vendor: Update github.com/hashicorp/mdns

2020-09-30 12:57:24 -07:00 · 2020-09-30 12:57:24 -07:00 · dd6ed08924
parent 1cc012b202
commit dd6ed08924
39 changed files with 934 additions and 549 deletions
--- a/go.mod
+++ b/go.mod
@ -51,6 +51,7 @@ require (
 	github.com/hashicorp/golang-lru v0.5.4
 	github.com/hashicorp/hcl v1.0.0
 	github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038
 	github.com/hashicorp/mdns v1.0.3 // indirect
 	github.com/hashicorp/memberlist v0.2.2
 	github.com/hashicorp/net-rpc-msgpackrpc v0.0.0-20151116020338-a14192a58a69
 	github.com/hashicorp/raft v1.2.0
@ -62,7 +63,8 @@ require (
 	github.com/joyent/triton-go v1.7.1-0.20200416154420-6801d15b779f // indirect
 	github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect
 	github.com/kr/text v0.1.0
-	github.com/miekg/dns v1.1.26
+	github.com/mattn/go-colorable v0.1.7 // indirect
 	github.com/miekg/dns v1.1.31
 	github.com/mitchellh/cli v1.1.0
 	github.com/mitchellh/copystructure v1.0.0
 	github.com/mitchellh/go-testing-interface v1.14.0
@ -81,8 +83,8 @@ require (
 	github.com/stretchr/testify v1.5.1
 	go.opencensus.io v0.22.0 // indirect
 	go.uber.org/goleak v1.0.0
-	golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a
+	golang.org/x/crypto v0.0.0-20200930160638-afb6bcd081ae
-	golang.org/x/net v0.0.0-20200904194848-62affa334b73
+	golang.org/x/net v0.0.0-20200930145003-4acb6c075d10
 	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
 	golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a
 	golang.org/x/sys v0.0.0-20201007082116-8445cc04cbdf
--- a/go.sum
+++ b/go.sum
@ -278,6 +278,8 @@ github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNws
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/mdns v1.0.1 h1:XFSOubp8KWB+Jd2PDyaX5xUd5bhSP/+pTDZVDMzZJM8=
 github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY=
 github.com/hashicorp/mdns v1.0.3 h1:hPneYJlzSjxFBmUlnDGXRykxBZ++dQAJhU57gCO7TzI=
 github.com/hashicorp/mdns v1.0.3/go.mod h1:P9sIDVQGUBr2GtS4qS2QCBdtgqP7TBt6d8looU5l5r4=
 github.com/hashicorp/memberlist v0.2.2 h1:5+RffWKwqJ71YPu9mWsF7ZOscZmwfasdA8kbdC7AO2g=
 github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
 github.com/hashicorp/net-rpc-msgpackrpc v0.0.0-20151116020338-a14192a58a69 h1:lc3c72qGlIMDqQpQH82Y4vaglRMMFdJbziYWriR4UcE=
@ -343,6 +345,8 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE=
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.7 h1:bQGKb3vps/j0E9GfJQ03JyhRuxsvdAanXlT9BTw3mdw=
 github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
@ -355,6 +359,10 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.26 h1:gPxPSwALAeHJSjarOs00QjVdV9QoBvc1D2ujQUr5BzU=
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/dns v1.1.27 h1:aEH/kqUzUxGJ/UHcEKdJY+ugH6WEzsEBBSPa8zuy1aM=
 github.com/miekg/dns v1.1.27/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
 github.com/miekg/dns v1.1.31 h1:sJFOl9BgwbYAWOGEwr61FU28pqsBNdpRBnhGXtO06Oo=
 github.com/miekg/dns v1.1.31/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/cli v1.1.0 h1:tEElEatulEHDeedTxwckzyYMA5c86fbmNIUL1hBIiTg=
 github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
@ -529,8 +537,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a h1:vclmkQCjlDX5OydZ9wv8rBCcS0QyQY66Mpf/7BZbInM=
+golang.org/x/crypto v0.0.0-20200930160638-afb6bcd081ae h1:duLSQW+DZ5MsXKX7kc4rXlq6/mmxz4G6ewJuBPlhRe0=
-golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200930160638-afb6bcd081ae/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@ -539,6 +547,7 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0 h1:KU7oHjnv3XNWfa5COkzUifxZmxp1TyI7ImMXqFxLwvQ=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -562,8 +571,8 @@ golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200904194848-62affa334b73 h1:MXfv8rhZWmFeqX3GNZRsd6vOLoaCHjYEX3qkRo3YBUA=
+golang.org/x/net v0.0.0-20200930145003-4acb6c075d10 h1:YfxMZzv3PjGonQYNUaeU2+DhAdqOxerQ30JFB6WgAXo=
-golang.org/x/net v0.0.0-20200904194848-62affa334b73/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200930145003-4acb6c075d10/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
@ -632,6 +641,7 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn
 golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200513154647-78b527d18275 h1:e7nYe9s94RHunFJ7b+mmPxiQMOKMVSqYASToWb1EcHs=
 golang.org/x/tools v0.0.0-20200513154647-78b527d18275/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/vendor/github.com/hashicorp/mdns/README.md
+++ b/vendor/github.com/hashicorp/mdns/README.md
@ -13,8 +13,8 @@ Using the library is very simple, here is an example of publishing a service ent
    // Setup our service export
    host, _ := os.Hostname()
-    info := []string{"My awesome service"},
+    info := []string{"My awesome service"}
-    service, _ := NewMDNSService(host, "_foobar._tcp", "", "", 8000, nil, info)
+    service, _ := mdns.NewMDNSService(host, "_foobar._tcp", "", "", 8000, nil, info)
    // Create the mDNS server, defer shutdown
    server, _ := mdns.NewServer(&mdns.Config{Zone: service})
--- a/vendor/github.com/hashicorp/mdns/client.go
+++ b/vendor/github.com/hashicorp/mdns/client.go
@ -173,7 +173,7 @@ func (c *client) Close() error {
 	return nil
 }
-// setInterface is used to set the query interface, uses sytem
+// setInterface is used to set the query interface, uses system
 // default if not provided
 func (c *client) setInterface(iface *net.Interface) error {
 	p := ipv4.NewPacketConn(c.ipv4UnicastConn)
@ -308,10 +308,16 @@ func (c *client) sendQuery(q *dns.Msg) error {
 		return err
 	}
 	if c.ipv4UnicastConn != nil {
-		c.ipv4UnicastConn.WriteToUDP(buf, ipv4Addr)
+		_, err = c.ipv4UnicastConn.WriteToUDP(buf, ipv4Addr)
 		if err != nil {
 			return err
 		}
 	}
 	if c.ipv6UnicastConn != nil {
-		c.ipv6UnicastConn.WriteToUDP(buf, ipv6Addr)
+		_, err = c.ipv6UnicastConn.WriteToUDP(buf, ipv6Addr)
 		if err != nil {
 			return err
 		}
 	}
 	return nil
 }
--- a/vendor/github.com/hashicorp/mdns/go.mod
+++ b/vendor/github.com/hashicorp/mdns/go.mod
@ -1,9 +1,8 @@
 module github.com/hashicorp/mdns
 require (
-	github.com/miekg/dns v1.0.14
+	github.com/miekg/dns v1.1.27
-	golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3 // indirect
+	golang.org/x/net v0.0.0-20190923162816-aa69164e4478
 	golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519
 	golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 // indirect
 	golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5 // indirect
 )
 go 1.13
--- a/vendor/github.com/hashicorp/mdns/go.sum
+++ b/vendor/github.com/hashicorp/mdns/go.sum
@ -1,10 +1,19 @@
-github.com/miekg/dns v1.0.14 h1:9jZdLNd/P4+SfEJ0TNyxYpsK8N4GtfylBLqtbYN1sbA=
+github.com/miekg/dns v1.1.27 h1:aEH/kqUzUxGJ/UHcEKdJY+ugH6WEzsEBBSPa8zuy1aM=
-github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
+github.com/miekg/dns v1.1.27/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
-golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3 h1:KYQXGkl6vs02hK7pK4eIbw0NpNPedieTSTEiJ//bwGs=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
-golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519 h1:x6rhz8Y9CjbgQkccRGmELH6K+LJj7tOoh3XWeC1yaQM=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5 h1:x6r4Jo0KNzOOzYd8lbcRsqjuqEASK6ob3auvWYM4/8U=
+golang.org/x/net v0.0.0-20190923162816-aa69164e4478 h1:l5EDrHhldLYb3ZRHDUhXF7Om7MvYXnkV9/iQNo1lX6g=
-golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe h1:6fAMxZRR6sl1Uq8U61gxU+kPTs2tR8uOySCbBP7BN/M=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/vendor/github.com/mattn/go-colorable/colorable_windows.go
+++ b/vendor/github.com/mattn/go-colorable/colorable_windows.go
@ -10,6 +10,7 @@ import (
 	"os"
 	"strconv"
 	"strings"
 	"sync"
 	"syscall"
 	"unsafe"
@ -27,6 +28,7 @@ const (
 	backgroundRed       = 0x40
 	backgroundIntensity = 0x80
 	backgroundMask      = (backgroundRed | backgroundBlue | backgroundGreen | backgroundIntensity)
 	commonLvbUnderscore = 0x8000
 	cENABLE_VIRTUAL_TERMINAL_PROCESSING = 0x4
 )
@ -93,6 +95,7 @@ type Writer struct {
 	oldattr   word
 	oldpos    coord
 	rest      bytes.Buffer
 	mutex     sync.Mutex
 }
 // NewColorable returns new instance of Writer which handles escape sequence from File.
@ -432,6 +435,8 @@ func atoiWithDefault(s string, def int) (int, error) {
 // Write writes data on console
 func (w *Writer) Write(data []byte) (n int, err error) {
 	w.mutex.Lock()
 	defer w.mutex.Unlock()
 	var csbi consoleScreenBufferInfo
 	procGetConsoleScreenBufferInfo.Call(uintptr(w.handle), uintptr(unsafe.Pointer(&csbi)))
@ -683,14 +688,19 @@ loop:
 					switch {
 					case n == 0 || n == 100:
 						attr = w.oldattr
-					case 1 <= n && n <= 5:
+					case n == 4:
 						attr |= commonLvbUnderscore
 					case (1 <= n && n <= 3) || n == 5:
 						attr |= foregroundIntensity
-					case n == 7:
+					case n == 7 || n == 27:
-						attr = ((attr & foregroundMask) << 4) | ((attr & backgroundMask) >> 4)
+						attr =
-					case n == 22 || n == 25:
+							(attr &^ (foregroundMask | backgroundMask)) |
-						attr |= foregroundIntensity
+								((attr & foregroundMask) << 4) |
-					case n == 27:
+								((attr & backgroundMask) >> 4)
-						attr = ((attr & foregroundMask) << 4) | ((attr & backgroundMask) >> 4)
+					case n == 22:
 						attr &^= foregroundIntensity
 					case n == 24:
 						attr &^= commonLvbUnderscore
 					case 30 <= n && n <= 37:
 						attr &= backgroundMask
 						if (n-30)&1 != 0 {
--- a/vendor/github.com/miekg/dns/.travis.yml
+++ b/vendor/github.com/miekg/dns/.travis.yml
@ -10,6 +10,7 @@ env:
  - GO111MODULE=on
 script:
  - go generate ./... && test `git ls-files --modified | wc -l` = 0
  - go test -race -v -bench=. -coverprofile=coverage.txt -covermode=atomic ./...
 after_success:
--- a/vendor/github.com/miekg/dns/README.md
+++ b/vendor/github.com/miekg/dns/README.md
@ -28,6 +28,7 @@ A not-so-up-to-date-list-that-may-be-actually-current:
 * https://github.com/coredns/coredns
 * https://cloudflare.com
 * https://github.com/abh/geodns
 * https://github.com/baidu/bfe
 * http://www.statdns.com/
 * http://www.dnsinspect.com/
 * https://github.com/chuangbo/jianbing-dictionary-dns
@ -70,6 +71,8 @@ A not-so-up-to-date-list-that-may-be-actually-current:
 * https://render.com
 * https://github.com/peterzen/goresolver
 * https://github.com/folbricht/routedns
 * https://domainr.com/
 * https://zonedb.org/
 Send pull request if you want to be listed here.
@ -127,6 +130,7 @@ Example programs can be found in the `github.com/miekg/exdns` repository.
 * 2915 - NAPTR record
 * 2929 - DNS IANA Considerations
 * 3110 - RSASHA1 DNS keys
 * 3123 - APL record
 * 3225 - DO bit (DNSSEC OK)
 * 340{1,2,3} - NAPTR record
 * 3445 - Limiting the scope of (DNS)KEY
--- a/vendor/github.com/miekg/dns/client.go
+++ b/vendor/github.com/miekg/dns/client.go
@ -124,15 +124,38 @@ func (c *Client) Dial(address string) (conn *Conn, err error) {
 // of 512 bytes
 // To specify a local address or a timeout, the caller has to set the `Client.Dialer`
 // attribute appropriately
 func (c *Client) Exchange(m *Msg, address string) (r *Msg, rtt time.Duration, err error) {
 	co, err := c.Dial(address)
 	if err != nil {
 		return nil, 0, err
 	}
 	defer co.Close()
 	return c.ExchangeWithConn(m, co)
 }
 // ExchangeWithConn has the same behavior as Exchange, just with a predetermined connection
 // that will be used instead of creating a new one.
 // Usage pattern with a *dns.Client:
 //	c := new(dns.Client)
 //	// connection management logic goes here
 //
 //	conn := c.Dial(address)
 //	in, rtt, err := c.ExchangeWithConn(message, conn)
 //
 //  This allows users of the library to implement their own connection management,
 //  as opposed to Exchange, which will always use new connections and incur the added overhead
 //  that entails when using "tcp" and especially "tcp-tls" clients.
 func (c *Client) ExchangeWithConn(m *Msg, conn *Conn) (r *Msg, rtt time.Duration, err error) {
 	if !c.SingleInflight {
-		return c.exchange(m, address)
+		return c.exchange(m, conn)
 	}
 	q := m.Question[0]
 	key := fmt.Sprintf("%s:%d:%d", q.Name, q.Qtype, q.Qclass)
 	r, rtt, err, shared := c.group.Do(key, func() (*Msg, time.Duration, error) {
-		return c.exchange(m, address)
+		return c.exchange(m, conn)
 	})
 	if r != nil && shared {
 		r = r.Copy()
@ -141,15 +164,7 @@ func (c *Client) Exchange(m *Msg, address string) (r *Msg, rtt time.Duration, er
 	return r, rtt, err
 }
-func (c *Client) exchange(m *Msg, a string) (r *Msg, rtt time.Duration, err error) {
+func (c *Client) exchange(m *Msg, co *Conn) (r *Msg, rtt time.Duration, err error) {
 	var co *Conn
 	co, err = c.Dial(a)
 	if err != nil {
 		return nil, 0, err
 	}
 	defer co.Close()
 	opt := m.IsEdns0()
 	// If EDNS0 is used use that for size.
--- a/vendor/github.com/miekg/dns/defaults.go
+++ b/vendor/github.com/miekg/dns/defaults.go
@ -105,7 +105,7 @@ func (dns *Msg) SetAxfr(z string) *Msg {
 // SetTsig appends a TSIG RR to the message.
 // This is only a skeleton TSIG RR that is added as the last RR in the
-// additional section. The Tsig is calculated when the message is being send.
+// additional section. The TSIG is calculated when the message is being send.
 func (dns *Msg) SetTsig(z, algo string, fudge uint16, timesigned int64) *Msg {
 	t := new(TSIG)
 	t.Hdr = RR_Header{z, TypeTSIG, ClassANY, 0, 0}
@ -317,6 +317,12 @@ func Fqdn(s string) string {
 	return s + "."
 }
 // CanonicalName returns the domain name in canonical form. A name in canonical
 // form is lowercase and fully qualified. See Section 6.2 in RFC 4034.
 func CanonicalName(s string) string {
 	return strings.ToLower(Fqdn(s))
 }
 // Copied from the official Go code.
 // ReverseAddr returns the in-addr.arpa. or ip6.arpa. hostname of the IP
@ -364,7 +370,7 @@ func (t Type) String() string {
 // String returns the string representation for the class c.
 func (c Class) String() string {
 	if s, ok := ClassToString[uint16(c)]; ok {
-		// Only emit mnemonics when they are unambiguous, specically ANY is in both.
+		// Only emit mnemonics when they are unambiguous, specially ANY is in both.
 		if _, ok := StringToType[s]; !ok {
 			return s
 		}
--- a/vendor/github.com/miekg/dns/dnssec.go
+++ b/vendor/github.com/miekg/dns/dnssec.go
@ -200,7 +200,7 @@ func (k *DNSKEY) ToDS(h uint8) *DS {
 	wire = wire[:n]
 	owner := make([]byte, 255)
-	off, err1 := PackDomainName(strings.ToLower(k.Hdr.Name), owner, 0, nil, false)
+	off, err1 := PackDomainName(CanonicalName(k.Hdr.Name), owner, 0, nil, false)
 	if err1 != nil {
 		return nil
 	}
@ -285,7 +285,7 @@ func (rr *RRSIG) Sign(k crypto.Signer, rrset []RR) error {
 	sigwire.Inception = rr.Inception
 	sigwire.KeyTag = rr.KeyTag
 	// For signing, lowercase this name
-	sigwire.SignerName = strings.ToLower(rr.SignerName)
+	sigwire.SignerName = CanonicalName(rr.SignerName)
 	// Create the desired binary blob
 	signdata := make([]byte, DefaultMsgSize)
@ -423,7 +423,7 @@ func (rr *RRSIG) Verify(k *DNSKEY, rrset []RR) error {
 	sigwire.Expiration = rr.Expiration
 	sigwire.Inception = rr.Inception
 	sigwire.KeyTag = rr.KeyTag
-	sigwire.SignerName = strings.ToLower(rr.SignerName)
+	sigwire.SignerName = CanonicalName(rr.SignerName)
 	// Create the desired binary blob
 	signeddata := make([]byte, DefaultMsgSize)
 	n, err := packSigWire(sigwire, signeddata)
@ -659,7 +659,7 @@ func rawSignatureData(rrset []RR, s *RRSIG) (buf []byte, err error) {
 			h.Name = "*." + strings.Join(labels[len(labels)-int(s.Labels):], ".") + "."
 		}
 		// RFC 4034: 6.2.  Canonical RR Form. (2) - domain name to lowercase
-		h.Name = strings.ToLower(h.Name)
+		h.Name = CanonicalName(h.Name)
 		// 6.2. Canonical RR Form. (3) - domain rdata to lowercase.
 		//   NS, MD, MF, CNAME, SOA, MB, MG, MR, PTR,
 		//   HINFO, MINFO, MX, RP, AFSDB, RT, SIG, PX, NXT, NAPTR, KX,
@ -672,49 +672,49 @@ func rawSignatureData(rrset []RR, s *RRSIG) (buf []byte, err error) {
 		//	conversion.
 		switch x := r1.(type) {
 		case *NS:
-			x.Ns = strings.ToLower(x.Ns)
+			x.Ns = CanonicalName(x.Ns)
 		case *MD:
-			x.Md = strings.ToLower(x.Md)
+			x.Md = CanonicalName(x.Md)
 		case *MF:
-			x.Mf = strings.ToLower(x.Mf)
+			x.Mf = CanonicalName(x.Mf)
 		case *CNAME:
-			x.Target = strings.ToLower(x.Target)
+			x.Target = CanonicalName(x.Target)
 		case *SOA:
-			x.Ns = strings.ToLower(x.Ns)
+			x.Ns = CanonicalName(x.Ns)
-			x.Mbox = strings.ToLower(x.Mbox)
+			x.Mbox = CanonicalName(x.Mbox)
 		case *MB:
-			x.Mb = strings.ToLower(x.Mb)
+			x.Mb = CanonicalName(x.Mb)
 		case *MG:
-			x.Mg = strings.ToLower(x.Mg)
+			x.Mg = CanonicalName(x.Mg)
 		case *MR:
-			x.Mr = strings.ToLower(x.Mr)
+			x.Mr = CanonicalName(x.Mr)
 		case *PTR:
-			x.Ptr = strings.ToLower(x.Ptr)
+			x.Ptr = CanonicalName(x.Ptr)
 		case *MINFO:
-			x.Rmail = strings.ToLower(x.Rmail)
+			x.Rmail = CanonicalName(x.Rmail)
-			x.Email = strings.ToLower(x.Email)
+			x.Email = CanonicalName(x.Email)
 		case *MX:
-			x.Mx = strings.ToLower(x.Mx)
+			x.Mx = CanonicalName(x.Mx)
 		case *RP:
-			x.Mbox = strings.ToLower(x.Mbox)
+			x.Mbox = CanonicalName(x.Mbox)
-			x.Txt = strings.ToLower(x.Txt)
+			x.Txt = CanonicalName(x.Txt)
 		case *AFSDB:
-			x.Hostname = strings.ToLower(x.Hostname)
+			x.Hostname = CanonicalName(x.Hostname)
 		case *RT:
-			x.Host = strings.ToLower(x.Host)
+			x.Host = CanonicalName(x.Host)
 		case *SIG:
-			x.SignerName = strings.ToLower(x.SignerName)
+			x.SignerName = CanonicalName(x.SignerName)
 		case *PX:
-			x.Map822 = strings.ToLower(x.Map822)
+			x.Map822 = CanonicalName(x.Map822)
-			x.Mapx400 = strings.ToLower(x.Mapx400)
+			x.Mapx400 = CanonicalName(x.Mapx400)
 		case *NAPTR:
-			x.Replacement = strings.ToLower(x.Replacement)
+			x.Replacement = CanonicalName(x.Replacement)
 		case *KX:
-			x.Exchanger = strings.ToLower(x.Exchanger)
+			x.Exchanger = CanonicalName(x.Exchanger)
 		case *SRV:
-			x.Target = strings.ToLower(x.Target)
+			x.Target = CanonicalName(x.Target)
 		case *DNAME:
-			x.Target = strings.ToLower(x.Target)
+			x.Target = CanonicalName(x.Target)
 		}
 		// 6.2. Canonical RR Form. (5) - origTTL
 		wire := make([]byte, Len(r1)+1) // +1 to be safe(r)
--- a/vendor/github.com/miekg/dns/doc.go
+++ b/vendor/github.com/miekg/dns/doc.go
@ -209,7 +209,7 @@ Basic use pattern validating and replying to a message that has TSIG set.
 				// *Msg r has an TSIG record and it was validated
 				m.SetTsig("axfr.", dns.HmacMD5, 300, time.Now().Unix())
 			} else {
-				// *Msg r has an TSIG records and it was not valided
+				// *Msg r has an TSIG records and it was not validated
 			}
 		}
 		w.WriteMsg(m)
--- a/vendor/github.com/miekg/dns/duplicate.go
+++ b/vendor/github.com/miekg/dns/duplicate.go
@ -3,9 +3,8 @@ package dns
 //go:generate go run duplicate_generate.go
 // IsDuplicate checks of r1 and r2 are duplicates of each other, excluding the TTL.
-// So this means the header data is equal *and* the RDATA is the same. Return true
+// So this means the header data is equal *and* the RDATA is the same. Returns true
-// is so, otherwise false.
+// if so, otherwise false. It's a protocol violation to have identical RRs in a message.
 // It's a protocol violation to have identical RRs in a message.
 func IsDuplicate(r1, r2 RR) bool {
 	// Check whether the record header is identical.
 	if !r1.Header().isDuplicate(r2.Header()) {
--- a/vendor/github.com/miekg/dns/edns.go
+++ b/vendor/github.com/miekg/dns/edns.go
@ -543,6 +543,10 @@ func (e *EDNS0_EXPIRE) pack() ([]byte, error) {
 }
 func (e *EDNS0_EXPIRE) unpack(b []byte) error {
 	if len(b) == 0 {
 		// zero-length EXPIRE query, see RFC 7314 Section 2
 		return nil
 	}
 	if len(b) < 4 {
 		return ErrBuf
 	}
--- a/vendor/github.com/miekg/dns/generate.go
+++ b/vendor/github.com/miekg/dns/generate.go
@ -20,13 +20,13 @@ import (
 // of $ after that are interpreted.
 func (zp *ZoneParser) generate(l lex) (RR, bool) {
 	token := l.token
-	step := 1
+	step := int64(1)
 	if i := strings.IndexByte(token, '/'); i >= 0 {
 		if i+1 == len(token) {
 			return zp.setParseError("bad step in $GENERATE range", l)
 		}
-		s, err := strconv.Atoi(token[i+1:])
+		s, err := strconv.ParseInt(token[i+1:], 10, 64)
 		if err != nil || s <= 0 {
 			return zp.setParseError("bad step in $GENERATE range", l)
 		}
@ -40,12 +40,12 @@ func (zp *ZoneParser) generate(l lex) (RR, bool) {
 		return zp.setParseError("bad start-stop in $GENERATE range", l)
 	}
-	start, err := strconv.Atoi(sx[0])
+	start, err := strconv.ParseInt(sx[0], 10, 64)
 	if err != nil {
 		return zp.setParseError("bad start in $GENERATE range", l)
 	}
-	end, err := strconv.Atoi(sx[1])
+	end, err := strconv.ParseInt(sx[1], 10, 64)
 	if err != nil {
 		return zp.setParseError("bad stop in $GENERATE range", l)
 	}
@ -75,10 +75,10 @@ func (zp *ZoneParser) generate(l lex) (RR, bool) {
 	r := &generateReader{
 		s: s,
-		cur:   start,
+		cur:   int(start),
-		start: start,
+		start: int(start),
-		end:   end,
+		end:   int(end),
-		step:  step,
+		step:  int(step),
 		file: zp.file,
 		lex:  &l,
@ -188,7 +188,7 @@ func (r *generateReader) ReadByte() (byte, error) {
 			if errMsg != "" {
 				return 0, r.parseError(errMsg, si+3+sep)
 			}
-			if r.start+offset < 0 || r.end+offset > 1<<31-1 {
+			if r.start+offset < 0 || int64(r.end) + int64(offset) > 1<<31-1 {
 				return 0, r.parseError("bad offset in $GENERATE", si+3+sep)
 			}
@ -229,19 +229,19 @@ func modToPrintf(s string) (string, int, string) {
 		return "", 0, "bad base in $GENERATE"
 	}
-	offset, err := strconv.Atoi(offStr)
+	offset, err := strconv.ParseInt(offStr, 10, 64)
 	if err != nil {
 		return "", 0, "bad offset in $GENERATE"
 	}
-	width, err := strconv.Atoi(widthStr)
+	width, err := strconv.ParseInt(widthStr, 10, 64)
 	if err != nil || width < 0 || width > 255 {
 		return "", 0, "bad width in $GENERATE"
 	}
 	if width == 0 {
-		return "%" + base, offset, ""
+		return "%" + base, int(offset), ""
 	}
-	return "%0" + widthStr + base, offset, ""
+	return "%0" + widthStr + base, int(offset), ""
 }
--- a/vendor/github.com/miekg/dns/go.mod
+++ b/vendor/github.com/miekg/dns/go.mod
@ -3,10 +3,9 @@ module github.com/miekg/dns
 go 1.12
 require (
-	golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392
+	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
 	golang.org/x/net v0.0.0-20190923162816-aa69164e4478
 	golang.org/x/sync v0.0.0-20190423024810-112230192c58
 	golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe
-	golang.org/x/text v0.3.2 // indirect
+	golang.org/x/tools v0.0.0-20191216052735-49a3e744a425 // indirect
 	golang.org/x/tools v0.0.0-20190907020128-2ca718005c18 // indirect
 )
--- a/vendor/github.com/miekg/dns/go.sum
+++ b/vendor/github.com/miekg/dns/go.sum
@ -5,6 +5,9 @@ golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472 h1:Gv7RPwsi3eZ2Fgewe3CBsu
 golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392 h1:ACG4HJsFiNMf47Y4PeRoebLNy/2lXT9EtprMuTFWt1M=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/net v0.0.0-20180926154720-4dfa2610cdf3 h1:dgd4x4kJt7G4k4m93AYLzM8Ni6h2qLTfh9n9vXJT3/0=
 golang.org/x/net v0.0.0-20180926154720-4dfa2610cdf3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@ -30,4 +33,7 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425 h1:VvQyQJN0tSuecqgcIxMWnnfG5kSmgy9KZR9sW3W5QeA=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/vendor/github.com/miekg/dns/labels.go
+++ b/vendor/github.com/miekg/dns/labels.go
@ -83,7 +83,7 @@ func CompareDomainName(s1, s2 string) (n int) {
 	return
 }
-// CountLabel counts the the number of labels in the string s.
+// CountLabel counts the number of labels in the string s.
 // s must be a syntactically valid domain name.
 func CountLabel(s string) (labels int) {
 	if s == "." {
--- a/vendor/github.com/miekg/dns/msg.go
+++ b/vendor/github.com/miekg/dns/msg.go
@ -398,17 +398,12 @@ Loop:
 				return "", lenmsg, ErrLongDomain
 			}
 			for _, b := range msg[off : off+c] {
-				switch b {
+				if isDomainNameLabelSpecial(b) {
 				case '.', '(', ')', ';', ' ', '@':
 					fallthrough
 				case '"', '\\':
 					s = append(s, '\\', b)
-				default:
+				} else if b < ' ' || b > '~' {
-					if b < ' ' || b > '~' { // unprintable, use \DDD
+					s = append(s, escapeByte(b)...)
-						s = append(s, escapeByte(b)...)
+				} else {
-					} else {
+					s = append(s, b)
 						s = append(s, b)
 					}
 				}
 			}
 			s = append(s, '.')
@ -661,7 +656,6 @@ func unpackRRslice(l int, msg []byte, off int) (dst1 []RR, off1 int, err error)
 		}
 		// If offset does not increase anymore, l is a lie
 		if off1 == off {
 			l = i
 			break
 		}
 		dst = append(dst, r)
--- a/vendor/github.com/miekg/dns/msg_helpers.go
+++ b/vendor/github.com/miekg/dns/msg_helpers.go
@ -423,86 +423,12 @@ Option:
 	if off+int(optlen) > len(msg) {
 		return nil, len(msg), &Error{err: "overflow unpacking opt"}
 	}
-	switch code {
+	e := makeDataOpt(code)
-	case EDNS0NSID:
+	if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
-		e := new(EDNS0_NSID)
+		return nil, len(msg), err
 		if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
 			return nil, len(msg), err
 		}
 		edns = append(edns, e)
 		off += int(optlen)
 	case EDNS0SUBNET:
 		e := new(EDNS0_SUBNET)
 		if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
 			return nil, len(msg), err
 		}
 		edns = append(edns, e)
 		off += int(optlen)
 	case EDNS0COOKIE:
 		e := new(EDNS0_COOKIE)
 		if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
 			return nil, len(msg), err
 		}
 		edns = append(edns, e)
 		off += int(optlen)
 	case EDNS0EXPIRE:
 		e := new(EDNS0_EXPIRE)
 		if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
 			return nil, len(msg), err
 		}
 		edns = append(edns, e)
 		off += int(optlen)
 	case EDNS0UL:
 		e := new(EDNS0_UL)
 		if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
 			return nil, len(msg), err
 		}
 		edns = append(edns, e)
 		off += int(optlen)
 	case EDNS0LLQ:
 		e := new(EDNS0_LLQ)
 		if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
 			return nil, len(msg), err
 		}
 		edns = append(edns, e)
 		off += int(optlen)
 	case EDNS0DAU:
 		e := new(EDNS0_DAU)
 		if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
 			return nil, len(msg), err
 		}
 		edns = append(edns, e)
 		off += int(optlen)
 	case EDNS0DHU:
 		e := new(EDNS0_DHU)
 		if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
 			return nil, len(msg), err
 		}
 		edns = append(edns, e)
 		off += int(optlen)
 	case EDNS0N3U:
 		e := new(EDNS0_N3U)
 		if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
 			return nil, len(msg), err
 		}
 		edns = append(edns, e)
 		off += int(optlen)
 	case EDNS0PADDING:
 		e := new(EDNS0_PADDING)
 		if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
 			return nil, len(msg), err
 		}
 		edns = append(edns, e)
 		off += int(optlen)
 	default:
 		e := new(EDNS0_LOCAL)
 		e.Code = code
 		if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
 			return nil, len(msg), err
 		}
 		edns = append(edns, e)
 		off += int(optlen)
 	}
 	edns = append(edns, e)
 	off += int(optlen)
 	if off < len(msg) {
 		goto Option
@ -511,6 +437,35 @@ Option:
 	return edns, off, nil
 }
 func makeDataOpt(code uint16) EDNS0 {
 	switch code {
 	case EDNS0NSID:
 		return new(EDNS0_NSID)
 	case EDNS0SUBNET:
 		return new(EDNS0_SUBNET)
 	case EDNS0COOKIE:
 		return new(EDNS0_COOKIE)
 	case EDNS0EXPIRE:
 		return new(EDNS0_EXPIRE)
 	case EDNS0UL:
 		return new(EDNS0_UL)
 	case EDNS0LLQ:
 		return new(EDNS0_LLQ)
 	case EDNS0DAU:
 		return new(EDNS0_DAU)
 	case EDNS0DHU:
 		return new(EDNS0_DHU)
 	case EDNS0N3U:
 		return new(EDNS0_N3U)
 	case EDNS0PADDING:
 		return new(EDNS0_PADDING)
 	default:
 		e := new(EDNS0_LOCAL)
 		e.Code = code
 		return e
 	}
 }
 func packDataOpt(options []EDNS0, msg []byte, off int) (int, error) {
 	for _, el := range options {
 		b, err := el.pack()
@ -521,9 +476,7 @@ func packDataOpt(options []EDNS0, msg []byte, off int) (int, error) {
 		binary.BigEndian.PutUint16(msg[off+2:], uint16(len(b))) // Length
 		off += 4
 		if off+len(b) > len(msg) {
-			copy(msg[off:], b)
+			return len(msg), &Error{err: "overflow packing opt"}
 			off = len(msg)
 			continue
 		}
 		// Actual data
 		copy(msg[off:off+len(b)], b)
@ -688,3 +641,126 @@ func packDataDomainNames(names []string, msg []byte, off int, compression compre
 	}
 	return off, nil
 }
 func packDataApl(data []APLPrefix, msg []byte, off int) (int, error) {
 	var err error
 	for i := range data {
 		off, err = packDataAplPrefix(&data[i], msg, off)
 		if err != nil {
 			return len(msg), err
 		}
 	}
 	return off, nil
 }
 func packDataAplPrefix(p *APLPrefix, msg []byte, off int) (int, error) {
 	if len(p.Network.IP) != len(p.Network.Mask) {
 		return len(msg), &Error{err: "address and mask lengths don't match"}
 	}
 	var err error
 	prefix, _ := p.Network.Mask.Size()
 	addr := p.Network.IP.Mask(p.Network.Mask)[:(prefix+7)/8]
 	switch len(p.Network.IP) {
 	case net.IPv4len:
 		off, err = packUint16(1, msg, off)
 	case net.IPv6len:
 		off, err = packUint16(2, msg, off)
 	default:
 		err = &Error{err: "unrecognized address family"}
 	}
 	if err != nil {
 		return len(msg), err
 	}
 	off, err = packUint8(uint8(prefix), msg, off)
 	if err != nil {
 		return len(msg), err
 	}
 	var n uint8
 	if p.Negation {
 		n = 0x80
 	}
 	adflen := uint8(len(addr)) & 0x7f
 	off, err = packUint8(n|adflen, msg, off)
 	if err != nil {
 		return len(msg), err
 	}
 	if off+len(addr) > len(msg) {
 		return len(msg), &Error{err: "overflow packing APL prefix"}
 	}
 	off += copy(msg[off:], addr)
 	return off, nil
 }
 func unpackDataApl(msg []byte, off int) ([]APLPrefix, int, error) {
 	var result []APLPrefix
 	for off < len(msg) {
 		prefix, end, err := unpackDataAplPrefix(msg, off)
 		if err != nil {
 			return nil, len(msg), err
 		}
 		off = end
 		result = append(result, prefix)
 	}
 	return result, off, nil
 }
 func unpackDataAplPrefix(msg []byte, off int) (APLPrefix, int, error) {
 	family, off, err := unpackUint16(msg, off)
 	if err != nil {
 		return APLPrefix{}, len(msg), &Error{err: "overflow unpacking APL prefix"}
 	}
 	prefix, off, err := unpackUint8(msg, off)
 	if err != nil {
 		return APLPrefix{}, len(msg), &Error{err: "overflow unpacking APL prefix"}
 	}
 	nlen, off, err := unpackUint8(msg, off)
 	if err != nil {
 		return APLPrefix{}, len(msg), &Error{err: "overflow unpacking APL prefix"}
 	}
 	var ip []byte
 	switch family {
 	case 1:
 		ip = make([]byte, net.IPv4len)
 	case 2:
 		ip = make([]byte, net.IPv6len)
 	default:
 		return APLPrefix{}, len(msg), &Error{err: "unrecognized APL address family"}
 	}
 	if int(prefix) > 8*len(ip) {
 		return APLPrefix{}, len(msg), &Error{err: "APL prefix too long"}
 	}
 	afdlen := int(nlen & 0x7f)
 	if afdlen > len(ip) {
 		return APLPrefix{}, len(msg), &Error{err: "APL length too long"}
 	}
 	if off+afdlen > len(msg) {
 		return APLPrefix{}, len(msg), &Error{err: "overflow unpacking APL address"}
 	}
 	off += copy(ip, msg[off:off+afdlen])
 	if afdlen > 0 {
 		last := ip[afdlen-1]
 		if last == 0 {
 			return APLPrefix{}, len(msg), &Error{err: "extra APL address bits"}
 		}
 	}
 	ipnet := net.IPNet{
 		IP:   ip,
 		Mask: net.CIDRMask(int(prefix), 8*len(ip)),
 	}
 	network := ipnet.IP.Mask(ipnet.Mask)
 	if !network.Equal(ipnet.IP) {
 		return APLPrefix{}, len(msg), &Error{err: "invalid APL address length"}
 	}
 	return APLPrefix{
 		Negation: (nlen & 0x80) != 0,
 		Network:  ipnet,
 	}, off, nil
 }
--- a/vendor/github.com/miekg/dns/msg_truncate.go
+++ b/vendor/github.com/miekg/dns/msg_truncate.go
@ -73,7 +73,7 @@ func (dns *Msg) Truncate(size int) {
 	var numExtra int
 	if l < size {
-		l, numExtra = truncateLoop(dns.Extra, size, l, compression)
+		_, numExtra = truncateLoop(dns.Extra, size, l, compression)
 	}
 	// See the function documentation for when we set this.
--- a/vendor/github.com/miekg/dns/nsecx.go
+++ b/vendor/github.com/miekg/dns/nsecx.go
@ -43,7 +43,7 @@ func HashName(label string, ha uint8, iter uint16, salt string) string {
 	return toBase32(nsec3)
 }
-// Cover returns true if a name is covered by the NSEC3 record
+// Cover returns true if a name is covered by the NSEC3 record.
 func (rr *NSEC3) Cover(name string) bool {
 	nameHash := HashName(name, rr.Hash, rr.Iterations, rr.Salt)
 	owner := strings.ToUpper(rr.Hdr.Name)
--- a/vendor/github.com/miekg/dns/privaterr.go
+++ b/vendor/github.com/miekg/dns/privaterr.go
@ -13,7 +13,6 @@ type PrivateRdata interface {
 	// Pack is used when packing a private RR into a buffer.
 	Pack([]byte) (int, error)
 	// Unpack is used when unpacking a private RR from a buffer.
 	// TODO(miek): diff. signature than Pack, see edns0.go for instance.
 	Unpack([]byte) (int, error)
 	// Copy copies the Rdata into the PrivateRdata argument.
 	Copy(PrivateRdata) error
--- a/vendor/github.com/miekg/dns/scan.go
+++ b/vendor/github.com/miekg/dns/scan.go
@ -87,31 +87,18 @@ type lex struct {
 	column int    // column in the file
 }
 // Token holds the token that are returned when a zone file is parsed.
 type Token struct {
 	// The scanned resource record when error is not nil.
 	RR
 	// When an error occurred, this has the error specifics.
 	Error *ParseError
 	// A potential comment positioned after the RR and on the same line.
 	Comment string
 }
 // ttlState describes the state necessary to fill in an omitted RR TTL
 type ttlState struct {
 	ttl           uint32 // ttl is the current default TTL
 	isByDirective bool   // isByDirective indicates whether ttl was set by a $TTL directive
 }
-// NewRR reads the RR contained in the string s. Only the first RR is
+// NewRR reads the RR contained in the string s. Only the first RR is returned.
-// returned. If s contains no records, NewRR will return nil with no
+// If s contains no records, NewRR will return nil with no error.
 // error.
 //
-// The class defaults to IN and TTL defaults to 3600. The full zone
+// The class defaults to IN and TTL defaults to 3600. The full zone file syntax
-// file syntax like $TTL, $ORIGIN, etc. is supported.
+// like $TTL, $ORIGIN, etc. is supported. All fields of the returned RR are
-//
+// set, except RR.Header().Rdlength which is set to 0.
 // All fields of the returned RR are set, except RR.Header().Rdlength
 // which is set to 0.
 func NewRR(s string) (RR, error) {
 	if len(s) > 0 && s[len(s)-1] != '\n' { // We need a closing newline
 		return ReadRR(strings.NewReader(s+"\n"), "")
@ -133,70 +120,6 @@ func ReadRR(r io.Reader, file string) (RR, error) {
 	return rr, zp.Err()
 }
 // ParseZone reads a RFC 1035 style zonefile from r. It returns
 // Tokens on the returned channel, each consisting of either a
 // parsed RR and optional comment or a nil RR and an error. The
 // channel is closed by ParseZone when the end of r is reached.
 //
 // The string file is used in error reporting and to resolve relative
 // $INCLUDE directives. The string origin is used as the initial
 // origin, as if the file would start with an $ORIGIN directive.
 //
 // The directives $INCLUDE, $ORIGIN, $TTL and $GENERATE are all
 // supported. Note that $GENERATE's range support up to a maximum of
 // of 65535 steps.
 //
 // Basic usage pattern when reading from a string (z) containing the
 // zone data:
 //
 //	for x := range dns.ParseZone(strings.NewReader(z), "", "") {
 //		if x.Error != nil {
 //                  // log.Println(x.Error)
 //              } else {
 //                  // Do something with x.RR
 //              }
 //	}
 //
 // Comments specified after an RR (and on the same line!) are
 // returned too:
 //
 //	foo. IN A 10.0.0.1 ; this is a comment
 //
 // The text "; this is comment" is returned in Token.Comment.
 // Comments inside the RR are returned concatenated along with the
 // RR. Comments on a line by themselves are discarded.
 //
 // To prevent memory leaks it is important to always fully drain the
 // returned channel. If an error occurs, it will always be the last
 // Token sent on the channel.
 //
 // Deprecated: New users should prefer the ZoneParser API.
 func ParseZone(r io.Reader, origin, file string) chan *Token {
 	t := make(chan *Token, 10000)
 	go parseZone(r, origin, file, t)
 	return t
 }
 func parseZone(r io.Reader, origin, file string, t chan *Token) {
 	defer close(t)
 	zp := NewZoneParser(r, origin, file)
 	zp.SetIncludeAllowed(true)
 	for rr, ok := zp.Next(); ok; rr, ok = zp.Next() {
 		t <- &Token{RR: rr, Comment: zp.Comment()}
 	}
 	if err := zp.Err(); err != nil {
 		pe, ok := err.(*ParseError)
 		if !ok {
 			pe = &ParseError{file: file, err: err.Error()}
 		}
 		t <- &Token{Error: pe}
 	}
 }
 // ZoneParser is a parser for an RFC 1035 style zonefile.
 //
 // Each parsed RR in the zone is returned sequentially from Next. An
@ -247,7 +170,7 @@ type ZoneParser struct {
 	includeDepth uint8
-	includeAllowed bool
+	includeAllowed     bool
 	generateDisallowed bool
 }
--- a/vendor/github.com/miekg/dns/scan_rr.go
+++ b/vendor/github.com/miekg/dns/scan_rr.go
@ -1,6 +1,7 @@
 package dns
 import (
 	"bytes"
 	"encoding/base64"
 	"net"
 	"strconv"
@ -10,15 +11,15 @@ import (
 // A remainder of the rdata with embedded spaces, return the parsed string (sans the spaces)
 // or an error
 func endingToString(c *zlexer, errstr string) (string, *ParseError) {
-	var s string
+	var buffer bytes.Buffer
 	l, _ := c.Next() // zString
 	for l.value != zNewline && l.value != zEOF {
 		if l.err {
-			return s, &ParseError{"", errstr, l}
+			return buffer.String(), &ParseError{"", errstr, l}
 		}
 		switch l.value {
 		case zString:
-			s += l.token
+			buffer.WriteString(l.token)
 		case zBlank: // Ok
 		default:
 			return "", &ParseError{"", errstr, l}
@ -26,7 +27,7 @@ func endingToString(c *zlexer, errstr string) (string, *ParseError) {
 		l, _ = c.Next()
 	}
-	return s, nil
+	return buffer.String(), nil
 }
 // A remainder of the rdata with embedded spaces, split on unquoted whitespace
@ -403,7 +404,7 @@ func (rr *SOA) parse(c *zlexer, o string) *ParseError {
 		if l.err {
 			return &ParseError{"", "bad SOA zone parameter", l}
 		}
-		if j, e := strconv.ParseUint(l.token, 10, 32); e != nil {
+		if j, err := strconv.ParseUint(l.token, 10, 32); err != nil {
 			if i == 0 {
 				// Serial must be a number
 				return &ParseError{"", "bad SOA zone parameter", l}
@ -446,16 +447,16 @@ func (rr *SRV) parse(c *zlexer, o string) *ParseError {
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
-	i, e = strconv.ParseUint(l.token, 10, 16)
+	i, e1 := strconv.ParseUint(l.token, 10, 16)
-	if e != nil || l.err {
+	if e1 != nil || l.err {
 		return &ParseError{"", "bad SRV Weight", l}
 	}
 	rr.Weight = uint16(i)
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
-	i, e = strconv.ParseUint(l.token, 10, 16)
+	i, e2 := strconv.ParseUint(l.token, 10, 16)
-	if e != nil || l.err {
+	if e2 != nil || l.err {
 		return &ParseError{"", "bad SRV Port", l}
 	}
 	rr.Port = uint16(i)
@ -482,8 +483,8 @@ func (rr *NAPTR) parse(c *zlexer, o string) *ParseError {
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
-	i, e = strconv.ParseUint(l.token, 10, 16)
+	i, e1 := strconv.ParseUint(l.token, 10, 16)
-	if e != nil || l.err {
+	if e1 != nil || l.err {
 		return &ParseError{"", "bad NAPTR Preference", l}
 	}
 	rr.Preference = uint16(i)
@ -581,9 +582,9 @@ func (rr *TALINK) parse(c *zlexer, o string) *ParseError {
 func (rr *LOC) parse(c *zlexer, o string) *ParseError {
 	// Non zero defaults for LOC record, see RFC 1876, Section 3.
-	rr.HorizPre = 165 // 10000
+	rr.Size = 0x12     // 1e2 cm (1m)
-	rr.VertPre = 162  // 10
+	rr.HorizPre = 0x16 // 1e6 cm (10000m)
-	rr.Size = 18      // 1
+	rr.VertPre = 0x13  // 1e3 cm (10m)
 	ok := false
 	// North
@ -600,15 +601,15 @@ func (rr *LOC) parse(c *zlexer, o string) *ParseError {
 	if rr.Latitude, ok = locCheckNorth(l.token, rr.Latitude); ok {
 		goto East
 	}
-	i, e = strconv.ParseUint(l.token, 10, 32)
+	if i, err := strconv.ParseUint(l.token, 10, 32); err != nil || l.err {
 	if e != nil || l.err {
 		return &ParseError{"", "bad LOC Latitude minutes", l}
 	} else {
 		rr.Latitude += 1000 * 60 * uint32(i)
 	}
 	rr.Latitude += 1000 * 60 * uint32(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
-	if i, e := strconv.ParseFloat(l.token, 32); e != nil || l.err {
+	if i, err := strconv.ParseFloat(l.token, 32); err != nil || l.err {
 		return &ParseError{"", "bad LOC Latitude seconds", l}
 	} else {
 		rr.Latitude += uint32(1000 * i)
@ -626,7 +627,7 @@ East:
 	// East
 	c.Next() // zBlank
 	l, _ = c.Next()
-	if i, e := strconv.ParseUint(l.token, 10, 32); e != nil || l.err {
+	if i, err := strconv.ParseUint(l.token, 10, 32); err != nil || l.err {
 		return &ParseError{"", "bad LOC Longitude", l}
 	} else {
 		rr.Longitude = 1000 * 60 * 60 * uint32(i)
@ -637,14 +638,14 @@ East:
 	if rr.Longitude, ok = locCheckEast(l.token, rr.Longitude); ok {
 		goto Altitude
 	}
-	if i, e := strconv.ParseUint(l.token, 10, 32); e != nil || l.err {
+	if i, err := strconv.ParseUint(l.token, 10, 32); err != nil || l.err {
 		return &ParseError{"", "bad LOC Longitude minutes", l}
 	} else {
 		rr.Longitude += 1000 * 60 * uint32(i)
 	}
 	c.Next() // zBlank
 	l, _ = c.Next()
-	if i, e := strconv.ParseFloat(l.token, 32); e != nil || l.err {
+	if i, err := strconv.ParseFloat(l.token, 32); err != nil || l.err {
 		return &ParseError{"", "bad LOC Longitude seconds", l}
 	} else {
 		rr.Longitude += uint32(1000 * i)
@ -667,7 +668,7 @@ Altitude:
 	if l.token[len(l.token)-1] == 'M' || l.token[len(l.token)-1] == 'm' {
 		l.token = l.token[0 : len(l.token)-1]
 	}
-	if i, e := strconv.ParseFloat(l.token, 32); e != nil {
+	if i, err := strconv.ParseFloat(l.token, 32); err != nil {
 		return &ParseError{"", "bad LOC Altitude", l}
 	} else {
 		rr.Altitude = uint32(i*100.0 + 10000000.0 + 0.5)
@ -681,23 +682,23 @@ Altitude:
 		case zString:
 			switch count {
 			case 0: // Size
-				e, m, ok := stringToCm(l.token)
+				exp, m, ok := stringToCm(l.token)
 				if !ok {
 					return &ParseError{"", "bad LOC Size", l}
 				}
-				rr.Size = e&0x0f | m<<4&0xf0
+				rr.Size = exp&0x0f | m<<4&0xf0
 			case 1: // HorizPre
-				e, m, ok := stringToCm(l.token)
+				exp, m, ok := stringToCm(l.token)
 				if !ok {
 					return &ParseError{"", "bad LOC HorizPre", l}
 				}
-				rr.HorizPre = e&0x0f | m<<4&0xf0
+				rr.HorizPre = exp&0x0f | m<<4&0xf0
 			case 2: // VertPre
-				e, m, ok := stringToCm(l.token)
+				exp, m, ok := stringToCm(l.token)
 				if !ok {
 					return &ParseError{"", "bad LOC VertPre", l}
 				}
-				rr.VertPre = e&0x0f | m<<4&0xf0
+				rr.VertPre = exp&0x0f | m<<4&0xf0
 			}
 			count++
 		case zBlank:
@ -762,7 +763,7 @@ func (rr *CERT) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
 	if v, ok := StringToCertType[l.token]; ok {
 		rr.Type = v
-	} else if i, e := strconv.ParseUint(l.token, 10, 16); e != nil {
+	} else if i, err := strconv.ParseUint(l.token, 10, 16); err != nil {
 		return &ParseError{"", "bad CERT Type", l}
 	} else {
 		rr.Type = uint16(i)
@ -778,7 +779,7 @@ func (rr *CERT) parse(c *zlexer, o string) *ParseError {
 	l, _ = c.Next() // zString
 	if v, ok := StringToAlgorithm[l.token]; ok {
 		rr.Algorithm = v
-	} else if i, e := strconv.ParseUint(l.token, 10, 8); e != nil {
+	} else if i, err := strconv.ParseUint(l.token, 10, 8); err != nil {
 		return &ParseError{"", "bad CERT Algorithm", l}
 	} else {
 		rr.Algorithm = uint8(i)
@ -812,8 +813,8 @@ func (rr *CSYNC) parse(c *zlexer, o string) *ParseError {
 	c.Next() // zBlank
 	l, _ = c.Next()
-	j, e = strconv.ParseUint(l.token, 10, 16)
+	j, e1 := strconv.ParseUint(l.token, 10, 16)
-	if e != nil {
+	if e1 != nil {
 		// Serial must be a number
 		return &ParseError{"", "bad CSYNC flags", l}
 	}
@ -845,9 +846,7 @@ func (rr *CSYNC) parse(c *zlexer, o string) *ParseError {
 	return nil
 }
-func (rr *SIG) parse(c *zlexer, o string) *ParseError {
+func (rr *SIG) parse(c *zlexer, o string) *ParseError { return rr.RRSIG.parse(c, o) }
 	return rr.RRSIG.parse(c, o)
 }
 func (rr *RRSIG) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
@ -868,24 +867,24 @@ func (rr *RRSIG) parse(c *zlexer, o string) *ParseError {
 	c.Next() // zBlank
 	l, _ = c.Next()
-	i, err := strconv.ParseUint(l.token, 10, 8)
+	i, e := strconv.ParseUint(l.token, 10, 8)
-	if err != nil || l.err {
+	if e != nil || l.err {
 		return &ParseError{"", "bad RRSIG Algorithm", l}
 	}
 	rr.Algorithm = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
-	i, err = strconv.ParseUint(l.token, 10, 8)
+	i, e1 := strconv.ParseUint(l.token, 10, 8)
-	if err != nil || l.err {
+	if e1 != nil || l.err {
 		return &ParseError{"", "bad RRSIG Labels", l}
 	}
 	rr.Labels = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
-	i, err = strconv.ParseUint(l.token, 10, 32)
+	i, e2 := strconv.ParseUint(l.token, 10, 32)
-	if err != nil || l.err {
+	if e2 != nil || l.err {
 		return &ParseError{"", "bad RRSIG OrigTtl", l}
 	}
 	rr.OrigTtl = uint32(i)
@ -918,8 +917,8 @@ func (rr *RRSIG) parse(c *zlexer, o string) *ParseError {
 	c.Next() // zBlank
 	l, _ = c.Next()
-	i, err = strconv.ParseUint(l.token, 10, 16)
+	i, e3 := strconv.ParseUint(l.token, 10, 16)
-	if err != nil || l.err {
+	if e3 != nil || l.err {
 		return &ParseError{"", "bad RRSIG KeyTag", l}
 	}
 	rr.KeyTag = uint16(i)
@ -933,9 +932,9 @@ func (rr *RRSIG) parse(c *zlexer, o string) *ParseError {
 	}
 	rr.SignerName = name
-	s, e := endingToString(c, "bad RRSIG Signature")
+	s, e4 := endingToString(c, "bad RRSIG Signature")
-	if e != nil {
+	if e4 != nil {
-		return e
+		return e4
 	}
 	rr.Signature = s
@ -985,15 +984,15 @@ func (rr *NSEC3) parse(c *zlexer, o string) *ParseError {
 	rr.Hash = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
-	i, e = strconv.ParseUint(l.token, 10, 8)
+	i, e1 := strconv.ParseUint(l.token, 10, 8)
-	if e != nil || l.err {
+	if e1 != nil || l.err {
 		return &ParseError{"", "bad NSEC3 Flags", l}
 	}
 	rr.Flags = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
-	i, e = strconv.ParseUint(l.token, 10, 16)
+	i, e2 := strconv.ParseUint(l.token, 10, 16)
-	if e != nil || l.err {
+	if e2 != nil || l.err {
 		return &ParseError{"", "bad NSEC3 Iterations", l}
 	}
 	rr.Iterations = uint16(i)
@ -1050,22 +1049,22 @@ func (rr *NSEC3PARAM) parse(c *zlexer, o string) *ParseError {
 	rr.Hash = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
-	i, e = strconv.ParseUint(l.token, 10, 8)
+	i, e1 := strconv.ParseUint(l.token, 10, 8)
-	if e != nil || l.err {
+	if e1 != nil || l.err {
 		return &ParseError{"", "bad NSEC3PARAM Flags", l}
 	}
 	rr.Flags = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
-	i, e = strconv.ParseUint(l.token, 10, 16)
+	i, e2 := strconv.ParseUint(l.token, 10, 16)
-	if e != nil || l.err {
+	if e2 != nil || l.err {
 		return &ParseError{"", "bad NSEC3PARAM Iterations", l}
 	}
 	rr.Iterations = uint16(i)
 	c.Next()
 	l, _ = c.Next()
 	if l.token != "-" {
-		rr.SaltLength = uint8(len(l.token))
+		rr.SaltLength = uint8(len(l.token) / 2)
 		rr.Salt = l.token
 	}
 	return slurpRemainder(c)
@ -1132,15 +1131,15 @@ func (rr *SSHFP) parse(c *zlexer, o string) *ParseError {
 	rr.Algorithm = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
-	i, e = strconv.ParseUint(l.token, 10, 8)
+	i, e1 := strconv.ParseUint(l.token, 10, 8)
-	if e != nil || l.err {
+	if e1 != nil || l.err {
 		return &ParseError{"", "bad SSHFP Type", l}
 	}
 	rr.Type = uint8(i)
 	c.Next() // zBlank
-	s, e1 := endingToString(c, "bad SSHFP Fingerprint")
+	s, e2 := endingToString(c, "bad SSHFP Fingerprint")
-	if e1 != nil {
+	if e2 != nil {
-		return e1
+		return e2
 	}
 	rr.FingerPrint = s
 	return nil
@ -1155,37 +1154,32 @@ func (rr *DNSKEY) parseDNSKEY(c *zlexer, o, typ string) *ParseError {
 	rr.Flags = uint16(i)
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
-	i, e = strconv.ParseUint(l.token, 10, 8)
+	i, e1 := strconv.ParseUint(l.token, 10, 8)
-	if e != nil || l.err {
+	if e1 != nil || l.err {
 		return &ParseError{"", "bad " + typ + " Protocol", l}
 	}
 	rr.Protocol = uint8(i)
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
-	i, e = strconv.ParseUint(l.token, 10, 8)
+	i, e2 := strconv.ParseUint(l.token, 10, 8)
-	if e != nil || l.err {
+	if e2 != nil || l.err {
 		return &ParseError{"", "bad " + typ + " Algorithm", l}
 	}
 	rr.Algorithm = uint8(i)
-	s, e1 := endingToString(c, "bad "+typ+" PublicKey")
+	s, e3 := endingToString(c, "bad "+typ+" PublicKey")
-	if e1 != nil {
+	if e3 != nil {
-		return e1
+		return e3
 	}
 	rr.PublicKey = s
 	return nil
 }
-func (rr *DNSKEY) parse(c *zlexer, o string) *ParseError {
+func (rr *DNSKEY) parse(c *zlexer, o string) *ParseError  { return rr.parseDNSKEY(c, o, "DNSKEY") }
-	return rr.parseDNSKEY(c, o, "DNSKEY")
+func (rr *KEY) parse(c *zlexer, o string) *ParseError     { return rr.parseDNSKEY(c, o, "KEY") }
-}
+func (rr *CDNSKEY) parse(c *zlexer, o string) *ParseError { return rr.parseDNSKEY(c, o, "CDNSKEY") }
-
+func (rr *DS) parse(c *zlexer, o string) *ParseError      { return rr.parseDS(c, o, "DS") }
-func (rr *KEY) parse(c *zlexer, o string) *ParseError {
+func (rr *DLV) parse(c *zlexer, o string) *ParseError     { return rr.parseDS(c, o, "DLV") }
-	return rr.parseDNSKEY(c, o, "KEY")
+func (rr *CDS) parse(c *zlexer, o string) *ParseError     { return rr.parseDS(c, o, "CDS") }
 }
 func (rr *CDNSKEY) parse(c *zlexer, o string) *ParseError {
 	return rr.parseDNSKEY(c, o, "CDNSKEY")
 }
 func (rr *RKEY) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
@ -1196,21 +1190,21 @@ func (rr *RKEY) parse(c *zlexer, o string) *ParseError {
 	rr.Flags = uint16(i)
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
-	i, e = strconv.ParseUint(l.token, 10, 8)
+	i, e1 := strconv.ParseUint(l.token, 10, 8)
-	if e != nil || l.err {
+	if e1 != nil || l.err {
 		return &ParseError{"", "bad RKEY Protocol", l}
 	}
 	rr.Protocol = uint8(i)
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
-	i, e = strconv.ParseUint(l.token, 10, 8)
+	i, e2 := strconv.ParseUint(l.token, 10, 8)
-	if e != nil || l.err {
+	if e2 != nil || l.err {
 		return &ParseError{"", "bad RKEY Algorithm", l}
 	}
 	rr.Algorithm = uint8(i)
-	s, e1 := endingToString(c, "bad RKEY PublicKey")
+	s, e3 := endingToString(c, "bad RKEY PublicKey")
-	if e1 != nil {
+	if e3 != nil {
-		return e1
+		return e3
 	}
 	rr.PublicKey = s
 	return nil
@ -1243,15 +1237,15 @@ func (rr *GPOS) parse(c *zlexer, o string) *ParseError {
 	rr.Longitude = l.token
 	c.Next() // zBlank
 	l, _ = c.Next()
-	_, e = strconv.ParseFloat(l.token, 64)
+	_, e1 := strconv.ParseFloat(l.token, 64)
-	if e != nil || l.err {
+	if e1 != nil || l.err {
 		return &ParseError{"", "bad GPOS Latitude", l}
 	}
 	rr.Latitude = l.token
 	c.Next() // zBlank
 	l, _ = c.Next()
-	_, e = strconv.ParseFloat(l.token, 64)
+	_, e2 := strconv.ParseFloat(l.token, 64)
-	if e != nil || l.err {
+	if e2 != nil || l.err {
 		return &ParseError{"", "bad GPOS Altitude", l}
 	}
 	rr.Altitude = l.token
@ -1267,7 +1261,7 @@ func (rr *DS) parseDS(c *zlexer, o, typ string) *ParseError {
 	rr.KeyTag = uint16(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
-	if i, e = strconv.ParseUint(l.token, 10, 8); e != nil {
+	if i, err := strconv.ParseUint(l.token, 10, 8); err != nil {
 		tokenUpper := strings.ToUpper(l.token)
 		i, ok := StringToAlgorithm[tokenUpper]
 		if !ok || l.err {
@ -1279,31 +1273,19 @@ func (rr *DS) parseDS(c *zlexer, o, typ string) *ParseError {
 	}
 	c.Next() // zBlank
 	l, _ = c.Next()
-	i, e = strconv.ParseUint(l.token, 10, 8)
+	i, e1 := strconv.ParseUint(l.token, 10, 8)
-	if e != nil || l.err {
+	if e1 != nil || l.err {
 		return &ParseError{"", "bad " + typ + " DigestType", l}
 	}
 	rr.DigestType = uint8(i)
-	s, e1 := endingToString(c, "bad "+typ+" Digest")
+	s, e2 := endingToString(c, "bad "+typ+" Digest")
-	if e1 != nil {
+	if e2 != nil {
-		return e1
+		return e2
 	}
 	rr.Digest = s
 	return nil
 }
 func (rr *DS) parse(c *zlexer, o string) *ParseError {
 	return rr.parseDS(c, o, "DS")
 }
 func (rr *DLV) parse(c *zlexer, o string) *ParseError {
 	return rr.parseDS(c, o, "DLV")
 }
 func (rr *CDS) parse(c *zlexer, o string) *ParseError {
 	return rr.parseDS(c, o, "CDS")
 }
 func (rr *TA) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
 	i, e := strconv.ParseUint(l.token, 10, 16)
@ -1313,7 +1295,7 @@ func (rr *TA) parse(c *zlexer, o string) *ParseError {
 	rr.KeyTag = uint16(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
-	if i, e := strconv.ParseUint(l.token, 10, 8); e != nil {
+	if i, err := strconv.ParseUint(l.token, 10, 8); err != nil {
 		tokenUpper := strings.ToUpper(l.token)
 		i, ok := StringToAlgorithm[tokenUpper]
 		if !ok || l.err {
@ -1325,14 +1307,14 @@ func (rr *TA) parse(c *zlexer, o string) *ParseError {
 	}
 	c.Next() // zBlank
 	l, _ = c.Next()
-	i, e = strconv.ParseUint(l.token, 10, 8)
+	i, e1 := strconv.ParseUint(l.token, 10, 8)
-	if e != nil || l.err {
+	if e1 != nil || l.err {
 		return &ParseError{"", "bad TA DigestType", l}
 	}
 	rr.DigestType = uint8(i)
-	s, err := endingToString(c, "bad TA Digest")
+	s, e2 := endingToString(c, "bad TA Digest")
-	if err != nil {
+	if e2 != nil {
-		return err
+		return e2
 	}
 	rr.Digest = s
 	return nil
@ -1347,22 +1329,22 @@ func (rr *TLSA) parse(c *zlexer, o string) *ParseError {
 	rr.Usage = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
-	i, e = strconv.ParseUint(l.token, 10, 8)
+	i, e1 := strconv.ParseUint(l.token, 10, 8)
-	if e != nil || l.err {
+	if e1 != nil || l.err {
 		return &ParseError{"", "bad TLSA Selector", l}
 	}
 	rr.Selector = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
-	i, e = strconv.ParseUint(l.token, 10, 8)
+	i, e2 := strconv.ParseUint(l.token, 10, 8)
-	if e != nil || l.err {
+	if e2 != nil || l.err {
 		return &ParseError{"", "bad TLSA MatchingType", l}
 	}
 	rr.MatchingType = uint8(i)
 	// So this needs be e2 (i.e. different than e), because...??t
-	s, e2 := endingToString(c, "bad TLSA Certificate")
+	s, e3 := endingToString(c, "bad TLSA Certificate")
-	if e2 != nil {
+	if e3 != nil {
-		return e2
+		return e3
 	}
 	rr.Certificate = s
 	return nil
@ -1377,22 +1359,22 @@ func (rr *SMIMEA) parse(c *zlexer, o string) *ParseError {
 	rr.Usage = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
-	i, e = strconv.ParseUint(l.token, 10, 8)
+	i, e1 := strconv.ParseUint(l.token, 10, 8)
-	if e != nil || l.err {
+	if e1 != nil || l.err {
 		return &ParseError{"", "bad SMIMEA Selector", l}
 	}
 	rr.Selector = uint8(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
-	i, e = strconv.ParseUint(l.token, 10, 8)
+	i, e2 := strconv.ParseUint(l.token, 10, 8)
-	if e != nil || l.err {
+	if e2 != nil || l.err {
 		return &ParseError{"", "bad SMIMEA MatchingType", l}
 	}
 	rr.MatchingType = uint8(i)
 	// So this needs be e2 (i.e. different than e), because...??t
-	s, e2 := endingToString(c, "bad SMIMEA Certificate")
+	s, e3 := endingToString(c, "bad SMIMEA Certificate")
-	if e2 != nil {
+	if e3 != nil {
-		return e2
+		return e3
 	}
 	rr.Certificate = s
 	return nil
@ -1469,16 +1451,16 @@ func (rr *URI) parse(c *zlexer, o string) *ParseError {
 	rr.Priority = uint16(i)
 	c.Next() // zBlank
 	l, _ = c.Next()
-	i, e = strconv.ParseUint(l.token, 10, 16)
+	i, e1 := strconv.ParseUint(l.token, 10, 16)
-	if e != nil || l.err {
+	if e1 != nil || l.err {
 		return &ParseError{"", "bad URI Weight", l}
 	}
 	rr.Weight = uint16(i)
 	c.Next() // zBlank
-	s, err := endingToTxtSlice(c, "bad URI Target")
+	s, e2 := endingToTxtSlice(c, "bad URI Target")
-	if err != nil {
+	if e2 != nil {
-		return err
+		return e2
 	}
 	if len(s) != 1 {
 		return &ParseError{"", "bad URI Target", l}
@ -1506,9 +1488,9 @@ func (rr *NID) parse(c *zlexer, o string) *ParseError {
 	rr.Preference = uint16(i)
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
-	u, err := stringToNodeID(l)
+	u, e1 := stringToNodeID(l)
-	if err != nil || l.err {
+	if e1 != nil || l.err {
-		return err
+		return e1
 	}
 	rr.NodeID = u
 	return slurpRemainder(c)
@ -1546,7 +1528,6 @@ func (rr *LP) parse(c *zlexer, o string) *ParseError {
 		return &ParseError{"", "bad LP Fqdn", l}
 	}
 	rr.Fqdn = name
 	return slurpRemainder(c)
 }
@ -1559,9 +1540,9 @@ func (rr *L64) parse(c *zlexer, o string) *ParseError {
 	rr.Preference = uint16(i)
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
-	u, err := stringToNodeID(l)
+	u, e1 := stringToNodeID(l)
-	if err != nil || l.err {
+	if e1 != nil || l.err {
-		return err
+		return e1
 	}
 	rr.Locator64 = u
 	return slurpRemainder(c)
@ -1624,14 +1605,13 @@ func (rr *PX) parse(c *zlexer, o string) *ParseError {
 		return &ParseError{"", "bad PX Mapx400", l}
 	}
 	rr.Mapx400 = mapx400
 	return slurpRemainder(c)
 }
 func (rr *CAA) parse(c *zlexer, o string) *ParseError {
 	l, _ := c.Next()
-	i, err := strconv.ParseUint(l.token, 10, 8)
+	i, e := strconv.ParseUint(l.token, 10, 8)
-	if err != nil || l.err {
+	if e != nil || l.err {
 		return &ParseError{"", "bad CAA Flag", l}
 	}
 	rr.Flag = uint8(i)
@ -1644,9 +1624,9 @@ func (rr *CAA) parse(c *zlexer, o string) *ParseError {
 	rr.Tag = l.token
 	c.Next() // zBlank
-	s, e := endingToTxtSlice(c, "bad CAA Value")
+	s, e1 := endingToTxtSlice(c, "bad CAA Value")
-	if e != nil {
+	if e1 != nil {
-		return e
+		return e1
 	}
 	if len(s) != 1 {
 		return &ParseError{"", "bad CAA Value", l}
@ -1667,8 +1647,8 @@ func (rr *TKEY) parse(c *zlexer, o string) *ParseError {
 	// Get the key length and key values
 	l, _ = c.Next()
-	i, err := strconv.ParseUint(l.token, 10, 8)
+	i, e := strconv.ParseUint(l.token, 10, 8)
-	if err != nil || l.err {
+	if e != nil || l.err {
 		return &ParseError{"", "bad TKEY key length", l}
 	}
 	rr.KeySize = uint16(i)
@ -1682,8 +1662,8 @@ func (rr *TKEY) parse(c *zlexer, o string) *ParseError {
 	// Get the otherdata length and string data
 	l, _ = c.Next()
-	i, err = strconv.ParseUint(l.token, 10, 8)
+	i, e1 := strconv.ParseUint(l.token, 10, 8)
-	if err != nil || l.err {
+	if e1 != nil || l.err {
 		return &ParseError{"", "bad TKEY otherdata length", l}
 	}
 	rr.OtherLen = uint16(i)
@ -1693,6 +1673,71 @@ func (rr *TKEY) parse(c *zlexer, o string) *ParseError {
 		return &ParseError{"", "bad TKEY otherday", l}
 	}
 	rr.OtherData = l.token
-
+	return nil
 }
 func (rr *APL) parse(c *zlexer, o string) *ParseError {
 	var prefixes []APLPrefix
 	for {
 		l, _ := c.Next()
 		if l.value == zNewline || l.value == zEOF {
 			break
 		}
 		if l.value == zBlank && prefixes != nil {
 			continue
 		}
 		if l.value != zString {
 			return &ParseError{"", "unexpected APL field", l}
 		}
 		// Expected format: [!]afi:address/prefix
 		colon := strings.IndexByte(l.token, ':')
 		if colon == -1 {
 			return &ParseError{"", "missing colon in APL field", l}
 		}
 		family, cidr := l.token[:colon], l.token[colon+1:]
 		var negation bool
 		if family != "" && family[0] == '!' {
 			negation = true
 			family = family[1:]
 		}
 		afi, e := strconv.ParseUint(family, 10, 16)
 		if e != nil {
 			return &ParseError{"", "failed to parse APL family: " + e.Error(), l}
 		}
 		var addrLen int
 		switch afi {
 		case 1:
 			addrLen = net.IPv4len
 		case 2:
 			addrLen = net.IPv6len
 		default:
 			return &ParseError{"", "unrecognized APL family", l}
 		}
 		ip, subnet, e1 := net.ParseCIDR(cidr)
 		if e1 != nil {
 			return &ParseError{"", "failed to parse APL address: " + e1.Error(), l}
 		}
 		if !ip.Equal(subnet.IP) {
 			return &ParseError{"", "extra bits in APL address", l}
 		}
 		if len(subnet.IP) != addrLen {
 			return &ParseError{"", "address mismatch with the APL family", l}
 		}
 		prefixes = append(prefixes, APLPrefix{
 			Negation: negation,
 			Network:  *subnet,
 		})
 	}
 	rr.Prefixes = prefixes
 	return nil
 }
--- a/vendor/github.com/miekg/dns/serve_mux.go
+++ b/vendor/github.com/miekg/dns/serve_mux.go
@ -1,7 +1,6 @@
 package dns
 import (
 	"strings"
 	"sync"
 )
@ -36,7 +35,7 @@ func (mux *ServeMux) match(q string, t uint16) Handler {
 		return nil
 	}
-	q = strings.ToLower(q)
+	q = CanonicalName(q)
 	var handler Handler
 	for off, end := 0, false; !end; off, end = NextLabel(q, off) {
@ -66,7 +65,7 @@ func (mux *ServeMux) Handle(pattern string, handler Handler) {
 	if mux.z == nil {
 		mux.z = make(map[string]Handler)
 	}
-	mux.z[Fqdn(pattern)] = handler
+	mux.z[CanonicalName(pattern)] = handler
 	mux.m.Unlock()
 }
@ -81,7 +80,7 @@ func (mux *ServeMux) HandleRemove(pattern string) {
 		panic("dns: invalid pattern " + pattern)
 	}
 	mux.m.Lock()
-	delete(mux.z, Fqdn(pattern))
+	delete(mux.z, CanonicalName(pattern))
 	mux.m.Unlock()
 }
--- a/vendor/github.com/miekg/dns/tsig.go
+++ b/vendor/github.com/miekg/dns/tsig.go
@ -18,7 +18,9 @@ import (
 const (
 	HmacMD5    = "hmac-md5.sig-alg.reg.int."
 	HmacSHA1   = "hmac-sha1."
 	HmacSHA224 = "hmac-sha224."
 	HmacSHA256 = "hmac-sha256."
 	HmacSHA384 = "hmac-sha384."
 	HmacSHA512 = "hmac-sha512."
 )
@ -111,32 +113,35 @@ func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, s
 	if err != nil {
 		return nil, "", err
 	}
-	buf := tsigBuffer(mbuf, rr, requestMAC, timersOnly)
+	buf, err := tsigBuffer(mbuf, rr, requestMAC, timersOnly)
 	if err != nil {
 		return nil, "", err
 	}
 	t := new(TSIG)
 	var h hash.Hash
-	switch strings.ToLower(rr.Algorithm) {
+	switch CanonicalName(rr.Algorithm) {
 	case HmacMD5:
 		h = hmac.New(md5.New, rawsecret)
 	case HmacSHA1:
 		h = hmac.New(sha1.New, rawsecret)
 	case HmacSHA224:
 		h = hmac.New(sha256.New224, rawsecret)
 	case HmacSHA256:
 		h = hmac.New(sha256.New, rawsecret)
 	case HmacSHA384:
 		h = hmac.New(sha512.New384, rawsecret)
 	case HmacSHA512:
 		h = hmac.New(sha512.New, rawsecret)
 	default:
 		return nil, "", ErrKeyAlg
 	}
 	h.Write(buf)
 	// Copy all TSIG fields except MAC and its size, which are filled using the computed digest.
 	*t = *rr
 	t.MAC = hex.EncodeToString(h.Sum(nil))
 	t.MACSize = uint16(len(t.MAC) / 2) // Size is half!
 	t.Hdr = RR_Header{Name: rr.Hdr.Name, Rrtype: TypeTSIG, Class: ClassANY, Ttl: 0}
 	t.Fudge = rr.Fudge
 	t.TimeSigned = rr.TimeSigned
 	t.Algorithm = rr.Algorithm
 	t.OrigId = m.Id
 	tbuf := make([]byte, Len(t))
 	off, err := PackRR(t, tbuf, 0, nil, false)
 	if err != nil {
@ -153,6 +158,11 @@ func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, s
 // If the signature does not validate err contains the
 // error, otherwise it is nil.
 func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
 	return tsigVerify(msg, secret, requestMAC, timersOnly, uint64(time.Now().Unix()))
 }
 // actual implementation of TsigVerify, taking the current time ('now') as a parameter for the convenience of tests.
 func tsigVerify(msg []byte, secret, requestMAC string, timersOnly bool, now uint64) error {
 	rawsecret, err := fromBase64([]byte(secret))
 	if err != nil {
 		return err
@ -168,27 +178,23 @@ func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
 		return err
 	}
-	buf := tsigBuffer(stripped, tsig, requestMAC, timersOnly)
+	buf, err := tsigBuffer(stripped, tsig, requestMAC, timersOnly)
-
+	if err != nil {
-	// Fudge factor works both ways. A message can arrive before it was signed because
+		return err
 	// of clock skew.
 	now := uint64(time.Now().Unix())
 	ti := now - tsig.TimeSigned
 	if now < tsig.TimeSigned {
 		ti = tsig.TimeSigned - now
 	}
 	if uint64(tsig.Fudge) < ti {
 		return ErrTime
 	}
 	var h hash.Hash
-	switch strings.ToLower(tsig.Algorithm) {
+	switch CanonicalName(tsig.Algorithm) {
 	case HmacMD5:
 		h = hmac.New(md5.New, rawsecret)
 	case HmacSHA1:
 		h = hmac.New(sha1.New, rawsecret)
 	case HmacSHA224:
 		h = hmac.New(sha256.New224, rawsecret)
 	case HmacSHA256:
 		h = hmac.New(sha256.New, rawsecret)
 	case HmacSHA384:
 		h = hmac.New(sha512.New384, rawsecret)
 	case HmacSHA512:
 		h = hmac.New(sha512.New, rawsecret)
 	default:
@ -198,11 +204,24 @@ func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
 	if !hmac.Equal(h.Sum(nil), msgMAC) {
 		return ErrSig
 	}
 	// Fudge factor works both ways. A message can arrive before it was signed because
 	// of clock skew.
 	// We check this after verifying the signature, following draft-ietf-dnsop-rfc2845bis
 	// instead of RFC2845, in order to prevent a security vulnerability as reported in CVE-2017-3142/3143.
 	ti := now - tsig.TimeSigned
 	if now < tsig.TimeSigned {
 		ti = tsig.TimeSigned - now
 	}
 	if uint64(tsig.Fudge) < ti {
 		return ErrTime
 	}
 	return nil
 }
 // Create a wiredata buffer for the MAC calculation.
-func tsigBuffer(msgbuf []byte, rr *TSIG, requestMAC string, timersOnly bool) []byte {
+func tsigBuffer(msgbuf []byte, rr *TSIG, requestMAC string, timersOnly bool) ([]byte, error) {
 	var buf []byte
 	if rr.TimeSigned == 0 {
 		rr.TimeSigned = uint64(time.Now().Unix())
@ -219,7 +238,10 @@ func tsigBuffer(msgbuf []byte, rr *TSIG, requestMAC string, timersOnly bool) []b
 		m.MACSize = uint16(len(requestMAC) / 2)
 		m.MAC = requestMAC
 		buf = make([]byte, len(requestMAC)) // long enough
-		n, _ := packMacWire(m, buf)
+		n, err := packMacWire(m, buf)
 		if err != nil {
 			return nil, err
 		}
 		buf = buf[:n]
 	}
@ -228,20 +250,26 @@ func tsigBuffer(msgbuf []byte, rr *TSIG, requestMAC string, timersOnly bool) []b
 		tsig := new(timerWireFmt)
 		tsig.TimeSigned = rr.TimeSigned
 		tsig.Fudge = rr.Fudge
-		n, _ := packTimerWire(tsig, tsigvar)
+		n, err := packTimerWire(tsig, tsigvar)
 		if err != nil {
 			return nil, err
 		}
 		tsigvar = tsigvar[:n]
 	} else {
 		tsig := new(tsigWireFmt)
-		tsig.Name = strings.ToLower(rr.Hdr.Name)
+		tsig.Name = CanonicalName(rr.Hdr.Name)
 		tsig.Class = ClassANY
 		tsig.Ttl = rr.Hdr.Ttl
-		tsig.Algorithm = strings.ToLower(rr.Algorithm)
+		tsig.Algorithm = CanonicalName(rr.Algorithm)
 		tsig.TimeSigned = rr.TimeSigned
 		tsig.Fudge = rr.Fudge
 		tsig.Error = rr.Error
 		tsig.OtherLen = rr.OtherLen
 		tsig.OtherData = rr.OtherData
-		n, _ := packTsigWire(tsig, tsigvar)
+		n, err := packTsigWire(tsig, tsigvar)
 		if err != nil {
 			return nil, err
 		}
 		tsigvar = tsigvar[:n]
 	}
@ -251,7 +279,7 @@ func tsigBuffer(msgbuf []byte, rr *TSIG, requestMAC string, timersOnly bool) []b
 	} else {
 		buf = append(msgbuf, tsigvar...)
 	}
-	return buf
+	return buf, nil
 }
 // Strip the TSIG from the raw message.
--- a/vendor/github.com/miekg/dns/types.go
+++ b/vendor/github.com/miekg/dns/types.go
@ -1,6 +1,7 @@
 package dns
 import (
 	"bytes"
 	"fmt"
 	"net"
 	"strconv"
@ -61,6 +62,7 @@ const (
 	TypeCERT       uint16 = 37
 	TypeDNAME      uint16 = 39
 	TypeOPT        uint16 = 41 // EDNS
 	TypeAPL        uint16 = 42
 	TypeDS         uint16 = 43
 	TypeSSHFP      uint16 = 44
 	TypeRRSIG      uint16 = 46
@ -163,11 +165,11 @@ const (
 	_RD = 1 << 8  // recursion desired
 	_RA = 1 << 7  // recursion available
 	_Z  = 1 << 6  // Z
-	_AD = 1 << 5  // authticated data
+	_AD = 1 << 5  // authenticated data
 	_CD = 1 << 4  // checking disabled
 )
-// Various constants used in the LOC RR, See RFC 1887.
+// Various constants used in the LOC RR. See RFC 1887.
 const (
 	LOC_EQUATOR       = 1 << 31 // RFC 1876, Section 2.
 	LOC_PRIMEMERIDIAN = 1 << 31 // RFC 1876, Section 2.
@ -207,8 +209,11 @@ var CertTypeToString = map[uint16]string{
 //go:generate go run types_generate.go
-// Question holds a DNS question. There can be multiple questions in the
+// Question holds a DNS question. Usually there is just one. While the
-// question section of a message. Usually there is just one.
+// original DNS RFCs allow multiple questions in the question section of a
 // message, in practice it never works. Because most DNS servers see multiple
 // questions as an error, it is recommended to only have one question per
 // message.
 type Question struct {
 	Name   string `dns:"cdomain-name"` // "cdomain-name" specifies encoding (and may be compressed)
 	Qtype  uint16
@ -229,7 +234,7 @@ func (q *Question) String() (s string) {
 	return s
 }
-// ANY is a wildcard record. See RFC 1035, Section 3.2.3. ANY
+// ANY is a wild card record. See RFC 1035, Section 3.2.3. ANY
 // is named "*" there.
 type ANY struct {
 	Hdr RR_Header
@ -440,45 +445,38 @@ func sprintName(s string) string {
 	var dst strings.Builder
 	for i := 0; i < len(s); {
-		if i+1 < len(s) && s[i] == '\\' && s[i+1] == '.' {
+		if s[i] == '.' {
 			if dst.Len() != 0 {
-				dst.WriteString(s[i : i+2])
+				dst.WriteByte('.')
 			}
-			i += 2
+			i++
 			continue
 		}
 		b, n := nextByte(s, i)
 		if n == 0 {
-			i++
+			// Drop "dangling" incomplete escapes.
-			continue
+			if dst.Len() == 0 {
-		}
+				return s[:i]
 		if b == '.' {
 			if dst.Len() != 0 {
 				dst.WriteByte('.')
 			}
-			i += n
+			break
 			continue
 		}
-		switch b {
+		if isDomainNameLabelSpecial(b) {
 		case ' ', '\'', '@', ';', '(', ')', '"', '\\': // additional chars to escape
 			if dst.Len() == 0 {
 				dst.Grow(len(s) * 2)
 				dst.WriteString(s[:i])
 			}
 			dst.WriteByte('\\')
 			dst.WriteByte(b)
-		default:
+		} else if b < ' ' || b > '~' { // unprintable, use \DDD
-			if ' ' <= b && b <= '~' {
+			if dst.Len() == 0 {
-				if dst.Len() != 0 {
+				dst.Grow(len(s) * 2)
-					dst.WriteByte(b)
+				dst.WriteString(s[:i])
-				}
+			}
-			} else {
+			dst.WriteString(escapeByte(b))
-				if dst.Len() == 0 {
+		} else {
-					dst.Grow(len(s) * 2)
+			if dst.Len() != 0 {
-					dst.WriteString(s[:i])
+				dst.WriteByte(b)
 				}
 				dst.WriteString(escapeByte(b))
 			}
 		}
 		i += n
@ -501,15 +499,10 @@ func sprintTxtOctet(s string) string {
 		}
 		b, n := nextByte(s, i)
-		switch {
+		if n == 0 {
 		case n == 0:
 			i++ // dangling back slash
-		case b == '.':
+		} else {
-			dst.WriteByte('.')
+			writeTXTStringByte(&dst, b)
 		case b < ' ' || b > '~':
 			dst.WriteString(escapeByte(b))
 		default:
 			dst.WriteByte(b)
 		}
 		i += n
 	}
@ -585,6 +578,17 @@ func escapeByte(b byte) string {
 	return escapedByteLarge[int(b)*4 : int(b)*4+4]
 }
 // isDomainNameLabelSpecial returns true if
 // a domain name label byte should be prefixed
 // with an escaping backslash.
 func isDomainNameLabelSpecial(b byte) bool {
 	switch b {
 	case '.', ' ', '\'', '@', ';', '(', ')', '"', '\\':
 		return true
 	}
 	return false
 }
 func nextByte(s string, offset int) (byte, int) {
 	if offset >= len(s) {
 		return 0, 0
@ -757,8 +761,8 @@ type LOC struct {
 	Altitude  uint32
 }
-// cmToM takes a cm value expressed in RFC1876 SIZE mantissa/exponent
+// cmToM takes a cm value expressed in RFC 1876 SIZE mantissa/exponent
-// format and returns a string in m (two decimals for the cm)
+// format and returns a string in m (two decimals for the cm).
 func cmToM(m, e uint8) string {
 	if e < 2 {
 		if e == 1 {
@ -1116,6 +1120,7 @@ type URI struct {
 	Target   string `dns:"octet"`
 }
 // rr.Target to be parsed as a sequence of character encoded octets according to RFC 3986
 func (rr *URI) String() string {
 	return rr.Hdr.String() + strconv.Itoa(int(rr.Priority)) +
 		" " + strconv.Itoa(int(rr.Weight)) + " " + sprintTxtOctet(rr.Target)
@ -1277,6 +1282,7 @@ type CAA struct {
 	Value string `dns:"octet"`
 }
 // rr.Value Is the character-string encoding of the value field as specified in RFC 1035, Section 5.1.
 func (rr *CAA) String() string {
 	return rr.Hdr.String() + strconv.Itoa(int(rr.Flag)) + " " + rr.Tag + " " + sprintTxtOctet(rr.Value)
 }
@ -1353,6 +1359,88 @@ func (rr *CSYNC) len(off int, compression map[string]struct{}) int {
 	return l
 }
 // APL RR. See RFC 3123.
 type APL struct {
 	Hdr      RR_Header
 	Prefixes []APLPrefix `dns:"apl"`
 }
 // APLPrefix is an address prefix hold by an APL record.
 type APLPrefix struct {
 	Negation bool
 	Network  net.IPNet
 }
 // String returns presentation form of the APL record.
 func (rr *APL) String() string {
 	var sb strings.Builder
 	sb.WriteString(rr.Hdr.String())
 	for i, p := range rr.Prefixes {
 		if i > 0 {
 			sb.WriteByte(' ')
 		}
 		sb.WriteString(p.str())
 	}
 	return sb.String()
 }
 // str returns presentation form of the APL prefix.
 func (p *APLPrefix) str() string {
 	var sb strings.Builder
 	if p.Negation {
 		sb.WriteByte('!')
 	}
 	switch len(p.Network.IP) {
 	case net.IPv4len:
 		sb.WriteByte('1')
 	case net.IPv6len:
 		sb.WriteByte('2')
 	}
 	sb.WriteByte(':')
 	switch len(p.Network.IP) {
 	case net.IPv4len:
 		sb.WriteString(p.Network.IP.String())
 	case net.IPv6len:
 		// add prefix for IPv4-mapped IPv6
 		if v4 := p.Network.IP.To4(); v4 != nil {
 			sb.WriteString("::ffff:")
 		}
 		sb.WriteString(p.Network.IP.String())
 	}
 	sb.WriteByte('/')
 	prefix, _ := p.Network.Mask.Size()
 	sb.WriteString(strconv.Itoa(prefix))
 	return sb.String()
 }
 // equals reports whether two APL prefixes are identical.
 func (a *APLPrefix) equals(b *APLPrefix) bool {
 	return a.Negation == b.Negation &&
 		bytes.Equal(a.Network.IP, b.Network.IP) &&
 		bytes.Equal(a.Network.Mask, b.Network.Mask)
 }
 // copy returns a copy of the APL prefix.
 func (p *APLPrefix) copy() APLPrefix {
 	return APLPrefix{
 		Negation: p.Negation,
 		Network:  copyNet(p.Network),
 	}
 }
 // len returns size of the prefix in wire format.
 func (p *APLPrefix) len() int {
 	// 4-byte header and the network address prefix (see Section 4 of RFC 3123)
 	prefix, _ := p.Network.Mask.Size()
 	return 4 + (prefix+7)/8
 }
 // TimeToString translates the RRSIG's incep. and expir. times to the
 // string representation used when printing the record.
 // It takes serial arithmetic (RFC 1982) into account.
@ -1409,6 +1497,17 @@ func copyIP(ip net.IP) net.IP {
 	return p
 }
 // copyNet returns a copy of a subnet.
 func copyNet(n net.IPNet) net.IPNet {
 	m := make(net.IPMask, len(n.Mask))
 	copy(m, n.Mask)
 	return net.IPNet{
 		IP:   copyIP(n.IP),
 		Mask: m,
 	}
 }
 // SplitN splits a string into N sized string chunks.
 // This might become an exported function once.
 func splitN(s string, n int) []string {
--- a/vendor/github.com/miekg/dns/version.go
+++ b/vendor/github.com/miekg/dns/version.go
@ -3,13 +3,13 @@ package dns
 import "fmt"
 // Version is current version of this library.
-var Version = V{1, 1, 26}
+var Version = v{1, 1, 31}
-// V holds the version of this library.
+// v holds the version of this library.
-type V struct {
+type v struct {
 	Major, Minor, Patch int
 }
-func (v V) String() string {
+func (v v) String() string {
 	return fmt.Sprintf("%d.%d.%d", v.Major, v.Minor, v.Patch)
 }
--- a/vendor/github.com/miekg/dns/zduplicate.go
+++ b/vendor/github.com/miekg/dns/zduplicate.go
@ -52,6 +52,23 @@ func (r1 *ANY) isDuplicate(_r2 RR) bool {
 	return true
 }
 func (r1 *APL) isDuplicate(_r2 RR) bool {
 	r2, ok := _r2.(*APL)
 	if !ok {
 		return false
 	}
 	_ = r2
 	if len(r1.Prefixes) != len(r2.Prefixes) {
 		return false
 	}
 	for i := 0; i < len(r1.Prefixes); i++ {
 		if !r1.Prefixes[i].equals(&r2.Prefixes[i]) {
 			return false
 		}
 	}
 	return true
 }
 func (r1 *AVC) isDuplicate(_r2 RR) bool {
 	r2, ok := _r2.(*AVC)
 	if !ok {
@ -87,6 +104,48 @@ func (r1 *CAA) isDuplicate(_r2 RR) bool {
 	return true
 }
 func (r1 *CDNSKEY) isDuplicate(_r2 RR) bool {
 	r2, ok := _r2.(*CDNSKEY)
 	if !ok {
 		return false
 	}
 	_ = r2
 	if r1.Flags != r2.Flags {
 		return false
 	}
 	if r1.Protocol != r2.Protocol {
 		return false
 	}
 	if r1.Algorithm != r2.Algorithm {
 		return false
 	}
 	if r1.PublicKey != r2.PublicKey {
 		return false
 	}
 	return true
 }
 func (r1 *CDS) isDuplicate(_r2 RR) bool {
 	r2, ok := _r2.(*CDS)
 	if !ok {
 		return false
 	}
 	_ = r2
 	if r1.KeyTag != r2.KeyTag {
 		return false
 	}
 	if r1.Algorithm != r2.Algorithm {
 		return false
 	}
 	if r1.DigestType != r2.DigestType {
 		return false
 	}
 	if r1.Digest != r2.Digest {
 		return false
 	}
 	return true
 }
 func (r1 *CERT) isDuplicate(_r2 RR) bool {
 	r2, ok := _r2.(*CERT)
 	if !ok {
@ -155,6 +214,27 @@ func (r1 *DHCID) isDuplicate(_r2 RR) bool {
 	return true
 }
 func (r1 *DLV) isDuplicate(_r2 RR) bool {
 	r2, ok := _r2.(*DLV)
 	if !ok {
 		return false
 	}
 	_ = r2
 	if r1.KeyTag != r2.KeyTag {
 		return false
 	}
 	if r1.Algorithm != r2.Algorithm {
 		return false
 	}
 	if r1.DigestType != r2.DigestType {
 		return false
 	}
 	if r1.Digest != r2.Digest {
 		return false
 	}
 	return true
 }
 func (r1 *DNAME) isDuplicate(_r2 RR) bool {
 	r2, ok := _r2.(*DNAME)
 	if !ok {
@ -322,6 +402,27 @@ func (r1 *HIP) isDuplicate(_r2 RR) bool {
 	return true
 }
 func (r1 *KEY) isDuplicate(_r2 RR) bool {
 	r2, ok := _r2.(*KEY)
 	if !ok {
 		return false
 	}
 	_ = r2
 	if r1.Flags != r2.Flags {
 		return false
 	}
 	if r1.Protocol != r2.Protocol {
 		return false
 	}
 	if r1.Algorithm != r2.Algorithm {
 		return false
 	}
 	if r1.PublicKey != r2.PublicKey {
 		return false
 	}
 	return true
 }
 func (r1 *KX) isDuplicate(_r2 RR) bool {
 	r2, ok := _r2.(*KX)
 	if !ok {
@ -832,6 +933,42 @@ func (r1 *RT) isDuplicate(_r2 RR) bool {
 	return true
 }
 func (r1 *SIG) isDuplicate(_r2 RR) bool {
 	r2, ok := _r2.(*SIG)
 	if !ok {
 		return false
 	}
 	_ = r2
 	if r1.TypeCovered != r2.TypeCovered {
 		return false
 	}
 	if r1.Algorithm != r2.Algorithm {
 		return false
 	}
 	if r1.Labels != r2.Labels {
 		return false
 	}
 	if r1.OrigTtl != r2.OrigTtl {
 		return false
 	}
 	if r1.Expiration != r2.Expiration {
 		return false
 	}
 	if r1.Inception != r2.Inception {
 		return false
 	}
 	if r1.KeyTag != r2.KeyTag {
 		return false
 	}
 	if !isDuplicateName(r1.SignerName, r2.SignerName) {
 		return false
 	}
 	if r1.Signature != r2.Signature {
 		return false
 	}
 	return true
 }
 func (r1 *SMIMEA) isDuplicate(_r2 RR) bool {
 	r2, ok := _r2.(*SMIMEA)
 	if !ok {
--- a/vendor/github.com/miekg/dns/zmsg.go
+++ b/vendor/github.com/miekg/dns/zmsg.go
@ -36,6 +36,14 @@ func (rr *ANY) pack(msg []byte, off int, compression compressionMap, compress bo
 	return off, nil
 }
 func (rr *APL) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packDataApl(rr.Prefixes, msg, off)
 	if err != nil {
 		return off, err
 	}
 	return off, nil
 }
 func (rr *AVC) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
 	off, err = packStringTxt(rr.Txt, msg, off)
 	if err != nil {
@ -1127,6 +1135,17 @@ func (rr *ANY) unpack(msg []byte, off int) (off1 int, err error) {
 	return off, nil
 }
 func (rr *APL) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
 	rr.Prefixes, off, err = unpackDataApl(msg, off)
 	if err != nil {
 		return off, err
 	}
 	return off, nil
 }
 func (rr *AVC) unpack(msg []byte, off int) (off1 int, err error) {
 	rdStart := off
 	_ = rdStart
--- a/vendor/github.com/miekg/dns/ztypes.go
+++ b/vendor/github.com/miekg/dns/ztypes.go
@ -13,6 +13,7 @@ var TypeToRR = map[uint16]func() RR{
 	TypeAAAA:       func() RR { return new(AAAA) },
 	TypeAFSDB:      func() RR { return new(AFSDB) },
 	TypeANY:        func() RR { return new(ANY) },
 	TypeAPL:        func() RR { return new(APL) },
 	TypeAVC:        func() RR { return new(AVC) },
 	TypeCAA:        func() RR { return new(CAA) },
 	TypeCDNSKEY:    func() RR { return new(CDNSKEY) },
@ -87,6 +88,7 @@ var TypeToString = map[uint16]string{
 	TypeAAAA:       "AAAA",
 	TypeAFSDB:      "AFSDB",
 	TypeANY:        "ANY",
 	TypeAPL:        "APL",
 	TypeATMA:       "ATMA",
 	TypeAVC:        "AVC",
 	TypeAXFR:       "AXFR",
@ -169,6 +171,7 @@ func (rr *A) Header() *RR_Header          { return &rr.Hdr }
 func (rr *AAAA) Header() *RR_Header       { return &rr.Hdr }
 func (rr *AFSDB) Header() *RR_Header      { return &rr.Hdr }
 func (rr *ANY) Header() *RR_Header        { return &rr.Hdr }
 func (rr *APL) Header() *RR_Header        { return &rr.Hdr }
 func (rr *AVC) Header() *RR_Header        { return &rr.Hdr }
 func (rr *CAA) Header() *RR_Header        { return &rr.Hdr }
 func (rr *CDNSKEY) Header() *RR_Header    { return &rr.Hdr }
@ -262,6 +265,13 @@ func (rr *ANY) len(off int, compression map[string]struct{}) int {
 	l := rr.Hdr.len(off, compression)
 	return l
 }
 func (rr *APL) len(off int, compression map[string]struct{}) int {
 	l := rr.Hdr.len(off, compression)
 	for _, x := range rr.Prefixes {
 		l += x.len()
 	}
 	return l
 }
 func (rr *AVC) len(off int, compression map[string]struct{}) int {
 	l := rr.Hdr.len(off, compression)
 	for _, x := range rr.Txt {
@ -673,6 +683,13 @@ func (rr *AFSDB) copy() RR {
 func (rr *ANY) copy() RR {
 	return &ANY{rr.Hdr}
 }
 func (rr *APL) copy() RR {
 	Prefixes := make([]APLPrefix, len(rr.Prefixes))
 	for i, e := range rr.Prefixes {
 		Prefixes[i] = e.copy()
 	}
 	return &APL{rr.Hdr, Prefixes}
 }
 func (rr *AVC) copy() RR {
 	Txt := make([]string, len(rr.Txt))
 	copy(Txt, rr.Txt)
@ -681,6 +698,12 @@ func (rr *AVC) copy() RR {
 func (rr *CAA) copy() RR {
 	return &CAA{rr.Hdr, rr.Flag, rr.Tag, rr.Value}
 }
 func (rr *CDNSKEY) copy() RR {
 	return &CDNSKEY{*rr.DNSKEY.copy().(*DNSKEY)}
 }
 func (rr *CDS) copy() RR {
 	return &CDS{*rr.DS.copy().(*DS)}
 }
 func (rr *CERT) copy() RR {
 	return &CERT{rr.Hdr, rr.Type, rr.KeyTag, rr.Algorithm, rr.Certificate}
 }
@ -695,6 +718,9 @@ func (rr *CSYNC) copy() RR {
 func (rr *DHCID) copy() RR {
 	return &DHCID{rr.Hdr, rr.Digest}
 }
 func (rr *DLV) copy() RR {
 	return &DLV{*rr.DS.copy().(*DS)}
 }
 func (rr *DNAME) copy() RR {
 	return &DNAME{rr.Hdr, rr.Target}
 }
@ -727,6 +753,9 @@ func (rr *HIP) copy() RR {
 	copy(RendezvousServers, rr.RendezvousServers)
 	return &HIP{rr.Hdr, rr.HitLength, rr.PublicKeyAlgorithm, rr.PublicKeyLength, rr.Hit, rr.PublicKey, RendezvousServers}
 }
 func (rr *KEY) copy() RR {
 	return &KEY{*rr.DNSKEY.copy().(*DNSKEY)}
 }
 func (rr *KX) copy() RR {
 	return &KX{rr.Hdr, rr.Preference, rr.Exchanger}
 }
@ -830,6 +859,9 @@ func (rr *RRSIG) copy() RR {
 func (rr *RT) copy() RR {
 	return &RT{rr.Hdr, rr.Preference, rr.Host}
 }
 func (rr *SIG) copy() RR {
 	return &SIG{*rr.RRSIG.copy().(*RRSIG)}
 }
 func (rr *SMIMEA) copy() RR {
 	return &SMIMEA{rr.Hdr, rr.Usage, rr.Selector, rr.MatchingType, rr.Certificate}
 }
--- a/vendor/golang.org/x/crypto/ssh/kex.go
+++ b/vendor/golang.org/x/crypto/ssh/kex.go
@ -557,8 +557,6 @@ type dhGEXSHA struct {
 	hashFunc crypto.Hash
 }
 const numMRTests = 64
 const (
 	dhGroupExchangeMinimumBits   = 2048
 	dhGroupExchangePreferredBits = 2048
@ -602,15 +600,8 @@ func (gex dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshake
 	gex.p = kexDHGexGroup.P
 	gex.g = kexDHGexGroup.G
 	// Check if p is safe by verifing that p and (p-1)/2 are primes
 	one := big.NewInt(1)
 	var pHalf = &big.Int{}
 	pHalf.Rsh(gex.p, 1)
 	if !gex.p.ProbablyPrime(numMRTests) || !pHalf.ProbablyPrime(numMRTests) {
 		return nil, fmt.Errorf("ssh: server provided gex p is not safe")
 	}
 	// Check if g is safe by verifing that g > 1 and g < p - 1
 	one := big.NewInt(1)
 	var pMinusOne = &big.Int{}
 	pMinusOne.Sub(gex.p, one)
 	if gex.g.Cmp(one) != 1 && gex.g.Cmp(pMinusOne) != -1 {
@ -618,6 +609,8 @@ func (gex dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshake
 	}
 	// Send GexInit
 	var pHalf = &big.Int{}
 	pHalf.Rsh(gex.p, 1)
 	x, err := rand.Int(randSource, pHalf)
 	if err != nil {
 		return nil, err
--- a/vendor/golang.org/x/net/http2/server.go
+++ b/vendor/golang.org/x/net/http2/server.go
@ -1694,6 +1694,7 @@ func (sc *serverConn) processData(f *DataFrame) error {
 		if len(data) > 0 {
 			wrote, err := st.body.Write(data)
 			if err != nil {
 				sc.sendWindowUpdate(nil, int(f.Length)-wrote)
 				return streamError(id, ErrCodeStreamClosed)
 			}
 			if wrote != len(data) {
--- a/vendor/golang.org/x/net/internal/socket/sys_bsdvar.go
+++ b/vendor/golang.org/x/net/internal/socket/sys_bsdvar.go
@ -12,6 +12,9 @@ import (
 )
 func probeProtocolStack() int {
 	if runtime.GOOS == "netbsd" && runtime.GOARCH == "arm64" {
 		return 16
 	}
 	if (runtime.GOOS == "netbsd" || runtime.GOOS == "openbsd") && runtime.GOARCH == "arm" {
 		return 8
 	}
--- a/vendor/golang.org/x/net/internal/socket/sys_go1_11_darwin.go
+++ b/vendor/golang.org/x/net/internal/socket/sys_go1_11_darwin.go
@ -1,33 +0,0 @@
 // Copyright 2018 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // +build !go1.12
 package socket
 import (
 	"syscall"
 	"unsafe"
 )
 func getsockopt(s uintptr, level, name int, b []byte) (int, error) {
 	l := uint32(len(b))
 	_, _, errno := syscall.Syscall6(syscall.SYS_GETSOCKOPT, s, uintptr(level), uintptr(name), uintptr(unsafe.Pointer(&b[0])), uintptr(unsafe.Pointer(&l)), 0)
 	return int(l), errnoErr(errno)
 }
 func setsockopt(s uintptr, level, name int, b []byte) error {
 	_, _, errno := syscall.Syscall6(syscall.SYS_SETSOCKOPT, s, uintptr(level), uintptr(name), uintptr(unsafe.Pointer(&b[0])), uintptr(len(b)), 0)
 	return errnoErr(errno)
 }
 func recvmsg(s uintptr, h *msghdr, flags int) (int, error) {
 	n, _, errno := syscall.Syscall(syscall.SYS_RECVMSG, s, uintptr(unsafe.Pointer(h)), uintptr(flags))
 	return int(n), errnoErr(errno)
 }
 func sendmsg(s uintptr, h *msghdr, flags int) (int, error) {
 	n, _, errno := syscall.Syscall(syscall.SYS_SENDMSG, s, uintptr(unsafe.Pointer(h)), uintptr(flags))
 	return int(n), errnoErr(errno)
 }
--- a/vendor/golang.org/x/net/ipv4/header.go
+++ b/vendor/golang.org/x/net/ipv4/header.go
@ -67,7 +67,7 @@ func (h *Header) Marshal() ([]byte, error) {
 	b[1] = byte(h.TOS)
 	flagsAndFragOff := (h.FragOff & 0x1fff) | int(h.Flags<<13)
 	switch runtime.GOOS {
-	case "darwin", "dragonfly", "netbsd":
+	case "darwin", "ios", "dragonfly", "netbsd":
 		socket.NativeEndian.PutUint16(b[2:4], uint16(h.TotalLen))
 		socket.NativeEndian.PutUint16(b[6:8], uint16(flagsAndFragOff))
 	case "freebsd":
@ -126,7 +126,7 @@ func (h *Header) Parse(b []byte) error {
 	h.Src = net.IPv4(b[12], b[13], b[14], b[15])
 	h.Dst = net.IPv4(b[16], b[17], b[18], b[19])
 	switch runtime.GOOS {
-	case "darwin", "dragonfly", "netbsd":
+	case "darwin", "ios", "dragonfly", "netbsd":
 		h.TotalLen = int(socket.NativeEndian.Uint16(b[2:4])) + hdrlen
 		h.FragOff = int(socket.NativeEndian.Uint16(b[6:8]))
 	case "freebsd":
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -272,7 +272,7 @@ github.com/hashicorp/hil
 github.com/hashicorp/hil/ast
 github.com/hashicorp/hil/parser
 github.com/hashicorp/hil/scanner
-# github.com/hashicorp/mdns v1.0.1
+# github.com/hashicorp/mdns v1.0.3
 github.com/hashicorp/mdns
 # github.com/hashicorp/memberlist v0.2.2
 github.com/hashicorp/memberlist
@ -316,13 +316,13 @@ github.com/konsorten/go-windows-terminal-sequences
 github.com/kr/text
 # github.com/linode/linodego v0.7.1
 github.com/linode/linodego
-# github.com/mattn/go-colorable v0.1.6
+# github.com/mattn/go-colorable v0.1.7
 github.com/mattn/go-colorable
 # github.com/mattn/go-isatty v0.0.12
 github.com/mattn/go-isatty
 # github.com/matttproud/golang_protobuf_extensions v1.0.1
 github.com/matttproud/golang_protobuf_extensions/pbutil
-# github.com/miekg/dns v1.1.26
+# github.com/miekg/dns v1.1.31
 github.com/miekg/dns
 # github.com/mitchellh/cli v1.1.0
 github.com/mitchellh/cli
@ -459,7 +459,7 @@ go.opencensus.io/trace/tracestate
 # go.uber.org/goleak v1.0.0
 go.uber.org/goleak
 go.uber.org/goleak/internal/stack
-# golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a
+# golang.org/x/crypto v0.0.0-20200930160638-afb6bcd081ae
 golang.org/x/crypto/blake2b
 golang.org/x/crypto/blowfish
 golang.org/x/crypto/chacha20
@ -478,7 +478,7 @@ golang.org/x/crypto/ssh/terminal
 # golang.org/x/lint v0.0.0-20190930215403-16217165b5de
 golang.org/x/lint
 golang.org/x/lint/golint
-# golang.org/x/net v0.0.0-20200904194848-62affa334b73
+# golang.org/x/net v0.0.0-20200930145003-4acb6c075d10
 golang.org/x/net/bpf
 golang.org/x/net/context
 golang.org/x/net/context/ctxhttp