ldns_rbnode_t ldns_rbnode_t;
+/**
+ * The rbnode_t struct definition.
+ */
+struct ldns_rbnode_t {
+	/** parent in rbtree, RBTREE_NULL for root */
+	ldns_rbnode_t   *parent;
+	/** left node (smaller items) */
+	ldns_rbnode_t   *left;
+	/** right node (larger items) */
+	ldns_rbnode_t   *right;
+	/** pointer to sorting key */
+	const void *key;
+	/** pointer to data */
+	const void *data;
+	/** colour of this node */
+	uint8_t	    color;
+};
+
+/** The nullpointer, points to empty node */
+#define	LDNS_RBTREE_NULL &ldns_rbtree_null_node
+/** the global empty node */
+extern	ldns_rbnode_t	ldns_rbtree_null_node;
+
+/** An entire red black tree */
+typedef struct ldns_rbtree_t ldns_rbtree_t;
+/** definition for tree struct */
+struct ldns_rbtree_t {
+	/** The root of the red-black tree */
+	ldns_rbnode_t    *root;
+
+	/** The number of the nodes in the tree */
+	size_t       count;
+
+	/**
+	 * Key compare function. <0,0,>0 like strcmp.
+	 * Return 0 on two NULL ptrs.
+	 */
+	int (*cmp) (const void *, const void *);
+};
+
+/**
+ * Create new tree (malloced) with given key compare function.
+ * @param cmpf: compare function (like strcmp) takes pointers to two keys.
+ * @return: new tree, empty.
+ */
+ldns_rbtree_t *ldns_rbtree_create(int (*cmpf)(const void *, const void *));
+
+/**
+ * Free the complete tree (but not its keys)
+ * @param rbtree The tree to free
+ */
+void ldns_rbtree_free(ldns_rbtree_t *rbtree);
+
+/**
+ * Init a new tree (malloced by caller) with given key compare function.
+ * @param rbtree: uninitialised memory for new tree, returned empty.
+ * @param cmpf: compare function (like strcmp) takes pointers to two keys.
+ */
+void ldns_rbtree_init(ldns_rbtree_t *rbtree, int (*cmpf)(const void *, const void *));
+
+/**
+ * Insert data into the tree.
+ * @param rbtree: tree to insert to.
+ * @param data: element to insert.
+ * @return: data ptr or NULL if key already present.
+ */
+ldns_rbnode_t *ldns_rbtree_insert(ldns_rbtree_t *rbtree, ldns_rbnode_t *data);
+
+/**
+ * Insert data into the tree (reversed arguments, for use as callback)
+ * \param[in] data element to insert
+ * \param[out] rbtree tree to insert in to
+ * \return data ptr or NULL if key is already present
+ */
+void ldns_rbtree_insert_vref(ldns_rbnode_t *data, void *rbtree);
+
+/**
+ * Delete element from tree.
+ * @param rbtree: tree to delete from.
+ * @param key: key of item to delete.
+ * @return: node that is now unlinked from the tree. User to delete it.
+ * returns 0 if node not present
+ */
+ldns_rbnode_t *ldns_rbtree_delete(ldns_rbtree_t *rbtree, const void *key);
+
+/**
+ * Find key in tree. Returns NULL if not found.
+ * @param rbtree: tree to find in.
+ * @param key: key that must match.
+ * @return: node that fits or NULL.
+ */
+ldns_rbnode_t *ldns_rbtree_search(ldns_rbtree_t *rbtree, const void *key);
+
+/**
+ * Find, but match does not have to be exact.
+ * @param rbtree: tree to find in.
+ * @param key: key to find position of.
+ * @param result: set to the exact node if present, otherwise to element that
+ *   precedes the position of key in the tree. NULL if no smaller element.
+ * @return: true if exact match in result. Else result points to <= element,
+ * or NULL if key is smaller than the smallest key.
+ */
+int ldns_rbtree_find_less_equal(ldns_rbtree_t *rbtree, const void *key,
+	ldns_rbnode_t **result);
+
+/**
+ * Returns first (smallest) node in the tree
+ * @param rbtree: tree
+ * @return: smallest element or NULL if tree empty.
+ */
+ldns_rbnode_t *ldns_rbtree_first(ldns_rbtree_t *rbtree);
+
+/**
+ * Returns last (largest) node in the tree
+ * @param rbtree: tree
+ * @return: largest element or NULL if tree empty.
+ */
+ldns_rbnode_t *ldns_rbtree_last(ldns_rbtree_t *rbtree);
+
+/**
+ * Returns next larger node in the tree
+ * @param rbtree: tree
+ * @return: next larger element or NULL if no larger in tree.
+ */
+ldns_rbnode_t *ldns_rbtree_next(ldns_rbnode_t *rbtree);
+
+/**
+ * Returns previous smaller node in the tree
+ * @param rbtree: tree
+ * @return: previous smaller element or NULL if no previous in tree.
+ */
+ldns_rbnode_t *ldns_rbtree_previous(ldns_rbnode_t *rbtree);
+
+/**
+ * split off 'elements' number of elements from the start
+ * of the name tree and return a new tree containing those
+ * elements
+ */
+ldns_rbtree_t *ldns_rbtree_split(ldns_rbtree_t *tree, size_t elements);
+
+/**
+ * add all node from the second tree to the first (removing them from the
+ * second), and fix up nsec(3)s if present
+ */
+void ldns_rbtree_join(ldns_rbtree_t *tree1, ldns_rbtree_t *tree2);
+
+/**
+ * Call with node=variable of struct* with rbnode_t as first element.
+ * with type is the type of a pointer to that struct.
+ */
+#define LDNS_RBTREE_FOR(node, type, rbtree) \
+	for(node=(type)ldns_rbtree_first(rbtree); \
+		(ldns_rbnode_t*)node != LDNS_RBTREE_NULL; \
+		node = (type)ldns_rbtree_next((ldns_rbnode_t*)node))
+
+/**
+ * Call function for all elements in the redblack tree, such that
+ * leaf elements are called before parent elements. So that all
+ * elements can be safely free()d.
+ * Note that your function must not remove the nodes from the tree.
+ * Since that may trigger rebalances of the rbtree.
+ * @param tree: the tree
+ * @param func: function called with element and user arg.
+ * 	The function must not alter the rbtree.
+ * @param arg: user argument.
+ */
+void ldns_traverse_postorder(ldns_rbtree_t* tree,
+	void (*func)(ldns_rbnode_t*, void*), void* arg);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* UTIL_RBTREE_H_ */
diff --git a/3rdParty/Ldns/src/include/ldns/rdata.h b/3rdParty/Ldns/src/include/ldns/rdata.h
new file mode 100644
index 0000000..90dcbf1
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/rdata.h
@@ -0,0 +1,385 @@
+/*
+ * rdata.h
+ *
+ * rdata definitions
+ *
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2005-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+
+/**
+ * \file
+ *
+ * Defines ldns_rdf and functions to manipulate those.
+ */
+
+
+#ifndef LDNS_RDATA_H
+#define LDNS_RDATA_H
+
+#include <ldns/common.h>
+#include <ldns/error.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define LDNS_MAX_RDFLEN	8192
+
+#define LDNS_RDF_SIZE_BYTE              1
+#define LDNS_RDF_SIZE_WORD              2
+#define LDNS_RDF_SIZE_DOUBLEWORD        4
+#define LDNS_RDF_SIZE_6BYTES            6
+#define LDNS_RDF_SIZE_16BYTES           16
+
+#define LDNS_NSEC3_VARS_OPTOUT_MASK 0x01
+
+/**
+ * The different types of RDATA fields.
+ */
+enum ldns_enum_rdf_type
+{
+	/** none */
+	LDNS_RDF_TYPE_NONE,
+	/** domain name */
+	LDNS_RDF_TYPE_DNAME,
+	/** 8 bits */
+	LDNS_RDF_TYPE_INT8,
+	/** 16 bits */
+	LDNS_RDF_TYPE_INT16,
+	/** 32 bits */
+	LDNS_RDF_TYPE_INT32,
+	/** A record */
+	LDNS_RDF_TYPE_A,
+	/** AAAA record */
+	LDNS_RDF_TYPE_AAAA,
+	/** txt string */
+	LDNS_RDF_TYPE_STR,
+	/** apl data */
+	LDNS_RDF_TYPE_APL,
+	/** b32 string */
+	LDNS_RDF_TYPE_B32_EXT,
+	/** b64 string */
+	LDNS_RDF_TYPE_B64,
+	/** hex string */
+	LDNS_RDF_TYPE_HEX,
+	/** nsec type codes */
+	LDNS_RDF_TYPE_NSEC,
+	/** a RR type */
+	LDNS_RDF_TYPE_TYPE,
+	/** a class */
+	LDNS_RDF_TYPE_CLASS,
+	/** certificate algorithm */
+	LDNS_RDF_TYPE_CERT_ALG,
+	/** a key algorithm */
+	LDNS_RDF_TYPE_ALG,
+	/** unknown types */
+	LDNS_RDF_TYPE_UNKNOWN,
+	/** time (32 bits) */
+	LDNS_RDF_TYPE_TIME,
+	/** period */
+	LDNS_RDF_TYPE_PERIOD,
+	/** tsig time 48 bits */
+	LDNS_RDF_TYPE_TSIGTIME,
+	LDNS_RDF_TYPE_TSIG,
+	/** variable length any type rdata where the length
+	    is specified by the first 2 bytes */
+	LDNS_RDF_TYPE_INT16_DATA,
+	/** protocol and port bitmaps */
+	LDNS_RDF_TYPE_SERVICE,
+	/** location data */
+	LDNS_RDF_TYPE_LOC,
+	/** well known services */
+	LDNS_RDF_TYPE_WKS,
+	/** NSAP */
+	LDNS_RDF_TYPE_NSAP,
+	/** ATMA */
+	LDNS_RDF_TYPE_ATMA,
+	/** IPSECKEY */
+	LDNS_RDF_TYPE_IPSECKEY,
+	/** nsec3 hash salt */
+	LDNS_RDF_TYPE_NSEC3_SALT,
+	/** nsec3 base32 string (with length byte on wire */
+	LDNS_RDF_TYPE_NSEC3_NEXT_OWNER
+};
+typedef enum ldns_enum_rdf_type ldns_rdf_type;
+
+/**
+ * algorithms used in CERT rrs
+ */
+enum ldns_enum_cert_algorithm
+{
+        LDNS_CERT_PKIX		= 1,
+        LDNS_CERT_SPKI		= 2,
+        LDNS_CERT_PGP		= 3,
+        LDNS_CERT_IPKIX         = 4,
+        LDNS_CERT_ISPKI         = 5,
+        LDNS_CERT_IPGP          = 6,
+        LDNS_CERT_ACPKIX        = 7,
+        LDNS_CERT_IACPKIX       = 8,
+        LDNS_CERT_URI		= 253,
+        LDNS_CERT_OID		= 254
+};
+typedef enum ldns_enum_cert_algorithm ldns_cert_algorithm;
+
+
+
+/**
+ * Resource record data field.
+ *
+ * The data is a network ordered array of bytes, which size is specified by
+ * the (16-bit) size field. To correctly parse it, use the type
+ * specified in the (16-bit) type field with a value from \ref ldns_rdf_type.
+ */
+struct ldns_struct_rdf
+{
+	/** The size of the data (in octets) */
+	size_t _size;
+	/** The type of the data */
+	ldns_rdf_type _type;
+	/** Pointer to the data (raw octets) */
+	void  *_data;
+};
+typedef struct ldns_struct_rdf ldns_rdf;
+
+/* prototypes */
+
+/* write access functions */
+
+/**
+ * sets the size of the rdf.
+ * \param[in] *rd the rdf to operate on
+ * \param[in] size the new size
+ * \return void
+ */
+void ldns_rdf_set_size(ldns_rdf *rd, size_t size);
+
+/**
+ * sets the size of the rdf.
+ * \param[in] *rd the rdf to operate on
+ * \param[in] type the new type
+ * \return void
+ */
+void ldns_rdf_set_type(ldns_rdf *rd, ldns_rdf_type type);
+
+/**
+ * sets the size of the rdf.
+ * \param[in] *rd the rdf to operate on
+ * \param[in] *data pointer to the new data
+ * \return void
+ */
+void ldns_rdf_set_data(ldns_rdf *rd, void *data);
+
+/* read access */
+
+/**
+ * returns the size of the rdf.
+ * \param[in] *rd the rdf to read from
+ * \return uint16_t with the size
+ */
+size_t ldns_rdf_size(const ldns_rdf *rd);
+
+/**
+ * returns the type of the rdf. We need to insert _get_
+ * here to prevent conflict the the rdf_type TYPE.
+ * \param[in] *rd the rdf to read from
+ * \return ldns_rdf_type with the type
+ */
+ldns_rdf_type ldns_rdf_get_type(const ldns_rdf *rd);
+
+/**
+ * returns the data of the rdf.
+ * \param[in] *rd the rdf to read from
+ * \return uint8_t* pointer to the rdf's data
+ */
+uint8_t *ldns_rdf_data(const ldns_rdf *rd);
+
+/* creator functions */
+
+/**
+ * allocates a new rdf structure and fills it.
+ * This function DOES NOT copy the contents from
+ * the buffer, unlinke ldns_rdf_new_frm_data()
+ * \param[in] type type of the rdf
+ * \param[in] size size of the buffer
+ * \param[in] data pointer to the buffer to be copied
+ * \return the new rdf structure or NULL on failure
+ */
+ldns_rdf *ldns_rdf_new(ldns_rdf_type type, size_t size, void *data);
+
+/**
+ * allocates a new rdf structure and fills it.
+ * This function _does_ copy the contents from
+ * the buffer, unlinke ldns_rdf_new()
+ * \param[in] type type of the rdf
+ * \param[in] size size of the buffer
+ * \param[in] data pointer to the buffer to be copied
+ * \return the new rdf structure or NULL on failure
+ */
+ldns_rdf *ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data);
+
+/**
+ * creates a new rdf from a string.
+ * \param[in] type   type to use
+ * \param[in] str string to use
+ * \return ldns_rdf* or NULL in case of an error
+ */
+ldns_rdf *ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str);
+
+/**
+ * creates a new rdf from a file containing a string.
+ * \param[out] r the new rdf
+ * \param[in] type   type to use
+ * \param[in] fp the file pointer  to use
+ * \return LDNS_STATUS_OK or the error
+ */
+ldns_status ldns_rdf_new_frm_fp(ldns_rdf **r, ldns_rdf_type type, FILE *fp);
+
+/**
+ * creates a new rdf from a file containing a string.
+ * \param[out] r the new rdf
+ * \param[in] type   type to use
+ * \param[in] fp the file pointer  to use
+ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+ * \return LDNS_STATUS_OK or the error
+ */
+ldns_status ldns_rdf_new_frm_fp_l(ldns_rdf **r, ldns_rdf_type type, FILE *fp, int *line_nr);
+
+/* destroy functions */
+
+/**
+ * frees a rdf structure, leaving the
+ * data pointer intact.
+ * \param[in] rd the pointer to be freed
+ * \return void
+ */
+void ldns_rdf_free(ldns_rdf *rd);
+
+/**
+ * frees a rdf structure _and_ frees the
+ * data. rdf should be created with _new_frm_data
+ * \param[in] rd the rdf structure to be freed
+ * \return void
+ */
+void ldns_rdf_deep_free(ldns_rdf *rd);
+
+/* conversion functions */
+
+/**
+ * returns the rdf containing the native uint8_t repr.
+ * \param[in] type the ldns_rdf type to use
+ * \param[in] value the uint8_t to use
+ * \return ldns_rdf* with the converted value
+ */
+ldns_rdf *ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value);
+
+/**
+ * returns the rdf containing the native uint16_t representation.
+ * \param[in] type the ldns_rdf type to use
+ * \param[in] value the uint16_t to use
+ * \return ldns_rdf* with the converted value
+ */
+ldns_rdf *ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value);
+
+/**
+ * returns an rdf that contains the given int32 value.
+ *
+ * Because multiple rdf types can contain an int32, the
+ * type must be specified
+ * \param[in] type the ldns_rdf type to use
+ * \param[in] value the uint32_t to use
+ * \return ldns_rdf* with the converted value
+ */
+ldns_rdf *ldns_native2rdf_int32(ldns_rdf_type type, uint32_t value);
+
+/**
+ * returns an int16_data rdf that contains the data in the
+ * given array, preceded by an int16 specifying the length.
+ *
+ * The memory is copied, and an LDNS_RDF_TYPE_INT16DATA is returned
+ * \param[in] size the size of the data
+ * \param[in] *data pointer to the actual data
+ * \return ldns_rd* the rdf with the data
+ */
+ldns_rdf *ldns_native2rdf_int16_data(size_t size, uint8_t *data);
+
+/**
+ * reverses an rdf, only actually useful for AAAA and A records.
+ * The returned rdf has the type LDNS_RDF_TYPE_DNAME!
+ * \param[in] *rd rdf to be reversed
+ * \return the reversed rdf (a newly created rdf)
+ */
+ldns_rdf *ldns_rdf_address_reverse(ldns_rdf *rd);
+
+/**
+ * returns the native uint8_t representation from the rdf.
+ * \param[in] rd the ldns_rdf to operate on
+ * \return uint8_t the value extracted
+ */
+uint8_t 	ldns_rdf2native_int8(const ldns_rdf *rd);
+
+/**
+ * returns the native uint16_t representation from the rdf.
+ * \param[in] rd the ldns_rdf to operate on
+ * \return uint16_t the value extracted
+ */
+uint16_t	ldns_rdf2native_int16(const ldns_rdf *rd);
+
+/**
+ * returns the native uint32_t representation from the rdf.
+ * \param[in] rd the ldns_rdf to operate on
+ * \return uint32_t the value extracted
+ */
+uint32_t ldns_rdf2native_int32(const ldns_rdf *rd);
+
+/**
+ * returns the native time_t representation from the rdf.
+ * \param[in] rd the ldns_rdf to operate on
+ * \return time_t the value extracted (32 bits currently)
+ */
+time_t ldns_rdf2native_time_t(const ldns_rdf *rd);
+
+/**
+ * converts a ttl value (like 5d2h) to a long.
+ * \param[in] nptr the start of the string
+ * \param[out] endptr points to the last char in case of error
+ * \return the convert duration value
+ */
+uint32_t ldns_str2period(const char *nptr, const char **endptr);
+
+/**
+ * removes \\DDD, \\[space] and other escapes from the input.
+ * See RFC 1035, section 5.1.
+ * \param[in] word what to check
+ * \param[in] length the string
+ * \return ldns_status mesg
+ */
+ldns_status ldns_octet(char *word, size_t *length);
+
+/**
+ * clones a rdf structure. The data is copied.
+ * \param[in] rd rdf to be copied
+ * \return a new rdf structure
+ */
+ldns_rdf *ldns_rdf_clone(const ldns_rdf *rd);
+
+/**
+ * compares two rdf's on their wire formats.
+ * (To order dnames according to rfc4034, use ldns_dname_compare)
+ * \param[in] rd1 the first one
+ * \param[in] rd2 the second one
+ * \return 0 if equal
+ * \return -1 if rd1 comes before rd2
+ * \return +1 if rd2 comes before rd1
+ */
+int ldns_rdf_compare(const ldns_rdf *rd1, const ldns_rdf *rd2);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif	/* LDNS_RDATA_H */
diff --git a/3rdParty/Ldns/src/include/ldns/resolver.h b/3rdParty/Ldns/src/include/ldns/resolver.h
new file mode 100644
index 0000000..f887aaf
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/resolver.h
@@ -0,0 +1,721 @@
+/*
+ * resolver.h
+ *
+ * DNS Resolver definitions
+ *
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2005-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+/**
+ * \file
+ *
+ * Defines the  ldns_resolver structure, a stub resolver that can send queries and parse answers.
+ *
+ */
+
+#ifndef LDNS_RESOLVER_H
+#define LDNS_RESOLVER_H
+
+#include <ldns/error.h>
+#include <ldns/common.h>
+#include <ldns/rr.h>
+#include <ldns/tsig.h>
+#include <ldns/rdata.h>
+#include <ldns/packet.h>
+#include <sys/time.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** Default location of the resolv.conf file */
+#define LDNS_RESOLV_CONF	"/etc/resolv.conf"
+/** Default location of the hosts file */
+#define LDNS_RESOLV_HOSTS	"/etc/hosts"
+
+#define LDNS_RESOLV_KEYWORD     -1
+#define LDNS_RESOLV_DEFDOMAIN	0
+#define LDNS_RESOLV_NAMESERVER	1
+#define LDNS_RESOLV_SEARCH	2
+#define LDNS_RESOLV_SORTLIST	3
+#define LDNS_RESOLV_OPTIONS	4
+#define LDNS_RESOLV_ANCHOR	5
+#define LDNS_RESOLV_KEYWORDS    6
+
+#define LDNS_RESOLV_INETANY		0
+#define LDNS_RESOLV_INET		1
+#define LDNS_RESOLV_INET6		2
+
+#define LDNS_RESOLV_RTT_INF             0       /* infinity */
+#define LDNS_RESOLV_RTT_MIN             1       /* reachable */
+
+/**
+ * DNS stub resolver structure
+ */
+struct ldns_struct_resolver
+{
+	/**  Port to send queries to */
+	uint16_t _port;
+
+	/** Array of nameservers to query (IP addresses or dnames) */
+	ldns_rdf **_nameservers;
+	/** Number of nameservers in \c _nameservers */
+	size_t _nameserver_count; /* how many do we have */
+
+	/**  Round trip time; 0 -> infinity. Unit: ms? */
+	size_t *_rtt;
+
+	/**  Wether or not to be recursive */
+	bool _recursive;
+
+	/**  Print debug information */
+	bool _debug;
+
+	/**  Default domain to add to non fully qualified domain names */
+	ldns_rdf *_domain;
+
+	/**  Searchlist array, add the names in this array if a query cannot be found */
+	ldns_rdf **_searchlist;
+
+	/** Number of entries in the searchlist array */
+	size_t _searchlist_count;
+
+	/**  Number of times to retry before giving up */
+	uint8_t _retry;
+	/**  Time to wait before retrying */
+	uint8_t _retrans;
+	/**  Use new fallback mechanism (try EDNS, then do TCP) */
+	bool _fallback;
+
+	/**  Whether to do DNSSEC */
+	bool _dnssec;
+	/**  Whether to set the CD bit on DNSSEC requests */
+	bool _dnssec_cd;
+	/** Optional trust anchors for complete DNSSEC validation */
+	ldns_rr_list * _dnssec_anchors;
+	/**  Whether to use tcp or udp (tcp if the value is true)*/
+	bool _usevc;
+	/**  Whether to ignore the tc bit */
+	bool _igntc;
+	/**  Whether to use ip6, 0->does not matter, 1 is IPv4, 2 is IPv6 */
+	uint8_t _ip6;
+	/**  If true append the default domain */
+	bool _defnames;
+	/**  If true apply the search list */
+	bool _dnsrch;
+	/**  Timeout for socket connections */
+	struct timeval _timeout;
+	/**  Only try the first nameserver, and return with an error directly if it fails */
+	bool _fail;
+	/**  Randomly choose a nameserver */
+	bool _random;
+	/** Keep some things to make AXFR possible */
+	int _socket;
+	/** Count the number of LDNS_RR_TYPE_SOA RRs we have seen so far
+	 * (the second one signifies the end of the AXFR)
+	 */
+	int _axfr_soa_count;
+	/* when axfring we get complete packets from the server
+	   but we want to give the caller 1 rr at a time, so
+	   keep the current pkt */
+        /** Packet currently handled when doing part of an AXFR */
+	ldns_pkt *_cur_axfr_pkt;
+	/** Counter for within the AXFR packets */
+	uint16_t _axfr_i;
+	/* EDNS0 available buffer size */
+	uint16_t _edns_udp_size;
+
+	/* Optional tsig key for signing queries,
+	outgoing messages are signed if and only if both are set
+	*/
+	/** Name of the key to use with TSIG, if _tsig_keyname and _tsig_keydata both contain values, outgoing messages are automatically signed with TSIG. */
+	char *_tsig_keyname;
+	/** Secret key data to use with TSIG, if _tsig_keyname and _tsig_keydata both contain values, outgoing messages are automatically signed with TSIG. */
+	char *_tsig_keydata;
+	/** TSIG signing algorithm */
+	char *_tsig_algorithm;
+};
+typedef struct ldns_struct_resolver ldns_resolver;
+
+/* prototypes */
+/* read access functions */
+
+/**
+ * Get the port the resolver should use
+ * \param[in] r the resolver
+ * \return the port number
+ */
+uint16_t ldns_resolver_port(const ldns_resolver *r);
+
+/**
+ * Is the resolver set to recurse
+ * \param[in] r the resolver
+ * \return true if so, otherwise false
+ */
+bool ldns_resolver_recursive(const ldns_resolver *r);
+
+/**
+ * Get the debug status of the resolver
+ * \param[in] r the resolver
+ * \return true if so, otherwise false
+ */
+bool ldns_resolver_debug(const ldns_resolver *r);
+
+/**
+ * Get the number of retries
+ * \param[in] r the resolver
+ * \return the number of retries
+ */
+uint8_t ldns_resolver_retry(const ldns_resolver *r);
+
+/**
+ * Get the retransmit interval
+ * \param[in] r the resolver
+ * \return the retransmit interval
+ */
+uint8_t ldns_resolver_retrans(const ldns_resolver *r);
+
+/**
+ * Get the truncation fallback status
+ * \param[in] r the resolver
+ * \return whether the truncation fallback mechanism is used
+ */
+bool ldns_resolver_fallback(const ldns_resolver *r);
+
+/**
+ * Does the resolver use ip6 or ip4
+ * \param[in] r the resolver
+ * \return 0: both, 1: ip4, 2:ip6
+ */
+uint8_t ldns_resolver_ip6(const ldns_resolver *r);
+
+/**
+ * Get the resolver's udp size
+ * \param[in] r the resolver
+ * \return the udp mesg size
+ */
+uint16_t ldns_resolver_edns_udp_size(const ldns_resolver *r);
+/**
+ * Does the resolver use tcp or udp
+ * \param[in] r the resolver
+ * \return true: tcp, false: udp
+ */
+bool ldns_resolver_usevc(const ldns_resolver *r);
+/**
+ * Does the resolver only try the first nameserver
+ * \param[in] r the resolver
+ * \return true: yes, fail, false: no, try the others
+ */
+bool ldns_resolver_fail(const ldns_resolver *r);
+/**
+ * Does the resolver apply default domain name
+ * \param[in] r the resolver
+ * \return true: yes, false: no
+ */
+bool ldns_resolver_defnames(const ldns_resolver *r);
+/**
+ * Does the resolver apply search list
+ * \param[in] r the resolver
+ * \return true: yes, false: no
+ */
+bool ldns_resolver_dnsrch(const ldns_resolver *r);
+/**
+ * Does the resolver do DNSSEC
+ * \param[in] r the resolver
+ * \return true: yes, false: no
+ */
+bool ldns_resolver_dnssec(const ldns_resolver *r);
+/**
+ * Does the resolver set the CD bit
+ * \param[in] r the resolver
+ * \return true: yes, false: no
+ */
+bool ldns_resolver_dnssec_cd(const ldns_resolver *r);
+/**
+ * Get the resolver's DNSSEC anchors
+ * \param[in] r the resolver
+ * \return an rr_list containg trusted DNSSEC anchors
+ */
+ldns_rr_list * ldns_resolver_dnssec_anchors(const ldns_resolver *r);
+/**
+ * Does the resolver ignore the TC bit (truncated)
+ * \param[in] r the resolver
+ * \return true: yes, false: no
+ */
+bool ldns_resolver_igntc(const ldns_resolver *r);
+/**
+ * Does the resolver randomize the nameserver before usage
+ * \param[in] r the resolver
+ * \return true: yes, false: no
+ */
+bool ldns_resolver_random(const ldns_resolver *r);
+/**
+ * How many nameserver are configured in the resolver
+ * \param[in] r the resolver
+ * \return number of nameservers
+ */
+size_t ldns_resolver_nameserver_count(const ldns_resolver *r);
+/**
+ * What is the default dname to add to relative queries
+ * \param[in] r the resolver
+ * \return the dname which is added
+ */
+ldns_rdf *ldns_resolver_domain(const ldns_resolver *r);
+/**
+ * What is the timeout on socket connections
+ * \param[in] r the resolver
+ * \return the timeout as struct timeval
+ */
+struct timeval ldns_resolver_timeout(const ldns_resolver *r);
+/**
+ * What is the searchlist as used by the resolver
+ * \param[in] r the resolver
+ * \return a ldns_rdf pointer to a list of the addresses
+ */
+ldns_rdf** ldns_resolver_searchlist(const ldns_resolver *r);
+/**
+ * Return the configured nameserver ip address
+ * \param[in] r the resolver
+ * \return a ldns_rdf pointer to a list of the addresses
+ */
+ldns_rdf** ldns_resolver_nameservers(const ldns_resolver *r);
+/**
+ * Return the used round trip times for the nameservers
+ * \param[in] r the resolver
+ * \return a size_t* pointer to the list.
+ * yet)
+ */
+size_t * ldns_resolver_rtt(const ldns_resolver *r);
+/**
+ * Return the used round trip time for a specific nameserver
+ * \param[in] r the resolver
+ * \param[in] pos the index to the nameserver
+ * \return the rrt, 0: infinite, >0: undefined (as of * yet)
+ */
+size_t ldns_resolver_nameserver_rtt(const ldns_resolver *r, size_t pos);
+/**
+ * Return the tsig keyname as used by the nameserver
+ * \param[in] r the resolver
+ * \return the name used.
+ */
+char *ldns_resolver_tsig_keyname(const ldns_resolver *r);
+/**
+ * Return the tsig algorithm as used by the nameserver
+ * \param[in] r the resolver
+ * \return the algorithm used.
+ */
+char *ldns_resolver_tsig_algorithm(const ldns_resolver *r);
+/**
+ * Return the tsig keydata as used by the nameserver
+ * \param[in] r the resolver
+ * \return the keydata used.
+ */
+char *ldns_resolver_tsig_keydata(const ldns_resolver *r);
+/**
+ * pop the last nameserver from the resolver.
+ * \param[in] r the resolver
+ * \return the popped address or NULL if empty
+ */
+ldns_rdf* ldns_resolver_pop_nameserver(ldns_resolver *r);
+
+/**
+ * Return the resolver's searchlist count
+ * \param[in] r the resolver
+ * \return the searchlist count
+ */
+size_t ldns_resolver_searchlist_count(const ldns_resolver *r);
+
+/* write access function */
+/**
+ * Set the port the resolver should use
+ * \param[in] r the resolver
+ * \param[in] p the port number
+ */
+void ldns_resolver_set_port(ldns_resolver *r, uint16_t p);
+
+/**
+ * Set the resolver recursion
+ * \param[in] r the resolver
+ * \param[in] b true: set to recurse, false: unset
+ */
+void ldns_resolver_set_recursive(ldns_resolver *r, bool b);
+
+/**
+ * Set the resolver debugging
+ * \param[in] r the resolver
+ * \param[in] b true: debug on: false debug off
+ */
+void ldns_resolver_set_debug(ldns_resolver *r, bool b);
+
+/**
+ * Incremental the resolver's nameserver count.
+ * \param[in] r the resolver
+ */
+void ldns_resolver_incr_nameserver_count(ldns_resolver *r);
+
+/**
+ * Decrement the resolver's nameserver count.
+ * \param[in] r the resolver
+ */
+void ldns_resolver_dec_nameserver_count(ldns_resolver *r);
+
+/**
+ * Set the resolver's nameserver count directly.
+ * \param[in] r the resolver
+ * \param[in] c the nameserver count
+ */
+void ldns_resolver_set_nameserver_count(ldns_resolver *r, size_t c);
+
+/**
+ * Set the resolver's nameserver count directly by using an rdf list
+ * \param[in] r the resolver
+ * \param[in] rd the resolver addresses
+ */
+void ldns_resolver_set_nameservers(ldns_resolver *r, ldns_rdf **rd);
+
+/**
+ * Set the resolver's default domain. This gets appended when no
+ * absolute name is given
+ * \param[in] r the resolver
+ * \param[in] rd the name to append
+ */
+void ldns_resolver_set_domain(ldns_resolver *r, ldns_rdf *rd);
+
+/**
+ * Set the resolver's socket time out when talking to remote hosts
+ * \param[in] r the resolver
+ * \param[in] timeout the timeout to use
+ */
+void ldns_resolver_set_timeout(ldns_resolver *r, struct timeval timeout);
+
+/**
+ * Push a new rd to the resolver's searchlist
+ * \param[in] r the resolver
+ * \param[in] rd to push
+ */
+void ldns_resolver_push_searchlist(ldns_resolver *r, ldns_rdf *rd);
+
+/**
+ * Whether the resolver uses the name set with _set_domain
+ * \param[in] r the resolver
+ * \param[in] b true: use the defaults, false: don't use them
+ */
+void ldns_resolver_set_defnames(ldns_resolver *r, bool b);
+
+/**
+ * Whether the resolver uses a virtual circuit (TCP)
+ * \param[in] r the resolver
+ * \param[in] b true: use TCP, false: don't use TCP
+ */
+void ldns_resolver_set_usevc(ldns_resolver *r, bool b);
+
+/**
+ * Whether the resolver uses the searchlist
+ * \param[in] r the resolver
+ * \param[in] b true: use the list, false: don't use the list
+ */
+void ldns_resolver_set_dnsrch(ldns_resolver *r, bool b);
+
+/**
+ * Whether the resolver uses DNSSEC
+ * \param[in] r the resolver
+ * \param[in] b true: use DNSSEC, false: don't use DNSSEC
+ */
+void ldns_resolver_set_dnssec(ldns_resolver *r, bool b);
+
+/**
+ * Whether the resolver uses the checking disable bit
+ * \param[in] r the resolver
+ * \param[in] b true: enable , false: don't use TCP
+ */
+void ldns_resolver_set_dnssec_cd(ldns_resolver *r, bool b);
+/**
+ * Set the resolver's DNSSEC anchor list directly. RRs should be of type DS or DNSKEY.
+ * \param[in] r the resolver
+ * \param[in] l the list of RRs to use as trust anchors
+ */
+void ldns_resolver_set_dnssec_anchors(ldns_resolver *r, ldns_rr_list * l);
+
+/**
+ * Push a new trust anchor to the resolver. It must be a DS or DNSKEY rr
+ * \param[in] r the resolver.
+ * \param[in] rr the RR to add as a trust anchor.
+ * \return a status
+ */
+ldns_status ldns_resolver_push_dnssec_anchor(ldns_resolver *r, ldns_rr *rr);
+
+/**
+ * Set the resolver retrans timeout (in seconds)
+ * \param[in] r the resolver
+ * \param[in] re the retransmission interval in seconds
+ */
+void ldns_resolver_set_retrans(ldns_resolver *r, uint8_t re);
+
+/**
+ * Set whether the resolvers truncation fallback mechanism is used
+ * when ldns_resolver_query() is called.
+ * \param[in] r the resolver
+ * \param[in] fallback whether to use the fallback mechanism
+ */
+void ldns_resolver_set_fallback(ldns_resolver *r, bool fallback);
+
+/**
+ * Set the resolver retry interval (in seconds)
+ * \param[in] r the resolver
+ * \param[in] re the retry interval
+ */
+void ldns_resolver_set_retry(ldns_resolver *r, uint8_t re);
+
+/**
+ * Whether the resolver uses ip6
+ * \param[in] r the resolver
+ * \param[in] i 0: no pref, 1: ip4, 2: ip6
+ */
+void ldns_resolver_set_ip6(ldns_resolver *r, uint8_t i);
+
+/**
+ * Whether or not to fail after one failed query
+ * \param[in] r the resolver
+ * \param[in] b true: yes fail, false: continue with next nameserver
+ */
+void ldns_resolver_set_fail(ldns_resolver *r, bool b);
+
+/**
+ * Whether or not to ignore the TC bit
+ * \param[in] r the resolver
+ * \param[in] b true: yes ignore, false: don't ignore
+ */
+void ldns_resolver_set_igntc(ldns_resolver *r, bool b);
+
+/**
+ * Set maximum udp size
+ * \param[in] r the resolver
+ * \param[in] s the udp max size
+ */
+void ldns_resolver_set_edns_udp_size(ldns_resolver *r, uint16_t s);
+
+/**
+ * Set the tsig key name
+ * \param[in] r the resolver
+ * \param[in] tsig_keyname the tsig key name
+ */
+void ldns_resolver_set_tsig_keyname(ldns_resolver *r, char *tsig_keyname);
+
+/**
+ * Set the tsig algorithm
+ * \param[in] r the resolver
+ * \param[in] tsig_algorithm the tsig algorithm
+ */
+void ldns_resolver_set_tsig_algorithm(ldns_resolver *r, char *tsig_algorithm);
+
+/**
+ * Set the tsig key data
+ * \param[in] r the resolver
+ * \param[in] tsig_keydata the key data
+ */
+void ldns_resolver_set_tsig_keydata(ldns_resolver *r, char *tsig_keydata);
+
+/**
+ * Set round trip time for all nameservers. Note this currently
+ * differentiates between: unreachable and reachable.
+ * \param[in] r the resolver
+ * \param[in] rtt a list with the times
+ */
+void ldns_resolver_set_rtt(ldns_resolver *r, size_t *rtt);
+
+/**
+ * Set round trip time for a specific nameserver. Note this
+ * currently differentiates between: unreachable and reachable.
+ * \param[in] r the resolver
+ * \param[in] pos the nameserver position
+ * \param[in] value the rtt
+ */
+void ldns_resolver_set_nameserver_rtt(ldns_resolver *r, size_t pos, size_t value);
+
+/**
+ * Should the nameserver list be randomized before each use
+ * \param[in] r the resolver
+ * \param[in] b: true: randomize, false: don't
+ */
+void ldns_resolver_set_random(ldns_resolver *r, bool b);
+
+/**
+ * Push a new nameserver to the resolver. It must be an IP
+ * address v4 or v6.
+ * \param[in] r the resolver
+ * \param[in] n the ip address
+ * \return ldns_status a status
+ */
+ldns_status ldns_resolver_push_nameserver(ldns_resolver *r, ldns_rdf *n);
+
+/**
+ * Push a new nameserver to the resolver. It must be an
+ * A or AAAA RR record type
+ * \param[in] r the resolver
+ * \param[in] rr the resource record
+ * \return ldns_status a status
+ */
+ldns_status ldns_resolver_push_nameserver_rr(ldns_resolver *r, ldns_rr *rr);
+
+/**
+ * Push a new nameserver rr_list to the resolver.
+ * \param[in] r the resolver
+ * \param[in] rrlist the rr_list to push
+ * \return ldns_status a status
+ */
+ldns_status ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, ldns_rr_list *rrlist);
+
+/**
+ * Send the query for using the resolver and take the search list into account
+ * The search algorithm is as follows:
+ * If the name is absolute, try it as-is, otherwise apply the search list
+ * \param[in] *r operate using this resolver
+ * \param[in] *rdf query for this name
+ * \param[in] t query for this type (may be 0, defaults to A)
+ * \param[in] c query for this class (may be 0, default to IN)
+ * \param[in] flags the query flags
+ * \return ldns_pkt* a packet with the reply from the nameserver
+ */
+ldns_pkt* ldns_resolver_search(const ldns_resolver *r, const ldns_rdf *rdf, ldns_rr_type t, ldns_rr_class c, uint16_t flags);
+
+/**
+ * Form a query packet from a resolver and name/type/class combo
+ * \param[out] **q a pointer to a ldns_pkt pointer (initialized by this function)
+ * \param[in] *r operate using this resolver
+ * \param[in] *name query for this name
+ * \param[in] t query for this type (may be 0, defaults to A)
+ * \param[in] c query for this class (may be 0, default to IN)
+ * \param[in] f the query flags
+ * \return ldns_pkt* a packet with the reply from the nameserver
+ */
+ldns_status ldns_resolver_prepare_query_pkt(ldns_pkt **q, ldns_resolver *r, const  ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t f);
+
+/**
+ * Send the query for name as-is
+ * \param[out] **answer a pointer to a ldns_pkt pointer (initialized by this function)
+ * \param[in] *r operate using this resolver
+ * \param[in] *name query for this name
+ * \param[in] t query for this type (may be 0, defaults to A)
+ * \param[in] c query for this class (may be 0, default to IN)
+ * \param[in] flags the query flags
+ * \return ldns_pkt* a packet with the reply from the nameserver
+ */
+ldns_status ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags);
+
+/**
+ * Send the given packet to a nameserver
+ * \param[out] **answer a pointer to a ldns_pkt pointer (initialized by this function)
+ * \param[in] *r operate using this resolver
+ * \param[in] *query_pkt query
+ */
+ldns_status ldns_resolver_send_pkt(ldns_pkt **answer, ldns_resolver *r, ldns_pkt *query_pkt);
+
+/**
+ * Send a query to a nameserver
+ * \param[in] *r operate using this resolver
+ * \param[in] *name query for this name
+ * \param[in] *t query for this type (may be 0, defaults to A)
+ * \param[in] *c query for this class (may be 0, default to IN)
+ * \param[in] flags the query flags
+ * \return ldns_pkt* a packet with the reply from the nameserver
+ * if _defnames is true the default domain will be added
+ */
+ldns_pkt* ldns_resolver_query(const ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags);
+
+
+/**
+ * Create a new resolver structure
+ * \return ldns_resolver* pointer to new strcture
+ */
+ldns_resolver* ldns_resolver_new(void);
+
+/**
+ * Create a resolver structure from a file like /etc/resolv.conf
+ * \param[out] r the new resolver
+ * \param[in] fp file pointer to create new resolver from
+ *      if NULL use /etc/resolv.conf
+ * \return LDNS_STATUS_OK or the error
+ */
+ldns_status ldns_resolver_new_frm_fp(ldns_resolver **r, FILE *fp);
+
+/**
+ * Create a resolver structure from a file like /etc/resolv.conf
+ * \param[out] r the new resolver
+ * \param[in] fp file pointer to create new resolver from
+ *      if NULL use /etc/resolv.conf
+ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+ * \return LDNS_STATUS_OK or the error
+ */
+ldns_status ldns_resolver_new_frm_fp_l(ldns_resolver **r, FILE *fp, int *line_nr);
+
+/**
+ * Configure a resolver by means of a resolv.conf file
+ * The file may be NULL in which case there will  be
+ * looked the RESOLV_CONF (defaults to /etc/resolv.conf
+ * \param[out] r the new resolver
+ * \param[in] filename the filename to use
+ * \return LDNS_STATUS_OK or the error
+ */
+ldns_status ldns_resolver_new_frm_file(ldns_resolver **r, const char *filename);
+
+/**
+ * Frees the allocated space for this resolver. Only frees the resolver pionter! You should probably be using _deep_free.
+ * \param res resolver to free
+ */
+void ldns_resolver_free(ldns_resolver *res);
+
+/**
+ * Frees the allocated space for this resolver and all it's data
+ * \param res resolver to free
+ */
+void ldns_resolver_deep_free(ldns_resolver *res);
+
+/**
+ * Get the next stream of RRs in a AXFR
+ * \param[in] resolver the resolver to use. First ldns_axfr_start() must be
+ * called
+ * \return ldns_rr the next RR from the AXFR stream
+ * After you get this returned RR (not NULL: on error), then check if 
+ * ldns_axfr_complete() is true to see if the zone transfer has completed.
+ */
+ldns_rr* ldns_axfr_next(ldns_resolver *resolver);
+
+/**
+ * Returns true if the axfr transfer has completed (i.e. 2 SOA RRs and no errors were encountered
+ * \param[in] resolver the resolver that is used
+ * \return bool true if axfr transfer was completed without error
+ */
+bool ldns_axfr_complete(const ldns_resolver *resolver);
+
+/**
+ * Returns a pointer to the last ldns_pkt that was sent by the server in the AXFR transfer
+ * uasable for instance to get the error code on failure
+ * \param[in] res the resolver that was used in the axfr transfer
+ * \return ldns_pkt the last packet sent
+ */
+ldns_pkt *ldns_axfr_last_pkt(const ldns_resolver *res);
+
+/**
+ * Randomize the nameserver list in the resolver
+ * \param[in] r the resolver
+ */
+void ldns_resolver_nameservers_randomize(ldns_resolver *r);
+
+/**
+ * Returns true if at least one of the provided keys is a trust anchor
+ * \param[in] r the current resolver
+ * \param[in] keys the keyset to check
+ * \param[out] trusted_keys the subset of trusted keys in the 'keys' rrset
+ * \return true if at least one of the provided keys is a configured trust anchor
+ */
+bool ldns_resolver_trusted_key(const ldns_resolver *r, ldns_rr_list * keys, ldns_rr_list * trusted_keys);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  /* LDNS_RESOLVER_H */
diff --git a/3rdParty/Ldns/src/include/ldns/rr.h b/3rdParty/Ldns/src/include/ldns/rr.h
new file mode 100644
index 0000000..2e1dd76
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/rr.h
@@ -0,0 +1,886 @@
+/*
+ * rr.h -  resource record definitions
+ *
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2005-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+/**
+ * \file
+ *
+ * Contains the definition of ldns_rr and functions to manipulate those.
+ */
+
+
+#ifndef LDNS_RR_H
+#define LDNS_RR_H
+
+#include <ldns/common.h>
+#include <ldns/rdata.h>
+#include <ldns/buffer.h>
+#include <ldns/error.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** Maximum length of a dname label */
+#define LDNS_MAX_LABELLEN     63
+/** Maximum length of a complete dname */
+#define LDNS_MAX_DOMAINLEN    255
+/** Maximum number of pointers in 1 dname */
+#define LDNS_MAX_POINTERS	65535
+/** The bytes TTL, CLASS and length use up in an rr */
+#define LDNS_RR_OVERHEAD	10
+
+/* The first fields are 'common' and can be referenced instantly */
+#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON 52
+
+
+
+/**
+ *  The different RR classes.
+ */
+enum ldns_enum_rr_class
+{
+	/** the Internet */
+	LDNS_RR_CLASS_IN 	= 1,
+	/** Chaos class */
+	LDNS_RR_CLASS_CH	= 3,
+	/** Hesiod (Dyer 87) */
+	LDNS_RR_CLASS_HS	= 4,
+    /** None class, dynamic update */
+    LDNS_RR_CLASS_NONE      = 254,
+	/** Any class */
+	LDNS_RR_CLASS_ANY	= 255,
+
+	LDNS_RR_CLASS_FIRST     = 0,
+	LDNS_RR_CLASS_LAST      = 65535,
+	LDNS_RR_CLASS_COUNT     = LDNS_RR_CLASS_LAST - LDNS_RR_CLASS_FIRST + 1
+};
+typedef enum ldns_enum_rr_class ldns_rr_class;
+
+/**
+ *  Used to specify whether compression is allowed.
+ */
+enum ldns_enum_rr_compress
+{
+	/** compression is allowed */
+	LDNS_RR_COMPRESS,
+	LDNS_RR_NO_COMPRESS
+};
+typedef enum ldns_enum_rr_compress ldns_rr_compress;
+
+/**
+ * The different RR types.
+ */
+enum ldns_enum_rr_type
+{
+	/**  a host address */
+	LDNS_RR_TYPE_A = 1,
+	/**  an authoritative name server */
+	LDNS_RR_TYPE_NS = 2,
+	/**  a mail destination (Obsolete - use MX) */
+	LDNS_RR_TYPE_MD = 3,
+	/**  a mail forwarder (Obsolete - use MX) */
+	LDNS_RR_TYPE_MF = 4,
+	/**  the canonical name for an alias */
+	LDNS_RR_TYPE_CNAME = 5,
+	/**  marks the start of a zone of authority */
+	LDNS_RR_TYPE_SOA = 6,
+	/**  a mailbox domain name (EXPERIMENTAL) */
+	LDNS_RR_TYPE_MB = 7,
+	/**  a mail group member (EXPERIMENTAL) */
+	LDNS_RR_TYPE_MG = 8,
+	/**  a mail rename domain name (EXPERIMENTAL) */
+	LDNS_RR_TYPE_MR = 9,
+	/**  a null RR (EXPERIMENTAL) */
+	LDNS_RR_TYPE_NULL = 10,
+	/**  a well known service description */
+	LDNS_RR_TYPE_WKS = 11,
+	/**  a domain name pointer */
+	LDNS_RR_TYPE_PTR = 12,
+	/**  host information */
+	LDNS_RR_TYPE_HINFO = 13,
+	/**  mailbox or mail list information */
+	LDNS_RR_TYPE_MINFO = 14,
+	/**  mail exchange */
+	LDNS_RR_TYPE_MX = 15,
+	/**  text strings */
+	LDNS_RR_TYPE_TXT = 16,
+	/**  RFC1183 */
+	LDNS_RR_TYPE_RP = 17,
+	/**  RFC1183 */
+	LDNS_RR_TYPE_AFSDB = 18,
+	/**  RFC1183 */
+	LDNS_RR_TYPE_X25 = 19,
+	/**  RFC1183 */
+	LDNS_RR_TYPE_ISDN = 20,
+	/**  RFC1183 */
+	LDNS_RR_TYPE_RT = 21,
+	/**  RFC1706 */
+	LDNS_RR_TYPE_NSAP = 22,
+	/**  RFC1348 */
+	LDNS_RR_TYPE_NSAP_PTR = 23,
+	/**  2535typecode */
+	LDNS_RR_TYPE_SIG = 24,
+	/**  2535typecode */
+	LDNS_RR_TYPE_KEY = 25,
+	/**  RFC2163 */
+	LDNS_RR_TYPE_PX = 26,
+	/**  RFC1712 */
+	LDNS_RR_TYPE_GPOS = 27,
+	/**  ipv6 address */
+	LDNS_RR_TYPE_AAAA = 28,
+	/**  LOC record  RFC1876 */
+	LDNS_RR_TYPE_LOC = 29,
+	/**  2535typecode */
+	LDNS_RR_TYPE_NXT = 30,
+	/**  draft-ietf-nimrod-dns-01.txt */
+	LDNS_RR_TYPE_EID = 31,
+	/**  draft-ietf-nimrod-dns-01.txt */
+	LDNS_RR_TYPE_NIMLOC = 32,
+	/**  SRV record RFC2782 */
+	LDNS_RR_TYPE_SRV = 33,
+	/**  http://www.jhsoft.com/rfc/af-saa-0069.000.rtf */
+	LDNS_RR_TYPE_ATMA = 34,
+	/**  RFC2915 */
+	LDNS_RR_TYPE_NAPTR = 35,
+	/**  RFC2230 */
+	LDNS_RR_TYPE_KX = 36,
+	/**  RFC2538 */
+	LDNS_RR_TYPE_CERT = 37,
+	/**  RFC2874 */
+	LDNS_RR_TYPE_A6 = 38,
+	/**  RFC2672 */
+	LDNS_RR_TYPE_DNAME = 39,
+	/**  dnsind-kitchen-sink-02.txt */
+	LDNS_RR_TYPE_SINK = 40,
+	/**  Pseudo OPT record... */
+	LDNS_RR_TYPE_OPT = 41,
+	/**  RFC3123 */
+	LDNS_RR_TYPE_APL = 42,
+	/**  draft-ietf-dnsext-delegation */
+	LDNS_RR_TYPE_DS = 43,
+	/**  SSH Key Fingerprint */
+	LDNS_RR_TYPE_SSHFP = 44,
+	/**  draft-richardson-ipseckey-rr-11.txt */
+	LDNS_RR_TYPE_IPSECKEY = 45,
+	/**  draft-ietf-dnsext-dnssec-25 */
+	LDNS_RR_TYPE_RRSIG = 46,
+	LDNS_RR_TYPE_NSEC = 47,
+	LDNS_RR_TYPE_DNSKEY = 48,
+	LDNS_RR_TYPE_DHCID = 49,
+
+	LDNS_RR_TYPE_NSEC3 = 50,
+	LDNS_RR_TYPE_NSEC3PARAM = 51,
+	LDNS_RR_TYPE_NSEC3PARAMS = 51,
+
+        /** draft-ietf-dnsop-trust-history */
+        LDNS_RR_TYPE_TALINK = 58,
+
+	LDNS_RR_TYPE_SPF = 99,
+
+	LDNS_RR_TYPE_UINFO = 100,
+	LDNS_RR_TYPE_UID = 101,
+	LDNS_RR_TYPE_GID = 102,
+	LDNS_RR_TYPE_UNSPEC = 103,
+
+	LDNS_RR_TYPE_TSIG = 250,
+	LDNS_RR_TYPE_IXFR = 251,
+	LDNS_RR_TYPE_AXFR = 252,
+	/**  A request for mailbox-related records (MB, MG or MR) */
+	LDNS_RR_TYPE_MAILB = 253,
+	/**  A request for mail agent RRs (Obsolete - see MX) */
+	LDNS_RR_TYPE_MAILA = 254,
+	/**  any type (wildcard) */
+	LDNS_RR_TYPE_ANY = 255,
+
+	/* RFC 4431, 5074, DNSSEC Lookaside Validation */
+	LDNS_RR_TYPE_DLV = 32769,
+
+	/* type codes from nsec3 experimental phase
+	LDNS_RR_TYPE_NSEC3 = 65324,
+	LDNS_RR_TYPE_NSEC3PARAMS = 65325, */
+	LDNS_RR_TYPE_FIRST = 0,
+	LDNS_RR_TYPE_LAST  = 65535,
+	LDNS_RR_TYPE_COUNT = LDNS_RR_TYPE_LAST - LDNS_RR_TYPE_FIRST + 1
+};
+typedef enum ldns_enum_rr_type ldns_rr_type;
+
+/**
+ * Resource Record
+ *
+ * This is the basic DNS element that contains actual data
+ *
+ * From RFC1035:
+ * <pre>
+3.2.1. Format
+
+All RRs have the same top level format shown below:
+
+                                    1  1  1  1  1  1
+      0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                                               |
+    /                                               /
+    /                      NAME                     /
+    |                                               |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                      TYPE                     |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                     CLASS                     |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                      TTL                      |
+    |                                               |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                   RDLENGTH                    |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
+    /                     RDATA                     /
+    /                                               /
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+NAME            an owner name, i.e., the name of the node to which this
+                resource record pertains.
+
+TYPE            two octets containing one of the RR TYPE codes.
+
+CLASS           two octets containing one of the RR CLASS codes.
+
+TTL             a 32 bit signed integer that specifies the time interval
+                that the resource record may be cached before the source
+                of the information should again be consulted.  Zero
+                values are interpreted to mean that the RR can only be
+                used for the transaction in progress, and should not be
+                cached.  For example, SOA records are always distributed
+                with a zero TTL to prohibit caching.  Zero values can
+                also be used for extremely volatile data.
+
+RDLENGTH        an unsigned 16 bit integer that specifies the length in
+                octets of the RDATA field.
+
+RDATA           a variable length string of octets that describes the
+                resource.  The format of this information varies
+                according to the TYPE and CLASS of the resource record.
+ * </pre>
+ *
+ * The actual amount and type of rdata fields depend on the RR type of the
+ * RR, and can be found by using \ref ldns_rr_descriptor functions.
+ */
+struct ldns_struct_rr
+{
+	/**  Owner name, uncompressed */
+	ldns_rdf	*_owner;
+	/**  Time to live  */
+	uint32_t	_ttl;
+	/**  Number of data fields */
+	size_t	        _rd_count;
+	/**  the type of the RR. A, MX etc. */
+	ldns_rr_type	_rr_type;
+	/**  Class of the resource record.  */
+	ldns_rr_class	_rr_class;
+	/* everything in the rdata is in network order */
+	/**  The array of rdata's */
+	ldns_rdf	 **_rdata_fields;
+	/**  question rr [it would be nicer if thous is after _rd_count]
+		 ABI change: Fix this in next major release
+	 */
+	bool		_rr_question;
+};
+typedef struct ldns_struct_rr ldns_rr;
+
+/**
+ * List or Set of Resource Records
+ *
+ * Contains a list of rr's <br>
+ * No official RFC-like checks are made
+ */
+struct ldns_struct_rr_list
+{
+	size_t _rr_count;
+	size_t _rr_capacity;
+	ldns_rr **_rrs;
+};
+typedef struct ldns_struct_rr_list ldns_rr_list;
+
+/**
+ * Contains all information about resource record types.
+ *
+ * This structure contains, for all rr types, the rdata fields that are defined.
+ */
+struct ldns_struct_rr_descriptor
+{
+	/** Type of the RR that is described here */
+	ldns_rr_type    _type;
+	/** Textual name of the RR type.  */
+	const char *_name;
+	/** Minimum number of rdata fields in the RRs of this type.  */
+	uint8_t     _minimum;
+	/** Maximum number of rdata fields in the RRs of this type.  */
+	uint8_t     _maximum;
+	/** Wireformat specification for the rr, i.e. the types of rdata fields in their respective order. */
+	const ldns_rdf_type *_wireformat;
+	/** Special rdf types */
+	ldns_rdf_type _variable;
+	/** Specifies whether compression can be used for dnames in this RR type. */
+	ldns_rr_compress _compress;
+	/** The number of DNAMEs in the _wireformat string, for parsing. */
+	uint8_t _dname_count;
+};
+typedef struct ldns_struct_rr_descriptor ldns_rr_descriptor;
+
+/**
+ * creates a new rr structure.
+ * \return ldns_rr *
+ */
+ldns_rr* ldns_rr_new(void);
+
+/**
+ * creates a new rr structure, based on the given type.
+ * alloc enough space to hold all the rdf's
+ */
+ldns_rr* ldns_rr_new_frm_type(ldns_rr_type t);
+
+/**
+ * frees an RR structure
+ * \param[in] *rr the RR to be freed
+ * \return void
+ */
+void ldns_rr_free(ldns_rr *rr);
+
+/**
+ * creates an rr from a string.
+ * The string should be a fully filled-in rr, like
+ * ownername &lt;space&gt; TTL &lt;space&gt; CLASS &lt;space&gt;
+ * TYPE &lt;space&gt; RDATA.
+ * \param[out] n the rr to return
+ * \param[in] str the string to convert
+ * \param[in] default_ttl default ttl value for the rr.
+ *            If 0 DEF_TTL will be used
+ * \param[in] origin when the owner is relative add this.
+ *	The caller must ldns_rdf_deep_free it.
+ * \param[out] prev the previous ownername. if this value is not NULL,
+ * the function overwrites this with the ownername found in this
+ * string. The caller must then ldns_rdf_deep_free it.
+ * \return a status msg describing an error or LDNS_STATUS_OK
+ */
+ldns_status ldns_rr_new_frm_str(ldns_rr **n, const char *str,
+                                uint32_t default_ttl, ldns_rdf *origin,
+                                ldns_rdf **prev);
+
+/**
+ * creates an rr for the question section from a string, i.e.
+ * without RDATA fields
+ * Origin and previous RR functionality are the same as in
+ * ldns_rr_new_frm_str()
+ * \param[out] n the rr to return
+ * \param[in] str the string to convert
+ * \param[in] origin when the owner is relative add this.
+ *	The caller must ldns_rdf_deep_free it.
+ * \param prev the previous ownername. the function overwrite this with
+ * the current found ownername. The caller must ldns_rdf_deep_free it.
+ * \return a status msg describing an error or LDNS_STATUS_OK
+ */
+ldns_status ldns_rr_new_question_frm_str(ldns_rr **n, const char *str,
+                                ldns_rdf *origin, ldns_rdf **prev);
+
+/**
+ * creates a new rr from a file containing a string.
+ * \param[out] rr the new rr
+ * \param[in] fp the file pointer to use
+ * \param[in] default_ttl pointer to a default ttl for the rr. If NULL DEF_TTL will be used
+ *            the pointer will be updated if the file contains a $TTL directive
+ * \param[in] origin when the owner is relative add this
+ * 	      the pointer will be updated if the file contains a $ORIGIN directive
+ *	      The caller must ldns_rdf_deep_free it.
+ * \param[in] prev when the owner is whitespaces use this as the * ownername
+ *            the pointer will be updated after the call
+ *	      The caller must ldns_rdf_deep_free it.
+ * \return a ldns_status with an error or LDNS_STATUS_OK
+ */
+ldns_status ldns_rr_new_frm_fp(ldns_rr **rr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev);
+
+/**
+ * creates a new rr from a file containing a string.
+ * \param[out] rr the new rr
+ * \param[in] fp the file pointer to use
+ * \param[in] default_ttl a default ttl for the rr. If NULL DEF_TTL will be used
+ *            the pointer will be updated if the file contains a $TTL directive
+ * \param[in] origin when the owner is relative add this
+ * 	      the pointer will be updated if the file contains a $ORIGIN directive
+ *	      The caller must ldns_rdf_deep_free it.
+ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+ * \param[in] prev when the owner is whitespaces use this as the * ownername
+ *            the pointer will be updated after the call
+ *	      The caller must ldns_rdf_deep_free it.
+ * \return a ldns_status with an error or LDNS_STATUS_OK
+ */
+ldns_status ldns_rr_new_frm_fp_l(ldns_rr **rr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, int *line_nr);
+
+/**
+ * sets the owner in the rr structure.
+ * \param[in] *rr rr to operate on
+ * \param[in] *owner set to this owner
+ * \return void
+ */
+void ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner);
+
+/**
+ * sets the question flag in the rr structure.
+ * \param[in] *rr rr to operate on
+ * \param[in] question question flag
+ * \return void
+ */
+void ldns_rr_set_question(ldns_rr *rr, bool question);
+
+/**
+ * sets the ttl in the rr structure.
+ * \param[in] *rr rr to operate on
+ * \param[in] ttl set to this ttl
+ * \return void
+ */
+void ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl);
+
+/**
+ * sets the rd_count in the rr.
+ * \param[in] *rr rr to operate on
+ * \param[in] count set to this count
+ * \return void
+ */
+void ldns_rr_set_rd_count(ldns_rr *rr, size_t count);
+
+/**
+ * sets the type in the rr.
+ * \param[in] *rr rr to operate on
+ * \param[in] rr_type set to this type
+ * \return void
+ */
+void ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type);
+
+/**
+ * sets the class in the rr.
+ * \param[in] *rr rr to operate on
+ * \param[in] rr_class set to this class
+ * \return void
+ */
+void ldns_rr_set_class(ldns_rr *rr, ldns_rr_class rr_class);
+
+/**
+ * sets a rdf member, it will be set on the
+ * position given. The old value is returned, like pop.
+ * \param[in] *rr the rr to operate on
+ * \param[in] *f the rdf to set
+ * \param[in] position the position the set the rdf
+ * \return  the old value in the rr, NULL on failyre
+ */
+ldns_rdf* ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position);
+
+/**
+ * sets rd_field member, it will be
+ * placed in the next available spot.
+ * \param[in] *rr rr to operate on
+ * \param[in] *f the data field member to set
+ * \return bool
+ */
+bool ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f);
+
+/**
+ * removes a rd_field member, it will be
+ * popped from the last position.
+ * \param[in] *rr rr to operate on
+ * \return rdf which was popped (null if nothing)
+ */
+ldns_rdf* ldns_rr_pop_rdf(ldns_rr *rr);
+
+/**
+ * returns the rdata field member counter.
+ * \param[in] *rr rr to operate on
+ * \param[in] nr the number of the rdf to return
+ * \return ldns_rdf *
+ */
+ldns_rdf* ldns_rr_rdf(const ldns_rr *rr, size_t nr);
+
+/**
+ * returns the owner name of an rr structure.
+ * \param[in] *rr rr to operate on
+ * \return ldns_rdf *
+ */
+ldns_rdf* ldns_rr_owner(const ldns_rr *rr);
+
+/**
+ * returns the question flag of an rr structure.
+ * \param[in] *rr rr to operate on
+ * \return bool true if question
+ */
+bool ldns_rr_is_question(const ldns_rr *rr);
+
+/**
+ * returns the ttl of an rr structure.
+ * \param[in] *rr the rr to read from
+ * \return the ttl of the rr
+ */
+uint32_t ldns_rr_ttl(const ldns_rr *rr);
+
+/**
+ * returns the rd_count of an rr structure.
+ * \param[in] *rr the rr to read from
+ * \return the rd count of the rr
+ */
+size_t ldns_rr_rd_count(const ldns_rr *rr);
+
+/**
+ * returns the type of the rr.
+ * \param[in] *rr the rr to read from
+ * \return the type of the rr
+ */
+ldns_rr_type ldns_rr_get_type(const ldns_rr *rr);
+
+/**
+ * returns the class of the rr.
+ * \param[in] *rr the rr to read from
+ * \return the class of the rr
+ */
+ldns_rr_class ldns_rr_get_class(const ldns_rr *rr);
+
+/* rr_lists */
+
+/**
+ * returns the number of rr's in an rr_list.
+ * \param[in] rr_list  the rr_list to read from
+ * \return the number of rr's
+ */
+size_t ldns_rr_list_rr_count(const ldns_rr_list *rr_list);
+
+/**
+ * sets the number of rr's in an rr_list.
+ * \param[in] rr_list the rr_list to set the count on
+ * \param[in] count the number of rr in this list
+ * \return void
+ */
+void ldns_rr_list_set_rr_count(ldns_rr_list *rr_list, size_t count);
+
+/**
+ * set a rr on a specific index in a ldns_rr_list
+ * \param[in] rr_list the rr_list to use
+ * \param[in] r the rr to set
+ * \param[in] count index into the rr_list
+ * \return the old rr which was stored in the rr_list, or
+ * NULL is the index was too large
+ * set a specific rr */
+ldns_rr * ldns_rr_list_set_rr(ldns_rr_list *rr_list, const ldns_rr *r, size_t count);
+
+/**
+ * returns a specific rr of an rrlist.
+ * \param[in] rr_list the rr_list to read from
+ * \param[in] nr return this rr
+ * \return the rr at position nr
+ */
+ldns_rr* ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr);
+
+/**
+ * creates a new rr_list structure.
+ * \return a new rr_list structure
+ */
+ldns_rr_list* ldns_rr_list_new();
+
+/**
+ * frees an rr_list structure.
+ * \param[in] rr_list the list to free
+ */
+void ldns_rr_list_free(ldns_rr_list *rr_list);
+
+/**
+ * frees an rr_list structure and all rrs contained therein.
+ * \param[in] rr_list the list to free
+ */
+void ldns_rr_list_deep_free(ldns_rr_list *rr_list);
+
+/**
+ * concatenates two ldns_rr_lists together. This modifies
+ * *left (to extend it and add the pointers from *right).
+ * \param[in] left the leftside
+ * \param[in] right the rightside
+ * \return a left with right concatenated to it
+ */
+bool ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right);
+
+/**
+ * concatenates two ldns_rr_lists together, but makes clones of the rr's 
+ * (instead of pointer copying).
+ * \param[in] left the leftside
+ * \param[in] right the rightside
+ * \return a new rr_list with leftside/rightside concatenated
+ */
+ldns_rr_list* ldns_rr_list_cat_clone(ldns_rr_list *left, ldns_rr_list *right);
+
+/**
+ * pushes an rr to an rrlist.
+ * \param[in] rr_list the rr_list to push to 
+ * \param[in] rr the rr to push 
+ * \return false on error, otherwise true
+ */
+bool ldns_rr_list_push_rr(ldns_rr_list *rr_list, const ldns_rr *rr);
+
+/**
+ * pushes an rr_list to an rrlist.
+ * \param[in] rr_list the rr_list to push to 
+ * \param[in] push_list the rr_list to push 
+ * \return false on error, otherwise true
+ */
+bool ldns_rr_list_push_rr_list(ldns_rr_list *rr_list, const ldns_rr_list *push_list);
+
+/**
+ * pops the last rr from an rrlist.
+ * \param[in] rr_list the rr_list to pop from
+ * \return NULL if nothing to pop. Otherwise the popped RR
+ */
+ldns_rr* ldns_rr_list_pop_rr(ldns_rr_list *rr_list);
+
+/**
+ * pops an  rr_list of size s from an rrlist.
+ * \param[in] rr_list the rr_list to pop from
+ * \param[in] size the number of rr's to pop 
+ * \return NULL if nothing to pop. Otherwise the popped rr_list
+ */
+ldns_rr_list* ldns_rr_list_pop_rr_list(ldns_rr_list *rr_list, size_t size);
+
+/**
+ * returns true if the given rr is one of the rrs in the
+ * list, or if it is equal to one
+ * \param[in] rr_list the rr_list to check
+ * \param[in] rr the rr to check
+ * \return true if rr_list contains rr, false otherwise
+ */
+bool ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, ldns_rr *rr); 
+
+/**
+ * checks if an rr_list is a rrset.
+ * \param[in] rr_list the rr_list to check
+ * \return true if it is an rrset otherwise false
+ */
+bool ldns_is_rrset(ldns_rr_list *rr_list);
+
+/**
+ * pushes an rr to an rrset (which really are rr_list's).
+ * \param[in] *rr_list the rrset to push the rr to
+ * \param[in] *rr the rr to push
+ * \return true if the push succeeded otherwise false
+ */
+bool ldns_rr_set_push_rr(ldns_rr_list *rr_list, ldns_rr *rr);
+
+/**
+ * pops the last rr from an rrset. This function is there only
+ * for the symmetry.
+ * \param[in] rr_list the rr_list to pop from
+ * \return NULL if nothing to pop. Otherwise the popped RR
+ *
+ */
+ldns_rr* ldns_rr_set_pop_rr(ldns_rr_list *rr_list);
+
+/**
+ * pops the first rrset from the list,
+ * the list must be sorted, so that all rr's from each rrset
+ * are next to each other
+ */
+ldns_rr_list *ldns_rr_list_pop_rrset(ldns_rr_list *rr_list);
+
+
+/**
+ * retrieves a rrtype by looking up its name.
+ * \param[in] name a string with the name
+ * \return the type which corresponds with the name
+ */
+ldns_rr_type ldns_get_rr_type_by_name(const char *name);
+
+/**
+ * retrieves a class by looking up its name.
+ * \param[in] name string with the name
+ * \return the cass which corresponds with the name
+ */
+ldns_rr_class ldns_get_rr_class_by_name(const char *name);
+
+/**
+ * clones a rr and all its data
+ * \param[in] rr the rr to clone
+ * \return the new rr or NULL on failure
+ */
+ldns_rr* ldns_rr_clone(const ldns_rr *rr);
+
+/**
+ * clones an rrlist.
+ * \param[in] rrlist the rrlist to clone
+ * \return the cloned rr list
+ */
+ldns_rr_list* ldns_rr_list_clone(const ldns_rr_list *rrlist);
+
+/**
+ * sorts an rr_list (canonical wire format). the sorting is done inband.
+ * \param[in] unsorted the rr_list to be sorted
+ * \return void
+ */
+void ldns_rr_list_sort(ldns_rr_list *unsorted);
+
+/**
+ * compares two rrs. The TTL is not looked at.
+ * \param[in] rr1 the first one
+ * \param[in] rr2 the second one
+ * \return 0 if equal
+ *         -1 if rr1 comes before rr2
+ *         +1 if rr2 comes before rr1
+ */
+int ldns_rr_compare(const ldns_rr *rr1, const ldns_rr *rr2);
+
+/**
+ * compares two rrs, up to the rdata.
+ * \param[in] rr1 the first one
+ * \param[in] rr2 the second one
+ * \return 0 if equal
+ *         -1 if rr1 comes before rr2
+ *         +1 if rr2 comes before rr1
+ */
+int ldns_rr_compare_no_rdata(const ldns_rr *rr1, const ldns_rr *rr2);
+
+/**
+ * compares the wireformat of two rrs, contained in the given buffers.
+ * \param[in] rr1_buf the first one
+ * \param[in] rr2_buf the second one
+ * \return 0 if equal
+ *         -1 if rr1_buf comes before rr2_buf
+ *         +1 if rr2_buf comes before rr1_buf
+ */
+int ldns_rr_compare_wire(ldns_buffer *rr1_buf, ldns_buffer *rr2_buf);
+
+/**
+ * returns true of the given rr's are equal.
+ * Also returns true if one record is a DS that represents the
+ * same DNSKEY record as the other record
+ * \param[in] rr1 the first rr
+ * \param[in] rr2 the second rr
+ * \return true if equal otherwise false
+ */
+bool ldns_rr_compare_ds(const ldns_rr *rr1, const ldns_rr *rr2);
+
+/**
+ * compares two rr listss.
+ * \param[in] rrl1 the first one
+ * \param[in] rrl2 the second one
+ * \return 0 if equal
+ *         -1 if rrl1 comes before rrl2
+ *         +1 if rrl2 comes before rrl1
+ */
+int ldns_rr_list_compare(const ldns_rr_list *rrl1, const ldns_rr_list *rrl2);
+
+/** 
+ * calculates the uncompressed size of an RR.
+ * \param[in] r the rr to operate on
+ * \return size of the rr
+ */
+size_t ldns_rr_uncompressed_size(const ldns_rr *r);
+
+/** 
+ * converts each dname in a rr to its canonical form.
+ * \param[in] rr the rr to work on
+ * \return void
+ */
+void ldns_rr2canonical(ldns_rr *rr);
+
+/** 
+ * converts each dname in each rr in a rr_list to its canonical form.
+ * \param[in] rr_list the rr_list to work on
+ * \return void
+ */
+void ldns_rr_list2canonical(ldns_rr_list *rr_list);
+
+/** 
+ * counts the number of labels of the ownername.
+ * \param[in] rr count the labels of this rr
+ * \return the number of labels
+ */
+uint8_t ldns_rr_label_count(ldns_rr *rr);
+
+/**
+ * returns the resource record descriptor for the given rr type.
+ *
+ * \param[in] type the type value of the rr type
+ *\return the ldns_rr_descriptor for this type
+ */
+const ldns_rr_descriptor *ldns_rr_descript(uint16_t type);
+
+/**
+ * returns the minimum number of rdata fields of the rr type this descriptor describes.
+ *
+ * \param[in]  descriptor for an rr type
+ * \return the minimum number of rdata fields
+ */
+size_t ldns_rr_descriptor_minimum(const ldns_rr_descriptor *descriptor);
+
+/**
+ * returns the maximum number of rdata fields of the rr type this descriptor describes.
+ *
+ * \param[in]  descriptor for an rr type
+ * \return the maximum number of rdata fields
+ */
+size_t ldns_rr_descriptor_maximum(const ldns_rr_descriptor *descriptor);
+
+/**
+ * returns the rdf type for the given rdata field number of the rr type for the given descriptor.
+ *
+ * \param[in] descriptor for an rr type
+ * \param[in] field the field number
+ * \return the rdf type for the field
+ */
+ldns_rdf_type ldns_rr_descriptor_field_type(const ldns_rr_descriptor *descriptor, size_t field);
+
+/**
+ * Return the rr_list which matches the rdf at position field. Think
+ * type-covered stuff for RRSIG
+ * 
+ * \param[in] l the rr_list to look in
+ * \param[in] r the rdf to use for the comparison
+ * \param[in] pos at which position can we find the rdf
+ * 
+ * \return a new rr list with only the RRs that match 
+ *
+ */
+ldns_rr_list *ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, size_t pos);
+
+/**
+ * convert an rdf of type LDNS_RDF_TYPE_TYPE to an actual
+ * LDNS_RR_TYPE. This is usefull in the case when inspecting
+ * the rrtype covered field of an RRSIG.
+ * \param[in] rd the rdf to look at
+ * \return a ldns_rr_type with equivalent LDNS_RR_TYPE
+ *
+ */
+ldns_rr_type    ldns_rdf2rr_type(const ldns_rdf *rd);
+
+/**
+ * Returns the type of the first element of the RR
+ * If there are no elements present, 0 is returned
+ * 
+ * \param[in] rr_list The rr list
+ * \return rr_type of the first element, or 0 if the list is empty
+ */
+ldns_rr_type
+ldns_rr_list_type(const ldns_rr_list *rr_list);
+
+/**
+ * Returns the owner domain name rdf of the first element of the RR
+ * If there are no elements present, NULL is returned
+ * 
+ * \param[in] rr_list The rr list
+ * \return dname of the first element, or NULL if the list is empty
+ */
+ldns_rdf *
+ldns_rr_list_owner(const ldns_rr_list *rr_list);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDNS_RR_H */
diff --git a/3rdParty/Ldns/src/include/ldns/rr_functions.h b/3rdParty/Ldns/src/include/ldns/rr_functions.h
new file mode 100644
index 0000000..3db3b3d
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/rr_functions.h
@@ -0,0 +1,363 @@
+/*
+ * rr_functions.h
+ *
+ * the .h file with defs for the per rr
+ * functions
+ *
+ * a Net::DNS like library for C
+ * 
+ * (c) NLnet Labs, 2005-2006
+ * 
+ * See the file LICENSE for the license
+ */
+#ifndef LDNS_RR_FUNCTIONS_H
+#define LDNS_RR_FUNCTIONS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \file
+ *
+ * Defines some extra convenience functions for ldns_rr structures
+ */
+
+/* A / AAAA */
+/**
+ * returns the address of a LDNS_RR_TYPE_A rr
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the address or NULL on failure
+ */
+ldns_rdf* ldns_rr_a_address(const ldns_rr *r);
+
+/**
+ * sets the address of a LDNS_RR_TYPE_A rr
+ * \param[in] r the rr to use
+ * \param[in] f the address to set
+ * \return true on success, false otherwise
+ */
+bool ldns_rr_a_set_address(ldns_rr *r, ldns_rdf *f);
+
+/* NS */
+/**
+ * returns the name of a LDNS_RR_TYPE_NS rr
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the name or NULL on failure
+ */
+ldns_rdf* ldns_rr_ns_nsdname(const ldns_rr *r);
+
+/* MX */
+/**
+ * returns the mx pref. of a LDNS_RR_TYPE_MX rr
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the preference or NULL on failure
+ */
+ldns_rdf* ldns_rr_mx_preference(const ldns_rr *r);
+/**
+ * returns the mx host of a LDNS_RR_TYPE_MX rr
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the name of the MX host or NULL on failure
+ */
+ldns_rdf* ldns_rr_mx_exchange(const ldns_rr *r);
+
+/* RRSIG */
+/**
+ * returns the type covered of a LDNS_RR_TYPE_RRSIG rr
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the type covered or NULL on failure
+ */
+ldns_rdf* ldns_rr_rrsig_typecovered(const ldns_rr *r);
+/**
+ * sets the typecovered of a LDNS_RR_TYPE_RRSIG rr
+ * \param[in] r the rr to use
+ * \param[in] f the typecovered to set
+ * \return true on success, false otherwise
+ */
+bool ldns_rr_rrsig_set_typecovered(ldns_rr *r, ldns_rdf *f);
+/**
+ * returns the algorithm of a LDNS_RR_TYPE_RRSIG RR
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the algorithm or NULL on failure
+ */
+ldns_rdf* ldns_rr_rrsig_algorithm(const ldns_rr *r);
+/**
+ * sets the algorithm of a LDNS_RR_TYPE_RRSIG rr
+ * \param[in] r the rr to use
+ * \param[in] f the algorithm to set
+ * \return true on success, false otherwise
+ */
+bool ldns_rr_rrsig_set_algorithm(ldns_rr *r, ldns_rdf *f);
+/**
+ * returns the number of labels of a LDNS_RR_TYPE_RRSIG RR
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the number of labels or NULL on failure
+ */
+ldns_rdf *ldns_rr_rrsig_labels(const ldns_rr *r);
+/**
+ * sets the number of labels of a LDNS_RR_TYPE_RRSIG rr
+ * \param[in] r the rr to use
+ * \param[in] f the number of labels to set
+ * \return true on success, false otherwise
+ */
+bool ldns_rr_rrsig_set_labels(ldns_rr *r, ldns_rdf *f);
+/**
+ * returns the original TTL of a LDNS_RR_TYPE_RRSIG RR
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the original TTL or NULL on failure
+ */
+ldns_rdf* ldns_rr_rrsig_origttl(const ldns_rr *r);
+/**
+ * sets the original TTL of a LDNS_RR_TYPE_RRSIG rr
+ * \param[in] r the rr to use
+ * \param[in] f the original TTL to set
+ * \return true on success, false otherwise
+ */
+bool ldns_rr_rrsig_set_origttl(ldns_rr *r, ldns_rdf *f);
+/**
+ * returns the expiration time of a LDNS_RR_TYPE_RRSIG RR
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the expiration time or NULL on failure
+ */
+ldns_rdf* ldns_rr_rrsig_expiration(const ldns_rr *r);
+/**
+ * sets the expireation date of a LDNS_RR_TYPE_RRSIG rr
+ * \param[in] r the rr to use
+ * \param[in] f the expireation date to set
+ * \return true on success, false otherwise
+ */
+bool ldns_rr_rrsig_set_expiration(ldns_rr *r, ldns_rdf *f);
+/**
+ * returns the inception time of a LDNS_RR_TYPE_RRSIG RR
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the inception time or NULL on failure
+ */
+ldns_rdf* ldns_rr_rrsig_inception(const ldns_rr *r);
+/**
+ * sets the inception date of a LDNS_RR_TYPE_RRSIG rr
+ * \param[in] r the rr to use
+ * \param[in] f the inception date to set
+ * \return true on success, false otherwise
+ */
+bool ldns_rr_rrsig_set_inception(ldns_rr *r, ldns_rdf *f);
+/**
+ * returns the keytag of a LDNS_RR_TYPE_RRSIG RR
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the keytag or NULL on failure
+ */
+ldns_rdf* ldns_rr_rrsig_keytag(const ldns_rr *r);
+/**
+ * sets the keytag of a LDNS_RR_TYPE_RRSIG rr
+ * \param[in] r the rr to use
+ * \param[in] f the keytag to set
+ * \return true on success, false otherwise
+ */
+bool ldns_rr_rrsig_set_keytag(ldns_rr *r, ldns_rdf *f);
+/**
+ * returns the signers name of a LDNS_RR_TYPE_RRSIG RR
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the signers name or NULL on failure
+ */
+ldns_rdf* ldns_rr_rrsig_signame(const ldns_rr *r);
+/**
+ * sets the signers name of a LDNS_RR_TYPE_RRSIG rr
+ * \param[in] r the rr to use
+ * \param[in] f the signers name to set
+ * \return true on success, false otherwise
+ */
+bool ldns_rr_rrsig_set_signame(ldns_rr *r, ldns_rdf *f);
+/**
+ * returns the signature data of a LDNS_RR_TYPE_RRSIG RR
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the signature data or NULL on failure
+ */
+ldns_rdf* ldns_rr_rrsig_sig(const ldns_rr *r);
+/**
+ * sets the signature data of a LDNS_RR_TYPE_RRSIG rr
+ * \param[in] r the rr to use
+ * \param[in] f the signature data to set
+ * \return true on success, false otherwise
+ */
+bool ldns_rr_rrsig_set_sig(ldns_rr *r, ldns_rdf *f);
+
+/* DNSKEY */
+/**
+ * returns the flags of a LDNS_RR_TYPE_DNSKEY rr
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the flags or NULL on failure
+ */
+ldns_rdf* ldns_rr_dnskey_flags(const ldns_rr *r);
+/**
+ * sets the flags of a LDNS_RR_TYPE_DNSKEY rr
+ * \param[in] r the rr to use
+ * \param[in] f the flags to set
+ * \return true on success, false otherwise
+ */
+bool ldns_rr_dnskey_set_flags(ldns_rr *r, ldns_rdf *f);
+/**
+ * returns the protocol of a LDNS_RR_TYPE_DNSKEY rr
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the protocol or NULL on failure
+ */
+ldns_rdf* ldns_rr_dnskey_protocol(const ldns_rr *r);
+/**
+ * sets the protocol of a LDNS_RR_TYPE_DNSKEY rr
+ * \param[in] r the rr to use
+ * \param[in] f the protocol to set
+ * \return true on success, false otherwise
+ */
+bool ldns_rr_dnskey_set_protocol(ldns_rr *r, ldns_rdf *f);
+/**
+ * returns the algorithm of a LDNS_RR_TYPE_DNSKEY rr
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the algorithm or NULL on failure
+ */
+ldns_rdf* ldns_rr_dnskey_algorithm(const ldns_rr *r);
+/**
+ * sets the algorithm of a LDNS_RR_TYPE_DNSKEY rr
+ * \param[in] r the rr to use
+ * \param[in] f the algorithm to set
+ * \return true on success, false otherwise
+ */
+bool ldns_rr_dnskey_set_algorithm(ldns_rr *r, ldns_rdf *f);
+/**
+ * returns the key data of a LDNS_RR_TYPE_DNSKEY rr
+ * \param[in] r the resource record
+ * \return a ldns_rdf* with the key data or NULL on failure
+ */
+ldns_rdf* ldns_rr_dnskey_key(const ldns_rr *r);
+/**
+ * sets the key data of a LDNS_RR_TYPE_DNSKEY rr
+ * \param[in] r the rr to use
+ * \param[in] f the key data to set
+ * \return true on success, false otherwise
+ */
+bool ldns_rr_dnskey_set_key(ldns_rr *r, ldns_rdf *f);
+
+/**
+ * get the length of the keydata in bits
+ * \param[in] keydata the raw key data
+ * \param[in] len the length of the keydata
+ * \param[in] alg the cryptographic algorithm this is a key for
+ * \return the keysize in bits, or 0 on error
+ */
+size_t ldns_rr_dnskey_key_size_raw(const unsigned char *keydata,
+                                   const size_t len,
+                                   const ldns_algorithm alg);
+
+/**
+ * get the length of the keydata in bits
+ * \param[in] key the key rr to use
+ * \return the keysize in bits
+ */
+size_t ldns_rr_dnskey_key_size(const ldns_rr *key);
+
+/**
+ * The type of function to be passed to ldns_rr_soa_increment_func,
+ * ldns_rr_soa_increment_func_data or ldns_rr_soa_increment_int.
+ * The function will be called with as the first argument the current serial
+ * number of the SOA RR to be updated, and as the second argument a value
+ * given when calling ldns_rr_soa_increment_func_data or 
+ * ldns_rr_soa_increment_int. With ldns_rr_soa_increment_int the pointer
+ * value holds the integer value passed to ldns_rr_soa_increment_int,
+ * and it should be cast to intptr_t to be used as an integer by the
+ * serial modifying function.
+ */
+typedef uint32_t (*ldns_soa_serial_increment_func_t)(uint32_t, void*);
+
+/**
+ * Function to be used with dns_rr_soa_increment_func_int, to set the soa
+ * serial number. 
+ * \param[in] _ the (unused) current serial number.
+ * \param[in] data the serial number to be set.
+ */
+uint32_t ldns_soa_serial_identity(uint32_t _, void *data);
+
+/**
+ * Function to be used with dns_rr_soa_increment_func, to increment the soa
+ * serial number with one. 
+ * \param[in] s the current serial number.
+ * \param[in] _ unused.
+ */
+uint32_t ldns_soa_serial_increment(uint32_t s, void *_);
+
+/**
+ * Function to be used with dns_rr_soa_increment_func_int, to increment the soa
+ * serial number with a certain amount. 
+ * \param[in] s the current serial number.
+ * \param[in] data the amount to add to the current serial number.
+ */
+uint32_t ldns_soa_serial_increment_by(uint32_t s, void *data);
+
+/**
+ * Function to be used with ldns_rr_soa_increment_func or 
+ * ldns_rr_soa_increment_func_int to set the soa serial to the number of 
+ * seconds since unix epoch (1-1-1970 00:00). 
+ * When data is given (i.e. the function is called via
+ * ldns_rr_soa_increment_func_int), it is used as the current time. 
+ * When the resulting serial number is smaller than the current serial number,
+ * the current serial number is increased by one.
+ * \param[in] s the current serial number.
+ * \param[in] data the time in seconds since 1-1-1970 00:00
+ */
+uint32_t ldns_soa_serial_unixtime(uint32_t s, void *data);
+
+/**
+ * Function to be used with ldns_rr_soa_increment_func or 
+ * ldns_rr_soa_increment_func_int to set the soa serial to the current date
+ * succeeded by a two digit iteration (datecounter).
+ * When data is given (i.e. the function is called via
+ * ldns_rr_soa_increment_func_int), it is used as the current time. 
+ * When the resulting serial number is smaller than the current serial number,
+ * the current serial number is increased by one.
+ * \param[in] s the current serial number.
+ * \param[in] data the time in seconds since 1-1-1970 00:00
+ */
+uint32_t ldns_soa_serial_datecounter(uint32_t s, void *data);
+
+/**
+ * Increment the serial number of the given SOA by one.
+ * \param[in] soa The soa rr to be incremented
+ */
+void ldns_rr_soa_increment(
+		ldns_rr *soa);
+
+/**
+ * Increment the serial number of the given SOA with the given function.
+ * Included functions to be used here are: ldns_rr_soa_increment, 
+ * ldns_soa_serial_unixtime and ldns_soa_serial_datecounter.
+ * \param[in] soa The soa rr to be incremented
+ * \param[in] f the function to use to increment the soa rr.
+ */
+void ldns_rr_soa_increment_func(
+		ldns_rr *soa, ldns_soa_serial_increment_func_t f);
+
+/**
+ * Increment the serial number of the given SOA with the given function
+ * passing it the given data argument.
+ * \param[in] soa The soa rr to be incremented
+ * \param[in] f the function to use to increment the soa rr.
+ * \param[in] data this argument will be passed to f as the second argument.
+ */
+void ldns_rr_soa_increment_func_data(
+		ldns_rr *soa, ldns_soa_serial_increment_func_t f, void *data);
+
+/**
+ * Increment the serial number of the given SOA with the given function
+ * using data as an argument for the function.
+ * Included functions to be used here are: ldns_soa_serial_identity,
+ * ldns_rr_soa_increment_by, ldns_soa_serial_unixtime and 
+ * ldns_soa_serial_datecounter.
+ * \param[in] soa The soa rr to be incremented
+ * \param[in] f the function to use to increment the soa rr.
+ * \param[in] data this argument will be passed to f as the second argument
+ *                 (by casting it to void*).
+ */
+void ldns_rr_soa_increment_func_int(
+		ldns_rr *soa, ldns_soa_serial_increment_func_t f, int data);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDNS_RR_FUNCTIONS_H */
diff --git a/3rdParty/Ldns/src/include/ldns/sha1.h b/3rdParty/Ldns/src/include/ldns/sha1.h
new file mode 100644
index 0000000..d5b1082
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/sha1.h
@@ -0,0 +1,38 @@
+#ifndef LDNS_SHA1_H
+#define LDNS_SHA1_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+ 
+#define LDNS_SHA1_BLOCK_LENGTH               64
+#define LDNS_SHA1_DIGEST_LENGTH              20
+
+typedef struct {
+        uint32_t       state[5];
+        uint64_t       count;
+        unsigned char   buffer[LDNS_SHA1_BLOCK_LENGTH];
+} ldns_sha1_ctx;
+  
+void ldns_sha1_init(ldns_sha1_ctx * context);
+void ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH]);
+void ldns_sha1_update(ldns_sha1_ctx *context, const unsigned char *data, unsigned int len);
+void ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *context);
+
+/**
+ * Convenience function to digest a fixed block of data at once.
+ *
+ * \param[in] data the data to digest
+ * \param[in] data_len the length of data in bytes
+ * \param[out] digest the length of data in bytes
+ *             This pointer MUST have LDNS_SHA1_DIGEST_LENGTH bytes
+ *             available
+ * \return the SHA1 digest of the given data
+ */
+unsigned char *ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDNS_SHA1_H */
diff --git a/3rdParty/Ldns/src/include/ldns/sha2.h b/3rdParty/Ldns/src/include/ldns/sha2.h
new file mode 100644
index 0000000..238767a
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/sha2.h
@@ -0,0 +1,149 @@
+/*
+ * FILE:	sha2.h
+ * AUTHOR:	Aaron D. Gifford - http://www.aarongifford.com/
+ * 
+ * Copyright (c) 2000-2001, Aaron D. Gifford
+ * All rights reserved.
+ *
+ * Modified by Jelte Jansen to fit in ldns, and not clash with any
+ * system-defined SHA code.
+ * Changes:
+ *  - Renamed (external) functions and constants to fit ldns style
+ *  - Removed uintXX vs. u_intXX smartness, since ldns needs uintXX
+ *    anyway
+ *  - BYTE ORDER check replaced by simple ifdef as defined or not by
+ *    configure.ac
+ *  - Removed _End and _Data functions
+ *  - Added ldns_shaX(data, len, digest) functions
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $
+ */
+
+#ifndef __LDNS_SHA2_H__
+#define __LDNS_SHA2_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/*
+ * Import u_intXX_t size_t type definitions from system headers.  You
+ * may need to change this, or define these things yourself in this
+ * file.
+ */
+#include <sys/types.h>
+
+#if LDNS_BUILD_CONFIG_HAVE_INTTYPES_H
+
+#include <inttypes.h>
+
+#endif /* LDNS_BUILD_CONFIG_HAVE_INTTYPES_H */
+
+
+/*** SHA-256/384/512 Various Length Definitions ***********************/
+#define LDNS_SHA256_BLOCK_LENGTH		64
+#define LDNS_SHA256_DIGEST_LENGTH		32
+#define LDNS_SHA256_DIGEST_STRING_LENGTH	(LDNS_SHA256_DIGEST_LENGTH * 2 + 1)
+#define LDNS_SHA384_BLOCK_LENGTH		128
+#define LDNS_SHA384_DIGEST_LENGTH		48
+#define LDNS_SHA384_DIGEST_STRING_LENGTH	(LDNS_SHA384_DIGEST_LENGTH * 2 + 1)
+#define LDNS_SHA512_BLOCK_LENGTH		128
+#define LDNS_SHA512_DIGEST_LENGTH		64
+#define LDNS_SHA512_DIGEST_STRING_LENGTH	(LDNS_SHA512_DIGEST_LENGTH * 2 + 1)
+
+
+/*** SHA-256/384/512 Context Structures *******************************/
+
+typedef struct _ldns_sha256_CTX {
+	uint32_t	state[8];
+	uint64_t	bitcount;
+	uint8_t	buffer[LDNS_SHA256_BLOCK_LENGTH];
+} ldns_sha256_CTX;
+typedef struct _ldns_sha512_CTX {
+	uint64_t	state[8];
+	uint64_t	bitcount[2];
+	uint8_t	buffer[LDNS_SHA512_BLOCK_LENGTH];
+} ldns_sha512_CTX;
+
+typedef ldns_sha512_CTX ldns_sha384_CTX;
+
+
+/*** SHA-256/384/512 Function Prototypes ******************************/
+void ldns_sha256_init(ldns_sha256_CTX *);
+void ldns_sha256_update(ldns_sha256_CTX*, const uint8_t*, size_t);
+void ldns_sha256_final(uint8_t[LDNS_SHA256_DIGEST_LENGTH], ldns_sha256_CTX*);
+
+void ldns_sha384_init(ldns_sha384_CTX*);
+void ldns_sha384_update(ldns_sha384_CTX*, const uint8_t*, size_t);
+void ldns_sha384_final(uint8_t[LDNS_SHA384_DIGEST_LENGTH], ldns_sha384_CTX*);
+
+void ldns_sha512_init(ldns_sha512_CTX*);
+void ldns_sha512_update(ldns_sha512_CTX*, const uint8_t*, size_t);
+void ldns_sha512_final(uint8_t[LDNS_SHA512_DIGEST_LENGTH], ldns_sha512_CTX*);
+
+/**
+ * Convenience function to digest a fixed block of data at once.
+ *
+ * \param[in] data the data to digest
+ * \param[in] data_len the length of data in bytes
+ * \param[out] digest the length of data in bytes
+ *             This pointer MUST have LDNS_SHA256_DIGEST_LENGTH bytes
+ *             available
+ * \return the SHA1 digest of the given data
+ */
+unsigned char *ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest);
+
+/**
+ * Convenience function to digest a fixed block of data at once.
+ *
+ * \param[in] data the data to digest
+ * \param[in] data_len the length of data in bytes
+ * \param[out] digest the length of data in bytes
+ *             This pointer MUST have LDNS_SHA384_DIGEST_LENGTH bytes
+ *             available
+ * \return the SHA1 digest of the given data
+ */
+unsigned char *ldns_sha384(unsigned char *data, unsigned int data_len, unsigned char *digest);
+
+/**
+ * Convenience function to digest a fixed block of data at once.
+ *
+ * \param[in] data the data to digest
+ * \param[in] data_len the length of data in bytes
+ * \param[out] digest the length of data in bytes
+ *             This pointer MUST have LDNS_SHA512_DIGEST_LENGTH bytes
+ *             available
+ * \return the SHA1 digest of the given data
+ */
+unsigned char *ldns_sha512(unsigned char *data, unsigned int data_len, unsigned char *digest);
+
+#ifdef	__cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __LDNS_SHA2_H__ */
diff --git a/3rdParty/Ldns/src/include/ldns/str2host.h b/3rdParty/Ldns/src/include/ldns/str2host.h
new file mode 100644
index 0000000..09416cd
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/str2host.h
@@ -0,0 +1,251 @@
+/**
+ * str2host.h - conversion from str to the host fmt
+ *
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2005-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+#ifndef LDNS_2HOST_H
+#define LDNS_2HOST_H
+
+#include <ldns/common.h>
+#include <ldns/error.h>
+#include <ldns/rr.h>
+#include <ldns/rdata.h>
+#include <ldns/packet.h>
+#include <ldns/buffer.h>
+#include <ctype.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \file
+ *
+ * Defines functions to convert dns data in presentation format or text files
+ * to internal structures.
+ */
+
+/**
+ * convert a byte into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] bytestr the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr);
+
+/**
+ * convert a string to a int16 in wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] shortstr the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_int16(ldns_rdf **rd, const char *shortstr);
+
+/**
+ * convert a strings into a 4 byte int in wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] longstr the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_int32(ldns_rdf **rd, const char *longstr);
+
+/**
+ * convert a time string to a time value in wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] time the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_time(ldns_rdf **rd, const char *time);
+
+/* convert string with NSEC3 salt to wireformat) 
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * return ldns_status
+ */
+ldns_status ldns_str2rdf_nsec3_salt(ldns_rdf **rd, const char *nsec3_salt);
+
+/* convert a time period (think TTL's) to wireformat) 
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * return ldns_status
+ */
+ldns_status ldns_str2rdf_period(ldns_rdf **rd, const char *str);
+
+/**
+ * convert str with an A record into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_a(ldns_rdf **rd, const char *str);
+
+/**
+ * convert the str with an AAAA record into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_aaaa(ldns_rdf **rd, const char *str);
+
+/**
+ * convert a string into wireformat (think txt record)
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted (NULL terminated)
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_str(ldns_rdf **rd, const char *str);
+
+/**
+ * convert str with the apl record into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_apl(ldns_rdf **rd, const char *str);
+
+/**
+ * convert the string with the b64 data into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_b64(ldns_rdf **rd, const char *str);
+
+/**
+ * convert the string with the b32 ext hex data into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_b32_ext(ldns_rdf **rd, const char *str);
+
+/**
+ * convert a hex value into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_hex(ldns_rdf **rd, const char *str);
+
+/**
+ * convert string with nsec into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_nsec(ldns_rdf **rd, const char *str);
+
+/**
+ * convert a rrtype into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_type(ldns_rdf **rd, const char *str);
+
+/**
+ * convert string with a classname into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_class(ldns_rdf **rd, const char *str);
+
+/**
+ * convert an certificate algorithm value into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_cert_alg(ldns_rdf **rd, const char *str);
+
+/**
+ * convert and algorithm value into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_alg(ldns_rdf **rd, const char *str);
+
+/**
+ * convert a string with a unknown RR into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_unknown(ldns_rdf **rd, const char *str);
+
+/**
+ * convert string with a tsig? RR into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_tsig(ldns_rdf **rd, const char *str);
+
+/**
+ * convert string with a protocol service into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_service(ldns_rdf **rd, const char *str);
+
+/**
+ * convert a string with a LOC RR into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_loc(ldns_rdf **rd, const char *str);
+
+/**
+ * convert string with a WKS RR into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_wks(ldns_rdf **rd, const char *str);
+
+/**
+ * convert a str with a NSAP RR into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_nsap(ldns_rdf **rd, const char *str);
+
+/**
+ * convert a str with a ATMA RR into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_atma(ldns_rdf **rd, const char *str);
+
+/**
+ * convert a str with a IPSECKEY RR into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_ipseckey(ldns_rdf **rd, const char *str);
+
+/**
+ * convert a dname string into wireformat
+ * \param[in] rd the rdf where to put the data
+ * \param[in] str the string to be converted
+ * \return ldns_status
+ */
+ldns_status ldns_str2rdf_dname(ldns_rdf **rd, const char *str);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDNS_2HOST_H */
diff --git a/3rdParty/Ldns/src/include/ldns/tsig.h b/3rdParty/Ldns/src/include/ldns/tsig.h
new file mode 100644
index 0000000..676045f
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/tsig.h
@@ -0,0 +1,101 @@
+/*
+ * tsig.h -- defines for TSIG [RFC2845]
+ *
+ * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
+ *
+ * See LICENSE for the license.
+ */
+
+#ifndef LDNS_TSIG_H
+#define LDNS_TSIG_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \file
+ *
+ * Defines functions for TSIG usage
+ */
+
+
+/**
+ * Contains credentials for TSIG
+*/
+typedef struct ldns_tsig_credentials_struct
+{
+    char *algorithm;
+    char *keyname;
+    char *keydata;
+    /* XXX More eventually. */
+} ldns_tsig_credentials;
+
+char *ldns_tsig_algorithm(ldns_tsig_credentials *);
+char *ldns_tsig_keyname(ldns_tsig_credentials *);
+char *ldns_tsig_keydata(ldns_tsig_credentials *);
+char *ldns_tsig_keyname_clone(ldns_tsig_credentials *);
+char *ldns_tsig_keydata_clone(ldns_tsig_credentials *);
+
+/**
+ * verifies the tsig rr for the given packet and key.
+ * The wire must be given too because tsig does not sign normalized packets.
+ * \param[in] pkt the packet to verify
+ * \param[in] wire needed to verify the mac
+ * \param[in] wire_size size of wire
+ * \param[in] key_name the name of the shared key
+ * \param[in] key_data the key in base 64 format
+ * \param[in] mac original mac
+ * \return true if tsig is correct, false if not, or if tsig is not set
+ */
+bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac);
+
+/**
+ * verifies the tsig rr for the given packet and key.
+ * The wire must be given too because tsig does not sign normalized packets.
+ * \param[in] pkt the packet to verify
+ * \param[in] wire needed to verify the mac
+ * \param[in] wire_size size of wire
+ * \param[in] key_name the name of the shared key
+ * \param[in] key_data the key in base 64 format
+ * \param[in] mac original mac
+ * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest
+   components are used to verify the _mac. If non-zero, only the TSIG timers are used to verify the mac.
+ * \return true if tsig is correct, false if not, or if tsig is not set
+ */
+bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac,
+    int tsig_timers_only);
+
+/**
+ * creates a tsig rr for the given packet and key.
+ * \param[in] pkt the packet to sign
+ * \param[in] key_name the name of the shared key
+ * \param[in] key_data the key in base 64 format
+ * \param[in] fudge seconds of error permitted in time signed
+ * \param[in] algorithm_name the name of the algorithm used
+ * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
+ * \return status (OK if success)
+ */
+ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
+    const char *algorithm_name, ldns_rdf *query_mac);
+
+/**
+ * creates a tsig rr for the given packet and key.
+ * \param[in] pkt the packet to sign
+ * \param[in] key_name the name of the shared key
+ * \param[in] key_data the key in base 64 format
+ * \param[in] fudge seconds of error permitted in time signed
+ * \param[in] algorithm_name the name of the algorithm used
+ * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
+ * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest
+   components are used to create the query_mac. If non-zero, only the TSIG timers are used to create the query_mac.
+ * \return status (OK if success)
+ */
+ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
+    const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDNS_TSIG_H */
diff --git a/3rdParty/Ldns/src/include/ldns/update.h b/3rdParty/Ldns/src/include/ldns/update.h
new file mode 100644
index 0000000..d3459d3
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/update.h
@@ -0,0 +1,115 @@
+/*
+ * update.h
+ *
+ * Functions for RFC 2136 Dynamic Update
+ *
+ * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
+ *
+ * See LICENSE for the license.
+ */
+
+/**
+ * \file
+ *
+ * Defines functions to perform UPDATE queries
+ */
+
+
+#ifndef LDNS_UPDATE_H
+#define LDNS_UPDATE_H
+
+#include <ldns/resolver.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * create an update packet from zone name, class and the rr lists
+ * \param[in] zone_rdf name of the zone
+ * \param[in] clas zone class
+ * \param[in] pr_rrlist list of Prerequisite Section RRs
+ * \param[in] up_rrlist list of Updates Section RRs
+ * \param[in] ad_rrlist list of Additional Data Section RRs (currently unused)
+ * \return the new packet
+ */
+ldns_pkt *ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class clas, ldns_rr_list *pr_rrlist, ldns_rr_list *up_rrlist, ldns_rr_list *ad_rrlist);
+
+/**
+ * add tsig credentials to
+ * a packet from a resolver
+ * \param[in] p packet to copy to
+ * \param[in] r resolver to copy from
+ *
+ * \return status wether successfull or not
+ */
+ldns_status ldns_update_pkt_tsig_add(ldns_pkt *p, ldns_resolver *r);
+
+/* access functions */
+
+/**
+ * Get the zo count
+ * \param[in] p the packet
+ * \return the zo count
+ */
+uint16_t ldns_update_zocount(const ldns_pkt *p);
+/**
+ * Get the zo count
+ * \param[in] p the packet
+ * \return the pr count
+ */
+uint16_t ldns_update_prcount(const ldns_pkt *p);
+/**
+ * Get the zo count
+ * \param[in] p the packet
+ * \return the up count
+ */
+uint16_t ldns_update_upcount(const ldns_pkt *p);
+/**
+ * Get the zo count
+ * \param[in] p the packet
+ * \return the ad count
+ */
+uint16_t ldns_update_ad(const ldns_pkt *p);
+/**
+ * Set the zo count
+ * \param[in] p the packet
+ * \param[in] c the zo count to set
+ */
+void ldns_update_set_zo(ldns_pkt *p, uint16_t c);
+/**
+ * Set the pr count
+ * \param[in] p the packet
+ * \param[in] c the pr count to set
+ */
+void ldns_update_set_prcount(ldns_pkt *p, uint16_t c);
+/**
+ * Set the up count
+ * \param[in] p the packet
+ * \param[in] c the up count to set
+ */
+void ldns_update_set_upcount(ldns_pkt *p, uint16_t c);
+/**
+ * Set the ad count
+ * \param[in] p the packet
+ * \param[in] c the ad count to set
+ */
+void ldns_update_set_adcount(ldns_pkt *p, uint16_t c);
+
+/* soa functions that need to be configured */
+/*
+ * Not sure if we want to keep these like this, therefore
+ * not documented
+ */
+ldns_status ldns_update_soa_mname(ldns_rdf *zone, ldns_resolver *r, ldns_rr_class c, ldns_rdf **mname);
+/* 
+ * Not sure if we want to keep these like this, therefore
+ * not documented
+ */
+ldns_status ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r, ldns_rr_class c, ldns_rdf **zone_rdf, ldns_rdf **mname_rdf);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  /* LDNS_UPDATE_H */
diff --git a/3rdParty/Ldns/src/include/ldns/util.h b/3rdParty/Ldns/src/include/ldns/util.h
new file mode 100644
index 0000000..eb7658e
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/util.h
@@ -0,0 +1,367 @@
+/*
+ * util.h
+ *  
+ * helper function header file
+ * 
+ * a Net::DNS like library for C
+ * 
+ * (c) NLnet Labs, 2004
+ * 
+ * See the file LICENSE for the license
+ */
+
+#ifndef _UTIL_H
+#define _UTIL_H
+
+#include <inttypes.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <ldns/common.h>
+#include <time.h>
+#include <stdio.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define dprintf(X,Y) fprintf(stderr, (X), (Y))
+/* #define	dprintf(X, Y)  */
+
+#define LDNS_VERSION "1.6.12"
+#define LDNS_REVISION ((1<<16)|(6<<8)|(12))
+
+/**
+ * splint static inline workaround
+ */
+#ifdef S_SPLINT_S
+#  define INLINE 
+#else
+#  ifdef SWIG
+#    define INLINE static
+#  else
+#    define INLINE static inline
+#  endif
+#endif
+
+/**
+ * Memory management macros
+ */
+#define LDNS_MALLOC(type)		LDNS_XMALLOC(type, 1)
+
+#define LDNS_XMALLOC(type, count)	((type *) malloc((count) * sizeof(type)))
+
+#define LDNS_CALLOC(type, count)	((type *) calloc((count), sizeof(type)))
+
+#define LDNS_REALLOC(ptr, type)		LDNS_XREALLOC((ptr), type, 1)
+
+#define LDNS_XREALLOC(ptr, type, count)				\
+	((type *) realloc((ptr), (count) * sizeof(type)))
+
+#define LDNS_FREE(ptr) \
+	do { free((ptr)); (ptr) = NULL; } while (0)
+
+#define LDNS_DEP     printf("DEPRECATED FUNCTION!\n");
+
+/*
+ * Copy data allowing for unaligned accesses in network byte order
+ * (big endian).
+ */
+INLINE uint16_t
+ldns_read_uint16(const void *src)
+{
+#ifdef ALLOW_UNALIGNED_ACCESSES
+	return ntohs(*(uint16_t *) src);
+#else
+	uint8_t *p = (uint8_t *) src;
+	return ((uint16_t) p[0] << 8) | (uint16_t) p[1];
+#endif
+}
+
+INLINE uint32_t
+ldns_read_uint32(const void *src)
+{
+#ifdef ALLOW_UNALIGNED_ACCESSES
+	return ntohl(*(uint32_t *) src);
+#else
+	uint8_t *p = (uint8_t *) src;
+	return (  ((uint32_t) p[0] << 24)
+		| ((uint32_t) p[1] << 16)
+		| ((uint32_t) p[2] << 8)
+		|  (uint32_t) p[3]);
+#endif
+}
+
+/*
+ * Copy data allowing for unaligned accesses in network byte order
+ * (big endian).
+ */
+INLINE void
+ldns_write_uint16(void *dst, uint16_t data)
+{
+#ifdef ALLOW_UNALIGNED_ACCESSES
+	* (uint16_t *) dst = htons(data);
+#else
+	uint8_t *p = (uint8_t *) dst;
+	p[0] = (uint8_t) ((data >> 8) & 0xff);
+	p[1] = (uint8_t) (data & 0xff);
+#endif
+}
+
+INLINE void
+ldns_write_uint32(void *dst, uint32_t data)
+{
+#ifdef ALLOW_UNALIGNED_ACCESSES
+	* (uint32_t *) dst = htonl(data);
+#else
+	uint8_t *p = (uint8_t *) dst;
+	p[0] = (uint8_t) ((data >> 24) & 0xff);
+	p[1] = (uint8_t) ((data >> 16) & 0xff);
+	p[2] = (uint8_t) ((data >> 8) & 0xff);
+	p[3] = (uint8_t) (data & 0xff);
+#endif
+}
+
+/* warning. */
+INLINE void
+ldns_write_uint64_as_uint48(void *dst, uint64_t data)
+{
+	uint8_t *p = (uint8_t *) dst;
+	p[0] = (uint8_t) ((data >> 40) & 0xff);
+	p[1] = (uint8_t) ((data >> 32) & 0xff);
+	p[2] = (uint8_t) ((data >> 24) & 0xff);
+	p[3] = (uint8_t) ((data >> 16) & 0xff);
+	p[4] = (uint8_t) ((data >> 8) & 0xff);
+	p[5] = (uint8_t) (data & 0xff);
+}
+
+
+/**
+ * Structure to do a Schwartzian-like transformation, for instance when
+ * sorting. If you need a transformation on the objects that are sorted,
+ * you can sue this to store the transformed values, so you do not
+ * need to do the transformation again for each comparison
+ */
+struct ldns_schwartzian_compare_struct {
+	void *original_object;
+	void *transformed_object;
+};
+
+/** A general purpose lookup table
+ *  
+ *  Lookup tables are arrays of (id, name) pairs,
+ *  So you can for instance lookup the RCODE 3, which is "NXDOMAIN",
+ *  and vice versa. The lookup tables themselves are defined wherever needed,
+ *  for instance in \ref host2str.c
+ */
+struct ldns_struct_lookup_table {
+        int id;
+        const char *name;
+};
+typedef struct ldns_struct_lookup_table ldns_lookup_table;
+  
+/**
+ * Looks up the table entry by name, returns NULL if not found.
+ * \param[in] table the lookup table to search in
+ * \param[in] name what to search for
+ * \return the item found
+ */
+ldns_lookup_table *ldns_lookup_by_name(ldns_lookup_table table[],
+                                       const char *name);
+
+/**
+ * Looks up the table entry by id, returns NULL if not found.
+ * \param[in] table the lookup table to search in
+ * \param[in] id what to search for
+ * \return the item found
+ */
+ldns_lookup_table *ldns_lookup_by_id(ldns_lookup_table table[], int id);
+
+/**
+ * Returns the value of the specified bit
+ * The bits are counted from left to right, so bit #0 is the
+ * left most bit.
+ * \param[in] bits array holding the bits
+ * \param[in] index to the wanted bit
+ * \return 
+ */
+int ldns_get_bit(uint8_t bits[], size_t index);
+
+
+/**
+ * Returns the value of the specified bit
+ * The bits are counted from right to left, so bit #0 is the
+ * right most bit.
+ * \param[in] bits array holding the bits
+ * \param[in] index to the wanted bit
+ * \return 1 or 0 depending no the bit state
+ */
+int ldns_get_bit_r(uint8_t bits[], size_t index);
+
+/**
+ * sets the specified bit in the specified byte to
+ * 1 if value is true, 0 if false
+ * The bits are counted from right to left, so bit #0 is the
+ * right most bit.
+ * \param[in] byte the bit to set the bit in
+ * \param[in] bit_nr the bit to set (0 <= n <= 7)
+ * \param[in] value whether to set the bit to 1 or 0
+ * \return 1 or 0 depending no the bit state
+ */
+void ldns_set_bit(uint8_t *byte, int bit_nr, bool value);
+
+/**
+ * Returns the value of a to the power of b
+ * (or 1 of b < 1)
+ */
+/*@unused@*/
+INLINE long
+ldns_power(long a, long b) {
+	long result = 1;
+	while (b > 0) {
+		if (b & 1) {
+			result *= a;
+			if (b == 1) {
+				return result;
+			}
+		}
+		a *= a;
+		b /= 2;
+	}
+	return result;
+}
+
+/**
+ * Returns the int value of the given (hex) digit
+ * \param[in] ch the hex char to convert
+ * \return the converted decimal value
+ */
+int ldns_hexdigit_to_int(char ch);
+
+/**
+ * Returns the char (hex) representation of the given int
+ * \param[in] ch the int to convert
+ * \return the converted hex char
+ */
+char ldns_int_to_hexdigit(int ch);
+
+/**
+ * Converts a hex string to binary data
+ *
+ * \param[out] data The binary result is placed here.
+ * At least strlen(str)/2 bytes should be allocated
+ * \param[in] str The hex string to convert.
+ * This string should not contain spaces
+ * \return The number of bytes of converted data, or -1 if one of the arguments * is NULL, or -2 if the string length is not an even number
+ */
+int
+ldns_hexstring_to_data(uint8_t *data, const char *str);
+
+/**
+ * Show the internal library version
+ * \return a string with the version in it
+ */
+const char * ldns_version(void);
+
+/**
+ * Convert TM to seconds since epoch (midnight, January 1st, 1970).
+ * Like timegm(3), which is not always available.
+ * \param[in] tm a struct tm* with the date
+ * \return the seconds since epoch
+ */
+time_t mktime_from_utc(const struct tm *tm);
+
+/**
+ * The function interprets time as the number of seconds since epoch
+ * with respect to now using serial arithmitics (rfc1982).
+ * That number of seconds is then converted to broken-out time information.
+ * This is especially usefull when converting the inception and expiration
+ * fields of RRSIG records.
+ *
+ * \param[in] time number of seconds since epoch (midnight, January 1st, 1970)
+ *            to be intepreted as a serial arithmitics number relative to now.
+ * \param[in] now number of seconds since epoch (midnight, January 1st, 1970)
+ *            to which the time value is compared to determine the final value.
+ * \param[out] result the struct with the broken-out time information
+ * \return result on success or NULL on error
+ */
+struct tm * ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result);
+ 
+/**
+ * Seed the random function.
+ * If the file descriptor is specified, the random generator is seeded with
+ * data from that file. If not, /dev/urandom is used.
+ *
+ * applications should call this if they need entropy data within ldns
+ * If openSSL is available, it is automatically seeded from /dev/urandom
+ * or /dev/random.
+ *
+ * If you need more entropy, or have no openssl available, this function
+ * MUST be called at the start of the program
+ *
+ * If openssl *is* available, this function just adds more entropy
+ *
+ * \param[in] fd a file providing entropy data for the seed
+ * \param[in] size the number of bytes to use as entropy data. If this is 0,
+ *            only the minimal amount is taken (usually 4 bytes)
+ * \return 0 if seeding succeeds, 1 if it fails
+ */
+int ldns_init_random(FILE *fd, unsigned int size);
+
+/**
+ * Get random number.
+ * \return random number.
+ *
+ */
+uint16_t ldns_get_random(void);
+
+/**
+ * Encode data as BubbleBabble
+ *
+ * \param[in] data a pointer to data to be encoded
+ * \param[in] len size the number of bytes of data
+ * \return a string of BubbleBabble
+ */
+char *ldns_bubblebabble(uint8_t *data, size_t len);
+
+#ifndef B32_NTOP
+int ldns_b32_ntop(uint8_t const *src, size_t srclength,
+	     char *target, size_t targsize);
+int b32_ntop(uint8_t const *src, size_t srclength,
+	     char *target, size_t targsize);
+int ldns_b32_ntop_extended_hex(uint8_t const *src, size_t srclength,
+	     char *target, size_t targsize);
+int b32_ntop_extended_hex(uint8_t const *src, size_t srclength,
+	     char *target, size_t targsize);
+/**
+ * calculates the size needed to store the result of b32_ntop
+ */
+/*@unused@*/
+INLINE size_t ldns_b32_ntop_calculate_size(size_t srcsize)
+{
+	size_t result = ((((srcsize / 5) * 8) - 2) + 2);
+	return result;
+}
+#endif /* !B32_NTOP */
+#ifndef B32_PTON
+int ldns_b32_pton(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize);
+int b32_pton(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize);
+int ldns_b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize);
+int b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize);
+/**
+ * calculates the size needed to store the result of b32_pton
+ */
+/*@unused@*/
+INLINE size_t ldns_b32_pton_calculate_size(size_t srcsize)
+{
+	size_t result = ((((srcsize) / 8) * 5));
+	return result;
+}
+#endif /* !B32_PTON */
+
+INLINE time_t ldns_time(time_t *t) { return time(t); }
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !_UTIL_H */
diff --git a/3rdParty/Ldns/src/include/ldns/util.h.in b/3rdParty/Ldns/src/include/ldns/util.h.in
new file mode 100644
index 0000000..f9fb104
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/util.h.in
@@ -0,0 +1,367 @@
+/*
+ * util.h
+ *  
+ * helper function header file
+ * 
+ * a Net::DNS like library for C
+ * 
+ * (c) NLnet Labs, 2004
+ * 
+ * See the file LICENSE for the license
+ */
+
+#ifndef _UTIL_H
+#define _UTIL_H
+
+@include_inttypes_h@
+@include_systypes_h@
+@include_unistd_h@
+#include <ldns/common.h>
+#include <time.h>
+#include <stdio.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define dprintf(X,Y) fprintf(stderr, (X), (Y))
+/* #define	dprintf(X, Y)  */
+
+#define LDNS_VERSION "@PACKAGE_VERSION@"
+#define LDNS_REVISION ((@LDNS_VERSION_MAJOR@<<16)|(@LDNS_VERSION_MINOR@<<8)|(@LDNS_VERSION_MICRO@))
+
+/**
+ * splint static inline workaround
+ */
+#ifdef S_SPLINT_S
+#  define INLINE 
+#else
+#  ifdef SWIG
+#    define INLINE static
+#  else
+#    define INLINE static inline
+#  endif
+#endif
+
+/**
+ * Memory management macros
+ */
+#define LDNS_MALLOC(type)		LDNS_XMALLOC(type, 1)
+
+#define LDNS_XMALLOC(type, count)	((type *) malloc((count) * sizeof(type)))
+
+#define LDNS_CALLOC(type, count)	((type *) calloc((count), sizeof(type)))
+
+#define LDNS_REALLOC(ptr, type)		LDNS_XREALLOC((ptr), type, 1)
+
+#define LDNS_XREALLOC(ptr, type, count)				\
+	((type *) realloc((ptr), (count) * sizeof(type)))
+
+#define LDNS_FREE(ptr) \
+	do { free((ptr)); (ptr) = NULL; } while (0)
+
+#define LDNS_DEP     printf("DEPRECATED FUNCTION!\n");
+
+/*
+ * Copy data allowing for unaligned accesses in network byte order
+ * (big endian).
+ */
+INLINE uint16_t
+ldns_read_uint16(const void *src)
+{
+#ifdef ALLOW_UNALIGNED_ACCESSES
+	return ntohs(*(uint16_t *) src);
+#else
+	uint8_t *p = (uint8_t *) src;
+	return ((uint16_t) p[0] << 8) | (uint16_t) p[1];
+#endif
+}
+
+INLINE uint32_t
+ldns_read_uint32(const void *src)
+{
+#ifdef ALLOW_UNALIGNED_ACCESSES
+	return ntohl(*(uint32_t *) src);
+#else
+	uint8_t *p = (uint8_t *) src;
+	return (  ((uint32_t) p[0] << 24)
+		| ((uint32_t) p[1] << 16)
+		| ((uint32_t) p[2] << 8)
+		|  (uint32_t) p[3]);
+#endif
+}
+
+/*
+ * Copy data allowing for unaligned accesses in network byte order
+ * (big endian).
+ */
+INLINE void
+ldns_write_uint16(void *dst, uint16_t data)
+{
+#ifdef ALLOW_UNALIGNED_ACCESSES
+	* (uint16_t *) dst = htons(data);
+#else
+	uint8_t *p = (uint8_t *) dst;
+	p[0] = (uint8_t) ((data >> 8) & 0xff);
+	p[1] = (uint8_t) (data & 0xff);
+#endif
+}
+
+INLINE void
+ldns_write_uint32(void *dst, uint32_t data)
+{
+#ifdef ALLOW_UNALIGNED_ACCESSES
+	* (uint32_t *) dst = htonl(data);
+#else
+	uint8_t *p = (uint8_t *) dst;
+	p[0] = (uint8_t) ((data >> 24) & 0xff);
+	p[1] = (uint8_t) ((data >> 16) & 0xff);
+	p[2] = (uint8_t) ((data >> 8) & 0xff);
+	p[3] = (uint8_t) (data & 0xff);
+#endif
+}
+
+/* warning. */
+INLINE void
+ldns_write_uint64_as_uint48(void *dst, uint64_t data)
+{
+	uint8_t *p = (uint8_t *) dst;
+	p[0] = (uint8_t) ((data >> 40) & 0xff);
+	p[1] = (uint8_t) ((data >> 32) & 0xff);
+	p[2] = (uint8_t) ((data >> 24) & 0xff);
+	p[3] = (uint8_t) ((data >> 16) & 0xff);
+	p[4] = (uint8_t) ((data >> 8) & 0xff);
+	p[5] = (uint8_t) (data & 0xff);
+}
+
+
+/**
+ * Structure to do a Schwartzian-like transformation, for instance when
+ * sorting. If you need a transformation on the objects that are sorted,
+ * you can sue this to store the transformed values, so you do not
+ * need to do the transformation again for each comparison
+ */
+struct ldns_schwartzian_compare_struct {
+	void *original_object;
+	void *transformed_object;
+};
+
+/** A general purpose lookup table
+ *  
+ *  Lookup tables are arrays of (id, name) pairs,
+ *  So you can for instance lookup the RCODE 3, which is "NXDOMAIN",
+ *  and vice versa. The lookup tables themselves are defined wherever needed,
+ *  for instance in \ref host2str.c
+ */
+struct ldns_struct_lookup_table {
+        int id;
+        const char *name;
+};
+typedef struct ldns_struct_lookup_table ldns_lookup_table;
+  
+/**
+ * Looks up the table entry by name, returns NULL if not found.
+ * \param[in] table the lookup table to search in
+ * \param[in] name what to search for
+ * \return the item found
+ */
+ldns_lookup_table *ldns_lookup_by_name(ldns_lookup_table table[],
+                                       const char *name);
+
+/**
+ * Looks up the table entry by id, returns NULL if not found.
+ * \param[in] table the lookup table to search in
+ * \param[in] id what to search for
+ * \return the item found
+ */
+ldns_lookup_table *ldns_lookup_by_id(ldns_lookup_table table[], int id);
+
+/**
+ * Returns the value of the specified bit
+ * The bits are counted from left to right, so bit #0 is the
+ * left most bit.
+ * \param[in] bits array holding the bits
+ * \param[in] index to the wanted bit
+ * \return 
+ */
+int ldns_get_bit(uint8_t bits[], size_t index);
+
+
+/**
+ * Returns the value of the specified bit
+ * The bits are counted from right to left, so bit #0 is the
+ * right most bit.
+ * \param[in] bits array holding the bits
+ * \param[in] index to the wanted bit
+ * \return 1 or 0 depending no the bit state
+ */
+int ldns_get_bit_r(uint8_t bits[], size_t index);
+
+/**
+ * sets the specified bit in the specified byte to
+ * 1 if value is true, 0 if false
+ * The bits are counted from right to left, so bit #0 is the
+ * right most bit.
+ * \param[in] byte the bit to set the bit in
+ * \param[in] bit_nr the bit to set (0 <= n <= 7)
+ * \param[in] value whether to set the bit to 1 or 0
+ * \return 1 or 0 depending no the bit state
+ */
+void ldns_set_bit(uint8_t *byte, int bit_nr, bool value);
+
+/**
+ * Returns the value of a to the power of b
+ * (or 1 of b < 1)
+ */
+/*@unused@*/
+INLINE long
+ldns_power(long a, long b) {
+	long result = 1;
+	while (b > 0) {
+		if (b & 1) {
+			result *= a;
+			if (b == 1) {
+				return result;
+			}
+		}
+		a *= a;
+		b /= 2;
+	}
+	return result;
+}
+
+/**
+ * Returns the int value of the given (hex) digit
+ * \param[in] ch the hex char to convert
+ * \return the converted decimal value
+ */
+int ldns_hexdigit_to_int(char ch);
+
+/**
+ * Returns the char (hex) representation of the given int
+ * \param[in] ch the int to convert
+ * \return the converted hex char
+ */
+char ldns_int_to_hexdigit(int ch);
+
+/**
+ * Converts a hex string to binary data
+ *
+ * \param[out] data The binary result is placed here.
+ * At least strlen(str)/2 bytes should be allocated
+ * \param[in] str The hex string to convert.
+ * This string should not contain spaces
+ * \return The number of bytes of converted data, or -1 if one of the arguments * is NULL, or -2 if the string length is not an even number
+ */
+int
+ldns_hexstring_to_data(uint8_t *data, const char *str);
+
+/**
+ * Show the internal library version
+ * \return a string with the version in it
+ */
+const char * ldns_version(void);
+
+/**
+ * Convert TM to seconds since epoch (midnight, January 1st, 1970).
+ * Like timegm(3), which is not always available.
+ * \param[in] tm a struct tm* with the date
+ * \return the seconds since epoch
+ */
+time_t mktime_from_utc(const struct tm *tm);
+
+/**
+ * The function interprets time as the number of seconds since epoch
+ * with respect to now using serial arithmitics (rfc1982).
+ * That number of seconds is then converted to broken-out time information.
+ * This is especially usefull when converting the inception and expiration
+ * fields of RRSIG records.
+ *
+ * \param[in] time number of seconds since epoch (midnight, January 1st, 1970)
+ *            to be intepreted as a serial arithmitics number relative to now.
+ * \param[in] now number of seconds since epoch (midnight, January 1st, 1970)
+ *            to which the time value is compared to determine the final value.
+ * \param[out] result the struct with the broken-out time information
+ * \return result on success or NULL on error
+ */
+struct tm * ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result);
+ 
+/**
+ * Seed the random function.
+ * If the file descriptor is specified, the random generator is seeded with
+ * data from that file. If not, /dev/urandom is used.
+ *
+ * applications should call this if they need entropy data within ldns
+ * If openSSL is available, it is automatically seeded from /dev/urandom
+ * or /dev/random.
+ *
+ * If you need more entropy, or have no openssl available, this function
+ * MUST be called at the start of the program
+ *
+ * If openssl *is* available, this function just adds more entropy
+ *
+ * \param[in] fd a file providing entropy data for the seed
+ * \param[in] size the number of bytes to use as entropy data. If this is 0,
+ *            only the minimal amount is taken (usually 4 bytes)
+ * \return 0 if seeding succeeds, 1 if it fails
+ */
+int ldns_init_random(FILE *fd, unsigned int size);
+
+/**
+ * Get random number.
+ * \return random number.
+ *
+ */
+uint16_t ldns_get_random(void);
+
+/**
+ * Encode data as BubbleBabble
+ *
+ * \param[in] data a pointer to data to be encoded
+ * \param[in] len size the number of bytes of data
+ * \return a string of BubbleBabble
+ */
+char *ldns_bubblebabble(uint8_t *data, size_t len);
+
+#ifndef B32_NTOP
+int ldns_b32_ntop(uint8_t const *src, size_t srclength,
+	     char *target, size_t targsize);
+int b32_ntop(uint8_t const *src, size_t srclength,
+	     char *target, size_t targsize);
+int ldns_b32_ntop_extended_hex(uint8_t const *src, size_t srclength,
+	     char *target, size_t targsize);
+int b32_ntop_extended_hex(uint8_t const *src, size_t srclength,
+	     char *target, size_t targsize);
+/**
+ * calculates the size needed to store the result of b32_ntop
+ */
+/*@unused@*/
+INLINE size_t ldns_b32_ntop_calculate_size(size_t srcsize)
+{
+	size_t result = ((((srcsize / 5) * 8) - 2) + 2);
+	return result;
+}
+#endif /* !B32_NTOP */
+#ifndef B32_PTON
+int ldns_b32_pton(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize);
+int b32_pton(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize);
+int ldns_b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize);
+int b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize);
+/**
+ * calculates the size needed to store the result of b32_pton
+ */
+/*@unused@*/
+INLINE size_t ldns_b32_pton_calculate_size(size_t srcsize)
+{
+	size_t result = ((((srcsize) / 8) * 5));
+	return result;
+}
+#endif /* !B32_PTON */
+
+INLINE time_t ldns_time(time_t *t) { return time(t); }
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !_UTIL_H */
diff --git a/3rdParty/Ldns/src/include/ldns/wire2host.h b/3rdParty/Ldns/src/include/ldns/wire2host.h
new file mode 100644
index 0000000..53155b3
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/wire2host.h
@@ -0,0 +1,197 @@
+/*
+ * wire2host.h - from wire conversion routines
+ *
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2005-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+/**
+ * \file
+ *
+ * Contains functions that translate dns data from the wire format (as sent
+ * by servers and clients) to the internal structures.
+ */
+ 
+#ifndef LDNS_WIRE2HOST_H
+#define LDNS_WIRE2HOST_H
+
+#include <ldns/rdata.h>
+#include <ldns/common.h>
+#include <ldns/error.h>
+#include <ldns/rr.h>
+#include <ldns/packet.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* The length of the header */
+#define	LDNS_HEADER_SIZE	12
+
+/* First octet of flags */
+#define	LDNS_RD_MASK		0x01U
+#define	LDNS_RD_SHIFT	0
+#define	LDNS_RD_WIRE(wirebuf)	(*(wirebuf+2) & LDNS_RD_MASK)
+#define	LDNS_RD_SET(wirebuf)	(*(wirebuf+2) |= LDNS_RD_MASK)
+#define	LDNS_RD_CLR(wirebuf)	(*(wirebuf+2) &= ~LDNS_RD_MASK)
+
+#define LDNS_TC_MASK		0x02U
+#define LDNS_TC_SHIFT	1
+#define	LDNS_TC_WIRE(wirebuf)	(*(wirebuf+2) & LDNS_TC_MASK)
+#define	LDNS_TC_SET(wirebuf)	(*(wirebuf+2) |= LDNS_TC_MASK)
+#define	LDNS_TC_CLR(wirebuf)	(*(wirebuf+2) &= ~LDNS_TC_MASK)
+
+#define	LDNS_AA_MASK		0x04U
+#define	LDNS_AA_SHIFT	2
+#define	LDNS_AA_WIRE(wirebuf)	(*(wirebuf+2) & LDNS_AA_MASK)
+#define	LDNS_AA_SET(wirebuf)	(*(wirebuf+2) |= LDNS_AA_MASK)
+#define	LDNS_AA_CLR(wirebuf)	(*(wirebuf+2) &= ~LDNS_AA_MASK)
+
+#define	LDNS_OPCODE_MASK	0x78U
+#define	LDNS_OPCODE_SHIFT	3
+#define	LDNS_OPCODE_WIRE(wirebuf)	((*(wirebuf+2) & LDNS_OPCODE_MASK) >> LDNS_OPCODE_SHIFT)
+#define	LDNS_OPCODE_SET(wirebuf, opcode) \
+	(*(wirebuf+2) = ((*(wirebuf+2)) & ~LDNS_OPCODE_MASK) | ((opcode) << LDNS_OPCODE_SHIFT))
+
+#define	LDNS_QR_MASK		0x80U
+#define	LDNS_QR_SHIFT	7
+#define	LDNS_QR_WIRE(wirebuf)	(*(wirebuf+2) & LDNS_QR_MASK)
+#define	LDNS_QR_SET(wirebuf)	(*(wirebuf+2) |= LDNS_QR_MASK)
+#define	LDNS_QR_CLR(wirebuf)	(*(wirebuf+2) &= ~LDNS_QR_MASK)
+
+/* Second octet of flags */
+#define	LDNS_RCODE_MASK	0x0fU
+#define	LDNS_RCODE_SHIFT	0
+#define	LDNS_RCODE_WIRE(wirebuf)	(*(wirebuf+3) & LDNS_RCODE_MASK)
+#define	LDNS_RCODE_SET(wirebuf, rcode) \
+	(*(wirebuf+3) = ((*(wirebuf+3)) & ~LDNS_RCODE_MASK) | (rcode))
+
+#define	LDNS_CD_MASK		0x10U
+#define	LDNS_CD_SHIFT	4
+#define	LDNS_CD_WIRE(wirebuf)	(*(wirebuf+3) & LDNS_CD_MASK)
+#define	LDNS_CD_SET(wirebuf)	(*(wirebuf+3) |= LDNS_CD_MASK)
+#define	LDNS_CD_CLR(wirebuf)	(*(wirebuf+3) &= ~LDNS_CD_MASK)
+
+#define	LDNS_AD_MASK		0x20U
+#define	LDNS_AD_SHIFT	5
+#define	LDNS_AD_WIRE(wirebuf)	(*(wirebuf+3) & LDNS_AD_MASK)
+#define	LDNS_AD_SET(wirebuf)	(*(wirebuf+3) |= LDNS_AD_MASK)
+#define	LDNS_AD_CLR(wirebuf)	(*(wirebuf+3) &= ~LDNS_AD_MASK)
+
+#define	LDNS_Z_MASK		0x40U
+#define	LDNS_Z_SHIFT		6
+#define	LDNS_Z_WIRE(wirebuf)	(*(wirebuf+3) & LDNS_Z_MASK)
+#define	LDNS_Z_SET(wirebuf)	(*(wirebuf+3) |= LDNS_Z_MASK)
+#define	LDNS_Z_CLR(wirebuf)	(*(wirebuf+3) &= ~LDNS_Z_MASK)
+
+#define	LDNS_RA_MASK		0x80U
+#define	LDNS_RA_SHIFT	7
+#define	LDNS_RA_WIRE(wirebuf)	(*(wirebuf+3) & LDNS_RA_MASK)
+#define	LDNS_RA_SET(wirebuf)	(*(wirebuf+3) |= LDNS_RA_MASK)
+#define	LDNS_RA_CLR(wirebuf)	(*(wirebuf+3) &= ~LDNS_RA_MASK)
+
+/* Query ID */
+#define	LDNS_ID_WIRE(wirebuf)		(ldns_read_uint16(wirebuf))
+#define	LDNS_ID_SET(wirebuf, id)	(ldns_write_uint16(wirebuf, id))
+
+/* Counter of the question section */
+#define LDNS_QDCOUNT_OFF		4
+/*
+#define	QDCOUNT(wirebuf)		(ntohs(*(uint16_t *)(wirebuf+QDCOUNT_OFF)))
+*/
+#define	LDNS_QDCOUNT(wirebuf)		(ldns_read_uint16(wirebuf+LDNS_QDCOUNT_OFF))
+
+/* Counter of the answer section */
+#define LDNS_ANCOUNT_OFF		6
+#define	LDNS_ANCOUNT(wirebuf)		(ldns_read_uint16(wirebuf+LDNS_ANCOUNT_OFF))
+
+/* Counter of the authority section */
+#define LDNS_NSCOUNT_OFF		8
+#define	LDNS_NSCOUNT(wirebuf)		(ldns_read_uint16(wirebuf+LDNS_NSCOUNT_OFF))
+
+/* Counter of the additional section */
+#define LDNS_ARCOUNT_OFF		10
+#define	LDNS_ARCOUNT(wirebuf)		(ldns_read_uint16(wirebuf+LDNS_ARCOUNT_OFF))
+
+/**
+ * converts the data on the uint8_t bytearray (in wire format) to a DNS packet.
+ * This function will initialize and allocate memory space for the packet 
+ * structure.
+ * 
+ * \param[in] packet pointer to the structure to hold the packet
+ * \param[in] data pointer to the buffer with the data
+ * \param[in] len the length of the data buffer (in bytes)
+ * \return LDNS_STATUS_OK if everything succeeds, error otherwise
+ */
+ldns_status ldns_wire2pkt(ldns_pkt **packet, const uint8_t *data, size_t len);
+
+/**
+ * converts the data on the uint8_t bytearray (in wire format) to a DNS packet.
+ * This function will initialize and allocate memory space for the packet 
+ * structure.
+ * 
+ * \param[in] packet pointer to the structure to hold the packet
+ * \param[in] buffer the buffer with the data
+ * \return LDNS_STATUS_OK if everything succeeds, error otherwise
+ */
+ldns_status ldns_buffer2pkt_wire(ldns_pkt **packet, ldns_buffer *buffer);
+
+/**
+ * converts the data on the uint8_t bytearray (in wire format) to a DNS 
+ * dname rdata field. This function will initialize and allocate memory
+ * space for the dname structure. The length of the wiredata of this rdf 
+ * is added to the *pos value.
+ *
+ * \param[in] dname pointer to the structure to hold the rdata value
+ * \param[in] wire pointer to the buffer with the data
+ * \param[in] max the length of the data buffer (in bytes)
+ * \param[in] pos the position of the rdf in the buffer (ie. the number of bytes 
+ *            from the start of the buffer)
+ * \return LDNS_STATUS_OK if everything succeeds, error otherwise
+ */
+ldns_status ldns_wire2dname(ldns_rdf **dname, const uint8_t *wire, size_t max, size_t *pos);
+
+/**
+ * converts the data on the uint8_t bytearray (in wire format) to DNS 
+ * rdata fields, and adds them to the list of rdfs of the given rr.
+ * This function will initialize and allocate memory space for the dname
+ * structures.
+ * The length of the wiredata of these rdfs is added to the *pos value.
+ *
+ * All rdfs belonging to the RR are read; the rr should have no rdfs
+ * yet. An error is returned if the format cannot be parsed.
+ *
+ * \param[in] rr pointer to the ldns_rr structure to hold the rdata value
+ * \param[in] wire pointer to the buffer with the data
+ * \param[in] max the length of the data buffer (in bytes)
+ * \param[in] pos the position of the rdf in the buffer (ie. the number of bytes 
+ *            from the start of the buffer)
+ * \return LDNS_STATUS_OK if everything succeeds, error otherwise
+ */
+ldns_status ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos);
+
+/**
+ * converts the data on the uint8_t bytearray (in wire format) to a DNS 
+ * resource record.
+ * This function will initialize and allocate memory space for the rr
+ * structure.
+ * The length of the wiredata of this rr is added to the *pos value.
+ * 
+ * \param[in] rr pointer to the structure to hold the rdata value
+ * \param[in] wire pointer to the buffer with the data
+ * \param[in] max the length of the data buffer (in bytes)
+ * \param[in] pos the position of the rr in the buffer (ie. the number of bytes 
+ *            from the start of the buffer)
+ * \param[in] section the section in the packet the rr is meant for
+ * \return LDNS_STATUS_OK if everything succeeds, error otherwise
+ */
+ldns_status ldns_wire2rr(ldns_rr **rr, const uint8_t *wire, size_t max, size_t *pos, ldns_pkt_section section);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDNS_WIRE2HOST_H */
diff --git a/3rdParty/Ldns/src/include/ldns/zone.h b/3rdParty/Ldns/src/include/ldns/zone.h
new file mode 100644
index 0000000..0d129a0
--- /dev/null
+++ b/3rdParty/Ldns/src/include/ldns/zone.h
@@ -0,0 +1,176 @@
+/**
+ * zone.h
+ *
+ * zone definitions
+ *  - what is it
+ *  - get_glue function
+ *  - search etc
+ *
+ * a Net::DNS like library for C
+ *
+ * (c) NLnet Labs, 2005-2006
+ *
+ * See the file LICENSE for the license
+ */
+
+/**
+ * \file
+ *
+ * Defines the ldns_zone structure and functions to manipulate it.
+ */
+ 
+
+#ifndef LDNS_ZONE_H
+#define LDNS_ZONE_H
+
+#include <ldns/common.h>
+#include <ldns/rdata.h>
+#include <ldns/rr.h>
+#include <ldns/error.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** 
+ * DNS Zone
+ *
+ * A list of RR's with some
+ * extra information which comes from the SOA RR
+ * Note: nothing has been done to make this efficient (yet).
+ */
+struct ldns_struct_zone
+{
+	/** the soa defines a zone */
+	ldns_rr 	*_soa;
+	/* basicly a zone is a list of rr's */
+	ldns_rr_list 	*_rrs;
+	/* we could change this to be a b-tree etc etc todo */
+};
+typedef struct ldns_struct_zone ldns_zone;	
+	
+/**
+ * create a new ldns_zone structure
+ * \return a pointer to a ldns_zone structure
+ */
+ldns_zone * ldns_zone_new(void);
+
+/**
+ * Return the soa record of a zone
+ * \param[in] z the zone to read from
+ * \return the soa record in the zone
+ */
+ldns_rr * ldns_zone_soa(const ldns_zone *z);
+
+/**
+ * Returns the number of resource records in the zone, NOT counting the SOA record
+ * \param[in] z the zone to read from
+ * \return the number of rr's in the zone
+ */
+size_t ldns_zone_rr_count(const ldns_zone *z);
+
+/**
+ * Set the zone's soa record
+ * \param[in] z the zone to put the new soa in
+ * \param[in] soa the soa to set
+ */
+void ldns_zone_set_soa(ldns_zone *z, ldns_rr *soa);
+
+/**
+ * Get a list of a zone's content. Note that the SOA
+ * isn't included in this list. You need to get the 
+ * with ldns_zone_soa.
+ * \param[in] z the zone to read from
+ * \return the rrs from this zone
+ */
+ldns_rr_list * ldns_zone_rrs(const ldns_zone *z);
+
+/**
+ * Set the zone's contents
+ * \param[in] z the zone to put the new soa in
+ * \param[in] rrlist the rrlist to use
+ */
+void ldns_zone_set_rrs(ldns_zone *z, ldns_rr_list *rrlist);
+
+/**
+ * push an rrlist to a zone structure. This function use pointer
+ * copying, so the rr_list structure inside z is modified!
+ * \param[in] z the zone to add to
+ * \param[in] list the list to add
+ * \return a true on succes otherwise falsed
+ */
+bool ldns_zone_push_rr_list(ldns_zone *z, ldns_rr_list *list);
+
+/**
+ * push an single rr to a zone structure. This function use pointer
+ * copying, so the rr_list structure inside z is modified!
+ * \param[in] z the zone to add to
+ * \param[in] rr the rr to add
+ * \return a true on succes otherwise falsed
+ */
+bool ldns_zone_push_rr(ldns_zone *z, ldns_rr *rr);
+
+/**
+ * Retrieve all resource records from the zone that are glue
+ * records. The resulting list does are pointer references
+ * to the zone's data.
+ *
+ * Due to the current zone implementation (as a list of rr's), this
+ * function is extremely slow. Another (probably better) way to do this
+ * is to use an ldns_dnssec_zone structure and the 
+ * ldns_dnssec_mark_and_get_glue() function.
+ *
+ * \param[in] z the zone to look for glue
+ * \return the rr_list with the glue
+ */
+ldns_rr_list *ldns_zone_glue_rr_list(const ldns_zone *z);
+
+/**
+ * Create a new zone from a file
+ * \param[out] z the new zone
+ * \param[in] *fp the filepointer to use
+ * \param[in] *origin the zones' origin
+ * \param[in] ttl default ttl to use
+ * \param[in] c default class to use (IN)
+ *
+ * \return ldns_status mesg with an error or LDNS_STATUS_OK
+ */
+ldns_status ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c);
+
+/**
+ * Create a new zone from a file, keep track of the line numbering
+ * \param[out] z the new zone
+ * \param[in] *fp the filepointer to use
+ * \param[in] *origin the zones' origin
+ * \param[in] ttl default ttl to use
+ * \param[in] c default class to use (IN)
+ * \param[out] line_nr used for error msg, to get to the line number
+ *
+ * \return ldns_status mesg with an error or LDNS_STATUS_OK
+ */
+ldns_status ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c, int *line_nr);
+
+/**
+ * Frees the allocated memory for the zone, and the rr_list structure in it
+ * \param[in] zone the zone to free
+ */
+void ldns_zone_free(ldns_zone *zone);
+
+/**
+ * Frees the allocated memory for the zone, the soa rr in it, 
+ * and the rr_list structure in it, including the rr's in that. etc.
+ * \param[in] zone the zone to free
+ */
+void ldns_zone_deep_free(ldns_zone *zone);
+
+/**
+ * Sort the rrs in a zone, with the current impl. this is slow
+ * \param[in] zone the zone to sort
+ */
+void ldns_zone_sort(ldns_zone *zone);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDNS_ZONE_H */
author	Tobias Markmann <tm@ayena.de>	2012-03-12 17:32:02 (GMT)
committer	Tobias Markmann <tm@ayena.de>	2012-03-21 20:41:16 (GMT)
commit	2878d950c11526094dc2faeb2caeeb1004f1690d (patch)
tree	891760e443f9c90135165bb4ec29c72647179bcf /3rdParty/Ldns/src/include/ldns
parent	2fa37f2976b933ca0bcf5f85dd1615805776d67d (diff)
download	swift-contrib-2878d950c11526094dc2faeb2caeeb1004f1690d.zip swift-contrib-2878d950c11526094dc2faeb2caeeb1004f1690d.tar.bz2