git: 5542dcf8dcf6 - stable/13 - unbound: Vendor import 1.13.2

From: Cy Schubert <cy_at_FreeBSD.org>
Date: Thu, 09 Dec 2021 18:59:03 UTC
The branch stable/13 has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=5542dcf8dcf67b84181e779fcfcf4b41e30e95bf

commit 5542dcf8dcf67b84181e779fcfcf4b41e30e95bf
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2021-08-17 09:32:56 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2021-12-09 18:50:23 +0000

    unbound: Vendor import 1.13.2
    
    Merge commit '625f1c1312fb7defbd148c8ba121a0cf058707ef'
    
    (cherry picked from commit 5469a9953005a9a4d4aad7be88545d441622e9a0)
---
 .../unbound/.github/ISSUE_TEMPLATE/bug_report.md   |   41 +
 .../.github/ISSUE_TEMPLATE/feature_request.md      |   31 +
 .../unbound/.github/workflows/analysis_ports.yml   |  346 +++++
 contrib/unbound/.github/workflows/ci.yml           |   21 +
 contrib/unbound/.travis.yml                        |  124 +-
 contrib/unbound/Makefile.in                        |  509 ++++---
 contrib/unbound/README.md                          |    1 +
 contrib/unbound/acx_nlnetlabs.m4                   |   23 +-
 contrib/unbound/cachedb/cachedb.c                  |    8 +-
 contrib/unbound/compat/ctime_r.c                   |    2 +-
 contrib/unbound/config.guess                       | 1222 +++++++++--------
 contrib/unbound/config.h.in                        |   26 +
 contrib/unbound/config.sub                         |   59 +-
 contrib/unbound/configure                          |  134 +-
 contrib/unbound/configure.ac                       |   72 +-
 contrib/unbound/contrib/ios/install_tools.sh       |    8 +-
 contrib/unbound/contrib/unbound.service.in         |    4 +
 contrib/unbound/contrib/unbound.spec               |   20 +-
 contrib/unbound/contrib/unbound_munin_             |   71 +-
 contrib/unbound/daemon/daemon.c                    |   13 +-
 contrib/unbound/daemon/remote.c                    |  111 +-
 contrib/unbound/daemon/unbound.c                   |   29 +
 contrib/unbound/daemon/worker.c                    |   85 +-
 contrib/unbound/dnscrypt/dnscrypt.c                |    2 +
 contrib/unbound/dnstap/dnstap.c                    |  120 +-
 contrib/unbound/dnstap/dnstap.h                    |   12 +-
 contrib/unbound/dnstap/unbound-dnstap-socket.c     |   26 +-
 contrib/unbound/doc/Changelog                      |  374 ++++++
 contrib/unbound/doc/README                         |    2 +-
 contrib/unbound/doc/example.conf.in                |   30 +-
 contrib/unbound/doc/libunbound.3.in                |    4 +-
 contrib/unbound/doc/unbound-anchor.8.in            |    2 +-
 contrib/unbound/doc/unbound-checkconf.8.in         |    2 +-
 contrib/unbound/doc/unbound-control.8.in           |    7 +-
 contrib/unbound/doc/unbound-host.1.in              |    2 +-
 contrib/unbound/doc/unbound.8.in                   |    4 +-
 contrib/unbound/doc/unbound.conf.5.in              |  184 ++-
 contrib/unbound/doc/unbound.doxygen                |    2 +-
 contrib/unbound/edns-subnet/subnetmod.c            |   36 +-
 contrib/unbound/ipsecmod/ipsecmod.c                |   17 +
 contrib/unbound/iterator/iter_scrub.c              |   24 +-
 contrib/unbound/iterator/iter_utils.c              |   34 +-
 contrib/unbound/iterator/iter_utils.h              |   23 +-
 contrib/unbound/iterator/iterator.c                |   79 +-
 contrib/unbound/iterator/iterator.h                |    8 +-
 contrib/unbound/libunbound/context.c               |    4 +-
 contrib/unbound/libunbound/libworker.c             |   69 +-
 contrib/unbound/libunbound/worker.h                |    8 -
 contrib/unbound/respip/respip.c                    |    2 +-
 contrib/unbound/services/authzone.c                | 1405 +++++++++++++++++++-
 contrib/unbound/services/authzone.h                |   96 +-
 contrib/unbound/services/cache/dns.c               |    5 +-
 contrib/unbound/services/cache/dns.h               |    4 +-
 contrib/unbound/services/cache/infra.c             |    3 +
 contrib/unbound/services/listen_dnsport.c          |  263 +++-
 contrib/unbound/services/listen_dnsport.h          |   28 +-
 contrib/unbound/services/localzone.c               |   16 +-
 contrib/unbound/services/localzone.h               |    2 +-
 contrib/unbound/services/mesh.c                    |   17 +-
 contrib/unbound/services/modstack.c                |   65 +-
 contrib/unbound/services/outside_network.c         |  463 +++++--
 contrib/unbound/services/outside_network.h         |   45 +-
 contrib/unbound/services/rpz.c                     |   26 +-
 contrib/unbound/sldns/keyraw.c                     |  333 ++++-
 contrib/unbound/sldns/keyraw.h                     |   20 +
 contrib/unbound/sldns/parse.c                      |    3 +
 contrib/unbound/sldns/parse.h                      |    3 -
 contrib/unbound/sldns/parseutil.c                  |   15 +
 contrib/unbound/sldns/parseutil.h                  |    1 +
 contrib/unbound/sldns/rrdef.c                      |   15 +-
 contrib/unbound/sldns/rrdef.h                      |   10 +-
 contrib/unbound/sldns/sbuffer.h                    |    2 -
 contrib/unbound/sldns/str2wire.c                   |  683 +++++++++-
 contrib/unbound/sldns/str2wire.h                   |   31 +
 contrib/unbound/sldns/wire2str.c                   |  279 ++++
 contrib/unbound/sldns/wire2str.h                   |   12 +
 contrib/unbound/smallapp/unbound-checkconf.c       |    4 +-
 contrib/unbound/smallapp/unbound-control.c         |   37 +-
 contrib/unbound/smallapp/unbound-host.c            |    2 +-
 contrib/unbound/smallapp/worker_cb.c               |   18 +-
 contrib/unbound/testcode/readzone.c                |  158 +++
 contrib/unbound/testcode/unittcpreuse.c            |  236 ++++
 contrib/unbound/testcode/unitzonemd.c              |  537 ++++++++
 contrib/unbound/testdata/auth_zonemd_anchor.rpl    |  234 ++++
 .../unbound/testdata/auth_zonemd_anchor_fail.rpl   |  236 ++++
 contrib/unbound/testdata/auth_zonemd_chain.rpl     |  234 ++++
 .../unbound/testdata/auth_zonemd_chain_fail.rpl    |  236 ++++
 contrib/unbound/testdata/auth_zonemd_file.rpl      |  183 +++
 contrib/unbound/testdata/auth_zonemd_file_fail.rpl |  185 +++
 contrib/unbound/testdata/auth_zonemd_insecure.rpl  |  215 +++
 .../testdata/auth_zonemd_insecure_absent.rpl       |  217 +++
 .../auth_zonemd_insecure_absent_reject.rpl         |  218 +++
 .../unbound/testdata/auth_zonemd_insecure_fail.rpl |  218 +++
 contrib/unbound/testdata/auth_zonemd_nokey.rpl     |  212 +++
 .../testdata/auth_zonemd_permissive_mode.rpl       |  187 +++
 contrib/unbound/testdata/auth_zonemd_xfr.rpl       |  238 ++++
 .../unbound/testdata/auth_zonemd_xfr_anchor.rpl    |  285 ++++
 .../testdata/auth_zonemd_xfr_anchor_fail.rpl       |  266 ++++
 contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl |  310 +++++
 .../testdata/auth_zonemd_xfr_chain_fail.rpl        |  321 +++++
 contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl  |  241 ++++
 .../127.0.0.1/example.com.zone                     |    3 +
 .../http_user_agent.tdir/http_user_agent.conf      |   24 +
 .../http_user_agent.tdir/http_user_agent.dsc       |   16 +
 .../http_user_agent.tdir/http_user_agent.post      |   11 +
 .../http_user_agent.tdir/http_user_agent.pre       |   37 +
 .../http_user_agent.tdir/http_user_agent.test      |  103 ++
 .../testdata/http_user_agent.tdir/petal.key        |   21 +
 .../testdata/http_user_agent.tdir/petal.pem        |   14 +
 .../http_user_agent.tdir/unbound_control.key       |   39 +
 .../http_user_agent.tdir/unbound_control.pem       |   22 +
 .../http_user_agent.tdir/unbound_server.key        |   39 +
 .../http_user_agent.tdir/unbound_server.pem        |   22 +
 contrib/unbound/testdata/rpz_rootwc.rpl            |  162 +++
 .../testdata/svcb.tdir/crypto.cloudflare.com.zone  |    9 +
 contrib/unbound/testdata/svcb.tdir/svcb.dsc        |   16 +
 .../testdata/svcb.tdir/svcb.failure-cases-01       |    9 +
 .../testdata/svcb.tdir/svcb.failure-cases-02       |    8 +
 .../testdata/svcb.tdir/svcb.failure-cases-03       |    8 +
 .../testdata/svcb.tdir/svcb.failure-cases-04       |    8 +
 .../testdata/svcb.tdir/svcb.success-cases.zone     |   47 +
 .../testdata/svcb.tdir/svcb.success-cases.zone.cmp |   10 +
 contrib/unbound/testdata/svcb.tdir/svcb.test       |   97 ++
 .../testdata/svcb.tdir/svcb.test-vectors-pf.zone   |   92 ++
 .../testdata/svcb.tdir/svcb.test-vectors-wf.zone   |  232 ++++
 contrib/unbound/testdata/zonemd.example1.zone      |    4 +
 contrib/unbound/testdata/zonemd.example10.zone     |   35 +
 contrib/unbound/testdata/zonemd.example11.zone     |   33 +
 contrib/unbound/testdata/zonemd.example12.zone     |   35 +
 contrib/unbound/testdata/zonemd.example13.zone     |   33 +
 contrib/unbound/testdata/zonemd.example14.zone     |   35 +
 contrib/unbound/testdata/zonemd.example15.zone     |   35 +
 contrib/unbound/testdata/zonemd.example16.zone     |   11 +
 contrib/unbound/testdata/zonemd.example17.zone     |   11 +
 contrib/unbound/testdata/zonemd.example2.zone      |   15 +
 contrib/unbound/testdata/zonemd.example3.zone      |   34 +
 contrib/unbound/testdata/zonemd.example4.zone      |   36 +
 contrib/unbound/testdata/zonemd.example5.zone      |   34 +
 contrib/unbound/testdata/zonemd.example6.zone      |   36 +
 contrib/unbound/testdata/zonemd.example7.zone      |   31 +
 contrib/unbound/testdata/zonemd.example8.zone      |   34 +
 contrib/unbound/testdata/zonemd.example9.zone      |   35 +
 contrib/unbound/testdata/zonemd.example_a1.zone    |    6 +
 contrib/unbound/testdata/zonemd.example_a2.zone    |   25 +
 contrib/unbound/testdata/zonemd.example_a3.zone    |   30 +
 contrib/unbound/testdata/zonemd.example_a4.zone    |  127 ++
 contrib/unbound/testdata/zonemd.example_a5.zone    |   48 +
 .../testdata/zonemd_reload.tdir/zonemd_reload.conf |   23 +
 .../testdata/zonemd_reload.tdir/zonemd_reload.dsc  |   16 +
 .../testdata/zonemd_reload.tdir/zonemd_reload.post |   14 +
 .../testdata/zonemd_reload.tdir/zonemd_reload.pre  |   35 +
 .../testdata/zonemd_reload.tdir/zonemd_reload.test |   74 ++
 .../zonemd_reload.tdir/zonemd_reload.testns        |   27 +
 .../testdata/zonemd_reload.tdir/zonemd_reload.zone |    8 +
 contrib/unbound/util/config_file.c                 |   84 +-
 contrib/unbound/util/config_file.h                 |   39 +
 contrib/unbound/util/configlexer.lex               |    9 +
 contrib/unbound/util/configparser.y                |  138 +-
 contrib/unbound/util/data/dname.h                  |    4 +-
 contrib/unbound/util/data/msgreply.c               |   22 +-
 contrib/unbound/util/fptr_wlist.c                  |    5 +-
 contrib/unbound/util/iana_ports.inc                |    5 +-
 contrib/unbound/util/net_help.c                    |    3 +-
 contrib/unbound/util/net_help.h                    |    6 +-
 contrib/unbound/util/netevent.c                    |  126 +-
 contrib/unbound/util/netevent.h                    |   12 +-
 contrib/unbound/util/shm_side/shm_main.c           |    6 +
 contrib/unbound/util/storage/lookup3.c             |  102 +-
 contrib/unbound/util/ub_event_pluggable.c          |    3 +-
 contrib/unbound/validator/autotrust.c              |   31 +-
 contrib/unbound/validator/val_anchor.c             |    7 +-
 contrib/unbound/validator/val_nsec.c               |    1 +
 contrib/unbound/validator/val_secalgo.c            |  247 +++-
 contrib/unbound/validator/val_secalgo.h            |   43 +
 contrib/unbound/validator/val_sigcrypt.c           |   98 +-
 contrib/unbound/validator/val_sigcrypt.h           |   29 +
 contrib/unbound/validator/val_utils.c              |   39 +-
 contrib/unbound/validator/validator.c              |   18 +-
 contrib/unbound/validator/validator.h              |    6 +-
 179 files changed, 14359 insertions(+), 1803 deletions(-)

diff --git a/contrib/unbound/.github/ISSUE_TEMPLATE/bug_report.md b/contrib/unbound/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 000000000000..35d7ee94f9da
--- /dev/null
+++ b/contrib/unbound/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,41 @@
+---
+name: Bug report
+about: Create a report to help us improve Unbound
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+<!--
+Thanks for taking the time to report an issue!
+
+Before continuing please make sure that you checked the existing (opened and closed) issues and pull requests to avoid opening a duplicate issue. We would rather prefer to add the information to the existing one. If you are able, feel free to reopen the closed issue afterwards. If not, please create a new issue linking to the old one.
+
+If you rather have a support question and you need guidance on running/configuring Unbound, please refrain from opening an issue and use the community support mailing list instead (https://www.nlnetlabs.nl/support/mailing-lists/).
+We would like to keep GitHub issues for possible bugs and feature requests only.
+
+If you are unsure whether an issue is a bug or not, feel free to reach out to mailing list users or open an issue here.
+
+If you are opening an issue, please complete as much of the following sections as possible to give us a better understanding of your situation.
+-->
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To reproduce**
+Steps to reproduce the behavior:
+1.
+2.
+3.
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**System:**
+ - Unbound version:
+ - OS:
+ - `unbound -V` output:
+
+**Additional information**
+Add any other information that you may have gathered about the issue here.
diff --git a/contrib/unbound/.github/ISSUE_TEMPLATE/feature_request.md b/contrib/unbound/.github/ISSUE_TEMPLATE/feature_request.md
new file mode 100644
index 000000000000..e9ca08b7ab65
--- /dev/null
+++ b/contrib/unbound/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,31 @@
+---
+name: Feature request
+about: Suggest an idea for Unbound
+title: "[FR]"
+labels: ''
+assignees: ''
+
+---
+
+<!--
+Thanks for taking the time to report an issue!
+
+Before continuing please make sure that you checked the existing (opened and closed) issues and pull requests to avoid opening a duplicate issue. We would rather prefer to add the information to the existing one. If you are able, feel free to reopen the closed issue afterwards. If not, please create a new issue linking to the old one.
+
+If you rather have a support question and you need guidance on running/configuring Unbound, please refrain from opening an issue and use the community support mailing list instead (https://www.nlnetlabs.nl/support/mailing-lists/).
+We would like to keep GitHub issues for possible bugs and feature requests only.
+
+If you are unsure whether an issue is a bug or not, feel free to reach out to mailing list users or open an issue here.
+
+If you are opening an issue, please complete as much of the following sections as possible to give us a better understanding of your situation.
+-->
+
+**Current behavior**
+Is there a current behavior that the feature relates to?
+If yes, would you wish the current behavior to change?
+
+**Describe the desired feature**
+A clear and concise description of what the feature should be.
+
+**Potential use-case**
+Describe how you see this feature being useful to other Unbound users.
diff --git a/contrib/unbound/.github/workflows/analysis_ports.yml b/contrib/unbound/.github/workflows/analysis_ports.yml
new file mode 100644
index 000000000000..fbbdd80185a9
--- /dev/null
+++ b/contrib/unbound/.github/workflows/analysis_ports.yml
@@ -0,0 +1,346 @@
+name: Analysis and Ports
+
+on:
+  workflow_dispatch:
+    inputs:
+      start:
+        description: 'Start analysis and port workflow'
+        default: 'yes'
+        required: true
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        include:
+          - name: GCC on Linux
+            os: ubuntu-latest
+            config: "--enable-debug --disable-flto"
+            make_test: "yes"
+          - name: Clang-analyzer
+            os: ubuntu-latest
+            config: "CC=clang --enable-debug --disable-flto --disable-static"
+            make_test: "yes"
+            clang_analysis: "yes"
+          - name: libevent
+            os: ubuntu-latest
+            install_libevent: "yes"
+            config: "CC=clang --enable-debug --disable-flto --with-libevent --disable-static"
+            make_test: "yes"
+            clang_analysis: "yes"
+          - name: OS X
+            os: macos-latest
+            install_expat: "yes"
+            config: "--enable-debug --disable-flto --with-ssl=/usr/local/opt/openssl --with-libexpat=/usr/local/opt/expat"
+            make_test: "yes"
+          - name: Clang on OS X
+            os: macos-latest
+            install_expat: "yes"
+            config: "CC=clang --enable-debug --disable-flto --with-ssl=/usr/local/opt/openssl --with-libexpat=/usr/local/opt/expat --disable-static"
+            make_test: "yes"
+            clang_analysis: "yes"
+          - name: ubsan (gcc undefined behaviour sanitizer)
+            os: ubuntu-latest
+            config: 'CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=undefined -fno-sanitize-recover=all" --disable-flto --disable-static'
+            make_test: "yes"
+          - name: asan (gcc address sanitizer)
+            os: ubuntu-latest
+            config: 'CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=address" --disable-flto --disable-static'
+            make_test: "yes"
+          - name: Apple iPhone on iOS, armv7
+            os: macos-latest
+            AUTOTOOLS_HOST: armv7-apple-ios
+            OPENSSL_HOST: ios-cross
+            IOS_SDK: iPhoneOS
+            IOS_CPU: armv7s
+            test_ios: "yes"
+            config: "no"
+            make: "no"
+          - name: Apple iPhone on iOS, arm64
+            os: macos-latest
+            AUTOTOOLS_HOST: aarch64-apple-ios
+            OPENSSL_HOST: ios64-cross
+            IOS_SDK: iPhoneOS
+            IOS_CPU: arm64
+            test_ios: "yes"
+            config: "no"
+            make: "no"
+          - name: Apple TV on iOS, arm64
+            os: macos-latest
+            AUTOTOOLS_HOST: aarch64-apple-ios
+            OPENSSL_HOST: ios64-cross
+            IOS_SDK: AppleTVOS
+            IOS_CPU: arm64
+            test_ios: "yes"
+            config: "no"
+            make: "no"
+          - name: Apple Watch on iOS, armv7
+            os: macos-latest
+            AUTOTOOLS_HOST: armv7-apple-ios
+            OPENSSL_HOST: ios-cross
+            IOS_SDK: WatchOS
+            IOS_CPU: armv7k
+            test_ios: "yes"
+            config: "no"
+            make: "no"
+          - name: iPhoneSimulator on OS X, i386
+            os: macos-latest
+            AUTOTOOLS_HOST: i386-apple-ios
+            OPENSSL_HOST: iphoneos-cross
+            IOS_SDK: iPhoneSimulator
+            IOS_CPU: i386
+            test_ios: "yes"
+            config: "no"
+            make: "no"
+          - name: iPhoneSimulator on OS X, x86_64
+            os: macos-latest
+            AUTOTOOLS_HOST: x86_64-apple-ios
+            OPENSSL_HOST: iphoneos-cross
+            IOS_SDK: iPhoneSimulator
+            IOS_CPU: x86_64
+            test_ios: "yes"
+            config: "no"
+            make: "no"
+          - name: AppleTVSimulator on OS X, x86_64
+            os: macos-latest
+            AUTOTOOLS_HOST: x86_64-apple-ios
+            OPENSSL_HOST: iphoneos-cross
+            IOS_SDK: AppleTVSimulator
+            IOS_CPU: x86_64
+            test_ios: "yes"
+            config: "no"
+            make: "no"
+          - name: WatchSimulator on OS X, i386
+            os: macos-latest
+            AUTOTOOLS_HOST: i386-apple-ios
+            OPENSSL_HOST: iphoneos-cross
+            IOS_SDK: WatchSimulator
+            IOS_CPU: i386
+            test_ios: "yes"
+            config: "no"
+            make: "no"
+          - name: Android armv7a
+            os: ubuntu-latest
+            AUTOTOOLS_HOST: armv7a-linux-androidabi
+            OPENSSL_HOST: android-arm
+            ANDROID_CPU: armv7a
+            ANDROID_API: 23
+            test_android: "yes"
+            config: "no"
+            make: "no"
+          - name: Android aarch64
+            os: ubuntu-latest
+            AUTOTOOLS_HOST: aarch64-linux-android
+            OPENSSL_HOST: android-arm64
+            ANDROID_CPU: aarch64
+            ANDROID_API: 23
+            test_android: "yes"
+            config: "no"
+            make: "no"
+          - name: Android x86
+            os: ubuntu-latest
+            AUTOTOOLS_HOST: i686-linux-android
+            OPENSSL_HOST: android-x86
+            ANDROID_CPU: x86
+            ANDROID_API: 23
+            test_android: "yes"
+            config: "no"
+            make: "no"
+          - name: Android x86_64
+            os: ubuntu-latest
+            AUTOTOOLS_HOST: x86_64-linux-android
+            OPENSSL_HOST: android-x86_64
+            ANDROID_CPU: x86_64
+            ANDROID_API: 23
+            test_android: "yes"
+            config: "no"
+            make: "no"
+          - name: Windows
+            os: windows-latest
+            test_windows: "yes"
+            config: "no"
+            make: "no"
+ 
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          submodules: false
+      - name: test_windows
+        if: ${{ matrix.test_windows == 'yes' }}
+        shell: bash
+        run: |
+          export unboundpath=`pwd`
+          echo unboundpath=${unboundpath}
+          cd ..
+          export prepath=`pwd`
+          echo prepath=${prepath}
+          #echo "curl cpanm"
+          #curl -L -k -s -S -o cpanm https://cpanmin.us/
+          #echo "perl cpanm Pod::Usage"
+          #perl cpanm Pod::Usage
+          mkdir openssl
+          echo "curl openssl"
+          curl -L -k -s -S -o openssl-1.1.1j.tar.gz https://www.openssl.org/source/openssl-1.1.1j.tar.gz
+          tar xzf openssl-1.1.1j.tar.gz
+          cd openssl-1.1.1j
+          # remove pod::Usage because we do not need -help or -man output
+          # from the Configure script
+          echo "Fixup ./Configure by removing use Pod::Usage require"
+          sed -e 's/use Pod::Usage//' < Configure > Configure.fix
+          echo "./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix=\""$prepath/openssl\"""
+          ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix="$prepath/openssl"
+          # make the libs only, build faster
+          echo "make build_libs"
+          #make
+          make build_libs
+          mv Makefile Makefile.orig
+          # fixup \\ in the installtop to /.
+          echo "fixup INSTALLTOP"
+          sed -e 's?^INSTALLTOP=.*$?INSTALLTOP='"$prepath"'/openssl?' < Makefile.orig > Makefile
+          # install the includes and libs only, build faster
+          echo "make install_dev"
+          #make install_sw
+          make install_dev
+          cd ..
+          mkdir expat
+          echo "curl expat"
+          curl -L -k -s -S -o expat-2.2.10.tar.gz https://github.com/libexpat/libexpat/releases/download/R_2_2_10/expat-2.2.10.tar.gz
+          tar xzf expat-2.2.10.tar.gz
+          cd expat-2.2.10
+          echo "./configure SHELL=/usr/bin/bash CONFIG_SHELL=/usr/bin/bash --prefix=\"$prepath/expat\" --exec-prefix=\"$prepath/expat\" --bindir=\"$prepath/expat/bin\" --includedir=\"$prepath/expat/include\" --mandir=\"$prepath/expat/man\" --libdir=\"$prepath/expat/lib\""
+          ./configure SHELL=/usr/bin/bash CONFIG_SHELL=/usr/bin/bash --prefix="$prepath/expat" --exec-prefix="$prepath/expat" --bindir="$prepath/expat/bin" --includedir="$prepath/expat/include" --mandir="$prepath/expat/man" --libdir="$prepath/expat/lib"
+          # fixup SHELL is treated specially, but SHELZZ is not by make.
+          echo "Fixup Makefiles by renaming SHELL to SHELLZZ"
+          mv Makefile Makefile.orig
+          sed -e 's/SHELL/SHELLZZ/g' < Makefile.orig > Makefile
+          mv lib/Makefile lib/Makefile.orig
+          sed -e 's/SHELL/SHELLZZ/g' < lib/Makefile.orig > lib/Makefile
+          mv doc/Makefile doc/Makefile.orig
+          sed -e 's/SHELL/SHELLZZ/g' < doc/Makefile.orig > doc/Makefile
+          mv examples/Makefile examples/Makefile.orig
+          sed -e 's/SHELL/SHELLZZ/g' < examples/Makefile.orig > examples/Makefile
+          mv tests/Makefile tests/Makefile.orig
+          sed -e 's/SHELL/SHELLZZ/g' < tests/Makefile.orig > tests/Makefile
+          mv xmlwf/Makefile xmlwf/Makefile.orig
+          sed -e 's/SHELL/SHELLZZ/g' < xmlwf/Makefile.orig > xmlwf/Makefile
+          echo "make"
+          make
+          echo "make install"
+          make install
+          cd ..
+          echo "unbound"
+          cd unbound
+          echo "./configure --enable-debug --enable-static-exe --disable-flto \"--with-ssl=$prepath/openssl\" --with-libexpat=\"$prepath/expat\" --disable-shared"
+          ./configure --enable-debug --enable-static-exe --disable-flto "--with-ssl=$prepath/openssl" --with-libexpat="$prepath/expat" --disable-shared
+          make
+          # specific test output
+          #make testbound.exe; ./testbound.exe -s
+          #make testbound; ./testbound.exe -p testdata/acl.rpl -o -vvvv
+          make test
+      - name: test_android
+        if: ${{ matrix.test_android == 'yes' }}
+        env:
+          AUTOTOOLS_HOST: ${{ matrix.AUTOTOOLS_HOST }}
+          OPENSSL_HOST: ${{ matrix.OPENSSL_HOST }}
+          ANDROID_API: ${{ matrix.ANDROID_API }}
+          ANDROID_CPU: ${{ matrix.ANDROID_CPU }}
+        run: |
+          #(already installed) ./contrib/android/install_tools.sh
+          export ANDROID_PREFIX="$HOME/android$ANDROID_API-$ANDROID_CPU"
+          echo ANDROID_PREFIX=${ANDROID_PREFIX}
+          export ANDROID_SDK_ROOT="$HOME/android-sdk"
+          echo ANDROID_SDK_ROOT=${ANDROID_SDK_ROOT}
+          export ANDROID_NDK_ROOT="$HOME/android-ndk"
+          echo ANDROID_NDK_ROOT=${ANDROID_NDK_ROOT}
+          export AUTOTOOLS_BUILD="$(./config.guess)"
+          echo AUTOTOOLS_BUILD=${AUTOTOOLS_BUILD}
+          export PKG_CONFIG_PATH="$ANDROID_PREFIX/lib/pkgconfig"
+          echo PKG_CONFIG_PATH=${PKG_CONFIG_PATH}
+          export CONFIG_OPTS="--build=$AUTOTOOLS_BUILD --host=$AUTOTOOLS_HOST --prefix=$ANDROID_PREFIX --with-ssl=$ANDROID_PREFIX --disable-gost --with-libexpat=$ANDROID_PREFIX"
+          echo CONFIG_OPTS=${CONFIG_OPTS}
+          echo "::group::install_ndk"
+          echo "./contrib/android/install_ndk.sh"
+          ./contrib/android/install_ndk.sh
+          echo "::endgroup::"
+          echo "::group::setenv_android.sh"
+          echo "./contrib/android/setenv_android.sh"
+          source ./contrib/android/setenv_android.sh
+          echo "::endgroup::"
+          echo "::group::install_openssl"
+          echo "./contrib/android/install_openssl.sh"
+          ./contrib/android/install_openssl.sh
+          echo "::endgroup::"
+          echo "::group::install_expat"
+          echo "./contrib/android/install_expat.sh"
+          ./contrib/android/install_expat.sh
+          echo "::endgroup::"
+          echo "::group::configure"
+          echo "./configure ${CONFIG_OPTS}"
+          ./configure ${CONFIG_OPTS}
+          echo "::endgroup::"
+          echo "::group::make"
+          # make is here to preserve environment variables
+          make
+          echo "::endgroup::"
+          echo "::group::make install"
+          make install
+          echo "::endgroup::"
+      - name: test ios
+        if: ${{ matrix.test_ios == 'yes' }}
+        env:
+          AUTOTOOLS_HOST: ${{ matrix.AUTOTOOLS_HOST }}
+          OPENSSL_HOST: ${{ matrix.OPENSSL_HOST }}
+          IOS_SDK: ${{ matrix.IOS_SDK }}
+          IOS_CPU: ${{ matrix.IOS_CPU }}
+        run: |
+          #(already installed) ./contrib/ios/install_tools.sh
+          export AUTOTOOLS_BUILD="$(./config.guess)"
+          echo AUTOTOOLS_BUILD=${AUTOTOOLS_BUILD}
+          export IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
+          echo IOS_PREFIX=${IOS_PREFIX}
+          export PKG_CONFIG_PATH="$IOS_PREFIX/lib/pkgconfig"
+          echo PKG_CONFIG_PATH=${PKG_CONFIG_PATH}
+          export CONFIG_OPTS="--build=$AUTOTOOLS_BUILD --host=$AUTOTOOLS_HOST --prefix=$IOS_PREFIX --with-ssl=$IOS_PREFIX --disable-gost --with-libexpat=$IOS_PREFIX"
+          echo CONFIG_OPTS=${CONFIG_OPTS}
+          echo "::group::setenv_ios.sh"
+          echo "./contrib/ios/setenv_ios.sh"
+          source ./contrib/ios/setenv_ios.sh
+          echo "::endgroup::"
+          echo "::group::install_openssl"
+          echo "./contrib/ios/install_openssl.sh"
+          ./contrib/ios/install_openssl.sh
+          echo "::endgroup::"
+          echo "::group::install_expat"
+          echo "./contrib/ios/install_expat.sh"
+          ./contrib/ios/install_expat.sh
+          echo "::endgroup::"
+          echo "::group::configure"
+          echo "./configure ${CONFIG_OPTS}"
+          ./configure ${CONFIG_OPTS}
+          echo "::endgroup::"
+          echo "::group::make"
+          # make is here to preserve environment variables
+          make
+          echo "::endgroup::"
+          echo "::group::make install"
+          make install
+          echo "::endgroup::"
+      - name: install libevent
+        if: ${{ matrix.install_libevent == 'yes' }}
+        run: sudo apt-get install libevent-dev
+      - name: install expat
+        if: ${{ matrix.install_expat == 'yes' }}
+        run: brew install expat
+      - name: configure
+        if: ${{ matrix.config != 'no' }}
+        run: ./configure ${{ matrix.config }}
+      - name: make
+        if: ${{ matrix.make != 'no' }}
+        run: make
+      - name: make test
+        if: ${{ matrix.make_test == 'yes' }}
+        run: make test
+      - name: clang-analysis
+        if: ${{ matrix.clang_analysis == 'yes' }}
+        run: (cd testdata/clang-analysis.tdir; bash clang-analysis.test)
diff --git a/contrib/unbound/.github/workflows/ci.yml b/contrib/unbound/.github/workflows/ci.yml
new file mode 100644
index 000000000000..73d68fbf35c9
--- /dev/null
+++ b/contrib/unbound/.github/workflows/ci.yml
@@ -0,0 +1,21 @@
+name: ci
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: configure
+      run: ./configure --enable-debug
+    - name: make
+      run: make
+    - name: make test
+      run: make test
diff --git a/contrib/unbound/.travis.yml b/contrib/unbound/.travis.yml
index 37ea672b3494..1f514b5d08d4 100644
--- a/contrib/unbound/.travis.yml
+++ b/contrib/unbound/.travis.yml
@@ -15,7 +15,8 @@ addons:
       - openssl
       - libevent
       - expat
-    update: true
+    # homebrew update takes 20min or hangs, so disable update
+    #update: true
 
 jobs:
   include:
@@ -26,18 +27,22 @@ jobs:
       env:
         - CONFIG_OPTS="--enable-debug --disable-flto"
     - os: linux
-      name: Clang on Linux, Amd64
+      name: Clang on Linux, Amd64, clang-analysis
       compiler: clang
       arch: amd64
       env:
         - CONFIG_OPTS="--enable-debug --disable-flto"
+        - TEST_ANALYZER=yes
     - os: osx
-      name: Clang on OS X, Amd64
+      osx_image: xcode12.2
+      name: Clang on OS X, Amd64, clang-analysis
       compiler: clang
       arch: amd64
       env:
         - TEST_OSX=yes
-        - CONFIG_OPTS="--enable-debug --disable-flto --with-ssl=/usr/local/opt/openssl/"
+        - CONFIG_OPTS="--enable-debug --disable-flto --with-ssl=/usr/local/opt/openssl --with-libexpat=/usr/local/opt/expat"
+        - TEST_ANALYZER=yes
+        - HOMEBREW_NO_AUTO_UPDATE=1
     - os: linux
       name: Libevent, GCC on Linux, Amd64
       compiler: gcc
@@ -53,13 +58,15 @@ jobs:
         - TEST_LIBEVENT=yes
         - CONFIG_OPTS="--with-libevent"
     - os: osx
+      osx_image: xcode12.2
       name: Libevent, Clang on OS X, Amd64
       compiler: clang
       arch: amd64
       env:
         - TEST_OSX=yes
         - TEST_LIBEVENT=yes
-        - CONFIG_OPTS="--with-ssl=/usr/local/opt/openssl/ --with-libevent=/usr/local/opt/libevent/"
+        - CONFIG_OPTS="--disable-flto --with-ssl=/usr/local/opt/openssl --with-libevent=/usr/local/opt/libevent --with-libexpat=/usr/local/opt/expat"
+        - HOMEBREW_NO_AUTO_UPDATE=1
     - os: linux
       name: UBsan, GCC on Linux, Amd64
       compiler: gcc
@@ -131,7 +138,7 @@ jobs:
       env:
         - CONFIG_OPTS="--enable-debug --disable-flto"
     - os: osx
-      osx_image: xcode10
+      osx_image: xcode12.2
       name: Apple iPhone on iOS, armv7
       compiler: clang
       env:
@@ -141,8 +148,9 @@ jobs:
         - IOS_SDK=iPhoneOS
         - IOS_CPU=armv7s
         - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
+        - HOMEBREW_NO_AUTO_UPDATE=1
     - os: osx
-      osx_image: xcode10
+      osx_image: xcode12.2
       name: Apple iPhone on iOS, arm64
       compiler: clang
       env:
@@ -152,8 +160,9 @@ jobs:
         - IOS_SDK=iPhoneOS
         - IOS_CPU=arm64
         - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
+        - HOMEBREW_NO_AUTO_UPDATE=1
     - os: osx
-      osx_image: xcode10
+      osx_image: xcode12.2
       name: Apple TV on iOS, arm64
       compiler: clang
       env:
@@ -163,8 +172,9 @@ jobs:
         - IOS_SDK=AppleTVOS
         - IOS_CPU=arm64
         - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
+        - HOMEBREW_NO_AUTO_UPDATE=1
     - os: osx
-      osx_image: xcode10
+      osx_image: xcode12.2
       name: Apple Watch on iOS, armv7
       compiler: clang
       env:
@@ -174,8 +184,9 @@ jobs:
         - IOS_SDK=WatchOS
         - IOS_CPU=armv7k
         - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
+        - HOMEBREW_NO_AUTO_UPDATE=1
     - os: osx
-      osx_image: xcode10
+      osx_image: xcode12.2
       name: iPhoneSimulator on OS X, i386
       env:
         - TEST_IOS=yes
@@ -184,8 +195,9 @@ jobs:
         - IOS_CPU=i386
         - IOS_SDK=iPhoneSimulator
         - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
+        - HOMEBREW_NO_AUTO_UPDATE=1
     - os: osx
-      osx_image: xcode10
+      osx_image: xcode12.2
       name: iPhoneSimulator on OS X, x86_64
       env:
         - TEST_IOS=yes
@@ -194,8 +206,9 @@ jobs:
         - IOS_CPU=x86_64
         - IOS_SDK=iPhoneSimulator
         - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
+        - HOMEBREW_NO_AUTO_UPDATE=1
     - os: osx
-      osx_image: xcode10
+      osx_image: xcode12.2
       name: AppleTVSimulator on OS X, x86_64
       env:
         - TEST_IOS=yes
@@ -204,8 +217,9 @@ jobs:
         - IOS_CPU=x86_64
         - IOS_SDK=AppleTVSimulator
         - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
+        - HOMEBREW_NO_AUTO_UPDATE=1
     - os: osx
-      osx_image: xcode10
+      osx_image: xcode12.2
       name: WatchSimulator on OS X, i386
       env:
         - TEST_IOS=yes
@@ -214,6 +228,7 @@ jobs:
         - IOS_CPU=i386
         - IOS_SDK=WatchSimulator
         - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
+        - HOMEBREW_NO_AUTO_UPDATE=1
     - os: linux
       name: Android armv7a, Linux, Amd64
       compiler: clang
@@ -272,6 +287,22 @@ jobs:
         - ANDROID_NDK_ROOT="$HOME/android-ndk"
 
   allow_failures:
+    - os: osx
+      name: Apple iPhone on iOS, armv7
+    - os: osx
+      name: Apple iPhone on iOS, arm64
+    - os: osx
+      name: Apple TV on iOS, arm64
+    - os: osx
+      name: Apple Watch on iOS, armv7
+    - os: osx
+      name: iPhoneSimulator on OS X, i386
+    - os: osx
+      name: iPhoneSimulator on OS X, x86_64
+    - os: osx
+      name: AppleTVSimulator on OS X, x86_64
+    - os: osx
+      name: WatchSimulator on OS X, i386
     - os: linux
       name: Android armv7a, Linux, Amd64
     - os: linux
@@ -294,51 +325,56 @@ before_script:
 # https://docs.travis-ci.com/user/job-lifecycle/ in the Travis docs.
 script:
   - |
+    export MAKE_TEST="yes"
     if [ "$TEST_UBSAN" = "yes" ]; then
-      export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=undefined -fno-sanitize-recover"
-      ./configure
-      make -j 2
-      make test
+      export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=undefined -fno-sanitize-recover=all"
     elif [ "$TEST_ASAN" = "yes" ]; then
       export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=address"
-      ./configure
-      make -j 2
-      make test
-    elif [ "$TEST_IOS" = "yes" ]; then
+    fi
+  - |
+    if [ "$TEST_IOS" = "yes" ]; then
       export AUTOTOOLS_BUILD="$(./config.guess)"
       export PKG_CONFIG_PATH="$IOS_PREFIX/lib/pkgconfig"
       source ./contrib/ios/setenv_ios.sh
       ./contrib/ios/install_openssl.sh
       ./contrib/ios/install_expat.sh
-      ./configure \
-        --build="$AUTOTOOLS_BUILD" --host="$AUTOTOOLS_HOST" \
-        --prefix="$IOS_PREFIX" \
-        --with-ssl="$IOS_PREFIX" --disable-gost \
-        --with-libexpat="$IOS_PREFIX";
-      make -j 2
-      make install
-    elif [ "$TEST_ANDROID" = "yes" ]; then
+      export CONFIG_OPTS="\
+        --build=$AUTOTOOLS_BUILD --host=$AUTOTOOLS_HOST \
+        --prefix=$IOS_PREFIX \
+        --with-ssl=$IOS_PREFIX --disable-gost \
+        --with-libexpat=$IOS_PREFIX "
+      echo CONFIG_OPTS ${CONFIG_OPTS}
+      export MAKE_TEST=no
+      export TEST_INSTALL=yes
+    fi
+  - |
+    if [ "$TEST_ANDROID" = "yes" ]; then
       export AUTOTOOLS_BUILD="$(./config.guess)"
       export PKG_CONFIG_PATH="$ANDROID_PREFIX/lib/pkgconfig"
       ./contrib/android/install_ndk.sh
       source ./contrib/android/setenv_android.sh
       ./contrib/android/install_openssl.sh
       ./contrib/android/install_expat.sh
-      ./configure \
-        --build="$AUTOTOOLS_BUILD" --host="$AUTOTOOLS_HOST" \
-        --prefix="$ANDROID_PREFIX" \
-        --with-ssl="$ANDROID_PREFIX" --disable-gost \
-        --with-libexpat="$ANDROID_PREFIX";
-      make -j 2
-      make install
-    elif [ "$TEST_OSX" = "yes" ]; then
-      ./configure --enable-debug --disable-flto --with-ssl=/usr/local/opt/openssl/
-      make -j 2
-      make test
-      (cd testdata/clang-analysis.tdir; bash clang-analysis.test)
-    else
-      ./configure ${CONFIG_OPTS}
-      make -j 2
+      export CONFIG_OPTS="\
+        --build=$AUTOTOOLS_BUILD --host=$AUTOTOOLS_HOST \
+        --prefix=$ANDROID_PREFIX \
+        --with-ssl=$ANDROID_PREFIX --disable-gost \
+        --with-libexpat=$ANDROID_PREFIX "
+      echo CONFIG_OPTS ${CONFIG_OPTS}
+      export MAKE_TEST=no
+      export TEST_INSTALL=yes
+    fi
+  - ./configure ${CONFIG_OPTS}
+  - make -j 2
+  - |
+    if [ "$MAKE_TEST" = "yes" ]; then
       make test
+    fi
+  - |
+    if [ "$TEST_INSTALL" = "yes" ]; then
+      make install
+    fi
+  - |
+    if [ "$TEST_ANALYZER" = "yes" ]; then
       (cd testdata/clang-analysis.tdir; bash clang-analysis.test)
     fi
diff --git a/contrib/unbound/Makefile.in b/contrib/unbound/Makefile.in
index 6809881b6a95..ff5dc8fae856 100644
--- a/contrib/unbound/Makefile.in
+++ b/contrib/unbound/Makefile.in
@@ -110,6 +110,8 @@ SUBNET_HEADER=@SUBNET_HEADER@
 IPSECMOD_SRC=ipsecmod/ipsecmod.c ipsecmod/ipsecmod-whitelist.c
 IPSECMOD_OBJ=@IPSECMOD_OBJ@
 IPSECMOD_HEADER=@IPSECMOD_HEADER@
+CACHEDB_SRC=@CACHEDB_SRC@
+CACHEDB_OBJ=@CACHEDB_OBJ@
 COMMON_SRC=services/cache/dns.c services/cache/infra.c services/cache/rrset.c \
 util/as112.c util/data/dname.c util/data/msgencode.c util/data/msgparse.c \
 util/data/msgreply.c util/data/packed_rrset.c iterator/iterator.c \
@@ -133,7 +135,7 @@ validator/val_nsec3.c validator/val_nsec.c validator/val_secalgo.c \
 validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \
 edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \
 edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \
-cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \
+$(CACHEDB_SRC) respip/respip.c $(CHECKLOCK_SRC) \
 $(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC)
 COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \
 as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \
@@ -145,7 +147,7 @@ random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \
 slabhash.lo tcp_conn_limit.lo timehist.lo tube.lo winsock_event.lo \
 autotrust.lo val_anchor.lo rpz.lo \
 validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
-val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \
+val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo $(CACHEDB_OBJ) authzone.lo \
 $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \
 $(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo
 COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \
@@ -173,10 +175,12 @@ UNITTEST_SRC=testcode/unitanchor.c testcode/unitdname.c \
 testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \
 testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \
 testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c \
-testcode/unitecs.c testcode/unitauth.c
+testcode/unitecs.c testcode/unitauth.c testcode/unitzonemd.c \
+testcode/unittcpreuse.c
 UNITTEST_OBJ=unitanchor.lo unitdname.lo unitlruhash.lo unitmain.lo \
 unitmsgparse.lo unitneg.lo unitregional.lo unitslabhash.lo unitverify.lo \
-readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo
+readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo unitzonemd.lo \
+unittcpreuse.lo
 UNITTEST_OBJ_LINK=$(UNITTEST_OBJ) worker_cb.lo $(COMMON_OBJ) $(SLDNS_OBJ) \
 $(COMPAT_OBJ)
 DAEMON_SRC=daemon/acl_list.c daemon/cachedump.c daemon/daemon.c \
@@ -242,6 +246,9 @@ DELAYER_SRC=testcode/delayer.c
 DELAYER_OBJ=delayer.lo
 DELAYER_OBJ_LINK=$(DELAYER_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \
 $(SLDNS_OBJ)
+READZONE_SRC=testcode/readzone.c
+READZONE_OBJ=readzone.lo
+READZONE_OBJ_LINK=$(READZONE_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) $(SLDNS_OBJ)
 IPSET_SRC=@IPSET_SRC@
 IPSET_OBJ=@IPSET_OBJ@
 DNSTAP_SOCKET_SRC=dnstap/unbound-dnstap-socket.c
@@ -278,7 +285,7 @@ ALL_SRC=$(COMMON_SRC) $(UNITTEST_SRC) $(DAEMON_SRC) \
 	$(CONTROL_SRC) $(UBANCHOR_SRC) $(PETAL_SRC) $(DNSTAP_SOCKET_SRC)\
 	$(PYTHONMOD_SRC) $(PYUNBOUND_SRC) $(WIN_DAEMON_THE_SRC) \
 	$(SVCINST_SRC) $(SVCUNINST_SRC) $(ANCHORUPD_SRC) $(SLDNS_SRC) \
-	$(DOHCLIENT_SRC)
+	$(DOHCLIENT_SRC) $(READZONE_SRC)
 
 ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \
 	$(TESTBOUND_OBJ) $(LOCKVERIFY_OBJ) $(PKTVIEW_OBJ) \
*** 21978 LINES SKIPPED ***