From 7ab38dd825af0e157e9c56c49372a965f9929e93 Mon Sep 17 00:00:00 2001
From: jesse-matsec <101210230+jesse-matsec@users.noreply.github.com>
Date: Sat, 24 Jun 2023 11:12:48 -0400
Subject: [PATCH 01/79] dnscontrol get-zones --help typo fix (#2459)

---
 commands/getZones.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/commands/getZones.go b/commands/getZones.go
index 6a09468ee..89d39da91 100644
--- a/commands/getZones.go
+++ b/commands/getZones.go
@@ -70,7 +70,7 @@ EXAMPLES:
    dnscontrol get-zones gmain GANDI_V5 example.com other.com
    dnscontrol get-zones cfmain CLOUDFLAREAPI all
    dnscontrol get-zones --format=tsv bind BIND example.com
-   dnscontrol get-zones --format=djs --out=draft.js glcoud GCLOUD example.com`,
+   dnscontrol get-zones --format=djs --out=draft.js gcloud GCLOUD example.com`,
 	}
 }())
 

From 0f1a256311901758b02e10619689183e78fd8ae6 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 25 Jun 2023 10:38:46 -0600
Subject: [PATCH 02/79] CHORE: Update dependencies (#2460)

---
 go.mod |  44 ++++++++++-----------
 go.sum | 121 ++++++++++++++++++++++++++++++++++++---------------------
 2 files changed, 99 insertions(+), 66 deletions(-)

diff --git a/go.mod b/go.mod
index 172718366..56b6bfc3f 100644
--- a/go.mod
+++ b/go.mod
@@ -11,11 +11,11 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.18.0
-	github.com/aws/aws-sdk-go-v2/config v1.18.25
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.24
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.28.1
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.14.10
+	github.com/aws/aws-sdk-go-v2 v1.18.1
+	github.com/aws/aws-sdk-go-v2/config v1.18.27
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.26
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.28.3
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.15.0
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
@@ -33,7 +33,7 @@ require (
 	github.com/hashicorp/vault/api v1.9.2
 	github.com/jarcoal/httpmock v1.0.8 // indirect
 	github.com/jinzhu/copier v0.3.5
-	github.com/miekg/dns v1.1.54
+	github.com/miekg/dns v1.1.55
 	github.com/mittwald/go-powerdns v0.6.2
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04
 	github.com/nrdcg/goinwx v0.8.2
@@ -47,11 +47,11 @@ require (
 	github.com/softlayer/softlayer-go v1.1.2
 	github.com/stretchr/testify v1.8.4
 	github.com/transip/gotransip/v6 v6.20.0
-	github.com/urfave/cli/v2 v2.25.5
+	github.com/urfave/cli/v2 v2.25.7
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/net v0.10.0
-	golang.org/x/oauth2 v0.8.0
-	google.golang.org/api v0.125.0
+	golang.org/x/net v0.11.0
+	golang.org/x/oauth2 v0.9.0
+	google.golang.org/api v0.128.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.4
 )
 
@@ -64,7 +64,7 @@ require (
 	github.com/mattn/go-isatty v0.0.19
 	github.com/vultr/govultr/v2 v2.17.2
 	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
-	golang.org/x/text v0.9.0
+	golang.org/x/text v0.10.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -76,14 +76,14 @@ require (
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
 	github.com/andybalholm/cascadia v1.3.1 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.19.0 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 // indirect
 	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
@@ -101,7 +101,7 @@ require (
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/s2a-go v0.1.4 // indirect
 	github.com/google/uuid v1.3.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.4 // indirect
 	github.com/googleapis/gax-go/v2 v2.10.0 // indirect
 	github.com/gopherjs/gopherjs v1.17.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
@@ -132,10 +132,10 @@ require (
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/crypto v0.9.0 // indirect
+	golang.org/x/crypto v0.10.0 // indirect
 	golang.org/x/mod v0.9.0 // indirect
 	golang.org/x/sync v0.2.0 // indirect
-	golang.org/x/sys v0.8.0 // indirect
+	golang.org/x/sys v0.9.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.7.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
diff --git a/go.sum b/go.sum
index da124540b..815ee4c4c 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,6 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY=
 cloud.google.com/go/compute v1.19.3 h1:DcTwsFgGev/wV5+q8o2fzgcHOaac+DKGC91ZlvpsQds=
 cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
@@ -19,6 +20,7 @@ github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcP
 github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 h1:OBhqkivkhkMqLPymWEppkm7vgPQY2XsHoEkaMQ0AdZY=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7 h1:AJKJCKcb/psppPl/9CUiQQnTG+Bce0/cIweD5w5Q7aQ=
 github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7/go.mod h1:GCzqZQHydohgVLSIqRKZeTt8IGb1Y4NaFfim3H40uUI=
 github.com/G-Core/gcore-dns-sdk-go v0.2.6 h1:R82ANd7BnhIe2mV/12Ebdx9QYVl2++E4kfDIu97JEOk=
@@ -29,38 +31,39 @@ github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36 h1:vfVc5pSCq58lj
 github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36/go.mod h1:MwE/QxFCN65F0hKGWFHUh2U2o1p2tMPNR1zHkX6vEh8=
 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 h1:F1j7z+/DKEsYqZNoxC6wvfmaiDneLsQOFQmuq9NADSY=
 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2/go.mod h1:QlXr/TrICfQ/ANa76sLeQyhAJyNR9sEcfNuZBkY9jgY=
+github.com/alecthomas/kong v0.2.2/go.mod h1:kQOmtJgV+Lb4aj+I2LEn40cbtawdWJ9Y8QLq+lElKxE=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY=
-github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/config v1.18.25 h1:JuYyZcnMPBiFqn87L2cRppo+rNwgah6YwD3VuyvaW6Q=
-github.com/aws/aws-sdk-go-v2/config v1.18.25/go.mod h1:dZnYpD5wTW/dQF0rRNLVypB396zWCcPiBIvdvSWHEg4=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.24 h1:PjiYyls3QdCrzqUN35jMWtUK1vqVZ+zLfdOa/UPFDp0=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.24/go.mod h1:jYPYi99wUOPIFi0rhiOvXeSEReVOzBqFNOX5bXYoG2o=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 h1:jJPgroehGvjrde3XufFIJUZVK5A2L9a3KwSFgKy9n8w=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3/go.mod h1:4Q0UFP0YJf0NrsEuEYHpM9fTSEVnD16Z3uyEF7J9JGM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 h1:kG5eQilShqmJbv11XL1VpyDbaEJzWxd4zRiCG30GSn4=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 h1:vFQlirhuM8lLlpI7imKOMsjdQLuN9CPi+k44F/OFVsk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 h1:gGLG7yKaXG02/jBlg210R7VgQIotiQntNhsCFejawx8=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34/go.mod h1:Etz2dj6UHYuw+Xw830KfzCfWGMzqvUTCjUj5b76GVDc=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 h1:0iKliEXAcCa2qVtRs7Ot5hItA2MsufrphbRFlz1Owxo=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27/go.mod h1:EOwBD4J4S5qYszS5/3DpkejfuK+Z5/1uzICfPaZLtqw=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.28.1 h1:8e1fgdyer5IqBPtiWNsVLY/XFucmNTtYMqADyCFXTgQ=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.28.1/go.mod h1:9SEpwqaALzp34eCT6w5PTh4SDDT84wxfMRx9VJSJPsk=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.14.10 h1:BSgJnMWjJtrnZeRnJIMt+YheRxNESIenlZL/xP2Xtt4=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.14.10/go.mod h1:ZCAB0DgknPFchQTI0rWjWlLe6U/2eDBqPMzVAjkZuzQ=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 h1:UBQjaMTCKwyUYwiVnUt6toEJwGXsLBI6al083tpjJzY=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.10/go.mod h1:ouy2P4z6sJN70fR3ka3wD3Ro3KezSxU6eKGQI2+2fjI=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 h1:PkHIIJs8qvq0e5QybnZoG1K/9QTrLr9OsqCIo59jOBA=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10/go.mod h1:AFvkxc8xfBe8XA+5St5XIHHrQQtkxqrRincx4hmMHOk=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.0 h1:2DQLAKDteoEDI8zpCzqBMaZlJuoE9iTYD0gFmXVax9E=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.0/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8=
+github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo=
+github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
+github.com/aws/aws-sdk-go-v2/config v1.18.27 h1:Az9uLwmssTE6OGTpsFqOnaGpLnKDqNYOJzWuC6UAYzA=
+github.com/aws/aws-sdk-go-v2/config v1.18.27/go.mod h1:0My+YgmkGxeqjXZb5BYme5pc4drjTnM+x1GJ3zv42Nw=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.26 h1:qmU+yhKmOCyujmuPY7tf5MxR/RKyZrOPO3V4DobiTUk=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.26/go.mod h1:GoXt2YC8jHUBbA4jr+W3JiemnIbkXOfxSXcisUsZ3os=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 h1:LxK/bitrAr4lnh9LnIS6i7zWbCOdMsfzKFBI6LUCS0I=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 h1:A5UqQEmPaCFpedKouS4v+dHCTUo2sKqhoKO9U5kxyWo=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 h1:srIVS45eQuewqz6fKKu6ZGXaq6FuFg5NzgQBAM6g8Y4=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 h1:LWA+3kDM8ly001vJ1X1waCuLJdtTl48gwkPKWy9sosI=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35/go.mod h1:0Eg1YjxE0Bhn56lx+SHJwCzhW+2JGtizsrx+lCqrfm0=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a929RCnpVSTvLM2j/T4ls015ZhhYApbmYs15s=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.28.3 h1:nJbE4+tHd8xpM1RB1ZF0/xTJnFd/ATz42ZC35lwXx0w=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.28.3/go.mod h1:Cd4MnFoV+6fELBrgWXJ4Y09FrSkn/VjNPkOr1Yr1muU=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.15.0 h1:H7c53dt/1Wsp3fWbu5v5+XVNsThWzmxzYdyYLltWtec=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.15.0/go.mod h1:k75fR3BhOo/0umex9ICEJ+CKTA55qxvFWAlyVHTS6Qg=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 h1:nneMBM2p79PGWBQovYO/6Xnc2ryRMw3InnDJq1FHkSY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.12/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 h1:2qTR7IFk7/0IN/adSFhYu9Xthr0zVFTgBrmPldILn80=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 h1:XFJ2Z6sNUUcAz9poj+245DMkrHE4h2j5I9/xD50RHfE=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.2/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg=
 github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -78,9 +81,11 @@ github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QH
 github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
 github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
 github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5 h1:awE2kiwdJa409MC5i3OH9fJHCr2yE75yHuWWoA5zx8Q=
 github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5/go.mod h1:1usm1EQvugrIio3ODIAMrDG9NzA86AHIqhZCxJgNdxY=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
@@ -89,9 +94,11 @@ github.com/cloudflare/cloudflare-go v0.68.0/go.mod h1:b6oSYwhXmZUdaF83Od/uefT092
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
+github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
 github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -108,6 +115,7 @@ github.com/digitalocean/godo v1.99.0/go.mod h1:SsS2oXo2rznfM/nORlZ/6JaUJZFhmKTib
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
+github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
 github.com/dnsimple/dnsimple-go v1.2.0 h1:ddTGyLVKly5HKb5L65AkLqFqwZlWo3WnR0BlFZlIddM=
 github.com/dnsimple/dnsimple-go v1.2.0/go.mod h1:z/cs26v/eiRvUyXsHQBLd8lWF8+cD6GbmkPH84plM4U=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -115,7 +123,9 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
+github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
 github.com/exoscale/egoscale v0.90.2 h1:oGSJy5Dxbcn5m5F0/DcnU4WXJg+2j3g+UgEu4yyKG9M=
 github.com/exoscale/egoscale v0.90.2/go.mod h1:NDhQbdGNKwnLVC2YGTB6ds9WIPw+V5ckvEEV8ho7pFE=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
@@ -125,6 +135,7 @@ github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/fbiville/markdown-table-formatter v0.3.0 h1:PIm1UNgJrFs8q1htGTw+wnnNYvwXQMMMIKNZop2SSho=
 github.com/fbiville/markdown-table-formatter v0.3.0/go.mod h1:q89TDtSEVDdTaufgSbfHpNVdPU/bmfvqNkrC5HagmLY=
+github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/getkin/kin-openapi v0.87.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
@@ -156,6 +167,7 @@ github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzq
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -188,6 +200,7 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-github/v35 v35.3.0 h1:fU+WBzuukn0VssbayTT+Zo3/ESKX9JYWjbZTLOTEyho=
 github.com/google/go-github/v35 v35.3.0/go.mod h1:yWB7uCcVWaUbUP74Aq3whuMySRMatyRmq5U9FTNlbio=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
@@ -202,8 +215,8 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k=
-github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
+github.com/googleapis/enterprise-certificate-proxy v0.2.4 h1:uGy6JWR/uMIILU8wbf+OkstIrNiMjGpEIyhx8f6W7s4=
+github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
 github.com/googleapis/gax-go/v2 v2.10.0 h1:ebSgKfMxynOdxw8QQuFOKMgomqeLGPqNLQox2bo42zg=
 github.com/googleapis/gax-go/v2 v2.10.0/go.mod h1:4UOEnMCrxsSqQ940WnTiD6qJ63le2ev3xfyagutxiPw=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -222,6 +235,7 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
+github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
@@ -240,6 +254,7 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3Cl2as=
 github.com/hashicorp/vault/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
+github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jarcoal/httpmock v1.0.8 h1:8kI16SoO6LQKgPE7PvQuV+YuD/inwHd7fOOe2zMbo4k=
 github.com/jarcoal/httpmock v1.0.8/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik=
 github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
@@ -324,8 +339,9 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/miekg/dns v1.1.54 h1:5jon9mWcb0sFJGpnI99tOMhCPyJ+RPVz5b63MQG0VWI=
-github.com/miekg/dns v1.1.54/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
+github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
+github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
@@ -339,13 +355,17 @@ github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJ
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/montanaflynn/stats v0.7.0/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
 github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 h1:o6uBwrhM5C8Ll3MAAxrQxRHEu7FkapwTuI2WmL1rw4g=
 github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
+github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
+github.com/neelance/sourcemap v0.0.0-20200213170602-2833bce08e4c/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nrdcg/goinwx v0.8.2 h1:RmjiHlEA+lzi3toXyPSaE6hWnBQ0+G+1u7w8C6Fpp4g=
 github.com/nrdcg/goinwx v0.8.2/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4=
 github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d/go.mod h1:YUTz3bUH2ZwIWBy3CJBeOBEugqcmXREj14T+iG/4k4U=
+github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/oracle/oci-go-sdk/v32 v32.0.0 h1:SSbzrQO3WRcPJEZ8+b3SFPYsPtkFM96clqrp03lrwbU=
 github.com/oracle/oci-go-sdk/v32 v32.0.0/go.mod h1:aZc4jC59IuNP3cr5y1nj555QvwojMX2nMJaBiozuuEs=
 github.com/ovh/go-ovh v1.1.0 h1:bHXZmw8nTgZin4Nv7JuaLs0KG5x54EQR7migYTd1zrk=
@@ -369,6 +389,7 @@ github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494 h1:wSmWgpuccqS2IOfmYrbRiUgv+g37W5suLLLxwwniTSc=
 github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494/go.mod h1:yipyliwI08eQ6XwDm1fEwKPdF/xdbkiHtrU+1Hg+vc4=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/robertkrimen/otto v0.0.0-20200922221731-ef014fd054ac/go.mod h1:xvqspoSXJTIpemEonrMDFq6XzwHYYgToXWj5eRX1OtY=
 github.com/robertkrimen/otto v0.2.1 h1:FVP0PJ0AHIjC+N4pKCG9yCDz6LHNPCwi/GKID5pGGF0=
 github.com/robertkrimen/otto v0.2.1/go.mod h1:UPwtJ1Xu7JrLcZjNWN8orJaM5n5YEtqL//farB5FlRY=
@@ -376,6 +397,7 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
+github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
@@ -383,6 +405,9 @@ github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkB
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/shurcooL/go v0.0.0-20200502201357-93f07166e636/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
+github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
+github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546/go.mod h1:TrYk7fJVaAttu97ZZKrO9UbRa8izdowaMIZcxYMbVaw=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
@@ -390,10 +415,13 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykE
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
+github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM=
 github.com/softlayer/softlayer-go v1.1.2 h1:rUSSGCyaxymvTOsaFjwr+cGxA8muw3xg2LSrIMNcN/c=
 github.com/softlayer/softlayer-go v1.1.2/go.mod h1:hvAbzGH4LRXA6yXY8BNx99yoqZ7urfDdtl9mvBf0G+g=
 github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e h1:3OgWYFw7jxCZPcvAg+4R8A50GZ+CCkARF10lxu2qDsQ=
 github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e/go.mod h1:fKZCUVdirrxrBpwd9wb+lSoVixvpwAu8eHzbQB2tums=
+github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
@@ -416,8 +444,8 @@ github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVM
 github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw=
-github.com/urfave/cli/v2 v2.25.5 h1:d0NIAyhh5shGscroL7ek/Ya9QYQE0KNabJgiUinIQkc=
-github.com/urfave/cli/v2 v2.25.5/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc=
+github.com/urfave/cli/v2 v2.25.7 h1:VAzn5oq403l5pHjc4OhD54+XGO9cdKVL/7lDjF+iKUs=
+github.com/urfave/cli/v2 v2.25.7/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
 github.com/vultr/govultr/v2 v2.17.2 h1:gej/rwr91Puc/tgh+j33p/BLR16UrIPnSr+AIwYWZQs=
@@ -445,8 +473,8 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
-golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
+golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
+golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
 golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
@@ -477,12 +505,12 @@ golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU=
+golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
-golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
+golang.org/x/oauth2 v0.9.0 h1:BPpt2kU7oMRq3kCHAA1tbSEshXRw1LpG2ztgDwrzuAs=
+golang.org/x/oauth2 v0.9.0/go.mod h1:qYgFZaFiu6Wg24azG8bdV52QJXJGbZzIIsRCdVKzbLw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -515,12 +543,13 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
+golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -528,8 +557,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58=
+golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
@@ -550,8 +579,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.125.0 h1:7xGvEY4fyWbhWMHf3R2/4w7L4fXyfpRGE9g6lp8+DCk=
-google.golang.org/api v0.125.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw=
+google.golang.org/api v0.128.0 h1:RjPESny5CnQRn9V6siglged+DZCgfu9l6mO9dkX9VOg=
+google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
@@ -561,7 +590,10 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98
 google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc h1:8DyZCyvI8mE1IdLy/60bS+52xfymkE72wv1asokgtao=
+google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64=
 google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc h1:kVKPf/IiYSBWEWtkIn6wZXwWGCnLKcC8oWfZvXjsGnM=
+google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
+google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -599,6 +631,7 @@ gopkg.in/errgo.v1 v1.0.0-20161222125816-442357a80af5/go.mod h1:u0ALmqvLRxLI95fkd
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/h2non/gock.v1 v1.0.15/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE=
 gopkg.in/h2non/gock.v1 v1.1.2 h1:jBbHXgGBK/AoPVfJh5x4r/WxIrElvbLel8TCZkkZJoY=
+gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaDva0=
 gopkg.in/httprequest.v1 v1.1.1/go.mod h1:/CkavNL+g3qLOrpFHVrEx4NKepeqR4XTZWNj4sGGjz0=
 gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=

From 31bf652e3409a15be649ab65d64382aa9df94553 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 28 Jun 2023 08:35:59 -0600
Subject: [PATCH 03/79] ANNOUNCEMENT: Proposal to no longer generate 32-bit
 binaries (#2464)

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 1de52b29c..cec66a659 100644
--- a/README.md
+++ b/README.md
@@ -148,6 +148,7 @@ See [dnscontrol-action](https://github.com/koenrh/dnscontrol-action) or [gacts/i
 
 ## Deprecation warnings (updated 2023-02-18)
 
+- **32-bit binaries will no longer be distributed after September 10, 2023.** There is a proposal to stop shipping 32-bit binaries (packages and containers).  If no objections are raised by Sept 10, 2023, new releases will not include them. See https://github.com/StackExchange/dnscontrol/issues/2461 for details.
 - **Call for new volunteer maintainers for NAMEDOTCOM and SOFTLAYER.** These providers have no maintainer. Maintainers respond to PRs and fix bugs in a timely manner, and try to stay on top of protocol changes.
 - **ACME/Let's Encrypt support is frozen and will be removed after December 31, 2022.**  The `get-certs` command (renews certs via Let's Encrypt) has no maintainer. There are other projects that do a better job. If you don't use this feature, please do not start. If you do use this feature, please plan on migrating to something else.  See discussion in [issues/1400](https://github.com/StackExchange/dnscontrol/issues/1400)
 - **get-zones syntax changes in v3.16** Starting in [v3.16](documentation/v316.md), the command line arguments for `dnscontrol get-zones` changes. For backwards compatibility change `provider` to `-`. See documentation for details.

From 449e2a77e5e68db3f65349a47d44a5b77565b481 Mon Sep 17 00:00:00 2001
From: Atma Rutledge <42352142+atma-stackoverflow@users.noreply.github.com>
Date: Tue, 1 Aug 2023 07:40:59 -0600
Subject: [PATCH 04/79] FOUND-1643: FEATURE: Adding rate limit to CSCGlobal
 (#2490)

---
 build/build.go             |  7 +++++++
 go.sum                     | 33 ---------------------------------
 providers/cscglobal/api.go | 23 +++++++++++++++++++++++
 3 files changed, 30 insertions(+), 33 deletions(-)

diff --git a/build/build.go b/build/build.go
index 5d5ea56c7..736618f3c 100644
--- a/build/build.go
+++ b/build/build.go
@@ -24,8 +24,15 @@ func main() {
 		cmd := exec.Command("go", "build", "-o", out, "-ldflags", flags, pkg)
 		os.Setenv("GOOS", goos)
 		os.Setenv("GO111MODULE", "on")
+		os.Setenv("CGO_ENABLED", "0")
 		cmd.Stderr = os.Stderr
 		cmd.Stdout = os.Stdout
+
+		// For now just build for amd64 everywhere
+		if os.Getenv("GOARCH") == "" {
+			os.Setenv("GOARCH", "amd64")
+		}
+
 		err := cmd.Run()
 		if err != nil {
 			log.Fatal(err)
diff --git a/go.sum b/go.sum
index 815ee4c4c..518054f05 100644
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,5 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY=
 cloud.google.com/go/compute v1.19.3 h1:DcTwsFgGev/wV5+q8o2fzgcHOaac+DKGC91ZlvpsQds=
 cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
@@ -20,7 +19,6 @@ github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcP
 github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 h1:OBhqkivkhkMqLPymWEppkm7vgPQY2XsHoEkaMQ0AdZY=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7 h1:AJKJCKcb/psppPl/9CUiQQnTG+Bce0/cIweD5w5Q7aQ=
 github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7/go.mod h1:GCzqZQHydohgVLSIqRKZeTt8IGb1Y4NaFfim3H40uUI=
 github.com/G-Core/gcore-dns-sdk-go v0.2.6 h1:R82ANd7BnhIe2mV/12Ebdx9QYVl2++E4kfDIu97JEOk=
@@ -31,7 +29,6 @@ github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36 h1:vfVc5pSCq58lj
 github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36/go.mod h1:MwE/QxFCN65F0hKGWFHUh2U2o1p2tMPNR1zHkX6vEh8=
 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 h1:F1j7z+/DKEsYqZNoxC6wvfmaiDneLsQOFQmuq9NADSY=
 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2/go.mod h1:QlXr/TrICfQ/ANa76sLeQyhAJyNR9sEcfNuZBkY9jgY=
-github.com/alecthomas/kong v0.2.2/go.mod h1:kQOmtJgV+Lb4aj+I2LEn40cbtawdWJ9Y8QLq+lElKxE=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
@@ -81,11 +78,9 @@ github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QH
 github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
 github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
 github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5 h1:awE2kiwdJa409MC5i3OH9fJHCr2yE75yHuWWoA5zx8Q=
 github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5/go.mod h1:1usm1EQvugrIio3ODIAMrDG9NzA86AHIqhZCxJgNdxY=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
@@ -94,11 +89,9 @@ github.com/cloudflare/cloudflare-go v0.68.0/go.mod h1:b6oSYwhXmZUdaF83Od/uefT092
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
 github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -115,7 +108,6 @@ github.com/digitalocean/godo v1.99.0/go.mod h1:SsS2oXo2rznfM/nORlZ/6JaUJZFhmKTib
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
-github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
 github.com/dnsimple/dnsimple-go v1.2.0 h1:ddTGyLVKly5HKb5L65AkLqFqwZlWo3WnR0BlFZlIddM=
 github.com/dnsimple/dnsimple-go v1.2.0/go.mod h1:z/cs26v/eiRvUyXsHQBLd8lWF8+cD6GbmkPH84plM4U=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -123,9 +115,7 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
-github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
 github.com/exoscale/egoscale v0.90.2 h1:oGSJy5Dxbcn5m5F0/DcnU4WXJg+2j3g+UgEu4yyKG9M=
 github.com/exoscale/egoscale v0.90.2/go.mod h1:NDhQbdGNKwnLVC2YGTB6ds9WIPw+V5ckvEEV8ho7pFE=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
@@ -135,7 +125,6 @@ github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/fbiville/markdown-table-formatter v0.3.0 h1:PIm1UNgJrFs8q1htGTw+wnnNYvwXQMMMIKNZop2SSho=
 github.com/fbiville/markdown-table-formatter v0.3.0/go.mod h1:q89TDtSEVDdTaufgSbfHpNVdPU/bmfvqNkrC5HagmLY=
-github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/getkin/kin-openapi v0.87.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
@@ -167,7 +156,6 @@ github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzq
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -200,7 +188,6 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-github/v35 v35.3.0 h1:fU+WBzuukn0VssbayTT+Zo3/ESKX9JYWjbZTLOTEyho=
 github.com/google/go-github/v35 v35.3.0/go.mod h1:yWB7uCcVWaUbUP74Aq3whuMySRMatyRmq5U9FTNlbio=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
@@ -235,7 +222,6 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
-github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
@@ -254,7 +240,6 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3Cl2as=
 github.com/hashicorp/vault/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jarcoal/httpmock v1.0.8 h1:8kI16SoO6LQKgPE7PvQuV+YuD/inwHd7fOOe2zMbo4k=
 github.com/jarcoal/httpmock v1.0.8/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik=
 github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
@@ -339,7 +324,6 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
 github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
@@ -355,17 +339,13 @@ github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJ
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/montanaflynn/stats v0.7.0/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
 github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 h1:o6uBwrhM5C8Ll3MAAxrQxRHEu7FkapwTuI2WmL1rw4g=
 github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
-github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
-github.com/neelance/sourcemap v0.0.0-20200213170602-2833bce08e4c/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nrdcg/goinwx v0.8.2 h1:RmjiHlEA+lzi3toXyPSaE6hWnBQ0+G+1u7w8C6Fpp4g=
 github.com/nrdcg/goinwx v0.8.2/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4=
 github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d/go.mod h1:YUTz3bUH2ZwIWBy3CJBeOBEugqcmXREj14T+iG/4k4U=
-github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/oracle/oci-go-sdk/v32 v32.0.0 h1:SSbzrQO3WRcPJEZ8+b3SFPYsPtkFM96clqrp03lrwbU=
 github.com/oracle/oci-go-sdk/v32 v32.0.0/go.mod h1:aZc4jC59IuNP3cr5y1nj555QvwojMX2nMJaBiozuuEs=
 github.com/ovh/go-ovh v1.1.0 h1:bHXZmw8nTgZin4Nv7JuaLs0KG5x54EQR7migYTd1zrk=
@@ -389,7 +369,6 @@ github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494 h1:wSmWgpuccqS2IOfmYrbRiUgv+g37W5suLLLxwwniTSc=
 github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494/go.mod h1:yipyliwI08eQ6XwDm1fEwKPdF/xdbkiHtrU+1Hg+vc4=
-github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/robertkrimen/otto v0.0.0-20200922221731-ef014fd054ac/go.mod h1:xvqspoSXJTIpemEonrMDFq6XzwHYYgToXWj5eRX1OtY=
 github.com/robertkrimen/otto v0.2.1 h1:FVP0PJ0AHIjC+N4pKCG9yCDz6LHNPCwi/GKID5pGGF0=
 github.com/robertkrimen/otto v0.2.1/go.mod h1:UPwtJ1Xu7JrLcZjNWN8orJaM5n5YEtqL//farB5FlRY=
@@ -397,7 +376,6 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
-github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
@@ -405,9 +383,6 @@ github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkB
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
-github.com/shurcooL/go v0.0.0-20200502201357-93f07166e636/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
-github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
-github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546/go.mod h1:TrYk7fJVaAttu97ZZKrO9UbRa8izdowaMIZcxYMbVaw=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
@@ -415,13 +390,10 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykE
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
-github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM=
 github.com/softlayer/softlayer-go v1.1.2 h1:rUSSGCyaxymvTOsaFjwr+cGxA8muw3xg2LSrIMNcN/c=
 github.com/softlayer/softlayer-go v1.1.2/go.mod h1:hvAbzGH4LRXA6yXY8BNx99yoqZ7urfDdtl9mvBf0G+g=
 github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e h1:3OgWYFw7jxCZPcvAg+4R8A50GZ+CCkARF10lxu2qDsQ=
 github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e/go.mod h1:fKZCUVdirrxrBpwd9wb+lSoVixvpwAu8eHzbQB2tums=
-github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
@@ -549,7 +521,6 @@ golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXR
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -590,10 +561,7 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98
 google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc h1:8DyZCyvI8mE1IdLy/60bS+52xfymkE72wv1asokgtao=
-google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64=
 google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc h1:kVKPf/IiYSBWEWtkIn6wZXwWGCnLKcC8oWfZvXjsGnM=
-google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
-google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -631,7 +599,6 @@ gopkg.in/errgo.v1 v1.0.0-20161222125816-442357a80af5/go.mod h1:u0ALmqvLRxLI95fkd
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/h2non/gock.v1 v1.0.15/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE=
 gopkg.in/h2non/gock.v1 v1.1.2 h1:jBbHXgGBK/AoPVfJh5x4r/WxIrElvbLel8TCZkkZJoY=
-gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaDva0=
 gopkg.in/httprequest.v1 v1.1.1/go.mod h1:/CkavNL+g3qLOrpFHVrEx4NKepeqR4XTZWNj4sGGjz0=
 gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
diff --git a/providers/cscglobal/api.go b/providers/cscglobal/api.go
index 69a2bc104..df141d753 100644
--- a/providers/cscglobal/api.go
+++ b/providers/cscglobal/api.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"log"
 	"net/http"
 	"os"
 	"sort"
@@ -642,6 +643,12 @@ func (client *providerClient) geturl(url string) ([]byte, error) {
 	req.Header.Add("Authorization", "Bearer "+client.token)
 	req.Header.Add("Accept", "application/json")
 
+	// Default CSCGlobal rate limit is twenty requests per second
+	var backoff = time.Second
+
+	const maxBackoff = time.Second * 15
+
+retry:
 	resp, err := hclient.Do(req)
 	if err != nil {
 		return nil, err
@@ -654,6 +661,22 @@ func (client *providerClient) geturl(url string) ([]byte, error) {
 
 	if resp.StatusCode == 400 {
 		// 400, error message is in the body as plain text
+		// Apparently CSCGlobal uses status code 400 for rate limit, grump
+
+		if string(bodyString) == "Requests exceeded API Rate limit." {
+			// a simple exponential back-off with a 3-minute max.
+			log.Printf("Delaying %v due to ratelimit\n", backoff)
+			time.Sleep(backoff)
+			backoff = backoff + (backoff / 2)
+			if backoff > maxBackoff {
+				return nil, fmt.Errorf("CSC Global API timeout max backoff (geturl): %s URL: %s%s",
+					bodyString,
+					req.Host, req.URL.RequestURI())
+			}
+
+			goto retry
+		}
+
 		return nil, fmt.Errorf("CSC Global API error (geturl): %s URL: %s%s",
 			bodyString,
 			req.Host, req.URL.RequestURI())

From 7a3e30b2b5bbdbb02201985901b956886b9a28e6 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 4 Aug 2023 10:23:39 -0400
Subject: [PATCH 05/79] CHORE: Update goreleaser config for new NFPM format
 (#2467)

Co-authored-by: SignalRichard <20459042+SignalRichard@users.noreply.github.com>
---
 .goreleaser.yml | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/.goreleaser.yml b/.goreleaser.yml
index c4a37762d..ce104e6f7 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -47,27 +47,31 @@ universal_binaries:
     id: build
 
 nfpms:
-  - file_name_template: '{{ .ProjectName }}-{{ .Version }}.{{ .Arch }}'
-    id: packages_rpm
+  - id: packages_rpm
+    file_name_template: >-
+      {{ .ProjectName }}-
+      {{ .Version }}.
+      {{- if eq .Arch "386" }}i386
+      {{- else if eq .Arch "amd64" }}x86_64
+      {{- else }}{{ .Arch }}{{ end }}
     homepage:  https://docs.dnscontrol.org/
     description: "DNSControl: Infrastructure as Code for DNS Zones"
     maintainer: 'Tom Limoncelli <tlimoncelli@stackoverflow.com>'
     license: MIT
     formats:
     - rpm
-    replacements:
-      386: i386
-      amd64: x86_64
-  - file_name_template: '{{ .ProjectName }}-{{ .Version }}.{{ .Arch }}'
-    id: packages_deb
+  - id: packages_deb
+    file_name_template: >-
+      {{ .ProjectName }}-
+      {{ .Version }}.
+      {{- if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
     homepage:  https://docs.dnscontrol.org/
     description: "DNSControl: Infrastructure as Code for DNS Zones"
     maintainer: 'Tom Limoncelli <tlimoncelli@stackoverflow.com>'
     license: MIT
     formats:
     - deb
-    replacements:
-      386: i386
 dockers:
   - image_templates:
     - &amd_image "stackexchange/{{.ProjectName}}:{{ .Version }}-amd64"

From acd47d57ad7611aec797f189b89e955d04c36e7d Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 4 Aug 2023 10:54:17 -0400
Subject: [PATCH 06/79] CORE: Update docs CCI -> GHA (#2496)

---
 .../release-engineering/circleci_release.png  | Bin 82472 -> 0 bytes
 documentation/release-engineering.md          |  92 ++++--------------
 2 files changed, 21 insertions(+), 71 deletions(-)
 delete mode 100644 documentation/assets/release-engineering/circleci_release.png

diff --git a/documentation/assets/release-engineering/circleci_release.png b/documentation/assets/release-engineering/circleci_release.png
deleted file mode 100644
index 735fdd1bfdac679915fd0736331201da63c6f08b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 82472
zcmcF~^-~>7&^82j3vK~IfZ!0^g1ZEFcR0AayM}Op;O@>jxVyW%ySsnf`@{X-_YZid
zYHMqEW@=};`q}R3?k8M9P8<c101*NL0!30nL=gf4rUU{4@&X?A<Bhnm`tHXK(os=d
z2%=()=<wqK+DuSZ5CWn)7U{(R=HnT`PC~;G0s@Efp9@k_@#_Ty#CyJ^h@i5Y?#U{`
zPvzM+xC_Q%`0Y;>eu&gS!Z6w!wds+3mTFzYN5$IDfM1@C#+18lB9V<Pibp961#M>G
zi8&?=DFryx)DaPs@I_GHKQYijb-$;1GBTBY3TW^Wa8BoO9b54<GcY}K9earpt$-l^
zujLRJ7N=uk{MTmTBX4e;?ux$sj}hG@vm*aB<y<^vtpA4piZ)b`{jX1iEkcm(zdnpv
zYS{lZk<I}IkP-G@I{+HRTK@ML@{(W3CE@>d7Kt(cuQl{${r#^m%<^;K|NTUhcv|yo
z5s^o5FG<H*5PT3-Mo;muJ*V$2c?H3=!4R7T{eg>-g+X`|H{ahmK-3(H_GE80y$6?T
zUoL&K6@6IPfoiikXXuQyq=d9&-)*T{TzsPciZzx4eGi<ywAD<_WUkAqM^))M1PURC
zpizIp65GGqKcoMU1NC}at#}ppm3W!JCDK$)g@yE?oS9lFY6!>^+K4w(WPFbplrJKp
ztn-`k>*mN|yBz~R>f)kUb<Zap9F`PSDtGdC=J(GGX1$o|T3We{wY1urV8sBdf25t`
z3G*R6#ZO0mP^Hz6=X^_;O<E{zl^ie4u?G6GBFZQXx)NRCM)6E(vJ*lU(mUo!8tR%I
zENU`a%0tX4e-t$N3V)LhCuYoTv0Rc7$H=DUMmNI|FjxJfF*%+PftER*D>Lbl)nBd4
zU1H9#6I#XeCEJUaxX8(yGz@%6ItH<*zIe*f8r1#f9G1*b?=l_|lagX#(2)_-JTloa
zHtFc=gXJdVBVf0N=Xr)TteLN%edp-x`V*O^jdf<bikjZ+Zl(3F+BETe=tz?|aiblg
zQT>>3@@4}#=!|VOZHeOGQsZDD4+IVh3;TZL;K1Uu-V8UmrF{1nTvHX4pP&Eor+j4C
zB<VM1^?Qd;8m}{El1MXAE(UN;RSM10%8K|ey9G3@H{TCOi}1BoQa_{ZkS!K`^?mYr
z;{eIDrFmP3%J*Z0XIPXv`hTIYs`G(~)xe#f;oWVSF*9YQA2L-Ne41V7zvYM1{z_gF
z<Y+c-cwdn|FgW;2*pgXeh-8+f4E#HAMe_?A7k+7=>Xx!LZ;j*3ZxSx9MwWgt7Z-LJ
zAaDRQ5*%Gla(hD9xtPuTcDaLP=VF7J4gz5+rq<m7RaFlbpUF7c00pOz|A20Cwc9c#
zYZPme?`OzNU|V|7O_~e<VRe|rF-o2A7R%$ueUJBT`af#pL=oa>R&6`aSoMdmke=Rv
zzCd#hSXB)U8JqgVZa6eL*tI81csZ}<3(2)uHGMeI0mex?xiPm?gNwOyo~WvzKe=JA
z3Xm+Lg&U+P=JekCQK8o!(}zOX-3Ml;14+$&OF*bDG@2-~H<~F`lh<%5Oy+TA=!?P+
zoS9MPeYxmfQv6pDKb`!NbwZ2Z<tNd+CihfSVy-c}&4|yeMTW=t#g(Tk*Jrz2Pfo?7
zRVoQUppDedhXa*~msdgL#E9u%?~OJ99bjaSX8of<*k!%OCI*z^N+J~q17fH(y)ve9
zs4TKL4VEJTo0i;1v!#(fXnav`-lQ1x4m18ZCg+w)3}t0y6Sf^cXWE5_{BDlt(VAUO
zr^X;_&BkG$htNNy`RmuetHW<GKr~bwx7@eUm3}sLE4l4{2u)t;@iGeq7ujl|RTuAr
zaGVO`_)3LQez_GVRQ{uKQjQz*0Eu=VS^NiuyF4&>Bp4LTIooB4uf4x#ygfbv6~;>v
zJyx!n6|cj$FhDZTEj?3%PTJLLOy+46c{_NaX=XvmPzp1wjm1!q_uYh_LAxc)X0=73
z6d2uPQ0^OkqLJ=(NPgDb9_{evqWU8b=yJYRo>pV_@2@wdxtFh`yK2UQ=~K@)?@zJ%
ziIur`!eS-gB?(_Q9;L#Puf-*{jNOVO!<n4-4e1cHO4Cbu@#Wel446y>9u$jx+duYn
zVf7;D<?h7l6U|dZpU=~2T#2DRWn1DB6BZT`0lylnL={`wT4bVQi9~6Sa~=+q8bsq_
zEF4ZsxI8Qz-qdX8Pa|Lt8cYs9DRaulb&-?9p>vQKU>S^=#X+Y+r;>_2B)S~rJu_q(
z%QwrhA?DL1;UF2SppT<{$4VOR#7>Mo&oMX#pH5V#);Af|XXlWCkPCcYZ`DqTJXQYz
z+%JPATdeQ{8}RuF1|5o4VR|VMzQVBG)6KAep&ULL=<9OK*#)$!06$?V+^Fi<bh?4X
zg68g{kcddHj)YX#WYM-%cubi#a|&H=OTL3;UEFYwd-V!+K~JP))!1NgZ32Z;%{(X(
z+q%rU$AZD~@M9RIb-5q+oPt!qf~F=-Al1^+LXPP4UJ<|qQY#&MtglyyYDqKFRX2U1
zVyp{M)$o<&>-+Hz!dJb9tkc!gd~*ptj~nxomBv~HCi-Jl)_+Y~4li<vZK7i*-ti8!
zxVShSijjt06KIX+B6td`w8nU%<$AG$5Ozj%7iO+G<Mp%6-6$yEsTqm0N;8#$oZPXW
zJeE42&$toI#7}q;Ni$=>AFFq_My+m&RdYnI#SKID?~jmRPNVqLa^wc;V~t}v%WPmi
z3Y{~zdgNf&lBSI6K>TZotmR=`lk;)5#<rLgS6o6rMWXJ)P@i!ufXmDz<-Nk^N<EL=
z^_iL`4;2wn(Z+XDcLuriA1g(T_VJ%@PCFrP{>OqeMkE+qA13)W6lZZU9+;|oo5hXe
z-j!6KCRMrEQ`5cl)^QTR0xV`5Bep$bw{uC~x-Ojn@m0P6YB~@ASm@y;x{S3-YixT|
zi(s!H<p~emQmPw?E>FDBkONi?!8lbZ0C$bea=-xkFC1`-TQ$f=>@2e1b~+FXPPFYU
z!^?=Izv>S6=<TCO$TUYt=g7w7vz0jk&8^L1t<-u+Yt;)UskLZ-fmk#mOltZ-D?VF~
z&|mc=em6U5QPbv)byt137B+AOk;Iz^2ca8|OP|O~>_2SqnS-9l8+DBR^^=Z@_QZB=
zkDz^Lr-{j`w)!d#7Aca*O#2<#{b<z-&8yxzxp9ZUgs7FMiW$glZGw2Oi)#eAF~S0l
z!DwgBk>gTLUWD@Txl(CMZ!tlmjY{(ihuWA{mvQ!7vZ{w%r2DO6R!mzAiz^!sE)@!{
z9rZUH-#6^Q_TLPfULLSp40@f_(lne2CPEdtgo-DB$r@FSL<)AlF!K?Dx1PY<#0<J}
zVtpW5%kSmC>dE>0tRlzK-lWru4R#TVuUBjgKnC*;El+toe~0=NWXe6Fy1SzL<8yR$
zG4OF?jfVRxy9#fGPH4A#Id{#OaGq{ON?!n|y``k*J?@MCZD}*kH=&+N&cw2O&qgaR
z`b6y|Yz^fm8xMWKc=Nf5PxVHVh<u^4-AlO~4fCvuc3!1!EwG@jE~up%%+Ia9sUA<%
z_m$b7?in#w3u+Ro?j3!jPPU6*ELSHd3HcL}$ah3a=KK!!g6UlX60TmpTWCg1X!&#`
z25lq_EfnH%e5oGb&(DDGoEj9K999BsFPc#o(4h+6u$6ZLik<?FX3U|-35!?pGY;4+
zQ3GNNJIWH0#89h>fISyT{DD2|P|PNA^&V8N_ZY4lE<M=KOz{y1^wP||^|-u=a3W>v
zu82UJaGa#ih5StX7phC#U7iZ~03$F()kGjC=3C~usA9ag#1bctoLo(`n?u3p*77%X
z!uWeg>1J=8KBHQ88xy}+cLelWs--Q3v_*Efap(ED)OToU(G^tt_T+Wl>gcR>+srjq
zr)N!H!)A6hd%-}{>`JRyltG&ABMr2eVV(+xLb&QFM)*vpD=|-RdO*sM>UoHuj+tTR
zy3B+5aFOMQ2N=mN?uzWm=P`p-2n6Cywh6+#kA)qGZH@JOr{v$+2*+Wez)2X1>D8cQ
zQkC)xd*A8jz}ME3l<zN&R6}>CL7BH)?9BP)sLu7H`_M`(PrEh53O}VG&Ok_Uh>eKP
z1=;uY6&G`?Z(C?e<HdW-j}D2}SWAQA&=B#%^1v&}#jKzt%JiDZRKVEnZ;clXTPcVN
z9r4zStEc;4PzFwd)=L-Ar(q}r)PqDxTLJ}9Tns}hd6op)A@{EZ5|YTe{Vt*{-AZh?
zP&4O&M#FmfdXrU`qE5%0pIN~LS^b3W%gFs#^G~^@>jY^G{p?2Utr3D54#fMDCV#a1
z$)l`E16686x?bah7ksrsXSaON4&YqZ@!=bnpel!-z4yNSfPaUl;A`Gev2XtjgcKHG
z0?J<q(t1NRpm|^q*Y}wxVJG>npIG<_vVxxbSYZi!UYG0cg@Vk?QNj<#9O*Irjh>7S
zcv9^PUKK`C*x(!sP=CHcL0%kBBW?Q{%L%EFA%qVtN71(QT$iX-52CV5HEYpe*u(Wu
z{S2L>Jc&*IyJU5$Y`?tLHxT-YUPXbCF&@^Aby?3+CrdQfb{@JmPA7T*c;f0LSHov-
ziO@mno-zo;P!OXx&Fr91-#w=09~=InR)^iZxj2dx4%gi?oy`;~xlVR-x>lt!W<qX#
zsetSwpv;ACcRGhuF`rX?ALKz_S<i0Nt!!If?xxQ!*RgTg+pZEvl%e52N{S|mbb9T$
z603B1BW-0@khgla7dv`P)!kg-p$a=o+;1ypQ-Ryk6ijxK)zs1fLAUmfA_nG;$nqT%
z3}eQaY|m7*Nv#<-<m0#Xg=-(fMSoEgmw6z=ZQQ!^3|}TK(AKja{{l9{2#uqWH#%8j
z9Xh2SIxa_tmcJc(hmu@6fE!m6>PZt2!lcSQA{T4I0z~rp`5(ViX7J>{(*ySm=4}=p
zPYQ<wT~#7v`QX~i9jj?87D#2o`<~u{67M-w@5pzz<mh4_APG@*M5ZfVnZehr7XZ2h
zF8hxAd9NQxZ`qjjf26LjtK=`thtHO{n%rw{`YodVY-g}l_dgZ`Hu7{8%8hAa;V63H
z2&zXN4O3-7yZOcDo;jZWn=2Y8i<d}r*V7i4?PW>;gKQa=a^O2nXSI1I?NZsh3qAN8
zB~aH4B~nwh!Gn@mtwIMbD&=5)38tp~mK3*g!^`2Xx)TZzs9IG{0jE_L;;AI=R&Nnm
zia&pO4+FKt{X;yHDzu~R7e%sz?ACRmo0-}-X2yD|Jx~4>QdBuMRyTVSAxlS5sG}T6
z7Z7(75t_>j?j7GN=}W6Ak>+9D?m)-eBHC7``#zKHI@id-uQ>p-{;5FfX5($6-3ikt
ziozxelN02!q4d~wS=Nc#1(oj0U-LG}E<T)Xi&QbVD^~=0`uitucuePUoa_>P{qn%e
z{Ow+Px7lg9VJ(J^w(|2Vac@B5%K78#gyWo#lZF?3Xu(QBJI}KfwwGpXH_&Wu<K_v&
zZW@Qe1gQXY-zhE^X-EBX`=U3BKZhbZjnV0+<Qau`%e|u1XV535-}$E9qI8oRq26C=
zNIaar))}LNG{N}Z25Hzv5}`T{*X?@hZjI+dyA~W?R3hqo7PxjE)M;ix9T3uNDIIKO
z0Pi*hC!O$ufvM3(CjxxCa9@Y>-xRzkPpMaE0`!tCoI}bqJYl>&tPi}bRGEhFH%#l(
zrC-pGjSLM-NXNGj+X}o8sdCBp?|~9F)8BQ~<BDC9pOJjr^NkKO*(@bMH$^coU8LtU
zWFXvcm5*5VW?1ofxZx<a0-wY|lHugr$3`b16k*cJ%atibYX*|TV14-r906jKfOj~S
zyt|$q6e^4+6DanR7?A@i;Z16S(AM+VEQxZ!h-M2PzdAy3>o@N}3I~CnCW_s_uS?&&
zdEhe7Bz^^!J9Z{NPia!--4WCy`eyuE7CToD$ad(3gWBMD$K5#<^JmH$MtpJLt@MU~
zrH#FEDO<xSJ}F#(@8S1h!A3JDof98>MkSoH_0u!E_2S2$5;%<Q0Oh<cy$z8HP4zY6
zHOqy}=w2W_VVUiCJF*ij3k)^48Zns>`mPC4KJ$?Y@w!IvSq$$!qVjK@R}MJV1-yKm
zL6*(r4b{?~ZX@$<O3rBDOz6g&S})xa#4Lx)DAY-Aa7>Awbcoi{dw{~UOg|2+PKFf;
zx{4ov%Cro==6Bsi?4w~|KqfJK?VOqtN-<VQ$5o^iEKBRrD(7W{vgDGCJ~>es*G2QD
zucqUJny=IouVBWCwpz|<OQf{a+Q|uT7+DjmE7u}KIbO)IFJCfWoge`a5o7@qVU8A#
zCdv#b7CxMqrp+{hINH*2+Mne2-BOD#SE7&f3+1l0A0B<61xNi$5vHEcV?JivI%3Fx
z&I04v_<VnKkd}`G{bEi(MPN_5^-s5`&5+E3G+3X&b)zYJeg_ns=tH>r8vcZ@MEyRG
zI6OmWZS<qdv*PXj-iiJ0?mhMZjX}jb+fE0ljprrx+Bi+jXTBqqFwhsT_e)DWv~0_s
zu-A2RIX&OW`Y(CFBebpoj%Emq$g2E}?c9byID^r*X^Gg_uD@t~Ihm2*makM@iO&V=
z(32GtANJ>#q-2Go(>HOAFg47^Op@~{)XN?ZO+fGCGbP)>;w0FGlH%z7f2W<Mf1^{a
z6*&-}45J3w<~!QQ^{x?}oY*d;@~~M`1^jl{WVPXJL2Sic>Nv(1cnBM}h=-FG{Ly%-
zEUZ8r-b!fl6Ul81x#I?sUf+m*Y=JXtK5y`Xc3ar0l4HF$PdDa>m|+R+18S&J*CKiO
zgGywqO4fo7K~}W^Hm4QxW1W9d2&>54P+@<l)nhaQ*ucYRjl`xD9q$;NL$ByWPx8Gt
z2rS>Eg(fgGY!&KOKZl{`mkaET5JllEu}-#i!_z%JU{ijUdom<;NuzzDj_JQiX**a@
z;4@n{VDifRMbR)YBjaq~e(R3A{$j@B^?WZ>`IcdaUhmX>g?=fhvyx;x+G(AMb3_^j
z;^WQK3c$uPK4G-!uIKrau_PiIOeJRJh<#rr%>k%zczV6ZF5_>KJQO5OReeYhl71e#
znXK~%KmpkG&;w8by-P*{2B&)Q5~{lHrW?ts-A`Aw<JkN%H=6#&yEQrsn<gZQ9Nl3)
z()J@Quy->$VICeVVxN~yMVCJ5G>!FlUN$3w_}*VW$<Qr@7k2*idbp`?;8n3woAaQZ
zy8HGK0-V_^I@%@w_JY?(KLM+j=8nGI#-o&HW6Fy&G~DyUX`d31vM2N-LzRIii0yIl
zkNLZc;B(HoYH#wCotN2H*m2d$X{S3fnPqp>B$Lrk<lnzOUYR7*(Hs1xz}uUDtx_KH
zPVV_b3ry`HH_=ViPGt*pl{Ry$w+r#ax?C(51UT8(1=dGGome|fEHC8fB#0fH?S$!$
zp}O^qipt1N=87WyC^CbiwUR!t)abr4WU($Qi}QZvE;CkV;Fs2l01WqNo`rlJFU;3g
z9bXYr!BCX;@$m@@r-4V+bK49?tnAhv>cdTB#O{O9V|dfVyToV;A8zuolV}{V7}%GP
zYm0(;y$Kdzg{Q%tNv^k8B_z(_&R$Q(IGC(S3$2MxpRr?~Qz(OV>BDvoKYtD0THgBW
z^lL~X>Xso}&F=N-sM5fCxLN?gidlJOUU<Iui%F$M`dPu*g}Wnt4DO=fVyy;0JJNlh
z{%|V4CE#Q~5D8{0_}IH%NWMK7o<Y%d$?m)Q%W-7IY2>*P?z!NW9u#W&clA=G^=iDy
zRTS{jrFKe-ZokPTN3(%4!o9(e`+%8d5+Q$qh?A#--*}F>i1>4^T6G=+cKDFQMod+L
zfEJ4@Jpox{KkoN=f*Wxdo)=1Sa<|LR$fKo^r;A7w>xe??H7@QLlD$JqAz!%N8TY77
z^hVpml_+0Hpx=Md-Fqxc$o_H!tHx+DXt0AaKmtDD3F9D|i(gVtCA&fU*1QP$Tgp?q
z(0fUgW1b{9uU{2Hc0_u@<r&v1Oq?O-ejNENvhM4P;A#x!!1M5cu&QMd?CTf$v+A#;
z2$OVC8@Vk=ZA&K_mEd_w#_sN~=zK!|bhgRGqamYKT&T{W2RyX2kE6aax29@?iIqHg
zzv$w9La(#uAy4Rm><Da~kd^`bnczgQ7oU|NjP>ZQorqb;nx}(8u5rCmZiKl8qji-I
z*ep1m1$Qp_i1e2ZBhG}DM?Ve`ZzSKR98@+$c=H(O>6MMjC=!uhpABc|injGu`<vZ&
z9-YKe^(G`*YFb;DU3Ip$B%E;F99Onm&R38WGN_%UkPZ6`WQ-?L3LmxT&N%4g^6+Ml
z?8hGihi&OTYcZPpYn6kOA5IXxwidw?$3rFSriR7?$WbdzpR7P8*we_B0?#OImq#$J
z*8~f5w-ar%j_TLiUkca;mJL5}8c3oSyAH=2Q*k?U^%Ze)ZqVWjzk6THX`uQc57xA1
zV|E)a#PFC<2r?4rwgNK=duF4}Ud!E04g34^OSVHpTu8=orIE_o7o5d!W!%X@4752I
zj?w{Jr3>%tN*525P-IJ$n8+Gj4+lxL7hK<roXA;{Ty6<uwv1{e5sGK;?emvQgA*Ur
ze9}~{l!o&guUKfMf0Wq9nu0+ab5+buoXuJHuM7uEbqIfFDxjp(NftFXbm~><XJ$3J
z#`>fV1p&FWA-Y7I>Ka3sq+8qB>OkjPMC)F`;1zbd+0)@Ks$42}Fb#j#OSk8WhT=SK
zk7k#+ocU@(Z%2#PUBj+uOI1=`ah}<X9~iALGL~T|NDgy&b*r#5+m9p1ulFF$U0@Ae
z=zAQo1VXnR*Y%IERJ8Bc!K7kdGf+6|a@}=_p>`TP55t@oQ5>eeK`Za6vGbYcntSZW
zuB4Ik>u$t>XY)A8gYfI2C|gbn>kPXL%-FmjswIJ1BIdES<h#yeyk!<BEq)?|`+n&P
zXX2|qi3cw?c=L6%*Se`Nsl|A|w}Yv373;yX&}w(*!uyd9g>gZ3w=b1Ub&$+dI~Gba
z<LwprR;>=0MhcjP5w&0ylIf>l)C`t5%xav<n9PuiGo-2)QPf^pr^1@*`q0)FuHTJT
z_6yC{p9(4+{mu)wnLApPE9qpPWo#c>Nuy-s1!OYVAo)kP&>xH$qiEcoX|%kU`tI@l
zE=z?sCwv1mai8(!(-ybTGWoYL6!YL*SNbjw&UxUhwgDSFzv_s0qoYU*a_h}$^)iu$
zMHXtZb6N%1``rzTwC~HZFQS%_eb?Xcntmvwa2?Jy0YgOWx14D{4_|eg*gmvy!gW$f
zAtiAbmB`zUAk+pE71~}MKvv1G#dN4;^sUH4F}J-dKvOygRk}q{#h!(Y00b|59lomW
zs024)ly6tO7NfZFoJ*sO>*8^9p?mI*{jEM{|FlgN(H@N1Ry)c|@cr%wE|iA{4(ets
ztU=L&_&YuRg^wIR8kLdVwK;SvMMh>qpsmK4`mG=c-`l<IvVxjWUPkws@DmlPUui=s
z*th!gTV+%a1f!Z;guqkQK!AY3C0+^QYgDDN2^ds~1_!vCY0T4dg~&{&(XCOYTur)*
zzPgVP05r<hSuZN4(q@K|`lzRtlI&ON&g^|J$WKQurgfG0h&VHpk2y;>U)`4If{qET
z8*{!{fNxuvFE81cWS{VVjWcw78V3(urA|5W?=>&ccqZGsQ@!0L;?nWsg{#S@tHAlr
zdT!r_!j;r#kpuXWwj9S*<3crQ_UE=m%TF7GL$hz(69CTw#o$v85+lN5Qm|pnXpeWK
zr%=23SJR$+no16E^qc?VYn^Ac!ZN;j;`&`gjSN_4LO!L{BGLOz!Cl>Oi(=H?y^X_R
zzrHhDmzz?CDNVk&%ey`+ZF<nHg`jv2d^*{N@Rl))--yJs@lv&PQ9LIPE8<#ESEroM
zUPlARw3i&00uVU@SxK}wAy}wYlC#oc&9k!D(NJQC4<^O^@xm9oEYay7LR1AdPVDb>
zeCJSm+1)4aPYy>?Q;bh@C#JEWX~;;0k=CK#*&*l!))<hDQBa9%FMnFx;szbh`0GUC
z6wR+_q~R`)vy=6Iol8hS%AE`wHe8qM=`)glFmN`r^*{O$cx{H^(S0|%FO_=PT0}bT
zs6b<=(SDQN4nIF+o2c{!!t=frrH+$F-4O@WU@ph@L`l54b3(JyZw4io4fP3qk(MbG
z6z8KP)TcY)OUYOFhu41m1B*Li*WMoe(NH7<I}hSY0mney#l18!LlxuCLaKBf$F_7`
z`_E_w>n$W5{`kpwcol5lt4R45TpxLJT+TXTu-k?_)%*NonJ!P$4;sl4e`)b|25|K7
zk32(@Z9ZSf?Y|~7`!u>ikFbdblIL@c1nadvnt!W=YX}Y|L1~KW8Jo-8jw?IVQT!<<
z;+o7vr_v?N47%!@a8+V5JVk{@rP0RxdX>5e&k1khRoQ9<wIN{7`?9VVI8oJjkPo8K
zDri_E_zEKR?;yP=x0`dLgdh^2Md#tiM+?o<r(4W(_WEPY#6^oIiP{Fg@_XI~^^@zl
z=m6flVSC6pFJ9Q;`58<Gg2=$x&yf$Kbm|)P<pO`>9zuX_ak%IS$U_>6e%VNWa^0wo
z1wc~cQa9kZEPG}~-+qqjnX39tlJM0j?E&d7nQ#2AA{ELu@+<UcMxe~Qz-8g1$#H-8
zBssEwdr%^+nM{OIrkNEkoZ&c|cwPMS43o-Y-vs1#HCY9(Rd{y@_Hf*cF|V%sl*%aH
z=Ph@Vlh{_tR&?|hNa?lT<HEksW!U4(#TgP$F6?tJx}7B$iORR3xpVB6hp1$&O-&)o
z_5SB{mtB~+(G$d0=nZzfUOoF&d03qnq)d>6V<l*EK8!Apjqk8S)~WNmdgiMmohSZf
zrW_57N{qYb*xDKo?R|rBnk03JRAoTGi0_uBP6a{Y!wrzeR)W3}SpU+$Ys<uGhpfxz
z(v<bpUzVcIl{n0mL@)3r397otd-olJ-+KBNLV^KzxXOBK{>%?(Im5?3n1$aZZ9q;o
z<<PAniDg&b)>&Pd8t@$l>6T;pY00Tk^-J2*r}G)*(o#UeJP!|2$PC4hyrRi+FkC>D
zHjoWt8i=F`x>Q`QV6iHtYq6+*dUTYxP()*WVpH<$)mqMtbi>j*E7PqzTF5sPfT^_H
z?5`*_@CWF4U1>|#O&#}8ed0@Na@!z|9rBSCb-G`|$MGLfV&=raiWH`jBmZ#(?eoTp
zoO<^fPVY<9QyEHL&G&;S_5Pg<7;1RzuW-Ws#!+K!Nx?&f#I@D!tLlQ|1Omj{SO`hE
zz%uAci~pq|JTz?jrn^}=fUf0*&Zc3~-DNByCx?0iW-roeha_4C3xgA}4aYOPGpXda
z)JO0|dNTwU2HP*KjDPrqbNcI{WwuZ{r`tZqX&OXkK=pME8e)UbCi`;Z$z2QqA`Gy6
zt7wngxPR@BUdZ_WwE79S5mRt;8u)g!GhH83-wq#?;55TTLaCAsRg?CO{aN;c!y?6n
z`=J$xURPYR{0E9Arl+A?&h51n#*{C8xYLyymThhi`*w0W8pcg$B)D=_<EuVSrX&9k
z(vDwJonw`zVJ?+MTgi99z6hH2aD8$IRA=w>oL?iY)`Y+|fqyV*-0#mXE6wzmw$f+c
z_@zba1E9F6TVs2FOyZUkcU9e_LzMBEkQ9g-o_pAP9Wmj*VYOaeV+Thv_Qg!@4I2mQ
z+5$R4ZlyQ0cAf=N=ZH7y<tQq#ty$Tu;R1etsn|wa7rMPU-Ml?fuhkopDqg7N|9P?t
z@z8!2DTL7sqV>|d?}vy)Qg5=5N7&B)1;RWhU5AGKa<OmjY~6BexP%#TK>E4~zzFfH
z53tKyFxrAzr{YCwhjTfA$wa*p?stp2WJ3$-y%sNBi*su6n#DVLw`EbKN9g#=blHMB
zcSmD8(uUNTT*bKqJC4N_w*@V;x&~e8#Y^0J^!HpAmgUOlR4WXnMOWJ&rPCiz+yA`X
zR%{k-_QUf&$r?LDchyySr|$(IiEKD910r$mllZiGkp0dZxZsznVT}^ez+?*~-#qzv
z!iITgX#q&0lNmShnS9aN-64ht`{FhW?5u{BQ}nw0hf9Ch?8H@QuiHjMcKk<=P7(k}
z?ODH~Y2?+tONEY7Cv$?(ALkna&2JYI@M=wL!hPql5sLF0W+GnFuD=39k%hZOw>FMD
z<QLp8e`}rzRe|pNj$;|S_wSQHpebbGB#$MKqEXdD&ErHuw%Ze{t-99+Or*+n?^Q${
zaTp1TW%098DaD#QYh4zwF4^?QG(Y(vVQwvFHKz}Be<EY9Ww!V@sh#&rJ?G5{+(Qoy
ztYA%9c(Un^x1?UtX{-c?Rdb2CR#V_YuC(+iJr{${^QW99?XFApQ?!G&rGqY#84-@p
z7{q~@?_nMCaHs~pJIq0%=^`hKND@t6C}tlSE_H2QLoAdAFM5=uN^S9>S*r#+N-SJD
z=c<}dHS~`07KxFpY84TzTt%rS{?CA;tl&YM=xFX8?cu)OIvG6r^296hltvASW*_23
zF$xE(L$YW66TVAa7gDZ>DkWbd&mQI%hX?AnF#g~Kv+-~+zLfm&k&9W-%=hKCK&HuJ
zyT{lIotl$SMloK+D}_)S`Id@5({X$e^CD;6fA?9@f823-)wP%89@%;Q*s}1_-3M65
zF2#)R4+0oEsI+pbY;~2YN8geg>05iowep95KK#zUNC%Pf?ZFszQkaGgY7$$5%&OT@
zv^=-{aR956xA^u1_VCQ21i0^@efuD|q3PHOJw0PBL(AJKIr~L9Je$i{(3Mo)=aqJw
z1+I31zKZ6}a;lu=3|iO^?9Hx?de%dC-G8KS-6_!x+#4@H4u^@m%FXqnsX{c)lwX6f
zD}K=zGHhey=%nq>On%v|bA7(b`%!3jgJeIIjms;I2)XKEpg?Nh^3cmX`P-&A1i+*p
zM(V|rIv*czaOo!FJBooL4pq&X!+Snc)8BpquUuzcrLWqW&1?PFz00hD6!!BVrA}r_
z%;9VA^Jx?M2|e58n8=Qq(dNAmbyF*L&>`9~&Lf?1>{|EBW^n7p{b}&!bpUz`1*Sbq
z3(kEoUF}Iql96()B`5E#NTpfJA3`Fob<%Ty{AbtDxRjvQVIcW|si%kb6S3p|cxT#t
z(&w|ejI_L&*!cC5M)n#t@cH8b9x^&<)R&B(=e{@*pUc%8jwV6y+HJU=uHw1TkxyHj
zk3DWCGtxxqNbi1naYe0FCVfHrV{n<|zpRH0ZtQMsRUfkH>P;&KXvylScooZ;ow`Z(
zGw`@4#l0G69rPl6x4|Qwp0qpkE`IB*ue3Ki1xG5XA7~UlYT^d<>4~1k2vEP#ztn$+
z6Zr#0;bZTVfT^C^Ux$rSOnd%S^_3m!HIO9GXV#65)BD$}R*g&d0zWHaEP);a2vHYC
zHiZKoj&=&nY+VjowjB}@Q^ilP#%hKLtoI2dE_SDsTbbwuk$&T^Lk=xC?aGF1MLZiN
z1bZuJ=>B_v9h!`U@(h;jL#YoVii-}j82|%O7yGm?n*c&hoUIJH0kyJRhAd>$=0ako
zs5LbX21A1?Lk`IfChG^*d3e3+wdP4yCMXH{FjJMfqQvQ_714y>or{iVDxti$xy@&)
z*pH6O<Kv;U2Z#EwtK}Y<CykW|_isV=CtcVg>0GgYtTYBbFAt8fb+K@0E&9YH|M9M)
z;r%PA(wrb<se*?5cdEDSMV!;chd5@1nSyDck$2glJ1pgTa-96ruq$z;zPUCyN^fo}
z8mjStV-4+fqz{Z9OYYIaOj@b+bt`u~(4eS8%xEsUH>+4{gWZ-CJaY0YPrQ~8mZmjg
zw4i?#v7RO#EA0<dGP3c?MT6+HJM<b&6Mb#5bhhsDFHSu%UF};alA&j{Q%aH+=k@47
z5AvqkhKH{Aa@~$el?6|2Ens2mv8>6r6byg7rFFRN`NFR2#QQ42JJZDJp~3t=XqWz0
zqU;Mpzlc{V@U#|i#w3gT7PDkMZ9B*j#0_l>EH+pgbD~+G)tTPDvsYw%x7q$2mG+9H
zy|xs^rqn9^f~-FcV3{LP5A+kHM}I6A=!?aJu)SQlAt5_<SP!`R^VgC~=+?^ywZL-_
zO~*i;yM{u0mqWH91Mlg~U}w!Z=ZO17r_8PI7cW%+bLTQbhIfcz5s~Dq6(aloUe{&{
z7v5!-OHy-mN3(yM-Dml%(^|M(fa9%JCHrfkzOZ41x*CM8dtDm=1lx7*$$QjKB>QjH
zi;f2eC1B^%v(PN2%bDZ7*sPS;EFX9Nd0-J6H>#SiT&rszg*n;W>AlewO6Clzu&L4P
z1<sa->3x1KZA(8inX>lcartcWHML%&4F_fLY&~}#@b4VG(+@i(5|=}u07MRQnU?n*
z8f969wZyB{3mKpSnS}MCdA&Xib2=nLbk2k8Gi!TlIC}XG>``N9CDAfHoiqXrHjteI
zzKM2`o$vEDkRSeaDuYsn;<ChnF#>92Tbg;JHpBdOor8IMLhj^8ns9`6s0p9bAvfuA
zua)ImIc@XlrxS(J*p<2xueXWl{C#uQt@Oqcv{9s5I=mk;NDW~{)}utJ9ZkT8<(cCi
zy*NrIRh+77Oy4qKBa=yL94*u~5mt@EM_rGb3huR7^-0bk;-ChX)CJwK!aC!ek(nM`
zF%bWOmJd5*M0sa`U>2vb3RE2IXfbbpsfoj&EgM=4MENK&8K{}s)C6-%0FTENkCl#l
zctXdff;53#MM|`|9)wr~Y(;J3fv&m|<wsWo@J@rY@7am3csvbyo8#ANN^!q`D_-FS
zfjvyJ90NCbS!`~yTR$l>lw`s^djKbDwU)oNMbq3@S}FRZ_{USs2?>}&&3)j(&CaFR
z2Q5m)13OjLNXlF-3KBM7ITWzj`E7UxTR75Y*jf?J*C{}Y$NjH=6z17O6zz~XiJjwj
zvy_G$mb(7BJUgA0c9fmN;_IViG7+c#K^a+5OH09G6i2Z0j;8@8CZk2texedzx_TMA
z(<3FB@gvcREP;O(y<jryiuj>UiHt7b*UjpDpHzr0Sy<@+Z0{R3K9W2IFmvzcK3jI#
zzQ*Xl=Vyw$;+`ua6X{iAKZI?Lj=e<{b>`mYk$YdyddQ1}+ggfkbmB%hLjLq9_V^lx
zdwA#}J*t&Yv(t$sF(0`)H8@`Da_DJP^Vb76=r@9Zd)QTL0co`dpO%l5@m+ryoE8+-
zo#A;Wa-EMI^ozi1Olu~xO4lB5g|Mprc%|S4=~<#4NjE6fyx9W{%t)-=aGDT#894<`
z0<Rm6FNecfY{H7XapJFWupNZ(d70Yuosa=$Y_EtkyQ^ayI#C+B%mx`B>(y52-F=_P
zzHnlaDMij`<Sd7{tLtEqfo7TncO$xbfC|9ed~a50K7K;)(Jsqjv=-Xc1Wn!dkc!zr
zB_obH+yvWHj-f@PCrclVxF@h^z?@;F+cAcZsONIMYxfN7p65C;t@wM)&ERv~+e@mU
zJLU4+A-n+Nt@L+C8x+JN%XU`dR?I%}M>#*y6*;<<w{K6rw_gdo+M$jpexd1T4X&@@
z*hC5eTrK$mjh79ERz^!su0y|5U~f)pDxQ|iXB?|m&0-!W{~;&+ZS!5v27<%vG<Ng+
z7~V`()=3!6<s=L|N@Uk=1XX7-2d`VMy)k>o@8n{EDvwL$*2JBgUW;|&<Uj<8w3FPk
zt{&r-SylH_^E4z(zBQmhTFvgv1E<V#HXywXoa|IpS0`fX!Z1}6#pz3r6+(O1;IvCH
z#ljMw4hZsI^)R2v;{VHD6RbpG#XKuy#A9`^bL2SFiEpK`o0U<HkiNuG3hYn|8QvoU
z-Spz>Q9m=(Cvh}3HX59*G-^g}**Hs-ADl!Y#HxQWzm_{eTg{n~CwXg_lN7~ztL7nK
zKM0lYk`9ApnM%~`larG*&<bw0&{9Lu?>0j2?S=!Sy7fpBA8*03pwjhZiQ|%+&Jdiy
zU(xTI<vR?8b!FT3TI^TYHE)hJbjs3T)xh#l%ut%xTb<Lsq4Z@d^(Gu`W7Nn<;NDp4
zWq4+Bb{B+iofkkB0O+$ZK@Gl%eof9wY*pWKcx1kQ@&pMIu76=x)9zziJf4P(S=zX+
zNwXB!kaNDr5K-fHj1pdn-P##kyRa!@7)+X<?1{2^?i{i(cS>{61kW8XX{HgaMh^Vm
z3P_fCVd(ChB*~#%<(6FF&!u0wLsaGt!%1|L;{`XO9vrwJ^;Zf1P`$T_WKZCr#wJCS
z7R{MTSi-%>r9t}bZbu{b=14Qf+xlspo+iy7=QlwJ$lU~p&0ghd9;hq)f^jqGX3vjI
z>$38fAa@o^S=xC96762>8#yyGre}Kw)cRe;M<yOZ*pNKHix>nqgOq>*JK5)zQjo%^
zYLO(X>S4ZLEuJcvQ2kZ?g*kHg&n+Bd=MGs$Z`<haljTSKt10xL?*J@}Ceb?LnSv-V
zVcn~o$j%uXJl;GKs;CDBC$a`ipddH}`J5cBZeID8{aXbQqWJYNfrr6Mq34Wu%u1wR
z|IVqi-?^`pMP_Bt^0PC<3(3rs6Dz84z@Jy(vx;c?_rq^H!Lw{C2~Ckkgn$Y|<1jia
zMO>91Wn)T{ahgChn)&;#>UD#C(NnD8ZlwqB9+{TuIV~>uV~2Mpud9<!4+~byGF<*&
zOwy_B_;s{gw|yQetaz%`0L(?tpNNhxe^v+n=E#XHg2K@N_YU}ubg1tp7t!~jCdX!@
zvR9R>AknDF4+UdedHzs7E>=Q&C3%8e=gT_dNc)IN%D;ydRa;e^8<gjTws9>D{(O5g
ztEwqn(Nn<<?R(_2Vl3=0VKoH^oG+^CeEV#p#Wr5g5Cd~u_}yg_5$A-r5STY4C+a4F
z{Owy2ZuG5rp7*d0u6zH%W;|~7?r);g`LL*Kv#N_@Wore-l0OU?ph@8|W9{D3^`0#+
z;KLt)R4CaC9uA37B}z^X0lU2jpO#jgy>svD*yv=(7%Gb8@nlg9{okeI$ub`uPL3+^
z>%Kd?y3*)xx5pj5*^ruzoVf;sw#M@oVbb%g_A7Q6lei4qLQNR+jt=oafRN0QbJ}k*
zFs6bT*{vn4%r~sR3kw~6O9Z#aOF7l8Y(&RekxJ4t)5C5{pMbzQ!y1fd6}1y_J}2vC
z-R0#HO5ww+u;^%&CE$-Nqv)U+M2;Izm$(KDq|2j-bi1@SP7fT(v}M<%K!%X*+{DfX
zZS#4hs_SFyg_LD{tY<Le4FXke-CEPGa=W-*6t)%en;Z6>-XxBt;aqu#_!h<)bCp##
zB&qa@>4|0(F$)y4JY5$Mo5F@6Z><LF8ELl(f8l)-xtj53?EZ6hWK$Kg9NrJhoCgk~
z>9sfbO*K&O-#<D?%xBvdFM`PFEpURoEDz>`-vK8mvO_p!8bqj0B;h^|Ut*=~j;7=_
z?yovjdhaMqR~>fQANkj6we_IUCr=AdT0(dr#MSgqf#mt{iuZ=2N3B0Ys}B<2fd}Eb
z-7S83`S9u_1&NBYJ#a=UomxuxJ<rw1&Auy9t$QZeHQVSfZzqOqC8w=V-SQ_}cdk(A
z+C|91-@D$LOC&r!Z+skBh^mMoNnvvB>gea*e?frv**kZrJl1<EpNqGMHWnTII8C*J
zv!cxqNeRREWjD;?2TqxETjW=V;6!=vGoAf<V+GY+t1gmSQsC4m>~t6$Og`$oYP~U^
zxlKkqIj;w-%iJsN3fBxz0C5CmKn;eM7VMhY_B8hBlJj}bJ-VJyNs?I1)%<@*F&($>
zn2crE@2pALHy_2n=%K%Q^+t{3`0no$r8cxbaLB@l>mZDh(S3)JFxg(F_r<the>S%J
zVoUFc{`7vq!}@FnF<(u+Eg+re+2Cig_4>b=KYk|=?IVshQZJzum43X#jb=3%>m4Hu
zZJC|XM4-m*Wq}tN^%0?P7vLqg($^AFQvoVg?HsqB?)7M&oYRT{Pq*R6#+Gc{mkFRf
zL&t(oD$;XPT@kEsGy4XR4CfSyBvN-`OOPBbEn~ea!TzatYz}>wMhEw^&L?W)I0Nl%
z*lj6G*c7P)!I$a}U`W=U>7M&|)rSf_ie2}nkAh{AC}@Y&h3%CYc7^9l9qeKGh}{Ci
zN>n++RoKPhCWVhOv*k|VO?C7O{v!@^2&0%^hq7hUi(gpzi0?qRc23sFT3UQjja(DQ
zmYscbVqQbwpN1uF(PPy=hw`uCmmi^iGZIWRxbUeD35*dXC>lN0sEezD5i|<4)wMLT
z-CsQpR+dm~P)@RK&!TRgVg^PAg(}P$3rpu~?H-q$t6M#)aF##d9IVN0g-rPNNfXp0
zzq<MTtEc363adDes}YMa2U?aDL*Crivfk;6aRcEBinT?1g6rqQ$d*vTDw8P%<hOf%
zP8U4?_;FY4O3x&WS}S^>ZM0x)W4lp*S;ph}E{)bZjBBQR-1CvC2>rESHs<u>ol*8~
z;MT1hi4Vu<&vDG9o-$8Vv>5Hc>wA>0p3T<{RWwf0HbkpAVz{TV{t(ih+a8wU9>6zf
zqr7{CGPb(Vb3&s@C3jNl3ZL_8yyey?(#Iix933(81<AV&m(cOZzzN+m=>rF^8vycz
zH{{*x6{?4MI~`jYVMGB%K()Rv!y3&U1{u`z{=M+H#+J_U+g80a@Eh~_E%BSZFR}-K
zD$ccCFT8WidANGFlEm<pr}s&kF$m<_7QBEewHkX78yewk>z^I;+EK)|a6c;x`z)gD
zI0guPZ-|HIKJc3p4l&Ft%zZE?3~eP0tm5lKdeaJEZcJS~AFB*DIArDjNK`c3-3Oir
zR{UJih4!_F#z&Qukh&7ocSH9=^10BInTp+>eDBr&%2n6rC&+)`mkYmGLtMB45&E?{
zh6)O!aY`*ssTV+mmZ>&#*ESv{(k~XyS>pp0kdO`brG*Yxx^BWTCAVILk8*cqoEXCu
z4s{NqsJo-`(|r?EXKmd1+ohboh5l0c5zgetz2D~>XCUtUYa3|)U6OZPh+V%%tuq%B
zynqn6P8zfus%l{Fc+K(l6}o)}1Is5lMm8jeSf|%<`hzf%p&mo=PE)>Jg8!&Z@@*-!
zQNP1n@5Z4#_VaFI3$Z<Fn>t3#Ct)2>Vj5CskiSti*`?2e3=zV)*wI$bNpoyRn2jX_
zy{FzYD&kM|w`)}|*g>uKRMI(Xgbu%)_U}co{}$EXCh<qjl##DW4$+uT&_x|y<hfLE
z;;Rq;Y$i8uIITCafyur8s1H~$ma(2iwQ)Y`WM}LdZV5`R)vDI-S1hCdJi^{Bl9`{p
z4#p-hhqRHhq*hJ;)aNnyS7uKTG=og>)Ee%}OXAn8`(~{*&=#<5FYu?~?5aLkQSa&c
z{TSxH<(1upY*!N*{KAYjPRy-gC-4I=4DC6#ms5>nW*jMf*JB*edzC5B;c$Jcng^g<
zoGl5Q8EghQDzhO5Sg!lfSG8QijKDX>sML%lgDCr4ETdrLL4HbWMkND+Lz`I1U`Z>g
z4B<e{Wur;qj;O?9_zEWldY#_ObY?drS6HDMh(b+Oyv2S5EGwNJZ?Y81I;y7n(F|5X
z4GoQn!!msUp#0Bm6)+)@&2qK`hBjR;4L2!#xV&c<*oZU0ZbB=d_owr&@nL$Q&K_zD
zIZ1znrRz_6G~MOB<p^_l`z+DIJXka`1jSB|74Ap5Z78e<;SY;tjOZmN^mFVjfdoly
zDsg<?$v+9X)&lci`9~s^(iiSnb6;kN%OS7sc8L{};bz%L6loRFdBJ2EYb<D<<B3EB
z!}_eI$KSm^HxLoB6Nf^|nZNfa$fRANe!HW8`JRk%hXE_l2;ZnARP`8Lk?)1?y`7~g
z#YGUc8;NT$d-N*BXIX#NhWEped<}mcO?Gq*Nor-!Ke+0ES-7!<uFY!PsQZHD33VT4
z_S$8`tI}>HxgC+LxyO5Bh9ppIv?HfpJgZe>Ovgo`oaIC_21a`1Y`Bdd@3C^8*<Rw=
z(3u&fng9F3x0Q))e7zQKD_Ain>e7I{=m1L<sRd0sz02^$R~{Urbvk!}ume;_der54
z7{lB7)aq9eOk;~#$iNq-H)nyH?{D3Xll%l^ne>7kmiR0~iY0-Y_eV}{;>f*z8WkMK
zCHZ;lP#9HA@K$Jj;kcg}qwv@vxAk0lfoD+Y5WYboIBzPRN2LDAto0Jlf+=p5<8DEp
z5ld7g+u;lb3k4TiPCx(7I^CvKl6s-!TP0tVTzKxqgod#d5A!1Gy)ILGFWls?=k?OW
zW$5yh4zQ$A;Z0J5AwLK`U7*c;-fG;PHlzO5vJ1y}jsCcy$oU8zHg2}`sQ3U)()qpi
z2q)!oxq2^Q7XG(h&wxO=ODod`>6Wck8QRjyU)0%uVCTa4S_eTJ>s6Uviia<B?!}J&
z!6%x9;gEz~b`NBlIt6I=7gjlJM5FnIhn-=!zcnFI$q}gq7~t1wYN`vx6jBRFX+<c}
z(pu4%CGMNNnsV8OYtC`2YiM<nQxO^v&Tley!}L(<bTlH>{0YQx23Sw@w4oA277G%$
zDk|o+m7^Rj%m@WO^G=jm$yYOgI6#szS7Ev4)GJ$Ua|c&`iW7xme?BX(laR5kD)=b0
zqBXKwopF6I73Db_K4%1e+TgV10k@wN(|;v*tVw{wSnU<_<PVSdv&%#kxa;#ytY^|$
zvp(mJTzrmh)N>sY7KT`7yH4_vnwMg<l#bL^-`o4bL#2gco_L{xYC~;mVuU}prx|gL
zBV~uA#6U+^t{`41E*%Q%mKBXea<~HP&37iu!9i8$U=H2i<ZMtlogI^y$f5uaR@dv>
zMH*=NT>?Ghz*nH1P{WtvPrKjyCm{h!t-gfu(Vi7g5es9omCk0Hi0(C40tKKUWqAAj
zYbTa4sj-BtGQkHU+O;ubl*jPGyA|Y!oivZc{q434oVPX8@w|IApI<;gnaOzNE-WGf
zLqwcDQI~?m!Wum=Fd%f5NGl=N7*IN2Nx@31B%?9FL=c~n9(|mmk)s2|Bp+s4rk1Of
z`8MNfjoLbf2sSLy876Q6gZ>cAyMVc8s=+^X+*5)_T20Omt&IzG`W|yb;|!U?0Hz(u
z=@fIeJ&DN9sa%FysIsZqzY>=B%{q~b!@~|TfW)Cyt7PzQHMkzFEO7qAP`y9kwx1vL
zU+N_<JdXJu20QV?i$wlWFv#iV*b1jgOPWfv+qCs}rOmgAD{h-izHl9TI1r^%^YuBu
z*uT6roo0_s4>4GlXpN!fl4!ZYKdnqD4v9axm9&BM-In;ugsh2c<9#RAJAZ2u?@%<s
z%1zqG`Y?p{e63>yF6<zEy<vjevN8iJ14_+Za`7_S<>ctHD5tz$@$CiMcKz|TzyXZo
z>A|OY9LsgUW5&u_ZSBMT-Q`DI!QAoRJ&_onBCh8zV>G!Sdh7?0o39a#q|`&kR|H~I
zv48GVYW<@phw*DrJ@@Yc3G@GFNNUu3+yyckI)zfzQT7h%KS$=KUgjt7@UC)w^NjBJ
z?V|*8{Gemc*tVbcZBlG5&9~POg_g+!@{#kXj}?dA@pZMr2d9MQYGEx8ohA;g;}R0X
zv9#U_Z-T~#MuJ$VbJQcT9eRs{SriOyY+`Cm8!LwKzoj+)jc!-0)mIsYtze*^EK9-C
zPUXoKRf2Om-h&ypL8Csk`t2Tl#QV>-!orGj{vja?x3qhZ7=%!tu8hX}J4-(om|GO0
z#;ypBWJ>bIF4Q?bB(@fwOZ>x;K6$MCcg=rqkLS0hdXa`&Mhxid6u8foK;^RZ$;Q5B
zN(@fiR{6M29}Z}LY^L98<MzPdh!AivOxuXv!Et9J^4m_>Fstkpum0zEBFUCd-HAln
zqhrCrA0^+jQ=M~Qa80!7=-*uF`7t-!&X#3zcm@Jx*1Ugt;zRlhAJktiht1FbaDNqR
zD=ekMlwCka`r`xRlhu+|00az-#J#Ef$OXI?0TU)+{HgDP<&wZhriejkD=S*cEFfvE
z2}F8AdSLo9>L)I-6|?jRZmz`vjBAIu9_^Ifh+A#h@t#>3iZLCIE#oOR<A~#d|Hs~2
z2F2BN-J-!EI0OkU!2*p2x8MYq;10p1aT<5`5G28ZySqCCcXxLhcR8KBdEWOsr|vyf
z_p7?6?vK0vQN`}P*W7EZJ?EHnj&U-hs+wTvY0-e5Ri8F803S8{gWPO8&ulR_vQdP6
zh%etn@(-0kJcMgtkE9B4{R-Zb7m0g8K0NfxZN=4h@6GXq<r=Er?bD{%8x_Zi0I54P
zZnI1jODENtb1@aVhgjne8+&JF?^2|N#l<-$CML)R-M*M=i-{2HTMr1U%GD0#$9Lc{
z=?u5mFvMXw(og3B;!`vqDWyYyMIRcb&Wq12O!X$}!DhIW>7Gw4b}ltIu$Ybz4W;pG
zaZ~+nnJz?uoF6x2Z&lGBym;JI<0j(n7xPw3A<z98X?KKLf40<`nIN*f_8Sb*4n^M=
zsIHzbkND@<jCzd$y^+K}i&Uidty8}<B4`Z>tM0IW`9jchRT-Na=db-;RT{Tp!y7rN
zyYE6<gHJSNU}3t!u;IuJARXpWagWTmlo!45hr3~qvGccis0Mu^mU++(f;J(&?z6vs
zObJDg8aAL)WG36Lcfxtp8Ni?shj!mxgi2||IGAq6pUxK)uwA-oZH34$a*JoN`WV)7
z4fl`uu}BYDwp19mrzRWuv8bWu^$0S5?|wHjs5^~|n_#xu%Aer<$im0R_wD!(NyW1D
z??t|ud!ijdWnfw3;8>P)#11WeFFQQ~X@DQreBSpyz1vNvJbTno*E$?4|AakNIZY4q
zen4|(et!N}tg;*$gAD6Wj`tVy_6lMeMLaZWLq+UG@zJ~Xx+w!IQ%sTWZ!dO7XKVj(
zS~$A=X1ADgxkiLWEAHKCyD^jAvthq&T{#5{!1E`&OeJ7oDyrOFj0#qGh>@X*5e2af
zhVWb+(DCOR6I*i6W%hr|f}OQbL3}Hh+-)AEl&3iq{z;pbNp)c$dJhKvvM>8n+}ieb
ziH*;1Zi_ue=LfjyUdL{U<6ik>@6Mc3puzp7Yz=alByTA3s!jK`(V67nn_YlYxx;n4
zPhPsn%fqDwA=^IE14gq6wlMaD{+m9iMsb_HyDfZ_3ybU;S_Z@EB6ZjN>ZV*a-N!94
z#~uA0$HZ9QtAk&p70=yFl7o%8koNA>ViEr0WlH?byLT`a6q#CUYZ)T9>%p>f*MrX4
zIl8#gU!E+Ge|5ZxuOz9Qtwt$y_=0Z9o<9<AEZA+n+~~B<c8m0Qk^T};#|gO{G8$c$
zsD)}U%~>$#>Mm#=-xw(Ped#wpMHynC%NM94e9^5Xp(%rIG$GkL(k86OjSex|XdKJB
zkiIxIq^XdJ^8!(sJkvn$C-899fKd{8W-&><P~a)oC~6h?P}&00p-l{w{m}03-S(<;
z;2PH&;JVg2e*QQyv~TZeLBd3o=L=O%+_Zf@5YuMQrN3g`zy9)n#nQ3!F;rBP-E4HF
zg$o}yEPs;*gU}rwk5Rk(>QF6SVPQr!x;K(A!+0>k*2Sd{W@QBw0z>tC36Aq0Tq72u
zmvtAtgnndnEN?1f<C#nAZZ$H`ft@y=Yq_;9ep$p#?HlS2*S%h_ullIDie2W(g=K9V
zW5pB7{`}J0ddLVeymv&gDy<cBgH;{T2n{Kc0~zkfpg2w>(4)+KFom=MUH4VPwb~ky
z{fAuTv-K7j!%}xy6=c@^VMwd_4V1D(R-2X(aL;g}6Vr_c&z8ui!-Tvh8+-|S{{fS2
zKMyl5pHajSpQ1Eu@EMH6mw=}veLsTF4=Dv^*1rL>(5B1~>etiC9n6UH2TlEl#AW*T
z1i^>V2I!3$v60TLGLhpmi-aql{0hyqlGbzc{a-W^y$2anL;IZU77kixXn$}YF1Y^8
zQBT74#7e9-4y*p0J)n$0^G&<szi_q`4jf~CRtrc)NCO#s5WjIAhtwJKg&I{fe9Ypo
zP2?|v%j(Y``PMx`B9(q5Lm9E7Q#d&p%Q$jaM$)wlmhajM#b&YF_#%^B2Q4U;XCC=`
z!~ARHzh80{a(ZjX0qm_HYTrEbwViI1=jCpq<u8zb@hp^dMJK=D`G)`C2jv<s{3Zyr
z?csJQKqQ?2^M0YDw3I6ygp!;v+%?cu8O;HCy?=*FU=wwI0t_AFsw?Ixe&{&=kcGB8
zC@WZ3`?-($(L+^>`a7e+>VZB{+`bbw4OgMG3IJZedrbhe5&w$8Q}7iOa?j<n5^Tgi
z3jYM=*_AjI2F>rC@n>WvyQslV@Au7+tz95y&mKqMN!*BLWZ(n%*LVxrE^|RvZlk2(
z&lhm5xAt&5^2vehEIzvCSt1$GGgr%F7iR|ed**ong?ZP=UO|4bu1inE$oDgX$^X~`
zLV2=2f?hcK6kwcw(v`E2%5r~<H{PHiRWjk?hFPV%k6s7AAHq!(Hg-BW=0qInI+^AZ
zXSFsZ$=^awtgV^vS+<FdGC=o_B``6UQ+RpvTdUFOA^2}|JaQW7SPVo@NtrM-GKn|2
z1L!&59;|@yQOJ0Y5JrxOQL1Y1%;ZLD1Y1x}Oisi&*F*^6|KYXy^L+UOOASI!kX7$h
z4&PVWv=+*lYozaB?dtj+<<?vp)*i6Dw%pIRF4uLk{d{`!0*y&EmC@=*C(G?*$EZhY
z^^XZDDBdroLR`ho3iEv_QEgyAT3NH|Squ*w39o=|fGm>Fq!HzKo^P%8I3me00ZcC9
zWA$-!t&GD7jn(}o&rdKC(B&d?=08jRvj%R1ABXoMvsG&JT{5aI0Urz-DX<VQY}76f
zbrBz<vAgFx0+6DW0<fP3f#XPik)pBKaJJ6jM24HnQIN9`SC$7a!!Q}{Ag3aux6<~n
z%z!Ny&8TbF88o%SCA#fkBB=R!+CHE&Ilnh<`Y*R7chOfM_Khzq7443^UN}P<N@9mp
zdkHjSl|c@`8K>j5sZK(4R1%-G(mNJsyIyI;<#GbSK$>>4Llvz9NUNtWl)PZ@^UZ#Z
z_<w%XvC3xfAF?FL_^71R<Z|8u%=^bI!KJWELRMYGp58L=&U8EY?7{SrgG*ccW1rxl
z2vJhb)P+4~Te>$L$<a_G^6j%lv9;xnuEh1PX!uwhsNq%5m_K0_>GlkWGz9Xxs@Rf3
zUTWb)DsK|SpOvzFrX+tXcDg}#`kg4E+ukwb6F-4pd)*^*bu<kT@l*M_)jB<uH4!om
zjfCAiYAzn<n-yJWtZT0m^fsXtO+rXH{a*CX)wpVS6?ynrY#KQRyB|j{B&t>@JydU-
zR}QgUHj`1CFdJ#`2RYNGa4klj0-|?3eV4s0$!osI1h0b?h~nOYt>0}tFqLnPDjcb|
z5HwA*+yi+rSG_gLqYD;<A>>3_0e{)4mX*Gr86fJOM8_@@kLS)RM0k4xI!l+yaz>&=
zPQM|H)wYrDcwqXq(Acnkv@t^<w8ou<)H{+Avs|W<1rS9{;`Wjs^^x5^xOJM^(Xv+O
z)P=DCNcw8MeKpv&$j%o!-BmpCs=ulb0*=Res^S}EVuO}fZG@XY4QV$19F?BL#K7?J
z;htnR*uy@xaU#6R#ZA$y|9BERQiHtkLnR|ZJ;zgs1xz#LSbH+n$?Z+LI9D|IzSk#x
z$Gpx|1$N+U8Nz|0DDanC%khv%I}CS40AG*^anY#SnDd>;0R#uUMzJS$GwAMQpTm9|
zS>H{DVr`RAqsaX`_ePEx8cHR*$kL}=>(UNM9%QxJPs<$X>;&I*+V>dhF|2qgS-b!4
zDkXR=F;0Et=?yEUYPv-&&CAetzHP4=CI)qJy0BKO@LpRxvYm4^y}1rXkPtlr1><J8
z4+?+ZoJ1g9+_9R+^yXBMr8o}x=;%m)wi}h?3BGetvE|5l{ewPFLRcSYU+bxd(#xH7
zwJ$SE46=q)IRBZEbb~W7)Qdc){^%K3K(n!Lr=o*h!J<G<3J^Q?a4j5%eAS@89?EP}
zUvG@EF-57aL}YDT`)3#Emd~sR5Ggv>7Wa*;el~fMrL(HFac+SmZS>BdzS1Rgn65_l
zYElR|i)c+s8YCb)MYZqUGX;`gT+}&UAUcJ(w|jDZ9dG`eR{5|6AuE*xzUjpsnmI&4
z^vyxh-2rO7?Rh##>`-5?DfY5H!dlNqDSz@2X@bJ%v*62(IDtd3ERjX(#N{<OeQ5aQ
zX%83mC~@4Otxhx(<?%|nZa4EKQ}Ap!AD0uQR@$UCjmnUpa-bq@s3mD~!yGnDgu1Ov
zZezLc0IyMQ0xYC{-UDy-!Xi_wvm~<Y!Q4Iz4yxmppZDK>TW&t$@#rWtw8Du3mOF;I
zaMvOJXp4Q_qwO~iyLZ6T(J=Ti;_X4C_;x-h7PkfFWwD;P4{PGvVOK92BMA)i*7s*P
zV>&GF&PUhe?zH-~&;k*k^x3t%&4p_MSN%1IQ3HL#DgxXeVMkiywdLlpbqHy+6CBX=
zG^KA|!rU!RWrjSKKG7vsoX5DClk4bppI4+JGrD*{vzekYO!;fH9BbJzFcJ^Ug*)l2
zoy}o9UaZ%a)0faEemd%USAlLw%AckchQxpF%!tanawAa=f(A8{B?!jUX(zNNMazcz
z=(L$5;vbk?gIs#U2lWD!pYJHDJ%jEpj1C+&p7nG}AKLJh3FMw1QD+|QQ4(2uT<u8R
z`B<??&R%-&yEdBV^}_<M&*JdLxxq+GvuB4d<%-3W0<r-3(kkqmMM}6Et>?7}vCzIP
z?6V}=BCNyE)ixwcj$qv4yjVgvG!lPu^bbk{Q5X;mC!GIZe02FCT(B=ioFoL;KLe)@
zD$AYz#SP&<`sP3<1(I!tcOiQH!Za15DaBJkECfag+>MjQbW_n$r8_g2tAH_d7r>u-
zhE{E3$7<o*)(`%Ns>BR+FyZcjpt+6`uK{iIY#^?58?hj+{3+|^wBTrVa+tL1At`w3
zJE9gJKC$N$<~tFK;2E=H>XQtA@&W4;L06cOB^ehoBLX=ao#<uO>>!er=u6r+N_nKZ
zNH5&>uY>?gI1y^7A@dh-CV+b+cxw&wt*c!Cvbd-=L4>N?-28sGtdz)OhW?}bx|C?P
zCF(_w(d2};(IiXNu?|m=?BI^U_IhU|eI<~pMr?<wrlfdS$4c<^-oac)X=^LlTy^Yj
z&*!|O{K@hw{#*Jw9n=D<&1sOR)h*}aD${0b)uoSwyVJGfkhzn%6tYD9HH|&Pc@ht$
zaa!-bs8g*q;n^0guN<)Ks7e5s2yi;EHq&=*dIN9w!t{RqSubGimXLpZ0<*%6<hexy
zxq!-!lytE;aB4fV#7HCni}COv%(EKvAtrYPc%drsF+ov{6q|SNTnRoEWb<8+ni|II
z-WGR7tBFZ4J0T*`u>4_A<5VxFG&m&WL<a&^{dPt2W9prNMt%%6P)stq4x&Z#M4{|)
z%?7^jU`L<dEGk#~FgP&bM!TYCY!r8~g`X{csv&W_JfXsW-y}hb(w^ePsc6Jaheke7
zBXYKaPg=#yhm=<fXZYAfS@GdWT!c8+@WEv;=AG*1T_uy-Gysr`)}=&4!^OkXIX;a|
znHbo)-9JC~c=g3`sOSyFAI5<U!!kaW=ORjG(UYDPm<^7XJ#=8jK{jw#{}_z()@$5H
z_M!%AZ|lQ6>C1`-);<r-CDCT|cv?-hv+#fo!wVlYYnRjh4FPmQp;HOW^E4^r`5vPI
zcIz#>thr`o9OAQPOKa<-87zZtfR9g(`hlQAOKWjx%USkBWsJ$w*+O%U1?sVRtC^M>
zql`rNYzJ2Y-ihj$RaTJ-O-p3c3L6c7w>x`SnTdsgr`wE6iXD<scryKUhtshUUVhe3
zDR_fv!&*vy0s6&rL}fz<{1S#~wcZ!vp!}=$p68O6mg)z&V6+p9wG<L!00~R{*&NFj
zc>Bx<?k3PIt9ORPY*PF?UG8|-h5**XV@h7_&;E}xU+dQOJjW!pzDan$V1ukP++GF;
zr%5&v%YpKa^WIv0eib`0KW+yX`8;FQ`}(9=F5rM4-UA72DS*Uoj$Z3J44!&Nn;SVv
z&-LN<cJ~>;@-xv=kjx5BohcT)1(oI69ns1(3HBYH>8&djM^C?xW^}Dcp3#0E<dh-s
znZ4gGF{M&{{82dc8_z9h2L3A&bCeGe{Z)7zLmbL)3a@|v%374i5&;F|$)j5l^T`S$
z>M4g&Zn*_+@C$SVCSnpVv~>;E==HI<{(W)_S#t1`>u01;dP+J*Rv_BmQ8XB>hfWBj
zeM=y7{q;-@AKIj(qrY;-+YtagyG?-y!)y|>8|ki`92$<&6<bfyQoDG!-V`?;61DQ`
zrH|-h*7U`@r5ksv;a!T9REY;ydY{?Hy|O0EteuFkTOD2u%C52dr?b%vYjR$ZL5%6r
zRHo;<a!q)O=V;IR?4kH~#IrS5(>7CFZBv0Gu4LkEtOQwo5xs)$Z%D<<F39w%RV?iG
ze!3h+pNZ6b<l-m7T<{6PnXjvUYN}C~g=^jHX{>pT>umjcAy*=O2tA;vvwyYvL2MP<
zNcW&19(O!r+@Gmat%;i^YuHU1&tSIIp8!LTD>P0j&05r~J|gRCY%qKAsFgWoe8wRi
zf#-8|k{gR0{^_Xi22i@?<#++LTjZu-w9(NY%Ge8Fr+%2j0K5q2U#DmSY8|XywwvAV
z%wE;|4jmrgz0Qvmmpzw?+*>>UWhR3$nmBIs9GWJ_sX6=UXs$ru$9?JOdb}5-#i(T}
z@d8?EKrG3@m66wC^u+)XB)AEO07}0-SViA#E>RK{(+77PBqwV(gQ$+5uss%%DBZ-X
z42Slw{M|aL4A#pBt{TAl%<m}dj6c=n(ObYmC&&qdcPtJ}C#_!Pw(@_{0e1ip!|4FH
zBi$>cFqqU#BmzVNHpa&xc+{44Oe~C8gezXKQ7q&j_qESfT$Z(7mV|SQFrjT_Jt=se
zYXEnB`Z#px_w2AS#fl}@v?Iw0BX8l+`Sl~_eZ};GD5T93gC<!tVN)p*cCXrJa>aOS
zex0XeMEK0Y@RKSakTh32U{beLA=1A*U|**)x3@-eHn((dCE$rC$jug1%_MUZpP7E!
zYY=|G^%g%2Uh0M+Sx6*wT?&HFzY&RDnBd&SG8{2O@=WG9rFDE)EHa9;;3-&JRa*=j
zWnJSLDOA1WImtrA%P4oHbDDy+l()IZ;wnTSCth?DsQge{f7YU*=sa*CZ^zyeVgDAs
z`!Pr7y-ih9Jdc*av0JC~zK}N(FRrZb%SOC<n-i&=Zn*^Eod;%|R%~B+5;9B3taFZa
zo*eT-q|Z+Ygqwr|OIbrcEc<VP5Wp4vAC_6TO14<F0ad*yC@40E>ddLk5?7~)!dd7j
zF+ba6v=#i~ZY_5^at$3-nIU+Od+@s)ncx=(7=^atl!cT?7&qA;f&J)%^Z{hH%Gny|
z`^^L^4j7JPIJ(%o`Xdb7cLqK)8z%cdE`7mWk<)Ck845+o+7fQME#T(+HY!=?ni_Gc
z@eZRYhGvdAk^M6(nNXqbG+FhFGxsD8C)S;po1_`{Yj`V*aQ1=-YK@T$!v~WgRk?2~
zEp<V2ea)4>RO6R(2{mh!cI94hviKP7ZN)ryNA`}^$r<4$&;luY9W_xa4G^N8Rq$$7
zze%l{bo9bxt-7MhgXTi}mO`rAD9hb12p)O$38>{$qp$h~&LS{xl)Y3Au$+5Jg>=tt
z+Np9lc>n8?hO#8wQh6^qii|y|Z?ye$B%~InU_e_JZTMt%2P^ig=Gn?Xtd^=#)6w>l
zH%gErJ)P93sD(u#t1)g<%a!6PiPResSAM2eyxCh%)E!#(X3uhpFX+&wk$tzJ_5`ni
z8i(0oAMAh8)7vANOI=~=2>sf<hkZ1DTE)sUxT{H){$d_n8!fMJfWma{jY^4d;~Si%
zUeS-(m4>5UT|)%N$y&CH5Y0nnRXW$Yf8GkKD14&TVfAAFzD*Y0<tj}!Tp)Bg)&c;o
zO*8zig9lor8ObK<>KByTtY)yx1iy;@+NanoR=C4Kf3#q@7VwHerx|hbg&j-&^4cd(
z+a(vONsXaXp3`kW9rs8|$WVvu*k0G#g66|OksahHzajb?ZG3L;z)2&XnkP2cX$i@Z
zgnf3P4MHOf`-ymkHGAzp{mx}jSCkshCbfFonhyXuK5B?VaYmC=j+@u>tjG{~yI7Hr
z<#)yvtW*<j+jBq~#$>L%GoHCCL70@DYnn<yDb>W!){B|4$sCAt$%<RoCS)RmqeKkI
zuTk@;pQz|fkcrn1lt4M#2a(!xNTyiTPv)?^In~0H^)(8E&THV+awf%8fM~&kc2NED
z?ZzNecQql)m=Jggmmd<sAXPy#D-m9fVqj*>*fS35u_zQVAFfXbqdlorcsiJ8P}So_
zt*ggktpy#2uf0SGJ_@dQZa&d+Rz1bR5aTwaN0s0##w|XU@xU6IJ8F)azq9JgMLaXp
zat^9v#m^*ebWHGvCMbV;@U&RoyCyNCm$!^)9@d1k`z2?+*HEJLiuPy?*`LL47w20!
zb~9Y7!e(aEf4A^n-W!GjP4DwULSZPOcC`+-D@Eb2RSljf@t(p#BAqqud92?_ls==s
z%+V%%>uk<GtcZqNreI2D8EMQaWz0KSGDy>I&kCeXpMs6Mqji)_#y-Y;S`(HLt>bNp
zmeWqdv3d<3qPyrrgbA9$kIzA#z}wb>nE|vPtZ<gmMGus-ZMVzD7O$SO(cReTTYc-(
z+djq+^^6-p_-AHk-DvRE*Ftrlri=Mc{i)`>R1djJmR4>~S8TWuvuJv6IE!Yj<MA|K
z{8qhZPtu3pS$VslC8!jNJ7IoL#HezBOL!^F*}8FU7db>(seO4>Vp9c`oKV``>Y#b^
z+2}|8h}5mTCwhl>B4(nNZs)$B2<H8++aplgLuglZQ%rl{aBAVFVnyQsrk0-_tC+QQ
zb2&PF>q1`8`90%aG29Z)JZBS$XEo3G+1&j$TDPT3)7g>$><gBE^|ufBgxo^nYbrU%
zBK*@=IpD6BXF}f(#y1g?yqFQP50l@lIqWCW=5i`5!_fwAGxsGEIeW4kyjm=qN>^fL
z<=P5YdYe~fIXAZQmj}Adh~jQ4#?_VbHl@rLYuLVds4wkI)8BNEflcQfo=2H5iaqBY
zMerc`bTK|tjz{$54dm+~&_33=*OvY)8Tc(FNma8ij=Th=W-Cd^BIPyg(?h{%)a6qV
z=4}&{_?@xuTq5Xf2~i-o^w)6)3GF^F1Ojd3RNs2N!1o6-iY2pTM(+){s%#chEX6-d
z2bbTH0?z#xhy0~krf6PeP!VZx@j+0bGU_g^w-F`v<vnuvk6w)S>Ds=KDkbBw9!mrD
z`({$;>x41cS!-C;61|8Hu_kHL6EUBgN%bE|;ZWhv-JDskuj`U-^<_@K`=C-eKRAD6
zdLb+Rex#$|uXQq7-hrqfZuVjK6+-a4cT`Ym4&EJ1WsVG<$$kch9z&}h{y&g-@c7Pp
ze}na@c#Ow-zCJ*yBB~OJU6!iTOtpQH+qbo?G_{0fX%$l)BO?U+bo&-u7Id|{OtrHz
zLp09;cNZKPm;7%Q-OL4akFu{m<G!y1?gy(G?s!v3*;wvI;+aN@n;K7Js&m`r+~PrS
zM{G9I(V_?K1$(>x!ccWr$ssNQ-|r^=thkNGVtd-@?U$UQi-eB5Ve@P0f?U~s4$>?c
z61s}WFkU}6Nt3_j6%Yo&$%v3v1!t_CokZXzw$VOM6KVOI(^s$QW$2!KTh&FY<;I3V
zwn?k^EDKwtN%P*g9>%CEyR_xhsZOO^NU&uZT%_wVta5s@&?nz5FhEoOX{q$4=U58k
z;%g-Fk>kE(Q(@rD$i_V|^w9D~YhmQ(^g8I)Z#Js=YVgYAmV~1xo~Y}vsWrsas75~(
z5^sIt1R?(+lh1UIruPtB@n2PaFcRgQeKgkXdcv%B=S@foocbzT*FWd+1qNCi{i9{c
zml_DBa;jAi#XFNoqLipb%p~)?>TIRH7Yub=jau(&(5)pjcX9D`gS;lDkrIFK3(z8>
z{Zy#b7{1r`tS5}WjeM^Jb1%Nm>-ZYpX5JSS(pT{A#`GA7n3Ck;PCRx$euntS4hu%D
zRH(&qJ$>_SSnX?RDfW_EboZrepom3*Vl)zB5*vZ%iG!a26Xo>&x}zRxL>jh&i6nrV
zUw{}Y&SQLDg^)--Xo|zxcK;rhdT3nufPzPm5@FI3Hq{xnz;er%hI;t@8zpJTUiQqx
ztEq)M43wp`YmzWpX>N{bw7^+%_VgP5qN9W7NODiG6Hl3)u*ApnahV<6@#Ke|tA?$x
zDG(s*eB@JWEQkWf=fR>#xTG{OUBi^W>oIw`$LB1N8+ye#@IdZUAI%Tn7PK!ipz(2W
z0tsgIb-SeqZ<pA~7n2`YN{2_?PaGiVo$n9}FLyC*1d_<Xjm9@FcmifGdYk>O%p4<^
z#&!c;5%nP%WXI8e)A7F_DVA{BO-$JAkvlMiVD6a*3Q^$j|DgCGg%JAR|6uX|D|3H^
z`2QpV@IQ+Q{GTWC|8L*%UkU)91F^8Ms=3?e=QV!Uul#FdX3k~(m*m#}5kZ3g_B{T#
z7yeFs=uuTxRn>53x+iz&kL|pop`o#cFn#|WVTS)-R%!U(&h0PM^JgOej|3(DZ;Wy>
z;zWJS*UE$Iw~Q2wk?f|+z1mq?V6XAJ%to<{F74)2h%~Wufc4+2<Qx*We3m^)`04ii
zJjx<3vrW}?h{xx_oYlvrZZ`Ojg+m4)B^CKUmiC3NPHsg&TZ^H;a9&j4VgAT9{Qj-?
zOf&h^nTB7O4xm=$@*O1s{S#!BG}q89D*JT?|73m~XAPn)GA-=$uJaRG^1UMk^HYlm
zMw=eiE_~VaJ6iv(#PJy#vLQ1)DruZlf~O|b6v@@gy>b4<tNter4#odG2{5<?Gw(U_
zu%LD|!djCrtA3F^xO-4D-z`jIfH_y0GC9_Er7~Ksw4M6#7Hzq*%}!TK)2Vd5yVZ<g
z{*6EO{sP5%`^)><;jr3&(w>=}>i7OOl0id^SsY;vu5(705-v`5fp3b95L?4EqSr?b
z&YR{_RqwN|c3VSac_EbUB=$Z%%A0=l3eckP)264LVq|p{#2eJh!MO`mDjOTCx4V@e
zV8iD}mVa!F=B0e&kL$P)kr-@)+_R0`hzBbQ+))cyv@IC?(0ry&H%h9^+S&SmMQ%_b
zIr683!g2-m1^?+oGr{2$$IkmXfu|!Vk2XeFgwfm%GiXOtt;~ltyi>=zAWdY4(7D=E
zoq%`drs4Ld9gAST*AmAJe>@n>aUDtkL6e_%`$#@)_BJW7DJvapdug4cwzy<yp69&Y
zMCwc-#hV)(Nu09$u>RfqT5Rygd=BC79i=4YkW#P{qxltvVMUed<B`>POBz>Ab@!?B
zm1VtOEv9*e!Q6FEQ_}U0qeuOF*x*sZo{5QfhKrdExA!;d+T(SiG(aX$jb(nopdM37
zFj&rF_*|vf^FEer=t-X#Ek#zM%Q>^8j+a0;v?r}>XQL|}yGC_~k^C%^D;C&$bsQ#-
zdPz&p^Y{HUR;8}`Z-bfoZq|_`fqRTm={1|jw_Ueh^V+b)4W;bOPFUVrQ7(daB*7Qa
z`z>oW=}`fv;EFFo7-*~aI`8oy!BoKALm>xW+O!eTGeMmqH{f8<h<syp@m*o*G?DVk
z5%lJgT++gbs+PJ)lt-k7bgQ@|i1iZCGPb-d*YxvC?-&@<9(T-zDDci9uN~Z=h<|my
zh<K|8{O}>iU^G`pa&kcm#{wAEd-K8@;V5l-+uVQ%Y-3muxM5vM0|(1F`33-r%1g{f
z%_p6%2p62?jb@ha3<<?@kqmh)r2ih;O#xhKx-Z0;We4N?cX#R^o{a4ti%Ec^q>D&y
z*_)>eq!^y`Mls*`)tgud_MLbQrk2DOSe|H`A4fcHoyK9*(2bU($LqGa41X6q+Nmrj
z-$V8mb5$Q#&QRY4i9pYQ$1mOKN)iqn#aYyrv{b)&QijgQPg!GN__i)?kFEOKS+wN`
z_fXDO=tkA(Og(xQY|<c@%HXP<(^%RwAopTAPe_*<R7)K?3457QCLYjUz9Ia(=+Pa&
zs!qbLA?r6oPN$<ehri#Q6IAnHOlQp$p3APEHi5h;`@Hu*U5r@bNc`s}2EM5JS5q2<
zutP<mqxz|3=uBiy8d=a(UbY$a#6BGd3$ZT~bwL%U381tr_WNS>OqFu#YSv@YC{+(i
z$JjaJB}5!X&J3)Dm5jSDVI94v-PI;r^wAmA>nhhRsqw`ZTU;+AKb`$bpltkv>ykgv
zDi%k6g?!>)<It|wC*0i_Ugjw;45F(29zGX>4cc$9-P>vpbU@$CSp%goea3xZfZj4T
zB)GP;U$_3{HZ@=@QO+UQ4#@KSB%@}#F-!Ys)api@cqeh13lh*x;130=7PW#JC8R%8
zkB=nMVTSH*tu%I&<TPgc5HD0G0C|xlf4w{l)h6a`Tc#5wzT&RUUi2)PhBI-rUM5$I
zb$(CKe?T$4EiDyo)khsU1<~~RGhAB4%_yZk`HrGCvZVJ7@?d)!g^{c_M!|*?+575v
z@e$=$(#$u*pEjD4a%KC1ExTeE*n+CftRAcwb7d8olCMXC5%1YmxmDXTf~>zOk+v*L
z<AV#Mh|ir1%xKs)dzd}yiuIG@R#L*L4tt)z>BdzLu;k}T4c=0|igvr{l_s_B_HC;P
z^d@aT;O<)6zvG)p9Z$fi#ALd1djs@xeP!W2q)v2uE?be73879p5d-o;SmFp@etm2T
ze#m_A%sh7S1s!7o`Ce8jTDXA@_WC^oa?{5{@r4i>pctO_uopMprK$8*E`CRfIvx4<
z8#sK`<itf~=DSt0>cn1{=pNUchJ_Tgtr?bFr^n`wOR=E<jRPzZRkVa7u4tMp8z&ZQ
z7%Zkx?3Pvq@Scb2!J@2%lr9VUxNgwJwiWP0{2AlB731S=bCcNn`S1G!gt?3cGzmkg
zxvd4V--Et~&yXK&06f(GdQ6QfM@#F!t-V(aV2*nmN&DT2-3rxZzN#_Ckw~2zPcJy9
zs~`)nc`3E$%#8=@`Idmx<BHgCMK3C*&B<(8R(A(cTfTigQu=fsSg>#<Z93Z_L3cI2
zD5j;~3u1jez*ytNq@8xL<&so)YIzhoEPjDjnd?MTJ*6jf1lBV;`D!iMOx1wwZ&6qr
z0i(`pmoS07V19})M~UFcMqo#^BXRqZUcXe1HX5z%hgjo8zD(m4s8I40SpK44|L7-C
zo8E@$N?f7L!PI-P`s<Yw;`4<XABFdP5I+s0{%FdH;diJ*aX{}3tDCj*T~BV>?9ThL
z>=?Ht`3q@OAbp*zbOd<y&8MoScCH73fa@tC)f{I02@G4Zl6(J+y(-Xg{-=4l8|O%j
zCuaow-CBu91%CMHDSGo3aSJo;u**w|)tZE=79)qNWriKF@_;${_kD|xo-B%htBg;4
zWogn}_ODE<t`1&>@lZ}|Z0ko#R~+x8oBXrRBjy0)Ap=lL2m-HnJ5>}_0O_5@H!Hn^
zQnH7frz@9vV-re5$-!VD$0Eg~bnp2^^$!JQSPXq9cUfZ<pui+U%u1@)4GAZpBTUmO
z;SzD8TPO4h8RxyHvb!W!)tTz+u5S$&EQMJlT!emL^pziIW+;UPN=mh5J;h!2Hi!bZ
zpx2F-t0?n4f>Ew|&j`_jY~BpLGlJiGOoH?~tJn96Ysyy5QJ$a9@UMmvo67Z&)7eTb
zyq)C$<E(98KYBWPyHeFYRm#eE?J0E`tu6z;4DTf?j>j}k5X=U?bjg|N19nP|$L{RZ
z7%b7Y1D%|vwjY_e3#COrH{SPzTN6LJ*V8Xup6Bt_+8!*SJ)azSEwL{(Wi)}9q|j06
zh?tYV+N~9V$%}NdDvUDH+1Zb7-=rPP63VwVAcpT)!q9q^BLew$7)ld;V%P%_T;Bcb
zQ_`rFLyFXy*G3(_dAN>$<y}*g6X<mCz)bL+rYf?jLz-@ut}pQbp7&x<voS03G1O5B
z8jBvM9`cb<OE*kh$}yG5aL>?@3T6>W28g1Uk$d4^J<?t>W^{p^AeGVaSngI?JQq_K
zm$dg^TFQ{`oxifd2c$RJg+|?{@sFu}UkpJk2?$XxTi297qykm9(4?ie!WOj&`e2)d
zwxZwQD4TLE3klW4#VP0H{Wx!KLYIqN4AJ24HJ1)6vXb<yTCX2K)6q0zGC120DVbrM
z?&tCne@K<4=jT~HE=z&DYYS1DJ>&Mr4jBfGEB4ms9kym(PsW*0LGv7s5aV?V)yCYD
zy@%+$@ur45d*T!XR0+Mi8enV(@!uHnM0{WI@U-KgOR{Vc$t$ZdYb&YoopX6r;_}*M
zehJe8@d!!efq4~9LR9{Xm(R~r$GxW8c#M?Ajv^pU#q@`xI}pLj(-E)LB57oRW0oek
zF&S?u8F%DW;qM*%EyAj#uZmrPj|rj~!U4b7%eH+h<QEAzpl8dpUTFu7h@7hIad@0s
z@p8SD(_fYVZseFk*l*4GtGza4tpF9z>?-2Oyc!>~xZVoay-6HCVkzw|zc+DHN`yG9
zmBa4q9HG0}JZeu2z^ugK@X(l?Lg}noyaGub-|PD*FVI6ztC@x%afL)D1}-Ly&aPq-
ze-A=brLVHc)n!o1`iyYe5A+kse{DWTJf1ex^kP1rt%X$P1Aw68dv7TnYb@_)*z{xh
zpw>a!<|mIlEPn?om?RFO7OfeP^H6@oJFvY6mnT8)@H5Jy+;Zcp1Vk=KY@lCf?y4vW
zjbH%hc3#tx-?K{kH6kjrS&nsZHLXPS8qx7*T&x&l;&ZO6o^NH8nBLqZvF@{*g5U@t
zz43R~c~l^KvsY+Km0!+JW+qy<#y}m<Dt8$U<B*9DdVYgUeBhV+Nr+nI!LdG&F70BW
zcpo>COo5t)Yv3yvHDzgHIq&}LwC3dXReXg9+_-MSBAttSyiRZ)v+*?rgH|odAZ|-A
zr#L8My+L{4V?IEuPLc4FVavX`xn$gG?O%Pt<?yfQYgO{XG5Xsm>7iby?>$0vD8Ihk
zqDa@i`?$N|-#_Y(!$_kPkSguM$8XMo>sgHm9!~L7^ykUY)qEo?;EH!BXAxQW*55*@
z`}vZZ#B)oLZ^4u08t=6an=PL({l)rc4EWkh{LB%LHsp0N?~xZ5E@!%{qSUdR8YS&K
z8M^hRpEd@FJga#O9llJ7`u!5p<@eEVewJb{Jgs6xe7_*IT6_l9$oyKznRAjE85?%{
z)ez31Hka5ZT(1AJ+tYcV0%N-3D0_f=RY;L9Cvr;%C~zLn%9&_bcwM^?_ko&9I<?<H
z`Oe<6o_$uAQ9h3{v$x7Zf~)BlA(4Lom(wTT58aP|wqvVMKS9BH-L!-{Pdb^<x$C&w
z%~~s@vM3X9eL~*p^3nIC1`r-rjTqcSOmVX~S69RL%0C6-kou&PuU_~<q$MI#PNugq
zo-olX@O^ESa@Po!Surb12$Q)2uk$99^xukmUqE)PEd8owfq!cS*NOKKI#BSC5jT7D
zV?L{<N(}^h4;w*`{%C4!gJc4j3!D3fLPiOP`QnLPC7{IkakoF((%R=9MqEElDcFr&
z*WHMn;=J=99HIQn0)tij#S14+^h<i>)R1_wdNpI4=YWCTlXr>gX!95z|2G1%T1mkg
ze4v~+Hd6~p2#iVAR!)jw^x%Lt9#_GY@E$e)))Edb6$%{fp=9D4)xm{n*Y~`(8?@0v
zR5n#Icx4o8YA}q0=gjlwA#()5pG-5X+#}p!N<3tUs~tWga71u9BWcAMqw7(!qMRYB
z#|7!<$Zk8H{FHFvj<Z88D+%wqD<*3H1|`ys1RFAY7`B4IIk=qFa?6R@<R#$qp=xaj
z<VNTfj>pEBI^NG9?R*mhWZVYo$(TSpm#F(;*roFdutK*WKRwlmyEoitry_D^UXP5#
zd2R7N78kG5dylF76HElLK#`Lote;*5?LBXFFH&T4q@i}uRLVJTo`CMAS%obM7-O72
zpcoLg_0&>`gc&DK5wtiv*~p?|hieNZmtoD%yNU(vk9_roK_(Rfb0bt=1akB9p|9FN
zLgTZo;kYx2S7{z@xX$sPgBHxWS{EL0g6M0^p}M?-JB+^_aRLw!KeQ`c@`x>L9zemO
z97Sq)=bLIh>*>|&@JH$NP0>52S0S`DPqzFR<X<B4pN}l=7s4FOn%N-v1)#EszslA-
zJ?)4f*?cWF7>`<zQ(W*c`1UgmB&cTtty9F%>wZp^k)pZ~PDwdBUA%o*%Wc^+N#XL9
zn9Vk7bF2OMd{uI~ogIar5s+(&$;^gS)x8w+3^;8ICVcPiwC24I+RL9aG2-o(ZA7<t
z0b3g0=@~W@%vmQe-NL_p#<lQv!1DIO1KWHG*d+6Aep3H5nhrVjzmT-@8V8hmN!Qoe
zpe)ybhy-F0DO1)jb_hY$V^N>0TQJ%X^uPjv;ij2(9CSL>*g&}z$brnw{Yx10d~p+Q
zBl4~g&ADW0JU14tS9&~zClx-+nC|eO7&nW`a1jCgKDE&i?PPB%^V`QdFV07!a^5d5
z<;|N<az=@rWk%~(Tc>z&m~T#ArPr<YW(C3rVJ&LV*2YaCc}YKw6%<QSnG*`2APV_?
zLXfzTvn|L1Fl8F-dbj8KFBr*Qx2826Fi!w_oE8dZ`vr4nYdR*`sB!npRr#yUf`8#I
zuinAsaXb-jrk_MLzkUUH0V4J?EeDO2Kv3uY>zBt0fFt4a(>aEtnv^r*jZ<F|_aWw6
zb6lQe_XC)tSpRpeF?Ep%d(WK+hWug+v&U#JdYcv2`yiCNwuF!;BRpqf?1$S+(4+e#
zq*^k&b@JDb$()wn_^GOU6JZM{Er=W#GU0g)@-tCkUs5xkx}|i){sg{vt2Ty`bnUU`
zW}oTMLg*j~&?uNP>v&8=>od30*i-t=rldC^r1_Q6uFyD;?kU-D)TrjYUARpGv73BS
zV5tAnIP(JoT5u5gktplsaFfv#Z=5t@ApL@Fy~k^Vj9|O#Mh}O>@b$?ZBd<@8<^()o
z0#LSFS*M$Kf4*zO&47ytDB7jk!eT)!@)uEVBzzlVE0@YfEk@VZNhKGIZL4Fg`h<eS
zRrL6EA*4GW>sl-sEgdjN$(^)u#CZX)Jk&&FdvyMWdZdw^yrvtXRXe>Ucc2L9+Jl0;
zc@9~3CxGvf#&Tan5i67b!9dI*7dvCU(tmVnms=neAS!XZbomK3xrvUhPv=ASd`A<q
zyb^yMXwhuLeRK+?UqV>h`k~Xt3F<DS|7n-_3=M%kzRAN+vnrHYcxpEqibq#4+zS13
zDb?@7g}~2F>VVm+K{k5z#D9avQauEJp0r3&X9|M);on?%bmykdCVY+{;ySzNGbyM3
zH;BHB0TJ7S0DB126W^;ZZV%KEcaC4Qwd{>pe|mLvA+Whc7?J)Pj{k$jOmEpB77lL*
z&NN}8k#k%%+v^5RC_zxlz0D;Y^w3W;S^t*zEkuMoKjhz$|D(NIh>W28*Ug0-b(sYJ
z??9~oKQ{Z{!)CE#g=ezU+PvePOAq>4$@IjmXGW$2st}XjqNOGUJ^dIOOZkf{?{Rca
zkpA8b^iSjW4tkK)H94Y!&fUIIVAsL^`8TTiDT!()=o0Ar!oPHy#vp1a6V=mkOo(}&
z$DgLV6)d-Ko;e{8?rdC3$HYlT%i=04It-aX=Z{>EuJ+YI(z8>|Z=rjunB3ZP<DDkF
zp)#(S7wiz+cRD2akeQ=vNlA><nXM9B!)Cm<5p0|#-2_Sc{~0(2qV{{}xAt22Bh)xV
zn;hUvT3yfrGOA_fB5;DExrrGzbYVV|2;pw?xbL;8d_P32r%sTloo<^0QjTWVXVls?
zUKfAodvo0LTkcj3DXu?z7;|~CRJWyY7|Q8zW_rg)zVbugY@cwo!!!;1MIn}w;MPP9
zyzmD7T+<<eb7;eL$-(CLgnM_I{1F+^%a!!g=>xLjmpd1tNO_^$ek2_du;15KVHT1n
zf-1Em(M}cQ59X^l$66e|PEtg2Vh}m#NvH8AU)=KXKbWLccdZz5`N=Q1FVoI}dAm=x
zl~NrA*ui#d?XDjV>8?NJ)eJX=h4(I)%`|KDE0+{;C4LPJI)OR0<>ft=`fHQ;ct|AF
z8XR4lA}Xb7UGIF_{ZzVv&v^&zes+Rwiq_1Kj($+MQAK#o@=(4$#@*hF=6q$PZ=?mX
zSjxpCF;m3&Nb~$ij{68kWZYVYm$1x!^u!8Ae~h{qcFznqT7eiV5K_%t*q=I;)mZ4R
zJbJ)_HtK%6R%ApDk#2QhpDnuAJyuK&u|{4Mll+=gV;At?FIV4s!E88=<TWUDpqT0d
z-t`L6>5l?A-Y=e-7XmnP*4qcZtK;QJ+$64c*}7P}!Y$@K)xxrIb_=iepjSz_2(K*W
zdtiIINc&ZKw5oe;*2z$Is>*fEDxTn9tqh*B%8&dF7T<4f@yO`ez1klp?IBe5SW9uS
zEp%+e>YFk3O%T~N7!bK$fUEn}K_>Hjz`PKBi^24w2e3AvQ@YmgUjk!jX%XGDQARyj
zS`Ll^yMjpr$U4Ls(kT-bEe3&<#Snqv=(v`G(a#2wPj~Halje<5up|e|8_mc(sgIkL
z(35R&hzXp}eOHsg2IC08&24W-k?+8~UGz=cN-igGu*8M1Y5xS;GU*8#|AgI|!naz5
ze1(S(L}<}Cc_W~s0>2nddk-tFdk)x%F7!41+}d&mQxOdNH)HNMf4hlAMO7$x9?QAH
z;CN7pK0`jW2~nVGZyKug5Po9!!M+x$W;2Caji!;vCZ`-?B$47zM6QCY)ey0%9|B?P
z=z}oeE-qUxX)Tbu0i<I(`T=mF5Z}^15OWWA)3Lx!%U|dqt^SY}aB6SE_VzF#Fe`xw
z_RRY%gc~E!dng`;BCXx)0_R;H<>>|GX-WxN!rXleCCFNtZzS;sfh3ontAgn@Q%jz%
z9?i_fUY_C{zJr*h{!SPa;fu?g=n*D~#pWw73^crXRhcwWBC&P>7$vE~uZ~r9S)!=x
z?6-=J7NtxQOvdZlnf0?!eF-)_i*+`U9OsuZ!a_R5uWRH#77rC1)&*&K8vDLAt*?t8
zcX}h2s+9PR%Hjs9VmWAUg{IAt^KT|aw%~XJiU}++-eQc@)=^p%Jb^U7@VIxw>_;u%
znQiQ@&((q~6rO9e@Xk(GW^%_X$U4vX2w<sO))fqvQBIKm!HVjT=o!rH%B&+-kT}`h
z7G-N?zquMj)18X>vXJ34xIx95x>%#g6DgK@U!=}x)QlelP8jZ~raO3+cXMD&C`K2l
zWSH;_XNG8s!+m)h^S_{};oqKqRq+a4=a=g9k;Fypim+DXNSY;MIzgiY8bW4Aw$=i0
zpL=x&h1SyX&e~1ADR;z;FJu$T8BduUmwtp!&z>hhHI0}Us*jmB6UNsmNZu1NG4Mni
zNJP%X!&Mi<amCNz&f2amP9C_Gy{dI$7+0$nwCf4c&>Gzg1&+R7o!DvEUsM#^s;mC0
z3tU;%Fe+$ytJe_l*{Rg;IFdQRj`xT#ADG!oc$F_V@1HKx)3W=FPhwdL_y>UfG=d)0
z2`L{~)9qxIM54)z-vr&%-rzA&5j+q>Cj^p-&%&oR^JW-}5J&VYBHrC97e9cNhMsoF
zCWw~SshF@2<pf#~^t`Ll#<>@+fMooXB9BEPouyPs4<@=XeAuL=0Frlvg9k@5KQX^0
zC%EcxCxibh8moKYbx=ljeN)Eb($Dd3B~!*vh<%)&5#pP0sJT)FPHlSq(6e}>Q(&#j
z)-g5*uO~2#znE4Toa~_{$?sqHoEY_F=nNXomHe>`*Lz27yB_F<Pp-R+67&I<NRpls
zYgDK^8VS_#YHOyV1O3H<sg!AkWfBKcyZQ#mM?JIx!d)LgKF6_oVnIFJ^4N6aIyaF>
z`7sZ7R;6<qk3ChZHA*SY5&z5+J{$F;yB4r6c<Ci74-T+q<6WET;`#OZEkcy8=$f9z
zWO5s^%4n+>5_rIMViGy<Na=2&sa*qpkS-4+E|Y=w-BaVjfNe#!U4#l!lMBU6w#3a!
zWi{fzmbfCjw4hJSa{tG!R#34e5__gB>bPeo-%$Eiup*>GY2fHp^P~4h$n=|Vn1@Kv
zWu%Ya;Lb>&tqbzn0n`z{Y8vH}=)1J|V=UX-=&D~ciyd-A{)Z9flD8tLUr|kjDy1D<
z*HVL&D=P7vF=xw)`gVi1{Pd){LSWiXgnsm+wY;#CD)$bQ>n@Kf68BjD1#4~oki*zj
znp_U&n@Q@JUtgVWwk@$_CPOes%h%j|#z(%NVF&Px?B<vHQpeggIi@n6pKgq7T;6_w
zDe7X%m=f63*u@}X?E0cVU{rEi@6Yk|V~IHE@jHAH!!BE?fn{|{L1b$eSYjgiX0uZo
zFxHwDuZ^hADXxcZEkH#W)J&LWEF8dU<eLy_VYym+FjncJ{CF#4WaXYq4$rQLyYhHk
zZxq6Lf{@Z<4(;`<Tk;T3^K^N0d(C+zJ5^ATWv`hz#2oPWUXaL90;u{#_9r&aJfKEU
zdIS+?+7o1gkzYPa1E6WUGZ5};*_jYa{M|XNt*CFjK-mf%mi$YLbqYHuyMrhBITj&u
zB5A^_2<g3qzteUN7xCthFT$GQ_fP4l9kXrQPbV7H*VlgbTTg@VL>yqQRFZJ;EEw|l
z@e~G}#L7PN0NP^D-a30XdR7`~;EH`<-7AROuGQY(UofF8>$<Xxkk@P7T}-kGArMjF
z$S(cNRa*7&Nw`d1&6ZF1AyVc5r+VDt<F0JUO##%0udK+Oo0%IEXK~jhn_t&9EdWQ&
z=Fe0NicFoM*>5Ts>E~t&g716ZSUsM65sI{6X*l{t=amdD3vO`Ql0nmb9>wIlbA1Et
z9VsGeZ|!)p=htdzkr!d14p+B{W_UApaf%7d-d`6=YB*){cp9EX)a1ZsOFZt(S<rmh
zGwdlv&OTlZq&-V&K=+Vw-TXs60U@8@$Q3=(sDLFmh1wNj+AR2Lp_WKpHWVa##*%e(
zuxLrVFdza6id#Vz>flZozJru?wn`>~u=xPNmv$;AI)yf-G}3obNo6GBW5q6K-?>hn
z-KMdIQW{{Jl&&m5HpZ<Kyr8T23^#&n4?a||*EMnNakMyudeUqTUU#{9ZKXN_=IVX-
zZ}N%RPC496TDhPxK#wt-djvg8aqIWAsT}Jn!wAWKdL(P>(AMi5nXB$WZS%6{yOuOx
z=S-c@S-iNo>!P$~o(U!~Ld>i(h=#J82N|_@9+s|@C42BockXRrB#vfSmDcE&jT+*_
zwU$R%?H$sdu)XHgGQUMdR7R=<mO_6B7{;c2a&4czMF(8lXB;VSB?>GbV;0Tf+8kHg
z-E@_o|4B|%leW{7l!<Y!?5D2ha(T_zi163XQ=uacZqxJw%jI<4Rd6!jRs1-VQ7_!F
zv5nQ}n1_9r1jiZ`E!#`j#nUlQ{Z?_Kp7-brK?>>jkUL6Vx<pP#+DB;<PYJ<herqnb
zy5it1Y<G<F)$Lo``wue7Pj72e-)96!vj1@uEY0=o&6@RJ3LnQB%+x)rwgsdXO?uQj
zRq0~MKa@qk$Q}k*Q^{FFG|N>ZKyaT|O&C~u>#`3EClQtpyP)wZY%F=uLS|Bz2{(Uz
zKp!GpKvVAi(9xB-h0>6Q9Tfewrg(8}3OVw08ioU(;(9*DxI4S-rFS8`QW0k<>iyQ7
zdW%FUp>)1r{C6~CNE%Cl#~&HTx@?R)>t+v<bILSUueExMJM8r~x>io2b9H}XxdK%)
z@%)mRWXT^U^HUc|%le25)4zbWLXQ2A<y$1b&Pjva<KR&Ll)?Km;1$F@G&eVoAx;^T
zN7zMpI_>Qg8?d{nL^s*o?pq+^7Z6`!<zHCZRcGicci4~0qZ#hajK*DW`L4`tp+GYw
z9WMNf25h+esYH=|GecmU|Ac(^>*gp^bRb02b~HS2x(I%xdH=^0;6O!8L5I|4xF)fj
ztzfP&pj9l%hS|f$fj@|rjk=f@RI4!jMJ(gcv@-^J+qsdw1g7Li4MkSKaQCw-v@}P^
z{zoi@A~ekvaM-$hz0p&0B(sottbcmumrt?p>xotRdo&7^;~7?(!&(rYiL+2}3);$z
zg#bliwM=67u^2~hT;f|DIIAIP;RK%;fZ~Qu5!L;b!8rO~!w7^5dizneQGbLu+|Q#<
zey&&hS|?L3N$d{P2}cYDTZP}gXnz$Fb1>yv-BX*}55_##qEM*AZd?Y=s0WQ#^8JGJ
zm$^z4Uq)(m9<m5FKNS-Zy(dNx?m4>!wEx~_H!%)s-=;{_XJQ%YiW6#zE<QW2bt{ti
zOD&m*Ii0AeA^&hVRaJOX`_6p&rE1dFQ11;%vNuuD=+^W!tq{Ki3iv0QD!$zZq&P2*
zHT&9TGK9CEOfhfMDfe2a(GoAjN2hgJZb+LV<`~|R5XPR*>LopCA+Z-SnXZ?FI5s!1
zBUz%FVA@!yKK~2>98c9h<N_sB>}`Xa7;JH_*u1!`YgcnW5Y0J!yxXZ!mZ+j_$UF{b
zp*a4<<57OkJaLtJdMPMnPFV9lh<nSZI+||ZH#iCI?j9V1yF+jY?(XigAV3K29xOqE
zySqDq;O;I9_l2C5<azS$GsZq=>~Y7q_x6YNrE7I}RaaNdn!o>?1qT-o(RORHuV<k1
zPmuhFzDZ<QqoHKzeI21Fy74(jX~sJHm>YHBO$VJfDABahjVS&v?C8B2mrySul84>s
zc&f-ID><Zu?Qf$e051WYyHKLDSPl1<xZRw75q1)vF-JJ*$X*{GE`RX>Z}R<fw?y2%
z-Ww|P#0^%gi%XA#ht}9@T6-C)DZlqeb=DOEv0&<iiS9ScrfRafL=HE9o}fe1QXO|#
zW?g7!f+aHhNdWCK4j&xd2F<ytBlV4q>>IFi)k1p%7=7LQs0BSL*UiAnmFJJ}c)IcV
zkT{RV$nB?AD+6(PynRGM0+FB3y<nr(9_h{8mZxP1nnXxoB2_Wc`&2yyq1J-{5oee0
zvYI%!Avm?yyff9}KAEpuYFo9mPCcvisUE>X?MAH-w0APCJl`-Llkda)WgRd0Mju^K
zCbvH#0eQRfqtS2_CCE7Y3VqZ0eQG(KowCB~aTs$sUp@v|Aca2jL0F|3#}PtrUUQvU
zhGhb$Ds3j@d`Z?&0c#mi1>1%F{|<wro>w-bx_F;m=f9aXa9ZlV$5~4TNPcUG$iNtw
zPv~QH#~``uxGYrH|Bz6NbjpM%lEclU|28@TA)iz#ki~1ph#T=@U}>iikjb<-js=`@
zGwxW7c&eu3K9O{(0$Ld_N!)M%E#dt_r9W<L(^2LPMVs+*qhx*NBBpC^d%V`!C7O!>
zZK}M>Q7Gstv<WJ(kZYyN?0?_X61J~TZljQbO_1_m+@>QvZ?0P!w;Jf8&QGz`_p>yP
z78cRPw5Pl3=}x$iJ+6^)*`NIgy_R83#HU(Qj@++ZQ*S+0#fMq6v?{Q)1(&h?k!MUI
zJ-gIHfxlg@$Q8LWF=L|Qt?J)<s?k2DmuVm`(~4P}wLN7{U+;E6YIFe$-`i#PmwHHk
z^KlV~SNufAaK$oa&h-iOHOv!qpYyFoY2s#+QD~#m(t{kW(&2T5h+is^lD0Hs?@6!2
z`DU$}(3J^T)BF3Fp}e<k<u*>5MD<Z3UQ6cBY}QQ^&$~$MLN)-r$;|jzQ+-?GzPxhL
zrJSlKD$SUmEx@oSL57x-*?{tB4x5OpBJ2EAvo=Z~r`#45G7cH7m(|^?)j*w>43@xx
zRf{qL#b&qyhEL+Z98AfWG(PILPAA2qBVU`@ws{qz5X!;g#($NLC%;mFg1r!!A7r_v
zWSd+4yv%vPn@D`m{41<gsk(wgquVA8bFS<?WRopzLHXA&43<GcfK|uCG(pyQv>J7S
zOnR)j1De>6e{4RmqY|AJtZNi4<}FP=de}+BDwX}G{^H{K#!<f=s56C3)*g>!ksvQY
z<Eb$l*|(C&8F%+4?3xLGpU^&3ghQF5X)4J2KyJ~?*Np-C^2WcMv56H=sbhU32v4BD
z3gxe3HVKTQ!H!uj=$YLM(W8Ggq0C}dMfm{LE2oq2kY36o<=^3jzm@=M(7%f}!2H!>
ziq8ZG(fvb5!3C6~{*80{{o**n|Kp`bLz|)fCt~UMxevMj#4Y|_Tl~NE$A3Z9!Xn{B
z+Ydt)OP7xc2??AYd%Owm#0EqNT_>N!LgfW2G8~NNJ~WkrYh7D7hY9v9eT|XTFvI)(
zY`^N|1%5Tf)Gy<!Pn{BKd!Q|Um_Rvb^!RSbH}`v+mN`~>%X)f4^6Xq1pe-i5!yk{c
z<Jaj-AgcFV+vH{S{rcrg_38#a)AqJj6N^;p5A~_bdRleRD!u*?-P^+NHc^q-Se^y5
zUB)^`Sx8AkhmRIaE=JQ(vU&Dg#t>arFL$4slp$w|;OdRr8r_l*^_hu;P{tK?qSI^L
z{(K?e-%KO01UE+aG~iH?UTC1LMSU~=u7U=)@?S@JPC2*_ky}fdE5CToG5ZkaC7W8I
zriDEPHeMh87Y%NYktByQNs~T%u^IMt`|x<JPn$`YA94NaEx*07{ojt$)D;Q77!`Yw
z51%w6kanma0dCdM{6DArggMaYz?$1>C<n`1?`#IB>fG&)I-j{WP@L360V$1)ix!8s
z!roncQtONj7MFM#Q?qU<$6_Zj$GMCJ+1~O%Jch}!v?!{@=A)$flx!<d^#=ZG3ca6R
zVq&q7f7B_>?>93cJn-v2$)|vgaBCG0i9;b%b+EfMtQ>{Wvb3nTK2wSn)MpRvZMR11
zQiH9l@U|}i;yS*e+n84LB%L6(lCB|vIf8+9EhQkuFX7`%iAIDDWEKc$Gbms-OMKcX
zfiaA7Ea~kG$rfJcmRb2_SozGJHy)i$DX;8E&SUBKXEC8>%&}2<SK8infKN`;BE)Wm
z#A{y8&<R)3_9;*N-i07mr%b>R$rwC@Bu)}y?N-$K0HhQu2hmBVx#ZqEei)+mANX39
zOI$OPyWW<I3vy=6;<u8}52|lRI7G%jw`GK#K3dk+i0<)WuOw3jM>r)098=6xYS+On
zRpo4#Vdhz2eH+Gyf6`NBbu*@I9ZMkv#T=avuQ6K!-*M6xD{dRz?ov`xhG&CZ1c#4!
zj|m$!qY^;VhVG*8dD&j{kzHthw5<Hjix*nXB>S4pK(0&STx;bWE#}0HP3WTY_NjE2
zEchkIRi!!Il~GdWn~_(D>*gYcp$ZX1v1H!dafAj~lTWf``iwVQjW~IGC0|sO00*l3
zUhs;ko839S8qTGpDqE_)w`0gyk9kbWRnF$ev$?j8K-L;F7E@4-k)6}c4zIjio2t6Z
zB~NulOXZbE@du(cATG?i4MHNOM{zKh_o>D(_HWW`#x*k`d!x`R_}!ts*RHJ>y&hmT
z>d6)q_G^L(c+eD=vP5ZAi(0Nl@}#0C*+~}OKMj*C_)qof6Z{tf0<}qP$Jpmn(PPZO
z_3QP5zkF3JI4s^S+aBS1v4S-3HHf&9>ZO_X<ui^yg}*!TRi=LB6*Fvc7;NL}*!NZM
zwM*$Q^@J2pVwI+k{L7TjE|fLJW&*b4&61g%r00c5DZNsk5~U=!R<ff+<tj;hVXb03
z3L#)fG6wt?KgtL~9c=ZXiu(y6pAT6{W02tEtYL(Wp<@<Dgp<B-E52;`pdE9|J+p>B
zX`Ck{L;AY60!R2OzFLm@Y~r;x(jnPoYk#C`;O!{jy%aUP;%AWcMYBqu-7LyhK+~B^
zJNYA4&nY>g6r`_xMLdxzKqKcH=z+>cP=&F5EyAOq)<_9GyKQ_6aqjZ%@~p&Qtbg8y
zn;Qszg*g!RFAL*7j2&9AMJb2=IV(`^gd^C1hEsu#Lus6BRmQ!q)6IZ^^$T`846^!}
zA9gk!rUppSr}SNlsxzD$MSarC7UG%mHr_lxs4<TjyU5EpD_Z6K>!7vFuC<|XzQ4C!
z(2hKy(*`AyGc0<edr@=wi#e1?6{Xwpt<Bga)C%qz)T0c<<0ci-^9A*;MciEYU7(Gw
zdE*CPBOj!PV^5SL5*RRc6XirL`lDs}79i#W7vC6{UI_BfHZxjx5FNJ+eYE4t92m0e
zpvpholIa_K7yi5^wD`boqR$^51!q(D`Q|kxePwU^p=H!VjrMEs#`nf$6)Kq1A4pl{
zfdzJK;#D1=Yot9E*NjUaD$)DR%VZpixX6z(b5nsV>NP8w8f6Kb;ZGHX%6|P$FH;dm
z;uKXYeKb|W2cB8I0lZuT(iz##Fa5NDVV5RM{}QL$LtF7xAp#}R<iLT|@VhX-!$T%Z
zhB9&EFr*Y;Kpgtk1C|<&E6B|#xaz0T%Z{I&;Ah5QqB%>OcLZ^CV?rRO_N`kg&z9Ud
z*Axj-cV$F!$V@>t_ri;1uk)9U(8x1&4Q^aM^HMhZq|fy^P64XBMmN1I`_0n;((liv
zoH=4{V<d)r(<?W>CkR)!mB`B1;2}aCkzAlo4fzoONc3;hC2!sFAD7~IWPLJ9flgD<
zv_Ubs-NmHr9nqfMq?Sc#_rX130)pN^&4_CROjsVDmsO}u-;TM|BB-R8Qe1bc1G8!r
zOH3u*9D)Z{Mn>2TH)(Lrl@q+z=BER%6vs9K^k6lo)re|vE6;`AvOM`Sk&k@ibO_iW
z$2QC8j|Z%A+W|~u=*;uxjMXF%-h2t5#q+nWCo9Q;sNu@)T;hlh5UVQ<Y_Ur>n4D2o
z1~rOZ#ch3$K~73L6aI{M;Fi<Y>Hy{Z_RwkW$c$D4zYt$mA<W%P)1va*bPrS&oBD!j
zPkpXi<5rR?ts|i@kGd6BDxk8+O=sG#ue~6}&_rhG)v(i-wkBA`tPcY+Wc@M+TtIHN
z%>JPh^yjPZ`!At&*A~MBrJA=!RI^x|Z*Kwi*h}2KP|7!JmO;~?D&w}A2v6#sPp$<*
zVb&t|&s&X0GY+w|w;BlH!{^J+mDn3r`C}j-D(f*rnMEE3UTcXgTzb3$MC|dDf(#7<
z-YB(nY)W(7#B8VKmtH+A&Fk;;CwfTpo38u>EL$_|+&RDyQU24(A9cge3o$MMU4cAl
z*MpNM4b_0CR+VdhU*AZs=R<tbQ(Ac25)t!y7#KDLpJ({xgI%Z(d(EI`RNxw2SLiL_
zjR9?;U3c;A+r>6XAg6hD54zK@>shTxFkqQ<bOGmYgRN5|okv`M7G=|9T1^;Vdb!}N
zA^f&?_xrIwA5>2dC@v@AmWmF&PO~c;Xq<>H5}o1JGR96J@)kEFVVlen3j{#+*CK8c
zEQ@C;9``@2orwE+v5T4+K9*aG?;k2Z-)2h7j7!vQahQ{U=RwPl^c{{nGo~vrMJX>F
zbv?qe4*YvNxEsN9$&xvOW^AQ4V(0dGA@N0;j<wi23e5<iiyS$Iij47Q@%bS%emGoj
zW<N|wO~N0CselF_^WGd300FpFR3m{<##WQ_!Wr^ek<9VppkC6_TP%7zb$-yfhF#Zr
z0&J<u@Y`3c%3@B=Kxj?X{%;p#L?@?*eATldlpyY%p99Nd50<Z}$KQ0#855KZ<vP+z
zMo`akkRH`GTdt9$Df7vYe5y#uiA(3kOQL^5qXF4ht{=>X;p4~M`XS8@;bw>6=o@fq
z6P5I$wh}XtG#ITAL%rWIPJlSbS>vx-=n7~bR773M;6=MuMCrq~%SblO5HV^o@Z(HG
znI*eDaMA_|_u4?TM}?G-U53*Lkk+%35!yh_T!+3vzwK*=6RpK^=fu>#>V41>ivtZR
zjS^9-&m>cvo0On;Muj1E7UhL)dQq<*<@=R^K!g5jwBs&jhjBFnk#bG`B7S$|PC1@T
ztmQ)+^F|~k87>M2xV8AZA!095CmlWRVK+KsnymK2EYpK_$pe=leWjbmZxB2*JAtN>
zv!KPxaFgkWFVgT`$Uu&b-sw*mi<_KP0zk-Z`=Cxn+Hv+xI#%f(Gwk|RJ?I;@=KJPC
zdRm+%>P31`UYjIQKj~$H%b>GrE+e;6NL$%ny!%O5mE0H`H{2~~8THQNqQE1$fAzur
z)9)T<{~_7m+$8%od<H9=Y6eqJWZ{GMqf6B*J}&={@edorlqVAnM?ZD7KCM{2gy|N%
zsoZRKFc2K&^q2GJ#X47H=-(VjCKIH>il8}6^l}%xJ3h=)^T3`Y&4Cb}jci9>K~gc`
zc+fe&+kZuy@9fr7c~&LNUjTE*Cfk1E2|6r^D}out?*B}-Dme1-R%tW}q00uMQ$8o=
zYCKY#M6Akq#?m*F8=vHb0g>#6x7}|eG%C@quOf8u`>e2qQ5a0HbJqZle<(qK^!@E4
zu^@aFW-y0$-O~>D&3W}cMfbND1)3HDA9~Ioh>{<d`$e8p-~B*w8iwM`co`%1bPxeA
zMk8ZCcEMM^B*P>3eK&w6yNx5Y{o-8HtPrV|j2;Y2oXrjyBV}zy{up?E=PT4Zyz^O-
zun6W*u%d@I-$2n;n;)B1%=EC3#`kkn=YzqWQTb#&1W$gs0lBB)Q;%{e5w-u(@D0Ve
zW#R+;VR{Rm@J%PlvmO8JC}F^S7zGQRbmY#9Z;3e;X#Z@|BrfzUxyy$cI+8eQ4#!ih
zKQ;;rCw5BRDlf!d(l*08%lBzpTKwM103Gp-=&>gV2lhu<T356m9v^-J<o5FjFua!;
z2omZ=0q>s?uCv2Avc+Qo|19rQ_|sBleEi{Z-r^@)-VSSZ2lZ!Y3j1e9P1+^y;;MRc
zEdsaId3zK{nnD9XT7&6rytpk*#@ri*_}hl{_z*7rbRkHAG~s5SiU@7fr#2b9lKE64
z<LuhGLc*Y?o>(^V`i9M*oM!imODvZhN5!Ki%CR;$0IQbZPfL;26z70H;~K9c6OR9*
z%WEc>e&d5j_&poy8a$lszStjLko{&Qs&NnE?_BHOnmUZQH9psN7WYA99I&`;urcUY
z<4*O|ssSRw_EHHcH+SPe!*jK`5K2L^h0#jw&f=FFZ~VOW$#u^d&$Z9<6V{z2KMkD-
zP(OqYObchyVDCd^t{n?}HoBm_wwt<B%T0bdgdyoj4_MT;U2-a|lM7T~zAdyFg2af{
zu(V2VIAST1I_=c>8PY(L(Qb-#)z58LHEpUWL=@hnUBL6gVko!BS_(QtbXMRZUB7Yc
zRlsa;WMtWAQLnl&{HAwjxjp>K;!wO724V-cEKBSw^Y<{2LbroRX}yuuSkvb$hj>;~
znl7=r&hnwfb0^m$YUn#_p^`$ev@XHq_E0A}ykqu7;z97xS;0Hfefoy=rri&|a+b{I
zHmn|hW)u5a#^V8d$w6pW-`JlprXxfOMCz0eqmu}uIEpzi$g{qLhw^yRMayq3R4xYY
zu40QgZ|bR!`Bn-um&~_)l?qI4nKRHLn*_duRiy8^0-)aXS&?T8DQ4upM*_{JLnwx;
zYIz+WF(qDxo^{EYb$#xxScI$pBe*E%*}FI&CaF;lW*G$;AfRq|rqOd~Pj?(5hxSpp
zWYQQ;%lqQGboYtMqlKHz)^(Gpn&kFf=i%Km(-`*Hw8Z(WQx-F*J0S^Ss}{%w3-(r}
zw7WEoh>$mTMO}F?#(a$z*@r*ZoUGlk51P@4msy!`xnU&PKMoi)XQbVY_AKPMJJ=;+
z;}%A^9wIHOu3@BI^B}}vKaAC!2yE``ntvx#u&fSE%eZp6AKb9Ex}Qr#BB$-i*PhCO
z>jF2##wb7U`7`o<X}p{H8a~<A6S>TwR^PmokYmwCCBj{y%Q=`U&_Ow++Iqz=YDvl#
zd1=QS?h&>q|J|p0VZZSq{FSLGoAYfM`r+Q8MoB)!Sywmn2>O|_f~MD90ZiHMy&_+V
zh*~cY*63b1u{Fq=AcvvDZHz<QDNt7f$}^^Lme|HAeCxco?d`W(TYjcA(Advl6WC?8
zGG8@2D6PmOw~t*f;r;Q?52<{L6guf2I_+iwy*$3D=_n}k7yy~y)wW1qN?E41t`>^U
zG}XgL+i$X!%7^w`!3(9nzl?j@(>R-Sc`YsNhtyOss$J6VkyIWXwy%xF+6(x37YyZ4
z3!AA2ZdmP;+}yomov6xr8W6$skWMzZVPjV0mxnbAfM#ED0(S`frZffzYeaWLnKO7G
z`xKARUX&7@ecs9aShwGTAn~z^C5G$s&W#y4I}@9h6S$#_>Y1Y#tF%aF-ZaCm^=uvu
zl4OXJs7!Rvj7iF^w@a4lR>O!~E0#qFS`4WIjhXdVw`=i~t9&qwQ3)oRCTA}wySc@A
zy;Y^pr|8G?9NyDHbkxtP0_|m`wVl%2RL<bq9co9S_d(YE-MjS@(>(^K>m=i@NH^n^
zUG_4Q1%0k@D{yR?P6pql`*G6s;K~Xye3S3GE`N3#eyw7*@A;NBH)Il5^r>N8z5hV%
za3oCE%j}71#~&}kM?<;+IA)8l`+WX#0AH%zV7J&Ee%nUuiaX?}Ola#?U8aD?9+R`P
zL({w`K_q7CK9lpOi8J<Jt9^o4tL)Lj7`><xHuC1rKj2m0*4EcNX>#gwSJvrOK16}y
z%Nwb$r8~-Di`!7Y%DGcF&QiF;v$%x;`QMBeQ$bJ%A1(%Zl=qt4IHQ0R(lc*I)PpE2
zriHc7ZhcY7a7N|1zxB;h2XmVz)`#9K8kf8h|7`8hVxYY&M>vnwHX%iWh$Zb`@nQL`
z(i;+JXgHIT(W?1cZ-yK3V)^Q5JtcN+qW-svkx2=QY^Cq%yN_#423aA{zG?He3<Xk@
z4-F-)kt;^%D<U5-Ahk8P2_{Ds)IH3c^){Y1Ju|9#=-DDYN`AiMHA~{sw^EB6b9EPN
zVIRd|9qwN^o5SE314gYGXS-)mBN32~xrMyC#5&mJAu8;lw0qU?So58+q$8<iP9IJ|
z=S;(_3o4-<$5Ab?XT!)DTM?u9?UJIT^PyZCt_u-4#b+CvKQ3Nq9S&y$1*t5Nko|!<
z!*g-F6WRuHR!RMiIjnC#*S)bUKYx2KsY;HDR;~vzWO${+SLM>d+13$)<0=AnU0C4F
zKI<xcG85_ghJIZo*e}d6@rsM$SYdganxEoGx&`4^w1B%nCb!f19cV?+!p9H(_2laJ
zw@jopa%1bWf&IJ`Y-{f}B(BkJ-;bH33wSQtiYk~RWvK<)5{FK$&7RkQkffHOQFhMl
ze8zdNj3m2=DdLkB8;L`+(MxYOVpq~GC8)+mRM6`safSE-#Lop!csUcO_faWu@Chp4
zUNVev41q0h1I_R#`^A>6`GKh%lw2_qg7PbmkOC~PU~Ee4FO_8D-#A5TU?lAz+txpd
zD0L4RmttFEfb5nG!We?E`)nUzd3=7%J9m9<HD?~2cj?T8(5ygA#41_kjp|0wjy(y4
zIA}SFqeuY&Sh<P|AU4QC6VHW;sv&}%<-RZr(Vyp$Si2Px4X9+9d}gCOQKLCVAm)K~
z(L1uf{p9|Zgxj5XXZTW6+2i5eEHGsR(0i)B%%$?<*n>BlIdtwPu@C90GRvmldQt5-
zJ$K0Vc&!Yc1jz2xYG6nzWPaj;8>wgOb;3m6G`UB++L#I`Ho@W8fO)ozI6q0*O87wN
z{n>U2)nKt@3E4{9oWv4m&TM4<&CO&mzNr~;Un*mP)AA24EuEX>O$Uw(eyoAUU544V
zwT~1R5KW2=Bf;%lzJbI6n``kMCun;C%?d_L!p~$?6U~<5G3rt=zk3ioCp+?~v{b!F
zNEJ$-iB^G#^$-c`+FXPUHO9s2Gp=NaII--x{c#y4LW5$TIEVy!jhsm;nz(<XRBzDj
zUUl9)U7LAo?bdmGfe*Kk8h_mn)32a@I;+L7PERptTE$}gz<Ltp39X=2wa(D3-^!B;
ztLOA~uQIRuvw{mUc)3&e6sa9fnh$v?Yd2iqF9+WpUX=+W20&#Of~WH{o+yf8Pkq*k
zP-!Q%SI6B<63#^BMx?LpbnlwbModVcqb8BMgTqla_YZlh&u2Vxai!&4SW58=LM!UC
z2Hi5;>DoDYX_LesQ!IZ&q1tz+3Zys>(b9k4@3q_he&Q5uRDr%bHSs+^-PSCz{=Dny
zZS8t1IAbp1=WDj3wr{T^^aaYJ)eg1HTFp@XpB|OmocT|cdYPxm)ENk(t{drrg^QeJ
zuwm8lq5B>K)ye`HhAJ20)6&54ET(tsOgz*T8Ey%7N944k$1y4KL~Fds7lb}_$U3Hk
zGa4a!9k@lXyA{$bo5nLv9QZ$QbNR=Wm+RYzy{w_W!R*yBLwUyt?T*dqi$(9bXb)6;
zTgUt6N%H}=!EXLeB$!w0o8?O$?x^f$>URdjfp;lkG%cm=*gDQk#_3>x1wc3Aa`Et_
zohi^FvU8QT4xk@4tG}QCg`G67#PkB0yYK_&l^gb`msVE6CT_<g66f10=O)E(smog~
z73rclq$hCCAL&RA#vM9s*jzTETq(=O#lz%7_NDyaJS9<|{h0%hy2IlexD5BuA{tu>
zkY8$==IJWP7FRBm^PfI#yUn5V3u?jPR#&m|5aH#>_k+E<ZOYIQQn<SUY(!-+OafP$
zXO@4=*7yXvV!&JAi?50+Cw7fVQU~3si^frPWN5ij^{%Vbz0XPDj0Sq1dUi>!g$o5O
zdIjU9l<!Bx>mp-OxA_)c_>Sq5mV6ZP^U|(H1B5~tA0Ki*b$CHvO3akZ?{YZd938}A
z%PnnHKlQ!ELthg`dZa}4N2f(o3HqX44g&47>HVV{7R#&926Pe<BtY3wC#_FrMF3h1
z;^u>`VNY`7U2fkhhF3>o0;Cw<FPY|l?gIk`XzsR@9=UswTtah(s@^LN47W30aE&a-
zwGZl*4d4ToUOnvR_BN9~8s*U#A5&4l4*5ZyNd(Gv2%w^3e106#51sU@k+^ryX9}KQ
z!`pHkZ0}ecA3oQ0@<4ryk%Kx#f4Mm1^n^p`Egdod6eGU{IHMx>-5bYO=e!P10>tVG
z*kaZXz!@dX3xT8%t~oFx4VGRAJL3kF7<^SSa$VpW>`HoA^^P3nT7Hb9uqTmnpLr%`
z_u#x*@zwK$CcVM&&HxPJ&<8Hw(06MH*jw~DrSI-}3nKO37=#!OXpYyrPzr+qIVcIJ
ziV~?;i#!z5M`~O7nkoc&%drY#R_8kPwqwqnj4$x_2m*@?o}6lha5z%7DqH;=efWYM
zG6LW6iofWvZQ@8$jG7C_S*m`p56Bk8R-_V`vPYNXNi%lN0kBEbjgv!xw+DtS)onnZ
zs^Ir2k+pB8v>a*6Y0{E^O@qH5*<Y_aw!V%`Pi}x=%JML9S}xvnPj4sh1NLX1<+5;K
zXu}r!h~79^--Gtmzc%a04KC{j<kxlPzwY^YRr6EOhnjq-u|hMAyV8YsyFjuipYhM6
z89K<wSP&Wt%Z4Yc@bHY03F~IYq61s#gP)gNKXzcw`IieJ!H*VFA5zSzO4jKe29#+s
z+XH?roILfHA2{WHfRWOlBj*T>y*R8;4QztH7j9}88p6oVp7rYgyS)XH?w`w;fG^`<
zu5OSi_wPT+o3mJz<fo;|_k`=NtakP^+qtlIc3l>~oW!|Rn8_ceZK&3A{AFe*f6Cqp
z*X7B5^<-$#S(srHZgYL)H~-5#l~aC~vHv7oN8$7HVXAms*>5Am*#I^_Ka`B@PI*2v
zmCU}H_-_rBJy?F--@X<Mrv5pU4bFc)|06;BRlh?V#6KBZf1g+G_{E0)9uHVxZ|mP<
zx&k~0{L?64K<xJmtNlH$>A_gy?;i`n$rJzbVsY`Oa4?qndmL)~-)=c0p8{>yr16f6
z%SKilDt*FoI{D-Jx}n{{gPM_G2+=_Gxz)@bZHJ>mlhCA)xEF)5G`!?Pu;I|1*PZfR
z<}mNSw*e!@Ukq}YHUP~1bgJ~1o8QA$q(o<j>=iH$$S?k<+}Q6nD!&!JE=bDWTGgX>
zl6joNK-ByfG%IWT%D`1eQB&yOdXyr7tRh?eE_AflPh{EqdWq%V+cj^nfL$grx)pdc
zY!TiDI~I#=t5x9DxX!5$F&AsY-$q?F{B^PTwCOgYykz%8(=G5Cgr(*`r+>9SW;M0j
zVE`AHb}A-AEGS>BEw<SNLl7iHcgikf1KF>ANZZykDbA9YYVHxotd5#xZ^&+?ZYGka
z6x+VvAYxnXjrOD45nU6rwhK-5dx*vK&wU#Gq4E4rm2*mB@`XYl2Cvm0Oh#wnl<lA2
zx6E;ELq`-OclaYEy^0Gs#4p8=MX-qK<zt5exs8~{di5)>tHcV8l@kY}+5tQU1;0lK
zl0Fn-0(AYSJoUFszk1i;X&E~KmQ711N=h8yf0$zuKfb{WVIm(l6|*v&8|&%cL?4}Z
zLzC*g!0L!L{i+>#3NmJuh&)}ikEuZXpkZhQOlpg6KF)c)ll_9E<<Hm|8=~J`9Y%EA
zbim?%Iw~pB^jbZ=QD~mTD8VnBhBz%;n7K~IM_m(<YVd`dpov2@E|wd_R$;MsGah==
zQzw-%y=~m%P@`P7;>Pj#%%RB_a!UBSBhO)8%51m2;5?S)z1fY}Y!AVC6uWNR>*DTR
zEmvLQuIhH(XP$pnh8UJtH;YQ~$GxiY3lFh~41VGG(mV<t6TpdvK3qA06AfW7R71mG
zBXK0C|3gig*t5D+I|PDSoEhd-Y{ZHXzq<$j2xTNG5;=tEF_*Xw<3C=_`1Gk4Gw+3m
zWXJ6gPN>1!`CR2tVcTB|MNj<Q_f-z82VsQb=OzrgBabc9h*<@bGWvmyHoW=R)Q@|d
zW~3l#j?zrmwUwK~BK4r@pr;LzpU<4)du8u_>pgO8dYgP(FIqIty5inyLS7GZ^i3BE
zYrc&*>)ORM#q=-WuvL9dL6Y{8)h(GmLS<F1?U0S>j8LN;_J$#NJ~c|MbDzTpf5h-b
zFZ(O&=l=~rHJ{Gtnq)LLeFxR$r$66HikUPX6?9#_FbH-!=mc31)V4s0|2GuWtZ$>k
z_tV>S<O$hX3b$)E20vTYEN^>?O$%tqUEfElm%v%|x7}m@iUVUY;f9kEhKKJ29_yr*
zF@OmzQ~HgTYHX|5C{$z|RCOzM`O8edzqn?})VP-u`;13*ebqd2U{gV&O?aPTnZzN+
z#Luq4oQ9XcglHpdr_8u(E(}N6cgban5|0=;PbP{+zz7>wA6!Gag{WhUIdk35zi4B5
zLrqZwSX2=Iol#@hmjO?xLN5&^O^xx$2xFqIGcrTK+;q`2jNJeD<r@0Yd6)$n^k5m|
zk@KB!{5cmU#h0H&Mu!8{6Gp;h6=Qt8Pu@xsGz}@&RF@!1Q%{abf<f{M%Ghx{lMB4l
z9<%te4~l7I%i+4vc~r9sZs6eQ0GS{Uk`>*#rmte&-TDIF#53HA70QP>{G^IE4mZHc
z-9LhNJ^E1z?#KK)k9mPc|8N)WaQjVuITUn+WVXb)!XwO`0wuENiIsCPIoDRibKK}6
zRkHwLgyCVnx3Kdazis!M?5Ebbi*&PC@1kd#MFGQsD%%MU(CTGLwCgz!5w)bxzdTjG
zd3M%ss2!hhO(QV-d$C=&YD8S)cxZEZ@;gh;Z-x%9vD*rh5>OisDw0V{O7(5lyFY|6
z>O`;#NZ4ene3H;nBv&kf+38h}QQ=y0Z!cM*wgQZH*pft3vA$K-aEA@+zya<&ZBwLn
zT)%sBq-TxtRic)@r(Yw&F~l<W#^4jp8l9L`OMM`2Nh?ZBoqfcj102Yn&2UL!&&heo
zL8j=zQ-zf+D(B@krv7;}6(`1ct4q7=8vt_X4MSB0uXgTpsXAmY*f2OM!Gz(!l9p2i
zS*0T?A6INJOlICR;FbuMeyVCH&@24kaB4KjzzJDLUp*!*<7(=h-+*%b(m!!s2ITd2
z;PUDHHGiS%xC}^e<s4)(56*qyx;CsCq|rx{DtjhA{0J|OJUMHS{93DJT6=}w{C-Qs
z&FnUGE|Tz)b=YrsPJ`}Qed~lsjAGnt006W+*47jCGO}u^;_(O`c;`6GKbnOLtEaKq
zIx|z4$cKp+7FT|5`%;BVFZ2PwSZStt3N2I*Gbl6~L8E2g-e<kr>t4#QhxM^u0rL3w
zfaV&78(szGVsdTiJT|Up8pd;*-kq%7M<nn<=P^5hugf)dl1~|iJH((CU#RlyZdlwM
z6huTHtxNS8?W?CZT0%BXCfh5(bD%5MU>KH<_mK_Ob=xH&FmRe`L0X_vt!3|c>TR0x
zN}ZCM;?52p%Xvb?U7<{ygRQm51I^x9Cll0k!;XR`;`|*6R_e15PTY>t?AK05v<Nl@
zlc9EpjQaMfJWTdUo2ud*7?>Zzi45n9wqoiMQ05MT0Sz{UL6u0f^Vj)H|Ifhc1($9D
z(o*#7Mzn^)w@#;5JDT}whBsZ`XYG_hSfDKZz$hv^DB1z5n_YZ<FBKx1U|gE~wc4#g
zSA3cl*}JLqoEM7O*=#z8O5>G~Bu$O^!sXj0E!!<r6!8WBTqKp#f$-}wrp+`&j7cJT
z#=#3LP|Q}jMu$kwvH{~y<^h+HF6~bRNxY}0NrgN?R91VH`-NCu#--%FUg!*2%!)h}
z?XLJGoW?KgQJQMGMC>?l+g@2NXiLXJ;9e!oXl_B+laM~+GTE+}?<TKVR|5Is)NGeA
z5(5Y!Y(n*9@6QwpQj0b)KIRYFI%!Wu#gED8v91zv?(XJb6)3b~7>No6CYaa@-M&G@
z9vv#x2wVfsw~Op1PmO^NS=<Shqx9?q%v&w2xHvsJ++ocYQ?HsTN}Ti`b1$8;_m1;3
za&Qb!f*_rU+EO&}caHiI)VvO)WorFj$#=^-7_6Xt{oTE$VV=E56Y>T9P`{TsI-XO$
zH$8M+$K5wWkJRfGNCmXqHEcuK@+p-m>?6~U(g=2zKW%RI`12YUH0usz&PQE$tb{#Y
zn151;<tWQV`&J@#zve+sC4e)daexmt3c*9~V>gdo(cbdE{8i?^<*zEA^42XG>l?@P
zck|F-e5~Ub65a{$pSLtBSAGu{jF&W2Ok9-OrBRc1K)S*EpWs(sYt?>gYHM1B^2}E@
z!`vSP^Ln2208+CLv8E&igb%4pS|muF+gfCI+P1kIUYN*zp2bH;__1!<dbOvD0h(VZ
z{iXn!m{H5ULxs8rG29CtK`@G^bs=&De*moT*Z%@w%YA2TdYT1b6Nme#p(Z6dyo_st
zpa5~%r1d;*<cHbB;T((Hj6>W(-R>QawzMRrVkc8uwKoBwbHysQ{JKbKB>V>uRZ*`u
zG;Ll)x!+1J;~Wt?mQ~t{bxA0eW^-UR#US=A8yTzF@t_OUzwMe#9ekDX{tIoE1!TMa
z;aqb^%%eu|1;57k_PSo!z{fL*P4RPGW8H+Fsvbdgp1q8A7Nsz|de8Oq7N|Z>xQ)5o
z40emmu}f&T<sBYv&52Kh{szY{Le9(6;N3QOxNN1FRb+*v`?Z1m<s}0-zcd1ORQ)pS
z)a}l1;B=v`li%Ck6~5kE51S*7Y?LFi@faQSHXuN7TIIHXK?b@Vmcj)46jy$L?FYbZ
zF%LJ9E;h7N+eweHtxLDK3_#KM-s_tPt#zE{+m=jN_V+`&gq$h@x?a@%xj<$X0TNGR
zJ8ugm>qJhxu)?3MgliNsg(pU=)oDC1Nra<-{c*q7ALSA|Bxbqdx|0W|;0S>N1ms^l
z7B7Ov``h+7K`r6|H02W=%9{A7<l|xpt2zQ)VJYo=3QCRqb4J_uYqs8kyl_F+k7NWS
zzV2?-+RgabWH|(hrFa0UW`ewS>#K&%^9hKvxKrn5Bh5Qa(yS>+w=^mPk5<6-%-}TS
z5Q0e$YQ>zjuop_-awBRhHYrp9XP&<~$_-LqxLWSH+oq-OV-3rvd0CpfU<ytZBz%0E
zbZw~2U@C0PVHgsFM>2b8a<ivbC?wE|;obOci_gx4AWy9;w2hww+7nVC{j1^f>_KRx
z4NkE_)bf{N85bXs_Bv|dR&~Bo>b@a^2tqS_VMHSgm+ydA3CvIbZYfdTt7%53Y`K2U
zLviMrC)bAkf5o+(GZ=zBl7>&rk1QHiOCK{-=9tm=E1x%Ldyx|+tQPzziKA3VL;x;a
zP=myGJsnX4U(zU0`JAAsVZy2&vmIs-^+|~Iy&2HaRxcXra3CdP`i~G=lZ49H)OCdw
zbn@efoAIig4!tg}6DZJj3IK0$F+a_p-!LP7nIWx;z`E?K=Vwu|b>TMdu4Aot;U5nP
zb;=gh)MLJJ`w^7O!YCY_zML&xin{eZBStN1@iJA(++UP{MGJ9I3$HN6z?%U#(#jbS
z1QYgB!C1-IkwN=7_z9=4Dl&}?F(!l$(0uUa7wT1F_e;9$Hv(<#t_23ar+||;*m$Bi
zv|;lb1E!W_AO!l#3p&&LQKb;{HMyv0Em7}dJCz1Gl|1=o^FgMI&9Kg^JGbMs`!*88
zkb7@H_CBv0@z>Cmxk2{T%8wh?;}YCMxbFEC2=V+@Qs>yj=5s?;3{S>Ba5FrE(>YGR
zl|9fmCE<t|5%Cw7OT?S>M#M>pNWOqHC2=lOv<sNAyNE<q#bN5%q>5l&kr(was0<+u
zEkuEVgS)*0TN(R%8`BpIrRnv$I#c>!AFKvG;VIhb5-OiIk_r|+gFRH>oAXp{?@kPa
ztAMcplNh5^{`Y{TcYZU4W*y#L1B#C-g=Ky9L<5V~%p+e~r1V}MS3hlGX*X{IdF2i#
z_|CAdHh`}S=q@1JSQT^_I2M9b#aK0t-tCdVM#}Jgb|c9W89RW5UM4PwmNn_ATW{;p
z?2C5KnugfOjiay8SEV6mf~V!ObQ6IDu>Lq#jL$pMK`pVHk8>&C=t(z4T#z|aV&t~2
zcK0P*X?_jS9vv{ln}~O8a)2=R23s%}C^Cgj_%h7#aaGUw81RH@SSB`mf?>x|+{gHs
zFa|=N7)rck!Z#Hn)4f$=@Nh5x1ZxNq+klS?@V?I<NL-4`fvHDO@Lfti06Z|LV=X!k
zS+H>ac<t^7a8>)42Jiha1997Q8PxS8K0iCvnYTS9KOjxcgeYmNdZgVF`^ym*AqCEV
zz8Gm!UWsjG(Itt1iTF-2%F44wk9g^ahHx+SdMttOx5#{=u3sfSOnxccu!#zP1bg7C
zUTQNFNyYOTWGbX_rE{Br*aKZDz=?4;IMwN*&DAu^v6b{<V0zwi-%#>-<n{d7qWv~8
zci7tqHQk<=zG*tuZzxXBN2~3V3ug3aNUtcKR$eyR5k;j!2f*tR4}#M6c)7#qtQv=V
zVG9&-P8(%rk6y8|E=8`>*e(cdO?g<Eq)a=J`}VEWROOJ~aO`Oq<o@q6ygT*e!d3@a
zQp~MSH<Bd4JHyHDrSrbhu2eqhWGk!g{vh+wH9u^>BB{#l9v91}oNG3dox%zI1npXv
zH_7y^Xuc86iE2kTHp_y>F7r%WeCu3=b)^zIq#b*vQ6~onb)FY_SZ151y1AJ&Hi4i`
zZuhCORYyTR0E<`RO<>c{(yXIu1y}bV6>RgqQkLFE=9Xmvy@hM)^amVh(Zp<Z|K%Ty
zjR^VG0N2GMjf@tJOSzKg#pxlRT;%2(=I|2ccjz0=o*C4CG6m+?3^(aMD#Lzri0<FC
zNFi$muyGW>q{TQp{mAV&C5v?PT{hu1XATb*VxZ+#I(Ci9NpD27!PsOG=tlWI>1+CO
zkJWmm3yB_YAa+tDnEIgrYOZsJ745npl<Xv^pPA4z_ga30Llcm{BgpGL);<Ft0jTbn
zEmh?LH?-HW{pLbHuN^Z~8!AH(ue<>n#rT^vigw3ccub)(sYfy8Vc-M{2Sr^JobPeI
zh^;;EY5eN`790N~Du-%}fXvp}^)Tvj+D?RL8Vq9=)8$t*+3jo`Iv_6zy_DV3F_Z8-
z^j5>+WcSw+ysDN_%~>w`0k!ZqggK1Y9~jwO7OnmL<5-A~>Mplawlc@#ODy2Y%`)wa
z5X?RtA`_h3mOW@d>Qs+&n{v(>W-dZ&Wq+VO;&SCIvfvsckg)MV;eY;GDs}Q)Pe;98
zy|55<v+Xvqr^Yj7PY|uM(}B~Wdcs??&bK3A70Ri4tL8WXS+jtchWjV)&K#a9gg(fG
zvzWh!#bJj{4!F+S?O87QD1>UXVPE}K>JyoYj8f5O8wk{wGhF^wUOcM~#hwTm@Osw&
z-Qy_L;PV!&Y1U8tYgVTsNpYx!$jYI`_!_V%`@B1#3>Y}$u$<!B$5ABp;Krc@41VP^
z12rf7<;N_ih>^zpSngRVzG*sUu?<3E6MD?Th`=!)kZt2j8LZS;VO-t%={>0^Q);@S
zC_=sb8@xkQS{o;fPYA-Mg*Ww}{JtN(0eTYz0M~A%fUDd0ePxjOXClImEW2Zb5%MJi
z#)^51lt=S090`j?r5C-LJVlH>#kJ(43VfdlF;LNp^IN_!aBqIe(7k88sNKKbjvbr)
z>7%n}vf!y*Vt}L=3Cc3Ti^^(*&vl2C0yAM48J(a4jZB&x^13aRb4FzDJ{9l;QVyuW
z*batwG6sc?bFa|XO$LnVo1E0vH;`Sji-G3a%1WRt`{Pu#mmD*z6#@31xQT4579~m>
z&AD!7+*IRXO9Q%@c5w>8{^mT&yq6z8;!4>!2%4h488Km0q5kr{DtFXil5O3l(cUwG
zho>h*bALsh)Bad8XL|~a;uST$vU17%$7TNr<T8Is`k)C1VDH!y*pNVB-VY>aaT{YR
zeQL^p9|;T;%QU07CjPA~$20QSq~`Jpt&Xk*bG}kNySb?_44jybHK0rVUPvq{(5`qB
zl5OO$PZR<FD00wu>J!e4)G|F!jNQ$;Rn2RjG!9So*Pp#f6~LRyjh}E4I$`i94m1D-
zj(&#V!T3Z<mnU@Dqx33H9A0{R*1{6Gv={bzX}#~Bh2OHEiKSf~&>JwHgeEfH7BzuV
zH_Pg4qQ?7)4MdQwnvnPL02@QvS4OV;xl?kp<!80z6+Z)eMKL(Hc}7X+Z3C2%J5UK(
zq!}^D`mMilR&CTjB@MD!PV9bnh^?86WW=!@w7Ch46o6aC`*=MptW|YbHbvX|HQ!aA
zg%sc+;JjU3!MrPZ{f_iFmPmKuqbLvcj}%3M%qy`n<hm`*VV6;*&%JH(?+rOUw^2vk
z%1Tx+7K?n>=e-i?$4w+w4yH64447_FymVC(w<bRo)MxgedjoYJj%6uRiubm<_jQt(
z-F>NJq!Ls-majPxkIZnoyR|5iILi{eXVr{HW^*;Kzj@ltcfg;uVBJQ2cv<W`;BXgd
zEx(=bAaq<m`@+Dl9W>(;b$BF4T!0T%->M&Z@Zwfq=HIgDQ00_8tKRB|;4)@h2SAs4
zDr3r5cnA$4#ux}=tQhH8g&c6OETw%h6)Nsk(Yz9Oy3waH={L&o3{yLOftOG)kkeGU
z>e6@fIeFGVRMYrpa_iI%K2BlpwYU@ReXK~z1dDz`{U_)}_Hz^kKTjO+%J`nFrK8+)
zO)AWhHN4u*4RPYO!Ex3LT>8OTr~kd9A{`&RWz%=r!1`tSFX=!Sp)gp^+$u(sG9em?
z<2R=-sh?$uK1rJi9OQ59ZQNUpWCpefAgRd8cYqzs&c|gKb!M6m&P1#3NTOb$PFP3V
zv<1BjP$tx-_T`-_W&8nrtQeokZY{noa)rR!P7h-bzFOjAuN%T(G=3T}Zo^J>!{V}m
zt{<<pP~`f$o;j83G(CI5V|HM)lM)!ijQniQFui=uREu&kurQOWeMHevaKoy1wJ}^3
z^L_%HKAT$BbX4oOMeW#!VDHIa<G2IydFad1l+XnATg<1v2d}Tkf%2J3<2?v`>d|7$
zER0_n2CQrLb4A*YdV8Rb{5kP$uB^3NODFhWh!8Fo9o#{F5;_%fX?#avL?tt?@qm$_
z@VeLVZi9+ZDnU1*D?-tm^@JhowVbe)c5Cg-X8yM%18pQaOVo(2+w@r`b)Lu|jUROu
zm6kPHufLb$?5*JY2;Wre_RokMu?BJ7P(}~v-tTxEJ-7IP^U3QHPEk9_=@`gw?zQ%f
z>!E|1^^T8nkwMyLV`xsRVcAYR9otU#MchpOE-t#{qEN9QQ%dqaPWRHFxj3ae5ww$M
zxvV4NyOl}HNAKDj;U9PmfWGCvxjMt5u6jhMEOeAcA3HcWkjaZ`E-KHUkuBkab6%|;
z*`j;1qMpXpZbhuqHhNC>ogzc}{w|;lY!9_o63~?CpLOWPREf2n>8YW;9}9Ega3!9l
z9918K0Q<nJHX0TRiK!Q#Bx|SCJqi(kJICvE4wzl!7B9qH*djq?g#v1U7tKtzD8Ffw
zp4rUcN-e|!Y^O~s@dO1QJT9DEm!f}8h&EC$*z?Otx)qCu%TM?aw$X@Zmkny`-Xq(X
z8_NdiRABVh-Jca&eu^0JJmR8JzR1T@uc-38yH85>!>R^&(us<{|6#?offd{`dPx6T
zrDS|&qNWKAGi)yTo<hHsY%z$5^&9W89?>TQ>)Vw{xE#+}!{rJ!PWYP}@yAkB-@8x&
z>6O=dw6l-il+LF&{h~exXk^r`EUS8)_<Y(y)A7v4#7!$em!0u*^(79@O-~!=YRi|J
ziOhx$hB_3pZZR%^E}o+JC}9Y5GK?Xh5YDvQbrpsHzfIum4%(kE+ykCk*0~gYx~keC
z;_(NYM;^1Y#*q&Ax-o+9OA)$BB)!S|^$EOVkGWnMP&QsIK|!z@4Q3w)(*n745-Xl$
zcqwi?`nd_KPb+R}ocT4Di9QWOhmc-l#ce$>b6>?G$1H`2pMbVW3Bxb@D9t1=-q2V0
zx!3VCU0hSfL;zkWeA_Dh?BS91IHgyb3JbeJv4lvDX`YF`l_h?T>b|)nwM926PyC5C
zJ?F;a2Q2rjwZ|nkAk*h^f!lHtn#iu_9adZ!V>Vr1*l`4lEu(|%`$1n3Ee*N^-E=x#
ze?j8QUZ427YWNToBFQkBkV=2O$nCol5=?b!nfo;aR7Thd(i&=HtgfGgp`j$9K%>~-
z&}<*yM0`f$Fuv})cvF_64}G!d5{djF>eD<gr4Xl{?oygkPAytC$gT&i&5>%h3A%{N
zD>F93GFwg=STpzvF}qc`DXR%z#5xRbMjWv1JzSXFwNKK~g1%!8Tp347(|XFS<V!Nc
zD?E9<Fi^B}>cOnE!kB6L1^qgp{`h2!+rsZ3OsMQLnodSe^)ch>iG~;HaM-XOQR()b
zG^1VS)DPRg@Dm?3RrwbX1}6_``9mciy1}4jX{PA}0H(<Qz{F-^R`7N>+Ens7<<N;f
zOEKN2y_ZwG<MaQX&k2b5^R%Od^+!KO4@(kc{=(KdcJL$)hI@pC$%18%gd?}#bC!J-
zbfyHVPwGl#1lWDU>p%aCX$J-VlqD`qPJE3SW9C8Mq77RJW~2iQf1mh}?RS|d)IxVt
z6m5U)Yo1}|4Aqm7ueF%0l+Z$NS}@pq<^M|t#6#pi<+1<PhWwD8c(LOzMF!L0!2dZ7
z{{I9(Hy^}*WxNgF-8HuhvovJKk6J`WB_u3m)a!UVx>vcS$thU&K)8c5Mt3Xq5JDRx
zf%v*hx&sxAiBN>zbf{|m&1^ZX1_s;LaRgLKncjx<vk^KPL+jU*=a*-XwL6V6I{zt$
z_iwvD*Iu|Rx7biIg}rzOLj2vK=J4&W9ctW7v9Du1o~j2#tYwm6<I?7tLv<?r2>!{t
zATG{DX#VSVM;y7@=E|ofk8&+@d|>~8(Gg&Li+Wf6Uw$1&0Pa~i>TC(k4MEeB(ebve
zj_XL~|2eG#e&}CW5ETT@KD$@kg0mp<y?@qe@hD?4G?_&63|q<peD_1i!)bMaUUl~2
z%<kf`)AJY-+<qPuTy%aYnw!q*A_rzHXy%mt6Ly|M50)DKcY&}nU@rWei&?^nvk|>r
z?r$`ysT<f*xBgUj7OePE`M(9ihW(EMVOv<b^=usklR_eE_hP@=Ml@1=Cw*G!VbQ9C
z{fCXPQTW%~@I3#>VbTl9e7tnA2Cccf|Cszm#K`mCNd@221NGP9{$aToY+N=A+o!m-
zZqsJ{?4E}W7LFRxFgn(Dv~^ZT%me1V$uUfuq3#}Et7en7&Q=j^rR6$Z(%E7GdHA!)
zL9ObEtx17brQ{#9puTn3y#20#7(926Zu;URpnng7Da-8t3xT2Wgr9#$z=n}})BvuZ
zH7Yk^NWKp42mcH+*6F?3hdTNlr*watN!wJ&@jH8Hj!pDVcADp@EKors(f{Kp6gF_I
zE&}`^{hy*;|65q=c1`=qQhwP+<bD;Of9dNAk>md<+Ev<@g^-iLMqf9gfLJH8PqCN6
zO^@)3SUuzMj3Tkt(k}Qg#-RJN5a8pZGXmswRcQ22;(g(U#q`T6z9UM8W=jVBl<+&6
z-uh6W*J0DU(oA;3yBik4d5toT-=kQLP52HATg`jNB5=l59ggZ3dX(=+q;E!lX;kNy
z7N&p6CS<0PP4fKVlOwZ3(tG`*P1Wm4L*&KhAlaR7Qsb<k0)w8aUgj{)M(BD_!4{6d
zYS<TNeozdy?!|d0rQJ*?8+6=SjF_)8{-nxg)m@hKey!AU5!2g1na7fs^EP<*$EzKZ
zpm~2RAuGC0i-D!~-pe=P{jD@vT@mS%l{ZB&sm>*rK1C(=b<9G+s+*~xmm`7HO>{jH
zK^}at=<?8|)LHRYCvyc>t)DHmD7&&EUY<nE&bpO9R5*|}NQM;M4j4DqpJ;<+G83;F
zUXJ(LlGhl5re&{%CQcyuqRk@Omu|BR-0~vEi;`WGsBwM&;ji|VnbYNEPw@Z_?)D03
zA$hf>PX*W%PT6Q~dW=>-ZAH6Q(HXpz>1oL9rwkZH)V11XJA;eRb?UKAyu)V&^Wh`v
zv&6Gnj4SHB6Pp+6FZEV9WsXdq%|MO}Vaj36)$G!bZI;ZZG$dV*Wd+Kbr?LG-mT17?
z%5$|c^{UDLzrtDn!(U4wfSy^*@q71Rb!^@ff6~^yU%of-bkSZOAp7L*iPe^_T(#N3
zthB2H>%xJMKaNcZGA^k0I>k(MmWjQ(cQRb-*;7exK_WUKb@uC7Pi`u0!-PJD&T-4d
z7e%H%i1X(70kg<izlW0iyYvyS8Q#}L+#TaM*}Y&S=d*`LnBu=;UZmW=azOYXg@ixD
z<V_1%6=95uwx7Rps=L#4x%twAhPP2x?#SXks<}ho_FhZ}+hsk`D^-9MvANuBt?g!O
zvr>=)%jPu3@&2tcw*xi_03uV-!pP(I<o>_dd#k9p)^*)FXdpNQw*Ub`a0u?f5`w$C
zy9BoY0SbrUL4$<g6i~PZDcs#PxVxW%WM<B__L^(${h#)qb91=hhH6z*wNYb??|a_f
zpG~x}%vxaWgzw@RL;E&*`5o_G9u+PRe^G$-Qj5!rOJl2S_pzy#iFz(L#Dg1-K$QOt
z+?5hxm?i`wpUi|FzFQ+NCF&x0ipQWY*KS5Pc@{Q2#t|2zFXl$CtW=(!jt}@`_sy8F
z^d$k4`w?QD)-v8lE5YU>##!s>>rX}D!Bb%3j0hqQ&-dSYK0apYc~gwFv+7A0sUR0o
ztIa4}JtR1)YA;cq-@@&Ol1)MaIKiS#vYc=#M|G~Ve*zZ{Nnl?VLYJYj->3P-6KBVm
zmUL!>f?U#N9ODa}(VLt!t(-JBUx~%P4s%XweNUTvdP54VxRrGE!`|XAXsvn8*0b(V
zHqlN-0w}!`Bg~qMz}`yHYGuWz%HoNIw*Cj+^|<@*dDr5<@UDcwyF{^qyut9q5ST;W
z{%U~LDQWDoYZgu!YxrVk?<SYoe9lk}Rl$^!&mHG1d*3R!K{#9!p$>n!FU^c}#qq4|
z<ABQwk#Y!1&C`_#Hs&3eVl5@*XWG$^3ptCdGO?22LR$Gdmh}Y$kRa)-+1clzm=XP@
zB6v$X-bR_v%m*h1Z#*W`Lu-e*VhjZJeX1kogSPYZSh`Gxgw`0;w2&B*`gO8*4u+cN
z=Sgdtr#w52{WnAyv@eRGRjq@>W@NzTXb&4egKUfXh_}hEcyW4V!0iTID<hM<s4HXk
zJb3Zt#j4!(SCXFk9AkG*)Q8<k7~DdAdRSoyDeQq#ZVY*|T4g6tkUJ6hszW3R)Mact
z+$`<e@ex!QhWdl#c!Q6)+8P8wmoc3sMJR2xQ6ya)VQ}IWz}2j)g`~WnAuN{W|J4vS
z3+?;(+rbX0<j}6zTR^lYhwA>ZwtGi8hU*?=7ZmxEo6F*fQRXO60=apsYfqAJY==2r
zk%1jQlHsx!D~XtBJ>(h|*qe(bcXupXFxYPPwjKXz#nq~b@P#h1eHuv)2u-98XMNhG
zihxDHWe7%}5bHZod5ktP!?)EFxC=G@r2B6mScJcYU^U)ZKI=f!c`p65pR%2ei->32
zAl9L80|_Q}!Z_qHNh6P}r31PbUl*6w*aokRELbZw(;r)^<KV3A_KpH9HJc_L>(CN#
zOm47cF|3-O0(Lx6U18|B>Y^!6vT2bILLp^aB;q}o^23PFHJGjb4o}$bf3>6qw5cw;
zUijQX$Xv0*cIcQ~d`W<@)-`n2|M~|t4=~71oeA35)r+T2TW<Q}`y`GzSC+1eWULC0
z)3BOGm0k!KE8j6SG@&sc{9fy14#m7e!~<IXHYTi;45)gs%_743<>ylDvptK&V^nWK
zz=Y1so~CpO%#Rxzis?t|xVJ<KJYn)0awUwU#z_KS1+3CqjPaKg<bf_3RZL8V%YOYu
z(&~=5P9XqmLx?;xcHKJiGH-A`7%cv{NxY$ZBS3G_z{f=zX~ZbbWA@;5RE0tT={aL4
zig2BF$jkqosC9LI!~Oi3i~Q5E_1b+C9$y1e#t?pTqDxiU%k_Z?4WOAZ6Z8r@>LEDG
z%nP7EQnGmMeA?uWL;!L__!nVo<Kq9xur>A&dw*~-8%&O|Nbh&1jey5TP|Ua=5K2Z!
z%kV6xaOe%%Z0H2%3Gc;aXB6OYxZ(Nluyqz*N~H&P`mpH@uy+xFINm<dcfd<Z-tJk$
zCprdWK|<tj24z39ax0?mkH@j<QD8oj3jWA)g*Ek|Q(v&JOR)ZW$e>wQGJ1=U?#;Eg
zm5<fMs>q@^Ro#nlqn;Q&7hcWj)6`(1;6`399Hh1eNY6C<!J+*^5cX1CX`>kQu>tVn
zDs|JMb)OiuN_i2n29EYCvcGid{Nah)9=+-}eqZb}F<rf?(7L>}nbO*FuTWgMxjl%E
z^c^liSgx}fJ{FXA3Bh5Bg9?=7PQ$B*%W8&~!YvdFnreCyPGFkYdop`n8o?irSDSXw
zme=m4TszSQ@sukaF&q<WZ1Hgz)j~J)rt%(uC?&{3Z)RD;TP-6kP@%i5#CpmeGJy`+
ziPSN(trM@a5#BbXpB~ZO;0%%H{R+#l7zB4IxYh&&Gf9$UH&_ugnvay~)GsVk&mCJ>
z0Ik5lF@h=yzS+#8Y+gxD?JuI<*5i8e5pzDp>1Z}GoJzz9zqr}rK<1|oAZdqNy{3e6
z1J$!d{FP*D!KR%>iIP|Bnn-gzp-S7P@vjE=2RmXXM{}_-aG!hS5R}(E^Jz$++T}rP
zgab|m5Ob{&xHY_Ok4%9@8}-ekvfwDwvw8iY*gzMAY6O3!difpX>)&tco?ZqAZrr3p
zYNTzQxVj{3QV%ScrJgcZ4AD5JPB|ma7#{Mj)sMXSXgjL{oSCe~B>1p{=1(C4zquMu
zqF^l^j5EQ&d0?gS^=zX|Rmrr4G7UnNQcql*3}WdMru21o0|w>`yr6uk4!D(ZxPO#1
zHtQo3SB`@1OyN225RXdEffb=aM$wK;xF$=Z5!0JS4+~Q{fzsGzza3YmSr+VfINy$@
z-}m|Y5_^kvW<xOAi}%QbV@^Hys4Q6#Y~-CiG<#hIVfAC_j4plb@qGhk$1cTn;pDrT
z%HsD<lM*5@O>ex<ysH@f1~8U@S!Ug{@cG5hqigPoPX2*On5f>AtS7;N>V9d~b7X!n
z<vNHgZ}PS+k-E-^!L6a(&y~y58El!@rG{uKvHLc@^zpha?o@JInt~rk<IIIK8l$w&
z2$f2{!(u0SWpI01w*QXLmy$HqBI(2K@2u2<G~rlmpMFzbxp2DJ?h4SWS39%)VLpAV
z6vxWvIyIWDCMRcnsWVzRCMeo2%qg{Cqif#s1f)@~RhsyhsI<Z+GI2IN#$Sz@7Mb}*
zj^MSk!nBjqAxndkr{AV@>Cu%pv@mhTGL9hQ+>d)rPtNYo#o?{e&3I*$31-?TsRzO(
zgW;tre|PI+%J>mP+&~LjMqv&+{4uIlJ-3gflGzs>w@0)t8`ZGSpEm}~C>R$i&DX+1
zpxAE$qR4inue=tU2n&Tw#&u6(<F3}%xvrEc=uSIt)yt%3(a}IZfVGGp@wdwBk&j=O
zgsO3P`iJt;8it>LPo$8&E+;ua6Q!vXZy5<4VJF!K#=`?oUUiKTdTIs)l4clh0;$c2
z8np3!`N}*n7|YVzhK)#G>38zedpITn?MEtl58qUo`yOaGn(4_pA6gVc7U933*oD<b
zzg^9LjzJmkJYDATeBY?$Xl%a5kF9AD<JHK&jctnCX5AlS`Ck9YyhPf{w?O7)%n2cP
z(#Vm7Dg(%B&G7`$_?~?YePCa6%DW^X?5pw}ZNL0pa0pI9ud%7jmSqX5L{TdoYtbB7
z?&17m-<=#W+oi*!E?aI8#@!eSiPED80=Yi<=yYD$bX~1>cs0IBq|SHS6I(lN><u_{
zj%J&L3={S{UeX%<hg9_81`J;>8boO_9bp8)0W_xJ^5?4<H-atXBaXMs)2EQ2PV*iY
z`MgRhwDSF4RFWdTsK(a8PNO)Eqw7dXQWoz%;XJinr&B>d#FYvE%CB+F520Gu`a2?h
zI~R@NH{r-!QN%9p|6wY65}(+jx*7zum)8hTG80WmaYE*zdPc6;-N&Y8+sejOeW<Zw
zHn`PEmXiJDtfCK+=9Vir5~Sjt)zcPY+hK_9z=k6qICj0XsT;~8=lc=#?afY=qDKhK
zd~Qgdm|c;@{5GtsP@Le=fqh5%9<^g^ScgJfUE7wbT9x(3z)l-D$!~d<q{RG=UnT3t
z*U|9@+ujG#8cyAbKc}Qz9EGvIm0!q!>%u`j5T`!k|Cv`QF+asnSV?BFwyu1fCk0J0
za%EsBsgE82(aV@LN+DpW5c@J9ySWN*BTJl^<A-`#P&@682lKnR2;n}zOfEyV@MfU?
zUYfojt7AmLWpHnXNy2c-aiOqCYoY#6ux#qTgJr+`JuJIrSTYTBpiq8UM?z941Wsmr
zX{R0csf6wO`6S}=;4`~%VB#yGK)mXKi4RJNCU!+{;mbv@zRO#_AD$xy^QYo?;t^j~
zElDcN&>lXae?#|5PdHUL%-0wxbZW)18Om?u5b1%ICA9uY%UW6gds?>SpJ`dW!0m-D
z_@`aWW=`=8o0dapAnuWH1DbwjVSLOpb{e0_g(zXBaZr(yjA_oHkHMN;5pM*xV~&i$
ztXK7nz>3{lx$t*bsZ&k_;4P5DMj2z2W?pIpQl^bk!^A-%FNu`ItljuDQ$f5I0)#eE
zoGO>zR8xVBl1J!|1}=dHcNmq_OGNA7W5)riMYKF&qwa;97SE53B^?q~4%P4B*Fyut
zPMtHra&eJD0#c-R2RT2T7=_z=l{wsE&2+EOQu<X_(#5P{+^5Qlp4S{P03i|*;=*#W
z`>%9{*Ge&%*GL+lqjJKQje+@)gqLdXPO#4fFJPl+XS*^@EWh)G*Wh_>-5plF+Z~Rb
zn*A{os>#mlqV5>|pAqNYDwW|jF=Y1?#rA$5Si`(ut7NJO!r11Pt-WX42)qR-%;l<=
za4)~A`xLx*cIBWduP2;S9mr0bI^`usFBK{8bCJz%q+vh>tJgNs=lg{pkVyLRDL$;j
z<}&hE@3D*+UqBLe!1<s$sZUGEYa~ltqQW*N2wrz+_tD!H!|2p`!bW3?MNT|WKf2y?
zg99&0y`aLo-?x7hCqCzdtdsvc@g-+QK|OSH)OiaXBPCN}b+P=hJ8ao-FcVcarc75A
zC=i!@_KJ_5bI)($aiCs(kDHC@_Y9SYe1ljwWqcd_RviHW#gzR)o~H*$jsWa#F$2C`
z37)(PseGY~g6HIyvp`ElH0p#HUJN$*q?yInFuR`&4!b71O&&cK1>79Smo97Elhwsz
zdhh&HH}YGGbV4ojLuL$`0U=7@QPWojp@+QUcGIVB^uns<&8|D$AM(X`7|u+=MoUyX
znwV>QPzSamrjNWhT8!ietzXQTeBXRRTS4?nZ#sUe%i7d43}9fdA;vcs*KBQ9Wa(`S
zYps-|De!=}E*Yf%!MGay6XQDid4>6X>O`C%kRHy(NDFgl9(|g;Vhw~lzCd|l;=go2
zy<5*cIs34KJkrnmk0|T-WBjD($m6x>596vm;Yzn(>-tYPp9_j`psG34WD3UALav*z
zxua{FViUCg9%jwAMBm;CI)}^{??=g=$Y^nABDH<ii4fVHol`Ys<RfqWh}vEY`N+YN
zU`)~mfa{7=Wq+&ySi@?30<c`z*_m<EFXlXVTROrYgNQbJY-hxa!R$cPpo;V1<O@k8
z;;<{OrRni$(=yhz-3u?Gr2sCG;T2WNZw5y5I2TDqyKi(>ipC7W8mu099?R)#q2DqM
zVKJXh4fq*0LY<R0XU~%$01$<54H-qu8YeS6c4UU|fsL%~i;<q*ptRWK>ZRRhic}&e
zLs>rdns;!4BtwgKSCJi_X+$4|?HUrY3QS+?t&a8=#eqc|QdjJNd)^<5amV^mn!iv}
zV7S7iJ<Z5~r`3^$y$bRcH>IuZ!76Tp(~IV0IE@h5w7ApRU&l_Ry)oL(aD3xM2e0QR
z^@8g?USJ4H$y^?|?yerEn@T$c87?+{BF^ynU9l?wwc@)hU4^J+f9~ZXK)VVv7qN`_
z`bjv?&%{_~#W1)t=(O|c=$7AKp;Y<Uz9a_3Df?nmYh{J+LGav=359r8&Z?H+j&WH0
z(A$Gr+Iu`sV|eb(9s2bP$=;7~KAWkLp2_OBUT4swv-+=p{CGkai`5{77w|RB|8$ZS
z<88ZV8^Ya+eKVvyR3UT3p8mZnW%hnw`2r>{(DOuucZ$$R<!Ao3{u%6nPc9GL@pj%j
zV>rDC*|__WBV?j;XpC#N=j-pR56b6{WU}HNUkUbBTOlK4`je<XL}NZ6HxbgvGiv}L
z3h#dgKeR#sHS^e4R@IoYyH@sxt!p`ssleaSAPg>qV}(S63368BNr|H>)PH(<i%cGp
zt1T{BdQbHWuDCrZ(dvujim&d5vleR6ZpP<Ntxz6b1M(}%{pVx(Wa(+JUXXO}Dm#IY
zWg!;W2(^)i?+oPEh|$Ai2+3r3I!MZI%QqcjbU1Tn;)Tp;AiSp6QzvR;KvIGD?|*IN
z{xk|n&glQ7Mn_b5%f0_3N&%N}|L0lMf15r!4pRzg>|*!!_D*3AHW|Mn08v6LOsX0+
zUP=l5dJwwG<Bza3;uuYiBm@uBH_D4lmBowX-l9+%{znS?Egup_ZBlSZq;o?oh6T8l
zMW33teoe*LMOXa!IMzQt_ZtXHT;)72p@|9M(O|}Yf9Oh(f+mrj4!TX!y-TAA$Y1~+
z3OOrK2fb4JhCTF;m$T-C#DNg%*+LA|lQE}qk?2(HOgGryGIo^;mg*_|<G3T|fF#u-
zg@#m)Hji_&i76*tAnSsjg5Q6xyid^l3*M%<EuidZ??oF4I>lU9I_;_JHMM6^>|<7n
zUP<1NykT@%L#SIlwdD76n5x<R<k@i(<ypRZtWccG=O;SFRR$E%7*}$PojBE|slXmL
zqqT-rxg}uPrB&{~%F?gX$}jv`otFU>2#LDn>E^GXi?XO3RkCh{jg?r7Kf{0Ztp~Z3
z4){_#<3}nK7b=#g7Zv<;b9R~!aPWc<WEvC#hAwdm!!j#Q4a%R{t?ld-eB;pyI4*2U
zNZ}TQX;DVX3wDS)(1+HZn(kELV#h*lObU-_9aXJYpIO3+jEM_s0Vx;yxGO7gJ!$Qy
zq%=(bhGgTYWntsLF<_l_cgpp=!wRGF<GiKdWo@8dshQNn2ff~I>{u<Pmhxe3h$Ygw
ztAK4ip}O=DY27L2r<k<a4>RUFJ{IVZ13D|_$2TVL?Aa|IdtcGGM_(HBUjHy=Gu=7~
z7t(OH3PLz}{qb<GH(@)cC|YRk&=YJYE=D|tZ~0;rI-;G5u!6X-h1d)nrM8Uc;bg5-
zRA^;&*F{5AVoFQQHcoytnu%9Yj~awc-(fK{hK8V=(2YiM){FAyjRz`YeN<S6gEFv!
zVzfi*U2|V!e5N+8&wA}weRIWUbOF%Y*E??8{ELUEPCx?cvz>eIFsA%a6pdHkj2dsP
z#t!|9izE1~y4Z-rBW;9~7Zs~TrXSrDGq3k}qCUkTQTYAD#yQyUCB7p?a?mGBp9M8>
zC6WE(fe576%!rJhGeVf*y`e2Olr(QSTq#FOP@~2<1`&qMB6R%j4=wuP>a+XvTu!_R
z&0Wou7oEm++81*I7hi8qs2q9f<&itwps@|5FeBBIASIe%Of0siv2U^Tq*4HvIf43N
z#j0jy`kkpS%W;s*E}!7LnqMvG3OuFmI>p*|OlI7TkKj-(F)tpxz&5^uPb^l_&lRdW
z<mKHzpA|k3y;dE`k!;NrQcogOJCH7T2icjYpjs#YN-nln%(swwGVu8PO=zt3l74|q
z5V#bKV{o8g0X*2)KzK@ed?+vzh@`H;_N^YO*l;y-1{2|iZ?G#KgLupM3X4=1426Zx
zP1tWK387K-HApl9&SO9cxGzaK3@MJhr+!UlSo5xu?g|RgGhNS_lpIv&w6ghBF}RSE
z<mQH86vE{3Um}QF-&UQj)Do5)MdH^mAC<7Mp)lTxY0vkx7%>DrK>IM7HYN%-^?R<*
zr8L5$ZXZrN)|hu(pVUT6N!T%<+K2WcGwECnZYU@qcOf)!e2c7>uyM1L@%~ScBt|LI
zFUg<8AgiOb_Tz`yd6kCYLLX<Ah@q{HDyt4ID5llzrepL6W5@H>m3aD-6bmpx%lS0y
z<G)CIWF6Fs=1mf@B4zeQs~+!6<b5i?tfB`|{6a*6nu2Xvh4f*KC;M)-7M&tVyFjDz
zcqb4oG&RsDh>_fCSe^G|m<Dg@I&Lk)eMg3b##b^jqG8YLqigQgQ<4^Dcja>Xy6#50
zH5KoNGag5Qc``3$@ss1KHL%`N@OK~UmsH^xDsb!+d0O4v5V3IOwZrs)>-i|7iNQ7-
zQL<C(?;sXuB~oZJ`!db+>;pt7AUeO}-e1f;)V8MB&GiDSu-?G-BC+D_412k>`S_nC
z>`Rb~5z4&&^Ig`AqI_?v`Tvr{CMwu1vi~c$@bDjQ;S_<z@yi77Nq(Yt`idDv+sK&S
zj8olLo#IU1TV_uy@-1e1KSKmZ|80-(v=>r7)*EHrAkWc3f)f)E<}>?Je$c=72s7GF
zp;~F}OD1CQsm-)gjA>|?jc27C@RRJz#eZn#AQRNsj@(PHIQ=F%HlGyJbTX5m2S9SV
zR2}9!5i<-nFd@z4@zU|F?EV}pnCGsHha{sPd*gvsxsep1_wLJE_qzJ_&l0Pg6Bafy
z-k_)64$dTw;2ofgi#jayV~aB$rLfK7l`3&^`z#CCNm2taY_NB}tYhD;^;1BuKw{Xs
zY|7E&c2vjWo8HA`=98jHK#(m~Z-ZzK$(oRgt>nY)z&Zg35fI`<{9FU8FvW2E%6KF#
zew>PXU6X|N&b^_k<^X&gxF>3ho7wm~NL44^Zhh)#olINzeCvKbsR%lAaAH|QC;!`C
z%9<%|7DJ~PL;y0yXOgDe8EU>(;$ZWKKsZV{Wc;^4I6xZOg5WQSDnYs9>whN@wzd3I
zAS}%mKqy<X^{#T7y)i34Gvm}Qa2*opkP^RSUGza_9oiCccb$h{Q5;z=8t<0<`bw59
zF8RBMd#@oHT5FeE7b;sM647JXa3ys(V^T}=SsaiKaBqWhLUoA!gMG5GO;K|+^{AaZ
zz|LMLWb%LN43<EI0Q}xW&h?ilm?`EWmAb#VRwXiOKHe}#^UYUFUmxpzDt(Szi)|+{
zi%vLnmfCJd*;Fk3sVZBM&s$lt3Phiv<pAZ44Zech>FTbC*42!%4a_v-G8V1ad94z~
z0qzf-p_&lYm+cOjZsY!(;tx(>f|53`21GcJl<JALXzh4p9-NHP*h_G;wtH=pZga9z
z@s|cekrR$3(v<V`oFdyFx$ypsBU)bHKh2?^!l-Sw+@$?bicM9V>ps3?nOfab{(1Ek
zTXGB$xV}k=)+&g5N#sRKOsW{X6>zo8<Ow+akU>EGu9YoBIs#!^SnRW>zLO(#yN6#=
z$5GI%>fLlo2cwPHIxOU9LC~t_=8%R2rJ${*h6j6^3dFWjG2*c6JJNmkc}i~p#F2Vr
zAG$<;4a$!CCX<M~H6>d|xbX$n;Ys+Ies^b|uXfmr355_t{KljG*1aXMT>Rp<6eZLW
zI}}IJFSF7r&h%R2=#WqW*>4SC?ATpd8s1>;VEL73=QCe#gLOb~U>Smv&2Lipglf^}
zD^rLiUqgjgg}G<uN1Y7|(cYfgb$yAbPB|HTB$<lsO8^WTTan{@x||DNwRumfnvrpC
zNAM%)P>WJ<*s;7+xulRjoz-m~cHhwhi>=h__&KuR>_9}v@nOo~m&~xm7R@7$?#Sko
z!T$uQPJ(b8{zWi)Ds|A_GAgn2<1HG%N)iFAp1A!|6fWpWe-?&p>Io0w69zZ^n}RPL
zo`x@epkn2lcSoHAl@LSQMc@}=<SE?#gi}Q|!q)jm;_N)1R$3K{f2G@FrhQu6U$U3*
z6yV?Odl2~SV6a6sA}DF4|J%;|*wh_Edn3KAnuTZ_<hF0cd4y3R8Kzf9->)SeaTk=%
zBwj}qV@#r2rVHD1NQ7A&H1jsqme?q_D4i%|#g(BiWIWEin9Q}$bN-!K+C?XqVKq%5
z5!Ob8Usv@P5<l@(X7sgoNG`fmH?^|4Px$0cI-?P%Tj}ofdt&yZ$+XX{8|Wci&NW|`
z9x{x<uv`TEM)|T7tW<YI9yGP|J69Gjwj4*C=V2I1rJ9Rv(AzWDP!gMg!rtSGBJ)MU
z4n~kI#T#n-l$TBFzr)ZSP7djpI5HzN4$B_<lcR6*cg<Bl0<2~KDG2@M=<<gnxNdne
zQti+YJguS=CP@#W)Yy>^P8G%Wz9bOh`i?^z66+EU36#mGay+F~4r?C|$~-ve|BlY`
zMh)=+IxWPvEU+?1d5;sPD*FQ0!{Z>Z3Ij0W8sw~hPo0_<GJ9}^d)Coi0&Ld}3fEhR
zv*&@8OU|qi2J*Kj*uH)ut!7WX{Ko9>M8O$KyVwS?+1N5(9(@SBBs2=eaE-dW{PSoK
z7ugpKadV%V{;d+}jd83boCwh#^b4&L^$^$p&)lhCQ3NU@A5IWLwpjUZ?DQ?#y(M^A
zeQ(RWWKvdjZlK}1LzK2pOR+2`1#r50vUJV`dlklZ`pTJ15MqOd^4>v$w%d+A!?V>i
z8;B~7a@O>elKjkzOrsF+n!2Ct;4{GUP4b-tp}5tmn7%<k(D;{Af=_ERng>V1D;K71
zk3}6Bt{^Grk+@!|z4bS+?hz5=$qbuEAdHseZNuUuWGus;N<tkPqxLulFd&im>kzVj
z(JmP~*|+qS6qOMTNn*|&W>Tl-`A|Y{)icJ5R*>FAvPp?t(sQpwI<mt*Ou$M-lZrU1
zAkGi0#9tXS1KQp}X1@|D@**J8rT5sd|Ctn>z#*VRwdr7JH86+Idr$$xfJs^)#NK6v
z*>#>At<1t-RKSI&r3J<ABWww#-w&S92fNgwM!OxO&YbX15kIz(37l$sozAh%JTD*3
zSMT`ZN3is&*V=W<2WB&H$!-g42iNR}57R9eJaRMNK~0$uT6D@U$_WCC=8tHn0;-;+
z&!odi!gw-E%{XIvA?brqc<lSwjy<A7$#@V+@<e|~j)g~LYH*M>jWg$|1hV*f(s^Pm
ze@fV7y~LqYj8nJ0&TnAk8&ob<H^#a$@Mny4{)!q=XCk;|5<msR-f)S+K9-NaKuyfj
zWOQmbCPWdpTWEJgaQyv;kz7>{+kybJ#U5dSu`q|KZMr<e`}7JZxGDG^V*23$#>@sN
z|0Sj_s}8KSNO^;X6XT}nB}E02t4sUD89~9Sh)e&+pIf(-)$k@PM?3BmxJ%nqKhEAg
z#i`2I`njvY@r_B+Thf>(WLm)@DvlFPk6x+6oexVi+~<c_$fe3G6wt-6=m<8nCJ4<y
zx=QsM&1<`@=Lfe51cWHWJssX$P=wmkVKXq)az?;li*sNCx6#XEvhez2;)lQ}>UQ_m
zRtM$p;832d<Qhyg5WK)_oiO}kQy((?=Sof$aI0702Kr*en6&D$xSV)NR2wnV!F|T{
z4{Bi4%c|0WSTrj7I^wo6c!S+%YG1Pv3DG_?dta%YXOlF4LhA>?Nini2hZF3mHD{zK
zlxQx7Eoh8n7pPb2ET3W|wK!EzLNy8%8qrTdU#R%?P?7jco#jzmE)H_9m`%1y7}sFV
zpNMral4EQ{LRt6o_t7wYN!QZU+79V<M&!@*014Kiv@;mfULg;4wY~qL@37^Hv6w%K
z<m^DWHtRqBp-=CyLt49{zNmuWtMpvYd+ti?f~y2LQJx{-Rg7q7u<6~J=flF_Rr<%C
zb_&*3|I}=RwwzhbCYO2SG$&l!TLhHoan|tY*6v5Af9nV?>LcQl$1TDPS{K9lTSsvI
zGvv*cLK)r>f?GQ*Jk~KYcl>pK-HU+vV{Degf=I3<B$IH#gJHK;fv4FsBq$Cj1nx~>
zZGzUZ;cpr?$9DK6UVzWJ;M6R;b2lS|)1E`ox*lH~nRwR$0OggWdTk%LOKzIIn_@8!
zvE61g+h1s>Wx{if#XxPofJlYr<$#%S@SH)exK@1?TRAB<X$s#}Eu16nXm&-<dr}cp
zW!xQT=<*aG+ZRdNbs{3u`DUEt@%E}|-d0Ytkg(oUOy(3@Qvv56I}@~9{<XDy==K-s
zmCJh7FVj?gnLWOpgN@sqt)&sWoj21)P!Mf{F3-4-y2@?=p%ggh^B`o}J?FmQpKLo}
zEH+LV{tuhkalqJY0o7mvBWKJV9=m3Uibr6(G{ZujW)bl3MZvDGEk?jaT}GrBTD8U>
zrN-ittpwu2a8WI-a0|Sa8?tDN-tr9<=lhs5!oF~P4>#`C%C0dD>#wE96Y;&wywm6H
zmzs)4`LqWK^)oFE!^UejrK1ZS_-t<2*L<WR9dHg<(xy;_Z^?v-p>62<gxEzNkqd(=
zXBp|OsZh6{tnr5*e~XaDdl`AFom-`p{*)g90kwT5(Ew<6qPiWVm}E#?n{M309jXK=
z%Akh8XtBy4C(Xc-2GHcMLGPWSCyd8eR=RAWa@x$O1K-C5%uRC(ko>j<pGc7{e2<V`
zu8>-)$d;g`9R7Nc!ACzOTnJ)-g`Mb5eU%}Jq&+=4Iyv0JhoOt6FMesxmX)+W9*rWs
z=CGU?Fm@BNUXUT4jv8Iw0htaXaQwoGx&v_tw@bO=I2WUwZAwpfce{j)7nTly11RV;
z8-lxKl{PMmjKwDLT~oz%dpf!UCft=y<^;$+b+F$@$LsYP3=ZVA{=DR%>^*h5bI1Io
zJrNdd4b6CJNN`6M?tOwE#C&*JUxeTva5~Nw@bZEc10Y-Exsr!z*a*VnIkQm7Cea>%
zgV?!}ja083xG>`2-~uH^z?XQCZ7i6X&=MZI=%hL^HSsCPrF^WYVr!!{C<Hvecgi(=
zB>X1wlwHXVD$%HvU+BL}jgAoXLgt7Z*IPn;`NW>nf}Hu#1t?W_TFBgAt%XP=#{*w$
zP=uzX2xhpDIuj?o#d;5jLJC7sjdjIY`)oKMUCv0?CdRQdyAj3@IsddZyhg%AlA4HI
zWAf82%Leg^*fu=_5&7Ze`>RK7SzXaa84YCgO3gnrDaO}en1~$ThQoJ9tzvz&73))~
zKdO-<=OT2)e*Rx=!sU-OXbELsfU_<R%P?gwzbFT)hprCm(}f+bt#BE?5MI)DeBJa%
zOv)HUz@~aLwDOv7Y!&ZI`{%Z!@#Hr6gX>^fomTj~5R7FTW$IKBtWVAsVD0I-l^f-g
ziNLu~v#Gkc@U^2jKBEa^Z<Nm4J2$yrJT%Ok>9c<2Kwq?o#m+)%Ia%tfIBVf;7f{4^
z3br@5+k~oy>1sr4b!QFDIN4#Dx~(^Yv>5Uh?ebS#FSWi2DgTfQowO$aPkRoJkXIZa
zhrd`0ct~zfv^lOuz{ktrAS(_En>_(C=|$x+Mh7x!hi4v`RHt&j^*lfNSt4)cu-_Yy
zh+SjC=RPdT;p3R`IHWbT)Sg7%Y;a6*hg~q;p31PMhqSj2c3~&9KUjyi2!2_Iw+Qa7
z!?ELRl`>YfMb)D39sioGvXOPopKWRe&Afj*5a%xHP{x-Ta*yRqA0k{i$hQ{l-$s~K
zjR?6Yj74j6dy%B3RcNB{nnB7A;y!zM3LdXcXi%GXmmIHh*X?}v*&u6IDu~WZ#^k`a
zSdI5slHzo5fQuV*A}R<=WJ0bMK=QxT%7nNTA+sWM^vP_Pdp#pmGUb31#*h=@k)5z4
zHt1=Ssj?hG+5JAV9!_(Mv*c!d!dM*y{szwTB%rLrc<lgx2dRllgn41ajJEToEglwd
zPfCA&T5N9iHlMB1#3Lh)HENk?Yt5$=iJfhE{GXuFmf1QN5)xGi2B?~;GQ33iPJ;O!
z8r6)*UYRO3-HN55NKBmos;5K__Ei<*Ev9ue<)B{V%9#&nf4c(9&BQIEC*v5%(zHJ+
z+?hV3^vhg@D5~Zn3U^pOV>c{uDTl0;cynpF!-udZ#nR26EY)dbCOc~_d)1B_aA^^}
ztAux5oW)))8Q^Cy6<G|VK4@yj;YjTA#RKo?6Ome3F+vpQA-D4wHv*<M-j~mJ=jJ|8
z=-Um&pc84Pdy)-z+Et`ENEef75FfJ8GUb%taOI&d*LbhuNgf?3wi|uK!<{TTxprK!
zPAd|G4319h%drK_H^N)Yj=8c^+(m2w%Wl^Ij~=~7ek&rRcol=K4TUiff#|CuOc^YZ
zuO|wz2_M}P?G{tg7%X0~J{j)@RZr8p(PvNfw*=RA3dNntH||IRL_G#V6IgIg_jWWz
zuT7c1b|cFD+Jje!j!<FWYwxsyDn{qaXt9Q87+YF7uumxD77+lVc2m{Bf1-ck#wtof
zig1S@au-sCe*5FOM8m6=&B5E6cKKwV7>;0FjB%Zo%nS?$hULQ3Q*DET{UciDo0r#6
z?;pqWioA;K_&iM9rZ8iqtn)Tf-Lt4$%w`H!bO~g13&6DjoJPt^enWLvdAt}u<ym>`
z)AjMgnFThrZ#^G|04*#jzdoA0^XtEn7>_*zt%M|qk90oP`j-~t6ERZa1CiDqyBFI3
zD)OBpOQ3tO7n>JV{HZUtfiTwmmoI<}2;O)bL3r*PD?+97k36ClhHTJaTR)O{m*QrW
z&s)khoKkOu{#Sc3k?)A-Ym#?-FG&yEf}f#*l0(z^?_`rNK?afPhs{}!+m}Oh&TB1g
zra3E+*141W3&9=yyBT+oxAN*ct{scRWDAU)9F*1Cr)>kr7fzukmW1;knkO3Qh`bS;
zS$%TEAL)C40jtH|1n(<>PYUo<@UxsS*CTG0t|y+KcF$>h7T&!phRdyOCmr^#My1^w
zrzn~HkRcpsS2glH;2C^~_ffvI??`>W;kOY9qC~md#0k`DdTZ;PzO$9tgok6I2&v_(
z!Rk>zM1qa6&l>w}97-Go?<qfVNVNPcgbgLmxTD8EK+420Rw%Xz?xNox1~27iopy5A
zv$U;<Tp0#$I*LU>;qkjdDHqjp{|jmqQmM$c)7i60>OY%H*DdHM)4?xI?@c=UMA7-3
z$z+R2eKGyJ8rHtV`Cp;kNNOCes0d6V@-u4ByC7-58kPiln2~!DUSsV&YtnBoEIjN_
z){iE0is5HU*Z`STJ#=y`awmnPx)1LS04NfFK>Z-#6fM;1+-c@M&%t$hAM3BC5&*z-
zLI0splY}*I$Bnh@a??=$;g;Y&JU+Sak>R)Jdz_bj-`ROspZkI%ZFuZ`M1ecKg?vA9
zT1Mf+;LQE-jD5tzW9uL1Q5r$F8BET06~#eqLNZI{kl+7t&ClnffXySG^czc4_6$En
zT8p`2c|m{APey#-ZAG?=KKb^?zYeJJdw9-FxZm#va2XtU%J@g@eDAu@{l6_I{-;3r
z521Cnng%(+M5tJ11*CK0vBkUb;wML3+njM>GWq=C7yb@iH;@RX%K$_8HPa9y?7Q~<
z76{X;IQILkIo?07=ZYAjVh+hf@X6Ac5{t{d`I%S1ipzTFFOR#omGav|K6e2K+k3XF
z9`tUhF;%ze&ksGA4Wg<hP87Xa)@t0o*VJYU8B(1hEsf>R2mJAJgD8PNM+$ns#i@;4
zy%ZSUJqf40be(|oNmd0_|296az~6hXV|%i8cb<XDGoKSe1UY_*fBqTgKEI4)%T++D
z`!c)bS&G~d{t40|qD6~5k?<Z?d#S=SEq5Mf18$GVr*bB>*Thy@V_d6#@UdgYZ%MJ1
z%BYh5w0ri1vSv=<AJxM=kQMG5pvNAPiehvPt^6HXSze-w6pTXioI0<XX>)Wfa!2mC
z@=JAD73F}iVw}ZrLpB7GRP~?YP|uLDb~%kJX7z!(qf;m4krW2u%Q5{P=~w}k&`JwX
zApEoZTq3x=uM{+7Frq1S^lA+~!eUbnZ&d3E^4sVaISBWs=AxOV%i*on^q8NL-N&U9
zF(DPNWr<7FWtEacLUFP7hvvE~;Cqx_oOfHe(9j4?enru`_}NlZ<C758s8%ngc4Hhh
z{U+oh<_OfY2{HaQy5mvhk1Y^DA}9=+Y_69*I%a2=;mNvDl!D)E5+bYBP^R4K4F<-v
zG{|4qqkp+}XQjHz-7*}g_L#SuiINL+geQ~$E#v?@1FXciY{jSS497U((^976Ei5#q
z8zJgFx+w|qUQma}$%_E1Vqtwzq{GkUCosKj=E*aagd3fZ0-U$vKjypjc2|TypR7w~
zS>8Sp4KRk?%+cS}8blyAeBCKttb3DoXeVT0V)9?D!^EdH{?*qd1U=G!iH;q<dK*8Z
zxu7(>ErcDd5EPM24mP!uemKeooAfSBsOGNZYnR1-;;l>S?d$%scD+m|MY#iy#~?}Z
z62aQMb4He&g-aNuEf`QPxi(h@8NW}~PR+jFGQR>^9(V`jnJpmRF2W{Dq=YKm={#4@
zQDKYI8>LpJTxN&J8(&6KegFKc!%hb{WZd?NPsx-XXXt(vK62XJ?DaxAW`}xVi&JNY
zk<_L{cT_v`h_>exg+(X7Ro>5K)%D(b7`PO24uovp1H}Ex*<oI@*$=ZX#1?qOXh45y
zq*lLJN;gpI@Y-Xd!waA6&(hmb2mzi0jQ}#*ft-B0e6e8>5=7!P2t0Ru#5@8JwiMSV
zcldaJoWw5Qg?cP|PvjH>>pg}7M&@2QXj6oWy<Q9UsMmmb&pU^Fr_uuBu2sJ$X}~}2
z!N;CK==Xrcww|Oo&Bt<))|N?s&j@K>a?I^wYgq#0Ea$GZI`$?nHdO{5H0O-}&@p0>
zm3q~5;>3OencWbF=;`q`NPQ_GIu)veG>V`0Vhmln8&s~YPaI<cEYQt!srr)-e!odA
zd$n&R>55v=d5jr?oi(R|*U5u;Yt+*&WP$=uERJQht^Bc3q_e3uA+5g!s&<_%NYg6o
z2bVAu=-BH>X;5c~O-Me2M<sLzqFGkzAvs>$aKg#+smUp{ucIJ%ZR6uJFBz@u{eAJC
z9=vs3q2@I(al_Mpb{(4z2WgNWw4{M4Tonl9RT$g(Fj6XT^7fn4kaQ0KO};vXt=r7V
z(hnCX6kZ%6FL#b$h5)@e&%r5f+|?Xg2~Cd62PW5klF7sV6?9wU=vrQJ=hN2@8)P>o
z0(&41YWytiyt^PLv<W*pjpNydv+FzxEe~l>vL6fA0uMZ-%Q*?bPIxQJ$!aHlJHPqB
zlkz-QK15|~pI&T<pJJ1{kajD5@}qA(rRs5pvh?ejuZ`-y1uQvB->oELCrUwh!wTi6
zG@`2IC(jROu)Rx1Ge>$WQua10-fHc(*df!}HT+}5OJt@pUX{ca-KM(g>4JO&f>>&I
zbmyhuEvGklrLC{%X_QE1UW$E{JHERe981GLT9UKmg`67Iq@QiXD*8~KDv4W+q>V~^
zz&pdX@Qlq!{|X&sW-eeAO%{B^mMmH`e2Zf+8W_vOZXxC7Gwfu#<!jOvy570OP6C{p
zlBlKH2|YXb5K#k*+<*u*r61_=7z7fhFTI`1f-PEWM;6vBiLa^ANbdhq3T-z>1I~E*
zc!g>#wYfj$hC8^DHnig@c$`1n`MLqtrnbSj6{vLiNkAv3!8&<L<rP2-<;9ISVrqHg
z?e<zwZ7G!&&aXU|xaQRp9i`>Ea}yU4SWPsP_RwZk{FS0_uR%3p0Kx4HJP}wYyHJ~m
zww7UXbWYV;Z!YRXIbBS5<|B-rI;mgI1eoBHb?a@03f=Si5M~|`DP?mLO`@@!ulhST
z7(1i_HUV`7Ll@;TF~BjB_T65ZH-Npy&ts5jDJ?j$Odz<jL0N8|r+<*)jn=0yh;;+x
z-p60~34c@zN$E^cI~58`pc)WSu3p#v6(`Hv9u;ky<%LaGO6i|PvG3Y@Ucm)~sK(e4
zygT(=E<XvQ%ua~X4pG9Ue_;xrVW^lt8Bh=m-!ta{ZNoE)XZ;s)Rs!wn1*@LdKUBn?
zK`LSuepSS(|LcJFb$I<QaOiJP+3MmpOJ_uHH-%&GR!F7rDvEN!RSD+SlhF)yevS|;
zq9vafS2pEBn>VV!xk*vpXua1p3VMq;F?#~xwc0oELDFm)8YQc`^xuaiQqIouBBM!C
z+qu~s3G9abnBJ;k2FwO?W?KVLHr!>Ft1uT-sNc@W=aF1tV_91v8INl=>9id*z{=3!
zxndO8!29!DE@e|J5vhNo@8hY2@}N!a<qV`;I-ddq%Xi7+j6H%-P}hVAk#Nk433E<0
z`gKQ>a_nsSL@mqi5}Z<Ju5_>^_Rr0~6)C;@w*KClC55kC_x%kAlk<+Kds|+A@>7bh
zEfXci+wMn{yz%K?E|TZH?>cx5Yb>pPx-x3|wCI}CSkYQoEZO5`$JJ#^`51|>Z*IOg
zNCpGd^thu!RBrPh#c5<<aCjFupkK9G7u@Yguf%guy!Yi6kohQ`Z<dl8V!rdauo#k^
zylRStOexZzB-cJWIc)sugvYcKwpK?(QMW%e^ae5$6yRv}VlM1hcJ3q6eZKqF8A`5J
z?CEx{XldxYtILwJUFJyWcoxP4R`zMs#arwlndvJg{daM2k6VYbfIgf_y!blLgHD5l
zREtOPyiS*kr+k;GQB)mAzJ`Vsy!H6UCRlr!tA_$up|A-ti^CU0!3T=o%%k@WutTqH
zCrCZf8>EB9td|TGi;l&Uw`-eybIzt3XG}%ruGmzm{enoeT|6gE9Sbmp_iJz@wJO2s
zafPNV&$Nz{s3HC2k1xpuge=P}=zoN=zOX#&?hiO@=3e3FleQoQxX^34EH9d8I~`>`
zZe^$XXi#{4MM?8hJB%=>JTWP2JBYPqf+D(0A<XQYpsJ)1-WpNZmGzN13W_s(1d#fn
zIQ|l}yGL=SG^k8bg9b9vByF>r-io5>cJF!8w#B;5Lj|Y5SgLzXhVYGj%wUP?g4O)0
z5_H-aa$s}SB=<+KI|J*_gG}z6-VARrplhk~tlgy<U4+}S6eHkbap5isY!1DdhTO!s
z3dCMcO*U%6;2^amZ|6>KM1nW?Tv`FA(f0^xE#Ny{zf$0MDlmh@wUh{~^y+zfG$tWV
z_iE$$CS^MTenw^bLg9N4+mX=4<<>xO5XOL30p^zcep+GiyZdzxc@0KN&y-KgJUsa+
z?ioc@$bsKxJ>kgq`Z;XYH4UMWus-l`(g@)6Ibt^0*YkpD8d6?u<}S4bxj%T@wiLwO
z6d8ubU(21#tc4PSK8PamPqnWg)M9Hq9DW?YT8uL<;a_@ReQ+OoUz-#E=zTquv9Nq|
z*Tb(jD_fw-Mxa9--VPQ(67G0rM7e+)KJn(H-!>E^Rp`_A9TVxvDnxO1i_QTZ#m#si
zz3sQ~R<4jOfH4Q`8Cs9sn1mk+DM0;`X#KKVi(}=jKJcygmJpK(59)Ltv-!)!amce3
ze$0<j3gz>r`UR!sOPvw@_&#6?qfO8PZYX%|icFb-<JHm|df78q;xU>VH~rxyAON47
zRen^xXUlsruv%goekG>HD`>&z1WlaGDIrw4`#+Yw!rObkci8~G5qZIuQIF2#_DWl4
zp-|Gzw4mxka)ktiN<?qK_rrkGRdEJ&yWNb>d^;lLjK#R%ezIql1;CtYBq;7}E0l8!
z9rTW8ha@oJv?w*Y0Mb+5LU5)+>jfWWmX-XQ-r$MB1fpjVvA7=JDGq9{;Ds-0(g%I(
zoLJ@E_5C?*)cfaYT7cxTJl+&-)t5JV1Dy^^4X3;Ha7e3e2T*zM1=|hs<*Ww6T{<jz
z%jB;1&qa9U$LYn&&$m@i2BlZD3g0{YJaB5d1O$ITA-x}7+8+iKiJ&Uh446vRzw3@f
z-S-`h3{0tgqH8bly!3yg&lSC3Kv(XaP89`-0;?<^P>^(;==cOLpfhu%QfgTxOai9}
zGxDew|F`ZpWcoO>s9EH`&$SWduUzV1BHVhCcG({6l&+h;i$ExYp>Vy~K$A#^8YrmB
zKnkafDu0V+_dsAU@y;hl0)B#OiJjFT01{@S0*ZRms{!2MR!{21%4f>cB@}C#!u=eb
zc%{(`U#6b>QCWb&gM~@x3;8z%89&if^7d?WAcRe|E&s))I+u^;$KlW3sxBg}q~x|x
z?BNewCVuJs5LWEv7j|L}fBrTQd0)J(I?{0fknL_UQwLvP;;Qy^*9_%6qDkEyy}H>K
zCf5E7Qe7*a({l3B;Jj}d?K}3TUP=(FFTCB@<P{FMb3=1y&|+2WDPS^UHiD_}5b)jm
z<&QR0TqGq<k8?st;)kWnET`q_xvo2jWTj-=CpZR59)=e0@4R$g1@yvhlZM1SZHX=?
z2H<=%Z^^K*02kPQs&PeR`Bme3K%TX?KNMm5fpB9_okWQ8Z_!j~9b#@QG*E+9t!p4M
z>VOwz$KTetzGvS``3H}$9Ipk_57bXa>Yqyv((#Wf)BJTdG3YM#H8lo~AJEiPY`Q5f
zxM$dN2o0iIU3rdIY}TYeF3b2N;(fv_czgc}!Q0VitTp0#!}Xhp8ZPCiuIe;ql&o60
zBa2}%IwIslWH280V+=?E&{$8V+D6+NsyyNsSi4k^TBmiljdM2{u%?~!D<(|0RvevC
zuD;ept5a~NoHIGIxi)u~-GGM{$(p->#d!_vCc6)#;~A;>w_DR4tQ+Vz3&I1Hjp@7a
zgW@yL>uqhqj&jUI!<z50;`OXv6MYpwZ&v&qu`ST(8=v}4@b#fZ2cOZH`bm8Qz#e_j
z@wq<WD*XWI@ti4&OBDq6EuRq=@1LwB&;zOn;r&_Ps@eOizSYR^+Xk&6#OLqOirYuz
zvy^iJ@O~jt%}4Mxmf3XmSAFZwf2ePr%z@iwfaKp(6>21iDpE{d`3&^PH5v0Yv+omu
z1vbjz`A@MqMKm^z;@n0?Lo|f1<PHWW%NjLgo#nL5yCu(rvX)!%UJHJxV6C8vF{6Cu
z3$w#B;d?ZNr=ujb<O&i^<G;|)-a|%{_iLP2E8Ll%W>6pLM7jz1K7S!PCmui{>)HbR
zJ~ec}Q)nG|<MJ!ZYleWSq$(kBNWo48a$8c<Ha1Ul$6t!G?9;m5N$oULX)`DFMj{UG
zAdd-khBfGl)puw6d%GZ$Xs3jh&*v<*Wx3Eb2oQMvxc5}Su*jH({m%3Lt)@3Syl6o^
zV#0W9?zwTr(F@-ExTOS$rdLIyGS;O>dslDXtnA2Z(%g0>lwbh)HWiJ0#kU%fx*TsU
zEAk7f&jt>po7NKhLx=2+)!Dm{q#&5u435k7k6)lS_F{uI;3O9PJ}l_=q;TORDMz%W
zz5%@*10tDIf&L|u`p$&oPbAfD>c1kXeBe)H^*Q^Q!&O$%RaUt}5}oB{b*3^Qr?M7>
zNKjCxrPN_BhJDAK934-OZDn95{3fCrRKL)@S}dj}OzvB2XGJNz!X=}Q+eTUqo5-Pa
z(H%O2)@-P%ZubuqLJi3+)kKlt;Z_J>VNR%#!-y2+C<*{(zHYmNAWM_{NzIm*Vq6t1
zjU3mP1O`7Z4WVBE3FH=%wbiplQgx(wU*<?N+n-Bb-2t+)p4YiG_3FS+M_UJ+xAc1*
zJo}~Wol?rZFLll6=jtvwU2_9|hZuV)Hw_-TzoD$fCQ_Ed3Or4P$D*8Y3*tceJ8s-|
zOG^i5wVr*a*XWp8^-@Zjg2ssjG6Vmn)b$@YRgl<GMZF2}B~zwu1V*PL%fyb)IgNQm
zHXXiRKUCjE2IiVk!N7k@*$eqnLCz|`e=zl$(W7AyF(F8Bs)dfeF6=n@?}>W-ZyE3+
z8)`|o>?g-@Av2@|=p?>x+)F?|%UowYJ-2@ns`_+kI0j}h0@QzSs!$jIodDK6O@O?8
zzCfBci0b*?Sa^L!ediUZXMP}wSt@CK=)hyHGzWQlyO?b9PKPlMe_1HQ`|5UbQ+9um
znYa4n`IAk<`Pnkcy;tEA5rrE+ds^)$AuX`ev7qq?J-7AMs`%};R7PT|?DC*9-)rat
zIY{MZkU`C{^cdmwog?@0(yH7^Jn{<HZ5U*3rB<K_b5C^1Z-v-1=HkIKCUVoF6X7Zm
zW_Ay(p12vV@VQ9N-T81Y>!o`kuVhQQ&WUqgq?Ae+h>n82g@dYWiAeY`gh8MxI3`lQ
z&=$4Y$Ssy^)iNn5z~NcF+C}Bh1<%ckYiX-oKIdlh+Ej?)w=Z>gG>a56De9VI-n<z)
zyf5)GV1BP(@2!8~k)&7>wv3fPrnF_k-+-&@e}Jp7r%T5EWM1WC;tNa#1JFJYZxFMj
z^w$IrqD4|ok;EI~)9JVh^}bADVCP)JF=6N%dgbXxljb$^knSx=T#rc<)LT{;Gu4xL
z^-{D^oQbCp!9f1yK~|`Sy9?w>H9zco#1HVa#T)A`I18Ynb33WxR?anvJ%|&!J~<K|
zMI@~k#%PocR0UeT8e1+Z&orMdCwSf^L7p*B+%0xu>-)A7OO686N&H8Ts}<o{IP5QA
zbyYQ>J1u%`BHwX>+(PJTvt$dGVzkMFbU*PGW^F4lhULx<wUQ><E_luRg3vOiU!VhN
zkDoJR=fbb0<knh-vTD|C8?<v1ZOPbfS8Hlhj5NFJQPCJcbm>jakO9KsXeemT^OKrT
z9{iAV<~h4FUddbGJRM<Gb4s+7Dc1E}R&w_MxWlNYx_`8>f5t?1w+e#v1W0dt(86rc
zY(=R-uTy~+b4shGM>9g2KY51)NK0oOzJ5ShkHok?ePWS4F2w!58_{xH0rT^)fl*rL
zZM}Jh&V;=X>o^5!(cn3l3bEM#L`OkRqT^KDGN0(a4qT9PEtK=$ma>P`c6#2ox!znn
zUts&Au62CYhyvq;{~mC)4fzvrwWa<AxIR+vc5MB)S>o)7?v*?1{EqaSB!Ww$vK{%v
zG}b}c>-|NFFY#&D|DmiEz<rUv^{?Ex1(4Euic~-X7iwEKbP4|m42vH3o-az+9EppE
zuK;RW1jN7`DA-7p59?U)!+e_DyR3(JBV=aOtzfVcCH=2%TnXoY?Z&lH**popNnu6}
z+`fX`q7wCEJ3s!yLiU8&lUpN|H_lCwe<cK4h{T)=U&!<J3+Ks}o$C542L6QOCKrzb
zB=7hgD?+fi7I<*c!<tX*)DHJXV12^tBjb{x?DT!!Im<W-G}cDAk2`tbq5OcJlRK(g
zwj`P=x2t*uSH1eHd|*X4yg;;jwJpNU4K2{=?W-bbX(2+c=C_BNZ~#=$J=>Zy@o1~i
zt><cfYd>`PvDCw*grKR8$w`jo)7?0)$YYCfR7i!Z;*G5cqh`>^$4P{-qRH(Ti?I9H
z(){W#*z46x_wKeoS~jOG3^7qG#SAnUOl<c-#DbB(^tTT|X4o+rB&i#bH2v+r&D8MO
zv}PuIn4y4<r$QDU?tgu?od|fo+@Sx_+rAnT|DlU@Roz+yWU^n@Yh1^Oqp(C}P)Miu
z%Ue1k#c<$2P5>}`#I<oH^PXTNw%HOteb+2feTq9LY4SHh`s&%wLQNU`QK#I;75ep6
zC;pDZam%iDThmNzkYuWe8xn~=+_K9tK9p)oe6G+$d~wFk<+}9$bh(gx`TwuJ*8iu=
z{U7UcA+s7IK~t=%St+c9@5&v2h5zr{R4@G?ov}9A0_~Qb=&O+LoV%y6^#5w^JA<O=
z+HF;GjsgP%C@6@)AQ^|85hQ0M2gzA-&PkF8NKPUdW)OxrAQ{OSBxjJ!kQu_AS8u)F
zIrsiQb@q>4)zwuqy}Nhs-p{k1wHCw^WqCZUf<p`_u51HCYn-O!nz^|lMs;s7(=34)
zAdIWEy&YBT(J2pE$5ZjFgrJ?l_vTSuXU<7bnX1YIG86^P>t5(i<5#d6$}+VV4NuZd
z=h*m}DH?o&Z@(rNy2)yO01tc{^4N<&EP7_BR=Y9l|1)f@`j262?Gg1Z{eO2_r8x*-
z)KO{SAZro<iBHyPIWOTgnwU8a=L-zbtyS?kZ~ebMu37PrNsYMSJ0pr}BEq%~4tB{8
zsf3Y$tBfQFQUNO91>n1XSJU_x#;znR!-@C~W31~9+?m=9Q+W$_WTDF@ErvOpfUh6A
z-xfY7vSC{-m8v0{HX90Yj)WT&)z+V*7K_NwW5CCLz^^GNFI%>U5`G;h*IS!!-=_sJ
z?HA6<P%eby<0uzG2|P80K|XU$9^>;(vfgs*Q7tfJvS1lrK!tQ+&lW1dEb$3D#?QXq
z2h1m%wWa92n>*K!`@cS}LA`p~aUDL~kf)pvhwb~s&J%5PHn!f>mA~*}#rUl&U0jVR
zfuef6&7#7sI{C->#Jd@Bfu|=JI~ct~=7kdV#KDPL-MY(+M>G-&-rvtP(L;)d1dW!L
z0-umQVo(F3y^v}T=|mKLVS`P|FIdG^B!7jbK1*jkPOo*S`9M%2f&qe*O^s|ot!)Mr
zp`!~4qTlMTiSrv8bbiZF^FES(7QK-}CKJpUEP&0`aOg7xpb96s5`A;ypKW<Mkk*mr
zy7>C!&}Z=q{v%dFz~h6c%NW0jx(p%Wu8E=ojm=^BW?G2%>)$y2*s@Y;@f?4TEN4xT
z>=CiWZOe#$%qkq<dF<pU`=(4G!bqz7o<(BgF+aMLO+QVald&bHOMjKE0xAuPqVJmf
z@ieYD&(8A}8zxoVI3AvHW2_p<OiI;FeQcKCmS6w6B?Ww&9a~v0S96<0H02fPl>#aU
zdy;6c?+eeWB8HYYTPN~A`@Z?IAG>;%XQe=I;<)n-&(m9*)y46VHwXWoK3!nA(U8Qn
zy^p#_!MPKeAyozBhP4PEdFMfR4%fy^0#Uhc$`}WVj0WaCILv&7b{7NjLQ)7JC*;e0
znE<-hQISr++Z!Yg^TsykI}3>nJExZD#hfbuEhNX0xKj>J+oW;kj$Qp%UB$dehE=30
zm6Nm2W>Rl|)jG4xpN}u|>kA_v)iHc@kU!lV*QZ4D+m?iC@}O1M>#hrgirrjYVIh@c
za{x&_Gwz!-T{-`5cQ5X~MNcvd+SzI&uA5o$4-qu`ixXA1%i3~TO)@Me(4C;d+dki3
z!#@<=1&J-UOnX)4X?E;((!zlVR-s1{M==80XW?M(QoG>`4VnZslQzm#d*QWXmFC;=
zw8(LvHnU)NB%~()$e0zuR_&X}A9riY=TEUq1TT8q?^sYm!Qnd*%ORvsTrt@A{jEfA
z9a&;#cC6j8xXZ?c<g1bRT~Kmz+q1j)%btk5x?A&2+K9^l;s9$<Tgi7gQGJFHd5Xx1
z5bUtGJH;}U(H$XnCOE%LQ%nAaWiAnJhL?To%*I5}coz*|UYd!orU}xyMoU5dsp_B(
z*m5eJz^|7w8C?}S{=L{;BORH;E;>KG>T7U#5jKTLDt^4Q_K4meU)95w`#IEi^^wsr
zXDj}5i>%oJ4ob{PDUW)yvz(85_wNB}qO`}7`_zz&w?R4{_qCKpLc+bsf0(-=Xe|~H
zWX56;aost-&2-aEX@R1EPYtQ)kXkBE-%Hs(RYpC`cd+GeD6e}~sA&@l(AD3Bt3}<U
z^VvTXtj<2N-T0E4$DX4a{<tbjGVy2I;V!#<u?xgr8?(uNEO**uE}WoV&GjKmD@lL<
z?(ZV#Uad{0!*>qG(b$x9YCE4o{3Y`K;$4o8**Y7QNk?7r8qLu>Zk=!TF^!8T{o$X1
z!pLh_QpcH=R!Ln^3ghsLsr#bn?AC?=9}Jk^d^vmZ)P}o4MaRqC@@S?rM--X2yI^Cs
zu~cPDBjU52n=m}&ADDN7v1s@%#jGO_lS<ZhCM?{BO&ul<%;+(HRs!WQiT4!xjP$(<
zMwmPzJ7~8rFeak(JPnPdeQ|BuG=}z$o)7Rd(Qs!kk&AC78GMDr(l%$qlj+TsbR<J8
zsqT7Kz1xnJolFZc7yMyOCQqdKL`{Tgb~$&dO(JB`Ud+t;@swUp4np8M>5Jus=NUfe
zW&AC|b;j6d@31NG`|1hZfMRbz|H0*T@tc|*Idn#UX<)FUu0nHFxXdq6|CbWM3zGo8
z_5&hyr3+pvPzg8s(oCTaIRJYhSL-n5wWxk*@dJY;qS}xVO(;FGfAGuo(MvYdHlM$5
zTRlzC_bub0c7af<+Y~!5TiU33JJQ9Nv(*@2vvYvc{gNAIcmzw9)yrY+i++p7bY;`~
zA$&Xe#mHEiF6k72FY+1Cua=$_zci{l2&m&+p9<BQ<^x}ha(u016Pr4ouCevIy~^KH
z71lehH<Omel=AmPJG5rTiOpK*y@HU4diOj?QzYoM`vD86>S%7A7i&@c9ZcFmP~Kb7
zU0RTew1by33mKI$>${L)r|Kpt3a{{APmpOT@CeMpERsX)lT9iMx<f4*DtfK|nLZS`
zC|O-1xLydg#Y0Wm4KJuZ-WWcGMnnA*!_Dk0ioFu6Hhv?Kc+xq{&-Td%5z_P?`6J#E
zTDmAqI8)xPY|mcomr{&7pUM8~+AQ+?tj}lfbKLYjboT}i?_W#>G?r~S+RQa2xEDXP
zF0}c)?OZq0{RV_x*HWOUQq>c4<+t$Tq=9Mul;vVBcGk@Dc$qadk>Nrc@7luW;JO|l
z{!7#E!lOP|A^}k5pq%ZQ8C~N>9S?wN{TAMjrj5s9)B&v`2!yCBKux<=Xt>GB7%mB&
z-s{;ab1x1a9xi70r3|ZT6p9>_9eVU2-ScdfN)%s-px0Vf7N{s)F2?F=gHDOOXtQdF
z!Akt51p+_T1G6*MuCb~@G}RfhtLQye>{^pJ@)!Ctjz^l_??LGd5dvWL&Ha`@YOMZ(
zYCz&)jalkGG@$ZvVpX<yp8{riF+{Khmq3oins)uf`75Z+{PV@vkfBikF1vvPoXc>o
zpg}c?|3s;MuN8av#<-L(=}*CAxAv3GpKA1?A2gJX7+#7#HUb$iykf1nuuL*=r}e!4
zA|!1vOwa_L%sG(VY~7c1-d9BLHNI(kfsW$&BA1W}iLU6WK)+#XwDYCasBJ=ZAI)=h
zAVBu%S^C9y2SDk^ZokDi5{H@F57@I@rX#h_A2>$Tzkrh}yiAAgX08P)P6mAn8I((<
zEi%wQ-tA1=?jzlm%ZdwG*#RR&nj<r9cEKNKk{!F9IUmz*#$2CL-LPx2<*Y`$RpuNY
z3!@adEawM`TK>Q+ltLq>6v5bn4ajJBv+)Rh>tGD=lcqZW&jx)78y|TFgR=TDDRnlK
zhUx0fCK^?+J)PN84y6}Sj%`o;OvO`vA(OA~(F7Pi!=D%l$`|E*su&&ya`5D3(XcQ3
zZ0)JZ;aK-%Klh=gOZ9jl5W2{4y!q|oOzN1a;sD{Q4$-wO(rlnqnLQjF4xWty1HBwl
zV9gw#YF|0d{ZvQ*IG)CL@;TtPQ|yZMtoW}sez{;of^sQ7&pSzPwzCKzF3H)BDZi)N
zCL+WsZMw|$BZ-EJWTKI2vBNp%JHM8C?!PNF<Rm&vpE6FF<&#-g6AYeRUND>q=ppQd
zNpCBPdW4Cyh$BO|4RRe@gDhS@P7v;g8#aEl&#xdey>YTiYpE-aD<R9VN%Fy^L55Yb
z98R4HHgHjOzu%{FwC=!_eR|lx<vcIa$<J@R>yu?gj%-4XF3(Ls>2$1{Fun&19i#Nz
zkM*|;GtUl9oZEIb#z$YqZ%h!A_cXq|u;782W)uWA3?tyf7CasdJ*#nbQ{flFbYTWX
zpfaSO15=w%pv2T>+^B#Vm**DZVs)L@s8h6oT>Z-Wk5}!sLeI_gBOvd?mJ>?Gsc+*7
zDq?|`b&t1f-%SEwl}6epI0ZQH)?egHPva>HCRby<hOK!ka^xjkWGJ*`q8&}c9{~k;
zMHWi0CPTIfnQdj_J5?lioXI!=Ws-j8Vd!F8@u5Y&#|j&dhl88@h8^L4_NfU)VLxz=
zgXH2yJ~3Xf=zJ0&Xz~ke>IAze0czdewlxyuT?#!Xr@!GL9xvY@X$~f)XGl#BGO|=2
z(bcn-DakxK>U1P4VwAdbU+O};-gdH!Q%P;jGO1#;<MM}##s74nVfJM7uB0SQreU*c
zSghDr<_FiLV~zVVwf9_u@`!%KG2c3^JB#i`PDblT!TPk-tc=fAf9ufZCubgwnVoTQ
zboT!~C(Lxf)Dy85Pp>xA-qQhu*T1RGC}tJ9DPlZ%!@;JSVlQiweESBS(){ij@c0g4
zpbZj5Qw}Yw%iZ53Ml+|pIS&vC9K`#^DB=Rnzm<A-w~?-v|A-FUe5rvQykMcThnX{?
z(%d*t%jL*FWgu<hSeUrtN+gD0Buma7d0vzbSrM&zB8z#Fo!zU?rtV6^-)OQ25x|#!
zr`P2_hk31Nup@#klO<>vpeNW+{YKd2Nqj^z10$}ZYHc?snN7I|=zvv*M+=UByn&Or
zLB^>)<jBvsaj%zyrG_QH#BI{#nYm_q3kCPK9gc-FnB(5r+EbA-bh%o?L_5{1QkR5v
zC<QUVUTjUsCk|KeUX|>OAK87ZxA8F|{V`jJj*BPaaEx6#LK%sKk8P7{oWI3UYMaNH
zHjY;k$GqA;54?H?M+Ox;5l>^A<^DvPYx&36{ul3`w;aXxjQ0m4*B`VH4T<Mo-mhXE
z<`2NuY8oi87D2(JM!SBa$fh^kjle092@@p=Qmsn8C@+_=wLo#+QL541vjP|A6ipHZ
zXMaVJvCYcS%~SsQ1n;jamyr4ZwBtOR1WlV)ON~We>lF!Z^`S!Tb;B{j`Zpxp>VCg?
z{HO9x+mrLYMNBV<xpJTH36HD0h#PKd&ZMrqTCvMYd9_#+qP1WWDFY$&m~N?!_ggR-
z^euZk<xQmykt)|X@K}+>oX_#Yw2lDfLK<mBE-;=NhKGymc{+}39p||lh=)ixONAHe
zCd!?n*%0U%5F05EJf22kH)0*nhG#j{#8Vx90=Up$v*<mr*`YR#pKe-Sv!=<0<#rp}
zD=5!smmFc&hNmqEAk+K;MTF=Qxgm^imE6oy5dw`*T(3Sf^^Atz=%Y<huUkgk!G~i&
zHO7X9@DNfy(B)adif8+^&Rf*vHJg3&K!G_<%VYk$;kQa4kzoKE_PBW@hjL`+Vg$bP
za<AFf^>N$T6S3mTo^Un1mZL9`v@!PHzC@{><=4O}G=!vY=u{-Z<{Z`l-+slk*ZD84
zc#_RsBQJ{Mm9sO3F9&HMnmB!J@_(MH5mRiJ=amOWeWV!Mtx-RT-92qLGhG=S4tizs
zQ+|6^_xm1^J)|U|n!2mX2hE~8y~#;;bQ;HjsCd$ocd9pIOm+)!dfB*~4r$laOG5ha
z*HBkt&O!GpD0lgn(8v~%_nv}x&Mo+PAzk(*uG0eeWwK*Q*IE~^VM4jzF%$V~oyJI<
z)s-)QFF#g0ERfdY`iEgmQ!6{nz*UFA;<jLQoE1qs3f`!$RHjrB1Qi@11gUqoWmB^1
zi8k<<O@E@J_{C&%A`V^E)4MClZq#Ljyyt{m9vQIeNt24i=PA4NB8`#(@!;g8y(69j
zD(H+|Y6$I7`iOdCK7TJgi*jecG@0`(@2?E-)A>s2(hR7kwa%}M`O1r{f^7MCyR`<2
zQ7sq1I}h<g+Y20Np1nu*XSLe<HVFh%<`*sSv@S*}Zgn3n19*uD5nF1ab}r#|y@Sb<
z)jcK9M=YYO^Lg@~4Np4hf-No(!HBDoWkC1)kNV#C1mtNSBE3(UBfk_6{*_+lz;Xq+
z1k}-QRbrWrw%!0^4kkC}(i$(fJpHA~A2Fw^c&$ED@}G_V5i!lU`}4(yyU~5i+Q>FT
z62wBCVH3lrO+)izFuzfEOzV88;_oKs_2v*#1~YRuHA04KT%7E60iL_*wSaA$to@Fi
z#1v%xq+eVG;g^b#TScnnLgo31@%RPtY<s)W^Ra0H@3a^<|M2;IP_M`;4&Jwdn+EJ>
zq7;?-+1MIBS?4Z65w$##7J(37u>xq^oYS$yWiU4IZC2Ruv~ovVShidWJhy9M!_Ths
zr7pUHuER3wQ8W$4NpvbvRh6jY_=g-y3cA!;_ro&!)?S7omBzlw$YC~OO^RucE`~3q
zp8AdR`%jgmxCha^|2bv~^EDvJfBT^T_9pGY&3sMvl2PQEdKwi*60vE83|Ay6D?4+n
zXP)jYMq6btp3}6y=5oqxD32S-dVo&Rz>;3cAe9B}`~3!%xc*}yRHfTX-(<?9-R+&7
z`<JuNeK@ffli;$83b*chG0=N7-IAe?)$mpg*=v~Loys?mD_9$TC%X^+lO2vF(rsKT
z)c<U7(VaQD3*~XjH5_ulzEL90zOS>}n{OZ!^!U2=tIOmS|3suR5*#|1IeUl<^H2f$
zS98+-YW>-LK4D(&`wZ8xBKgJTg4Vh&mJGESDvUUAIzcn5DQPhjRSyghzSC=kToZ}P
z(K;*c01QJ2N*9(32<)af*uLukKZ{TWZs5xAPCj7=i%ru&X36Sw`-OoOFq+SUW1-`e
z6JqKCRal?LDk`!rHTne#iWH$<d50AJwn@Ui#H6|Ky}N}y<K-W1RIzUOKU5+zJ<2)@
z2{n%b;|=4V<F!M~%%})Uaaa(;`kFp!b2XZYR%IgTwveYy_%YSPxg#h_ij}aF;`>b4
zVdlIOfwZ1CEw_EH!*+rFGHkDSYDc@{@%IDTEN|lORvrfF^K>`oj!h>wRDlwWin;5n
zT_4;KkCk%qj2bSt0+}?YpolZdM|atg>YsG+7Vm3H4moX`!wdB0WRS|#5+lE(kBIjP
zcPdvrbB1PUSG{tx&W>FrAvz@ym%cnTTx<mukBcgvI|qO0<MT^K$LRb1h)LgWTU6}l
z6&~*@=j798^^WloP)>|Cs7t6LRw}Y)RNgOSa`!@6wd!xZ!_0U6_QX^d74wm&HfQh4
zKTdSVQRBJ-aN`Uf9Yjgk6%VE|0c83SPkL(F<5rQSL(0AfMwy}P_lyz)uL{;Xsm=td
zJ95*v3He2j-qrVu`##^56T~gE*taQLA<V2t1jzyyEdva{Y!<=aP8vuX#sUc{X=vGH
z)^A5c_jlOiG!5J6Y(2flL))8~nsd?JL2@52yDJVCY+sUEmhq-v04wWsWm)A3sS_6&
zIvgmU_1N%w8t8j_J5t<LJk&O4!BN2aSR^7H?MYkbn6do}T)QVJE6BG#SpZeXoHe}~
zduitiX=X&do$p-s+eg*7)#Mdt^vu;GmcIdH>|cq%htX@vL#@itQJ8tQ89^_<Rg~41
z1v#BVS7jLm`ND^gfo#8)jgYs6d5x$oOsT53Cf<4_b;9>nf-slaaWaLPBlm4P?+5%f
z1sbrQgL5eE!mR<y+}5gpOX?l<#?nu-0hN%?9a-|1r8%593VXXYL_L#WyIYltGWfG0
z`n0IKnWxH~I^aZ?+`PIXuX;*8)(AL;HP-%Ysn}jd=K09eI}wY@T-jBRiH8qj<f#+=
z`@YhlX~)i-R8GNMu14}|D|`pIKKGQ94Ih+r|Ki&h5Ipnvs$J5fD=}fd@iks{0Bu{t
z=F^-}r+=R&HV&TUi+;Pr9M{me#(%OakLE;dsJ%<#Hf?9zcDM$(GGH}%r4TwAf*rn!
zxG#3vrR)8UJA2r@RP~74kmA}qgrp6-_%RNOgDmlRAL}P{l{TnQ`6o#Wt^R7rgvEPb
zBlumGGqqyaKcV2ZlBIRmPx$K>ueOQLb+|r-lc;&retya!NNF)`p4LjwIB>qZBD`8A
z+w~@MAOK5tFPyx|T6NdL+lP>miXQV%e(DgzPa$JxSXIZKcRoRndRt^)I$)Y6s*hEZ
zpKnvEgS{4L*lOKb3XU1Xt|ioIJlfl(oIs!f+;p@oRAIahF#4%8FKO6TP`!nJ?-6N|
z-<0#i6D2p+!Y8DZm<+$DudlAnvMB6QHF!FV2)}*trx3?-$nCzy^{Hs8tFyLx;I5Ne
z)%fwZ?#2${F#R~Hv2#DR8|)xWADo4^fP&J!WNA9RmCaP$0SCiYKlCb?kK!T@C)>S<
zIz@Nl-vVGT57RDI%Sl*YsrD>NmN2dV(L~Ur1+;|BT*>AyeAIJC#_nN_cJ5?q=Fdr>
zi|{wx5wCxIU5`Ej%noN)!q&upF>y>UwWL-VL1yUr3q6|c`k!2RAgFu_F`8z(-YU~B
zdbxDJK+oBK0k&!f0m`G@-h)mlk>x#&T?g_b@ARxCl#(f?8?ja_6&8|{NC@ZTo82s#
z(4TaFt2jMDJJJed<27r8q1i+c)a}WXKPET|^8|8{2EUq~Me~8w^z0#L%_tfq1&2DJ
ze){u3;Btu3a2<`)hml#8Q*pd80s}eL8{oaNAP$$Oi|FnOdz^CJsg3UmW9?0x;bH8c
z^O_2SSq%moYUVaSROfW@x8R<6^PcV{JE{PKOjM@RX?W$Y*^;&n<;$g+XuqPtzzYq}
zY5F#iE5E#@LMqDIR)|f-3*r-xwJr@^TQKGGLDVN^WjK-CmJ-|~Wqd`ZI-(28H;w?l
zRW-0Y7}EIK;zj6$*OBkJ!M|bVFq8Oz#Lo}KB(B4C2Zl{D;*?AxsU<$HQwA@*S(H0Z
zyp=(TCxC&A+Yvd|)3hjZEGD|I6yDb9L8Y9b06_#Dk&0|RZ6xSHMgS+8ES-yNaP4U%
zG36@~N9Hio!$)(Z^x2U<`n0|ycP-JBO=bOVAC~Qux6Gk8%92=ycQ6?<+Pc-~WsL7C
z+3O(#4=8&H$ECH|x1BuNc781iBnsh0-SI`G*_A2Uykm!A=B;K~{KQuV{-O#RB!Lrb
zlaPQmuU6`~^+_x%2!zEer?CR&%<C3Sj-v3SoIldE*LuL5ly|f6rS=YQbOlTnjP@NZ
zd@6l<i3l><Wi5<<#38_6BQHEyyqt;iYhj2;oc1#A_0OnPWk<D?;Gj5Q`=KwyU%nM4
zpRk`kUuW<bq@DoL0+J~(nbw{$W%QWD+#*7r(Q{wvC(W7IXBaE<n}gEA$!sNw^9O0b
z9G#(M%-F$b2QnXpIC;qZ4F%4>RC*X~IFqkM#OGwa4z_oxggmyE3wT-S0ZDQ}Yh;o&
z{w?YV(2B?TlXbiXzgjWP(qgTyrC{Fhz=%jaskfsX`$Ax0>i-<nM%hLLl2+T{6S{}2
zNff)h>N+LgHICi^_v8PV__Cps1EV|X{%u+2;rG;PykK=xasM43iJwL9t84lt!}!^$
z;hNXCgGbrnhZv>8c@`?dKo{Dr=^GqL+|r27(B>>RPd&mNzB&3VQ39&(J`A5e%J!3-
z=CM(75z|J0Z=ZBwS7NI3Xq;ILTDo)-NCCt(7_~Di|9n@(*(xE_dfTkp>ili&B<C+P
zxP`7I|28htis$Ep*JpFX_*6T6uijx!bP$vjPE!y;`Tq(?qqa*6Br_-=&D)$dfFNy^
zivktpwN-Um*qPa!7c*Uh&Eo(1!sb_TppNtDP;tSFAcR#?2=krI!4KhodB)pAU38OD
z6T?>L<#ajO|3dnwn%yX(AMo0>gIUK_0I#+pb~ZCF(XGltaR);jIt%=B%m3+ms5Hn%
z*;&wDWV2AI9ohg?L~nnno#+2SrckHz#m!JU(IKV;75Bc!WD|z=8kPMjdbrs<1WR}~
z6q_+I|3z7vha9z4`+E~meQ$|=&HaB4BQt}={~bCB$?L}<|N7pdNX{=&%lf}<UE{z1
z4(ba3>@NT564g0Tkk`Mh$n-xd)>2YRU8pht+cKm7r~h!Lk^|lTzg&UUJXH37?U<#0
a++#7SbEOY5r(r)pwKvjAQk4?M!T$#(MK(GB

diff --git a/documentation/release-engineering.md b/documentation/release-engineering.md
index 869911ec2..bdb27d6b8 100644
--- a/documentation/release-engineering.md
+++ b/documentation/release-engineering.md
@@ -2,15 +2,15 @@
 
 These are the instructions for producing a release.
 
-CircleCI will do most of the work for you. You will need to edit the draft release notes.
+GitHub Actions (GHA) will do most of the work for you. You will need to edit the draft release notes and click a button to make the release public.
 
 Please change the version number as appropriate.  Substitute (for example)
-`v3.28.0` any place you see `$VERSION` in this doc.
+`v4.2.0` any place you see `$VERSION` in this doc.
 
 ## Step 1. Rebuild generated files
 
 ```shell
-export VERSION=v3.28.0
+export VERSION=v4.2.0
 git checkout master
 git pull
 go fmt ./...
@@ -22,26 +22,21 @@ git commit -a -m "Update generated files for $VERSION"
 ## Step 2. Tag the commit in master that you want to release
 
 ```shell
-export VERSION=v3.28.0
+export VERSION=v4.2.0
 git tag -m "Release $VERSION" -a $VERSION
 git push origin --tags
 ```
 
-See [Git Docs](https://git-scm.com/book/en/v2/Git-Basics-Tagging) for more examples.
-
 Soon after
-CircleCI will start a [build](https://app.circleci.com/pipelines/github/StackExchange/dnscontrol) Workflow and produce all of the artifacts for the release.
-
-![CircleCI Release Screenshot](assets/release-engineering/circleci_release.png)
+GitHub will start an [Action](https://github.com/StackExchange/dnscontrol/actions) Workflow called "draft release" which will build all release binaries and write the draft release notes.
 
 ## Step 3. Create the release notes
 
 The draft release notes are created for you. In this step you'll edit them.
 
-The CircleCI build uses [GoReleaser](https://goreleaser.com/) which produces the [GitHub Release](https://github.com/StackExchange/dnscontrol/releases) with Release Notes derived from the commit history between now and the last tag.
+The GHA workflow uses [GoReleaser](https://goreleaser.com/) which produces the [GitHub Release](https://github.com/StackExchange/dnscontrol/releases) with Release Notes derived from the commit history between now and the last tag.
 These notes are just a draft and needs considerable editing.
-You can also find a copy of the release notes in the CircleCI `release` job Artifacts.
-These release notes will be used in multiple places (release notes, email announcements, etc.)
+These release notes are used elsewhere, in particular the email step.
 
 Release notes style guide:
 
@@ -118,59 +113,38 @@ If you are at Stack Overflow:
 ## Tip: How to bump the major version
 
 If you bump the major version, you need to change all the source
-files.  The last time this was done (v2 -> v3) these two commands
+files.  The last time this was done (v3 -> v4) these two commands
 were used. They're included her for reference.
 
 ```shell
 #  Make all the changes:
-sed -i.bak -e 's@github.com.StackExchange.dnscontrol.v2@github.com/StackExchange/dnscontrol/v4@g' go.* $(fgrep -lri --include '*.go' github.com/StackExchange/dnscontrol/v2 *)
+sed -i.bak -e 's@github.com.StackExchange.dnscontrol.v3@github.com/StackExchange/dnscontrol/v4@g' go.* $(fgrep -lri --include '*.go' github.com/StackExchange/dnscontrol/v3 *)
 # Delete the backup files:
 find * -name \*.bak -delete
 ```
 
-## Tip: Configuring CircleCI integration tests
+## Tip: Configuring GHA integration tests
 
 ### Overview
 
-CircleCI is configured to run an integration test for any provider listed in the "provider" list. However the test is skipped if the `*_DOMAIN` variable is not set. For example, the GCLOUD provider integration test is only run if `GCLOUD_DOMAIN` is set.
+GHA is configured to run an integration test for any provider listed in the "provider" list. However the test is skipped if the `*_DOMAIN` variable is not set. For example, the Google Cloud provider integration test is only run if `GCLOUD_DOMAIN` is set.
 
 * Q: Where is the list of providers to run integration tests on?
-* A: In `.circleci/config.yml` look for the "provider" list:
-
-Example:
-
-```yaml
-workflows:
-  build:
-    jobs:
-      - integration-tests:
-          matrix:
-            parameters:
-              provider:
-                - GCLOUD
-```
+* A: In `.github/workflows/build.yml`: (1) the "PROVIDERS" list, (2) the `integrtests-diff1` section, (3) the `integrtests-diff2` section.
 
 * Q: Where are non-secret environment variables stored?
-* A: In `.circleci/config.yml` look for:
-
-```yaml
-jobs:
-  integration-tests:
-    environment: # environment variables for the build itself
-      GCLOUD_EMAIL: dnscontrol@dnscontrol-dev.iam.gserviceaccount.com
-      GCLOUD_PROJECT: dnscontrol-dev
-```
+* A: GHA calls them "Variables". Update them here: https://github.com/StackExchange/dnscontrol/settings/variables/actions
 
 * Q: Where are SECRET environment variables stored?
-* A: In the project: [project settings / environment variables](https://app.circleci.com/settings/project/github/StackExchange/dnscontrol/environment-variables)
+* A: GHA calls them "Secrets". Update them here: https://github.com/StackExchange/dnscontrol/settings/secrets/actions
 
 ### How do I add a single new integration test?
 
-1. Edit `.circleci/config.yml`
-2. Add the name of the provider (ALL CAPS) to the "provider" list.
-3. Any non-secret env variables needed? Add them to the "environment" section.
-4. Any secrets?  Add them to the [project settings / environment variables](https://app.circleci.com/settings/project/github/StackExchange/dnscontrol/environment-variables)
-5. Add the `_DOMAIN` environment variable to [project settings / environment variables](https://app.circleci.com/settings/project/github/StackExchange/dnscontrol/environment-variables). It is not secret, but must be set as part of the project.
+1. Edit `.github/workflows/build.yml`
+2. Add the `FOO_DOMAIN` variable name of the provider to the "PROVIDERS" list.
+3. Set the `FOO_DOMAIN` variables in GHA via https://github.com/StackExchange/dnscontrol/settings/variables/actions
+4. All other variables should be stored as secrets (for consistency).  Add them to both the `integrtests-diff1` section and the `integrtests-diff2` section.
+Set them in GHA via https://github.com/StackExchange/dnscontrol/settings/secrets/actions
 
 ### How do I add a "bring your own keys" integration test?
 
@@ -180,36 +154,12 @@ Overview: You will fork the repo and add any secrets to your fork.  For security
 
     If you already have a fork, be sure to use the "sync fork" button on the main page to sync with master.
 
-2. Create a CircleCI account
+2. In your fork, set the `${DOMAIN}_DOMAIN` variable in GHA via Settings :: Secrets and variables :: Actions :: Variables.
 
-    Go to [circleci.com](https://circleci.com/signup/) and follow the instructions.
-
-3. Set up a CircleCI project
-
-    On the projects page, find "dnscontrol". Click "Set Up Project". Use the "Fastest" method (use the existing `.circleci/config.yml` file).
-
-    If you get the error message below, go to the "Organization Settings" (left nav). Then "Security" (left nav) and set "Allow Uncertified Orbs" under "Orb Security Settings" to "Yes".
-
-    >"Orb cloudsmith/cloudsmith@1.0.5 not loaded. To use this orb, an organization admin must opt-in to using third party orbs in Organization Security settings."
-
-4. Add the secret env variables:
-
-    Go to Project Settings (for this project), and "Environment Variables".
-
-   * Add env variable `provider_DOMAIN`  where "provider" is the all caps name of the provider. For example add `BIND_DOMAIN` with the value "example.com"
+3. In your fork, set any secrets in GHA via Settings :: Secrets and variables :: Actions :: Secrets.
 
 5. Start a build
 
-    From the pipelines page, you can trigger a build by setting the branch to "master" then click "trigger".
-
-    Merges to "master" result in the software being built.  Merges to any other branch causes integration tests to run.
-
-    Verify that your tests are working properly by making a branch.  You'll see on the `Run integration tests for _____ provider` step the results of the test.
-
-    Some notes:
-
-   * Tests that are skipped take about 3 seconds to complete. In other words, if you look at a list of tests, you can tell which ones were skipped by looking at the completion time.
-   * Free accounts don't have access to `2xlarge` instanace. You'll either need to upgrade your CircleCI account or change `2xlarge` to `large` in `.circleci/config.yml` in your fork. Please be careful to not include that file when you send a PR. See [#1935](https://github.com/StackExchange/dnscontrol/issues/1935) (Anyone have tips on how to make that easier?)
 
 ## Tip: How to rebuild flattener
 

From 1ea9f4ced69bb8570ad847390a2acdd530bd3260 Mon Sep 17 00:00:00 2001
From: asn-iac <134323752+asn-iac@users.noreply.github.com>
Date: Tue, 8 Aug 2023 07:47:39 -0700
Subject: [PATCH 07/79] GCLOUD: Support "private domains" plus many bugfixes
 (#2482)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers/gcloud.md   |  31 ++++
 integrationTest/integration_test.go |   1 +
 providers/gcloud/gcloudProvider.go  | 258 ++++++++++++++++++++--------
 3 files changed, 223 insertions(+), 67 deletions(-)

diff --git a/documentation/providers/gcloud.md b/documentation/providers/gcloud.md
index 4c0900b21..aba14354f 100644
--- a/documentation/providers/gcloud.md
+++ b/documentation/providers/gcloud.md
@@ -90,6 +90,37 @@ will enable it on your account, responding with a list of names to use in the `n
 
 > `name_server_set` only applies on `create-domains` at the moment. Additional work needs to be done to support it during `push`
 
+## Private Domains
+
+This optional feature allows for the instantiation of Google Cloud DNS zones with the `Visibility` field set to `private` and with specific Google Cloud VPC Networks granted visibility to the zone.
+
+Example:
+
+{% code title="dnsconfig.js" %}
+```javascript
+var REG_NAMECOM = NewRegistrar("name.com");
+var DSP_GCLOUD = NewDnsProvider("gcloud", {
+    "visibility": "private",
+    "networks": [
+        "https://www.googleapis.com/compute/v1/projects/mydnsproject/global/networks/myvpcnetwork",
+        "my2ndvpcnetwork"
+    ]
+});
+
+D("example.tld", REG_NAMECOM, DnsProvider(DSP_GCLOUD),
+    A("test", "1.2.3.4")
+);
+```
+{% endcode %}
+
+> `visiblity` and `networks` only applies on `create-domains` at the moment. Neither setting is enforced by the provider after a zone is created.  Additional work is required to support modifications to `networks` visibility during `push`, however the API will not permit `visibility` to be modified on an existing zone.
+
+> `networks` may be specified using the network name if the VPC network exists in `project_id`
+
+> multiple network urls may be specified in `networks`
+
+> split horizon zones using the `GCLOUD` provider are currently only supported when the providers' credentials target separate `project_id` values
+
 # Debugging credentials
 
 You can test your `creds.json` entry with the command: `dnscontrol check-creds foo GCLOUD` where `foo` is the name of key used in `creds.json`.  Error messages you might see:
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 84ea11289..8a0ff010f 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1294,6 +1294,7 @@ func makeTests(t *testing.T) []*TestGroup {
 				//"GANDI_V5",      // Their API is so damn slow. We'll add it back as needed.
 				//"HEDNS",         // No paging done. No need to test.
 				//"MSDNS",         // No paging done. No need to test.
+				"GCLOUD",
 				"HEXONET",
 				"HOSTINGDE", // Pages.
 				"ROUTE53",   // Batches up changes in pages.
diff --git a/providers/gcloud/gcloudProvider.go b/providers/gcloud/gcloudProvider.go
index a7333b47f..e922200dd 100644
--- a/providers/gcloud/gcloudProvider.go
+++ b/providers/gcloud/gcloudProvider.go
@@ -5,7 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"log"
-	"net/http"
+	"regexp"
 	"strings"
 	"time"
 
@@ -21,6 +21,8 @@ import (
 	"google.golang.org/api/option"
 )
 
+const selfLinkBasePath = "https://www.googleapis.com/compute/v1/projects/"
+
 var features = providers.DocumentationNotes{
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
@@ -36,6 +38,12 @@ var features = providers.DocumentationNotes{
 	providers.DocOfficiallySupported: providers.Can(),
 }
 
+var (
+	visibilityCheck  = regexp.MustCompile("^(public|private)$")
+	networkURLCheck  = regexp.MustCompile("^" + selfLinkBasePath + "[a-z][-a-z0-9]{4,28}[a-z0-9]/global/networks/[a-z]([-a-z0-9]{0,61}[a-z0-9])?$")
+	networkNameCheck = regexp.MustCompile("^[a-z]([-a-z0-9]{0,61}[a-z0-9])?$")
+)
+
 func sPtr(s string) *string {
 	return &s
 }
@@ -56,6 +64,9 @@ type gcloudProvider struct {
 	// diff1
 	oldRRsMap   map[string]map[key]*gdns.ResourceRecordSet
 	zoneNameMap map[string]string
+	// provider metadata fields
+	Visibility string   `json:"visibility"`
+	Networks   []string `json:"networks"`
 }
 
 type errNoExist struct {
@@ -73,28 +84,22 @@ func New(cfg map[string]string, metadata json.RawMessage) (providers.DNSServiceP
 	// fix it if we find that.
 
 	ctx := context.Background()
-	var hc *http.Client
+	var opt option.ClientOption
 	if key, ok := cfg["private_key"]; ok {
 		cfg["private_key"] = strings.Replace(key, "\\n", "\n", -1)
 		raw, err := json.Marshal(cfg)
 		if err != nil {
 			return nil, err
 		}
-		config, err := gauth.JWTConfigFromJSON(raw, "https://www.googleapis.com/auth/ndev.clouddns.readwrite")
+		config, err := gauth.JWTConfigFromJSON(raw, gdns.NdevClouddnsReadwriteScope)
 		if err != nil {
 			return nil, err
 		}
-		hc = config.Client(ctx)
+		opt = option.WithTokenSource(config.TokenSource(ctx))
 	} else {
-		var err error
-		hc, err = gauth.DefaultClient(ctx, "https://www.googleapis.com/auth/ndev.clouddns.readwrite")
-		if err != nil {
-			return nil, fmt.Errorf("no creds.json private_key found and ADC failed with:\n%s", err)
-		}
+		opt = option.WithScopes(gdns.NdevClouddnsReadwriteScope)
 	}
-	// FIXME(tlim): Is it a problem that ctx is included with hc and in
-	// the call to NewService?  Seems redundant.
-	dcli, err := gdns.NewService(ctx, option.WithHTTPClient(hc))
+	dcli, err := gdns.NewService(ctx, opt)
 	if err != nil {
 		return nil, err
 	}
@@ -111,17 +116,53 @@ func New(cfg map[string]string, metadata json.RawMessage) (providers.DNSServiceP
 		oldRRsMap:     map[string]map[key]*gdns.ResourceRecordSet{},
 		zoneNameMap:   map[string]string{},
 	}
+	if len(metadata) != 0 {
+		err := json.Unmarshal(metadata, g)
+		if err != nil {
+			return nil, err
+		}
+		if len(g.Visibility) != 0 {
+			if ok := visibilityCheck.MatchString(g.Visibility); !ok {
+				return nil, fmt.Errorf("GCLOUD :visibility set but not one of \"public\" or \"private\"")
+			}
+			printer.Printf("GCLOUD :visibility %s configured\n", g.Visibility)
+		}
+		for i, v := range g.Networks {
+			if ok := networkURLCheck.MatchString(v); ok {
+				// the user specified a fully qualified network url
+				continue
+			}
+			if ok := networkNameCheck.MatchString(v); !ok {
+				return nil, fmt.Errorf("GCLOUD :networks set but %s does not appear to be a valid network name or url", v)
+			}
+			// assume target vpc network exists in the same project as the dns zones
+			g.Networks[i] = fmt.Sprintf("%s%s/global/networks/%s", selfLinkBasePath, g.project, v)
+		}
+	}
 	return g, g.loadZoneInfo()
 }
 
 func (g *gcloudProvider) loadZoneInfo() error {
+	// TODO(asn-iac): In order to fully support split horizon domains within the same GCP project,
+	// need to parse the zone Visibility field from *ManagedZone, but currently
+	// gcloudProvider.zones is map[string]*gdns.ManagedZone
+	// where the map keys are the zone dns names. A given GCP project can have
+	// multiple zones of the same dns name.
 	if g.zones != nil {
 		return nil
 	}
 	g.zones = map[string]*gdns.ManagedZone{}
 	pageToken := ""
 	for {
+	retry:
 		resp, err := g.client.ManagedZones.List(g.project).PageToken(pageToken).Do()
+		var check *googleapi.ServerResponse
+		if resp != nil {
+			check = &resp.ServerResponse
+		}
+		if retryNeeded(check, err) {
+			goto retry
+		}
 		if err != nil {
 			return err
 		}
@@ -203,6 +244,20 @@ func (g *gcloudProvider) getZoneSets(domain string) (models.Records, error) {
 	return existingRecords, err
 }
 
+type msgs struct {
+	Additions, Deletions []string
+}
+
+type orderedChanges struct {
+	Change *gdns.Change
+	Msgs   msgs
+}
+
+type correctionValues struct {
+	Change *gdns.Change
+	Msgs   string
+}
+
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (g *gcloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
 
@@ -229,30 +284,25 @@ func (g *gcloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exis
 		return nil, fmt.Errorf("incdiff error: %w", err)
 	}
 
-	changedKeys := map[key]bool{}
-	var msgs []string
+	changedKeys := map[key]string{}
 	for _, c := range create {
-		msgs = append(msgs, fmt.Sprint(c))
-		changedKeys[keyForRec(c.Desired)] = true
+		changedKeys[keyForRec(c.Desired)] = fmt.Sprintln(c)
 	}
 	for _, d := range delete {
-		msgs = append(msgs, fmt.Sprint(d))
-		changedKeys[keyForRec(d.Existing)] = true
+		changedKeys[keyForRec(d.Existing)] = fmt.Sprintln(d)
 	}
 	for _, m := range modify {
-		msgs = append(msgs, fmt.Sprint(m))
-		changedKeys[keyForRec(m.Existing)] = true
+		changedKeys[keyForRec(m.Existing)] = fmt.Sprintln(m)
 	}
 	if len(changedKeys) == 0 {
 		return nil, nil
 	}
-	chg := &gdns.Change{Kind: "dns#change"}
-	for ck := range changedKeys {
-		// remove old version (if present)
-		if old, ok := oldRRs[ck]; ok {
-			chg.Deletions = append(chg.Deletions, old)
-		}
-		// collect records to replace with
+	chg := orderedChanges{Change: &gdns.Change{}, Msgs: msgs{}}
+	// create slices of Deletions and Additions
+	// that can be split into properly ordered batches
+	// if necessary.  Retain the string messages from
+	// differ in the same order
+	for ck, msg := range changedKeys {
 		newRRs := &gdns.ResourceRecordSet{
 			Name: ck.Name,
 			Type: ck.Type,
@@ -265,35 +315,92 @@ func (g *gcloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exis
 			}
 		}
 		if len(newRRs.Rrdatas) > 0 {
-			chg.Additions = append(chg.Additions, newRRs)
+			// if we have Rrdatas because the key from differ
+			// exists in normalized config,
+			// check whether the key also has data in oldRRs.
+			// if so, this is actually a modify operation, insert
+			// the Addition and Deletion at the beginning of the slices
+			// to ensure they are executed in the same batch
+			if old, ok := oldRRs[ck]; ok {
+				chg.Change.Additions = append([]*gdns.ResourceRecordSet{newRRs}, chg.Change.Additions...)
+				chg.Change.Deletions = append([]*gdns.ResourceRecordSet{old}, chg.Change.Deletions...)
+				chg.Msgs.Additions = append([]string{msg}, chg.Msgs.Additions...)
+				chg.Msgs.Deletions = append([]string{""}, chg.Msgs.Deletions...)
+			} else {
+				// otherwise this is a pure Addition
+				chg.Change.Additions = append(chg.Change.Additions, newRRs)
+				chg.Msgs.Additions = append(chg.Msgs.Additions, msg)
+			}
+		} else {
+			// there is no Rrdatas from normalized config for this key.
+			// it must be a Deletion, use the ResourceRecordSet from
+			// oldRRs
+			if old, ok := oldRRs[ck]; ok {
+				chg.Change.Deletions = append(chg.Change.Deletions, old)
+				chg.Msgs.Deletions = append(chg.Msgs.Deletions, msg)
+			}
 		}
 	}
 
-	// FIXME(tlim): Google will return an error if too many changes are
-	// specified in a single request. We should split up very large
-	// batches.  This can be reliably reproduced with the 1201
-	// integration test.  The error you get is:
-	// googleapi: Error 403: The change would exceed quota for additions per change., quotaExceeded
-	//log.Printf("PAUSE STT = %+v %v\n", err, resp)
-	//log.Printf("PAUSE ERR = %+v %v\n", err, resp)
-
-	runChange := func() error {
-	retry:
-		resp, err := g.client.Changes.Create(g.project, zoneName, chg).Do()
-		if retryNeeded(resp, err) {
-			goto retry
+	// create a slice of Changes in batches of at most
+	// 1000 Deletions and 1000 Additions per Change.
+	// create a slice of strings that aligns with the batch
+	// to output with each correction/Change
+	const batchMax = 1000
+	setBatchLen := func(len int) int {
+		if len > batchMax {
+			return batchMax
 		}
-		if err != nil {
-			return fmt.Errorf("runChange error: %w", err)
+		return len
+	}
+	chgSet := []correctionValues{}
+	for len(chg.Change.Deletions) > 0 {
+		b := setBatchLen(len(chg.Change.Deletions))
+		chgSet = append(chgSet, correctionValues{Change: &gdns.Change{Deletions: chg.Change.Deletions[:b:b], Kind: "dns#change"}, Msgs: "\n" + strings.Join(chg.Msgs.Deletions[:b:b], "")})
+		chg.Change.Deletions = chg.Change.Deletions[b:]
+		chg.Msgs.Deletions = chg.Msgs.Deletions[b:]
+	}
+	for i := 0; len(chg.Change.Additions) > 0; i++ {
+		b := setBatchLen(len(chg.Change.Additions))
+		if len(chgSet) == i {
+			chgSet = append(chgSet, correctionValues{Change: &gdns.Change{Additions: chg.Change.Additions[:b:b], Kind: "dns#change"}, Msgs: "\n" + strings.Join(chg.Msgs.Additions[:b:b], "")})
+		} else {
+			chgSet[i].Change.Additions = chg.Change.Additions[:b:b]
+			chgSet[i].Msgs += strings.Join(chg.Msgs.Additions[:b:b], "")
 		}
-		return nil
+		chg.Change.Additions = chg.Change.Additions[b:]
+		chg.Msgs.Additions = chg.Msgs.Additions[b:]
+	}
+	// create a Correction for each gdns.Change
+	// that needs to be executed
+	corrections := []*models.Correction{}
+	makeCorrection := func(chg *gdns.Change, msgs string) {
+		runChange := func() error {
+		retry:
+			resp, err := g.client.Changes.Create(g.project, zoneName, chg).Do()
+			var check *googleapi.ServerResponse
+			if resp != nil {
+				check = &resp.ServerResponse
+			}
+			if retryNeeded(check, err) {
+				goto retry
+			}
+			if err != nil {
+				return fmt.Errorf("runChange error: %w", err)
+			}
+			return nil
+		}
+		corrections = append(corrections,
+			&models.Correction{
+				Msg: strings.TrimSuffix(msgs, "\n"),
+				F:   runChange,
+			})
+	}
+	for _, v := range chgSet {
+		makeCorrection(v.Change, v.Msgs)
 	}
 
-	return []*models.Correction{{
-		Msg: strings.Join(msgs, "\n"),
-		F:   runChange,
-	}}, nil
-
+	return corrections, nil
 }
 
 func nativeToRecord(set *gdns.ResourceRecordSet, rec, origin string) (*models.RecordConfig, error) {
@@ -326,7 +433,15 @@ func (g *gcloudProvider) getRecords(domain string) ([]*gdns.ResourceRecordSet, s
 		if pageToken != "" {
 			call = call.PageToken(pageToken)
 		}
+	retry:
 		resp, err := call.Do()
+		var check *googleapi.ServerResponse
+		if resp != nil {
+			check = &resp.ServerResponse
+		}
+		if retryNeeded(check, err) {
+			goto retry
+		}
 		if err != nil {
 			return nil, "", err
 		}
@@ -354,24 +469,33 @@ func (g *gcloudProvider) EnsureZoneExists(domain string) error {
 		return nil
 	}
 	var mz *gdns.ManagedZone
-	if g.nameServerSet != nil {
-		printer.Printf("Adding zone for %s to gcloud account with name_server_set %s\n", domain, *g.nameServerSet)
-		mz = &gdns.ManagedZone{
-			DnsName:       domain + ".",
-			NameServerSet: *g.nameServerSet,
-			Name:          "zone-" + strings.Replace(domain, ".", "-", -1),
-			Description:   "zone added by dnscontrol",
-		}
-	} else {
-		printer.Printf("Adding zone for %s to gcloud account \n", domain)
-		mz = &gdns.ManagedZone{
-			DnsName:     domain + ".",
-			Name:        "zone-" + strings.Replace(domain, ".", "-", -1),
-			Description: "zone added by dnscontrol",
-		}
+	printer.Printf("Adding zone for %s to gcloud account ", domain)
+	mz = &gdns.ManagedZone{
+		DnsName:     domain + ".",
+		Name:        "zone-" + strings.Replace(domain, ".", "-", -1),
+		Description: "zone added by dnscontrol",
 	}
-	g.zones = nil // reset cache
-	_, err = g.client.ManagedZones.Create(g.project, mz).Do()
+	if g.nameServerSet != nil {
+		mz.NameServerSet = *g.nameServerSet
+		printer.Printf("with name_server_set %s ", *g.nameServerSet)
+	}
+	if len(g.Visibility) != 0 {
+		mz.Visibility = g.Visibility
+		printer.Printf("with %s visibility ", g.Visibility)
+		// prevent possible GCP resource name conflicts when split horizon can be properly implemented
+		mz.Name = strings.Replace(mz.Name, "zone-", "zone-"+g.Visibility+"-", 1)
+	}
+	if g.Networks != nil {
+		mzn := make([]*gdns.ManagedZonePrivateVisibilityConfigNetwork, len(g.Networks))
+		printer.Printf("for network(s) ")
+		for _, v := range g.Networks {
+			printer.Printf("%s ", v)
+			mzn = append(mzn, &gdns.ManagedZonePrivateVisibilityConfigNetwork{NetworkUrl: v})
+		}
+		mz.PrivateVisibilityConfig = &gdns.ManagedZonePrivateVisibilityConfig{Networks: mzn}
+	}
+	printer.Printf("\n")
+	g.zones[domain+"."], err = g.client.ManagedZones.Create(g.project, mz).Do()
 	return err
 }
 
@@ -383,7 +507,7 @@ const maxBackoff = time.Minute * 3      // Maximum backoff delay
 var backoff = initialBackoff
 var backoff404 = false // Set if the last call requested a retry of a 404
 
-func retryNeeded(resp *gdns.Change, err error) bool {
+func retryNeeded(resp *googleapi.ServerResponse, err error) bool {
 	if err != nil {
 		return false // Not an error.
 	}

From d6a12bc3a0b427440d8d71a9d4d2bc95c85b6076 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 8 Aug 2023 11:41:30 -0400
Subject: [PATCH 08/79] CHORE: Fix release automation (#2498)

---
 Dockerfile | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 1d0ab6bed..24769b974 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,14 +1,14 @@
 # syntax = docker/dockerfile:1.4
 
-FROM alpine:3.18.0@sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11 as RUN
+FROM alpine:3.18.2@sha256:25fad2a32ad1f6f510e528448ae1ec69a28ef81916a004d3629874104f8a7f70 as RUN
+
 
 # Add runtime dependencies
 # - tzdata: Go time required external dependency eg: TRANSIP and possibly others
 # - ca-certificates: Needed for https to work properly
-RUN --mount=type=cache,target=/var/cache/apk \
-    apk update \
-    && apk add tzdata ca-certificates \
-    && update-ca-certificates
+RUN --mount=type=cache,target=/var/cache/apk apk update
+RUN --mount=type=cache,target=/var/cache/apk apk add --no-cache tzdata ca-certificates
+RUN --mount=type=cache,target=/var/cache/apk update-ca-certificates
 
 COPY dnscontrol /usr/local/bin/
 

From 5c44e7eef93f22778b2dddf05debd261707a1169 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 8 Aug 2023 11:42:27 -0400
Subject: [PATCH 09/79] CHORE: Update deps (#2500)

---
 go.mod |  62 ++++++++++++++--------------
 go.sum | 128 ++++++++++++++++++++++++++++-----------------------------
 2 files changed, 95 insertions(+), 95 deletions(-)

diff --git a/go.mod b/go.mod
index 56b6bfc3f..82cae1964 100644
--- a/go.mod
+++ b/go.mod
@@ -11,17 +11,17 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.18.1
-	github.com/aws/aws-sdk-go-v2/config v1.18.27
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.26
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.28.3
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.15.0
+	github.com/aws/aws-sdk-go-v2 v1.20.1
+	github.com/aws/aws-sdk-go-v2/config v1.18.33
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.32
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.29.2
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.16.2
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5
 	github.com/cloudflare/cloudflare-go v0.68.0
-	github.com/digitalocean/godo v1.99.0
+	github.com/digitalocean/godo v1.100.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.2.0
 	github.com/exoscale/egoscale v0.90.2
@@ -46,12 +46,12 @@ require (
 	github.com/robertkrimen/otto v0.2.1
 	github.com/softlayer/softlayer-go v1.1.2
 	github.com/stretchr/testify v1.8.4
-	github.com/transip/gotransip/v6 v6.20.0
+	github.com/transip/gotransip/v6 v6.21.0
 	github.com/urfave/cli/v2 v2.25.7
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/net v0.11.0
-	golang.org/x/oauth2 v0.9.0
-	google.golang.org/api v0.128.0
+	golang.org/x/net v0.14.0
+	golang.org/x/oauth2 v0.11.0
+	google.golang.org/api v0.135.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.4
 )
 
@@ -63,28 +63,28 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.19
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
-	golang.org/x/text v0.10.0
+	golang.org/x/exp v0.0.0-20230807204917-050eac23e9de
+	golang.org/x/text v0.12.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/compute v1.19.3 // indirect
+	cloud.google.com/go/compute v1.20.1 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
 	github.com/andybalholm/cascadia v1.3.1 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 // indirect
-	github.com/aws/smithy-go v1.13.5 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.13.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.21.2 // indirect
+	github.com/aws/smithy-go v1.14.1 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
@@ -101,8 +101,8 @@ require (
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/s2a-go v0.1.4 // indirect
 	github.com/google/uuid v1.3.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.4 // indirect
-	github.com/googleapis/gax-go/v2 v2.10.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/gopherjs/gopherjs v1.17.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
@@ -132,16 +132,16 @@ require (
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/crypto v0.10.0 // indirect
-	golang.org/x/mod v0.9.0 // indirect
-	golang.org/x/sync v0.2.0 // indirect
-	golang.org/x/sys v0.9.0 // indirect
+	golang.org/x/crypto v0.12.0 // indirect
+	golang.org/x/mod v0.11.0 // indirect
+	golang.org/x/sync v0.3.0 // indirect
+	golang.org/x/sys v0.11.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.7.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect
-	google.golang.org/grpc v1.55.0 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230726155614-23370e0ffb3e // indirect
+	google.golang.org/grpc v1.57.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/ini.v1 v1.66.6 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
diff --git a/go.sum b/go.sum
index 518054f05..bf1763746 100644
--- a/go.sum
+++ b/go.sum
@@ -1,7 +1,7 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/compute v1.19.3 h1:DcTwsFgGev/wV5+q8o2fzgcHOaac+DKGC91ZlvpsQds=
-cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI=
+cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg=
+cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 h1:8kDqDngH+DmVBiCtIjCFTGa7MBnsIOkF9IccInFEbjk=
@@ -35,34 +35,34 @@ github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x0
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo=
-github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/config v1.18.27 h1:Az9uLwmssTE6OGTpsFqOnaGpLnKDqNYOJzWuC6UAYzA=
-github.com/aws/aws-sdk-go-v2/config v1.18.27/go.mod h1:0My+YgmkGxeqjXZb5BYme5pc4drjTnM+x1GJ3zv42Nw=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.26 h1:qmU+yhKmOCyujmuPY7tf5MxR/RKyZrOPO3V4DobiTUk=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.26/go.mod h1:GoXt2YC8jHUBbA4jr+W3JiemnIbkXOfxSXcisUsZ3os=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 h1:LxK/bitrAr4lnh9LnIS6i7zWbCOdMsfzKFBI6LUCS0I=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 h1:A5UqQEmPaCFpedKouS4v+dHCTUo2sKqhoKO9U5kxyWo=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 h1:srIVS45eQuewqz6fKKu6ZGXaq6FuFg5NzgQBAM6g8Y4=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 h1:LWA+3kDM8ly001vJ1X1waCuLJdtTl48gwkPKWy9sosI=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35/go.mod h1:0Eg1YjxE0Bhn56lx+SHJwCzhW+2JGtizsrx+lCqrfm0=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a929RCnpVSTvLM2j/T4ls015ZhhYApbmYs15s=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.28.3 h1:nJbE4+tHd8xpM1RB1ZF0/xTJnFd/ATz42ZC35lwXx0w=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.28.3/go.mod h1:Cd4MnFoV+6fELBrgWXJ4Y09FrSkn/VjNPkOr1Yr1muU=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.15.0 h1:H7c53dt/1Wsp3fWbu5v5+XVNsThWzmxzYdyYLltWtec=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.15.0/go.mod h1:k75fR3BhOo/0umex9ICEJ+CKTA55qxvFWAlyVHTS6Qg=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 h1:nneMBM2p79PGWBQovYO/6Xnc2ryRMw3InnDJq1FHkSY=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.12/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 h1:2qTR7IFk7/0IN/adSFhYu9Xthr0zVFTgBrmPldILn80=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 h1:XFJ2Z6sNUUcAz9poj+245DMkrHE4h2j5I9/xD50RHfE=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.2/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg=
-github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
-github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/aws-sdk-go-v2 v1.20.1 h1:rZBf5DWr7YGrnlTK4kgDQGn1ltqOg5orCYb/UhOFZkg=
+github.com/aws/aws-sdk-go-v2 v1.20.1/go.mod h1:NU06lETsFm8fUC6ZjhgDpVBcGZTFQ6XM+LZWZxMI4ac=
+github.com/aws/aws-sdk-go-v2/config v1.18.33 h1:JKcw5SFxFW/rpM4mOPjv0VQ11E2kxW13F3exWOy7VZU=
+github.com/aws/aws-sdk-go-v2/config v1.18.33/go.mod h1:hXO/l9pgY3K5oZJldamP0pbZHdPqqk+4/maa7DSD3cA=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.32 h1:lIH1eKPcCY1ylR4B6PkBGRWMHO3aVenOKJHWiS4/G2w=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.32/go.mod h1:lL8U3v/Y79YRG69WlAho0OHIKUXCyFvSXaIvfo81sls=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8 h1:DK/9C+UN/X+1+Wm8pqaDksQr2tSLzq+8X1/rI/ZxKEQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8/go.mod h1:ce7BgLQfYr5hQFdy67oX2svto3ufGtm6oBvmsHScI1Q=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38 h1:c8ed/T9T2K5I+h/JzmF5tpI46+OODQ74dzmdo+QnaMg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38/go.mod h1:qggunOChCMu9ZF/UkAfhTz25+U2rLVb3ya0Ua6TTfCA=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32 h1:hNeAAymUY5gu11WrrmFb3CVIp9Dar9hbo44yzzcQpzA=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32/go.mod h1:0ZXSqrty4FtQ7p8TEuRde/SZm9X05KT18LAUlR40Ln0=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39 h1:fc0ukRAiP1syoSGZYu+DaE+FulSYhTiJ8WpVu5jElU4=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39/go.mod h1:WLAW8PT7+JhjZfLSWe7WEJaJu0GNo0cKc2Zyo003RBs=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32 h1:dGAseBFEYxth10V23b5e2mAS+tX7oVbfYHD6dnDdAsg=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32/go.mod h1:4jwAWKEkCR0anWk5+1RbfSg1R5Gzld7NLiuaq5bTR/Y=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.29.2 h1:6rbDtLVUDUBMCciu5ipjwGpGq1roAFXCVhliS2S+SAE=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.29.2/go.mod h1:rsvxuoKwhm9C5yWTqQ2zYtlb/aSkM+StNs/jcy93QQw=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.16.2 h1:+QM69OrWCsp5A6g1oQyC4Rbl9U9F0/xBvugb1N0Ha/U=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.16.2/go.mod h1:sVEjwdvFyw2UY9cvFeeWgVq4y2QEILPcmRF2glyTshM=
+github.com/aws/aws-sdk-go-v2/service/sso v1.13.2 h1:A2RlEMo4SJSwbNoUUgkxTAEMduAy/8wG3eB2b2lP4gY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.13.2/go.mod h1:ju+nNXUunfIFamXUIZQiICjnO/TPlOmWcYhZcSy7xaE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2 h1:OJELEgyaT2kmaBGZ+myyZbTTLobfe3ox3FSh5eYK9Qs=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2/go.mod h1:ubDBBaDFs1GHijSOTi8ljppML15GLG0HxhILtbjNNYQ=
+github.com/aws/aws-sdk-go-v2/service/sts v1.21.2 h1:ympg1+Lnq33XLhcK/xTG4yZHPs1Oyxu+6DEWbl7qOzA=
+github.com/aws/aws-sdk-go-v2/service/sts v1.21.2/go.mod h1:FQ/DQcOfESELfJi5ED+IPPAjI5xC6nxtSolVVB773jM=
+github.com/aws/smithy-go v1.14.1 h1:EFKMUmH/iHMqLiwoEDx2rRjRQpI1YCn5jTysoaDujFs=
+github.com/aws/smithy-go v1.14.1/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
@@ -103,8 +103,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.99.0 h1:gUHO7n9bDaZFWvbzOum4bXE0/09ZuYA9yA8idQHX57E=
-github.com/digitalocean/godo v1.99.0/go.mod h1:SsS2oXo2rznfM/nORlZ/6JaUJZFhmKTib1YhopUc8NA=
+github.com/digitalocean/godo v1.100.0 h1:3MuDCh9Hw0MCBwV8GbHBiGrKZXCZ+VJfAY8iNCW+Mks=
+github.com/digitalocean/godo v1.100.0/go.mod h1:SsS2oXo2rznfM/nORlZ/6JaUJZFhmKTib1YhopUc8NA=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
@@ -202,10 +202,10 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.4 h1:uGy6JWR/uMIILU8wbf+OkstIrNiMjGpEIyhx8f6W7s4=
-github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
-github.com/googleapis/gax-go/v2 v2.10.0 h1:ebSgKfMxynOdxw8QQuFOKMgomqeLGPqNLQox2bo42zg=
-github.com/googleapis/gax-go/v2 v2.10.0/go.mod h1:4UOEnMCrxsSqQ940WnTiD6qJ63le2ev3xfyagutxiPw=
+github.com/googleapis/enterprise-certificate-proxy v0.2.5 h1:UR4rDjcgpgEnqpIEvkiqTYKBCKLNmlge2eVjoZfySzM=
+github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w=
+github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
+github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v1.17.2 h1:fQnZVsXk8uxXIStYb0N4bGk7jeyTalG/wsZjQ25dO0g=
 github.com/gopherjs/gopherjs v1.17.2/go.mod h1:pRRIvn/QzFLrKfvEz3qUuEhtE/zLCWfreZ6J5gM2i+k=
@@ -410,8 +410,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/transip/gotransip/v6 v6.20.0 h1:AuvwyOZ51f2brzMbTqlRy/wmaM3kF7Vx5Wds8xcDflY=
-github.com/transip/gotransip/v6 v6.20.0/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgsMwIn2c0EZLk8c=
+github.com/transip/gotransip/v6 v6.21.0 h1:UIcO7uxhSuMbBjte960ypm/mZqqntuHo44Qk08RLzqM=
+github.com/transip/gotransip/v6 v6.21.0/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgsMwIn2c0EZLk8c=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
@@ -445,19 +445,19 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
-golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
+golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
+golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
-golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
+golang.org/x/exp v0.0.0-20230807204917-050eac23e9de h1:l5Za6utMv/HsBWWqzt4S8X17j+kt1uVETUX5UFhn2rE=
+golang.org/x/exp v0.0.0-20230807204917-050eac23e9de/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs=
-golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
+golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180406214816-61147c48b25b/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -477,12 +477,12 @@ golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU=
-golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
+golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
+golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.9.0 h1:BPpt2kU7oMRq3kCHAA1tbSEshXRw1LpG2ztgDwrzuAs=
-golang.org/x/oauth2 v0.9.0/go.mod h1:qYgFZaFiu6Wg24azG8bdV52QJXJGbZzIIsRCdVKzbLw=
+golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU=
+golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -490,8 +490,8 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
-golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -515,8 +515,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
-golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -528,8 +528,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58=
-golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
+golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
@@ -550,8 +550,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.128.0 h1:RjPESny5CnQRn9V6siglged+DZCgfu9l6mO9dkX9VOg=
-google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750=
+google.golang.org/api v0.135.0 h1:6Vgfj6uPMXcyy66waYWBwmkeNB+9GmUlJDOzkukPQYQ=
+google.golang.org/api v0.135.0/go.mod h1:Bp77uRFgwsSKI0BWH573F5Q6wSlznwI2NFayLOp/7mQ=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
@@ -560,10 +560,10 @@ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoA
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc h1:8DyZCyvI8mE1IdLy/60bS+52xfymkE72wv1asokgtao=
-google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc h1:kVKPf/IiYSBWEWtkIn6wZXwWGCnLKcC8oWfZvXjsGnM=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
+google.golang.org/genproto v0.0.0-20230706204954-ccb25ca9f130 h1:Au6te5hbKUV8pIYWHqOUZ1pva5qK/rwbIhoXEUB9Lu8=
+google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 h1:XVeBY8d/FaK4848myy41HBqnDwvxeV3zMZhwN1TvAMU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230726155614-23370e0ffb3e h1:S83+ibolgyZ0bqz7KEsUOPErxcv4VzlszxY+31OfB/E=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@@ -572,8 +572,8 @@ google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTp
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
-google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag=
-google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
+google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw=
+google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -586,8 +586,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20160105164936-4f90aeace3a2/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

From 59cbb73a9f01fdf3beb24394e7c292965ab489f7 Mon Sep 17 00:00:00 2001
From: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
Date: Tue, 8 Aug 2023 17:55:16 +0200
Subject: [PATCH 10/79] OVH: Add DMARC support (#2485)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 go.mod                       | 2 +-
 go.sum                       | 4 ++--
 providers/ovh/ovhProvider.go | 4 ++--
 providers/ovh/protocol.go    | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 82cae1964..9f6006044 100644
--- a/go.mod
+++ b/go.mod
@@ -137,7 +137,7 @@ require (
 	golang.org/x/sync v0.3.0 // indirect
 	golang.org/x/sys v0.11.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.7.0 // indirect
+	golang.org/x/tools v0.11.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230726155614-23370e0ffb3e // indirect
 	google.golang.org/grpc v1.57.0 // indirect
diff --git a/go.sum b/go.sum
index bf1763746..d2ebf1b8e 100644
--- a/go.sum
+++ b/go.sum
@@ -544,8 +544,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=
-golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s=
+golang.org/x/tools v0.11.0 h1:EMCa6U9S2LtZXLAMoWiR/R8dAQFRqbAitmbJ2UKhoi8=
+golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/providers/ovh/ovhProvider.go b/providers/ovh/ovhProvider.go
index a5d74f8ed..ba18f800a 100644
--- a/providers/ovh/ovhProvider.go
+++ b/providers/ovh/ovhProvider.go
@@ -227,8 +227,8 @@ func nativeToRecord(r *Record, origin string) (*models.RecordConfig, error) {
 
 	rtype := r.FieldType
 
-	// ovh uses a custom type for SPF and DKIM
-	if rtype == "SPF" || rtype == "DKIM" {
+	// ovh uses a custom type for SPF, DKIM and DMARC
+	if rtype == "SPF" || rtype == "DKIM" || rtype == "DMARC" {
 		rtype = "TXT"
 	}
 
diff --git a/providers/ovh/protocol.go b/providers/ovh/protocol.go
index 71691bcf9..4d67c72b6 100644
--- a/providers/ovh/protocol.go
+++ b/providers/ovh/protocol.go
@@ -143,7 +143,7 @@ func (c *ovhProvider) updateRecordFunc(old *Record, rc *models.RecordConfig, fqd
 		if c.isDKIMRecord(rc) {
 			// When DKIM value is longer than 255, the MODIFY fails with "Try to alter read-only properties: fieldType"
 			// Setting FieldType to empty string results in the property not being altered, hence error does not occur.
-			record.FieldType = ""
+			record.FieldType = "DKIM"
 		}
 		err := c.client.CallAPI("PUT", fmt.Sprintf("/domain/zone/%s/record/%d", fqdn, old.ID), &record, &Void{}, true)
 

From 1d9646d4ff2f9ca7313cb558674d6c5d2ad54f9b Mon Sep 17 00:00:00 2001
From: asn-iac <134323752+asn-iac@users.noreply.github.com>
Date: Tue, 8 Aug 2023 09:02:49 -0700
Subject: [PATCH 11/79] Adjust Error message formatting for preview/push
 (#2477)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 commands/previewPush.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/commands/previewPush.go b/commands/previewPush.go
index e40610d24..c1915deac 100644
--- a/commands/previewPush.go
+++ b/commands/previewPush.go
@@ -181,7 +181,7 @@ func run(args PreviewArgs, push bool, interactive bool, out printer.CLI) error {
 					if lister, ok := provider.Driver.(providers.ZoneLister); ok && !push {
 						zones, err := lister.ListZones()
 						if err != nil {
-							out.Errorf("ERROR: %s", err.Error())
+							out.Errorf("ERROR: %s\n", err.Error())
 							return
 						}
 						aceZoneName, _ := idna.ToASCII(domain.Name)
@@ -208,7 +208,7 @@ func run(args PreviewArgs, push bool, interactive bool, out printer.CLI) error {
 
 			nsList, err := nameservers.DetermineNameserversForProviders(domain, providersWithExistingZone)
 			if err != nil {
-				out.Errorf("ERROR: %s", err.Error())
+				out.Errorf("ERROR: %s\n", err.Error())
 				return
 			}
 			domain.Nameservers = nsList

From 38b0be5d3fa0e63b3a84e9fc81eaffc4c2e0f2d9 Mon Sep 17 00:00:00 2001
From: Jed Fox <git@jedfox.com>
Date: Tue, 15 Aug 2023 14:45:31 -0700
Subject: [PATCH 12/79] Fix types for SPF_BUILDER (#2487)

Co-authored-by: str4d <4993799+str4d@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 build/generate/functionTypes.go               |    5 +
 commands/types/dnscontrol.d.ts                | 2128 ++++++++---------
 .../{record => domain}/SPF_BUILDER.md         |    4 +-
 3 files changed, 1071 insertions(+), 1066 deletions(-)
 rename documentation/functions/{record => domain}/SPF_BUILDER.md (99%)

diff --git a/build/generate/functionTypes.go b/build/generate/functionTypes.go
index 498fa7584..62b2d68a8 100644
--- a/build/generate/functionTypes.go
+++ b/build/generate/functionTypes.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 	"regexp"
+	"sort"
 	"strings"
 
 	"golang.org/x/text/cases"
@@ -187,6 +188,10 @@ func generateFunctionTypes() (string, error) {
 		}
 	}
 
+	sort.Slice(funcs, func(i, j int) bool {
+		return funcs[i].Name < funcs[j].Name
+	})
+
 	content := ""
 	for _, f := range funcs {
 		content += f.String()
diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 5f18095b9..e19bce20c 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -369,6 +369,50 @@ declare function AZURE_ALIAS(name: string, type: "A" | "AAAA" | "CNAME", target:
  */
 declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value: string, ...modifiers: RecordModifier[]): DomainModifier;
 
+/**
+ * DNSControl contains a `CAA_BUILDER` which can be used to simply create
+ * [`CAA()`](../domain/CAA.md) records for your domains. Instead of creating each [`CAA()`](../domain/CAA.md) record
+ * individually, you can simply configure your report mail address, the
+ * authorized certificate authorities and the builder cares about the rest.
+ *
+ * ## Example
+ *
+ * For example you can use:
+ *
+ * ```javascript
+ * CAA_BUILDER({
+ *   label: "@",
+ *   iodef: "mailto:test@example.com",
+ *   iodef_critical: true,
+ *   issue: [
+ *     "letsencrypt.org",
+ *     "comodoca.com",
+ *   ],
+ *   issuewild: "none",
+ * })
+ * ```
+ *
+ * The parameters are:
+ *
+ * * `label:` The label of the CAA record. (Optional. Default: `"@"`)
+ * * `iodef:` Report all violation to configured mail address.
+ * * `iodef_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
+ * * `issue:` An array of CAs which are allowed to issue certificates. (Use `"none"` to refuse all CAs)
+ * * `issuewild:` An array of CAs which are allowed to issue wildcard certificates. (Can be simply `"none"` to refuse issuing wildcard certificates for all CAs)
+ *
+ * `CAA_BUILDER()` returns multiple records (when configured as example above):
+ *
+ * ```javascript
+ * CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
+ * CAA("@", "issue", "letsencrypt.org")
+ * CAA("@", "issue", "comodoca.com")
+ * CAA("@", "issuewild", ";")
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/record-modifiers/caa_builder
+ */
+declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critical?: boolean; issue: string[]; issuewild: string }): RecordModifier;
+
 /**
  * `CF_REDIRECT` uses Cloudflare-specific features ("Forwarding URL" Page Rules) to
  * generate a HTTP 301 permanent redirect.
@@ -475,6 +519,129 @@ declare function CLOUDNS_WR(name: string, target: string, ...modifiers: RecordMo
  */
 declare function CNAME(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
 
+/**
+ * `D` adds a new Domain for DNSControl to manage. The first two arguments are required: the domain name (fully qualified `example.com` without a trailing dot), and the
+ * name of the registrar (as previously declared with [NewRegistrar](NewRegistrar.md)). Any number of additional arguments may be included to add DNS Providers with [DNSProvider](NewDnsProvider.md),
+ * add records with [A](../domain/A.md), [CNAME](../domain/CNAME.md), and so forth, or add metadata.
+ *
+ * Modifier arguments are processed according to type as follows:
+ *
+ * - A function argument will be called with the domain object as it's only argument. Most of the [built-in modifier functions](https://docs.dnscontrol.org/language-reference/domain-modifiers) return such functions.
+ * - An object argument will be merged into the domain's metadata collection.
+ * - An array argument will have all of it's members evaluated recursively. This allows you to combine multiple common records or modifiers into a variable that can
+ *    be used like a macro in multiple domains.
+ *
+ * ```javascript
+ * // simple domain
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   A("@","1.2.3.4"),
+ *   CNAME("test", "foo.example2.com.")
+ * );
+ *
+ * // "macro" for records that can be mixed into any zone
+ * var GOOGLE_APPS_DOMAIN_MX = [
+ *     MX("@", 1, "aspmx.l.google.com."),
+ *     MX("@", 5, "alt1.aspmx.l.google.com."),
+ *     MX("@", 5, "alt2.aspmx.l.google.com."),
+ *     MX("@", 10, "alt3.aspmx.l.google.com."),
+ *     MX("@", 10, "alt4.aspmx.l.google.com."),
+ * ]
+ *
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   A("@","1.2.3.4"),
+ *   CNAME("test", "foo.example2.com."),
+ *   GOOGLE_APPS_DOMAIN_MX
+ * );
+ * ```
+ *
+ * # Split Horizon DNS
+ *
+ * DNSControl supports Split Horizon DNS. Simply
+ * define the domain two or more times, each with
+ * their own unique parameters.
+ *
+ * To differentiate the different domains, specify the domains as
+ * `domain.tld!tag`, such as `example.com!inside` and
+ * `example.com!outside`.
+ *
+ * ```javascript
+ * var REG_THIRDPARTY = NewRegistrar("ThirdParty");
+ * var DNS_INSIDE = NewDnsProvider("Cloudflare");
+ * var DNS_OUTSIDE = NewDnsProvider("bind");
+ *
+ * D("example.com!inside", REG_THIRDPARTY, DnsProvider(DNS_INSIDE),
+ *   A("www", "10.10.10.10")
+ * );
+ *
+ * D("example.com!outside", REG_THIRDPARTY, DnsProvider(DNS_OUTSIDE),
+ *   A("www", "20.20.20.20")
+ * );
+ *
+ * D_EXTEND("example.com!inside",
+ *   A("internal", "10.99.99.99")
+ * );
+ * ```
+ *
+ * A domain name without a `!` is assigned a tag that is the empty
+ * string. For example, `example.com` and `example.com!` are equivalent.
+ * However, we strongly recommend against using the empty tag, as it
+ * risks creating confusion.  In other words, if you have `domain.tld`
+ * and `domain.tld!external` you now require humans to remember that
+ * `domain.tld` is the external one.  I mean... the internal one.  You
+ * may have noticed this mistake, but will your coworkers?  Will you in
+ * six months? You get the idea.
+ *
+ * DNSControl command line flag `--domains` matches the full name (with the "!").  If you
+ * define domains `example.com!george` and `example.com!john` then:
+ *
+ * * `--domains=example.com` will not match either domain.
+ * * `--domains='example.com!george'` will match only match the first.
+ * * `--domains='example.com!george",example.com!john` will match both.
+ *
+ * NOTE: The quotes are required if your shell treats `!` as a special
+ * character, which is probably does.  If you see an error that mentions
+ * `event not found` you probably forgot the quotes.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/d
+ */
+declare function D(name: string, registrar: string, ...modifiers: DomainModifier[]): void;
+
+/**
+ * `DEFAULTS` allows you to declare a set of default arguments to apply to all subsequent domains. Subsequent calls to [`D`](D.md) will have these
+ * arguments passed as if they were the first modifiers in the argument list.
+ *
+ * ## Example
+ *
+ * We want to create backup zone files for all domains, but not actually register them. Also create a [`DefaultTTL`](../domain/DefaultTTL.md).
+ * The domain `example.com` will have the defaults set.
+ *
+ * ```javascript
+ * var COMMON = NewDnsProvider("foo");
+ * DEFAULTS(
+ *   DnsProvider(COMMON, 0),
+ *   DefaultTTL("1d")
+ * );
+ *
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   A("@","1.2.3.4")
+ * );
+ * ```
+ *
+ * If you want to clear the defaults, you can do the following.
+ * The domain `example2.com` will **not** have the defaults set.
+ *
+ * ```javascript
+ * DEFAULTS();
+ *
+ * D("example2.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   A("@","1.2.3.4")
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/defaults
+ */
+declare function DEFAULTS(...modifiers: DomainModifier[]): void;
+
 /**
  * `DISABLE_IGNORE_SAFETY_CHECK()` disables the safety check. Normally it is an
  * error to insert records that match an `IGNORE()` pattern. This disables that
@@ -500,6 +667,163 @@ declare function CNAME(name: string, target: string, ...modifiers: RecordModifie
  */
 declare const DISABLE_IGNORE_SAFETY_CHECK: DomainModifier;
 
+/**
+ * DNSControl contains a `DMARC_BUILDER` which can be used to simply create
+ * DMARC policies for your domains.
+ *
+ * ## Example
+ *
+ * ### Simple example
+ *
+ * ```javascript
+ * DMARC_BUILDER({
+ *   policy: "reject",
+ *   ruf: [
+ *     "mailto:mailauth-reports@example.com",
+ *   ],
+ * })
+ * ```
+ *
+ * This yield the following record:
+ *
+ * ```text
+ * @   IN  TXT "v=DMARC1; p=reject; ruf=mailto:mailauth-reports@example.com"
+ * ```
+ *
+ * ### Advanced example
+ *
+ * ```javascript
+ * DMARC_BUILDER({
+ *   policy: "reject",
+ *   subdomainPolicy: "quarantine",
+ *   percent: 50,
+ *   alignmentSPF: "r",
+ *   alignmentDKIM: "strict",
+ *   rua: [
+ *     "mailto:mailauth-reports@example.com",
+ *     "https://dmarc.example.com/submit",
+ *   ],
+ *   ruf: [
+ *     "mailto:mailauth-reports@example.com",
+ *   ],
+ *   failureOptions: "1",
+ *   reportInterval: "1h",
+ * });
+ * ```
+ *
+ * ```javascript
+ * DMARC_BUILDER({
+ *   label: "insecure",
+ *   policy: "none",
+ *   ruf: [
+ *     "mailto:mailauth-reports@example.com",
+ *   ],
+ *   failureOptions: {
+ *       SPF: false,
+ *       DKIM: true,
+ *   },
+ * });
+ * ```
+ *
+ * This yields the following records:
+ *
+ * ```text
+ * @           IN  TXT "v=DMARC1; p=reject; sp=quarantine; adkim=s; aspf=r; pct=50; rua=mailto:mailauth-reports@example.com,https://dmarc.example.com/submit; ruf=mailto:mailauth-reports@example.com; fo=1; ri=3600"
+ * insecure    IN  TXT "v=DMARC1; p=none; ruf=mailto:mailauth-reports@example.com; fo=d"
+ * ```
+ *
+ * ### Parameters
+ *
+ * * `label:` The DNS label for the DMARC record (`_dmarc` prefix is added, default: `"@"`)
+ * * `version:` The DMARC version to be used (default: `DMARC1`)
+ * * `policy:` The DMARC policy (`p=`), must be one of `"none"`, `"quarantine"`, `"reject"`
+ * * `subdomainPolicy:` The DMARC policy for subdomains (`sp=`), must be one of `"none"`, `"quarantine"`, `"reject"` (optional)
+ * * `alignmentSPF:` `"strict"`/`"s"` or `"relaxed"`/`"r"` alignment for SPF (`aspf=`, default: `"r"`)
+ * * `alignmentDKIM:` `"strict"`/`"s"` or `"relaxed"`/`"r"` alignment for DKIM (`adkim=`, default: `"r"`)
+ * * `percent:` Number between `0` and `100`, percentage for which policies are applied (`pct=`, default: `100`)
+ * * `rua:` Array of aggregate report targets (optional)
+ * * `ruf:` Array of failure report targets (optional)
+ * * `failureOptions:` Object or string; Object containing booleans `SPF` and `DKIM`, string is passed raw (`fo=`, default: `"0"`)
+ * * `failureFormat:` Format in which failure reports are requested (`rf=`, default: `"afrf"`)
+ * * `reportInterval:` Interval in which reports are requested (`ri=`)
+ * * `ttl:` Input for `TTL` method (optional)
+ *
+ * ### Caveats
+ *
+ * * TXT records are automatically split using `AUTOSPLIT`.
+ * * URIs in the `rua` and `ruf` arrays are passed raw. You must percent-encode all commas and exclamation points in the URI itself.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/record-modifiers/dmarc_builder
+ */
+declare function DMARC_BUILDER(opts: { label?: string; version?: string; policy: 'none' | 'quarantine' | 'reject'; subdomainPolicy?: 'none' | 'quarantine' | 'reject'; alignmentSPF?: 'strict' | 's' | 'relaxed' | 'r'; alignmentDKIM?: 'strict' | 's' | 'relaxed' | 'r'; percent?: number; rua?: string[]; ruf?: string[]; failureOptions?: { SPF: boolean, DKIM: boolean } | string; failureFormat?: string; reportInterval?: Duration; ttl?: Duration }): RecordModifier;
+
+/**
+ * `DOMAIN_ELSEWHERE()` is a helper macro that lets you easily indicate that
+ * a domain's zones are managed elsewhere. That is, it permits you easily delegate
+ * a domain to a hard-coded list of DNS servers.
+ *
+ * `DOMAIN_ELSEWHERE` is useful when you control a domain's registrar but not the
+ * DNS servers. For example, suppose you own a domain but the DNS servers are run
+ * by someone else, perhaps a SaaS product you've subscribed to or a DNS server
+ * that is run by your brother-in-law who doesn't trust you with the API keys that
+ * would let you maintain the domain using DNSControl. You need an easy way to
+ * point (delegate) the domain at a specific list of DNS servers.
+ *
+ * For example these two statements are equivalent:
+ *
+ * ```javascript
+ * DOMAIN_ELSEWHERE("example.com", REG_MY_PROVIDER, ["ns1.foo.com", "ns2.foo.com"]);
+ * ```
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *     NO_PURGE,
+ *     NAMESERVER("ns1.foo.com"),
+ *     NAMESERVER("ns2.foo.com")
+ * );
+ * ```
+ *
+ * NOTE: The [`NO_PURGE`](../domain/NO_PURGE.md) is used out of abundance of caution but since no
+ * `DnsProvider()` statements exist, no updates would be performed.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/domain_elsewhere
+ */
+declare function DOMAIN_ELSEWHERE(name: string, registrar: string, nameserver_names: string[]): void;
+
+/**
+ * `DOMAIN_ELSEWHERE_AUTO()` is similar to `DOMAIN_ELSEWHERE()` but instead of
+ * a hardcoded list of nameservers, a DnsProvider() is queried.
+ *
+ * `DOMAIN_ELSEWHERE_AUTO` is useful when you control a domain's registrar but the
+ * DNS zones are managed by another system. Luckily you have enough access to that
+ * other system that you can query it to determine the zone's nameservers.
+ *
+ * For example, suppose you own a domain but the DNS servers for it are in Azure.
+ * Further suppose that something in Azure maintains the zones (automatic or
+ * human). Azure picks the nameservers for the domains automatically, and that
+ * list may change occasionally.  `DOMAIN_ELSEWHERE_AUTO` allows you to easily
+ * query Azure to determine the domain's delegations so that you do not need to
+ * hard-code them in your dnsconfig.js file.
+ *
+ * For example these two statements are equivalent:
+ *
+ * ```javascript
+ * DOMAIN_ELSEWHERE_AUTO("example.com", REG_NAMEDOTCOM, DSP_AZURE);
+ * ```
+ *
+ * ```javascript
+ * D("example.com", REG_NAMEDOTCOM,
+ *     NO_PURGE,
+ *     DnsProvider(DSP_AZURE)
+ * );
+ * ```
+ *
+ * NOTE: The [`NO_PURGE`](../domain/NO_PURGE.md) is used to prevent DNSControl from changing the records.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/domain_elsewhere_auto
+ */
+declare function DOMAIN_ELSEWHERE_AUTO(name: string, domain: string, registrar: string, dnsProvider: string): void;
+
 /**
  * DS adds a DS record to the domain.
  *
@@ -521,6 +845,89 @@ declare const DISABLE_IGNORE_SAFETY_CHECK: DomainModifier;
  */
 declare function DS(name: string, keytag: number, algorithm: number, digesttype: number, digest: string, ...modifiers: RecordModifier[]): DomainModifier;
 
+/**
+ * `D_EXTEND` adds records (and metadata) to a domain previously defined
+ * by [`D()`](D.md). It can also be used to add subdomain records (and metadata)
+ * to a previously defined domain.
+ *
+ * The first argument is a domain name. If it exactly matches a
+ * previously defined domain, `D_EXTEND()` behaves the same as [`D()`](D.md),
+ * simply adding records as if they had been specified in the original
+ * [`D()`](D.md).
+ *
+ * If the domain name does not match an existing domain, but could be a
+ * (non-delegated) subdomain of an existing domain, the new records (and
+ * metadata) are added with the subdomain part appended to all record
+ * names (labels), and targets (as appropriate). See the examples below.
+ *
+ * Matching the domain name to previously-defined domains is done using a
+ * `longest match` algorithm.  If `domain.tld` and `sub.domain.tld` are
+ * defined as separate domains via separate [`D()`](D.md) statements, then
+ * `D_EXTEND("sub.sub.domain.tld", ...)` would match `sub.domain.tld`,
+ * not `domain.tld`.
+ *
+ * Some operators only act on an apex domain (e.g.
+ * [`CF_REDIRECT`](../domain/CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](../domain/CF_TEMP_REDIRECT.md)). Using them
+ * in a `D_EXTEND` subdomain may not be what you expect.
+ *
+ * ```javascript
+ * D("domain.tld", REG_MY_PROVIDER, DnsProvider(DNS),
+ *   A("@", "127.0.0.1"), // domain.tld
+ *   A("www", "127.0.0.2"), // www.domain.tld
+ *   CNAME("a", "b") // a.domain.tld -> b.domain.tld
+ * );
+ * D_EXTEND("domain.tld",
+ *   A("aaa", "127.0.0.3"), // aaa.domain.tld
+ *   CNAME("c", "d") // c.domain.tld -> d.domain.tld
+ * );
+ * D_EXTEND("sub.domain.tld",
+ *   A("bbb", "127.0.0.4"), // bbb.sub.domain.tld
+ *   A("ccc", "127.0.0.5"), // ccc.sub.domain.tld
+ *   CNAME("e", "f") // e.sub.domain.tld -> f.sub.domain.tld
+ * );
+ * D_EXTEND("sub.sub.domain.tld",
+ *   A("ddd", "127.0.0.6"), // ddd.sub.sub.domain.tld
+ *   CNAME("g", "h") // g.sub.sub.domain.tld -> h.sub.sub.domain.tld
+ * );
+ * D_EXTEND("sub.domain.tld",
+ *   A("@", "127.0.0.7"), // sub.domain.tld
+ *   CNAME("i", "j") // i.sub.domain.tld -> j.sub.domain.tld
+ * );
+ * ```
+ *
+ * This will end up in the following modifications: (This output assumes the `--full` flag)
+ *
+ * ```text
+ * ******************** Domain: domain.tld
+ * ----- Getting nameservers from: cloudflare
+ * ----- DNS Provider: cloudflare...7 corrections
+ * #1: CREATE A aaa.domain.tld 127.0.0.3
+ * #2: CREATE A bbb.sub.domain.tld 127.0.0.4
+ * #3: CREATE A ccc.sub.domain.tld 127.0.0.5
+ * #4: CREATE A ddd.sub.sub.domain.tld 127.0.0.6
+ * #5: CREATE A sub.domain.tld 127.0.0.7
+ * #6: CREATE A www.domain.tld 127.0.0.2
+ * #7: CREATE A domain.tld 127.0.0.1
+ * #8: CREATE CNAME a.domain.tld b.domain.tld.
+ * #9: CREATE CNAME c.domain.tld d.domain.tld.
+ * #10: CREATE CNAME e.sub.domain.tld f.sub.domain.tld.
+ * #11: CREATE CNAME g.sub.sub.domain.tld h.sub.sub.domain.tld.
+ * #12: CREATE CNAME i.sub.domain.tld j.sub.domain.tld.
+ * ```
+ *
+ * ProTips: `D_EXTEND()` permits you to create very complex and
+ * sophisticated configurations, but you shouldn't. Be nice to the next
+ * person that edits the file, who may not be as expert as yourself.
+ * Enhance readability by putting any `D_EXTEND()` statements immediately
+ * after the original [`D()`](D.md), like in above example.  Avoid the temptation
+ * to obscure the addition of records to existing domains with randomly
+ * placed `D_EXTEND()` statements. Don't build up a domain using loops of
+ * `D_EXTEND()` statements. You'll be glad you didn't.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/d_extend
+ */
+declare function D_EXTEND(name: string, ...modifiers: DomainModifier[]): void;
+
 /**
  * DefaultTTL sets the TTL for all subsequent records following it in a domain that do not explicitly set one with [`TTL`](../record/TTL.md). If neither `DefaultTTL` or `TTL` exist for a record,
  * the record will inherit the DNSControl global internal default of 300 seconds. See also [`DEFAULTS`](../global/DEFAULTS.md) to override the internal defaults.
@@ -983,6 +1390,30 @@ declare function IGNORE_TARGET(pattern: string, rType: string): DomainModifier;
  */
 declare function INCLUDE(domain: string): DomainModifier;
 
+/**
+ * Converts an IPv4 address from string to an integer. This allows performing mathematical operations with the IP address.
+ *
+ * ```javascript
+ * var addrA = IP("1.2.3.4")
+ * var addrB = addrA + 1
+ * // addrB = 1.2.3.5
+ * ```
+ *
+ * NOTE: `IP()` does not accept IPv6 addresses (PRs gladly accepted!). IPv6 addresses are simply strings:
+ *
+ * ```javascript
+ * // IPv4 Var
+ * var addrA1 = IP("1.2.3.4");
+ * var addrA2 = "1.2.3.4";
+ *
+ * // IPv6 Var
+ * var addrAAAA = "0:0:0:0:0:0:0:0";
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/ip
+ */
+declare function IP(ip: string): number;
+
 /**
  * The parameter number types are as follows:
  *
@@ -1075,6 +1506,247 @@ declare function INCLUDE(domain: string): DomainModifier;
  */
 declare function LOC(deg1: number, min1: number, sec1: number, deg2: number, min2: number, sec2: number, altitude: number, size: number, horizontal_precision: number, vertical_precision: number): DomainModifier;
 
+/**
+ * `LOC_BUILDER_DD({})` actually takes an object with the following properties:
+ *
+ *   - label (optional, defaults to `@`)
+ *   - x (float32)
+ *   - y (float32)
+ *   - alt (float32, optional)
+ *   - ttl (optional)
+ *
+ * A helper to build [`LOC`](../domain/LOC.md) records. Supply four parameters instead of 12.
+ *
+ * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
+ *
+ * The cartesian coordinates are decimal degrees, like you typically find in e.g. Google Maps.
+ *
+ * Examples.
+ *
+ * Big Ben:
+ * `51.50084265331501, -0.12462541415599787`
+ *
+ * The White House:
+ * `38.89775977858357, -77.03655125982903`
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *     LOC_BUILDER_DD({
+ *     label: "big-ben",
+ *     x: 51.50084265331501,
+ *     y: -0.12462541415599787,
+ *     alt: 6,
+ *   })
+ *   , LOC_BUILDER_DD({
+ *     label: "white-house",
+ *     x: 38.89775977858357,
+ *     y: -77.03655125982903,
+ *     alt: 19,
+ *   })
+ *   , LOC_BUILDER_DD({
+ *     label: "white-house-ttl",
+ *     x: 38.89775977858357,
+ *     y: -77.03655125982903,
+ *     alt: 19,
+ *     ttl: "5m",
+ *   })
+ * );
+ *
+ * ```
+ *
+ * Part of the series:
+ *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
+ *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
+ *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *
+ * @see https://docs.dnscontrol.org/language-reference/record-modifiers/loc_builder_dd
+ */
+declare function LOC_BUILDER_DD(opts: { label?: string; x: number; y: number; alt?: number; ttl?: Duration }): RecordModifier;
+
+/**
+ * `LOC_BUILDER_DMM({})` actually takes an object with the following properties:
+ *
+ *   - label (string, optional, defaults to `@`)
+ *   - str (string)
+ *   - alt (float32, optional)
+ *   - ttl (optional)
+ *
+ * A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
+ *
+ * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
+ *
+ * Accepts a string with decimal minutes (DMM) coordinates in the form: 25.24°S 153.15°E
+ *
+ * Note that the following are acceptable forms (symbols differ):
+ * * `25.24°S 153.15°E`
+ * * `25.24 S 153.15 E`
+ * * `25.24° S 153.15° E`
+ * * `25.24S 153.15E`
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   LOC_BUILDER_STR({
+ *     label: "tasmania",
+ *     str: "42°S 147°E",
+ *     alt: 3,
+ *   })
+ * );
+ *
+ * ```
+ *
+ * Part of the series:
+ *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
+ *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
+ *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *
+ * @see https://docs.dnscontrol.org/language-reference/record-modifiers/loc_builder_dmm_str
+ */
+declare function LOC_BUILDER_DMM_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): RecordModifier;
+
+/**
+ * `LOC_BUILDER_DMS_STR({})` actually takes an object with the following properties:
+ *
+ *   - label (string, optional, defaults to `@`)
+ *   - str (string)
+ *   - alt (float32, optional)
+ *   - ttl (optional)
+ *
+ * A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
+ *
+ * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
+ *
+ * Accepts a string with degrees, minutes, and seconds (DMS) coordinates in the form: 41°24'12.2"N 2°10'26.5"E
+ *
+ * Note that the following are acceptable forms (symbols differ):
+ * * `33°51′31″S 151°12′51″E`
+ * * `33°51'31"S 151°12'51"E`
+ * * `33d51m31sS 151d12m51sE`
+ * * `33d51m31s S 151d12m51s E`
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   LOC_BUILDER_DMS_STR({
+ *     label: "sydney-opera-house",
+ *     str: "33°51′31″S 151°12′51″E",
+ *     alt: 4,
+ *     ttl: "5m",
+ *   })
+ * );
+ *
+ * ```
+ *
+ * Part of the series:
+ *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
+ *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
+ *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *
+ * @see https://docs.dnscontrol.org/language-reference/record-modifiers/loc_builder_dms_str
+ */
+declare function LOC_BUILDER_DMS_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): RecordModifier;
+
+/**
+ * `LOC_BUILDER_STR({})` actually takes an object with the following: properties.
+ *
+ *   - label (optional, defaults to `@`)
+ *   - str (string)
+ *   - alt (float32, optional)
+ *   - ttl (optional)
+ *
+ * A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
+ *
+ * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
+ *
+ * Accepts a string and tries all `LOC_BUILDER_DM*_STR({})` methods:
+ *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   , LOC_BUILDER_STR({
+ *     label: "old-faithful",
+ *     str: "44.46046°N 110.82815°W",
+ *     alt: 2240,
+ *   })
+ *   , LOC_BUILDER_STR({
+ *     label: "ribblehead-viaduct",
+ *     str: "54.210436°N 2.370231°W",
+ *     alt: 300,
+ *   })
+ *   , LOC_BUILDER_STR({
+ *     label: "guinness-brewery",
+ *     str: "53°20′40″N 6°17′20″W",
+ *     alt: 300,
+ *   })
+ * );
+ *
+ * ```
+ *
+ * Part of the series:
+ *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
+ *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
+ *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *
+ * @see https://docs.dnscontrol.org/language-reference/record-modifiers/loc_builder_str
+ */
+declare function LOC_BUILDER_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): RecordModifier;
+
+/**
+ * DNSControl offers a `M365_BUILDER` which can be used to simply set up Microsoft 365 for a domain in an opinionated way.
+ *
+ * It defaults to a setup without support for legacy Skype for Business applications.
+ * It doesn't set up SPF or DMARC. See [`SPF_BUILDER`](/language-reference/record-modifiers/dmarc_builder) and [`DMARC_BUILDER`](/language-reference/record-modifiers/spf_builder).
+ *
+ * ## Example
+ *
+ * ### Simple example
+ *
+ * ```javascript
+ * M365_BUILDER({
+ *     initialDomain: "example.onmicrosoft.com",
+ * });
+ * ```
+ *
+ * This sets up `MX` records, Autodiscover, and DKIM.
+ *
+ * ### Advanced example
+ *
+ * ```javascript
+ * M365_BUILDER({
+ *     label: "test",
+ *     mx: false,
+ *     autodiscover: false,
+ *     dkim: false,
+ *     mdm: true,
+ *     domainGUID: "test-example-com", // Can be automatically derived in this case, if example.com is the context.
+ *     initialDomain: "example.onmicrosoft.com",
+ * });
+ * ```
+ *
+ * This sets up Mobile Device Management only.
+ *
+ * ### Parameters
+ *
+ * * `label` The label of the Microsoft 365 domain, useful if it is a subdomain (default: `"@"`)
+ * * `mx` Set an `MX` record? (default: `true`)
+ * * `autodiscover` Set Autodiscover `CNAME` record? (default: `true`)
+ * * `dkim` Set DKIM `CNAME` records? (default: `true`)
+ * * `skypeForBusiness` Set Skype for Business/Microsoft Teams records? (default: `false`)
+ * * `mdm` Set Mobile Device Management records? (default: `false`)
+ * * `domainGUID` The GUID of _this_ Microsoft 365 domain (default: `<label>.<context>` with `.` replaced by `-`, no default if domain contains dashes)
+ * * `initialDomain` The initial domain of your Microsoft 365 tenant/account, ends in `onmicrosoft.com`
+ *
+ * @see https://docs.dnscontrol.org/language-reference/record-modifiers/m365_builder
+ */
+declare function M365_BUILDER(opts: { label?: string; mx?: boolean; autodiscover?: boolean; dkim?: boolean; skypeForBusiness?: boolean; mdm?: boolean; domainGUID?: string; initialDomain?: string }): RecordModifier;
+
 /**
  * MX adds an MX record to the domain.
  *
@@ -1479,6 +2151,95 @@ declare function NS(name: string, target: string, ...modifiers: RecordModifier[]
  */
 declare function NS1_URLFWD(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
 
+/**
+ * NewDnsProvider activates a DNS Service Provider (DSP) specified in `creds.json`.
+ * A DSP stores a DNS zone's records and provides DNS service for the zone (i.e.
+ * answers on port 53 to queries related to the zone).
+ *
+ * * `name` must match the name of an entry in `creds.json`.
+ * * `type` specifies a valid DNS provider type identifier listed on the [provider page](../../providers.md).
+ *   * Starting with [v3.16](../../v316.md), the type is optional. If it is absent, the `TYPE` field in `creds.json` is used instead. You can leave it out. (Thanks to JavaScript magic, you can leave it out even when there are more fields).
+ *   * Starting with v4.0, specifying the type may be an error. Please add the `TYPE` field to `creds.json` and remove this parameter from `dnsconfig.js` to prepare.
+ * * `meta` is a way to send additional parameters to the provider.  It is optional and only certain providers use it.  See the [individual provider docs](../../providers.md) for details.
+ *
+ * This function will return an opaque string that should be assigned to a variable name for use in [D](D.md) directives.
+ *
+ * Prior to [v3.16](../../v316.md):
+ *
+ * ```javascript
+ * var REG_MYNDC = NewRegistrar("mynamedotcom", "NAMEDOTCOM");
+ * var DNS_MYAWS = NewDnsProvider("myaws", "ROUTE53");
+ *
+ * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
+ *   A("@","1.2.3.4")
+ * );
+ * ```
+ *
+ * In [v3.16](../../v316.md) and later:
+ *
+ * ```javascript
+ * var REG_MYNDC = NewRegistrar("mynamedotcom");
+ * var DNS_MYAWS = NewDnsProvider("myaws");
+ *
+ * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
+ *   A("@","1.2.3.4")
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/newdnsprovider
+ */
+declare function NewDnsProvider(name: string, type?: string, meta?: object): string;
+
+/**
+ * NewRegistrar activates a Registrar Provider specified in `creds.json`.
+ * A registrar maintains the domain's registration and delegation (i.e. the
+ * nameservers for the domain).  DNSControl only manages the delegation.
+ *
+ * * `name` must match the name of an entry in `creds.json`.
+ * * `type` specifies a valid DNS provider type identifier listed on the [provider page](../../providers.md).
+ *   * Starting with [v3.16](../../v316.md), the type is optional. If it is absent, the `TYPE` field in `creds.json` is used instead. You can leave it out. (Thanks to JavaScript magic, you can leave it out even when there are more fields).
+ *   * Starting with v4.0, specifying the type may be an error. Please add the `TYPE` field to `creds.json` and remove this parameter from `dnsconfig.js` to prepare.
+ * * `meta` is a way to send additional parameters to the provider.  It is optional and only certain providers use it.  See the [individual provider docs](../../providers.md) for details.
+ *
+ * This function will return an opaque string that should be assigned to a variable name for use in [D](D.md) directives.
+ *
+ * Prior to [v3.16](../../v316.md):
+ *
+ * ```javascript
+ * var REG_MYNDC = NewRegistrar("mynamedotcom", "NAMEDOTCOM");
+ * var DNS_MYAWS = NewDnsProvider("myaws", "ROUTE53");
+ *
+ * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
+ *   A("@","1.2.3.4")
+ * );
+ * ```
+ *
+ * In [v3.16](../../v316.md) and later:
+ *
+ * ```javascript
+ * var REG_MYNDC = NewRegistrar("mynamedotcom");
+ * var DNS_MYAWS = NewDnsProvider("myaws");
+ *
+ * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
+ *   A("@","1.2.3.4")
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/newregistrar
+ */
+declare function NewRegistrar(name: string, type?: string, meta?: object): string;
+
+/**
+ * `PANIC` terminates the script and therefore DNSControl with an exit code of 1. This should be used if your script cannot gather enough information to generate records, for example when a HTTP request failed.
+ *
+ * ```javascript
+ * PANIC("Something really bad has happened");
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/panic
+ */
+declare function PANIC(message: string): never;
+
 /**
  * PTR adds a PTR record to the domain.
  *
@@ -1645,597 +2406,15 @@ declare const PURGE: DomainModifier;
 declare function R53_ALIAS(name: string, target: string, zone_idModifier: DomainModifier & RecordModifier): DomainModifier;
 
 /**
- * `SOA` adds an `SOA` record to a domain. The name should be `@`.  ns and mbox are strings. The other fields are unsigned 32-bit ints.
+ * `R53_ZONE` lets you specify the AWS Zone ID for an entire domain ([`D()`](../global/D.md)) or a specific [`R53_ALIAS()`](../domain/R53_ALIAS.md) record.
  *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   SOA("@", "ns3.example.com.", "hostmaster@example.com", 3600, 600, 604800, 1440),
- * );
- * ```
+ * When used with [`D()`](../global/D.md), it sets the zone id of the domain. This can be used to differentiate between split horizon domains in public and private zones. See this [example](../../providers/route53.md#split-horizon) in the [Amazon Route 53 provider page](../../providers/route53.md).
  *
- * If you accidentally include an `@` in the email field DNSControl will quietly
- * change it to a `.`. This way you can specify a human-readable email address
- * when you are making it easier for spammers how to find you.
+ * When used with [`R53_ALIAS()`](../domain/R53_ALIAS.md) it sets the required Route53 hosted zone id in a R53_ALIAS record. See [`R53_ALIAS()`](../domain/R53_ALIAS.md) documentation for details.
  *
- * ## Notes
- * * The serial number is managed automatically.  It isn't even a field in `SOA()`.
- * * Most providers automatically generate SOA records.  They will ignore any `SOA()` statements.
- * * The mbox field should not be set to a real email address unless you love spam and hate your privacy.
- *
- * There is more info about `SOA` in the documentation for the [BIND provider](../../providers/bind.md).
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/soa
+ * @see https://docs.dnscontrol.org/language-reference/record-modifiers/service-provider-specific/amazon-route-53/r53_zone
  */
-declare function SOA(name: string, ns: string, mbox: string, refresh: number, retry: number, expire: number, minttl: number, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * `SRV` adds a `SRV` record to a domain. The name should be the relative label for the record.
- *
- * Priority, weight, and port are ints.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   // Create SRV records for a a SIP service:
- *   //               pr  w   port, target
- *   SRV("_sip._tcp", 10, 60, 5060, "bigbox.example.com."),
- *   SRV("_sip._tcp", 10, 20, 5060, "smallbox1.example.com."),
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/srv
- */
-declare function SRV(name: string, priority: number, weight: number, port: number, target: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * `SSHFP` contains a fingerprint of a SSH server which can be validated before SSH clients are establishing the connection.
- *
- * **Algorithm** (type of the key)
- *
- * | ID | Algorithm |
- * |----|-----------|
- * | 0  | reserved  |
- * | 1  | RSA       |
- * | 2  | DSA       |
- * | 3  | ECDSA     |
- * | 4  | ED25519   |
- *
- * **Type** (fingerprint format)
- *
- * | ID | Algorithm |
- * |----|-----------|
- * | 0  | reserved  |
- * | 1  | SHA-1     |
- * | 2  | SHA-256   |
- *
- * `value` is the fingerprint as a string.
- *
- * ```javascript
- * SSHFP("@", 1, 1, "00yourAmazingFingerprint00"),
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/sshfp
- */
-declare function SSHFP(name: string, algorithm: 0 | 1 | 2 | 3 | 4, type: 0 | 1 | 2, value: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * `TLSA` adds a `TLSA` record to a domain. The name should be the relative label for the record.
- *
- * Usage, selector, and type are ints.
- *
- * Certificate is a hex string.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   // Create TLSA record for certificate used on TCP port 443
- *   TLSA("_443._tcp", 3, 1, 1, "abcdef0"),
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/tlsa
- */
-declare function TLSA(name: string, usage: number, selector: number, type: number, certificate: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * `TXT` adds an `TXT` record To a domain. The name should be the relative
- * label for the record. Use `@` for the domain apex.
- *
- * The contents is either a single or multiple strings.  To
- * specify multiple strings, specify them as an array.
- *
- * Each string is a JavaScript string (quoted using single or double
- * quotes).  The (somewhat complex) quoting rules of the DNS protocol
- * will be done for you.
- *
- * Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/language-reference/record-modifiers) or JSON objects, which will be merged into the record's metadata.
- *
- * ```javascript
- *     D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *       TXT("@", "598611146-3338560"),
- *       TXT("listserve", "google-site-verification=12345"),
- *       TXT("multiple", ["one", "two", "three"]),  // Multiple strings
- *       TXT("quoted", "any "quotes" and escapes? ugh; no worries!"),
- *       TXT("_domainkey", "t=y; o=-;"), // Escapes are done for you automatically.
- *       TXT("long", "X".repeat(300)) // Long strings are split automatically.
- *     );
- * ```
- *
- * NOTE: In the past, long strings had to be annotated with the keyword
- * `AUTOSPLIT`. This is no longer required. The keyword is now a no-op.
- *
- * ### Long strings
- *
- * Strings that are longer than 255 octets (bytes) will be quietly
- * split into 255-octets chunks or the provider may report an error
- * if it does not handle multiple strings.
- *
- * ### TXT record edge cases
- *
- * Most providers do not support the full possibilities of what a `TXT`
- * record can store.  DNSControl can not handle all the edge cases
- * and incompatibles that providers have introduced.  Instead, it
- * stores the string(s) that you provide and passes them to the provider
- * verbatim. The provider may opt to accept the data, fix it, or
- * reject it. This happens early in the processing, long before
- * the DNSControl talks to the provider's API.
- *
- * The RFCs specify that a `TXT` record stores one or more strings,
- * each is up to 255 octets (bytes) long. We call these individual
- * strings *chunks*.  Each chunk may be zero to 255 octets long.
- * There is no limit to the number of chunks in a `TXT` record,
- * other than IP packet length restrictions.  The contents of each chunk
- * may be octets of value from 0x00 to 0xff.
- *
- * In reality DNS Service Providers (DSPs) place many restrictions on `TXT`
- * records.
- *
- * Some DSPs only support a single string of 255 octets or fewer.
- * Multiple strings, or any one string being longer than 255 octets will
- * result in an error. One provider limits the string to 254 octets,
- * which makes me think they're code has an off-by-one error.
- *
- * Some DSPs only support one string, but it may be of any length.
- * Behind the scenes the provider splits it into 255-octet chunks
- * (except the last one, of course).
- *
- * Some DSPs support multiple strings, but API requests must be 512-bytes
- * or fewer, and with quoting, escaping, and other encoding mishegoss
- * you can't be sure what will be permitted until you actually try it.
- *
- * Regardless of the quantity and length of strings, some providers ban
- * double quotes, back-ticks, or other chars.
- *
- * ### Testing the support of a provider
- *
- * #### How can you tell if a provider will support a particular `TXT()` record?
- *
- * Include the `TXT()` record in a [`D()`](../global/D.md) as usual, along
- * with the `DnsProvider()` for that provider.  Run `dnscontrol check` to
- * see if any errors are produced.  The check command does not talk to
- * the provider's API, thus permitting you to do this without having an
- * account at that provider.
- *
- * #### What if the provider rejects a string that is supported?
- *
- * Suppose I can create the TXT record using the DSP's web portal but
- * DNSControl rejects the string?
- *
- * It is possible that the provider code in DNSControl rejects strings
- * that the DSP accepts.  This is because the test is done in code, not
- * by querying the provider's API.  It is possible that the code was
- * written to work around a bug (such as rejecting a string with a
- * back-tick) but now that bug has been fixed.
- *
- * All such checks are in `providers/${providername}/auditrecords.go`.
- * You can try removing the check that you feel is in error and see if
- * the provider's API accepts the record.  You can do this by running the
- * integration tests, or by simply adding that record to an existing
- * `dnsconfig.js` and seeing if `dnscontrol push` is able to push that
- * record into production. (Be careful if you are testing this on a
- * domain used in production.)
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/txt
- */
-declare function TXT(name: string, contents: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * Documentation needed.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/url
- */
-declare function URL(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * Documentation needed.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/url301
- */
-declare function URL301(name: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * `D` adds a new Domain for DNSControl to manage. The first two arguments are required: the domain name (fully qualified `example.com` without a trailing dot), and the
- * name of the registrar (as previously declared with [NewRegistrar](NewRegistrar.md)). Any number of additional arguments may be included to add DNS Providers with [DNSProvider](NewDnsProvider.md),
- * add records with [A](../domain/A.md), [CNAME](../domain/CNAME.md), and so forth, or add metadata.
- *
- * Modifier arguments are processed according to type as follows:
- *
- * - A function argument will be called with the domain object as it's only argument. Most of the [built-in modifier functions](https://docs.dnscontrol.org/language-reference/domain-modifiers) return such functions.
- * - An object argument will be merged into the domain's metadata collection.
- * - An array argument will have all of it's members evaluated recursively. This allows you to combine multiple common records or modifiers into a variable that can
- *    be used like a macro in multiple domains.
- *
- * ```javascript
- * // simple domain
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   A("@","1.2.3.4"),
- *   CNAME("test", "foo.example2.com.")
- * );
- *
- * // "macro" for records that can be mixed into any zone
- * var GOOGLE_APPS_DOMAIN_MX = [
- *     MX("@", 1, "aspmx.l.google.com."),
- *     MX("@", 5, "alt1.aspmx.l.google.com."),
- *     MX("@", 5, "alt2.aspmx.l.google.com."),
- *     MX("@", 10, "alt3.aspmx.l.google.com."),
- *     MX("@", 10, "alt4.aspmx.l.google.com."),
- * ]
- *
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   A("@","1.2.3.4"),
- *   CNAME("test", "foo.example2.com."),
- *   GOOGLE_APPS_DOMAIN_MX
- * );
- * ```
- *
- * # Split Horizon DNS
- *
- * DNSControl supports Split Horizon DNS. Simply
- * define the domain two or more times, each with
- * their own unique parameters.
- *
- * To differentiate the different domains, specify the domains as
- * `domain.tld!tag`, such as `example.com!inside` and
- * `example.com!outside`.
- *
- * ```javascript
- * var REG_THIRDPARTY = NewRegistrar("ThirdParty");
- * var DNS_INSIDE = NewDnsProvider("Cloudflare");
- * var DNS_OUTSIDE = NewDnsProvider("bind");
- *
- * D("example.com!inside", REG_THIRDPARTY, DnsProvider(DNS_INSIDE),
- *   A("www", "10.10.10.10")
- * );
- *
- * D("example.com!outside", REG_THIRDPARTY, DnsProvider(DNS_OUTSIDE),
- *   A("www", "20.20.20.20")
- * );
- *
- * D_EXTEND("example.com!inside",
- *   A("internal", "10.99.99.99")
- * );
- * ```
- *
- * A domain name without a `!` is assigned a tag that is the empty
- * string. For example, `example.com` and `example.com!` are equivalent.
- * However, we strongly recommend against using the empty tag, as it
- * risks creating confusion.  In other words, if you have `domain.tld`
- * and `domain.tld!external` you now require humans to remember that
- * `domain.tld` is the external one.  I mean... the internal one.  You
- * may have noticed this mistake, but will your coworkers?  Will you in
- * six months? You get the idea.
- *
- * DNSControl command line flag `--domains` matches the full name (with the "!").  If you
- * define domains `example.com!george` and `example.com!john` then:
- *
- * * `--domains=example.com` will not match either domain.
- * * `--domains='example.com!george'` will match only match the first.
- * * `--domains='example.com!george",example.com!john` will match both.
- *
- * NOTE: The quotes are required if your shell treats `!` as a special
- * character, which is probably does.  If you see an error that mentions
- * `event not found` you probably forgot the quotes.
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/d
- */
-declare function D(name: string, registrar: string, ...modifiers: DomainModifier[]): void;
-
-/**
- * `DEFAULTS` allows you to declare a set of default arguments to apply to all subsequent domains. Subsequent calls to [`D`](D.md) will have these
- * arguments passed as if they were the first modifiers in the argument list.
- *
- * ## Example
- *
- * We want to create backup zone files for all domains, but not actually register them. Also create a [`DefaultTTL`](../domain/DefaultTTL.md).
- * The domain `example.com` will have the defaults set.
- *
- * ```javascript
- * var COMMON = NewDnsProvider("foo");
- * DEFAULTS(
- *   DnsProvider(COMMON, 0),
- *   DefaultTTL("1d")
- * );
- *
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   A("@","1.2.3.4")
- * );
- * ```
- *
- * If you want to clear the defaults, you can do the following.
- * The domain `example2.com` will **not** have the defaults set.
- *
- * ```javascript
- * DEFAULTS();
- *
- * D("example2.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   A("@","1.2.3.4")
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/defaults
- */
-declare function DEFAULTS(...modifiers: DomainModifier[]): void;
-
-/**
- * `DOMAIN_ELSEWHERE()` is a helper macro that lets you easily indicate that
- * a domain's zones are managed elsewhere. That is, it permits you easily delegate
- * a domain to a hard-coded list of DNS servers.
- *
- * `DOMAIN_ELSEWHERE` is useful when you control a domain's registrar but not the
- * DNS servers. For example, suppose you own a domain but the DNS servers are run
- * by someone else, perhaps a SaaS product you've subscribed to or a DNS server
- * that is run by your brother-in-law who doesn't trust you with the API keys that
- * would let you maintain the domain using DNSControl. You need an easy way to
- * point (delegate) the domain at a specific list of DNS servers.
- *
- * For example these two statements are equivalent:
- *
- * ```javascript
- * DOMAIN_ELSEWHERE("example.com", REG_MY_PROVIDER, ["ns1.foo.com", "ns2.foo.com"]);
- * ```
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *     NO_PURGE,
- *     NAMESERVER("ns1.foo.com"),
- *     NAMESERVER("ns2.foo.com")
- * );
- * ```
- *
- * NOTE: The [`NO_PURGE`](../domain/NO_PURGE.md) is used out of abundance of caution but since no
- * `DnsProvider()` statements exist, no updates would be performed.
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/domain_elsewhere
- */
-declare function DOMAIN_ELSEWHERE(name: string, registrar: string, nameserver_names: string[]): void;
-
-/**
- * `DOMAIN_ELSEWHERE_AUTO()` is similar to `DOMAIN_ELSEWHERE()` but instead of
- * a hardcoded list of nameservers, a DnsProvider() is queried.
- *
- * `DOMAIN_ELSEWHERE_AUTO` is useful when you control a domain's registrar but the
- * DNS zones are managed by another system. Luckily you have enough access to that
- * other system that you can query it to determine the zone's nameservers.
- *
- * For example, suppose you own a domain but the DNS servers for it are in Azure.
- * Further suppose that something in Azure maintains the zones (automatic or
- * human). Azure picks the nameservers for the domains automatically, and that
- * list may change occasionally.  `DOMAIN_ELSEWHERE_AUTO` allows you to easily
- * query Azure to determine the domain's delegations so that you do not need to
- * hard-code them in your dnsconfig.js file.
- *
- * For example these two statements are equivalent:
- *
- * ```javascript
- * DOMAIN_ELSEWHERE_AUTO("example.com", REG_NAMEDOTCOM, DSP_AZURE);
- * ```
- *
- * ```javascript
- * D("example.com", REG_NAMEDOTCOM,
- *     NO_PURGE,
- *     DnsProvider(DSP_AZURE)
- * );
- * ```
- *
- * NOTE: The [`NO_PURGE`](../domain/NO_PURGE.md) is used to prevent DNSControl from changing the records.
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/domain_elsewhere_auto
- */
-declare function DOMAIN_ELSEWHERE_AUTO(name: string, domain: string, registrar: string, dnsProvider: string): void;
-
-/**
- * `D_EXTEND` adds records (and metadata) to a domain previously defined
- * by [`D()`](D.md). It can also be used to add subdomain records (and metadata)
- * to a previously defined domain.
- *
- * The first argument is a domain name. If it exactly matches a
- * previously defined domain, `D_EXTEND()` behaves the same as [`D()`](D.md),
- * simply adding records as if they had been specified in the original
- * [`D()`](D.md).
- *
- * If the domain name does not match an existing domain, but could be a
- * (non-delegated) subdomain of an existing domain, the new records (and
- * metadata) are added with the subdomain part appended to all record
- * names (labels), and targets (as appropriate). See the examples below.
- *
- * Matching the domain name to previously-defined domains is done using a
- * `longest match` algorithm.  If `domain.tld` and `sub.domain.tld` are
- * defined as separate domains via separate [`D()`](D.md) statements, then
- * `D_EXTEND("sub.sub.domain.tld", ...)` would match `sub.domain.tld`,
- * not `domain.tld`.
- *
- * Some operators only act on an apex domain (e.g.
- * [`CF_REDIRECT`](../domain/CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](../domain/CF_TEMP_REDIRECT.md)). Using them
- * in a `D_EXTEND` subdomain may not be what you expect.
- *
- * ```javascript
- * D("domain.tld", REG_MY_PROVIDER, DnsProvider(DNS),
- *   A("@", "127.0.0.1"), // domain.tld
- *   A("www", "127.0.0.2"), // www.domain.tld
- *   CNAME("a", "b") // a.domain.tld -> b.domain.tld
- * );
- * D_EXTEND("domain.tld",
- *   A("aaa", "127.0.0.3"), // aaa.domain.tld
- *   CNAME("c", "d") // c.domain.tld -> d.domain.tld
- * );
- * D_EXTEND("sub.domain.tld",
- *   A("bbb", "127.0.0.4"), // bbb.sub.domain.tld
- *   A("ccc", "127.0.0.5"), // ccc.sub.domain.tld
- *   CNAME("e", "f") // e.sub.domain.tld -> f.sub.domain.tld
- * );
- * D_EXTEND("sub.sub.domain.tld",
- *   A("ddd", "127.0.0.6"), // ddd.sub.sub.domain.tld
- *   CNAME("g", "h") // g.sub.sub.domain.tld -> h.sub.sub.domain.tld
- * );
- * D_EXTEND("sub.domain.tld",
- *   A("@", "127.0.0.7"), // sub.domain.tld
- *   CNAME("i", "j") // i.sub.domain.tld -> j.sub.domain.tld
- * );
- * ```
- *
- * This will end up in the following modifications: (This output assumes the `--full` flag)
- *
- * ```text
- * ******************** Domain: domain.tld
- * ----- Getting nameservers from: cloudflare
- * ----- DNS Provider: cloudflare...7 corrections
- * #1: CREATE A aaa.domain.tld 127.0.0.3
- * #2: CREATE A bbb.sub.domain.tld 127.0.0.4
- * #3: CREATE A ccc.sub.domain.tld 127.0.0.5
- * #4: CREATE A ddd.sub.sub.domain.tld 127.0.0.6
- * #5: CREATE A sub.domain.tld 127.0.0.7
- * #6: CREATE A www.domain.tld 127.0.0.2
- * #7: CREATE A domain.tld 127.0.0.1
- * #8: CREATE CNAME a.domain.tld b.domain.tld.
- * #9: CREATE CNAME c.domain.tld d.domain.tld.
- * #10: CREATE CNAME e.sub.domain.tld f.sub.domain.tld.
- * #11: CREATE CNAME g.sub.sub.domain.tld h.sub.sub.domain.tld.
- * #12: CREATE CNAME i.sub.domain.tld j.sub.domain.tld.
- * ```
- *
- * ProTips: `D_EXTEND()` permits you to create very complex and
- * sophisticated configurations, but you shouldn't. Be nice to the next
- * person that edits the file, who may not be as expert as yourself.
- * Enhance readability by putting any `D_EXTEND()` statements immediately
- * after the original [`D()`](D.md), like in above example.  Avoid the temptation
- * to obscure the addition of records to existing domains with randomly
- * placed `D_EXTEND()` statements. Don't build up a domain using loops of
- * `D_EXTEND()` statements. You'll be glad you didn't.
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/d_extend
- */
-declare function D_EXTEND(name: string, ...modifiers: DomainModifier[]): void;
-
-/**
- * Converts an IPv4 address from string to an integer. This allows performing mathematical operations with the IP address.
- *
- * ```javascript
- * var addrA = IP("1.2.3.4")
- * var addrB = addrA + 1
- * // addrB = 1.2.3.5
- * ```
- *
- * NOTE: `IP()` does not accept IPv6 addresses (PRs gladly accepted!). IPv6 addresses are simply strings:
- *
- * ```javascript
- * // IPv4 Var
- * var addrA1 = IP("1.2.3.4");
- * var addrA2 = "1.2.3.4";
- *
- * // IPv6 Var
- * var addrAAAA = "0:0:0:0:0:0:0:0";
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/ip
- */
-declare function IP(ip: string): number;
-
-/**
- * NewDnsProvider activates a DNS Service Provider (DSP) specified in `creds.json`.
- * A DSP stores a DNS zone's records and provides DNS service for the zone (i.e.
- * answers on port 53 to queries related to the zone).
- *
- * * `name` must match the name of an entry in `creds.json`.
- * * `type` specifies a valid DNS provider type identifier listed on the [provider page](../../providers.md).
- *   * Starting with [v3.16](../../v316.md), the type is optional. If it is absent, the `TYPE` field in `creds.json` is used instead. You can leave it out. (Thanks to JavaScript magic, you can leave it out even when there are more fields).
- *   * Starting with v4.0, specifying the type may be an error. Please add the `TYPE` field to `creds.json` and remove this parameter from `dnsconfig.js` to prepare.
- * * `meta` is a way to send additional parameters to the provider.  It is optional and only certain providers use it.  See the [individual provider docs](../../providers.md) for details.
- *
- * This function will return an opaque string that should be assigned to a variable name for use in [D](D.md) directives.
- *
- * Prior to [v3.16](../../v316.md):
- *
- * ```javascript
- * var REG_MYNDC = NewRegistrar("mynamedotcom", "NAMEDOTCOM");
- * var DNS_MYAWS = NewDnsProvider("myaws", "ROUTE53");
- *
- * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
- *   A("@","1.2.3.4")
- * );
- * ```
- *
- * In [v3.16](../../v316.md) and later:
- *
- * ```javascript
- * var REG_MYNDC = NewRegistrar("mynamedotcom");
- * var DNS_MYAWS = NewDnsProvider("myaws");
- *
- * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
- *   A("@","1.2.3.4")
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/newdnsprovider
- */
-declare function NewDnsProvider(name: string, type?: string, meta?: object): string;
-
-/**
- * NewRegistrar activates a Registrar Provider specified in `creds.json`.
- * A registrar maintains the domain's registration and delegation (i.e. the
- * nameservers for the domain).  DNSControl only manages the delegation.
- *
- * * `name` must match the name of an entry in `creds.json`.
- * * `type` specifies a valid DNS provider type identifier listed on the [provider page](../../providers.md).
- *   * Starting with [v3.16](../../v316.md), the type is optional. If it is absent, the `TYPE` field in `creds.json` is used instead. You can leave it out. (Thanks to JavaScript magic, you can leave it out even when there are more fields).
- *   * Starting with v4.0, specifying the type may be an error. Please add the `TYPE` field to `creds.json` and remove this parameter from `dnsconfig.js` to prepare.
- * * `meta` is a way to send additional parameters to the provider.  It is optional and only certain providers use it.  See the [individual provider docs](../../providers.md) for details.
- *
- * This function will return an opaque string that should be assigned to a variable name for use in [D](D.md) directives.
- *
- * Prior to [v3.16](../../v316.md):
- *
- * ```javascript
- * var REG_MYNDC = NewRegistrar("mynamedotcom", "NAMEDOTCOM");
- * var DNS_MYAWS = NewDnsProvider("myaws", "ROUTE53");
- *
- * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
- *   A("@","1.2.3.4")
- * );
- * ```
- *
- * In [v3.16](../../v316.md) and later:
- *
- * ```javascript
- * var REG_MYNDC = NewRegistrar("mynamedotcom");
- * var DNS_MYAWS = NewDnsProvider("myaws");
- *
- * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
- *   A("@","1.2.3.4")
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/newregistrar
- */
-declare function NewRegistrar(name: string, type?: string, meta?: object): string;
-
-/**
- * `PANIC` terminates the script and therefore DNSControl with an exit code of 1. This should be used if your script cannot gather enough information to generate records, for example when a HTTP request failed.
- *
- * ```javascript
- * PANIC("Something really bad has happened");
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/panic
- */
-declare function PANIC(message: string): never;
+declare function R53_ZONE(zone_id: string): DomainModifier & RecordModifier;
 
 /**
  * `REV` returns the reverse lookup domain for an IP network. For
@@ -2289,489 +2468,28 @@ declare function PANIC(message: string): never;
 declare function REV(address: string): string;
 
 /**
- * `getConfiguredDomains` getConfiguredDomains is a helper function that returns the domain names
- * configured at the time the function is called. Calling this function early or later in
- * `dnsconfig.js` may return different results. Typical usage is to iterate over all
- * domains at the end of your configuration file.
- *
- * Example for adding records to all configured domains:
- * ```javascript
- * var domains = getConfiguredDomains();
- * for(i = 0; i < domains.length; i++) {
- *   D_EXTEND(domains[i],
- *     TXT("_important", "BLA") // I know, not really creative.
- *   )
- * }
- * ```
- *
- * This will end up in following modifications: (All output assumes the `--full` flag)
- *
- * ```text
- * ******************** Domain: domain1.tld
- * ----- Getting nameservers from: registrar
- * ----- DNS Provider: registrar...2 corrections
- * #1: CREATE TXT _important.domain1.tld "BLA" ttl=43200
- * #2: REFRESH zone domain1.tld
- *
- * ******************** Domain: domain2.tld
- * ----- Getting nameservers from: registrar
- * ----- DNS Provider: registrar...2 corrections
- * #1: CREATE TXT _important.domain2.tld "BLA" ttl=43200
- * #2: REFRESH zone domain2.tld
- * ```
- *
- * Example for adding DMARC report records:
- *
- * This example might be more useful, specially for configuring the DMARC report records. According to DMARC RFC you need to specify `domain2.tld._report.dmarc.domain1.tld` to allow `domain2.tld` to send aggregate/forensic email reports to `domain1.tld`. This can be used to do this in an easy way, without using the wildcard from the RFC.
- *
- * ```javascript
- * var domains = getConfiguredDomains();
- * for(i = 0; i < domains.length; i++) {
- *     D_EXTEND("domain1.tld",
- *         TXT(domains[i] + "._report._dmarc", "v=DMARC1")
- *     );
- * }
- * ```
- *
- * This will end up in following modifications:
- *
- * ```text
- * ******************** Domain: domain2.tld
- * ----- Getting nameservers from: registrar
- * ----- DNS Provider: registrar...4 corrections
- * #1: CREATE TXT domain1.tld._report._dmarc.domain2.tld "v=DMARC1" ttl=43200
- * #2: CREATE TXT domain3.tld._report._dmarc.domain2.tld "v=DMARC1" ttl=43200
- * #3: CREATE TXT domain4.tld._report._dmarc.domain2.tld "v=DMARC1" ttl=43200
- * #4: REFRESH zone domain2.tld
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/getconfigureddomains
- */
-declare function getConfiguredDomains(): string[];
-
-/**
- * `require_glob()` can recursively load `.js` files, optionally non-recursive as well.
- *
- * Possible parameters are:
- *
- * - Path as string, where you would like to start including files. Mandatory. Pattern matching possible, see [GoLand path/filepath/#Match docs](https://golang.org/pkg/path/filepath/#Match).
- * - If being recursive. This is a boolean if the search should be recursive or not. Define either `true` or `false`. Default is `true`.
- *
- * Example to load `.js` files recursively:
- *
- * ```javascript
- * require_glob("./domains/");
- * ```
- *
- * Example to load `.js` files only in `domains/`:
- *
- * ```javascript
- * require_glob("./domains/", false);
- * ```
- *
- * One more important thing to note: `require_glob()` is as smart as `require()` is. It loads files always relative to the JavaScript
- * file where it's being executed in. Let's go with an example, as it describes it better:
- *
- * ```javascript
- * require("domains/index.js");
- * ```
- *
- * ```javascript
- * require_glob("./user1/");
- * ```
- *
- * This will now load files being present underneath `./domains/user1/` and **NOT** at below `./domains/`, as `require_glob()`
- * is called in the subfolder `domains/`.
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/require_glob
- */
-declare function require_glob(path: string, recursive: boolean): void;
-
-/**
- * DNSControl contains a `CAA_BUILDER` which can be used to simply create
- * [`CAA()`](../domain/CAA.md) records for your domains. Instead of creating each [`CAA()`](../domain/CAA.md) record
- * individually, you can simply configure your report mail address, the
- * authorized certificate authorities and the builder cares about the rest.
- *
- * ## Example
- *
- * For example you can use:
- *
- * ```javascript
- * CAA_BUILDER({
- *   label: "@",
- *   iodef: "mailto:test@example.com",
- *   iodef_critical: true,
- *   issue: [
- *     "letsencrypt.org",
- *     "comodoca.com",
- *   ],
- *   issuewild: "none",
- * })
- * ```
- *
- * The parameters are:
- *
- * * `label:` The label of the CAA record. (Optional. Default: `"@"`)
- * * `iodef:` Report all violation to configured mail address.
- * * `iodef_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
- * * `issue:` An array of CAs which are allowed to issue certificates. (Use `"none"` to refuse all CAs)
- * * `issuewild:` An array of CAs which are allowed to issue wildcard certificates. (Can be simply `"none"` to refuse issuing wildcard certificates for all CAs)
- *
- * `CAA_BUILDER()` returns multiple records (when configured as example above):
- *
- * ```javascript
- * CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
- * CAA("@", "issue", "letsencrypt.org")
- * CAA("@", "issue", "comodoca.com")
- * CAA("@", "issuewild", ";")
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/caa_builder
- */
-declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critical?: boolean; issue: string[]; issuewild: string }): RecordModifier;
-
-/**
- * DNSControl contains a `DMARC_BUILDER` which can be used to simply create
- * DMARC policies for your domains.
- *
- * ## Example
- *
- * ### Simple example
- *
- * ```javascript
- * DMARC_BUILDER({
- *   policy: "reject",
- *   ruf: [
- *     "mailto:mailauth-reports@example.com",
- *   ],
- * })
- * ```
- *
- * This yield the following record:
- *
- * ```text
- * @   IN  TXT "v=DMARC1; p=reject; ruf=mailto:mailauth-reports@example.com"
- * ```
- *
- * ### Advanced example
- *
- * ```javascript
- * DMARC_BUILDER({
- *   policy: "reject",
- *   subdomainPolicy: "quarantine",
- *   percent: 50,
- *   alignmentSPF: "r",
- *   alignmentDKIM: "strict",
- *   rua: [
- *     "mailto:mailauth-reports@example.com",
- *     "https://dmarc.example.com/submit",
- *   ],
- *   ruf: [
- *     "mailto:mailauth-reports@example.com",
- *   ],
- *   failureOptions: "1",
- *   reportInterval: "1h",
- * });
- * ```
- *
- * ```javascript
- * DMARC_BUILDER({
- *   label: "insecure",
- *   policy: "none",
- *   ruf: [
- *     "mailto:mailauth-reports@example.com",
- *   ],
- *   failureOptions: {
- *       SPF: false,
- *       DKIM: true,
- *   },
- * });
- * ```
- *
- * This yields the following records:
- *
- * ```text
- * @           IN  TXT "v=DMARC1; p=reject; sp=quarantine; adkim=s; aspf=r; pct=50; rua=mailto:mailauth-reports@example.com,https://dmarc.example.com/submit; ruf=mailto:mailauth-reports@example.com; fo=1; ri=3600"
- * insecure    IN  TXT "v=DMARC1; p=none; ruf=mailto:mailauth-reports@example.com; fo=d"
- * ```
- *
- * ### Parameters
- *
- * * `label:` The DNS label for the DMARC record (`_dmarc` prefix is added, default: `"@"`)
- * * `version:` The DMARC version to be used (default: `DMARC1`)
- * * `policy:` The DMARC policy (`p=`), must be one of `"none"`, `"quarantine"`, `"reject"`
- * * `subdomainPolicy:` The DMARC policy for subdomains (`sp=`), must be one of `"none"`, `"quarantine"`, `"reject"` (optional)
- * * `alignmentSPF:` `"strict"`/`"s"` or `"relaxed"`/`"r"` alignment for SPF (`aspf=`, default: `"r"`)
- * * `alignmentDKIM:` `"strict"`/`"s"` or `"relaxed"`/`"r"` alignment for DKIM (`adkim=`, default: `"r"`)
- * * `percent:` Number between `0` and `100`, percentage for which policies are applied (`pct=`, default: `100`)
- * * `rua:` Array of aggregate report targets (optional)
- * * `ruf:` Array of failure report targets (optional)
- * * `failureOptions:` Object or string; Object containing booleans `SPF` and `DKIM`, string is passed raw (`fo=`, default: `"0"`)
- * * `failureFormat:` Format in which failure reports are requested (`rf=`, default: `"afrf"`)
- * * `reportInterval:` Interval in which reports are requested (`ri=`)
- * * `ttl:` Input for `TTL` method (optional)
- *
- * ### Caveats
- *
- * * TXT records are automatically split using `AUTOSPLIT`.
- * * URIs in the `rua` and `ruf` arrays are passed raw. You must percent-encode all commas and exclamation points in the URI itself.
- *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/dmarc_builder
- */
-declare function DMARC_BUILDER(opts: { label?: string; version?: string; policy: 'none' | 'quarantine' | 'reject'; subdomainPolicy?: 'none' | 'quarantine' | 'reject'; alignmentSPF?: 'strict' | 's' | 'relaxed' | 'r'; alignmentDKIM?: 'strict' | 's' | 'relaxed' | 'r'; percent?: number; rua?: string[]; ruf?: string[]; failureOptions?: { SPF: boolean, DKIM: boolean } | string; failureFormat?: string; reportInterval?: Duration; ttl?: Duration }): RecordModifier;
-
-/**
- * `LOC_BUILDER_DD({})` actually takes an object with the following properties:
- *
- *   - label (optional, defaults to `@`)
- *   - x (float32)
- *   - y (float32)
- *   - alt (float32, optional)
- *   - ttl (optional)
- *
- * A helper to build [`LOC`](../domain/LOC.md) records. Supply four parameters instead of 12.
- *
- * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
- *
- * The cartesian coordinates are decimal degrees, like you typically find in e.g. Google Maps.
- *
- * Examples.
- *
- * Big Ben:
- * `51.50084265331501, -0.12462541415599787`
- *
- * The White House:
- * `38.89775977858357, -77.03655125982903`
+ * `SOA` adds an `SOA` record to a domain. The name should be `@`.  ns and mbox are strings. The other fields are unsigned 32-bit ints.
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *     LOC_BUILDER_DD({
- *     label: "big-ben",
- *     x: 51.50084265331501,
- *     y: -0.12462541415599787,
- *     alt: 6,
- *   })
- *   , LOC_BUILDER_DD({
- *     label: "white-house",
- *     x: 38.89775977858357,
- *     y: -77.03655125982903,
- *     alt: 19,
- *   })
- *   , LOC_BUILDER_DD({
- *     label: "white-house-ttl",
- *     x: 38.89775977858357,
- *     y: -77.03655125982903,
- *     alt: 19,
- *     ttl: "5m",
- *   })
+ *   SOA("@", "ns3.example.com.", "hostmaster@example.com", 3600, 600, 604800, 1440),
  * );
- *
  * ```
  *
- * Part of the series:
- *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
- *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ * If you accidentally include an `@` in the email field DNSControl will quietly
+ * change it to a `.`. This way you can specify a human-readable email address
+ * when you are making it easier for spammers how to find you.
  *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/loc_builder_dd
+ * ## Notes
+ * * The serial number is managed automatically.  It isn't even a field in `SOA()`.
+ * * Most providers automatically generate SOA records.  They will ignore any `SOA()` statements.
+ * * The mbox field should not be set to a real email address unless you love spam and hate your privacy.
+ *
+ * There is more info about `SOA` in the documentation for the [BIND provider](../../providers/bind.md).
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/soa
  */
-declare function LOC_BUILDER_DD(opts: { label?: string; x: number; y: number; alt?: number; ttl?: Duration }): RecordModifier;
-
-/**
- * `LOC_BUILDER_DMM({})` actually takes an object with the following properties:
- *
- *   - label (string, optional, defaults to `@`)
- *   - str (string)
- *   - alt (float32, optional)
- *   - ttl (optional)
- *
- * A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
- *
- * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
- *
- * Accepts a string with decimal minutes (DMM) coordinates in the form: 25.24°S 153.15°E
- *
- * Note that the following are acceptable forms (symbols differ):
- * * `25.24°S 153.15°E`
- * * `25.24 S 153.15 E`
- * * `25.24° S 153.15° E`
- * * `25.24S 153.15E`
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   LOC_BUILDER_STR({
- *     label: "tasmania",
- *     str: "42°S 147°E",
- *     alt: 3,
- *   })
- * );
- *
- * ```
- *
- * Part of the series:
- *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
- *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
- *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/loc_builder_dmm_str
- */
-declare function LOC_BUILDER_DMM_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): RecordModifier;
-
-/**
- * `LOC_BUILDER_DMS_STR({})` actually takes an object with the following properties:
- *
- *   - label (string, optional, defaults to `@`)
- *   - str (string)
- *   - alt (float32, optional)
- *   - ttl (optional)
- *
- * A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
- *
- * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
- *
- * Accepts a string with degrees, minutes, and seconds (DMS) coordinates in the form: 41°24'12.2"N 2°10'26.5"E
- *
- * Note that the following are acceptable forms (symbols differ):
- * * `33°51′31″S 151°12′51″E`
- * * `33°51'31"S 151°12'51"E`
- * * `33d51m31sS 151d12m51sE`
- * * `33d51m31s S 151d12m51s E`
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   LOC_BUILDER_DMS_STR({
- *     label: "sydney-opera-house",
- *     str: "33°51′31″S 151°12′51″E",
- *     alt: 4,
- *     ttl: "5m",
- *   })
- * );
- *
- * ```
- *
- * Part of the series:
- *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
- *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
- *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/loc_builder_dms_str
- */
-declare function LOC_BUILDER_DMS_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): RecordModifier;
-
-/**
- * `LOC_BUILDER_STR({})` actually takes an object with the following: properties.
- *
- *   - label (optional, defaults to `@`)
- *   - str (string)
- *   - alt (float32, optional)
- *   - ttl (optional)
- *
- * A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
- *
- * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
- *
- * Accepts a string and tries all `LOC_BUILDER_DM*_STR({})` methods:
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   , LOC_BUILDER_STR({
- *     label: "old-faithful",
- *     str: "44.46046°N 110.82815°W",
- *     alt: 2240,
- *   })
- *   , LOC_BUILDER_STR({
- *     label: "ribblehead-viaduct",
- *     str: "54.210436°N 2.370231°W",
- *     alt: 300,
- *   })
- *   , LOC_BUILDER_STR({
- *     label: "guinness-brewery",
- *     str: "53°20′40″N 6°17′20″W",
- *     alt: 300,
- *   })
- * );
- *
- * ```
- *
- * Part of the series:
- *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
- *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
- *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/loc_builder_str
- */
-declare function LOC_BUILDER_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): RecordModifier;
-
-/**
- * DNSControl offers a `M365_BUILDER` which can be used to simply set up Microsoft 365 for a domain in an opinionated way.
- *
- * It defaults to a setup without support for legacy Skype for Business applications.
- * It doesn't set up SPF or DMARC. See [`SPF_BUILDER`](/language-reference/record-modifiers/dmarc_builder) and [`DMARC_BUILDER`](/language-reference/record-modifiers/spf_builder).
- *
- * ## Example
- *
- * ### Simple example
- *
- * ```javascript
- * M365_BUILDER({
- *     initialDomain: "example.onmicrosoft.com",
- * });
- * ```
- *
- * This sets up `MX` records, Autodiscover, and DKIM.
- *
- * ### Advanced example
- *
- * ```javascript
- * M365_BUILDER({
- *     label: "test",
- *     mx: false,
- *     autodiscover: false,
- *     dkim: false,
- *     mdm: true,
- *     domainGUID: "test-example-com", // Can be automatically derived in this case, if example.com is the context.
- *     initialDomain: "example.onmicrosoft.com",
- * });
- * ```
- *
- * This sets up Mobile Device Management only.
- *
- * ### Parameters
- *
- * * `label` The label of the Microsoft 365 domain, useful if it is a subdomain (default: `"@"`)
- * * `mx` Set an `MX` record? (default: `true`)
- * * `autodiscover` Set Autodiscover `CNAME` record? (default: `true`)
- * * `dkim` Set DKIM `CNAME` records? (default: `true`)
- * * `skypeForBusiness` Set Skype for Business/Microsoft Teams records? (default: `false`)
- * * `mdm` Set Mobile Device Management records? (default: `false`)
- * * `domainGUID` The GUID of _this_ Microsoft 365 domain (default: `<label>.<context>` with `.` replaced by `-`, no default if domain contains dashes)
- * * `initialDomain` The initial domain of your Microsoft 365 tenant/account, ends in `onmicrosoft.com`
- *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/m365_builder
- */
-declare function M365_BUILDER(opts: { label?: string; mx?: boolean; autodiscover?: boolean; dkim?: boolean; skypeForBusiness?: boolean; mdm?: boolean; domainGUID?: string; initialDomain?: string }): RecordModifier;
-
-/**
- * `R53_ZONE` lets you specify the AWS Zone ID for an entire domain ([`D()`](../global/D.md)) or a specific [`R53_ALIAS()`](../domain/R53_ALIAS.md) record.
- *
- * When used with [`D()`](../global/D.md), it sets the zone id of the domain. This can be used to differentiate between split horizon domains in public and private zones. See this [example](../../providers/route53.md#split-horizon) in the [Amazon Route 53 provider page](../../providers/route53.md).
- *
- * When used with [`R53_ALIAS()`](../domain/R53_ALIAS.md) it sets the required Route53 hosted zone id in a R53_ALIAS record. See [`R53_ALIAS()`](../domain/R53_ALIAS.md) documentation for details.
- *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/service-provider-specific/amazon-route-53/r53_zone
- */
-declare function R53_ZONE(zone_id: string): DomainModifier & RecordModifier;
+declare function SOA(name: string, ns: string, mbox: string, refresh: number, retry: number, expire: number, minttl: number, ...modifiers: RecordModifier[]): DomainModifier;
 
 /**
  * DNSControl can optimize the SPF settings on a domain by flattening
@@ -3054,9 +2772,76 @@ declare function R53_ZONE(zone_id: string): DomainModifier & RecordModifier;
  * );
  * ```
  *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/spf_builder
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/spf_builder
  */
-declare function SPF_BUILDER(opts: { label?: string; overflow?: string; overhead1?: string; raw?: string; ttl?: Duration; txtMaxSize: string[]; parts?: number; flatten?: string[] }): RecordModifier;
+declare function SPF_BUILDER(opts: { label?: string; overflow?: string; overhead1?: string; raw?: string; ttl?: Duration; txtMaxSize?: number; parts: string[]; flatten?: string[] }): DomainModifier;
+
+/**
+ * `SRV` adds a `SRV` record to a domain. The name should be the relative label for the record.
+ *
+ * Priority, weight, and port are ints.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   // Create SRV records for a a SIP service:
+ *   //               pr  w   port, target
+ *   SRV("_sip._tcp", 10, 60, 5060, "bigbox.example.com."),
+ *   SRV("_sip._tcp", 10, 20, 5060, "smallbox1.example.com."),
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/srv
+ */
+declare function SRV(name: string, priority: number, weight: number, port: number, target: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * `SSHFP` contains a fingerprint of a SSH server which can be validated before SSH clients are establishing the connection.
+ *
+ * **Algorithm** (type of the key)
+ *
+ * | ID | Algorithm |
+ * |----|-----------|
+ * | 0  | reserved  |
+ * | 1  | RSA       |
+ * | 2  | DSA       |
+ * | 3  | ECDSA     |
+ * | 4  | ED25519   |
+ *
+ * **Type** (fingerprint format)
+ *
+ * | ID | Algorithm |
+ * |----|-----------|
+ * | 0  | reserved  |
+ * | 1  | SHA-1     |
+ * | 2  | SHA-256   |
+ *
+ * `value` is the fingerprint as a string.
+ *
+ * ```javascript
+ * SSHFP("@", 1, 1, "00yourAmazingFingerprint00"),
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/sshfp
+ */
+declare function SSHFP(name: string, algorithm: 0 | 1 | 2 | 3 | 4, type: 0 | 1 | 2, value: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * `TLSA` adds a `TLSA` record to a domain. The name should be the relative label for the record.
+ *
+ * Usage, selector, and type are ints.
+ *
+ * Certificate is a hex string.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   // Create TLSA record for certificate used on TCP port 443
+ *   TLSA("_443._tcp", 3, 1, 1, "abcdef0"),
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/tlsa
+ */
+declare function TLSA(name: string, usage: number, selector: number, type: number, certificate: string, ...modifiers: RecordModifier[]): DomainModifier;
 
 /**
  * TTL sets the TTL for a single record only. This will take precedence
@@ -3090,3 +2875,218 @@ declare function SPF_BUILDER(opts: { label?: string; overflow?: string; overhead
  * @see https://docs.dnscontrol.org/language-reference/record-modifiers/ttl
  */
 declare function TTL(ttl: Duration): RecordModifier;
+
+/**
+ * `TXT` adds an `TXT` record To a domain. The name should be the relative
+ * label for the record. Use `@` for the domain apex.
+ *
+ * The contents is either a single or multiple strings.  To
+ * specify multiple strings, specify them as an array.
+ *
+ * Each string is a JavaScript string (quoted using single or double
+ * quotes).  The (somewhat complex) quoting rules of the DNS protocol
+ * will be done for you.
+ *
+ * Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/language-reference/record-modifiers) or JSON objects, which will be merged into the record's metadata.
+ *
+ * ```javascript
+ *     D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *       TXT("@", "598611146-3338560"),
+ *       TXT("listserve", "google-site-verification=12345"),
+ *       TXT("multiple", ["one", "two", "three"]),  // Multiple strings
+ *       TXT("quoted", "any "quotes" and escapes? ugh; no worries!"),
+ *       TXT("_domainkey", "t=y; o=-;"), // Escapes are done for you automatically.
+ *       TXT("long", "X".repeat(300)) // Long strings are split automatically.
+ *     );
+ * ```
+ *
+ * NOTE: In the past, long strings had to be annotated with the keyword
+ * `AUTOSPLIT`. This is no longer required. The keyword is now a no-op.
+ *
+ * ### Long strings
+ *
+ * Strings that are longer than 255 octets (bytes) will be quietly
+ * split into 255-octets chunks or the provider may report an error
+ * if it does not handle multiple strings.
+ *
+ * ### TXT record edge cases
+ *
+ * Most providers do not support the full possibilities of what a `TXT`
+ * record can store.  DNSControl can not handle all the edge cases
+ * and incompatibles that providers have introduced.  Instead, it
+ * stores the string(s) that you provide and passes them to the provider
+ * verbatim. The provider may opt to accept the data, fix it, or
+ * reject it. This happens early in the processing, long before
+ * the DNSControl talks to the provider's API.
+ *
+ * The RFCs specify that a `TXT` record stores one or more strings,
+ * each is up to 255 octets (bytes) long. We call these individual
+ * strings *chunks*.  Each chunk may be zero to 255 octets long.
+ * There is no limit to the number of chunks in a `TXT` record,
+ * other than IP packet length restrictions.  The contents of each chunk
+ * may be octets of value from 0x00 to 0xff.
+ *
+ * In reality DNS Service Providers (DSPs) place many restrictions on `TXT`
+ * records.
+ *
+ * Some DSPs only support a single string of 255 octets or fewer.
+ * Multiple strings, or any one string being longer than 255 octets will
+ * result in an error. One provider limits the string to 254 octets,
+ * which makes me think they're code has an off-by-one error.
+ *
+ * Some DSPs only support one string, but it may be of any length.
+ * Behind the scenes the provider splits it into 255-octet chunks
+ * (except the last one, of course).
+ *
+ * Some DSPs support multiple strings, but API requests must be 512-bytes
+ * or fewer, and with quoting, escaping, and other encoding mishegoss
+ * you can't be sure what will be permitted until you actually try it.
+ *
+ * Regardless of the quantity and length of strings, some providers ban
+ * double quotes, back-ticks, or other chars.
+ *
+ * ### Testing the support of a provider
+ *
+ * #### How can you tell if a provider will support a particular `TXT()` record?
+ *
+ * Include the `TXT()` record in a [`D()`](../global/D.md) as usual, along
+ * with the `DnsProvider()` for that provider.  Run `dnscontrol check` to
+ * see if any errors are produced.  The check command does not talk to
+ * the provider's API, thus permitting you to do this without having an
+ * account at that provider.
+ *
+ * #### What if the provider rejects a string that is supported?
+ *
+ * Suppose I can create the TXT record using the DSP's web portal but
+ * DNSControl rejects the string?
+ *
+ * It is possible that the provider code in DNSControl rejects strings
+ * that the DSP accepts.  This is because the test is done in code, not
+ * by querying the provider's API.  It is possible that the code was
+ * written to work around a bug (such as rejecting a string with a
+ * back-tick) but now that bug has been fixed.
+ *
+ * All such checks are in `providers/${providername}/auditrecords.go`.
+ * You can try removing the check that you feel is in error and see if
+ * the provider's API accepts the record.  You can do this by running the
+ * integration tests, or by simply adding that record to an existing
+ * `dnsconfig.js` and seeing if `dnscontrol push` is able to push that
+ * record into production. (Be careful if you are testing this on a
+ * domain used in production.)
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/txt
+ */
+declare function TXT(name: string, contents: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * Documentation needed.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/url
+ */
+declare function URL(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * Documentation needed.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/url301
+ */
+declare function URL301(name: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * `getConfiguredDomains` getConfiguredDomains is a helper function that returns the domain names
+ * configured at the time the function is called. Calling this function early or later in
+ * `dnsconfig.js` may return different results. Typical usage is to iterate over all
+ * domains at the end of your configuration file.
+ *
+ * Example for adding records to all configured domains:
+ * ```javascript
+ * var domains = getConfiguredDomains();
+ * for(i = 0; i < domains.length; i++) {
+ *   D_EXTEND(domains[i],
+ *     TXT("_important", "BLA") // I know, not really creative.
+ *   )
+ * }
+ * ```
+ *
+ * This will end up in following modifications: (All output assumes the `--full` flag)
+ *
+ * ```text
+ * ******************** Domain: domain1.tld
+ * ----- Getting nameservers from: registrar
+ * ----- DNS Provider: registrar...2 corrections
+ * #1: CREATE TXT _important.domain1.tld "BLA" ttl=43200
+ * #2: REFRESH zone domain1.tld
+ *
+ * ******************** Domain: domain2.tld
+ * ----- Getting nameservers from: registrar
+ * ----- DNS Provider: registrar...2 corrections
+ * #1: CREATE TXT _important.domain2.tld "BLA" ttl=43200
+ * #2: REFRESH zone domain2.tld
+ * ```
+ *
+ * Example for adding DMARC report records:
+ *
+ * This example might be more useful, specially for configuring the DMARC report records. According to DMARC RFC you need to specify `domain2.tld._report.dmarc.domain1.tld` to allow `domain2.tld` to send aggregate/forensic email reports to `domain1.tld`. This can be used to do this in an easy way, without using the wildcard from the RFC.
+ *
+ * ```javascript
+ * var domains = getConfiguredDomains();
+ * for(i = 0; i < domains.length; i++) {
+ *     D_EXTEND("domain1.tld",
+ *         TXT(domains[i] + "._report._dmarc", "v=DMARC1")
+ *     );
+ * }
+ * ```
+ *
+ * This will end up in following modifications:
+ *
+ * ```text
+ * ******************** Domain: domain2.tld
+ * ----- Getting nameservers from: registrar
+ * ----- DNS Provider: registrar...4 corrections
+ * #1: CREATE TXT domain1.tld._report._dmarc.domain2.tld "v=DMARC1" ttl=43200
+ * #2: CREATE TXT domain3.tld._report._dmarc.domain2.tld "v=DMARC1" ttl=43200
+ * #3: CREATE TXT domain4.tld._report._dmarc.domain2.tld "v=DMARC1" ttl=43200
+ * #4: REFRESH zone domain2.tld
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/getconfigureddomains
+ */
+declare function getConfiguredDomains(): string[];
+
+/**
+ * `require_glob()` can recursively load `.js` files, optionally non-recursive as well.
+ *
+ * Possible parameters are:
+ *
+ * - Path as string, where you would like to start including files. Mandatory. Pattern matching possible, see [GoLand path/filepath/#Match docs](https://golang.org/pkg/path/filepath/#Match).
+ * - If being recursive. This is a boolean if the search should be recursive or not. Define either `true` or `false`. Default is `true`.
+ *
+ * Example to load `.js` files recursively:
+ *
+ * ```javascript
+ * require_glob("./domains/");
+ * ```
+ *
+ * Example to load `.js` files only in `domains/`:
+ *
+ * ```javascript
+ * require_glob("./domains/", false);
+ * ```
+ *
+ * One more important thing to note: `require_glob()` is as smart as `require()` is. It loads files always relative to the JavaScript
+ * file where it's being executed in. Let's go with an example, as it describes it better:
+ *
+ * ```javascript
+ * require("domains/index.js");
+ * ```
+ *
+ * ```javascript
+ * require_glob("./user1/");
+ * ```
+ *
+ * This will now load files being present underneath `./domains/user1/` and **NOT** at below `./domains/`, as `require_glob()`
+ * is called in the subfolder `domains/`.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/require_glob
+ */
+declare function require_glob(path: string, recursive: boolean): void;
diff --git a/documentation/functions/record/SPF_BUILDER.md b/documentation/functions/domain/SPF_BUILDER.md
similarity index 99%
rename from documentation/functions/record/SPF_BUILDER.md
rename to documentation/functions/domain/SPF_BUILDER.md
index 7cbbdbc84..2d3ba9878 100644
--- a/documentation/functions/record/SPF_BUILDER.md
+++ b/documentation/functions/domain/SPF_BUILDER.md
@@ -16,8 +16,8 @@ parameter_types:
   overhead1: string?
   raw: string?
   ttl: Duration?
-  txtMaxSize: string[]
-  parts: number?
+  txtMaxSize: number?
+  parts: string[]
   flatten: string[]?
 ---
 

From 194c4711a89175cb0ba5e14882682bbc5fe07ff1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Aug 2023 17:46:15 -0400
Subject: [PATCH 13/79] Build(deps): Bump alpine from 3.18.2 to 3.18.3 (#2502)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 24769b974..6f34f33e3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax = docker/dockerfile:1.4
 
-FROM alpine:3.18.2@sha256:25fad2a32ad1f6f510e528448ae1ec69a28ef81916a004d3629874104f8a7f70 as RUN
+FROM alpine:3.18.3@sha256:7144f7bab3d4c2648d7e59409f15ec52a18006a128c733fcff20d3a4a54ba44a as RUN
 
 
 # Add runtime dependencies

From 3c33ee22120f838b74a4b87d3212cf5c31d2407e Mon Sep 17 00:00:00 2001
From: Costas Drogos <costas.drogos@gmail.com>
Date: Thu, 17 Aug 2023 18:19:16 +0300
Subject: [PATCH 14/79] NS1: update ns1-go to 2.7.8 (#2516)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 go.mod                       | 4 ++--
 go.sum                       | 8 ++++----
 providers/ns1/ns1Provider.go | 6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 9f6006044..39360e500 100644
--- a/go.mod
+++ b/go.mod
@@ -52,7 +52,7 @@ require (
 	golang.org/x/net v0.14.0
 	golang.org/x/oauth2 v0.11.0
 	google.golang.org/api v0.135.0
-	gopkg.in/ns1/ns1-go.v2 v2.7.4
+	gopkg.in/ns1/ns1-go.v2 v2.7.8
 )
 
 require (
@@ -133,7 +133,7 @@ require (
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	golang.org/x/crypto v0.12.0 // indirect
-	golang.org/x/mod v0.11.0 // indirect
+	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/sync v0.3.0 // indirect
 	golang.org/x/sys v0.11.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
diff --git a/go.sum b/go.sum
index d2ebf1b8e..00d81cd30 100644
--- a/go.sum
+++ b/go.sum
@@ -456,8 +456,8 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
-golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180406214816-61147c48b25b/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -606,8 +606,8 @@ gopkg.in/ini.v1 v1.66.6 h1:LATuAqN/shcYAOkv3wl2L4rkaKqkcgTBQjOyYDvcPKI=
 gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/mgo.v2 v2.0.0-20160818015218-f2b6f6c918c4/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
 gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
-gopkg.in/ns1/ns1-go.v2 v2.7.4 h1:uLb8u8uM9E7Xij/GHPctVIKMwyQDcA8NjSPnScG7gmQ=
-gopkg.in/ns1/ns1-go.v2 v2.7.4/go.mod h1:GMnKY+ZuoJ+lVLL+78uSTjwTz2jMazq6AfGKQOYhsPk=
+gopkg.in/ns1/ns1-go.v2 v2.7.8 h1:1ocy22Xb+KF4g6JNlPFoivyYRdJfeQjs+omb/wIzQAU=
+gopkg.in/ns1/ns1-go.v2 v2.7.8/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
 gopkg.in/readline.v1 v1.0.0-20160726135117-62c6fe619375/go.mod h1:lNEQeAhU009zbRxng+XOj5ITVgY24WcbNnQopyfKoYQ=
 gopkg.in/sourcemap.v1 v1.0.5 h1:inv58fC9f9J3TK2Y2R1NPntXEn3/wjWHkonhIUODNTI=
 gopkg.in/sourcemap.v1 v1.0.5/go.mod h1:2RlvNNSMglmRrcvhfuzp4hQHwOtjxlbjX7UPY/GXb78=
diff --git a/providers/ns1/ns1Provider.go b/providers/ns1/ns1Provider.go
index 5eb30dde4..5d36de670 100644
--- a/providers/ns1/ns1Provider.go
+++ b/providers/ns1/ns1Provider.go
@@ -68,7 +68,7 @@ func (n *nsone) EnsureZoneExists(domain string) error {
 func (n *nsone) GetNameservers(domain string) ([]*models.Nameserver, error) {
 	var nservers []string
 
-	z, _, err := n.Zones.Get(domain)
+	z, _, err := n.Zones.Get(domain, true)
 	if err != nil {
 		return nil, err
 	}
@@ -90,7 +90,7 @@ func (n *nsone) GetNameservers(domain string) ([]*models.Nameserver, error) {
 
 // GetZoneRecords gets the records of a zone and returns them in RecordConfig format.
 func (n *nsone) GetZoneRecords(domain string, meta map[string]string) (models.Records, error) {
-	z, _, err := n.Zones.Get(domain)
+	z, _, err := n.Zones.Get(domain, true)
 	if err != nil {
 		return nil, err
 	}
@@ -271,7 +271,7 @@ func (n *nsone) modify(recs models.Records, domain string) error {
 //
 // Unfortunately this is not detectable otherwise, so given that we have a nice error message, we just let this through.
 func (n *nsone) configureDNSSEC(domain string, enabled bool) error {
-	z, _, err := n.Zones.Get(domain)
+	z, _, err := n.Zones.Get(domain, true)
 	if err != nil {
 		return err
 	}

From f13ae54858a2234326623d952ddcecd722fbd4b7 Mon Sep 17 00:00:00 2001
From: Alexander Kabenin <28066869+kabenin@users.noreply.github.com>
Date: Thu, 17 Aug 2023 08:37:36 -0700
Subject: [PATCH 15/79] Implementing API retries when receiving 429
 (TooManyRequests) HTTP Error (#2506)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/ns1/ns1Provider.go | 110 ++++++++++++++++++++++++++---------
 1 file changed, 81 insertions(+), 29 deletions(-)

diff --git a/providers/ns1/ns1Provider.go b/providers/ns1/ns1Provider.go
index 5d36de670..f608763ce 100644
--- a/providers/ns1/ns1Provider.go
+++ b/providers/ns1/ns1Provider.go
@@ -31,6 +31,9 @@ var docNotes = providers.DocumentationNotes{
 	providers.DocOfficiallySupported: providers.Cannot(),
 }
 
+// Number of retries for API backend requests in case of StatusTooManyRequests responses
+const CLIENT_RETRIES = 10
+
 func init() {
 	fns := providers.DspFuncs{
 		Initializer:   newProvider,
@@ -48,27 +51,53 @@ func newProvider(creds map[string]string, meta json.RawMessage) (providers.DNSSe
 	if creds["api_token"] == "" {
 		return nil, fmt.Errorf("api_token required for ns1")
 	}
-	return &nsone{rest.NewClient(http.DefaultClient, rest.SetAPIKey(creds["api_token"]))}, nil
+
+	// Enable Sleep API Rate limit strategy - it will sleep until new tokens are available
+	// see https://help.ns1.com/hc/en-us/articles/360020250573-About-API-rate-limiting
+	// this strategy would imply the least sleep time for non-parallel client requests
+	return &nsone{rest.NewClient(
+		http.DefaultClient,
+		rest.SetAPIKey(creds["api_token"]),
+		func(c *rest.Client) {
+			c.RateLimitStrategySleep()
+		},
+	)}, nil
+}
+
+// A wrapper around rest.Client's Zones.Get() implementing retries
+// no explicit sleep is needed, it is implemented in NS1 client's RateLimitStrategy we used
+func (n *nsone) GetZone(domain string) (*dns.Zone, error) {
+	for rtr := 0; ; rtr++ {
+		z, httpResp, err := n.Zones.Get(domain)
+		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < CLIENT_RETRIES {
+			continue
+		}
+		return z, err
+	}
 }
 
 func (n *nsone) EnsureZoneExists(domain string) error {
 	// This enables the create-domains subcommand
-
 	zone := dns.NewZone(domain)
-	_, err := n.Zones.Create(zone)
 
-	if err == rest.ErrZoneExists {
-		// if domain exists already, just return nil, nothing to do here.
-		return nil
+	for rtr := 0; ; rtr++ {
+		httpResp, err := n.Zones.Create(zone)
+		if err == rest.ErrZoneExists {
+			// if domain exists already, just return nil, nothing to do here.
+			return nil
+		}
+		// too many requests - retry w/out waiting. We specified rate limit strategy creating the client
+		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < CLIENT_RETRIES {
+			continue
+		}
+		return err
 	}
-
-	return err
 }
 
 func (n *nsone) GetNameservers(domain string) ([]*models.Nameserver, error) {
 	var nservers []string
 
-	z, _, err := n.Zones.Get(domain, true)
+  z, _, err := n.Zones.Get(domain, true)
 	if err != nil {
 		return nil, err
 	}
@@ -112,20 +141,23 @@ func (n *nsone) GetZoneRecords(domain string, meta map[string]string) (models.Re
 //  2. DNSSEC is disabled (returns false)
 //  3. some error state   (return false plus the error)
 func (n *nsone) GetZoneDNSSEC(domain string) (bool, error) {
-	_, _, err := n.DNSSEC.Get(domain)
+	for rtr := 0; ; rtr++ {
+		_, httpResp, err := n.DNSSEC.Get(domain)
+		// rest.ErrDNSECNotEnabled is our "disabled" state
+		if err != nil && err == rest.ErrDNSECNotEnabled {
+			return false, nil
+		}
+		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < CLIENT_RETRIES {
+			continue
+		}
+		// any other errors not expected, let's surface them
+		if err != nil {
+			return false, err
+		}
 
-	// rest.ErrDNSECNotEnabled is our "disabled" state
-	if err != nil && err == rest.ErrDNSECNotEnabled {
-		return false, nil
+		// no errors returned, we assume DNSSEC is enabled
+		return true, nil
 	}
-
-	// any other errors not expected, let's surface them
-	if err != nil {
-		return false, err
-	}
-
-	// no errors returned, we assume DNSSEC is enabled
-	return true, nil
 }
 
 // getDomainCorrectionsDNSSEC creates DNSSEC zone corrections based on current state and preference
@@ -244,8 +276,13 @@ func (n *nsone) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecor
 }
 
 func (n *nsone) add(recs models.Records, domain string) error {
-	_, err := n.Records.Create(buildRecord(recs, domain, ""))
-	return err
+	for rtr := 0; ; rtr++ {
+		httpResp, err := n.Records.Create(buildRecord(recs, domain, ""))
+		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < CLIENT_RETRIES {
+			continue
+		}
+		return err
+	}
 }
 
 func (n *nsone) remove(key models.RecordKey, domain string) error {
@@ -253,13 +290,23 @@ func (n *nsone) remove(key models.RecordKey, domain string) error {
 		key.Type = "URLFWD"
 	}
 
-	_, err := n.Records.Delete(domain, key.NameFQDN, key.Type)
-	return err
+	for rtr := 0; ; rtr++ {
+		httpResp, err := n.Records.Delete(domain, key.NameFQDN, key.Type)
+		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < CLIENT_RETRIES {
+			continue
+		}
+		return err
+	}
 }
 
 func (n *nsone) modify(recs models.Records, domain string) error {
-	_, err := n.Records.Update(buildRecord(recs, domain, ""))
-	return err
+	for rtr := 0; ; rtr++ {
+		httpResp, err := n.Records.Update(buildRecord(recs, domain, ""))
+		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < CLIENT_RETRIES {
+			continue
+		}
+		return err
+	}
 }
 
 // configureDNSSEC configures DNSSEC for a zone. Set 'enabled' to true to enable, false to disable.
@@ -276,8 +323,13 @@ func (n *nsone) configureDNSSEC(domain string, enabled bool) error {
 		return err
 	}
 	z.DNSSEC = &enabled
-	_, err = n.Zones.Update(z)
-	return err
+	for rtr := 0; ; rtr++ {
+		httpResp, err := n.Zones.Update(z)
+		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < CLIENT_RETRIES {
+			continue
+		}
+		return err
+	}
 }
 
 func buildRecord(recs models.Records, domain string, id string) *dns.Record {

From e211bfb4cc844d178729a55c9faeb577413bde12 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 17 Aug 2023 17:39:34 +0200
Subject: [PATCH 16/79] DOCS: Remove second parameter from NewDnsProvider()
 (#2505)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/ci-cd-gitlab.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/ci-cd-gitlab.md b/documentation/ci-cd-gitlab.md
index 37b45b168..d34f756cb 100644
--- a/documentation/ci-cd-gitlab.md
+++ b/documentation/ci-cd-gitlab.md
@@ -16,7 +16,7 @@ For convenience, both configuration files are shown below.
 {% code title="dnsconfig.js" %}
 ```javascript
 var PROVIDER_NONE = NewRegistrar("none");
-var PROVIDER_TRANSIP = NewDnsProvider("transip", "-");
+var PROVIDER_TRANSIP = NewDnsProvider("transip");
 
 D("cafferata.dev",
     PROVIDER_NONE,
@@ -100,7 +100,7 @@ Because the above GitLab CI configuration expects a diff, we apply this by (_for
 
 ```diff
 var PROVIDER_NONE = NewRegistrar("none");
-var PROVIDER_TRANSIP = NewDnsProvider("transip", "-");
+var PROVIDER_TRANSIP = NewDnsProvider("transip");
 
 D("cafferata.dev",
     PROVIDER_NONE,

From 89cc1f0667a462f4fcda21ce1b9640d4842b9d84 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 17 Aug 2023 17:40:40 +0200
Subject: [PATCH 17/79] DOCS: Expand docs about how to use notifications
 (#2504)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/notifications.md | 44 ++++++++++++++++++++++++++++++++--
 1 file changed, 42 insertions(+), 2 deletions(-)

diff --git a/documentation/notifications.md b/documentation/notifications.md
index f274512fe..72eb739e5 100644
--- a/documentation/notifications.md
+++ b/documentation/notifications.md
@@ -18,13 +18,53 @@ Notifications are set up in your credentials JSON file. They will use the `notif
         ...
   } ,
   "notifications": {
-      "slack_url": "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX",
+      "slack_url": "https://api.slack.com/apps/0XXX0X0XX0/incoming-webhooks",
       "teams_url": "https://outlook.office.com/webhook/00000000-0000-0000-0000-000000000000@00000000-0000-0000-0000-000000000000/IncomingWebhook/00000000000000000000000000000000/00000000-0000-0000-0000-000000000000"
   }
 ```
 {% endcode %}
 
-You also must run `dnscontrol preview` or `dnscontrol push` with the `-notify` flag to enable notification sending at all.
+## Usage
+
+If you want to send a notification, add the `--notify` flag to the `dnscontrol preview` or `dnscontrol push` commands.
+
+Below is an example where we add [the A record](functions/domain/A.md) `foo` and display the notification output.
+
+{% code title="dnsconfig.js" %}
+```diff
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
++ A("foo", "1.2.3.4"),
+);
+```
+{% endcode %}
+
+### Preview example
+
+In case of `dnscontrol preview`:
+
+```shell
+dnscontrol preview --notify
+```
+
+**The notification output**
+
+```shell
+**Preview: example.com[my_provider] -** CREATE foo.example.com A (1.2.3.4 ttl=86400)
+```
+
+### Push example
+
+In case of `dnscontrol push`:
+
+```shell
+dnscontrol push --notify
+```
+
+**The notification output**
+
+```shell
+Successfully ran correction for **example.com[my_provider]** - CREATE foo.example.com A 1.2.3.4 ttl=86400
+```
 
 ## Notification types
 

From 5d9b82e917c363a676f3e374b076fb7b77069a72 Mon Sep 17 00:00:00 2001
From: Brian Hartvigsen <brian.andrew@brianandjenny.com>
Date: Thu, 17 Aug 2023 09:41:52 -0600
Subject: [PATCH 18/79] CLOUDFLARE: Support unicode domains (#2466)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/cloudflare/cloudflareProvider.go | 9 ++++++++-
 providers/cloudflare/rest.go               | 5 +++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 53f2f4596..7b7560b06 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -3,6 +3,7 @@ package cloudflare
 import (
 	"encoding/json"
 	"fmt"
+	"golang.org/x/net/idna"
 	"net"
 	"os"
 	"strconv"
@@ -485,8 +486,14 @@ func (c *cloudflareProvider) mkDeleteCorrection(recType string, origRec any, dom
 
 func checkNSModifications(dc *models.DomainConfig) {
 	newList := make([]*models.RecordConfig, 0, len(dc.Records))
+
+	punyRoot, err := idna.ToASCII(dc.Name)
+	if err != nil {
+		punyRoot = dc.Name
+	}
+
 	for _, rec := range dc.Records {
-		if rec.Type == "NS" && rec.GetLabelFQDN() == dc.Name {
+		if rec.Type == "NS" && rec.GetLabelFQDN() == punyRoot {
 			if !strings.HasSuffix(rec.GetTargetField(), ".ns.cloudflare.com.") {
 				printer.Warnf("cloudflare does not support modifying NS records on base domain. %s will not be added.\n", rec.GetTargetField())
 			}
diff --git a/providers/cloudflare/rest.go b/providers/cloudflare/rest.go
index b3de4b614..614be8aac 100644
--- a/providers/cloudflare/rest.go
+++ b/providers/cloudflare/rest.go
@@ -3,6 +3,7 @@ package cloudflare
 import (
 	"context"
 	"fmt"
+	"golang.org/x/net/idna"
 	"strconv"
 	"strings"
 
@@ -20,6 +21,10 @@ func (c *cloudflareProvider) fetchDomainList() error {
 	}
 
 	for _, zone := range zones {
+		if encoded, err := idna.ToASCII(zone.Name); err == nil && encoded != zone.Name {
+			c.domainIndex[encoded] = zone.ID
+			c.nameservers[encoded] = append(c.nameservers[encoded], zone.NameServers...)
+		}
 		c.domainIndex[zone.Name] = zone.ID
 		c.nameservers[zone.Name] = append(c.nameservers[zone.Name], zone.NameServers...)
 	}

From 56b11d0881174ea5131446883c268edfb36175c1 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 17 Aug 2023 13:07:13 -0400
Subject: [PATCH 19/79] CLOUDFLARE: Upgrade
 modules/GitHub.com/cloudflare/cloudflare go 0.70.0 (#2518)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian Hartvigsen <brian.andrew@brianandjenny.com>
Co-authored-by: Tom Limoncelli <tal@whatexit.org>
---
 go.mod                                     | 2 +-
 go.sum                                     | 8 ++++----
 providers/cloudflare/cloudflareProvider.go | 3 ++-
 providers/cloudflare/rest.go               | 4 ++--
 4 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/go.mod b/go.mod
index 39360e500..0f013a4cf 100644
--- a/go.mod
+++ b/go.mod
@@ -107,7 +107,7 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.2 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
diff --git a/go.sum b/go.sum
index 00d81cd30..2a177e8cc 100644
--- a/go.sum
+++ b/go.sum
@@ -84,8 +84,8 @@ github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.68.0 h1:YmCaLt0lUqZwxJp6fTrFX2fjb0zQZoKS8lFRMdwZKDI=
-github.com/cloudflare/cloudflare-go v0.68.0/go.mod h1:b6oSYwhXmZUdaF83Od/uefT092M41HHis/z6JFsT/kw=
+github.com/cloudflare/cloudflare-go v0.70.0 h1:4opGbUygM8DjirUuaz23jn3akuAcnOCEx+0nQtQEcFo=
+github.com/cloudflare/cloudflare-go v0.70.0/go.mod h1:VW6GuazkaZ4xEDkFt24lkXQUsE8q7BiGqDniC2s8WEM=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
@@ -225,8 +225,8 @@ github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXc
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-retryablehttp v0.7.2 h1:AcYqCvkpalPnPF2pn0KamgwamS42TqUDDYFRKq/RAd0=
-github.com/hashicorp/go-retryablehttp v0.7.2/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
+github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA=
+github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ=
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 7b7560b06..230e5aa48 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -72,6 +72,7 @@ type cloudflareProvider struct {
 	ignoredLabels   []string
 	manageRedirects bool
 	manageWorkers   bool
+	accountId       string
 	cfClient        *cloudflare.API
 }
 
@@ -685,7 +686,7 @@ func newCloudflare(m map[string]string, metadata json.RawMessage) (providers.DNS
 
 	// Check account data if set
 	if m["accountid"] != "" {
-		api.cfClient.AccountID = m["accountid"]
+		api.accountId = m["accountid"]
 	}
 
 	debug, err := strconv.ParseBool(os.Getenv("CLOUDFLAREAPI_DEBUG"))
diff --git a/providers/cloudflare/rest.go b/providers/cloudflare/rest.go
index 614be8aac..eaefda398 100644
--- a/providers/cloudflare/rest.go
+++ b/providers/cloudflare/rest.go
@@ -65,7 +65,7 @@ func (c *cloudflareProvider) deleteRec(rec cloudflare.DNSRecord, domainID string
 }
 
 func (c *cloudflareProvider) createZone(domainName string) (string, error) {
-	zone, err := c.cfClient.CreateZone(context.Background(), domainName, false, cloudflare.Account{ID: c.cfClient.AccountID}, "full")
+	zone, err := c.cfClient.CreateZone(context.Background(), domainName, false, cloudflare.Account{ID: c.accountId}, "full")
 	return zone.ID, err
 }
 
@@ -422,7 +422,7 @@ func (c *cloudflareProvider) createTestWorker(workerName string) error {
 			});`,
 	}
 
-	_, err := c.cfClient.UploadWorker(context.Background(), cloudflare.AccountIdentifier(c.cfClient.AccountID), wp)
+	_, err := c.cfClient.UploadWorker(context.Background(), cloudflare.AccountIdentifier(c.accountId), wp)
 	return err
 }
 

From ec0585cb298cb6df4e00aa1826912c15d284c9c5 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 18 Aug 2023 08:25:36 -0400
Subject: [PATCH 20/79] CHORE: Fix CF and NS1 due to api changes (#2520)

---
 go.sum                       | 4 ++--
 providers/ns1/ns1Provider.go | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.sum b/go.sum
index 2a177e8cc..d380288ac 100644
--- a/go.sum
+++ b/go.sum
@@ -84,8 +84,8 @@ github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.70.0 h1:4opGbUygM8DjirUuaz23jn3akuAcnOCEx+0nQtQEcFo=
-github.com/cloudflare/cloudflare-go v0.70.0/go.mod h1:VW6GuazkaZ4xEDkFt24lkXQUsE8q7BiGqDniC2s8WEM=
+github.com/cloudflare/cloudflare-go v0.68.0 h1:YmCaLt0lUqZwxJp6fTrFX2fjb0zQZoKS8lFRMdwZKDI=
+github.com/cloudflare/cloudflare-go v0.68.0/go.mod h1:b6oSYwhXmZUdaF83Od/uefT092M41HHis/z6JFsT/kw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
diff --git a/providers/ns1/ns1Provider.go b/providers/ns1/ns1Provider.go
index f608763ce..28f1ec478 100644
--- a/providers/ns1/ns1Provider.go
+++ b/providers/ns1/ns1Provider.go
@@ -68,7 +68,7 @@ func newProvider(creds map[string]string, meta json.RawMessage) (providers.DNSSe
 // no explicit sleep is needed, it is implemented in NS1 client's RateLimitStrategy we used
 func (n *nsone) GetZone(domain string) (*dns.Zone, error) {
 	for rtr := 0; ; rtr++ {
-		z, httpResp, err := n.Zones.Get(domain)
+		z, httpResp, err := n.Zones.Get(domain, true)
 		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < CLIENT_RETRIES {
 			continue
 		}
@@ -97,7 +97,7 @@ func (n *nsone) EnsureZoneExists(domain string) error {
 func (n *nsone) GetNameservers(domain string) ([]*models.Nameserver, error) {
 	var nservers []string
 
-  z, _, err := n.Zones.Get(domain, true)
+	z, _, err := n.Zones.Get(domain, true)
 	if err != nil {
 		return nil, err
 	}

From b74da0eb1d063f91bcff8f3abbca8b95b080368d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Aug 2023 09:12:26 -0400
Subject: [PATCH 21/79] CLOUDFLARE: Bump github.com/cloudflare/cloudflare-go
 from 0.68.0 to 0.75.0 (#2519)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 go.mod | 3 ++-
 go.sum | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 0f013a4cf..6179816c0 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5
-	github.com/cloudflare/cloudflare-go v0.68.0
+	github.com/cloudflare/cloudflare-go v0.75.0
 	github.com/digitalocean/godo v1.100.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.2.0
@@ -94,6 +94,7 @@ require (
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
 	github.com/go-test/deep v1.0.3 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gofrs/uuid v4.0.0+incompatible // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
diff --git a/go.sum b/go.sum
index d380288ac..ee48ee01a 100644
--- a/go.sum
+++ b/go.sum
@@ -84,8 +84,8 @@ github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.68.0 h1:YmCaLt0lUqZwxJp6fTrFX2fjb0zQZoKS8lFRMdwZKDI=
-github.com/cloudflare/cloudflare-go v0.68.0/go.mod h1:b6oSYwhXmZUdaF83Od/uefT092M41HHis/z6JFsT/kw=
+github.com/cloudflare/cloudflare-go v0.75.0 h1:03a4EkwwsDo0yAHjQ/l+D36K9wTkvr0afDiI/uHQ0Xw=
+github.com/cloudflare/cloudflare-go v0.75.0/go.mod h1:5ocQT9qQ99QsT1Ii2751490Z5J+W/nv6jOj+lSAe4ug=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
@@ -150,6 +150,8 @@ github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3a
 github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe h1:zn8tqiUbec4wR94o7Qj3LZCAT6uGobhEgnDRg6isG5U=
 github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/goccy/go-json v0.7.8/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=

From 012c9441cbdacd1784a7e0a526e7bcb5a845981b Mon Sep 17 00:00:00 2001
From: Costas Drogos <costas.drogos@gmail.com>
Date: Fri, 18 Aug 2023 16:19:18 +0300
Subject: [PATCH 22/79] New flag: --no-colors (disables colored output) (#2507)

Co-authored-by: Jeffrey Cafferata <jeffrey@jcid.nl>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 commands/commands.go     |  8 ++++++++
 documentation/SUMMARY.md |  1 +
 documentation/colors.md  | 27 +++++++++++++++++++++++++++
 3 files changed, 36 insertions(+)
 create mode 100644 documentation/colors.md

diff --git a/commands/commands.go b/commands/commands.go
index 1d5e4e575..a951ad506 100644
--- a/commands/commands.go
+++ b/commands/commands.go
@@ -12,6 +12,8 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/pkg/js"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
 	"github.com/urfave/cli/v2"
+
+	"github.com/fatih/color"
 )
 
 // categories of commands
@@ -68,6 +70,12 @@ func Run(v string) int {
 			Destination: &diff2.EnableDiff2,
 			Value:       true,
 		},
+		&cli.BoolFlag{
+			Name:        "no-colors",
+			Usage:       "Disable colors",
+			Destination: &color.NoColor,
+			Value:       false,
+		},
 	}
 	sort.Sort(cli.CommandsByName(commands))
 	app.Commands = commands
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 6ea18f6b4..2ab2aeb2a 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -8,6 +8,7 @@
 * [Examples](examples.md)
 * [Migrating zones to DNSControl](migrating.md)
 * [TypeScript autocomplete and type checking](typescript.md)
+* [Disabling Colors](colors.md)
 
 ## Language Reference
 
diff --git a/documentation/colors.md b/documentation/colors.md
new file mode 100644
index 000000000..2247329c9
--- /dev/null
+++ b/documentation/colors.md
@@ -0,0 +1,27 @@
+# Colors support
+
+DNSControl is using colors on both its console and notification outputs, to
+denote changes, such as during preview or push events.
+
+This is on by default in all interactive prompts supporting colors. See below on
+how to bypass it.
+
+## Disable colors
+
+There are cases that we might need to disable colored output, such as in certain
+CI environments or particular notification mechanisms that don't support ANSI color
+codes.
+
+In order to do so, a global `--no-colors` command option is provided, which when
+set `--no-colors=true`, will disable colors globally.
+
+## (Force) Enable colors
+
+If color support is not correctly detected, providing `--no-colors=false` would
+force-enable coloring, bypassing modules TTY detection.
+
+## Force colors in CI environments
+
+Some CI environments, while supporting colors, fail autodetection, such as GHA.
+In that case, colors can be forcibly enabled via `--no-colors=false` or by setting
+a `CI` env variable to `true` (if not autoset).

From d93308f54b263632fd24d10c3734e067941f7922 Mon Sep 17 00:00:00 2001
From: dkim1970 <118921779+dkim1970@users.noreply.github.com>
Date: Fri, 18 Aug 2023 15:50:21 +0100
Subject: [PATCH 23/79] POWERDNS: Add option to set SOA-EDIT-API when creating
 zones via the API (#2458)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers/powerdns.md    | 5 ++++-
 providers/powerdns/dns.go              | 1 +
 providers/powerdns/powerdnsProvider.go | 2 ++
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/documentation/providers/powerdns.md b/documentation/providers/powerdns.md
index 96ab12281..87e5ae86a 100644
--- a/documentation/providers/powerdns.md
+++ b/documentation/providers/powerdns.md
@@ -41,7 +41,10 @@ Following metadata are available:
   <br>Can be one of `Native`, `Master` or `Slave`, when not specified it defaults to `Native`.
   <br>Please see [PowerDNS documentation](https://doc.powerdns.com/authoritative/modes-of-operation.html) for explanation of the kinds.
   <br>**Note that these tokens are case-sensitive!**
-
+- `soa_edit_api` is the default SOA serial method that is used for zone created with the API
+  <br> Can be one of `DEFAULT`, `INCREASE`, `EPOCH`, `SOA-EDIT` or `SOA-EDIT-INCREASE`, default format is YYYYMMDD01.
+  <br>Please see [PowerDNS SOA-EDIT-DNSUPDATE documentation](https://doc.powerdns.com/authoritative/dnsupdate.html#soa-edit-dnsupdate-settings) for explanation of the kinds.
+  <br>**Note that these tokens are case-sensitive!**
 
 ## Usage
 An example configuration:
diff --git a/providers/powerdns/dns.go b/providers/powerdns/dns.go
index c9df0935f..140f1c74c 100644
--- a/providers/powerdns/dns.go
+++ b/providers/powerdns/dns.go
@@ -87,6 +87,7 @@ func (dsp *powerdnsProvider) EnsureZoneExists(domain string) error {
 		DNSSec:      dsp.DNSSecOnCreate,
 		Nameservers: dsp.DefaultNS,
 		Kind:        dsp.ZoneKind,
+		SOAEditAPI:  dsp.SOAEditAPI,
 	})
 	return err
 }
diff --git a/providers/powerdns/powerdnsProvider.go b/providers/powerdns/powerdnsProvider.go
index 8b299500d..7fbbe3c85 100644
--- a/providers/powerdns/powerdnsProvider.go
+++ b/providers/powerdns/powerdnsProvider.go
@@ -3,6 +3,7 @@ package powerdns
 import (
 	"encoding/json"
 	"fmt"
+
 	"github.com/mittwald/go-powerdns/apis/zones"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
@@ -44,6 +45,7 @@ type powerdnsProvider struct {
 	DefaultNS      []string       `json:"default_ns"`
 	DNSSecOnCreate bool           `json:"dnssec_on_create"`
 	ZoneKind       zones.ZoneKind `json:"zone_kind"`
+	SOAEditAPI     string         `json:"soa_edit_api,omitempty"`
 
 	nameservers []*models.Nameserver
 }

From 7fc80ac7cc80f1e3ab1aca294777edb24e9e0527 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 21 Aug 2023 12:19:16 -0400
Subject: [PATCH 24/79] CLOUDFLARE: BUGFIX: Proxy=full not handled in diff2
 (#2525)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 integrationTest/integration_test.go        | 97 ++++++++++++++++++----
 pkg/diff2/analyze.go                       |  2 +
 providers/cloudflare/cloudflareProvider.go |  7 +-
 providers/cloudflare/rest.go               |  7 +-
 4 files changed, 94 insertions(+), 19 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 8a0ff010f..c6cb7a119 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -35,6 +35,18 @@ func init() {
 	flag.Parse()
 }
 
+// Helper constants/funcs for the CLOUDFLARE proxy testing:
+
+func CF_PROXY_OFF() *TestCase   { return tc("proxyoff", cfProxyA("prxy", "174.136.107.111", "off")) }
+func CF_PROXY_ON() *TestCase    { return tc("proxyon", cfProxyA("prxy", "174.136.107.111", "on")) }
+func CF_PROXY_FULL1() *TestCase { return tc("proxyf1", cfProxyA("prxy", "174.136.107.111", "full")) }
+func CF_PROXY_FULL2() *TestCase { return tc("proxyf2", cfProxyA("prxy", "174.136.107.222", "full")) }
+func CF_CPROXY_OFF() *TestCase  { return tc("cproxyoff", cfProxyCNAME("cproxy", "example.com.", "off")) }
+func CF_CPROXY_ON() *TestCase   { return tc("cproxyon", cfProxyCNAME("cproxy", "example.com.", "on")) }
+func CF_CPROXY_FULL() *TestCase { return tc("cproxyf", cfProxyCNAME("cproxy", "example.com.", "full")) }
+
+// ---
+
 func getProvider(t *testing.T) (providers.DNSServiceProvider, string, map[int]bool, map[string]string) {
 	if *providerToRun == "" {
 		t.Log("No provider specified with -provider")
@@ -1673,7 +1685,7 @@ func makeTests(t *testing.T) []*TestGroup {
 			tc("change", cfRedir("cnn.**current-domain-no-trailing**/*", "https://change.cnn.com/$1")),
 			tc("changelabel", cfRedir("cable.**current-domain-no-trailing**/*", "https://change.cnn.com/$1")),
 
-			// Removed these for speed.  They were testing if order matters,
+			// Removed these for speed.  They tested if order matters,
 			// which it doesn't seem to.  Re-add if needed.
 			//clear(),
 			//tc("multipleA",
@@ -1702,7 +1714,7 @@ func makeTests(t *testing.T) []*TestGroup {
 			//	cfRedir("nytimes.**current-domain-no-trailing**/*", "https://www.nytimes.com/$1"),
 			//),
 
-			// Repeat the above using CF_TEMP_REDIR instead
+			// Repeat the above tests using CF_TEMP_REDIR instead
 			clear(),
 			tc("tempredir", cfRedirTemp("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1")),
 			tc("tempchange", cfRedirTemp("cnn.**current-domain-no-trailing**/*", "https://change.cnn.com/$1")),
@@ -1726,7 +1738,6 @@ func makeTests(t *testing.T) []*TestGroup {
 				cfRedirTemp("cablenews.**current-domain-no-trailing**/*", "https://change.cnn.com/$1"),
 			),
 			// TODO(tlim): Fix this test case:
-			//clear(),
 			//tc("tempmultiple3",
 			//	cfRedirTemp("msnbc.**current-domain-no-trailing**/*", "https://msnbc.cnn.com/$1"),
 			//	cfRedirTemp("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1"),
@@ -1734,18 +1745,76 @@ func makeTests(t *testing.T) []*TestGroup {
 			//),
 		),
 
-		testgroup("CF_PROXY",
+		testgroup("CF_PROXY A create",
 			only("CLOUDFLAREAPI"),
-			tc("proxyon", cfProxyA("proxyme", "1.2.3.4", "on")),
-			tc("proxychangetarget", cfProxyA("proxyme", "1.2.3.5", "on")),
-			tc("proxychangeonoff", cfProxyA("proxyme", "1.2.3.5", "off")),
-			tc("proxychangeoffon", cfProxyA("proxyme", "1.2.3.5", "on")),
-			clear(),
-			tc("proxycname", cfProxyCNAME("anewproxy", "example.com.", "on")),
-			tc("proxycnamechange", cfProxyCNAME("anewproxy", "example.com.", "off")),
-			tc("proxycnameoffon", cfProxyCNAME("anewproxy", "example.com.", "on")),
-			tc("proxycnameonoff", cfProxyCNAME("anewproxy", "example.com.", "off")),
-			clear(),
+			CF_PROXY_OFF(), clear(),
+			CF_PROXY_ON(), clear(),
+			CF_PROXY_FULL1(), clear(),
+			CF_PROXY_FULL2(), clear(),
+		),
+
+		// These next testgroups attempt every possible transition between off, on, full1 and full2.
+		// "full1" simulates "full" without the IP being translated.
+		// "full2" simulates "full" WITH the IP translated.
+
+		testgroup("CF_PROXY A off to X",
+			only("CLOUDFLAREAPI"),
+			//CF_PROXY_OFF(), CF_PROXY_OFF(), clear(), // redundant
+			CF_PROXY_OFF(), CF_PROXY_ON(), clear(),
+			CF_PROXY_OFF(), CF_PROXY_FULL1(), clear(),
+			CF_PROXY_OFF(), CF_PROXY_FULL2(), clear(),
+		),
+
+		testgroup("CF_PROXY A on to X",
+			only("CLOUDFLAREAPI"),
+			CF_PROXY_ON(), CF_PROXY_OFF(), clear(),
+			//CF_PROXY_ON(), CF_PROXY_ON(), clear(), // redundant
+			//CF_PROXY_ON(), CF_PROXY_FULL1().ExpectNoChanges(), clear(), // Removed for speed
+			CF_PROXY_ON(), CF_PROXY_FULL2(), clear(),
+		),
+
+		testgroup("CF_PROXY A full1 to X",
+			only("CLOUDFLAREAPI"),
+			CF_PROXY_FULL1(), CF_PROXY_OFF(), clear(),
+			//CF_PROXY_FULL1(), CF_PROXY_ON().ExpectNoChanges(), clear(), // Removed for speed
+			//CF_PROXY_FULL1(), CF_PROXY_FULL1(), clear(), // redundant
+			CF_PROXY_FULL1(), CF_PROXY_FULL2(), clear(),
+		),
+
+		testgroup("CF_PROXY A full2 to X",
+			only("CLOUDFLAREAPI"),
+			CF_PROXY_FULL2(), CF_PROXY_OFF(), clear(),
+			CF_PROXY_FULL2(), CF_PROXY_ON(), clear(),
+			CF_PROXY_FULL2(), CF_PROXY_FULL1(), clear(),
+			//CF_PROXY_FULL2(), CF_PROXY_FULL2(), clear(), // redundant
+		),
+
+		testgroup("CF_PROXY CNAME create",
+			only("CLOUDFLAREAPI"),
+			CF_CPROXY_OFF(), clear(),
+			CF_CPROXY_ON(), clear(),
+			CF_CPROXY_FULL(), clear(),
+		),
+
+		testgroup("CF_PROXY CNAME off to X",
+			only("CLOUDFLAREAPI"),
+			//CF_CPROXY_OFF(), CF_CPROXY_OFF(), clear(),  // redundant
+			CF_CPROXY_OFF(), CF_CPROXY_ON(), clear(),
+			CF_CPROXY_OFF(), CF_CPROXY_FULL(), clear(),
+		),
+
+		testgroup("CF_PROXY CNAME on to X",
+			only("CLOUDFLAREAPI"),
+			CF_CPROXY_ON(), CF_CPROXY_OFF(), clear(),
+			//CF_CPROXY_ON(), CF_CPROXY_ON(), clear(), // redundant
+			//CF_CPROXY_ON(), CF_CPROXY_FULL().ExpectNoChanges(), clear(), // Removed for speed
+		),
+
+		testgroup("CF_PROXY CNAME full to X",
+			only("CLOUDFLAREAPI"),
+			CF_CPROXY_FULL(), CF_CPROXY_OFF(), clear(),
+			//CF_CPROXY_FULL(), CF_CPROXY_ON().ExpectNoChanges(), clear(), // Removed for speed
+			//CF_CPROXY_FULL(), CF_CPROXY_FULL(), clear(), // redundant
 		),
 
 		testgroup("CF_WORKER_ROUTE",
diff --git a/pkg/diff2/analyze.go b/pkg/diff2/analyze.go
index ccb17d5f2..fd55d32d0 100644
--- a/pkg/diff2/analyze.go
+++ b/pkg/diff2/analyze.go
@@ -236,6 +236,8 @@ func humanDiff(a, b targetConfig) string {
 
 func diffTargets(existing, desired []targetConfig) ChangeList {
 
+	//fmt.Printf("DEBUG: diffTargets(\nexisting=%v\ndesired=%v\nDEBUG.\n", existing, desired)
+
 	// Nothing to do?
 	if len(existing) == 0 && len(desired) == 0 {
 		return nil
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 230e5aa48..9f303fae1 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -3,12 +3,13 @@ package cloudflare
 import (
 	"encoding/json"
 	"fmt"
-	"golang.org/x/net/idna"
 	"net"
 	"os"
 	"strconv"
 	"strings"
 
+	"golang.org/x/net/idna"
+
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
@@ -389,7 +390,7 @@ func genComparable(rec *models.RecordConfig) string {
 	if rec.Type == "A" || rec.Type == "AAAA" || rec.Type == "CNAME" {
 		proxy := rec.Metadata[metaProxy]
 		if proxy != "" {
-			if proxy == "on" {
+			if proxy == "on" || proxy == "full" {
 				proxy = "true"
 			}
 			if proxy == "off" {
@@ -449,6 +450,7 @@ func (c *cloudflareProvider) mkChangeCorrection(oldrec, newrec *models.RecordCon
 	default:
 		e := oldrec.Original.(cloudflare.DNSRecord)
 		proxy := e.Proxiable && newrec.Metadata[metaProxy] != "off"
+		//fmt.Fprintf(os.Stderr, "DEBUG: proxy := %v && %v != off is... %v\n", e.Proxiable, newrec.Metadata[metaProxy], proxy)
 		return []*models.Correction{{
 			Msg: msg,
 			F:   func() error { return c.modifyRecord(domainID, e.ID, proxy, newrec) },
@@ -636,6 +638,7 @@ func (c *cloudflareProvider) preprocessConfig(dc *models.DomainConfig) error {
 
 	// look for ip conversions and transform records
 	for _, rec := range dc.Records {
+		// Only transform A records
 		if rec.Type != "A" {
 			continue
 		}
diff --git a/providers/cloudflare/rest.go b/providers/cloudflare/rest.go
index eaefda398..ec2138b4b 100644
--- a/providers/cloudflare/rest.go
+++ b/providers/cloudflare/rest.go
@@ -3,10 +3,11 @@ package cloudflare
 import (
 	"context"
 	"fmt"
-	"golang.org/x/net/idna"
 	"strconv"
 	"strings"
 
+	"golang.org/x/net/idna"
+
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/cloudflare/cloudflare-go"
 )
@@ -196,7 +197,7 @@ func (c *cloudflareProvider) createRecDiff2(rec *models.RecordConfig, domainID s
 	if msg == "" {
 		msg = fmt.Sprintf("CREATE record: %s %s %d%s %s", rec.GetLabel(), rec.Type, rec.TTL, prio, content)
 	}
-	if rec.Metadata[metaProxy] == "on" {
+	if rec.Metadata[metaProxy] == "on" || rec.Metadata[metaProxy] == "full" {
 		msg = msg + fmt.Sprintf("\nACTIVATE PROXY for new record %s %s %d %s", rec.GetLabel(), rec.Type, rec.TTL, rec.GetTargetField())
 	}
 	arr := []*models.Correction{{
@@ -232,7 +233,7 @@ func (c *cloudflareProvider) createRecDiff2(rec *models.RecordConfig, domainID s
 			// Records are created with the proxy off. If proxy should be
 			// enabled, we do a second API call.
 			resultID := resp.ID
-			if rec.Metadata[metaProxy] == "on" {
+			if rec.Metadata[metaProxy] == "on" || rec.Metadata[metaProxy] == "full" {
 				return c.modifyRecord(domainID, resultID, true, rec)
 			}
 			return nil

From 68f0de49e261dc258004727f556c7d855ce39d51 Mon Sep 17 00:00:00 2001
From: David M <dmusgrove@stackoverflow.com>
Date: Mon, 21 Aug 2023 12:00:56 -0500
Subject: [PATCH 25/79] 32-bit binaries are no longer supported. Update
 CI/CD-related files (#2524)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/build.yml         | 23 +++++++++++++------
 .github/workflows/draft_release.yml | 20 ++++++++++++-----
 .goreleaser.yml                     | 34 ++++++++++-------------------
 Dockerfile                          |  5 +----
 4 files changed, 42 insertions(+), 40 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 1e5822457..5dfa79c43 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -21,8 +21,6 @@ jobs:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         path: ${{ env.go-mod-path }}
-    - name: Install goreleaser
-      run: go install github.com/goreleaser/goreleaser@latest
     - run: mkdir -p "$TEST_RESULTS"
     - name: Run unit tests
       run: |
@@ -44,15 +42,26 @@ jobs:
         echo "TAG_NAME=$(git config --global --add safe.directory /__w/dnscontrol/dnscontrol ; git describe)" >> $GITHUB_OUTPUT
     - name: Reveal version
       run: echo ${{ steps.version.outputs.TAG_NAME }}
-
-    - name: Build binaries (if tagged)
+    -
+      id: build_binaries_tagged
+      name: Build binaries (if tagged)
       if: github.ref_type == 'tag'
-      run: goreleaser build
+      uses: goreleaser/goreleaser-action@v4
+      with:
+        distribution: goreleaser
+        version: latest
+        args: build
       env:
         GORELEASER_CURRENT_TAG: ${{ steps.version.outputs.TAG_NAME }}
-    - name: Build binaries (not tagged)
+    -
+      id: build_binaries_not_tagged
+      name: Build binaries (not tagged)
       if: github.ref_type != 'tag'
-      run: goreleaser build --snapshot
+      uses: goreleaser/goreleaser-action@v4
+      with:
+        distribution: goreleaser
+        version: latest
+        args: build --snapshot
       env:
         GORELEASER_CURRENT_TAG: ${{ steps.version.outputs.TAG_NAME }}
   integration-test-providers:
diff --git a/.github/workflows/draft_release.yml b/.github/workflows/draft_release.yml
index 2a303177a..fbe2623d0 100644
--- a/.github/workflows/draft_release.yml
+++ b/.github/workflows/draft_release.yml
@@ -15,10 +15,16 @@ jobs:
       pull-requests: write
     steps:
 
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v2
+
     - name: Checkout repo
       uses: actions/checkout@v3
       with:
         fetch-depth: 0
+# Why "fetch-depth: 0"?  To generate the release notes, we need the
+# full git history.  A shallow checkout would make release notes going
+# back one commit.
 
     - name: Login to Docker Hub
       uses: docker/login-action@v2
@@ -38,9 +44,6 @@ jobs:
       with:
         go-version: ^1.20
 
-    - name: Install goreleaser
-      run: go install github.com/goreleaser/goreleaser@latest
-
 # For some reason goreleaser isn't correctly setting the version
 # string used by "dnscontrol version".  Therefore, we're forcing the
 # string using the GORELEASER_CURRENT_TAG feature.
@@ -53,9 +56,14 @@ jobs:
 
     - name: Reveal version
       run: echo ${{ steps.version.outputs.TAG_NAME }}
-
-    - name: Goreleaser release
-      run: goreleaser release
+    -
+      id: release
+      name: Goreleaser release
+      uses: goreleaser/goreleaser-action@v4
+      with:
+        distribution: goreleaser
+        version: latest
+        args: release
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         GORELEASER_CURRENT_TAG: ${{ steps.version.outputs.TAG_NAME }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
index ce104e6f7..dbf10e4e8 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -9,6 +9,14 @@ builds:
       - windows
       - darwin
       - freebsd
+# List of combinations of GOOS + GOARCH + GOARM to ignore.
+    ignore:
+      - goos: linux
+        goarch: "386"
+      - goos: windows
+        goarch: "386"
+      - goos: freebsd
+        goarch: "386"
     ldflags:
       - -linkmode=internal -s -w -X main.Version="{{ .Version }}" -X main.SHA="{{ .FullCommit }}" -X main.BuildTime={{ .Timestamp }}
 before:
@@ -50,7 +58,7 @@ nfpms:
   - id: packages_rpm
     file_name_template: >-
       {{ .ProjectName }}-
-      {{ .Version }}.
+      {{- .Version }}.
       {{- if eq .Arch "386" }}i386
       {{- else if eq .Arch "amd64" }}x86_64
       {{- else }}{{ .Arch }}{{ end }}
@@ -63,7 +71,7 @@ nfpms:
   - id: packages_deb
     file_name_template: >-
       {{ .ProjectName }}-
-      {{ .Version }}.
+      {{- .Version }}.
       {{- if eq .Arch "386" }}i386
       {{- else }}{{ .Arch }}{{ end }}
     homepage:  https://docs.dnscontrol.org/
@@ -83,28 +91,12 @@ dockers:
     - build
     build_flag_templates:
     - "--pull"
-    - "--label=org.opencontainers.image.created={{ .Date }}"
-    - "--label=org.opencontainers.image.name={{ .ProjectName }}"
-    - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
-    - "--label=org.opencontainers.image.version={{ .Version }}"
-    - "--label=org.opencontainers.image.source={{ .GitURL }}"
     - "--platform=linux/amd64"
-  - image_templates:
-    - &386_image "stackexchange/{{.ProjectName}}:{{ .Version }}-386"
-    - &386_image_ghcr "ghcr.io/stackexchange/{{.ProjectName}}:{{ .Version }}-386"
-    goos: linux
-    goarch: '386'
-    use: buildx
-    ids:
-    - build
-    build_flag_templates:
-    - "--pull"
     - "--label=org.opencontainers.image.created={{ .Date }}"
     - "--label=org.opencontainers.image.name={{ .ProjectName }}"
     - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
     - "--label=org.opencontainers.image.version={{ .Version }}"
     - "--label=org.opencontainers.image.source={{ .GitURL }}"
-    - "--platform=linux/i386"
   - image_templates:
     - &arm_image "stackexchange/{{.ProjectName}}:{{ .Version }}-arm64"
     - &arm_image_ghcr "ghcr.io/stackexchange/{{.ProjectName}}:{{ .Version }}-arm64"
@@ -115,34 +107,30 @@ dockers:
     - build
     build_flag_templates:
     - "--pull"
+    - "--platform=linux/arm64"
     - "--label=org.opencontainers.image.created={{ .Date }}"
     - "--label=org.opencontainers.image.name={{ .ProjectName }}"
     - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
     - "--label=org.opencontainers.image.version={{ .Version }}"
     - "--label=org.opencontainers.image.source={{ .GitURL }}"
-    - "--platform=linux/arm64"
 docker_manifests:
   - name_template: "stackexchange/{{.ProjectName}}:{{ .Version }}"
     image_templates:
       - *amd_image
-      - *386_image
       - *arm_image
   - name_template: "ghcr.io/stackexchange/{{.ProjectName}}:{{ .Version }}"
     image_templates:
       - *amd_image_ghcr
-      - *386_image_ghcr
       - *arm_image_ghcr
   - name_template: "stackexchange/{{.ProjectName}}:latest"
     skip_push: auto
     image_templates:
       - *amd_image
-      - *386_image
       - *arm_image
   - name_template: "ghcr.io/stackexchange/{{.ProjectName}}:latest"
     skip_push: auto
     image_templates:
       - *amd_image_ghcr
-      - *386_image_ghcr
       - *arm_image_ghcr
 checksum:
   name_template: 'checksums.txt'
diff --git a/Dockerfile b/Dockerfile
index 6f34f33e3..c2405e582 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,13 +2,10 @@
 
 FROM alpine:3.18.3@sha256:7144f7bab3d4c2648d7e59409f15ec52a18006a128c733fcff20d3a4a54ba44a as RUN
 
-
 # Add runtime dependencies
 # - tzdata: Go time required external dependency eg: TRANSIP and possibly others
 # - ca-certificates: Needed for https to work properly
-RUN --mount=type=cache,target=/var/cache/apk apk update
-RUN --mount=type=cache,target=/var/cache/apk apk add --no-cache tzdata ca-certificates
-RUN --mount=type=cache,target=/var/cache/apk update-ca-certificates
+RUN apk update && apk add --no-cache tzdata ca-certificates && update-ca-certificates
 
 COPY dnscontrol /usr/local/bin/
 

From bdbe4768a397950d6f2e318b09e604868f35a823 Mon Sep 17 00:00:00 2001
From: Costas Drogos <costas.drogos@gmail.com>
Date: Mon, 21 Aug 2023 20:35:43 +0300
Subject: [PATCH 26/79] NS1: Enable BYO secrets for NS1 in the CI/CD pipeline
 (#2523)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/build.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5dfa79c43..5f862cf5c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -113,6 +113,7 @@ jobs:
         HEDNS_DOMAIN: ${{ vars.HEDNS_DOMAIN }}
         HEXONET_DOMAIN: ${{ vars.HEXONET_DOMAIN }}
         NAMEDOTCOM_DOMAIN: ${{ vars.NAMEDOTCOM_DOMAIN }}
+        NS1_DOMAIN: ${{ vars.NS1_DOMAIN }}
         POWERDNS_DOMAIN: ${{ vars.POWERDNS_DOMAIN }}
         ROUTE53_DOMAIN: ${{ vars.ROUTE53_DOMAIN }}
         TRANSIP_DOMAIN: ${{ vars.TRANSIP_DOMAIN }}
@@ -156,6 +157,8 @@ jobs:
         NAMEDOTCOM_URL: ${{ secrets.NAMEDOTCOM_URL }}
         NAMEDOTCOM_USER: ${{ secrets.NAMEDOTCOM_USER }}
 
+        NS1_TOKEN: ${{ secrets.NS1_TOKEN }}
+
         POWERDNS_APIKEY: ${{ secrets.POWERDNS_APIKEY }}
         POWERDNS_APIURL: ${{ secrets.POWERDNS_APIURL }}
         POWERDNS_SERVERNAME: ${{ secrets.POWERDNS_SERVERNAME }}
@@ -217,6 +220,7 @@ jobs:
       HEDNS_DOMAIN: ${{ vars.HEDNS_DOMAIN }}
       HEXONET_DOMAIN: ${{ vars.HEXONET_DOMAIN }}
       NAMEDOTCOM_DOMAIN: ${{ vars.NAMEDOTCOM_DOMAIN }}
+      NS1_DOMAIN: ${{ vars.NS1_DOMAIN }}
       POWERDNS_DOMAIN: ${{ vars.POWERDNS_DOMAIN }}
       ROUTE53_DOMAIN: ${{ vars.ROUTE53_DOMAIN }}
       TRANSIP_DOMAIN: ${{ vars.TRANSIP_DOMAIN }}
@@ -260,6 +264,8 @@ jobs:
       NAMEDOTCOM_URL: ${{ secrets.NAMEDOTCOM_URL }}
       NAMEDOTCOM_USER: ${{ secrets.NAMEDOTCOM_USER }}
 
+      NS1_TOKEN: ${{ secrets.NS1_TOKEN }}
+
       POWERDNS_APIKEY: ${{ secrets.POWERDNS_APIKEY }}
       POWERDNS_APIURL: ${{ secrets.POWERDNS_APIURL }}
       POWERDNS_SERVERNAME: ${{ secrets.POWERDNS_SERVERNAME }}

From d4f6e01e7a6b2516e3f4a264012f83761ee6a80a Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 21 Aug 2023 16:16:13 -0400
Subject: [PATCH 27/79] "get zones" js/djs format should generate double
 quotes, not single (#2526)

---
 commands/getZones.go                    |  40 +-
 commands/r53_test.go                    |   8 +-
 commands/test_data/apex.com.zone.djs    |  14 +-
 commands/test_data/apex.com.zone.js     |  14 +-
 commands/test_data/ds.com.zone.djs      |   4 +-
 commands/test_data/ds.com.zone.js       |   4 +-
 commands/test_data/example.org.zone.djs | 698 ++++++++++++------------
 commands/test_data/example.org.zone.js  | 698 ++++++++++++------------
 commands/test_data/simple.com.zone.djs  |  38 +-
 commands/test_data/simple.com.zone.js   |  38 +-
 10 files changed, 778 insertions(+), 778 deletions(-)

diff --git a/commands/getZones.go b/commands/getZones.go
index 89d39da91..abc8349b8 100644
--- a/commands/getZones.go
+++ b/commands/getZones.go
@@ -147,7 +147,7 @@ func (args *GetZoneArgs) flags() []cli.Flag {
 	flags = append(flags, &cli.IntFlag{
 		Name:        "ttl",
 		Destination: &args.DefaultTTL,
-		Usage:       `Default TTL (0 picks the zone's most common TTL)`,
+		Usage:       `Default TTL (0 picks the most common TTL)`,
 	})
 	return flags
 }
@@ -329,9 +329,9 @@ func formatDsl(zonename string, rec *models.RecordConfig, defaultTTL uint32) str
 	case "CAA":
 		return makeCaa(rec, ttlop)
 	case "DS":
-		target = fmt.Sprintf("%d, %d, %d, '%s'", rec.DsKeyTag, rec.DsAlgorithm, rec.DsDigestType, rec.DsDigest)
+		target = fmt.Sprintf(`%d, %d, %d, "%s"`, rec.DsKeyTag, rec.DsAlgorithm, rec.DsDigestType, rec.DsDigest)
 	case "MX":
-		target = fmt.Sprintf("%d, '%s'", rec.MxPreference, rec.GetTargetField())
+		target = fmt.Sprintf(`%d, "%s"`, rec.MxPreference, rec.GetTargetField())
 	case "NAPTR":
 		target = fmt.Sprintf(`%d, %d, %s, %s, %s, %s`,
 			rec.NaptrOrder,                   // 1
@@ -342,19 +342,19 @@ func formatDsl(zonename string, rec *models.RecordConfig, defaultTTL uint32) str
 			jsonQuoted(rec.GetTargetField()), // .
 		)
 	case "SSHFP":
-		target = fmt.Sprintf("%d, %d, '%s'", rec.SshfpAlgorithm, rec.SshfpFingerprint, rec.GetTargetField())
+		target = fmt.Sprintf(`%d, %d, "%s"`, rec.SshfpAlgorithm, rec.SshfpFingerprint, rec.GetTargetField())
 	case "SOA":
 		rec.Type = "//SOA"
-		target = fmt.Sprintf("'%s', '%s', %d, %d, %d, %d, %d", rec.GetTargetField(), rec.SoaMbox, rec.SoaSerial, rec.SoaRefresh, rec.SoaRetry, rec.SoaExpire, rec.SoaMinttl)
+		target = fmt.Sprintf(`"%s", "%s", %d, %d, %d, %d, %d`, rec.GetTargetField(), rec.SoaMbox, rec.SoaSerial, rec.SoaRefresh, rec.SoaRetry, rec.SoaExpire, rec.SoaMinttl)
 	case "SRV":
-		target = fmt.Sprintf("%d, %d, %d, '%s'", rec.SrvPriority, rec.SrvWeight, rec.SrvPort, rec.GetTargetField())
+		target = fmt.Sprintf(`%d, %d, %d, "%s"`, rec.SrvPriority, rec.SrvWeight, rec.SrvPort, rec.GetTargetField())
 	case "TLSA":
-		target = fmt.Sprintf("%d, %d, %d, '%s'", rec.TlsaUsage, rec.TlsaSelector, rec.TlsaMatchingType, rec.GetTargetField())
+		target = fmt.Sprintf(`%d, %d, %d, "%s"`, rec.TlsaUsage, rec.TlsaSelector, rec.TlsaMatchingType, rec.GetTargetField())
 	case "TXT":
 		if len(rec.TxtStrings) == 1 {
-			target = `'` + rec.TxtStrings[0] + `'`
+			target = `"` + rec.TxtStrings[0] + `"`
 		} else {
-			target = `['` + strings.Join(rec.TxtStrings, `', '`) + `']`
+			target = `["` + strings.Join(rec.TxtStrings, `", "`) + `"]`
 		}
 		// TODO(tlim): If this is an SPF record, generate a SPF_BUILDER().
 	case "NS":
@@ -362,38 +362,38 @@ func formatDsl(zonename string, rec *models.RecordConfig, defaultTTL uint32) str
 		// DnsControl uses the API to get this info. NAMESERVER() is just
 		// to override that when needed.
 		if rec.Name == "@" {
-			return fmt.Sprintf("//NAMESERVER('%s')", target)
+			return fmt.Sprintf(`//NAMESERVER("%s")`, target)
 		}
-		target = "'" + target + "'"
+		target = `"` + target + `"`
 	case "R53_ALIAS":
 		return makeR53alias(rec, ttl)
 	default:
-		target = "'" + target + "'"
+		target = `"` + target + `"`
 	}
 
-	return fmt.Sprintf("%s('%s', %s%s%s)", rec.Type, rec.Name, target, cfproxy, ttlop)
+	return fmt.Sprintf(`%s("%s", %s%s%s)`, rec.Type, rec.Name, target, cfproxy, ttlop)
 }
 
 func makeCaa(rec *models.RecordConfig, ttlop string) string {
 	var target string
 	if rec.CaaFlag == 128 {
-		target = fmt.Sprintf("'%s', '%s', CAA_CRITICAL", rec.CaaTag, rec.GetTargetField())
+		target = fmt.Sprintf(`"%s", "%s", CAA_CRITICAL`, rec.CaaTag, rec.GetTargetField())
 	} else {
-		target = fmt.Sprintf("'%s', '%s'", rec.CaaTag, rec.GetTargetField())
+		target = fmt.Sprintf(`"%s", "%s"`, rec.CaaTag, rec.GetTargetField())
 	}
-	return fmt.Sprintf("%s('%s', %s%s)", rec.Type, rec.Name, target, ttlop)
+	return fmt.Sprintf(`%s("%s", %s%s)`, rec.Type, rec.Name, target, ttlop)
 
 	// TODO(tlim): Generate a CAA_BUILDER() instead?
 }
 
 func makeR53alias(rec *models.RecordConfig, ttl uint32) string {
 	items := []string{
-		"'" + rec.Name + "'",
-		"'" + rec.R53Alias["type"] + "'",
-		"'" + rec.GetTargetField() + "'",
+		`"` + rec.Name + `"`,
+		`"` + rec.R53Alias["type"] + `"`,
+		`"` + rec.GetTargetField() + `"`,
 	}
 	if z, ok := rec.R53Alias["zone_id"]; ok {
-		items = append(items, "R53_ZONE('"+z+"')")
+		items = append(items, `R53_ZONE("`+z+`")`)
 	}
 	if ttl != 0 {
 		items = append(items, fmt.Sprintf("TTL(%d)", ttl))
diff --git a/commands/r53_test.go b/commands/r53_test.go
index a856b9494..46e281e6d 100644
--- a/commands/r53_test.go
+++ b/commands/r53_test.go
@@ -16,7 +16,7 @@ func TestR53Test_1(t *testing.T) {
 	rec.SetTarget("bar")
 	rec.R53Alias = make(map[string]string)
 	rec.R53Alias["type"] = "A"
-	w := `R53_ALIAS('foo', 'A', 'bar')`
+	w := `R53_ALIAS("foo", "A", "bar")`
 	if g := makeR53alias(&rec, 0); g != w {
 		t.Errorf("makeR53alias failure: got `%s` want `%s`", g, w)
 	}
@@ -31,7 +31,7 @@ func TestR53Test_1ttl(t *testing.T) {
 	rec.SetTarget("bar")
 	rec.R53Alias = make(map[string]string)
 	rec.R53Alias["type"] = "A"
-	w := `R53_ALIAS('foo', 'A', 'bar', TTL(321))`
+	w := `R53_ALIAS("foo", "A", "bar", TTL(321))`
 	if g := makeR53alias(&rec, 321); g != w {
 		t.Errorf("makeR53alias failure: got `%s` want `%s`", g, w)
 	}
@@ -47,7 +47,7 @@ func TestR53Test_2(t *testing.T) {
 	rec.R53Alias = make(map[string]string)
 	rec.R53Alias["type"] = "A"
 	rec.R53Alias["zone_id"] = "blarg"
-	w := `R53_ALIAS('foo', 'A', 'bar', R53_ZONE('blarg'))`
+	w := `R53_ALIAS("foo", "A", "bar", R53_ZONE("blarg"))`
 	if g := makeR53alias(&rec, 0); g != w {
 		t.Errorf("makeR53alias failure: got `%s` want `%s`", g, w)
 	}
@@ -63,7 +63,7 @@ func TestR53Test_2ttl(t *testing.T) {
 	rec.R53Alias = make(map[string]string)
 	rec.R53Alias["type"] = "A"
 	rec.R53Alias["zone_id"] = "blarg"
-	w := `R53_ALIAS('foo', 'A', 'bar', R53_ZONE('blarg'), TTL(123))`
+	w := `R53_ALIAS("foo", "A", "bar", R53_ZONE("blarg"), TTL(123))`
 	if g := makeR53alias(&rec, 123); g != w {
 		t.Errorf("makeR53alias failure: got `%s` want `%s`", g, w)
 	}
diff --git a/commands/test_data/apex.com.zone.djs b/commands/test_data/apex.com.zone.djs
index 7819416b7..24fe6ccd3 100644
--- a/commands/test_data/apex.com.zone.djs
+++ b/commands/test_data/apex.com.zone.djs
@@ -2,12 +2,12 @@ var DSP_BIND = NewDnsProvider("bind", "BIND");
 var REG_CHANGEME = NewRegistrar("none");
 D("apex.com", REG_CHANGEME
 	, DnsProvider(DSP_BIND)
-	//, SOA('@', 'ns3.serverfault.com.', 'sysadmin.stackoverflow.com.', 2020022300, 3600, 600, 604800, 1440)
-	//, NAMESERVER('ns-1313.awsdns-36.org.')
-	//, NAMESERVER('ns-736.awsdns-28.net.')
-	//, NAMESERVER('ns-cloud-c1.googledomains.com.')
-	//, NAMESERVER('ns-cloud-c2.googledomains.com.')
+	//, SOA("@", "ns3.serverfault.com.", "sysadmin.stackoverflow.com.", 2020022300, 3600, 600, 604800, 1440)
+	//, NAMESERVER("ns-1313.awsdns-36.org.")
+	//, NAMESERVER("ns-736.awsdns-28.net.")
+	//, NAMESERVER("ns-cloud-c1.googledomains.com.")
+	//, NAMESERVER("ns-cloud-c2.googledomains.com.")
 	// NOTE: CNAME at apex may require manual editing.
-	, CNAME('@', 'cnametest1.example.com.')
-	, CNAME('www', 'cnametest2.example.com.')
+	, CNAME("@", "cnametest1.example.com.")
+	, CNAME("www", "cnametest2.example.com.")
 )
diff --git a/commands/test_data/apex.com.zone.js b/commands/test_data/apex.com.zone.js
index cefa54caa..2e19a309d 100644
--- a/commands/test_data/apex.com.zone.js
+++ b/commands/test_data/apex.com.zone.js
@@ -2,12 +2,12 @@ var DSP_BIND = NewDnsProvider("bind", "BIND");
 var REG_CHANGEME = NewRegistrar("none");
 D("apex.com", REG_CHANGEME,
 	DnsProvider(DSP_BIND),
-	//SOA('@', 'ns3.serverfault.com.', 'sysadmin.stackoverflow.com.', 2020022300, 3600, 600, 604800, 1440),
-	//NAMESERVER('ns-1313.awsdns-36.org.'),
-	//NAMESERVER('ns-736.awsdns-28.net.'),
-	//NAMESERVER('ns-cloud-c1.googledomains.com.'),
-	//NAMESERVER('ns-cloud-c2.googledomains.com.'),
+	//SOA("@", "ns3.serverfault.com.", "sysadmin.stackoverflow.com.", 2020022300, 3600, 600, 604800, 1440),
+	//NAMESERVER("ns-1313.awsdns-36.org."),
+	//NAMESERVER("ns-736.awsdns-28.net."),
+	//NAMESERVER("ns-cloud-c1.googledomains.com."),
+	//NAMESERVER("ns-cloud-c2.googledomains.com."),
 	// NOTE: CNAME at apex may require manual editing.
-	CNAME('@', 'cnametest1.example.com.'),
-	CNAME('www', 'cnametest2.example.com.')
+	CNAME("@", "cnametest1.example.com."),
+	CNAME("www", "cnametest2.example.com.")
 )
diff --git a/commands/test_data/ds.com.zone.djs b/commands/test_data/ds.com.zone.djs
index 47609004f..a6fd23a01 100644
--- a/commands/test_data/ds.com.zone.djs
+++ b/commands/test_data/ds.com.zone.djs
@@ -2,6 +2,6 @@ var DSP_BIND = NewDnsProvider("bind", "BIND");
 var REG_CHANGEME = NewRegistrar("none");
 D("ds.com", REG_CHANGEME
 	, DnsProvider(DSP_BIND)
-	//, SOA('@', 'ns3.serverfault.com.', 'sysadmin.stackoverflow.com.', 2020022300, 3600, 600, 604800, 1440)
-	, DS('geo', 14480, 13, 2, 'BB1C4B615CDED2B34347CF23710471934D972F1E34F53B54ED8D5F786202C73B')
+	//, SOA("@", "ns3.serverfault.com.", "sysadmin.stackoverflow.com.", 2020022300, 3600, 600, 604800, 1440)
+	, DS("geo", 14480, 13, 2, "BB1C4B615CDED2B34347CF23710471934D972F1E34F53B54ED8D5F786202C73B")
 )
diff --git a/commands/test_data/ds.com.zone.js b/commands/test_data/ds.com.zone.js
index d812b7319..2a1b01081 100644
--- a/commands/test_data/ds.com.zone.js
+++ b/commands/test_data/ds.com.zone.js
@@ -2,6 +2,6 @@ var DSP_BIND = NewDnsProvider("bind", "BIND");
 var REG_CHANGEME = NewRegistrar("none");
 D("ds.com", REG_CHANGEME,
 	DnsProvider(DSP_BIND),
-	//SOA('@', 'ns3.serverfault.com.', 'sysadmin.stackoverflow.com.', 2020022300, 3600, 600, 604800, 1440),
-	DS('geo', 14480, 13, 2, 'BB1C4B615CDED2B34347CF23710471934D972F1E34F53B54ED8D5F786202C73B')
+	//SOA("@", "ns3.serverfault.com.", "sysadmin.stackoverflow.com.", 2020022300, 3600, 600, 604800, 1440),
+	DS("geo", 14480, 13, 2, "BB1C4B615CDED2B34347CF23710471934D972F1E34F53B54ED8D5F786202C73B")
 )
diff --git a/commands/test_data/example.org.zone.djs b/commands/test_data/example.org.zone.djs
index cb9f8f1b4..e4b695a3f 100644
--- a/commands/test_data/example.org.zone.djs
+++ b/commands/test_data/example.org.zone.djs
@@ -3,353 +3,353 @@ var REG_CHANGEME = NewRegistrar("none");
 D("example.org", REG_CHANGEME
 	, DnsProvider(DSP_BIND)
 	, DefaultTTL(7200)
-	//, SOA('@', 'ns1.example.org.', 'hostmaster.example.org.', 2020030700, 7200, 3600, 864000, 7200, TTL(43200))
-	//, NAMESERVER('ns1.example.org.')
-	//, NAMESERVER('ns2.example.org.')
-	//, NAMESERVER('ns-a.example.net.')
-	//, NAMESERVER('friend-dns.example.com.')
-	, MX('@', 10, 'mx.example.org.')
-	, TXT('@', 'v=spf1 ip4:192.0.2.25 ip6:2001:db8::1:25 mx include:_spf.example.com ~all')
-	, SRV('_client._smtp', 1, 1, 1, 'example.org.')
-	, SRV('_client._smtp.mx', 1, 2, 1, 'mx.example.org.')
-	, SRV('_client._smtp.foo', 1, 2, 1, 'foo.example.org.')
-	, SRV('_kerberos._tcp', 10, 1, 88, 'kerb-service.example.org.')
-	, SRV('_kerberos._udp', 10, 1, 88, 'kerb-service.example.org.')
-	, SRV('_kpasswd._udp', 10, 1, 464, 'kerb-service.example.org.')
-	, SRV('_kerberos-adm._tcp', 10, 1, 749, 'kerb-service.example.org.')
-	, TXT('_kerberos', 'EXAMPLE.ORG')
-	, SRV('_ldap._tcp', 0, 0, 0, '.')
-	, SRV('_ldap._udp', 0, 0, 0, '.')
-	, SRV('_jabber._tcp', 10, 2, 5269, 'xmpp-s2s.example.org.')
-	, SRV('_xmpp-server._tcp', 10, 2, 5269, 'xmpp-s2s.example.org.')
-	, SRV('_xmpp-client._tcp', 10, 2, 5222, 'xmpp.example.org.')
-	, SRV('_im._sip', 0, 0, 0, '.')
-	, SRV('_pres._sip', 0, 0, 0, '.')
-	, SRV('_sip+d2t._tcp', 0, 0, 0, '.')
-	, SRV('_sips+d2t._tcp', 0, 0, 0, '.')
-	, SRV('_sip+d2u._udp', 0, 0, 0, '.')
-	, SRV('_sip+d2s._sctp', 0, 0, 0, '.')
-	, SRV('_sips+d2s._sctp', 0, 0, 0, '.')
-	, SRV('_submission._tcp', 10, 10, 587, 'smtp.example.org.')
-	, SRV('_submissions._tcp', 10, 10, 465, 'smtp.example.org.')
-	, SRV('_imap._tcp', 10, 10, 143, 'imap.example.org.')
-	, SRV('_imaps._tcp', 10, 10, 993, 'imap.example.org.')
-	, SRV('_pop3._tcp', 0, 0, 0, '.')
-	, SRV('_pop3s._tcp', 0, 0, 0, '.')
-	, SRV('_sieve._tcp', 10, 10, 4190, 'imap.example.org.')
-	, TXT('dns-moreinfo', ['Fred Bloggs, TZ=America/New_York', 'Chat-Service-X: @handle1', 'Chat-Service-Y: federated-handle@example.org'])
-	, SRV('_pgpkey-http._tcp', 0, 0, 0, '.')
-	, SRV('_pgpkey-https._tcp', 0, 0, 0, '.')
-	, SRV('_hkp._tcp', 0, 0, 0, '.')
-	, SRV('_openpgpkey._tcp', 10, 10, 443, 'openpgpkey.example.org.')
-	, SRV('_finger._tcp', 10, 10, 79, 'barbican.example.org.')
-	, SRV('_avatars-sec._tcp', 10, 10, 443, 'avatars.example.org.')
-	, A('@', '192.0.2.1')
-	, AAAA('@', '2001:db8::1:1')
-	, TXT('_adsp._domainkey', 'dkim=all')
-	, TXT('_dmarc', 'v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s')
-	, TXT('d201911._domainkey', ['v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SmyE5Tz5/wPL8cb2AKuHnlFeLMOhAl1UX/NYaeDCKMWoBPTgZRT0jonKLmV2UscHdodXu5ZsLr/NAuLCp7HmPLReLz7kxKncP6ppveKxc1aq5SPTKeWe77p6BptlahHc35eiXsZRpTsEzrbEOainy1IWEd+w9p1gWbrSutwE22z0i4V88nQ9UBa1ks', '6cVGxXBZFovWC+i28aGs6Lc7cSfHG5+Mrg3ud5X4evYXTGFMPpunMcCsXrqmS5a+5gRSEMZhngha/cHjLwaJnWzKaywNWF5XOsCjL94QkS0joB7lnGOHMNSZBCcu542Y3Ht3SgHhlpkF9mIbIRfpzA9IoSQIDAQAB'])
-	, TXT('d201911e2._domainkey', 'v=DKIM1; k=ed25519; p=GBt2k2L39KUb39fg5brOppXDHXvISy0+ECGgPld/bIo=')
-	, TXT('d202003._domainkey', ['v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/1tQvOEs7xtKNm7PbPgY4hQjwHVvqqkDb0+TeqZHYRSczQ3c0LFJrIDFiPIdwQe/7AuKrxvATSh/uXKZ3EP4ouMgROPZnUxVXENeetJj+pc3nfGwTKUBTTTth+SO74gdIWsntjvAfduzosC4ZkxbDwZ9c253qXARGvGu+LB/iAeq0ngEbm5fU13+Jo', 'pv0d4dR6oGe9GvMEnGGLZzNrxWl1BPe2x5JZ5/X/3fW8vJx3OgRB5N6fqbAJ6HZ9kcbikDH4lPPl9RIoprFk7mmwno/nXLQYGhPobmqq8wLkDiXEkWtYa5lzujz3XI3Zkk8ZIOGvdbVVfAttT0IVPnYkOhQIDAQAB'])
-	, TXT('d202003e2._domainkey', 'v=DKIM1; k=ed25519; p=DQI5d9sNMrr0SLDoAi071IFOyKnlbR29hAQdqVQecQg=')
-	, TXT('_report', 'r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;')
-	, TXT('_smtp._tls', 'v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org')
-	, TXT('_smtp-tlsrpt', 'v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org')
-	, TXT('example.net._report._dmarc', 'v=DMARC1')
-	, TXT('example.com._report._dmarc', 'v=DMARC1')
-	, TXT('xn--2j5b.xn--9t4b11yi5a._report._dmarc', 'v=DMARC1')
-	, TXT('special.test._report._dmarc', 'v=DMARC1')
-	, TXT('xn--qck5b9a5eml3bze.xn--zckzah._report._dmarc', 'v=DMARC1')
-	, CNAME('*._smimecert', '_ourca-smimea.example.org.')
-	, PTR('b._dns-sd._udp', 'field.example.org.')
-	, PTR('lb._dns-sd._udp', 'field.example.org.')
-	, PTR('r._dns-sd._udp', 'field.example.org.')
-	, NS('field', 'ns1.example.org.')
-	, NS('field', 'ns2.example.org.')
-	, A('barbican', '192.0.2.1')
-	, AAAA('barbican', '2001:db8::1:1')
-	, A('barbican.ipv4', '192.0.2.1')
-	, AAAA('barbican.ipv6', '2001:db8::1:1')
-	, A('megalomaniac', '198.51.100.254')
-	, AAAA('megalomaniac', '2001:db8:ffef::254')
-	, A('megalomaniac.ipv4', '198.51.100.254')
-	, AAAA('megalomaniac.ipv6', '2001:db8:ffef::254')
-	, SSHFP('megalomaniac', 1, 2, '4e9ced94d3caf2ce915f85a63ce7279d5118a79ea03dac59cf4859b825d2f619')
-	, SSHFP('megalomaniac', 3, 2, 'd3556a3db83ab9ccec39dc6693dd2f3e28b178c9bba61880924821c426cc61eb')
-	, SSHFP('megalomaniac', 4, 2, 'c60c9d9d4728668f5f46986ff0c5b416c5e913862c4970cbfe211a6f44a111b4')
-	, SSHFP('megalomaniac.ipv4', 1, 2, '4e9ced94d3caf2ce915f85a63ce7279d5118a79ea03dac59cf4859b825d2f619')
-	, SSHFP('megalomaniac.ipv4', 3, 2, 'd3556a3db83ab9ccec39dc6693dd2f3e28b178c9bba61880924821c426cc61eb')
-	, SSHFP('megalomaniac.ipv4', 4, 2, 'c60c9d9d4728668f5f46986ff0c5b416c5e913862c4970cbfe211a6f44a111b4')
-	, SSHFP('megalomaniac.ipv6', 1, 2, '4e9ced94d3caf2ce915f85a63ce7279d5118a79ea03dac59cf4859b825d2f619')
-	, SSHFP('megalomaniac.ipv6', 3, 2, 'd3556a3db83ab9ccec39dc6693dd2f3e28b178c9bba61880924821c426cc61eb')
-	, SSHFP('megalomaniac.ipv6', 4, 2, 'c60c9d9d4728668f5f46986ff0c5b416c5e913862c4970cbfe211a6f44a111b4')
-	, A('tower', '192.0.2.42')
-	, AAAA('tower', '2001:db8::1:42')
-	, A('tower.ipv4', '192.0.2.42')
-	, AAAA('tower.ipv6', '2001:db8::1:42')
-	, SSHFP('tower', 1, 2, '0f211d236e94768911a294f38653c4af6fa935a5b06c975d8162f59142571451')
-	, SSHFP('tower', 3, 2, '88bf7b7401c11fa2e84871efb06cd73d8fc409154605b354db2dda0b82fe1160')
-	, SSHFP('tower', 4, 2, '6d30900be0faaae73568fc007a87b4d076cf9a351ecacc1106aef726c34ad61d')
-	, SSHFP('tower.ipv4', 1, 2, '0f211d236e94768911a294f38653c4af6fa935a5b06c975d8162f59142571451')
-	, SSHFP('tower.ipv4', 3, 2, '88bf7b7401c11fa2e84871efb06cd73d8fc409154605b354db2dda0b82fe1160')
-	, SSHFP('tower.ipv4', 4, 2, '6d30900be0faaae73568fc007a87b4d076cf9a351ecacc1106aef726c34ad61d')
-	, SSHFP('tower.ipv6', 1, 2, '0f211d236e94768911a294f38653c4af6fa935a5b06c975d8162f59142571451')
-	, SSHFP('tower.ipv6', 3, 2, '88bf7b7401c11fa2e84871efb06cd73d8fc409154605b354db2dda0b82fe1160')
-	, SSHFP('tower.ipv6', 4, 2, '6d30900be0faaae73568fc007a87b4d076cf9a351ecacc1106aef726c34ad61d')
-	, A('vcs', '192.0.2.228')
-	, AAAA('vcs', '2001:db8::48:4558:4456:4353')
-	, A('vcs.ipv4', '192.0.2.228')
-	, AAAA('vcs.ipv6', '2001:db8::48:4558:4456:4353')
-	, CNAME('git', 'vcs.example.org.')
-	, CNAME('git.ipv4', 'vcs.ipv4.example.org.')
-	, CNAME('git.ipv6', 'vcs.ipv6.example.org.')
-	, AAAA('svn', '2001:db8::48:4558:73:766e')
-	, SSHFP('vcs', 1, 2, 'b518be390babdf43cb2d598aa6befa6ce6878546bf107b829d0cfc65253a97d4')
-	, SSHFP('vcs', 3, 2, 'e92545dc0bf501f72333ddeb7a37afc2c5b408ce39a3ad95fbc66236f0077323')
-	, SSHFP('vcs', 4, 2, '02289441124a487095a6cda2e946c6a8ed9087faf3592ec4135536c3e615521c')
-	, SSHFP('vcs.ipv4', 1, 2, 'b518be390babdf43cb2d598aa6befa6ce6878546bf107b829d0cfc65253a97d4')
-	, SSHFP('vcs.ipv4', 3, 2, 'e92545dc0bf501f72333ddeb7a37afc2c5b408ce39a3ad95fbc66236f0077323')
-	, SSHFP('vcs.ipv4', 4, 2, '02289441124a487095a6cda2e946c6a8ed9087faf3592ec4135536c3e615521c')
-	, SSHFP('vcs.ipv6', 1, 2, 'b518be390babdf43cb2d598aa6befa6ce6878546bf107b829d0cfc65253a97d4')
-	, SSHFP('vcs.ipv6', 3, 2, 'e92545dc0bf501f72333ddeb7a37afc2c5b408ce39a3ad95fbc66236f0077323')
-	, SSHFP('vcs.ipv6', 4, 2, '02289441124a487095a6cda2e946c6a8ed9087faf3592ec4135536c3e615521c')
-	, A('nsauth', '192.0.2.53')
-	, AAAA('nsauth', '2001:db8::53:1')
-	, A('nsauth.ipv4', '192.0.2.53')
-	, AAAA('nsauth.ipv6', '2001:db8::53:1')
-	, SSHFP('nsauth', 1, 2, '895804ae022fff643b2677563cb850607c5bb564d9919896c521098c8abc40f2')
-	, SSHFP('nsauth', 3, 2, '28a65470badae611375747e1a803211c41e3d71e97741fa92ccbdf7b01f34e42')
-	, SSHFP('nsauth', 4, 2, '6e10445c0649c03fa83e18b1873e5b89b3a20893ecb48d01e7cedb3dd563ecf0')
-	, SSHFP('nsauth.ipv4', 1, 2, '895804ae022fff643b2677563cb850607c5bb564d9919896c521098c8abc40f2')
-	, SSHFP('nsauth.ipv4', 3, 2, '28a65470badae611375747e1a803211c41e3d71e97741fa92ccbdf7b01f34e42')
-	, SSHFP('nsauth.ipv4', 4, 2, '6e10445c0649c03fa83e18b1873e5b89b3a20893ecb48d01e7cedb3dd563ecf0')
-	, SSHFP('nsauth.ipv6', 1, 2, '895804ae022fff643b2677563cb850607c5bb564d9919896c521098c8abc40f2')
-	, SSHFP('nsauth.ipv6', 3, 2, '28a65470badae611375747e1a803211c41e3d71e97741fa92ccbdf7b01f34e42')
-	, SSHFP('nsauth.ipv6', 4, 2, '6e10445c0649c03fa83e18b1873e5b89b3a20893ecb48d01e7cedb3dd563ecf0')
-	, A('ns1', '192.0.2.53')
-	, AAAA('ns1', '2001:db8::53:1')
-	, A('ns2', '203.0.113.53')
-	, AAAA('ns2', '2001:db8:113::53')
-	, A('hermes', '192.0.2.25')
-	, AAAA('hermes', '2001:db8::48:4558:736d:7470')
-	, AAAA('hermes', '2001:db8::48:4558:696d:6170')
-	, A('hermes.ipv4', '192.0.2.25')
-	, AAAA('hermes.ipv6', '2001:db8::48:4558:736d:7470')
-	, AAAA('hermes.ipv6', '2001:db8::48:4558:696d:6170')
-	, SSHFP('hermes', 1, 2, '4472ff5bd0528cd49216af4503ba6a1c48f121d0292a31d6af193e5000af4966')
-	, SSHFP('hermes', 3, 2, 'eaba20c1565676a5229184ccfcf82d0ee408f91757a67d9fa51a0b6f3db4a33b')
-	, SSHFP('hermes', 4, 2, 'a9d89920e599d04363c8b35a4ce66c1ed257ea1d16981f060b6aed080bbb7a7c')
-	, SSHFP('hermes.ipv4', 1, 2, '4472ff5bd0528cd49216af4503ba6a1c48f121d0292a31d6af193e5000af4966')
-	, SSHFP('hermes.ipv4', 3, 2, 'eaba20c1565676a5229184ccfcf82d0ee408f91757a67d9fa51a0b6f3db4a33b')
-	, SSHFP('hermes.ipv4', 4, 2, 'a9d89920e599d04363c8b35a4ce66c1ed257ea1d16981f060b6aed080bbb7a7c')
-	, SSHFP('hermes.ipv6', 1, 2, '4472ff5bd0528cd49216af4503ba6a1c48f121d0292a31d6af193e5000af4966')
-	, SSHFP('hermes.ipv6', 3, 2, 'eaba20c1565676a5229184ccfcf82d0ee408f91757a67d9fa51a0b6f3db4a33b')
-	, SSHFP('hermes.ipv6', 4, 2, 'a9d89920e599d04363c8b35a4ce66c1ed257ea1d16981f060b6aed080bbb7a7c')
-	, A('kerb-service', '192.0.2.88')
-	, AAAA('kerb-service', '2001:db8::48:4558:6b65:7262')
-	, A('security', '192.0.2.92')
-	, AAAA('security', '2001:db8::48:4558:53:4543')
-	, A('security.ipv4', '192.0.2.92')
-	, AAAA('security.ipv6', '2001:db8::48:4558:53:4543')
-	, A('services', '192.0.2.93')
-	, AAAA('services', '2001:db8::48:4558:5345:5256')
-	, A('services.ipv4', '192.0.2.93')
-	, AAAA('services.ipv6', '2001:db8::48:4558:5345:5256')
-	, A('openpgpkey', '192.0.2.92')
-	, AAAA('openpgpkey', '2001:db8::48:4558:53:4543')
-	, CNAME('finger', 'barbican.example.org.')
-	, CNAME('finger.ipv4', 'barbican.ipv4.example.org.')
-	, CNAME('finger.ipv6', 'barbican.ipv6.example.org.')
-	, A('avatars', '192.0.2.93')
-	, AAAA('avatars', '2001:db8::48:4558:5345:5256')
-	, CNAME('dict', 'services.example.org.')
-	, CNAME('people', 'services.example.org.')
-	, CNAME('people.ipv4', 'services.ipv4.example.org.')
-	, CNAME('people.ipv6', 'services.ipv6.example.org.')
-	, CNAME('wpad', 'services.example.org.')
-	, CNAME('www', 'services.example.org.')
-	, CNAME('www.ipv4', 'services.ipv4.example.org.')
-	, CNAME('www.ipv6', 'services.ipv6.example.org.')
-	, CAA('@', 'issue', 'example.net')
-	, CAA('@', 'issue', 'letsencrypt.org\; accounturi=https://acme-v01.api.letsencrypt.org/acme/reg/1234567')
-	, CAA('@', 'issue', 'letsencrypt.org\; accounturi=https://acme-staging-v02.api.letsencrypt.org/acme/acct/23456789')
-	, CAA('@', 'issue', 'letsencrypt.org\; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/76543210')
-	, CAA('@', 'issuewild', ';')
-	, CAA('@', 'iodef', 'mailto:security@example.org')
-	, TLSA('_ourcaca4-tlsa', 2, 0, 1, 'ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488')
-	, TLSA('_ourcaca5-tlsa', 2, 0, 1, '11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1')
-	, TLSA('_cacert-c3-tlsa', 2, 0, 1, '4edde9e55ca453b388887caa25d5c5c5bccf2891d73b87495808293d5fac83c8')
-	, TLSA('_letsencrypt-tlsa', 2, 1, 1, '60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18')
-	, TLSA('_letsencrypt-tlsa', 2, 1, 1, 'b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b')
-	, TLSA('_amazon-tlsa', 2, 0, 1, '8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e')
-	, TLSA('_amazon-tlsa', 2, 0, 1, '1ba5b2aa8c65401a82960118f80bec4f62304d83cec4713a19c39c011ea46db4')
-	, TLSA('_amazon-tlsa', 2, 0, 1, '18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4')
-	, TLSA('_amazon-tlsa', 2, 0, 1, 'e35d28419ed02025cfa69038cd623962458da5c695fbdea3c22b0bfb25897092')
-	, TLSA('_ourca-tlsa', 2, 0, 1, 'ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488')
-	, TLSA('_ourca-tlsa', 2, 0, 1, '11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1')
-	, TLSA('_ourca-cacert-tlsa', 2, 0, 1, 'ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488')
-	, TLSA('_ourca-cacert-tlsa', 2, 0, 1, '11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1')
-	, TLSA('_ourca-cacert-tlsa', 2, 0, 1, '4edde9e55ca453b388887caa25d5c5c5bccf2891d73b87495808293d5fac83c8')
-	, TLSA('_ourca-le-tlsa', 2, 0, 1, 'ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488')
-	, TLSA('_ourca-le-tlsa', 2, 0, 1, '11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1')
-	, TLSA('_ourca-le-tlsa', 2, 1, 1, '60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18')
-	, TLSA('_ourca-le-tlsa', 2, 1, 1, 'b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b')
-	, TLSA('_ourca-cacert-le-tlsa', 2, 0, 1, 'ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488')
-	, TLSA('_ourca-cacert-le-tlsa', 2, 0, 1, '11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1')
-	, TLSA('_ourca-cacert-le-tlsa', 2, 0, 1, '4edde9e55ca453b388887caa25d5c5c5bccf2891d73b87495808293d5fac83c8')
-	, TLSA('_ourca-cacert-le-tlsa', 2, 1, 1, '60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18')
-	, TLSA('_ourca-cacert-le-tlsa', 2, 1, 1, 'b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b')
-	, TLSA('_cacert-le-tlsa', 2, 0, 1, '4edde9e55ca453b388887caa25d5c5c5bccf2891d73b87495808293d5fac83c8')
-	, TLSA('_cacert-le-tlsa', 2, 1, 1, '60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18')
-	, TLSA('_cacert-le-tlsa', 2, 1, 1, 'b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b')
-	, TLSA('_le-amazon-tlsa', 2, 1, 1, '60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18')
-	, TLSA('_le-amazon-tlsa', 2, 1, 1, 'b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b')
-	, TLSA('_le-amazon-tlsa', 2, 0, 1, '8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e')
-	, TLSA('_le-amazon-tlsa', 2, 0, 1, '1ba5b2aa8c65401a82960118f80bec4f62304d83cec4713a19c39c011ea46db4')
-	, TLSA('_le-amazon-tlsa', 2, 0, 1, '18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4')
-	, TLSA('_le-amazon-tlsa', 2, 0, 1, 'e35d28419ed02025cfa69038cd623962458da5c695fbdea3c22b0bfb25897092')
-	, TLSA('_ourca-le-amazon-tlsa', 2, 0, 1, 'ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488')
-	, TLSA('_ourca-le-amazon-tlsa', 2, 0, 1, '11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1')
-	, TLSA('_ourca-le-amazon-tlsa', 2, 1, 1, '60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18')
-	, TLSA('_ourca-le-amazon-tlsa', 2, 1, 1, 'b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b')
-	, TLSA('_ourca-le-amazon-tlsa', 2, 0, 1, '8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e')
-	, TLSA('_ourca-le-amazon-tlsa', 2, 0, 1, '1ba5b2aa8c65401a82960118f80bec4f62304d83cec4713a19c39c011ea46db4')
-	, TLSA('_ourca-le-amazon-tlsa', 2, 0, 1, '18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4')
-	, TLSA('_ourca-le-amazon-tlsa', 2, 0, 1, 'e35d28419ed02025cfa69038cd623962458da5c695fbdea3c22b0bfb25897092')
-	, CNAME('_443._tcp.www', '_ourca-le-tlsa.example.org.')
-	, CNAME('_443._tcp.www.ipv4', '_ourca-le-tlsa.example.org.')
-	, CNAME('_443._tcp.www.ipv6', '_ourca-le-tlsa.example.org.')
-	, CNAME('_443._tcp.people', '_ourca-le-tlsa.example.org.')
-	, CNAME('_443._tcp.people.ipv4', '_ourca-le-tlsa.example.org.')
-	, CNAME('_443._tcp.people.ipv6', '_ourca-le-tlsa.example.org.')
-	, CNAME('_443._tcp.git', '_ourca-le-tlsa.example.org.')
-	, CNAME('_443._tcp.svn', '_ourca-le-tlsa.example.org.')
-	, CNAME('_5222._tcp.xmpp', '_ourca-le-tlsa.example.org.')
-	, CNAME('_5223._tcp.xmpp', '_ourca-le-tlsa.example.org.')
-	, CNAME('_5269._tcp.xmpp-s2s', '_ourca-le-tlsa.example.org.')
-	, CNAME('_25._tcp.mx', '_ourca-le-tlsa.example.org.')
-	, CNAME('_26._tcp.mx', '_ourca-le-tlsa.example.org.')
-	, CNAME('_27._tcp.mx', '_ourca-le-tlsa.example.org.')
-	, CNAME('_465._tcp.smtp46', '_ourca-le-tlsa.example.org.')
-	, CNAME('_587._tcp.smtp46', '_ourca-le-tlsa.example.org.')
-	, CNAME('_1465._tcp.smtp46', '_ourca-le-tlsa.example.org.')
-	, CNAME('_1587._tcp.smtp46', '_ourca-le-tlsa.example.org.')
-	, CNAME('_465._tcp.smtp', '_ourca-le-tlsa.example.org.')
-	, CNAME('_587._tcp.smtp', '_ourca-le-tlsa.example.org.')
-	, CNAME('_1465._tcp.smtp', '_ourca-le-tlsa.example.org.')
-	, CNAME('_1587._tcp.smtp', '_ourca-le-tlsa.example.org.')
-	, CNAME('_143._tcp.imap46', '_ourca-le-tlsa.example.org.')
-	, CNAME('_993._tcp.imap46', '_ourca-le-tlsa.example.org.')
-	, CNAME('_143._tcp.imap', '_ourca-le-tlsa.example.org.')
-	, CNAME('_993._tcp.imap', '_ourca-le-tlsa.example.org.')
-	, CNAME('_4190._tcp.imap', '_ourca-le-tlsa.example.org.')
-	, CNAME('www.security', 'security.example.org.')
-	, CNAME('www.security.ipv4', 'security.ipv4.example.org.')
-	, CNAME('www.security.ipv6', 'security.ipv6.example.org.')
-	, CNAME('_443._tcp.www.security', '_ourca-le-tlsa.example.org.')
-	, CNAME('_443._tcp.www.security.ipv4', '_ourca-le-tlsa.example.org.')
-	, CNAME('_443._tcp.www.security.ipv6', '_ourca-le-tlsa.example.org.')
-	, CNAME('_443._tcp.security', '_ourca-le-tlsa.example.org.')
-	, CNAME('_443._tcp.security.ipv4', '_ourca-le-tlsa.example.org.')
-	, CNAME('_443._tcp.security.ipv6', '_ourca-le-tlsa.example.org.')
-	, CNAME('_acme-challenge', '_acme-challenge.chat-acme.d.example.net.', TTL(15))
-	, CNAME('_acme-challenge.xmpp', '_acme-challenge.xmpp.chat-acme.d.example.net.', TTL(15))
-	, CNAME('_acme-challenge.chat', '_acme-challenge.chat.chat-acme.d.example.net.', TTL(15))
-	, CNAME('_acme-challenge.conference', '_acme-challenge.conference.chat-acme.d.example.net.', TTL(15))
-	, CNAME('_acme-challenge.proxy-chatfiles', '_acme-challenge.proxy-chatfiles.chat-acme.d.example.net.', TTL(15))
-	, CNAME('_acme-challenge.pubsub.xmpp', '_acme-challenge.pubsub.xmpp.chat-acme.d.example.net.', TTL(15))
-	, AAAA('imap', '2001:db8::48:4558:696d:6170')
-	, A('imap', '192.0.2.25')
-	, AAAA('smtp', '2001:db8::48:4558:736d:7470')
-	, A('smtp', '192.0.2.25')
-	, A('smtp46', '192.0.2.25')
-	, AAAA('smtp46', '2001:db8::48:4558:736d:7470')
-	, A('imap46', '192.0.2.25')
-	, AAAA('imap46', '2001:db8::48:4558:696d:6170')
-	, A('mx', '192.0.2.25')
-	, AAAA('mx', '2001:db8::48:4558:736d:7470')
-	, A('mx.ipv4', '192.0.2.25')
-	, AAAA('mx.ipv6', '2001:db8::48:4558:736d:7470')
-	, TXT('mx', 'v=spf1 a include:_spflarge.example.net -all')
-	, TXT('_mta-sts', 'v=STSv1; id=20191231r1;')
-	, TXT('mta-sts', 'v=STSv1; id=20191231r1;')
-	, A('mta-sts', '192.0.2.93')
-	, AAAA('mta-sts', '2001:db8::48:4558:5345:5256')
-	, AAAA('xmpp.ipv6', '2001:db8::f0ab:cdef:1234:f00f')
-	, AAAA('xmpp-s2s.ipv6', '2001:db8::f0ab:cdef:1234:f00f')
-	, A('xmpp', '203.0.113.175')
-	, AAAA('xmpp', '2001:db8::f0ab:cdef:1234:f00f')
-	, A('xmpp-s2s', '203.0.113.175')
-	, AAAA('xmpp-s2s', '2001:db8::f0ab:cdef:1234:f00f')
-	, CNAME('proxy-chatfiles', 'xmpp.example.org.')
-	, CNAME('fileproxy.xmpp', 'xmpp.example.org.')
-	, CNAME('conference', 'xmpp-s2s.example.org.')
-	, SRV('_xmpp-server._tcp.conference', 10, 2, 5269, 'xmpp-s2s.example.org.')
-	, CNAME('pubsub.xmpp', 'xmpp-s2s.example.org.')
-	, A('chat', '203.0.113.175')
-	, AAAA('chat', '2001:db8::f0ab:cdef:1234:f00f')
-	, CNAME('proxy-chatfiles.chat', 'chat.example.org.')
-	, CNAME('fileproxy.chat', 'chat.example.org.')
-	, CNAME('conference.chat', 'chat.example.org.')
-	, CNAME('pubsub.chat', 'chat.example.org.')
-	, SRV('_xmpp-server._tcp.conference', 10, 2, 5269, 'chat.example.org.')
-	, AAAA('auth', '2001:db8::48:4558:6175:7468')
-	, AAAA('kpeople', '2001:db8::48:4558:6b70:706c')
-	, AAAA('ocsp.security', '2001:db8::48:4558:6f63:7370')
-	, AAAA('webauth', '2001:db8::48:4558:7765:6261')
-	, A('news-feed', '192.0.2.93')
-	, AAAA('news-feed', '2001:db8::48:4558:6e6e:7470')
-	, CNAME('go', 'abcdefghijklmn.cloudfront.net.')
-	, A('foo', '192.0.2.200')
-	, MX('gladys', 10, 'mx.example.org.')
-	, TXT('_adsp._domainkey.gladys', 'dkim=all')
-	, TXT('_dmarc.gladys', 'v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s')
-	, TXT('_report.gladys', 'r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;')
-	, TXT('_smtp._tls.gladys', 'v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org')
-	, TXT('_smtp-tlsrpt.gladys', 'v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org')
-	, MX('fred', 10, 'mx.example.org.')
-	, A('fred', '192.0.2.93')
-	, AAAA('fred', '2001:db8::48:4558:5345:5256')
-	, TXT('fred', 'v=spf1 ip4:192.0.2.25 ip6:2001:db8::1:25 mx include:_spf.example.com ~all')
-	, TXT('d201911._domainkey.fred', ['v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/OMUa3PnWh9LqXFVwlAgYDdTtbq3zTtTOSBmJq5yWauzXYcUuSmhW7CsV0QQlacCsQgJlwg9Nl1vO1TosAj5EKUCLTeSqjlWrM7KXKPx8FT71Q9H9wXX4MHUyGrqHFo0OPzcmtHwqcd8AD6MIvJHSRoAfiPPBp8Euc0wGnJZdGS75Hk+wA3MQ2/Tlz', 'P2eenyiFyqmUTAGOYsGC/tREsWPiegR/OVxNGlzTY6quHsuVK7UYtIyFnYx9PGWdl3b3p7VjQ5V0Rp+2CLtVrCuS6Zs+/3NhZdM7mdD0a9Jgxakwa1le5YmB5lHTGF7T8quy6TlKe9lMUIRNjqTHfSFz/MwIDAQAB'])
-	, TXT('d201911e2._domainkey.fred', 'v=DKIM1; k=ed25519; p=rQNsV9YcPJn/WYI1EDLjNbN/VuX1Hqq/oe4htbnhv+A=')
-	, TXT('d202003._domainkey.fred', ['v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpnx7tnRxAnE/poIRbVb2i+f1uQCXWnBHzHurgEyZX0CmGaiJuCbr8SWOW2PoXq9YX8gIv2TS3uzwGv/4yA2yX9Z9zar1LeWUfGgMWLdCol9xfmWrI+6MUzxuwhw/mXwzigbI4bHoakh3ez/i3J9KPS85GfrOODqA1emR13f2pG8EzAcje+rwW2PtYj', 'c0h+FMDpeLuPYyYszFbNlrkVUneesxnoz+o4x/s6P14ZoRqz5CR7u6G02HwnNaHads5Eto6FYYErUUTtFmgWuYabHxgLVGRdRQs6B5OBYT/3L2q/lAgmEgdy/QL+c0Psfj99/XQmO8fcM0scBzw2ukQzcUwIDAQAB'])
-	, TXT('d202003e2._domainkey.fred', 'v=DKIM1; k=ed25519; p=0DAPp/IRLYFI/Z4YSgJRi4gr7xcu1/EfJ5mjVn10aAw=')
-	, TXT('_adsp._domainkey.fred', 'dkim=all')
-	, TXT('_dmarc.fred', 'v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s')
-	, TXT('_report.fred', 'r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;')
-	, TXT('_smtp._tls.fred', 'v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org')
-	, TXT('_smtp-tlsrpt.fred', 'v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org')
-	, MX('mailtest', 10, 'mx.example.org.')
-	, TXT('d201911._domainkey.mailtest', ['v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9xHnjHyhm1weA6FjOqM8LKVsklFt26HXWoe/0XCdmBG4i/UzQ7RiSgWO4kv7anPK6qf6rtL1xYsHufaRXG8yLsZxz+BbUP99eZvxZX78tMg4cGf+yU6uFxulCbOzsMy+8Cc3bbQTtIWYjyWBwnHdRRrCkQxjZ5KAd+x7ZB5qzqg2/eLJ7fCuNsr/xn', '0XTY6XYgug95e3h4CEW3Y+bkG81AMeJmT/hoVTcXvT/Gm6ZOUmx6faQWIHSW7qOR3VS6S75HOuclEUk0gt9r7OQHKl01sXh8g02SHRk8SUMEoNVayqplYZTFFF01Z192m7enmpp+St+HHUIT6jW/CAMCO3wIDAQAB'])
-	, TXT('d201911e2._domainkey.mailtest', 'v=DKIM1; k=ed25519; p=afulDDnhaTzdqKQN0jtWV04eOhAcyBk3NCyVheOf53Y=')
-	, TXT('d202003._domainkey.mailtest', ['v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2BTVZaVLvL3qZBPaF7tRR0SdOKe+hjcpQ5fqO48lEuYiyTb6lkn8DPjDK11gTN3au0Bm+y8KC7ITKSJosuJXytxt3wqc61Pwtmb/Cy7GzmOF1AuegydB3/88VbgHT5DZucHrh6+ValZk4Trkx+/1K26Uo+h2KL2n/Ldb1y91ATHujp8DqxAOhiZ7KN', 'aS1okNRRB4/14jPufAbeiN8/iBPiY5Hl80KHmpjM+7vvjb5jiecZ1ZrVDj7eTES4pmVh2v1c106mZLieoqDPYaf/HVbCM4E4n1B6kjbboSOpANADIcqXxGJQ7Be7/Sk9f7KwRusrsMHXmBHgm4wPmwGVZ3QIDAQAB'])
-	, TXT('d202003e2._domainkey.mailtest', 'v=DKIM1; k=ed25519; p=iqwH/hhozFdeo1xnuldr8KUi7O7g+DzmC+f0SYMKVDc=')
-	, TXT('_adsp._domainkey.mailtest', 'dkim=all')
-	, TXT('_dmarc.mailtest', 'v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s')
-	, TXT('_report.mailtest', 'r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;')
-	, TXT('_smtp._tls.mailtest', 'v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org')
-	, TXT('_smtp-tlsrpt.mailtest', 'v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org')
-	, SRV('_pgpkey-http._tcp.sks', 0, 0, 0, '.')
-	, SRV('_pgpkey-https._tcp.sks', 0, 0, 0, '.')
-	, SRV('_hkp._tcp.sks', 0, 0, 0, '.')
-	, SRV('_pgpkey-http._tcp.sks-peer', 0, 0, 0, '.')
-	, SRV('_pgpkey-https._tcp.sks-peer', 0, 0, 0, '.')
-	, SRV('_hkp._tcp.sks-peer', 0, 0, 0, '.')
-	, NS('yoyo', 'ns5.he.net.')
-	, NS('yoyo', 'ns4.he.net.')
-	, NS('yoyo', 'ns3.he.net.')
-	, NS('yoyo', 'ns2.he.net.')
-	, NS('yoyo', 'ns1.he.net.')
-	, NS('khard', 'ns-cloud-d1.googledomains.com.')
-	, NS('khard', 'ns-cloud-d2.googledomains.com.')
-	, NS('khard', 'ns-cloud-d3.googledomains.com.')
-	, NS('khard', 'ns-cloud-d4.googledomains.com.')
-	, MX('realhost', 0, '.')
-	, TXT('realhost', 'v=spf1 -all')
-	, TLSA('_25._tcp.realhost', 3, 0, 0, '0000000000000000000000000000000000000000000000000000000000000000')
-	, CNAME('_fedcba9876543210fedcba9876543210.go', '_45678901234abcdef45678901234abcd.ggedgsdned.acm-validations.aws.')
-	, CNAME('opqrstuvwxyz', 'gv-abcdefghijklmn.dv.googlehosted.com.')
-	, CNAME('zyxwvutsrqpo', 'gv-nmlkjihgfedcba.dv.googlehosted.com.')
-	, CNAME('0123456789abcdef0123456789abcdef', 'verify.bing.com.')
+	//, SOA("@", "ns1.example.org.", "hostmaster.example.org.", 2020030700, 7200, 3600, 864000, 7200, TTL(43200))
+	//, NAMESERVER("ns1.example.org.")
+	//, NAMESERVER("ns2.example.org.")
+	//, NAMESERVER("ns-a.example.net.")
+	//, NAMESERVER("friend-dns.example.com.")
+	, MX("@", 10, "mx.example.org.")
+	, TXT("@", "v=spf1 ip4:192.0.2.25 ip6:2001:db8::1:25 mx include:_spf.example.com ~all")
+	, SRV("_client._smtp", 1, 1, 1, "example.org.")
+	, SRV("_client._smtp.mx", 1, 2, 1, "mx.example.org.")
+	, SRV("_client._smtp.foo", 1, 2, 1, "foo.example.org.")
+	, SRV("_kerberos._tcp", 10, 1, 88, "kerb-service.example.org.")
+	, SRV("_kerberos._udp", 10, 1, 88, "kerb-service.example.org.")
+	, SRV("_kpasswd._udp", 10, 1, 464, "kerb-service.example.org.")
+	, SRV("_kerberos-adm._tcp", 10, 1, 749, "kerb-service.example.org.")
+	, TXT("_kerberos", "EXAMPLE.ORG")
+	, SRV("_ldap._tcp", 0, 0, 0, ".")
+	, SRV("_ldap._udp", 0, 0, 0, ".")
+	, SRV("_jabber._tcp", 10, 2, 5269, "xmpp-s2s.example.org.")
+	, SRV("_xmpp-server._tcp", 10, 2, 5269, "xmpp-s2s.example.org.")
+	, SRV("_xmpp-client._tcp", 10, 2, 5222, "xmpp.example.org.")
+	, SRV("_im._sip", 0, 0, 0, ".")
+	, SRV("_pres._sip", 0, 0, 0, ".")
+	, SRV("_sip+d2t._tcp", 0, 0, 0, ".")
+	, SRV("_sips+d2t._tcp", 0, 0, 0, ".")
+	, SRV("_sip+d2u._udp", 0, 0, 0, ".")
+	, SRV("_sip+d2s._sctp", 0, 0, 0, ".")
+	, SRV("_sips+d2s._sctp", 0, 0, 0, ".")
+	, SRV("_submission._tcp", 10, 10, 587, "smtp.example.org.")
+	, SRV("_submissions._tcp", 10, 10, 465, "smtp.example.org.")
+	, SRV("_imap._tcp", 10, 10, 143, "imap.example.org.")
+	, SRV("_imaps._tcp", 10, 10, 993, "imap.example.org.")
+	, SRV("_pop3._tcp", 0, 0, 0, ".")
+	, SRV("_pop3s._tcp", 0, 0, 0, ".")
+	, SRV("_sieve._tcp", 10, 10, 4190, "imap.example.org.")
+	, TXT("dns-moreinfo", ["Fred Bloggs, TZ=America/New_York", "Chat-Service-X: @handle1", "Chat-Service-Y: federated-handle@example.org"])
+	, SRV("_pgpkey-http._tcp", 0, 0, 0, ".")
+	, SRV("_pgpkey-https._tcp", 0, 0, 0, ".")
+	, SRV("_hkp._tcp", 0, 0, 0, ".")
+	, SRV("_openpgpkey._tcp", 10, 10, 443, "openpgpkey.example.org.")
+	, SRV("_finger._tcp", 10, 10, 79, "barbican.example.org.")
+	, SRV("_avatars-sec._tcp", 10, 10, 443, "avatars.example.org.")
+	, A("@", "192.0.2.1")
+	, AAAA("@", "2001:db8::1:1")
+	, TXT("_adsp._domainkey", "dkim=all")
+	, TXT("_dmarc", "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s")
+	, TXT("d201911._domainkey", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SmyE5Tz5/wPL8cb2AKuHnlFeLMOhAl1UX/NYaeDCKMWoBPTgZRT0jonKLmV2UscHdodXu5ZsLr/NAuLCp7HmPLReLz7kxKncP6ppveKxc1aq5SPTKeWe77p6BptlahHc35eiXsZRpTsEzrbEOainy1IWEd+w9p1gWbrSutwE22z0i4V88nQ9UBa1ks", "6cVGxXBZFovWC+i28aGs6Lc7cSfHG5+Mrg3ud5X4evYXTGFMPpunMcCsXrqmS5a+5gRSEMZhngha/cHjLwaJnWzKaywNWF5XOsCjL94QkS0joB7lnGOHMNSZBCcu542Y3Ht3SgHhlpkF9mIbIRfpzA9IoSQIDAQAB"])
+	, TXT("d201911e2._domainkey", "v=DKIM1; k=ed25519; p=GBt2k2L39KUb39fg5brOppXDHXvISy0+ECGgPld/bIo=")
+	, TXT("d202003._domainkey", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/1tQvOEs7xtKNm7PbPgY4hQjwHVvqqkDb0+TeqZHYRSczQ3c0LFJrIDFiPIdwQe/7AuKrxvATSh/uXKZ3EP4ouMgROPZnUxVXENeetJj+pc3nfGwTKUBTTTth+SO74gdIWsntjvAfduzosC4ZkxbDwZ9c253qXARGvGu+LB/iAeq0ngEbm5fU13+Jo", "pv0d4dR6oGe9GvMEnGGLZzNrxWl1BPe2x5JZ5/X/3fW8vJx3OgRB5N6fqbAJ6HZ9kcbikDH4lPPl9RIoprFk7mmwno/nXLQYGhPobmqq8wLkDiXEkWtYa5lzujz3XI3Zkk8ZIOGvdbVVfAttT0IVPnYkOhQIDAQAB"])
+	, TXT("d202003e2._domainkey", "v=DKIM1; k=ed25519; p=DQI5d9sNMrr0SLDoAi071IFOyKnlbR29hAQdqVQecQg=")
+	, TXT("_report", "r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;")
+	, TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org")
+	, TXT("_smtp-tlsrpt", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org")
+	, TXT("example.net._report._dmarc", "v=DMARC1")
+	, TXT("example.com._report._dmarc", "v=DMARC1")
+	, TXT("xn--2j5b.xn--9t4b11yi5a._report._dmarc", "v=DMARC1")
+	, TXT("special.test._report._dmarc", "v=DMARC1")
+	, TXT("xn--qck5b9a5eml3bze.xn--zckzah._report._dmarc", "v=DMARC1")
+	, CNAME("*._smimecert", "_ourca-smimea.example.org.")
+	, PTR("b._dns-sd._udp", "field.example.org.")
+	, PTR("lb._dns-sd._udp", "field.example.org.")
+	, PTR("r._dns-sd._udp", "field.example.org.")
+	, NS("field", "ns1.example.org.")
+	, NS("field", "ns2.example.org.")
+	, A("barbican", "192.0.2.1")
+	, AAAA("barbican", "2001:db8::1:1")
+	, A("barbican.ipv4", "192.0.2.1")
+	, AAAA("barbican.ipv6", "2001:db8::1:1")
+	, A("megalomaniac", "198.51.100.254")
+	, AAAA("megalomaniac", "2001:db8:ffef::254")
+	, A("megalomaniac.ipv4", "198.51.100.254")
+	, AAAA("megalomaniac.ipv6", "2001:db8:ffef::254")
+	, SSHFP("megalomaniac", 1, 2, "4e9ced94d3caf2ce915f85a63ce7279d5118a79ea03dac59cf4859b825d2f619")
+	, SSHFP("megalomaniac", 3, 2, "d3556a3db83ab9ccec39dc6693dd2f3e28b178c9bba61880924821c426cc61eb")
+	, SSHFP("megalomaniac", 4, 2, "c60c9d9d4728668f5f46986ff0c5b416c5e913862c4970cbfe211a6f44a111b4")
+	, SSHFP("megalomaniac.ipv4", 1, 2, "4e9ced94d3caf2ce915f85a63ce7279d5118a79ea03dac59cf4859b825d2f619")
+	, SSHFP("megalomaniac.ipv4", 3, 2, "d3556a3db83ab9ccec39dc6693dd2f3e28b178c9bba61880924821c426cc61eb")
+	, SSHFP("megalomaniac.ipv4", 4, 2, "c60c9d9d4728668f5f46986ff0c5b416c5e913862c4970cbfe211a6f44a111b4")
+	, SSHFP("megalomaniac.ipv6", 1, 2, "4e9ced94d3caf2ce915f85a63ce7279d5118a79ea03dac59cf4859b825d2f619")
+	, SSHFP("megalomaniac.ipv6", 3, 2, "d3556a3db83ab9ccec39dc6693dd2f3e28b178c9bba61880924821c426cc61eb")
+	, SSHFP("megalomaniac.ipv6", 4, 2, "c60c9d9d4728668f5f46986ff0c5b416c5e913862c4970cbfe211a6f44a111b4")
+	, A("tower", "192.0.2.42")
+	, AAAA("tower", "2001:db8::1:42")
+	, A("tower.ipv4", "192.0.2.42")
+	, AAAA("tower.ipv6", "2001:db8::1:42")
+	, SSHFP("tower", 1, 2, "0f211d236e94768911a294f38653c4af6fa935a5b06c975d8162f59142571451")
+	, SSHFP("tower", 3, 2, "88bf7b7401c11fa2e84871efb06cd73d8fc409154605b354db2dda0b82fe1160")
+	, SSHFP("tower", 4, 2, "6d30900be0faaae73568fc007a87b4d076cf9a351ecacc1106aef726c34ad61d")
+	, SSHFP("tower.ipv4", 1, 2, "0f211d236e94768911a294f38653c4af6fa935a5b06c975d8162f59142571451")
+	, SSHFP("tower.ipv4", 3, 2, "88bf7b7401c11fa2e84871efb06cd73d8fc409154605b354db2dda0b82fe1160")
+	, SSHFP("tower.ipv4", 4, 2, "6d30900be0faaae73568fc007a87b4d076cf9a351ecacc1106aef726c34ad61d")
+	, SSHFP("tower.ipv6", 1, 2, "0f211d236e94768911a294f38653c4af6fa935a5b06c975d8162f59142571451")
+	, SSHFP("tower.ipv6", 3, 2, "88bf7b7401c11fa2e84871efb06cd73d8fc409154605b354db2dda0b82fe1160")
+	, SSHFP("tower.ipv6", 4, 2, "6d30900be0faaae73568fc007a87b4d076cf9a351ecacc1106aef726c34ad61d")
+	, A("vcs", "192.0.2.228")
+	, AAAA("vcs", "2001:db8::48:4558:4456:4353")
+	, A("vcs.ipv4", "192.0.2.228")
+	, AAAA("vcs.ipv6", "2001:db8::48:4558:4456:4353")
+	, CNAME("git", "vcs.example.org.")
+	, CNAME("git.ipv4", "vcs.ipv4.example.org.")
+	, CNAME("git.ipv6", "vcs.ipv6.example.org.")
+	, AAAA("svn", "2001:db8::48:4558:73:766e")
+	, SSHFP("vcs", 1, 2, "b518be390babdf43cb2d598aa6befa6ce6878546bf107b829d0cfc65253a97d4")
+	, SSHFP("vcs", 3, 2, "e92545dc0bf501f72333ddeb7a37afc2c5b408ce39a3ad95fbc66236f0077323")
+	, SSHFP("vcs", 4, 2, "02289441124a487095a6cda2e946c6a8ed9087faf3592ec4135536c3e615521c")
+	, SSHFP("vcs.ipv4", 1, 2, "b518be390babdf43cb2d598aa6befa6ce6878546bf107b829d0cfc65253a97d4")
+	, SSHFP("vcs.ipv4", 3, 2, "e92545dc0bf501f72333ddeb7a37afc2c5b408ce39a3ad95fbc66236f0077323")
+	, SSHFP("vcs.ipv4", 4, 2, "02289441124a487095a6cda2e946c6a8ed9087faf3592ec4135536c3e615521c")
+	, SSHFP("vcs.ipv6", 1, 2, "b518be390babdf43cb2d598aa6befa6ce6878546bf107b829d0cfc65253a97d4")
+	, SSHFP("vcs.ipv6", 3, 2, "e92545dc0bf501f72333ddeb7a37afc2c5b408ce39a3ad95fbc66236f0077323")
+	, SSHFP("vcs.ipv6", 4, 2, "02289441124a487095a6cda2e946c6a8ed9087faf3592ec4135536c3e615521c")
+	, A("nsauth", "192.0.2.53")
+	, AAAA("nsauth", "2001:db8::53:1")
+	, A("nsauth.ipv4", "192.0.2.53")
+	, AAAA("nsauth.ipv6", "2001:db8::53:1")
+	, SSHFP("nsauth", 1, 2, "895804ae022fff643b2677563cb850607c5bb564d9919896c521098c8abc40f2")
+	, SSHFP("nsauth", 3, 2, "28a65470badae611375747e1a803211c41e3d71e97741fa92ccbdf7b01f34e42")
+	, SSHFP("nsauth", 4, 2, "6e10445c0649c03fa83e18b1873e5b89b3a20893ecb48d01e7cedb3dd563ecf0")
+	, SSHFP("nsauth.ipv4", 1, 2, "895804ae022fff643b2677563cb850607c5bb564d9919896c521098c8abc40f2")
+	, SSHFP("nsauth.ipv4", 3, 2, "28a65470badae611375747e1a803211c41e3d71e97741fa92ccbdf7b01f34e42")
+	, SSHFP("nsauth.ipv4", 4, 2, "6e10445c0649c03fa83e18b1873e5b89b3a20893ecb48d01e7cedb3dd563ecf0")
+	, SSHFP("nsauth.ipv6", 1, 2, "895804ae022fff643b2677563cb850607c5bb564d9919896c521098c8abc40f2")
+	, SSHFP("nsauth.ipv6", 3, 2, "28a65470badae611375747e1a803211c41e3d71e97741fa92ccbdf7b01f34e42")
+	, SSHFP("nsauth.ipv6", 4, 2, "6e10445c0649c03fa83e18b1873e5b89b3a20893ecb48d01e7cedb3dd563ecf0")
+	, A("ns1", "192.0.2.53")
+	, AAAA("ns1", "2001:db8::53:1")
+	, A("ns2", "203.0.113.53")
+	, AAAA("ns2", "2001:db8:113::53")
+	, A("hermes", "192.0.2.25")
+	, AAAA("hermes", "2001:db8::48:4558:736d:7470")
+	, AAAA("hermes", "2001:db8::48:4558:696d:6170")
+	, A("hermes.ipv4", "192.0.2.25")
+	, AAAA("hermes.ipv6", "2001:db8::48:4558:736d:7470")
+	, AAAA("hermes.ipv6", "2001:db8::48:4558:696d:6170")
+	, SSHFP("hermes", 1, 2, "4472ff5bd0528cd49216af4503ba6a1c48f121d0292a31d6af193e5000af4966")
+	, SSHFP("hermes", 3, 2, "eaba20c1565676a5229184ccfcf82d0ee408f91757a67d9fa51a0b6f3db4a33b")
+	, SSHFP("hermes", 4, 2, "a9d89920e599d04363c8b35a4ce66c1ed257ea1d16981f060b6aed080bbb7a7c")
+	, SSHFP("hermes.ipv4", 1, 2, "4472ff5bd0528cd49216af4503ba6a1c48f121d0292a31d6af193e5000af4966")
+	, SSHFP("hermes.ipv4", 3, 2, "eaba20c1565676a5229184ccfcf82d0ee408f91757a67d9fa51a0b6f3db4a33b")
+	, SSHFP("hermes.ipv4", 4, 2, "a9d89920e599d04363c8b35a4ce66c1ed257ea1d16981f060b6aed080bbb7a7c")
+	, SSHFP("hermes.ipv6", 1, 2, "4472ff5bd0528cd49216af4503ba6a1c48f121d0292a31d6af193e5000af4966")
+	, SSHFP("hermes.ipv6", 3, 2, "eaba20c1565676a5229184ccfcf82d0ee408f91757a67d9fa51a0b6f3db4a33b")
+	, SSHFP("hermes.ipv6", 4, 2, "a9d89920e599d04363c8b35a4ce66c1ed257ea1d16981f060b6aed080bbb7a7c")
+	, A("kerb-service", "192.0.2.88")
+	, AAAA("kerb-service", "2001:db8::48:4558:6b65:7262")
+	, A("security", "192.0.2.92")
+	, AAAA("security", "2001:db8::48:4558:53:4543")
+	, A("security.ipv4", "192.0.2.92")
+	, AAAA("security.ipv6", "2001:db8::48:4558:53:4543")
+	, A("services", "192.0.2.93")
+	, AAAA("services", "2001:db8::48:4558:5345:5256")
+	, A("services.ipv4", "192.0.2.93")
+	, AAAA("services.ipv6", "2001:db8::48:4558:5345:5256")
+	, A("openpgpkey", "192.0.2.92")
+	, AAAA("openpgpkey", "2001:db8::48:4558:53:4543")
+	, CNAME("finger", "barbican.example.org.")
+	, CNAME("finger.ipv4", "barbican.ipv4.example.org.")
+	, CNAME("finger.ipv6", "barbican.ipv6.example.org.")
+	, A("avatars", "192.0.2.93")
+	, AAAA("avatars", "2001:db8::48:4558:5345:5256")
+	, CNAME("dict", "services.example.org.")
+	, CNAME("people", "services.example.org.")
+	, CNAME("people.ipv4", "services.ipv4.example.org.")
+	, CNAME("people.ipv6", "services.ipv6.example.org.")
+	, CNAME("wpad", "services.example.org.")
+	, CNAME("www", "services.example.org.")
+	, CNAME("www.ipv4", "services.ipv4.example.org.")
+	, CNAME("www.ipv6", "services.ipv6.example.org.")
+	, CAA("@", "issue", "example.net")
+	, CAA("@", "issue", "letsencrypt.org\; accounturi=https://acme-v01.api.letsencrypt.org/acme/reg/1234567")
+	, CAA("@", "issue", "letsencrypt.org\; accounturi=https://acme-staging-v02.api.letsencrypt.org/acme/acct/23456789")
+	, CAA("@", "issue", "letsencrypt.org\; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/76543210")
+	, CAA("@", "issuewild", ";")
+	, CAA("@", "iodef", "mailto:security@example.org")
+	, TLSA("_ourcaca4-tlsa", 2, 0, 1, "ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488")
+	, TLSA("_ourcaca5-tlsa", 2, 0, 1, "11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1")
+	, TLSA("_cacert-c3-tlsa", 2, 0, 1, "4edde9e55ca453b388887caa25d5c5c5bccf2891d73b87495808293d5fac83c8")
+	, TLSA("_letsencrypt-tlsa", 2, 1, 1, "60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18")
+	, TLSA("_letsencrypt-tlsa", 2, 1, 1, "b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b")
+	, TLSA("_amazon-tlsa", 2, 0, 1, "8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e")
+	, TLSA("_amazon-tlsa", 2, 0, 1, "1ba5b2aa8c65401a82960118f80bec4f62304d83cec4713a19c39c011ea46db4")
+	, TLSA("_amazon-tlsa", 2, 0, 1, "18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4")
+	, TLSA("_amazon-tlsa", 2, 0, 1, "e35d28419ed02025cfa69038cd623962458da5c695fbdea3c22b0bfb25897092")
+	, TLSA("_ourca-tlsa", 2, 0, 1, "ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488")
+	, TLSA("_ourca-tlsa", 2, 0, 1, "11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1")
+	, TLSA("_ourca-cacert-tlsa", 2, 0, 1, "ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488")
+	, TLSA("_ourca-cacert-tlsa", 2, 0, 1, "11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1")
+	, TLSA("_ourca-cacert-tlsa", 2, 0, 1, "4edde9e55ca453b388887caa25d5c5c5bccf2891d73b87495808293d5fac83c8")
+	, TLSA("_ourca-le-tlsa", 2, 0, 1, "ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488")
+	, TLSA("_ourca-le-tlsa", 2, 0, 1, "11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1")
+	, TLSA("_ourca-le-tlsa", 2, 1, 1, "60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18")
+	, TLSA("_ourca-le-tlsa", 2, 1, 1, "b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b")
+	, TLSA("_ourca-cacert-le-tlsa", 2, 0, 1, "ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488")
+	, TLSA("_ourca-cacert-le-tlsa", 2, 0, 1, "11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1")
+	, TLSA("_ourca-cacert-le-tlsa", 2, 0, 1, "4edde9e55ca453b388887caa25d5c5c5bccf2891d73b87495808293d5fac83c8")
+	, TLSA("_ourca-cacert-le-tlsa", 2, 1, 1, "60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18")
+	, TLSA("_ourca-cacert-le-tlsa", 2, 1, 1, "b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b")
+	, TLSA("_cacert-le-tlsa", 2, 0, 1, "4edde9e55ca453b388887caa25d5c5c5bccf2891d73b87495808293d5fac83c8")
+	, TLSA("_cacert-le-tlsa", 2, 1, 1, "60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18")
+	, TLSA("_cacert-le-tlsa", 2, 1, 1, "b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b")
+	, TLSA("_le-amazon-tlsa", 2, 1, 1, "60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18")
+	, TLSA("_le-amazon-tlsa", 2, 1, 1, "b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b")
+	, TLSA("_le-amazon-tlsa", 2, 0, 1, "8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e")
+	, TLSA("_le-amazon-tlsa", 2, 0, 1, "1ba5b2aa8c65401a82960118f80bec4f62304d83cec4713a19c39c011ea46db4")
+	, TLSA("_le-amazon-tlsa", 2, 0, 1, "18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4")
+	, TLSA("_le-amazon-tlsa", 2, 0, 1, "e35d28419ed02025cfa69038cd623962458da5c695fbdea3c22b0bfb25897092")
+	, TLSA("_ourca-le-amazon-tlsa", 2, 0, 1, "ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488")
+	, TLSA("_ourca-le-amazon-tlsa", 2, 0, 1, "11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1")
+	, TLSA("_ourca-le-amazon-tlsa", 2, 1, 1, "60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18")
+	, TLSA("_ourca-le-amazon-tlsa", 2, 1, 1, "b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b")
+	, TLSA("_ourca-le-amazon-tlsa", 2, 0, 1, "8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e")
+	, TLSA("_ourca-le-amazon-tlsa", 2, 0, 1, "1ba5b2aa8c65401a82960118f80bec4f62304d83cec4713a19c39c011ea46db4")
+	, TLSA("_ourca-le-amazon-tlsa", 2, 0, 1, "18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4")
+	, TLSA("_ourca-le-amazon-tlsa", 2, 0, 1, "e35d28419ed02025cfa69038cd623962458da5c695fbdea3c22b0bfb25897092")
+	, CNAME("_443._tcp.www", "_ourca-le-tlsa.example.org.")
+	, CNAME("_443._tcp.www.ipv4", "_ourca-le-tlsa.example.org.")
+	, CNAME("_443._tcp.www.ipv6", "_ourca-le-tlsa.example.org.")
+	, CNAME("_443._tcp.people", "_ourca-le-tlsa.example.org.")
+	, CNAME("_443._tcp.people.ipv4", "_ourca-le-tlsa.example.org.")
+	, CNAME("_443._tcp.people.ipv6", "_ourca-le-tlsa.example.org.")
+	, CNAME("_443._tcp.git", "_ourca-le-tlsa.example.org.")
+	, CNAME("_443._tcp.svn", "_ourca-le-tlsa.example.org.")
+	, CNAME("_5222._tcp.xmpp", "_ourca-le-tlsa.example.org.")
+	, CNAME("_5223._tcp.xmpp", "_ourca-le-tlsa.example.org.")
+	, CNAME("_5269._tcp.xmpp-s2s", "_ourca-le-tlsa.example.org.")
+	, CNAME("_25._tcp.mx", "_ourca-le-tlsa.example.org.")
+	, CNAME("_26._tcp.mx", "_ourca-le-tlsa.example.org.")
+	, CNAME("_27._tcp.mx", "_ourca-le-tlsa.example.org.")
+	, CNAME("_465._tcp.smtp46", "_ourca-le-tlsa.example.org.")
+	, CNAME("_587._tcp.smtp46", "_ourca-le-tlsa.example.org.")
+	, CNAME("_1465._tcp.smtp46", "_ourca-le-tlsa.example.org.")
+	, CNAME("_1587._tcp.smtp46", "_ourca-le-tlsa.example.org.")
+	, CNAME("_465._tcp.smtp", "_ourca-le-tlsa.example.org.")
+	, CNAME("_587._tcp.smtp", "_ourca-le-tlsa.example.org.")
+	, CNAME("_1465._tcp.smtp", "_ourca-le-tlsa.example.org.")
+	, CNAME("_1587._tcp.smtp", "_ourca-le-tlsa.example.org.")
+	, CNAME("_143._tcp.imap46", "_ourca-le-tlsa.example.org.")
+	, CNAME("_993._tcp.imap46", "_ourca-le-tlsa.example.org.")
+	, CNAME("_143._tcp.imap", "_ourca-le-tlsa.example.org.")
+	, CNAME("_993._tcp.imap", "_ourca-le-tlsa.example.org.")
+	, CNAME("_4190._tcp.imap", "_ourca-le-tlsa.example.org.")
+	, CNAME("www.security", "security.example.org.")
+	, CNAME("www.security.ipv4", "security.ipv4.example.org.")
+	, CNAME("www.security.ipv6", "security.ipv6.example.org.")
+	, CNAME("_443._tcp.www.security", "_ourca-le-tlsa.example.org.")
+	, CNAME("_443._tcp.www.security.ipv4", "_ourca-le-tlsa.example.org.")
+	, CNAME("_443._tcp.www.security.ipv6", "_ourca-le-tlsa.example.org.")
+	, CNAME("_443._tcp.security", "_ourca-le-tlsa.example.org.")
+	, CNAME("_443._tcp.security.ipv4", "_ourca-le-tlsa.example.org.")
+	, CNAME("_443._tcp.security.ipv6", "_ourca-le-tlsa.example.org.")
+	, CNAME("_acme-challenge", "_acme-challenge.chat-acme.d.example.net.", TTL(15))
+	, CNAME("_acme-challenge.xmpp", "_acme-challenge.xmpp.chat-acme.d.example.net.", TTL(15))
+	, CNAME("_acme-challenge.chat", "_acme-challenge.chat.chat-acme.d.example.net.", TTL(15))
+	, CNAME("_acme-challenge.conference", "_acme-challenge.conference.chat-acme.d.example.net.", TTL(15))
+	, CNAME("_acme-challenge.proxy-chatfiles", "_acme-challenge.proxy-chatfiles.chat-acme.d.example.net.", TTL(15))
+	, CNAME("_acme-challenge.pubsub.xmpp", "_acme-challenge.pubsub.xmpp.chat-acme.d.example.net.", TTL(15))
+	, AAAA("imap", "2001:db8::48:4558:696d:6170")
+	, A("imap", "192.0.2.25")
+	, AAAA("smtp", "2001:db8::48:4558:736d:7470")
+	, A("smtp", "192.0.2.25")
+	, A("smtp46", "192.0.2.25")
+	, AAAA("smtp46", "2001:db8::48:4558:736d:7470")
+	, A("imap46", "192.0.2.25")
+	, AAAA("imap46", "2001:db8::48:4558:696d:6170")
+	, A("mx", "192.0.2.25")
+	, AAAA("mx", "2001:db8::48:4558:736d:7470")
+	, A("mx.ipv4", "192.0.2.25")
+	, AAAA("mx.ipv6", "2001:db8::48:4558:736d:7470")
+	, TXT("mx", "v=spf1 a include:_spflarge.example.net -all")
+	, TXT("_mta-sts", "v=STSv1; id=20191231r1;")
+	, TXT("mta-sts", "v=STSv1; id=20191231r1;")
+	, A("mta-sts", "192.0.2.93")
+	, AAAA("mta-sts", "2001:db8::48:4558:5345:5256")
+	, AAAA("xmpp.ipv6", "2001:db8::f0ab:cdef:1234:f00f")
+	, AAAA("xmpp-s2s.ipv6", "2001:db8::f0ab:cdef:1234:f00f")
+	, A("xmpp", "203.0.113.175")
+	, AAAA("xmpp", "2001:db8::f0ab:cdef:1234:f00f")
+	, A("xmpp-s2s", "203.0.113.175")
+	, AAAA("xmpp-s2s", "2001:db8::f0ab:cdef:1234:f00f")
+	, CNAME("proxy-chatfiles", "xmpp.example.org.")
+	, CNAME("fileproxy.xmpp", "xmpp.example.org.")
+	, CNAME("conference", "xmpp-s2s.example.org.")
+	, SRV("_xmpp-server._tcp.conference", 10, 2, 5269, "xmpp-s2s.example.org.")
+	, CNAME("pubsub.xmpp", "xmpp-s2s.example.org.")
+	, A("chat", "203.0.113.175")
+	, AAAA("chat", "2001:db8::f0ab:cdef:1234:f00f")
+	, CNAME("proxy-chatfiles.chat", "chat.example.org.")
+	, CNAME("fileproxy.chat", "chat.example.org.")
+	, CNAME("conference.chat", "chat.example.org.")
+	, CNAME("pubsub.chat", "chat.example.org.")
+	, SRV("_xmpp-server._tcp.conference", 10, 2, 5269, "chat.example.org.")
+	, AAAA("auth", "2001:db8::48:4558:6175:7468")
+	, AAAA("kpeople", "2001:db8::48:4558:6b70:706c")
+	, AAAA("ocsp.security", "2001:db8::48:4558:6f63:7370")
+	, AAAA("webauth", "2001:db8::48:4558:7765:6261")
+	, A("news-feed", "192.0.2.93")
+	, AAAA("news-feed", "2001:db8::48:4558:6e6e:7470")
+	, CNAME("go", "abcdefghijklmn.cloudfront.net.")
+	, A("foo", "192.0.2.200")
+	, MX("gladys", 10, "mx.example.org.")
+	, TXT("_adsp._domainkey.gladys", "dkim=all")
+	, TXT("_dmarc.gladys", "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s")
+	, TXT("_report.gladys", "r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;")
+	, TXT("_smtp._tls.gladys", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org")
+	, TXT("_smtp-tlsrpt.gladys", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org")
+	, MX("fred", 10, "mx.example.org.")
+	, A("fred", "192.0.2.93")
+	, AAAA("fred", "2001:db8::48:4558:5345:5256")
+	, TXT("fred", "v=spf1 ip4:192.0.2.25 ip6:2001:db8::1:25 mx include:_spf.example.com ~all")
+	, TXT("d201911._domainkey.fred", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/OMUa3PnWh9LqXFVwlAgYDdTtbq3zTtTOSBmJq5yWauzXYcUuSmhW7CsV0QQlacCsQgJlwg9Nl1vO1TosAj5EKUCLTeSqjlWrM7KXKPx8FT71Q9H9wXX4MHUyGrqHFo0OPzcmtHwqcd8AD6MIvJHSRoAfiPPBp8Euc0wGnJZdGS75Hk+wA3MQ2/Tlz", "P2eenyiFyqmUTAGOYsGC/tREsWPiegR/OVxNGlzTY6quHsuVK7UYtIyFnYx9PGWdl3b3p7VjQ5V0Rp+2CLtVrCuS6Zs+/3NhZdM7mdD0a9Jgxakwa1le5YmB5lHTGF7T8quy6TlKe9lMUIRNjqTHfSFz/MwIDAQAB"])
+	, TXT("d201911e2._domainkey.fred", "v=DKIM1; k=ed25519; p=rQNsV9YcPJn/WYI1EDLjNbN/VuX1Hqq/oe4htbnhv+A=")
+	, TXT("d202003._domainkey.fred", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpnx7tnRxAnE/poIRbVb2i+f1uQCXWnBHzHurgEyZX0CmGaiJuCbr8SWOW2PoXq9YX8gIv2TS3uzwGv/4yA2yX9Z9zar1LeWUfGgMWLdCol9xfmWrI+6MUzxuwhw/mXwzigbI4bHoakh3ez/i3J9KPS85GfrOODqA1emR13f2pG8EzAcje+rwW2PtYj", "c0h+FMDpeLuPYyYszFbNlrkVUneesxnoz+o4x/s6P14ZoRqz5CR7u6G02HwnNaHads5Eto6FYYErUUTtFmgWuYabHxgLVGRdRQs6B5OBYT/3L2q/lAgmEgdy/QL+c0Psfj99/XQmO8fcM0scBzw2ukQzcUwIDAQAB"])
+	, TXT("d202003e2._domainkey.fred", "v=DKIM1; k=ed25519; p=0DAPp/IRLYFI/Z4YSgJRi4gr7xcu1/EfJ5mjVn10aAw=")
+	, TXT("_adsp._domainkey.fred", "dkim=all")
+	, TXT("_dmarc.fred", "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s")
+	, TXT("_report.fred", "r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;")
+	, TXT("_smtp._tls.fred", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org")
+	, TXT("_smtp-tlsrpt.fred", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org")
+	, MX("mailtest", 10, "mx.example.org.")
+	, TXT("d201911._domainkey.mailtest", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9xHnjHyhm1weA6FjOqM8LKVsklFt26HXWoe/0XCdmBG4i/UzQ7RiSgWO4kv7anPK6qf6rtL1xYsHufaRXG8yLsZxz+BbUP99eZvxZX78tMg4cGf+yU6uFxulCbOzsMy+8Cc3bbQTtIWYjyWBwnHdRRrCkQxjZ5KAd+x7ZB5qzqg2/eLJ7fCuNsr/xn", "0XTY6XYgug95e3h4CEW3Y+bkG81AMeJmT/hoVTcXvT/Gm6ZOUmx6faQWIHSW7qOR3VS6S75HOuclEUk0gt9r7OQHKl01sXh8g02SHRk8SUMEoNVayqplYZTFFF01Z192m7enmpp+St+HHUIT6jW/CAMCO3wIDAQAB"])
+	, TXT("d201911e2._domainkey.mailtest", "v=DKIM1; k=ed25519; p=afulDDnhaTzdqKQN0jtWV04eOhAcyBk3NCyVheOf53Y=")
+	, TXT("d202003._domainkey.mailtest", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2BTVZaVLvL3qZBPaF7tRR0SdOKe+hjcpQ5fqO48lEuYiyTb6lkn8DPjDK11gTN3au0Bm+y8KC7ITKSJosuJXytxt3wqc61Pwtmb/Cy7GzmOF1AuegydB3/88VbgHT5DZucHrh6+ValZk4Trkx+/1K26Uo+h2KL2n/Ldb1y91ATHujp8DqxAOhiZ7KN", "aS1okNRRB4/14jPufAbeiN8/iBPiY5Hl80KHmpjM+7vvjb5jiecZ1ZrVDj7eTES4pmVh2v1c106mZLieoqDPYaf/HVbCM4E4n1B6kjbboSOpANADIcqXxGJQ7Be7/Sk9f7KwRusrsMHXmBHgm4wPmwGVZ3QIDAQAB"])
+	, TXT("d202003e2._domainkey.mailtest", "v=DKIM1; k=ed25519; p=iqwH/hhozFdeo1xnuldr8KUi7O7g+DzmC+f0SYMKVDc=")
+	, TXT("_adsp._domainkey.mailtest", "dkim=all")
+	, TXT("_dmarc.mailtest", "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s")
+	, TXT("_report.mailtest", "r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;")
+	, TXT("_smtp._tls.mailtest", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org")
+	, TXT("_smtp-tlsrpt.mailtest", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org")
+	, SRV("_pgpkey-http._tcp.sks", 0, 0, 0, ".")
+	, SRV("_pgpkey-https._tcp.sks", 0, 0, 0, ".")
+	, SRV("_hkp._tcp.sks", 0, 0, 0, ".")
+	, SRV("_pgpkey-http._tcp.sks-peer", 0, 0, 0, ".")
+	, SRV("_pgpkey-https._tcp.sks-peer", 0, 0, 0, ".")
+	, SRV("_hkp._tcp.sks-peer", 0, 0, 0, ".")
+	, NS("yoyo", "ns5.he.net.")
+	, NS("yoyo", "ns4.he.net.")
+	, NS("yoyo", "ns3.he.net.")
+	, NS("yoyo", "ns2.he.net.")
+	, NS("yoyo", "ns1.he.net.")
+	, NS("khard", "ns-cloud-d1.googledomains.com.")
+	, NS("khard", "ns-cloud-d2.googledomains.com.")
+	, NS("khard", "ns-cloud-d3.googledomains.com.")
+	, NS("khard", "ns-cloud-d4.googledomains.com.")
+	, MX("realhost", 0, ".")
+	, TXT("realhost", "v=spf1 -all")
+	, TLSA("_25._tcp.realhost", 3, 0, 0, "0000000000000000000000000000000000000000000000000000000000000000")
+	, CNAME("_fedcba9876543210fedcba9876543210.go", "_45678901234abcdef45678901234abcd.ggedgsdned.acm-validations.aws.")
+	, CNAME("opqrstuvwxyz", "gv-abcdefghijklmn.dv.googlehosted.com.")
+	, CNAME("zyxwvutsrqpo", "gv-nmlkjihgfedcba.dv.googlehosted.com.")
+	, CNAME("0123456789abcdef0123456789abcdef", "verify.bing.com.")
 )
diff --git a/commands/test_data/example.org.zone.js b/commands/test_data/example.org.zone.js
index 65b5561c9..70f253630 100644
--- a/commands/test_data/example.org.zone.js
+++ b/commands/test_data/example.org.zone.js
@@ -3,353 +3,353 @@ var REG_CHANGEME = NewRegistrar("none");
 D("example.org", REG_CHANGEME,
 	DnsProvider(DSP_BIND),
 	DefaultTTL(7200),
-	//SOA('@', 'ns1.example.org.', 'hostmaster.example.org.', 2020030700, 7200, 3600, 864000, 7200, TTL(43200)),
-	//NAMESERVER('ns1.example.org.'),
-	//NAMESERVER('ns2.example.org.'),
-	//NAMESERVER('ns-a.example.net.'),
-	//NAMESERVER('friend-dns.example.com.'),
-	MX('@', 10, 'mx.example.org.'),
-	TXT('@', 'v=spf1 ip4:192.0.2.25 ip6:2001:db8::1:25 mx include:_spf.example.com ~all'),
-	SRV('_client._smtp', 1, 1, 1, 'example.org.'),
-	SRV('_client._smtp.mx', 1, 2, 1, 'mx.example.org.'),
-	SRV('_client._smtp.foo', 1, 2, 1, 'foo.example.org.'),
-	SRV('_kerberos._tcp', 10, 1, 88, 'kerb-service.example.org.'),
-	SRV('_kerberos._udp', 10, 1, 88, 'kerb-service.example.org.'),
-	SRV('_kpasswd._udp', 10, 1, 464, 'kerb-service.example.org.'),
-	SRV('_kerberos-adm._tcp', 10, 1, 749, 'kerb-service.example.org.'),
-	TXT('_kerberos', 'EXAMPLE.ORG'),
-	SRV('_ldap._tcp', 0, 0, 0, '.'),
-	SRV('_ldap._udp', 0, 0, 0, '.'),
-	SRV('_jabber._tcp', 10, 2, 5269, 'xmpp-s2s.example.org.'),
-	SRV('_xmpp-server._tcp', 10, 2, 5269, 'xmpp-s2s.example.org.'),
-	SRV('_xmpp-client._tcp', 10, 2, 5222, 'xmpp.example.org.'),
-	SRV('_im._sip', 0, 0, 0, '.'),
-	SRV('_pres._sip', 0, 0, 0, '.'),
-	SRV('_sip+d2t._tcp', 0, 0, 0, '.'),
-	SRV('_sips+d2t._tcp', 0, 0, 0, '.'),
-	SRV('_sip+d2u._udp', 0, 0, 0, '.'),
-	SRV('_sip+d2s._sctp', 0, 0, 0, '.'),
-	SRV('_sips+d2s._sctp', 0, 0, 0, '.'),
-	SRV('_submission._tcp', 10, 10, 587, 'smtp.example.org.'),
-	SRV('_submissions._tcp', 10, 10, 465, 'smtp.example.org.'),
-	SRV('_imap._tcp', 10, 10, 143, 'imap.example.org.'),
-	SRV('_imaps._tcp', 10, 10, 993, 'imap.example.org.'),
-	SRV('_pop3._tcp', 0, 0, 0, '.'),
-	SRV('_pop3s._tcp', 0, 0, 0, '.'),
-	SRV('_sieve._tcp', 10, 10, 4190, 'imap.example.org.'),
-	TXT('dns-moreinfo', ['Fred Bloggs, TZ=America/New_York', 'Chat-Service-X: @handle1', 'Chat-Service-Y: federated-handle@example.org']),
-	SRV('_pgpkey-http._tcp', 0, 0, 0, '.'),
-	SRV('_pgpkey-https._tcp', 0, 0, 0, '.'),
-	SRV('_hkp._tcp', 0, 0, 0, '.'),
-	SRV('_openpgpkey._tcp', 10, 10, 443, 'openpgpkey.example.org.'),
-	SRV('_finger._tcp', 10, 10, 79, 'barbican.example.org.'),
-	SRV('_avatars-sec._tcp', 10, 10, 443, 'avatars.example.org.'),
-	A('@', '192.0.2.1'),
-	AAAA('@', '2001:db8::1:1'),
-	TXT('_adsp._domainkey', 'dkim=all'),
-	TXT('_dmarc', 'v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s'),
-	TXT('d201911._domainkey', ['v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SmyE5Tz5/wPL8cb2AKuHnlFeLMOhAl1UX/NYaeDCKMWoBPTgZRT0jonKLmV2UscHdodXu5ZsLr/NAuLCp7HmPLReLz7kxKncP6ppveKxc1aq5SPTKeWe77p6BptlahHc35eiXsZRpTsEzrbEOainy1IWEd+w9p1gWbrSutwE22z0i4V88nQ9UBa1ks', '6cVGxXBZFovWC+i28aGs6Lc7cSfHG5+Mrg3ud5X4evYXTGFMPpunMcCsXrqmS5a+5gRSEMZhngha/cHjLwaJnWzKaywNWF5XOsCjL94QkS0joB7lnGOHMNSZBCcu542Y3Ht3SgHhlpkF9mIbIRfpzA9IoSQIDAQAB']),
-	TXT('d201911e2._domainkey', 'v=DKIM1; k=ed25519; p=GBt2k2L39KUb39fg5brOppXDHXvISy0+ECGgPld/bIo='),
-	TXT('d202003._domainkey', ['v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/1tQvOEs7xtKNm7PbPgY4hQjwHVvqqkDb0+TeqZHYRSczQ3c0LFJrIDFiPIdwQe/7AuKrxvATSh/uXKZ3EP4ouMgROPZnUxVXENeetJj+pc3nfGwTKUBTTTth+SO74gdIWsntjvAfduzosC4ZkxbDwZ9c253qXARGvGu+LB/iAeq0ngEbm5fU13+Jo', 'pv0d4dR6oGe9GvMEnGGLZzNrxWl1BPe2x5JZ5/X/3fW8vJx3OgRB5N6fqbAJ6HZ9kcbikDH4lPPl9RIoprFk7mmwno/nXLQYGhPobmqq8wLkDiXEkWtYa5lzujz3XI3Zkk8ZIOGvdbVVfAttT0IVPnYkOhQIDAQAB']),
-	TXT('d202003e2._domainkey', 'v=DKIM1; k=ed25519; p=DQI5d9sNMrr0SLDoAi071IFOyKnlbR29hAQdqVQecQg='),
-	TXT('_report', 'r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;'),
-	TXT('_smtp._tls', 'v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org'),
-	TXT('_smtp-tlsrpt', 'v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org'),
-	TXT('example.net._report._dmarc', 'v=DMARC1'),
-	TXT('example.com._report._dmarc', 'v=DMARC1'),
-	TXT('xn--2j5b.xn--9t4b11yi5a._report._dmarc', 'v=DMARC1'),
-	TXT('special.test._report._dmarc', 'v=DMARC1'),
-	TXT('xn--qck5b9a5eml3bze.xn--zckzah._report._dmarc', 'v=DMARC1'),
-	CNAME('*._smimecert', '_ourca-smimea.example.org.'),
-	PTR('b._dns-sd._udp', 'field.example.org.'),
-	PTR('lb._dns-sd._udp', 'field.example.org.'),
-	PTR('r._dns-sd._udp', 'field.example.org.'),
-	NS('field', 'ns1.example.org.'),
-	NS('field', 'ns2.example.org.'),
-	A('barbican', '192.0.2.1'),
-	AAAA('barbican', '2001:db8::1:1'),
-	A('barbican.ipv4', '192.0.2.1'),
-	AAAA('barbican.ipv6', '2001:db8::1:1'),
-	A('megalomaniac', '198.51.100.254'),
-	AAAA('megalomaniac', '2001:db8:ffef::254'),
-	A('megalomaniac.ipv4', '198.51.100.254'),
-	AAAA('megalomaniac.ipv6', '2001:db8:ffef::254'),
-	SSHFP('megalomaniac', 1, 2, '4e9ced94d3caf2ce915f85a63ce7279d5118a79ea03dac59cf4859b825d2f619'),
-	SSHFP('megalomaniac', 3, 2, 'd3556a3db83ab9ccec39dc6693dd2f3e28b178c9bba61880924821c426cc61eb'),
-	SSHFP('megalomaniac', 4, 2, 'c60c9d9d4728668f5f46986ff0c5b416c5e913862c4970cbfe211a6f44a111b4'),
-	SSHFP('megalomaniac.ipv4', 1, 2, '4e9ced94d3caf2ce915f85a63ce7279d5118a79ea03dac59cf4859b825d2f619'),
-	SSHFP('megalomaniac.ipv4', 3, 2, 'd3556a3db83ab9ccec39dc6693dd2f3e28b178c9bba61880924821c426cc61eb'),
-	SSHFP('megalomaniac.ipv4', 4, 2, 'c60c9d9d4728668f5f46986ff0c5b416c5e913862c4970cbfe211a6f44a111b4'),
-	SSHFP('megalomaniac.ipv6', 1, 2, '4e9ced94d3caf2ce915f85a63ce7279d5118a79ea03dac59cf4859b825d2f619'),
-	SSHFP('megalomaniac.ipv6', 3, 2, 'd3556a3db83ab9ccec39dc6693dd2f3e28b178c9bba61880924821c426cc61eb'),
-	SSHFP('megalomaniac.ipv6', 4, 2, 'c60c9d9d4728668f5f46986ff0c5b416c5e913862c4970cbfe211a6f44a111b4'),
-	A('tower', '192.0.2.42'),
-	AAAA('tower', '2001:db8::1:42'),
-	A('tower.ipv4', '192.0.2.42'),
-	AAAA('tower.ipv6', '2001:db8::1:42'),
-	SSHFP('tower', 1, 2, '0f211d236e94768911a294f38653c4af6fa935a5b06c975d8162f59142571451'),
-	SSHFP('tower', 3, 2, '88bf7b7401c11fa2e84871efb06cd73d8fc409154605b354db2dda0b82fe1160'),
-	SSHFP('tower', 4, 2, '6d30900be0faaae73568fc007a87b4d076cf9a351ecacc1106aef726c34ad61d'),
-	SSHFP('tower.ipv4', 1, 2, '0f211d236e94768911a294f38653c4af6fa935a5b06c975d8162f59142571451'),
-	SSHFP('tower.ipv4', 3, 2, '88bf7b7401c11fa2e84871efb06cd73d8fc409154605b354db2dda0b82fe1160'),
-	SSHFP('tower.ipv4', 4, 2, '6d30900be0faaae73568fc007a87b4d076cf9a351ecacc1106aef726c34ad61d'),
-	SSHFP('tower.ipv6', 1, 2, '0f211d236e94768911a294f38653c4af6fa935a5b06c975d8162f59142571451'),
-	SSHFP('tower.ipv6', 3, 2, '88bf7b7401c11fa2e84871efb06cd73d8fc409154605b354db2dda0b82fe1160'),
-	SSHFP('tower.ipv6', 4, 2, '6d30900be0faaae73568fc007a87b4d076cf9a351ecacc1106aef726c34ad61d'),
-	A('vcs', '192.0.2.228'),
-	AAAA('vcs', '2001:db8::48:4558:4456:4353'),
-	A('vcs.ipv4', '192.0.2.228'),
-	AAAA('vcs.ipv6', '2001:db8::48:4558:4456:4353'),
-	CNAME('git', 'vcs.example.org.'),
-	CNAME('git.ipv4', 'vcs.ipv4.example.org.'),
-	CNAME('git.ipv6', 'vcs.ipv6.example.org.'),
-	AAAA('svn', '2001:db8::48:4558:73:766e'),
-	SSHFP('vcs', 1, 2, 'b518be390babdf43cb2d598aa6befa6ce6878546bf107b829d0cfc65253a97d4'),
-	SSHFP('vcs', 3, 2, 'e92545dc0bf501f72333ddeb7a37afc2c5b408ce39a3ad95fbc66236f0077323'),
-	SSHFP('vcs', 4, 2, '02289441124a487095a6cda2e946c6a8ed9087faf3592ec4135536c3e615521c'),
-	SSHFP('vcs.ipv4', 1, 2, 'b518be390babdf43cb2d598aa6befa6ce6878546bf107b829d0cfc65253a97d4'),
-	SSHFP('vcs.ipv4', 3, 2, 'e92545dc0bf501f72333ddeb7a37afc2c5b408ce39a3ad95fbc66236f0077323'),
-	SSHFP('vcs.ipv4', 4, 2, '02289441124a487095a6cda2e946c6a8ed9087faf3592ec4135536c3e615521c'),
-	SSHFP('vcs.ipv6', 1, 2, 'b518be390babdf43cb2d598aa6befa6ce6878546bf107b829d0cfc65253a97d4'),
-	SSHFP('vcs.ipv6', 3, 2, 'e92545dc0bf501f72333ddeb7a37afc2c5b408ce39a3ad95fbc66236f0077323'),
-	SSHFP('vcs.ipv6', 4, 2, '02289441124a487095a6cda2e946c6a8ed9087faf3592ec4135536c3e615521c'),
-	A('nsauth', '192.0.2.53'),
-	AAAA('nsauth', '2001:db8::53:1'),
-	A('nsauth.ipv4', '192.0.2.53'),
-	AAAA('nsauth.ipv6', '2001:db8::53:1'),
-	SSHFP('nsauth', 1, 2, '895804ae022fff643b2677563cb850607c5bb564d9919896c521098c8abc40f2'),
-	SSHFP('nsauth', 3, 2, '28a65470badae611375747e1a803211c41e3d71e97741fa92ccbdf7b01f34e42'),
-	SSHFP('nsauth', 4, 2, '6e10445c0649c03fa83e18b1873e5b89b3a20893ecb48d01e7cedb3dd563ecf0'),
-	SSHFP('nsauth.ipv4', 1, 2, '895804ae022fff643b2677563cb850607c5bb564d9919896c521098c8abc40f2'),
-	SSHFP('nsauth.ipv4', 3, 2, '28a65470badae611375747e1a803211c41e3d71e97741fa92ccbdf7b01f34e42'),
-	SSHFP('nsauth.ipv4', 4, 2, '6e10445c0649c03fa83e18b1873e5b89b3a20893ecb48d01e7cedb3dd563ecf0'),
-	SSHFP('nsauth.ipv6', 1, 2, '895804ae022fff643b2677563cb850607c5bb564d9919896c521098c8abc40f2'),
-	SSHFP('nsauth.ipv6', 3, 2, '28a65470badae611375747e1a803211c41e3d71e97741fa92ccbdf7b01f34e42'),
-	SSHFP('nsauth.ipv6', 4, 2, '6e10445c0649c03fa83e18b1873e5b89b3a20893ecb48d01e7cedb3dd563ecf0'),
-	A('ns1', '192.0.2.53'),
-	AAAA('ns1', '2001:db8::53:1'),
-	A('ns2', '203.0.113.53'),
-	AAAA('ns2', '2001:db8:113::53'),
-	A('hermes', '192.0.2.25'),
-	AAAA('hermes', '2001:db8::48:4558:736d:7470'),
-	AAAA('hermes', '2001:db8::48:4558:696d:6170'),
-	A('hermes.ipv4', '192.0.2.25'),
-	AAAA('hermes.ipv6', '2001:db8::48:4558:736d:7470'),
-	AAAA('hermes.ipv6', '2001:db8::48:4558:696d:6170'),
-	SSHFP('hermes', 1, 2, '4472ff5bd0528cd49216af4503ba6a1c48f121d0292a31d6af193e5000af4966'),
-	SSHFP('hermes', 3, 2, 'eaba20c1565676a5229184ccfcf82d0ee408f91757a67d9fa51a0b6f3db4a33b'),
-	SSHFP('hermes', 4, 2, 'a9d89920e599d04363c8b35a4ce66c1ed257ea1d16981f060b6aed080bbb7a7c'),
-	SSHFP('hermes.ipv4', 1, 2, '4472ff5bd0528cd49216af4503ba6a1c48f121d0292a31d6af193e5000af4966'),
-	SSHFP('hermes.ipv4', 3, 2, 'eaba20c1565676a5229184ccfcf82d0ee408f91757a67d9fa51a0b6f3db4a33b'),
-	SSHFP('hermes.ipv4', 4, 2, 'a9d89920e599d04363c8b35a4ce66c1ed257ea1d16981f060b6aed080bbb7a7c'),
-	SSHFP('hermes.ipv6', 1, 2, '4472ff5bd0528cd49216af4503ba6a1c48f121d0292a31d6af193e5000af4966'),
-	SSHFP('hermes.ipv6', 3, 2, 'eaba20c1565676a5229184ccfcf82d0ee408f91757a67d9fa51a0b6f3db4a33b'),
-	SSHFP('hermes.ipv6', 4, 2, 'a9d89920e599d04363c8b35a4ce66c1ed257ea1d16981f060b6aed080bbb7a7c'),
-	A('kerb-service', '192.0.2.88'),
-	AAAA('kerb-service', '2001:db8::48:4558:6b65:7262'),
-	A('security', '192.0.2.92'),
-	AAAA('security', '2001:db8::48:4558:53:4543'),
-	A('security.ipv4', '192.0.2.92'),
-	AAAA('security.ipv6', '2001:db8::48:4558:53:4543'),
-	A('services', '192.0.2.93'),
-	AAAA('services', '2001:db8::48:4558:5345:5256'),
-	A('services.ipv4', '192.0.2.93'),
-	AAAA('services.ipv6', '2001:db8::48:4558:5345:5256'),
-	A('openpgpkey', '192.0.2.92'),
-	AAAA('openpgpkey', '2001:db8::48:4558:53:4543'),
-	CNAME('finger', 'barbican.example.org.'),
-	CNAME('finger.ipv4', 'barbican.ipv4.example.org.'),
-	CNAME('finger.ipv6', 'barbican.ipv6.example.org.'),
-	A('avatars', '192.0.2.93'),
-	AAAA('avatars', '2001:db8::48:4558:5345:5256'),
-	CNAME('dict', 'services.example.org.'),
-	CNAME('people', 'services.example.org.'),
-	CNAME('people.ipv4', 'services.ipv4.example.org.'),
-	CNAME('people.ipv6', 'services.ipv6.example.org.'),
-	CNAME('wpad', 'services.example.org.'),
-	CNAME('www', 'services.example.org.'),
-	CNAME('www.ipv4', 'services.ipv4.example.org.'),
-	CNAME('www.ipv6', 'services.ipv6.example.org.'),
-	CAA('@', 'issue', 'example.net'),
-	CAA('@', 'issue', 'letsencrypt.org\; accounturi=https://acme-v01.api.letsencrypt.org/acme/reg/1234567'),
-	CAA('@', 'issue', 'letsencrypt.org\; accounturi=https://acme-staging-v02.api.letsencrypt.org/acme/acct/23456789'),
-	CAA('@', 'issue', 'letsencrypt.org\; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/76543210'),
-	CAA('@', 'issuewild', ';'),
-	CAA('@', 'iodef', 'mailto:security@example.org'),
-	TLSA('_ourcaca4-tlsa', 2, 0, 1, 'ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488'),
-	TLSA('_ourcaca5-tlsa', 2, 0, 1, '11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1'),
-	TLSA('_cacert-c3-tlsa', 2, 0, 1, '4edde9e55ca453b388887caa25d5c5c5bccf2891d73b87495808293d5fac83c8'),
-	TLSA('_letsencrypt-tlsa', 2, 1, 1, '60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18'),
-	TLSA('_letsencrypt-tlsa', 2, 1, 1, 'b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b'),
-	TLSA('_amazon-tlsa', 2, 0, 1, '8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e'),
-	TLSA('_amazon-tlsa', 2, 0, 1, '1ba5b2aa8c65401a82960118f80bec4f62304d83cec4713a19c39c011ea46db4'),
-	TLSA('_amazon-tlsa', 2, 0, 1, '18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4'),
-	TLSA('_amazon-tlsa', 2, 0, 1, 'e35d28419ed02025cfa69038cd623962458da5c695fbdea3c22b0bfb25897092'),
-	TLSA('_ourca-tlsa', 2, 0, 1, 'ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488'),
-	TLSA('_ourca-tlsa', 2, 0, 1, '11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1'),
-	TLSA('_ourca-cacert-tlsa', 2, 0, 1, 'ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488'),
-	TLSA('_ourca-cacert-tlsa', 2, 0, 1, '11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1'),
-	TLSA('_ourca-cacert-tlsa', 2, 0, 1, '4edde9e55ca453b388887caa25d5c5c5bccf2891d73b87495808293d5fac83c8'),
-	TLSA('_ourca-le-tlsa', 2, 0, 1, 'ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488'),
-	TLSA('_ourca-le-tlsa', 2, 0, 1, '11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1'),
-	TLSA('_ourca-le-tlsa', 2, 1, 1, '60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18'),
-	TLSA('_ourca-le-tlsa', 2, 1, 1, 'b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b'),
-	TLSA('_ourca-cacert-le-tlsa', 2, 0, 1, 'ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488'),
-	TLSA('_ourca-cacert-le-tlsa', 2, 0, 1, '11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1'),
-	TLSA('_ourca-cacert-le-tlsa', 2, 0, 1, '4edde9e55ca453b388887caa25d5c5c5bccf2891d73b87495808293d5fac83c8'),
-	TLSA('_ourca-cacert-le-tlsa', 2, 1, 1, '60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18'),
-	TLSA('_ourca-cacert-le-tlsa', 2, 1, 1, 'b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b'),
-	TLSA('_cacert-le-tlsa', 2, 0, 1, '4edde9e55ca453b388887caa25d5c5c5bccf2891d73b87495808293d5fac83c8'),
-	TLSA('_cacert-le-tlsa', 2, 1, 1, '60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18'),
-	TLSA('_cacert-le-tlsa', 2, 1, 1, 'b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b'),
-	TLSA('_le-amazon-tlsa', 2, 1, 1, '60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18'),
-	TLSA('_le-amazon-tlsa', 2, 1, 1, 'b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b'),
-	TLSA('_le-amazon-tlsa', 2, 0, 1, '8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e'),
-	TLSA('_le-amazon-tlsa', 2, 0, 1, '1ba5b2aa8c65401a82960118f80bec4f62304d83cec4713a19c39c011ea46db4'),
-	TLSA('_le-amazon-tlsa', 2, 0, 1, '18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4'),
-	TLSA('_le-amazon-tlsa', 2, 0, 1, 'e35d28419ed02025cfa69038cd623962458da5c695fbdea3c22b0bfb25897092'),
-	TLSA('_ourca-le-amazon-tlsa', 2, 0, 1, 'ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488'),
-	TLSA('_ourca-le-amazon-tlsa', 2, 0, 1, '11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1'),
-	TLSA('_ourca-le-amazon-tlsa', 2, 1, 1, '60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18'),
-	TLSA('_ourca-le-amazon-tlsa', 2, 1, 1, 'b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b'),
-	TLSA('_ourca-le-amazon-tlsa', 2, 0, 1, '8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e'),
-	TLSA('_ourca-le-amazon-tlsa', 2, 0, 1, '1ba5b2aa8c65401a82960118f80bec4f62304d83cec4713a19c39c011ea46db4'),
-	TLSA('_ourca-le-amazon-tlsa', 2, 0, 1, '18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4'),
-	TLSA('_ourca-le-amazon-tlsa', 2, 0, 1, 'e35d28419ed02025cfa69038cd623962458da5c695fbdea3c22b0bfb25897092'),
-	CNAME('_443._tcp.www', '_ourca-le-tlsa.example.org.'),
-	CNAME('_443._tcp.www.ipv4', '_ourca-le-tlsa.example.org.'),
-	CNAME('_443._tcp.www.ipv6', '_ourca-le-tlsa.example.org.'),
-	CNAME('_443._tcp.people', '_ourca-le-tlsa.example.org.'),
-	CNAME('_443._tcp.people.ipv4', '_ourca-le-tlsa.example.org.'),
-	CNAME('_443._tcp.people.ipv6', '_ourca-le-tlsa.example.org.'),
-	CNAME('_443._tcp.git', '_ourca-le-tlsa.example.org.'),
-	CNAME('_443._tcp.svn', '_ourca-le-tlsa.example.org.'),
-	CNAME('_5222._tcp.xmpp', '_ourca-le-tlsa.example.org.'),
-	CNAME('_5223._tcp.xmpp', '_ourca-le-tlsa.example.org.'),
-	CNAME('_5269._tcp.xmpp-s2s', '_ourca-le-tlsa.example.org.'),
-	CNAME('_25._tcp.mx', '_ourca-le-tlsa.example.org.'),
-	CNAME('_26._tcp.mx', '_ourca-le-tlsa.example.org.'),
-	CNAME('_27._tcp.mx', '_ourca-le-tlsa.example.org.'),
-	CNAME('_465._tcp.smtp46', '_ourca-le-tlsa.example.org.'),
-	CNAME('_587._tcp.smtp46', '_ourca-le-tlsa.example.org.'),
-	CNAME('_1465._tcp.smtp46', '_ourca-le-tlsa.example.org.'),
-	CNAME('_1587._tcp.smtp46', '_ourca-le-tlsa.example.org.'),
-	CNAME('_465._tcp.smtp', '_ourca-le-tlsa.example.org.'),
-	CNAME('_587._tcp.smtp', '_ourca-le-tlsa.example.org.'),
-	CNAME('_1465._tcp.smtp', '_ourca-le-tlsa.example.org.'),
-	CNAME('_1587._tcp.smtp', '_ourca-le-tlsa.example.org.'),
-	CNAME('_143._tcp.imap46', '_ourca-le-tlsa.example.org.'),
-	CNAME('_993._tcp.imap46', '_ourca-le-tlsa.example.org.'),
-	CNAME('_143._tcp.imap', '_ourca-le-tlsa.example.org.'),
-	CNAME('_993._tcp.imap', '_ourca-le-tlsa.example.org.'),
-	CNAME('_4190._tcp.imap', '_ourca-le-tlsa.example.org.'),
-	CNAME('www.security', 'security.example.org.'),
-	CNAME('www.security.ipv4', 'security.ipv4.example.org.'),
-	CNAME('www.security.ipv6', 'security.ipv6.example.org.'),
-	CNAME('_443._tcp.www.security', '_ourca-le-tlsa.example.org.'),
-	CNAME('_443._tcp.www.security.ipv4', '_ourca-le-tlsa.example.org.'),
-	CNAME('_443._tcp.www.security.ipv6', '_ourca-le-tlsa.example.org.'),
-	CNAME('_443._tcp.security', '_ourca-le-tlsa.example.org.'),
-	CNAME('_443._tcp.security.ipv4', '_ourca-le-tlsa.example.org.'),
-	CNAME('_443._tcp.security.ipv6', '_ourca-le-tlsa.example.org.'),
-	CNAME('_acme-challenge', '_acme-challenge.chat-acme.d.example.net.', TTL(15)),
-	CNAME('_acme-challenge.xmpp', '_acme-challenge.xmpp.chat-acme.d.example.net.', TTL(15)),
-	CNAME('_acme-challenge.chat', '_acme-challenge.chat.chat-acme.d.example.net.', TTL(15)),
-	CNAME('_acme-challenge.conference', '_acme-challenge.conference.chat-acme.d.example.net.', TTL(15)),
-	CNAME('_acme-challenge.proxy-chatfiles', '_acme-challenge.proxy-chatfiles.chat-acme.d.example.net.', TTL(15)),
-	CNAME('_acme-challenge.pubsub.xmpp', '_acme-challenge.pubsub.xmpp.chat-acme.d.example.net.', TTL(15)),
-	AAAA('imap', '2001:db8::48:4558:696d:6170'),
-	A('imap', '192.0.2.25'),
-	AAAA('smtp', '2001:db8::48:4558:736d:7470'),
-	A('smtp', '192.0.2.25'),
-	A('smtp46', '192.0.2.25'),
-	AAAA('smtp46', '2001:db8::48:4558:736d:7470'),
-	A('imap46', '192.0.2.25'),
-	AAAA('imap46', '2001:db8::48:4558:696d:6170'),
-	A('mx', '192.0.2.25'),
-	AAAA('mx', '2001:db8::48:4558:736d:7470'),
-	A('mx.ipv4', '192.0.2.25'),
-	AAAA('mx.ipv6', '2001:db8::48:4558:736d:7470'),
-	TXT('mx', 'v=spf1 a include:_spflarge.example.net -all'),
-	TXT('_mta-sts', 'v=STSv1; id=20191231r1;'),
-	TXT('mta-sts', 'v=STSv1; id=20191231r1;'),
-	A('mta-sts', '192.0.2.93'),
-	AAAA('mta-sts', '2001:db8::48:4558:5345:5256'),
-	AAAA('xmpp.ipv6', '2001:db8::f0ab:cdef:1234:f00f'),
-	AAAA('xmpp-s2s.ipv6', '2001:db8::f0ab:cdef:1234:f00f'),
-	A('xmpp', '203.0.113.175'),
-	AAAA('xmpp', '2001:db8::f0ab:cdef:1234:f00f'),
-	A('xmpp-s2s', '203.0.113.175'),
-	AAAA('xmpp-s2s', '2001:db8::f0ab:cdef:1234:f00f'),
-	CNAME('proxy-chatfiles', 'xmpp.example.org.'),
-	CNAME('fileproxy.xmpp', 'xmpp.example.org.'),
-	CNAME('conference', 'xmpp-s2s.example.org.'),
-	SRV('_xmpp-server._tcp.conference', 10, 2, 5269, 'xmpp-s2s.example.org.'),
-	CNAME('pubsub.xmpp', 'xmpp-s2s.example.org.'),
-	A('chat', '203.0.113.175'),
-	AAAA('chat', '2001:db8::f0ab:cdef:1234:f00f'),
-	CNAME('proxy-chatfiles.chat', 'chat.example.org.'),
-	CNAME('fileproxy.chat', 'chat.example.org.'),
-	CNAME('conference.chat', 'chat.example.org.'),
-	CNAME('pubsub.chat', 'chat.example.org.'),
-	SRV('_xmpp-server._tcp.conference', 10, 2, 5269, 'chat.example.org.'),
-	AAAA('auth', '2001:db8::48:4558:6175:7468'),
-	AAAA('kpeople', '2001:db8::48:4558:6b70:706c'),
-	AAAA('ocsp.security', '2001:db8::48:4558:6f63:7370'),
-	AAAA('webauth', '2001:db8::48:4558:7765:6261'),
-	A('news-feed', '192.0.2.93'),
-	AAAA('news-feed', '2001:db8::48:4558:6e6e:7470'),
-	CNAME('go', 'abcdefghijklmn.cloudfront.net.'),
-	A('foo', '192.0.2.200'),
-	MX('gladys', 10, 'mx.example.org.'),
-	TXT('_adsp._domainkey.gladys', 'dkim=all'),
-	TXT('_dmarc.gladys', 'v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s'),
-	TXT('_report.gladys', 'r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;'),
-	TXT('_smtp._tls.gladys', 'v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org'),
-	TXT('_smtp-tlsrpt.gladys', 'v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org'),
-	MX('fred', 10, 'mx.example.org.'),
-	A('fred', '192.0.2.93'),
-	AAAA('fred', '2001:db8::48:4558:5345:5256'),
-	TXT('fred', 'v=spf1 ip4:192.0.2.25 ip6:2001:db8::1:25 mx include:_spf.example.com ~all'),
-	TXT('d201911._domainkey.fred', ['v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/OMUa3PnWh9LqXFVwlAgYDdTtbq3zTtTOSBmJq5yWauzXYcUuSmhW7CsV0QQlacCsQgJlwg9Nl1vO1TosAj5EKUCLTeSqjlWrM7KXKPx8FT71Q9H9wXX4MHUyGrqHFo0OPzcmtHwqcd8AD6MIvJHSRoAfiPPBp8Euc0wGnJZdGS75Hk+wA3MQ2/Tlz', 'P2eenyiFyqmUTAGOYsGC/tREsWPiegR/OVxNGlzTY6quHsuVK7UYtIyFnYx9PGWdl3b3p7VjQ5V0Rp+2CLtVrCuS6Zs+/3NhZdM7mdD0a9Jgxakwa1le5YmB5lHTGF7T8quy6TlKe9lMUIRNjqTHfSFz/MwIDAQAB']),
-	TXT('d201911e2._domainkey.fred', 'v=DKIM1; k=ed25519; p=rQNsV9YcPJn/WYI1EDLjNbN/VuX1Hqq/oe4htbnhv+A='),
-	TXT('d202003._domainkey.fred', ['v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpnx7tnRxAnE/poIRbVb2i+f1uQCXWnBHzHurgEyZX0CmGaiJuCbr8SWOW2PoXq9YX8gIv2TS3uzwGv/4yA2yX9Z9zar1LeWUfGgMWLdCol9xfmWrI+6MUzxuwhw/mXwzigbI4bHoakh3ez/i3J9KPS85GfrOODqA1emR13f2pG8EzAcje+rwW2PtYj', 'c0h+FMDpeLuPYyYszFbNlrkVUneesxnoz+o4x/s6P14ZoRqz5CR7u6G02HwnNaHads5Eto6FYYErUUTtFmgWuYabHxgLVGRdRQs6B5OBYT/3L2q/lAgmEgdy/QL+c0Psfj99/XQmO8fcM0scBzw2ukQzcUwIDAQAB']),
-	TXT('d202003e2._domainkey.fred', 'v=DKIM1; k=ed25519; p=0DAPp/IRLYFI/Z4YSgJRi4gr7xcu1/EfJ5mjVn10aAw='),
-	TXT('_adsp._domainkey.fred', 'dkim=all'),
-	TXT('_dmarc.fred', 'v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s'),
-	TXT('_report.fred', 'r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;'),
-	TXT('_smtp._tls.fred', 'v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org'),
-	TXT('_smtp-tlsrpt.fred', 'v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org'),
-	MX('mailtest', 10, 'mx.example.org.'),
-	TXT('d201911._domainkey.mailtest', ['v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9xHnjHyhm1weA6FjOqM8LKVsklFt26HXWoe/0XCdmBG4i/UzQ7RiSgWO4kv7anPK6qf6rtL1xYsHufaRXG8yLsZxz+BbUP99eZvxZX78tMg4cGf+yU6uFxulCbOzsMy+8Cc3bbQTtIWYjyWBwnHdRRrCkQxjZ5KAd+x7ZB5qzqg2/eLJ7fCuNsr/xn', '0XTY6XYgug95e3h4CEW3Y+bkG81AMeJmT/hoVTcXvT/Gm6ZOUmx6faQWIHSW7qOR3VS6S75HOuclEUk0gt9r7OQHKl01sXh8g02SHRk8SUMEoNVayqplYZTFFF01Z192m7enmpp+St+HHUIT6jW/CAMCO3wIDAQAB']),
-	TXT('d201911e2._domainkey.mailtest', 'v=DKIM1; k=ed25519; p=afulDDnhaTzdqKQN0jtWV04eOhAcyBk3NCyVheOf53Y='),
-	TXT('d202003._domainkey.mailtest', ['v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2BTVZaVLvL3qZBPaF7tRR0SdOKe+hjcpQ5fqO48lEuYiyTb6lkn8DPjDK11gTN3au0Bm+y8KC7ITKSJosuJXytxt3wqc61Pwtmb/Cy7GzmOF1AuegydB3/88VbgHT5DZucHrh6+ValZk4Trkx+/1K26Uo+h2KL2n/Ldb1y91ATHujp8DqxAOhiZ7KN', 'aS1okNRRB4/14jPufAbeiN8/iBPiY5Hl80KHmpjM+7vvjb5jiecZ1ZrVDj7eTES4pmVh2v1c106mZLieoqDPYaf/HVbCM4E4n1B6kjbboSOpANADIcqXxGJQ7Be7/Sk9f7KwRusrsMHXmBHgm4wPmwGVZ3QIDAQAB']),
-	TXT('d202003e2._domainkey.mailtest', 'v=DKIM1; k=ed25519; p=iqwH/hhozFdeo1xnuldr8KUi7O7g+DzmC+f0SYMKVDc='),
-	TXT('_adsp._domainkey.mailtest', 'dkim=all'),
-	TXT('_dmarc.mailtest', 'v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s'),
-	TXT('_report.mailtest', 'r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;'),
-	TXT('_smtp._tls.mailtest', 'v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org'),
-	TXT('_smtp-tlsrpt.mailtest', 'v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org'),
-	SRV('_pgpkey-http._tcp.sks', 0, 0, 0, '.'),
-	SRV('_pgpkey-https._tcp.sks', 0, 0, 0, '.'),
-	SRV('_hkp._tcp.sks', 0, 0, 0, '.'),
-	SRV('_pgpkey-http._tcp.sks-peer', 0, 0, 0, '.'),
-	SRV('_pgpkey-https._tcp.sks-peer', 0, 0, 0, '.'),
-	SRV('_hkp._tcp.sks-peer', 0, 0, 0, '.'),
-	NS('yoyo', 'ns5.he.net.'),
-	NS('yoyo', 'ns4.he.net.'),
-	NS('yoyo', 'ns3.he.net.'),
-	NS('yoyo', 'ns2.he.net.'),
-	NS('yoyo', 'ns1.he.net.'),
-	NS('khard', 'ns-cloud-d1.googledomains.com.'),
-	NS('khard', 'ns-cloud-d2.googledomains.com.'),
-	NS('khard', 'ns-cloud-d3.googledomains.com.'),
-	NS('khard', 'ns-cloud-d4.googledomains.com.'),
-	MX('realhost', 0, '.'),
-	TXT('realhost', 'v=spf1 -all'),
-	TLSA('_25._tcp.realhost', 3, 0, 0, '0000000000000000000000000000000000000000000000000000000000000000'),
-	CNAME('_fedcba9876543210fedcba9876543210.go', '_45678901234abcdef45678901234abcd.ggedgsdned.acm-validations.aws.'),
-	CNAME('opqrstuvwxyz', 'gv-abcdefghijklmn.dv.googlehosted.com.'),
-	CNAME('zyxwvutsrqpo', 'gv-nmlkjihgfedcba.dv.googlehosted.com.'),
-	CNAME('0123456789abcdef0123456789abcdef', 'verify.bing.com.')
+	//SOA("@", "ns1.example.org.", "hostmaster.example.org.", 2020030700, 7200, 3600, 864000, 7200, TTL(43200)),
+	//NAMESERVER("ns1.example.org."),
+	//NAMESERVER("ns2.example.org."),
+	//NAMESERVER("ns-a.example.net."),
+	//NAMESERVER("friend-dns.example.com."),
+	MX("@", 10, "mx.example.org."),
+	TXT("@", "v=spf1 ip4:192.0.2.25 ip6:2001:db8::1:25 mx include:_spf.example.com ~all"),
+	SRV("_client._smtp", 1, 1, 1, "example.org."),
+	SRV("_client._smtp.mx", 1, 2, 1, "mx.example.org."),
+	SRV("_client._smtp.foo", 1, 2, 1, "foo.example.org."),
+	SRV("_kerberos._tcp", 10, 1, 88, "kerb-service.example.org."),
+	SRV("_kerberos._udp", 10, 1, 88, "kerb-service.example.org."),
+	SRV("_kpasswd._udp", 10, 1, 464, "kerb-service.example.org."),
+	SRV("_kerberos-adm._tcp", 10, 1, 749, "kerb-service.example.org."),
+	TXT("_kerberos", "EXAMPLE.ORG"),
+	SRV("_ldap._tcp", 0, 0, 0, "."),
+	SRV("_ldap._udp", 0, 0, 0, "."),
+	SRV("_jabber._tcp", 10, 2, 5269, "xmpp-s2s.example.org."),
+	SRV("_xmpp-server._tcp", 10, 2, 5269, "xmpp-s2s.example.org."),
+	SRV("_xmpp-client._tcp", 10, 2, 5222, "xmpp.example.org."),
+	SRV("_im._sip", 0, 0, 0, "."),
+	SRV("_pres._sip", 0, 0, 0, "."),
+	SRV("_sip+d2t._tcp", 0, 0, 0, "."),
+	SRV("_sips+d2t._tcp", 0, 0, 0, "."),
+	SRV("_sip+d2u._udp", 0, 0, 0, "."),
+	SRV("_sip+d2s._sctp", 0, 0, 0, "."),
+	SRV("_sips+d2s._sctp", 0, 0, 0, "."),
+	SRV("_submission._tcp", 10, 10, 587, "smtp.example.org."),
+	SRV("_submissions._tcp", 10, 10, 465, "smtp.example.org."),
+	SRV("_imap._tcp", 10, 10, 143, "imap.example.org."),
+	SRV("_imaps._tcp", 10, 10, 993, "imap.example.org."),
+	SRV("_pop3._tcp", 0, 0, 0, "."),
+	SRV("_pop3s._tcp", 0, 0, 0, "."),
+	SRV("_sieve._tcp", 10, 10, 4190, "imap.example.org."),
+	TXT("dns-moreinfo", ["Fred Bloggs, TZ=America/New_York", "Chat-Service-X: @handle1", "Chat-Service-Y: federated-handle@example.org"]),
+	SRV("_pgpkey-http._tcp", 0, 0, 0, "."),
+	SRV("_pgpkey-https._tcp", 0, 0, 0, "."),
+	SRV("_hkp._tcp", 0, 0, 0, "."),
+	SRV("_openpgpkey._tcp", 10, 10, 443, "openpgpkey.example.org."),
+	SRV("_finger._tcp", 10, 10, 79, "barbican.example.org."),
+	SRV("_avatars-sec._tcp", 10, 10, 443, "avatars.example.org."),
+	A("@", "192.0.2.1"),
+	AAAA("@", "2001:db8::1:1"),
+	TXT("_adsp._domainkey", "dkim=all"),
+	TXT("_dmarc", "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s"),
+	TXT("d201911._domainkey", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SmyE5Tz5/wPL8cb2AKuHnlFeLMOhAl1UX/NYaeDCKMWoBPTgZRT0jonKLmV2UscHdodXu5ZsLr/NAuLCp7HmPLReLz7kxKncP6ppveKxc1aq5SPTKeWe77p6BptlahHc35eiXsZRpTsEzrbEOainy1IWEd+w9p1gWbrSutwE22z0i4V88nQ9UBa1ks", "6cVGxXBZFovWC+i28aGs6Lc7cSfHG5+Mrg3ud5X4evYXTGFMPpunMcCsXrqmS5a+5gRSEMZhngha/cHjLwaJnWzKaywNWF5XOsCjL94QkS0joB7lnGOHMNSZBCcu542Y3Ht3SgHhlpkF9mIbIRfpzA9IoSQIDAQAB"]),
+	TXT("d201911e2._domainkey", "v=DKIM1; k=ed25519; p=GBt2k2L39KUb39fg5brOppXDHXvISy0+ECGgPld/bIo="),
+	TXT("d202003._domainkey", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/1tQvOEs7xtKNm7PbPgY4hQjwHVvqqkDb0+TeqZHYRSczQ3c0LFJrIDFiPIdwQe/7AuKrxvATSh/uXKZ3EP4ouMgROPZnUxVXENeetJj+pc3nfGwTKUBTTTth+SO74gdIWsntjvAfduzosC4ZkxbDwZ9c253qXARGvGu+LB/iAeq0ngEbm5fU13+Jo", "pv0d4dR6oGe9GvMEnGGLZzNrxWl1BPe2x5JZ5/X/3fW8vJx3OgRB5N6fqbAJ6HZ9kcbikDH4lPPl9RIoprFk7mmwno/nXLQYGhPobmqq8wLkDiXEkWtYa5lzujz3XI3Zkk8ZIOGvdbVVfAttT0IVPnYkOhQIDAQAB"]),
+	TXT("d202003e2._domainkey", "v=DKIM1; k=ed25519; p=DQI5d9sNMrr0SLDoAi071IFOyKnlbR29hAQdqVQecQg="),
+	TXT("_report", "r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;"),
+	TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"),
+	TXT("_smtp-tlsrpt", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"),
+	TXT("example.net._report._dmarc", "v=DMARC1"),
+	TXT("example.com._report._dmarc", "v=DMARC1"),
+	TXT("xn--2j5b.xn--9t4b11yi5a._report._dmarc", "v=DMARC1"),
+	TXT("special.test._report._dmarc", "v=DMARC1"),
+	TXT("xn--qck5b9a5eml3bze.xn--zckzah._report._dmarc", "v=DMARC1"),
+	CNAME("*._smimecert", "_ourca-smimea.example.org."),
+	PTR("b._dns-sd._udp", "field.example.org."),
+	PTR("lb._dns-sd._udp", "field.example.org."),
+	PTR("r._dns-sd._udp", "field.example.org."),
+	NS("field", "ns1.example.org."),
+	NS("field", "ns2.example.org."),
+	A("barbican", "192.0.2.1"),
+	AAAA("barbican", "2001:db8::1:1"),
+	A("barbican.ipv4", "192.0.2.1"),
+	AAAA("barbican.ipv6", "2001:db8::1:1"),
+	A("megalomaniac", "198.51.100.254"),
+	AAAA("megalomaniac", "2001:db8:ffef::254"),
+	A("megalomaniac.ipv4", "198.51.100.254"),
+	AAAA("megalomaniac.ipv6", "2001:db8:ffef::254"),
+	SSHFP("megalomaniac", 1, 2, "4e9ced94d3caf2ce915f85a63ce7279d5118a79ea03dac59cf4859b825d2f619"),
+	SSHFP("megalomaniac", 3, 2, "d3556a3db83ab9ccec39dc6693dd2f3e28b178c9bba61880924821c426cc61eb"),
+	SSHFP("megalomaniac", 4, 2, "c60c9d9d4728668f5f46986ff0c5b416c5e913862c4970cbfe211a6f44a111b4"),
+	SSHFP("megalomaniac.ipv4", 1, 2, "4e9ced94d3caf2ce915f85a63ce7279d5118a79ea03dac59cf4859b825d2f619"),
+	SSHFP("megalomaniac.ipv4", 3, 2, "d3556a3db83ab9ccec39dc6693dd2f3e28b178c9bba61880924821c426cc61eb"),
+	SSHFP("megalomaniac.ipv4", 4, 2, "c60c9d9d4728668f5f46986ff0c5b416c5e913862c4970cbfe211a6f44a111b4"),
+	SSHFP("megalomaniac.ipv6", 1, 2, "4e9ced94d3caf2ce915f85a63ce7279d5118a79ea03dac59cf4859b825d2f619"),
+	SSHFP("megalomaniac.ipv6", 3, 2, "d3556a3db83ab9ccec39dc6693dd2f3e28b178c9bba61880924821c426cc61eb"),
+	SSHFP("megalomaniac.ipv6", 4, 2, "c60c9d9d4728668f5f46986ff0c5b416c5e913862c4970cbfe211a6f44a111b4"),
+	A("tower", "192.0.2.42"),
+	AAAA("tower", "2001:db8::1:42"),
+	A("tower.ipv4", "192.0.2.42"),
+	AAAA("tower.ipv6", "2001:db8::1:42"),
+	SSHFP("tower", 1, 2, "0f211d236e94768911a294f38653c4af6fa935a5b06c975d8162f59142571451"),
+	SSHFP("tower", 3, 2, "88bf7b7401c11fa2e84871efb06cd73d8fc409154605b354db2dda0b82fe1160"),
+	SSHFP("tower", 4, 2, "6d30900be0faaae73568fc007a87b4d076cf9a351ecacc1106aef726c34ad61d"),
+	SSHFP("tower.ipv4", 1, 2, "0f211d236e94768911a294f38653c4af6fa935a5b06c975d8162f59142571451"),
+	SSHFP("tower.ipv4", 3, 2, "88bf7b7401c11fa2e84871efb06cd73d8fc409154605b354db2dda0b82fe1160"),
+	SSHFP("tower.ipv4", 4, 2, "6d30900be0faaae73568fc007a87b4d076cf9a351ecacc1106aef726c34ad61d"),
+	SSHFP("tower.ipv6", 1, 2, "0f211d236e94768911a294f38653c4af6fa935a5b06c975d8162f59142571451"),
+	SSHFP("tower.ipv6", 3, 2, "88bf7b7401c11fa2e84871efb06cd73d8fc409154605b354db2dda0b82fe1160"),
+	SSHFP("tower.ipv6", 4, 2, "6d30900be0faaae73568fc007a87b4d076cf9a351ecacc1106aef726c34ad61d"),
+	A("vcs", "192.0.2.228"),
+	AAAA("vcs", "2001:db8::48:4558:4456:4353"),
+	A("vcs.ipv4", "192.0.2.228"),
+	AAAA("vcs.ipv6", "2001:db8::48:4558:4456:4353"),
+	CNAME("git", "vcs.example.org."),
+	CNAME("git.ipv4", "vcs.ipv4.example.org."),
+	CNAME("git.ipv6", "vcs.ipv6.example.org."),
+	AAAA("svn", "2001:db8::48:4558:73:766e"),
+	SSHFP("vcs", 1, 2, "b518be390babdf43cb2d598aa6befa6ce6878546bf107b829d0cfc65253a97d4"),
+	SSHFP("vcs", 3, 2, "e92545dc0bf501f72333ddeb7a37afc2c5b408ce39a3ad95fbc66236f0077323"),
+	SSHFP("vcs", 4, 2, "02289441124a487095a6cda2e946c6a8ed9087faf3592ec4135536c3e615521c"),
+	SSHFP("vcs.ipv4", 1, 2, "b518be390babdf43cb2d598aa6befa6ce6878546bf107b829d0cfc65253a97d4"),
+	SSHFP("vcs.ipv4", 3, 2, "e92545dc0bf501f72333ddeb7a37afc2c5b408ce39a3ad95fbc66236f0077323"),
+	SSHFP("vcs.ipv4", 4, 2, "02289441124a487095a6cda2e946c6a8ed9087faf3592ec4135536c3e615521c"),
+	SSHFP("vcs.ipv6", 1, 2, "b518be390babdf43cb2d598aa6befa6ce6878546bf107b829d0cfc65253a97d4"),
+	SSHFP("vcs.ipv6", 3, 2, "e92545dc0bf501f72333ddeb7a37afc2c5b408ce39a3ad95fbc66236f0077323"),
+	SSHFP("vcs.ipv6", 4, 2, "02289441124a487095a6cda2e946c6a8ed9087faf3592ec4135536c3e615521c"),
+	A("nsauth", "192.0.2.53"),
+	AAAA("nsauth", "2001:db8::53:1"),
+	A("nsauth.ipv4", "192.0.2.53"),
+	AAAA("nsauth.ipv6", "2001:db8::53:1"),
+	SSHFP("nsauth", 1, 2, "895804ae022fff643b2677563cb850607c5bb564d9919896c521098c8abc40f2"),
+	SSHFP("nsauth", 3, 2, "28a65470badae611375747e1a803211c41e3d71e97741fa92ccbdf7b01f34e42"),
+	SSHFP("nsauth", 4, 2, "6e10445c0649c03fa83e18b1873e5b89b3a20893ecb48d01e7cedb3dd563ecf0"),
+	SSHFP("nsauth.ipv4", 1, 2, "895804ae022fff643b2677563cb850607c5bb564d9919896c521098c8abc40f2"),
+	SSHFP("nsauth.ipv4", 3, 2, "28a65470badae611375747e1a803211c41e3d71e97741fa92ccbdf7b01f34e42"),
+	SSHFP("nsauth.ipv4", 4, 2, "6e10445c0649c03fa83e18b1873e5b89b3a20893ecb48d01e7cedb3dd563ecf0"),
+	SSHFP("nsauth.ipv6", 1, 2, "895804ae022fff643b2677563cb850607c5bb564d9919896c521098c8abc40f2"),
+	SSHFP("nsauth.ipv6", 3, 2, "28a65470badae611375747e1a803211c41e3d71e97741fa92ccbdf7b01f34e42"),
+	SSHFP("nsauth.ipv6", 4, 2, "6e10445c0649c03fa83e18b1873e5b89b3a20893ecb48d01e7cedb3dd563ecf0"),
+	A("ns1", "192.0.2.53"),
+	AAAA("ns1", "2001:db8::53:1"),
+	A("ns2", "203.0.113.53"),
+	AAAA("ns2", "2001:db8:113::53"),
+	A("hermes", "192.0.2.25"),
+	AAAA("hermes", "2001:db8::48:4558:736d:7470"),
+	AAAA("hermes", "2001:db8::48:4558:696d:6170"),
+	A("hermes.ipv4", "192.0.2.25"),
+	AAAA("hermes.ipv6", "2001:db8::48:4558:736d:7470"),
+	AAAA("hermes.ipv6", "2001:db8::48:4558:696d:6170"),
+	SSHFP("hermes", 1, 2, "4472ff5bd0528cd49216af4503ba6a1c48f121d0292a31d6af193e5000af4966"),
+	SSHFP("hermes", 3, 2, "eaba20c1565676a5229184ccfcf82d0ee408f91757a67d9fa51a0b6f3db4a33b"),
+	SSHFP("hermes", 4, 2, "a9d89920e599d04363c8b35a4ce66c1ed257ea1d16981f060b6aed080bbb7a7c"),
+	SSHFP("hermes.ipv4", 1, 2, "4472ff5bd0528cd49216af4503ba6a1c48f121d0292a31d6af193e5000af4966"),
+	SSHFP("hermes.ipv4", 3, 2, "eaba20c1565676a5229184ccfcf82d0ee408f91757a67d9fa51a0b6f3db4a33b"),
+	SSHFP("hermes.ipv4", 4, 2, "a9d89920e599d04363c8b35a4ce66c1ed257ea1d16981f060b6aed080bbb7a7c"),
+	SSHFP("hermes.ipv6", 1, 2, "4472ff5bd0528cd49216af4503ba6a1c48f121d0292a31d6af193e5000af4966"),
+	SSHFP("hermes.ipv6", 3, 2, "eaba20c1565676a5229184ccfcf82d0ee408f91757a67d9fa51a0b6f3db4a33b"),
+	SSHFP("hermes.ipv6", 4, 2, "a9d89920e599d04363c8b35a4ce66c1ed257ea1d16981f060b6aed080bbb7a7c"),
+	A("kerb-service", "192.0.2.88"),
+	AAAA("kerb-service", "2001:db8::48:4558:6b65:7262"),
+	A("security", "192.0.2.92"),
+	AAAA("security", "2001:db8::48:4558:53:4543"),
+	A("security.ipv4", "192.0.2.92"),
+	AAAA("security.ipv6", "2001:db8::48:4558:53:4543"),
+	A("services", "192.0.2.93"),
+	AAAA("services", "2001:db8::48:4558:5345:5256"),
+	A("services.ipv4", "192.0.2.93"),
+	AAAA("services.ipv6", "2001:db8::48:4558:5345:5256"),
+	A("openpgpkey", "192.0.2.92"),
+	AAAA("openpgpkey", "2001:db8::48:4558:53:4543"),
+	CNAME("finger", "barbican.example.org."),
+	CNAME("finger.ipv4", "barbican.ipv4.example.org."),
+	CNAME("finger.ipv6", "barbican.ipv6.example.org."),
+	A("avatars", "192.0.2.93"),
+	AAAA("avatars", "2001:db8::48:4558:5345:5256"),
+	CNAME("dict", "services.example.org."),
+	CNAME("people", "services.example.org."),
+	CNAME("people.ipv4", "services.ipv4.example.org."),
+	CNAME("people.ipv6", "services.ipv6.example.org."),
+	CNAME("wpad", "services.example.org."),
+	CNAME("www", "services.example.org."),
+	CNAME("www.ipv4", "services.ipv4.example.org."),
+	CNAME("www.ipv6", "services.ipv6.example.org."),
+	CAA("@", "issue", "example.net"),
+	CAA("@", "issue", "letsencrypt.org\; accounturi=https://acme-v01.api.letsencrypt.org/acme/reg/1234567"),
+	CAA("@", "issue", "letsencrypt.org\; accounturi=https://acme-staging-v02.api.letsencrypt.org/acme/acct/23456789"),
+	CAA("@", "issue", "letsencrypt.org\; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/76543210"),
+	CAA("@", "issuewild", ";"),
+	CAA("@", "iodef", "mailto:security@example.org"),
+	TLSA("_ourcaca4-tlsa", 2, 0, 1, "ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488"),
+	TLSA("_ourcaca5-tlsa", 2, 0, 1, "11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1"),
+	TLSA("_cacert-c3-tlsa", 2, 0, 1, "4edde9e55ca453b388887caa25d5c5c5bccf2891d73b87495808293d5fac83c8"),
+	TLSA("_letsencrypt-tlsa", 2, 1, 1, "60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18"),
+	TLSA("_letsencrypt-tlsa", 2, 1, 1, "b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b"),
+	TLSA("_amazon-tlsa", 2, 0, 1, "8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e"),
+	TLSA("_amazon-tlsa", 2, 0, 1, "1ba5b2aa8c65401a82960118f80bec4f62304d83cec4713a19c39c011ea46db4"),
+	TLSA("_amazon-tlsa", 2, 0, 1, "18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4"),
+	TLSA("_amazon-tlsa", 2, 0, 1, "e35d28419ed02025cfa69038cd623962458da5c695fbdea3c22b0bfb25897092"),
+	TLSA("_ourca-tlsa", 2, 0, 1, "ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488"),
+	TLSA("_ourca-tlsa", 2, 0, 1, "11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1"),
+	TLSA("_ourca-cacert-tlsa", 2, 0, 1, "ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488"),
+	TLSA("_ourca-cacert-tlsa", 2, 0, 1, "11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1"),
+	TLSA("_ourca-cacert-tlsa", 2, 0, 1, "4edde9e55ca453b388887caa25d5c5c5bccf2891d73b87495808293d5fac83c8"),
+	TLSA("_ourca-le-tlsa", 2, 0, 1, "ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488"),
+	TLSA("_ourca-le-tlsa", 2, 0, 1, "11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1"),
+	TLSA("_ourca-le-tlsa", 2, 1, 1, "60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18"),
+	TLSA("_ourca-le-tlsa", 2, 1, 1, "b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b"),
+	TLSA("_ourca-cacert-le-tlsa", 2, 0, 1, "ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488"),
+	TLSA("_ourca-cacert-le-tlsa", 2, 0, 1, "11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1"),
+	TLSA("_ourca-cacert-le-tlsa", 2, 0, 1, "4edde9e55ca453b388887caa25d5c5c5bccf2891d73b87495808293d5fac83c8"),
+	TLSA("_ourca-cacert-le-tlsa", 2, 1, 1, "60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18"),
+	TLSA("_ourca-cacert-le-tlsa", 2, 1, 1, "b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b"),
+	TLSA("_cacert-le-tlsa", 2, 0, 1, "4edde9e55ca453b388887caa25d5c5c5bccf2891d73b87495808293d5fac83c8"),
+	TLSA("_cacert-le-tlsa", 2, 1, 1, "60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18"),
+	TLSA("_cacert-le-tlsa", 2, 1, 1, "b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b"),
+	TLSA("_le-amazon-tlsa", 2, 1, 1, "60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18"),
+	TLSA("_le-amazon-tlsa", 2, 1, 1, "b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b"),
+	TLSA("_le-amazon-tlsa", 2, 0, 1, "8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e"),
+	TLSA("_le-amazon-tlsa", 2, 0, 1, "1ba5b2aa8c65401a82960118f80bec4f62304d83cec4713a19c39c011ea46db4"),
+	TLSA("_le-amazon-tlsa", 2, 0, 1, "18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4"),
+	TLSA("_le-amazon-tlsa", 2, 0, 1, "e35d28419ed02025cfa69038cd623962458da5c695fbdea3c22b0bfb25897092"),
+	TLSA("_ourca-le-amazon-tlsa", 2, 0, 1, "ea99063a0a3bda9727032cf82da238698b90ba729300703d3956943635f96488"),
+	TLSA("_ourca-le-amazon-tlsa", 2, 0, 1, "11f058f61f97b8adc66ef4801f918c71b10e5c1e3d39afde10408b3026647ef1"),
+	TLSA("_ourca-le-amazon-tlsa", 2, 1, 1, "60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18"),
+	TLSA("_ourca-le-amazon-tlsa", 2, 1, 1, "b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b"),
+	TLSA("_ourca-le-amazon-tlsa", 2, 0, 1, "8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e"),
+	TLSA("_ourca-le-amazon-tlsa", 2, 0, 1, "1ba5b2aa8c65401a82960118f80bec4f62304d83cec4713a19c39c011ea46db4"),
+	TLSA("_ourca-le-amazon-tlsa", 2, 0, 1, "18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4"),
+	TLSA("_ourca-le-amazon-tlsa", 2, 0, 1, "e35d28419ed02025cfa69038cd623962458da5c695fbdea3c22b0bfb25897092"),
+	CNAME("_443._tcp.www", "_ourca-le-tlsa.example.org."),
+	CNAME("_443._tcp.www.ipv4", "_ourca-le-tlsa.example.org."),
+	CNAME("_443._tcp.www.ipv6", "_ourca-le-tlsa.example.org."),
+	CNAME("_443._tcp.people", "_ourca-le-tlsa.example.org."),
+	CNAME("_443._tcp.people.ipv4", "_ourca-le-tlsa.example.org."),
+	CNAME("_443._tcp.people.ipv6", "_ourca-le-tlsa.example.org."),
+	CNAME("_443._tcp.git", "_ourca-le-tlsa.example.org."),
+	CNAME("_443._tcp.svn", "_ourca-le-tlsa.example.org."),
+	CNAME("_5222._tcp.xmpp", "_ourca-le-tlsa.example.org."),
+	CNAME("_5223._tcp.xmpp", "_ourca-le-tlsa.example.org."),
+	CNAME("_5269._tcp.xmpp-s2s", "_ourca-le-tlsa.example.org."),
+	CNAME("_25._tcp.mx", "_ourca-le-tlsa.example.org."),
+	CNAME("_26._tcp.mx", "_ourca-le-tlsa.example.org."),
+	CNAME("_27._tcp.mx", "_ourca-le-tlsa.example.org."),
+	CNAME("_465._tcp.smtp46", "_ourca-le-tlsa.example.org."),
+	CNAME("_587._tcp.smtp46", "_ourca-le-tlsa.example.org."),
+	CNAME("_1465._tcp.smtp46", "_ourca-le-tlsa.example.org."),
+	CNAME("_1587._tcp.smtp46", "_ourca-le-tlsa.example.org."),
+	CNAME("_465._tcp.smtp", "_ourca-le-tlsa.example.org."),
+	CNAME("_587._tcp.smtp", "_ourca-le-tlsa.example.org."),
+	CNAME("_1465._tcp.smtp", "_ourca-le-tlsa.example.org."),
+	CNAME("_1587._tcp.smtp", "_ourca-le-tlsa.example.org."),
+	CNAME("_143._tcp.imap46", "_ourca-le-tlsa.example.org."),
+	CNAME("_993._tcp.imap46", "_ourca-le-tlsa.example.org."),
+	CNAME("_143._tcp.imap", "_ourca-le-tlsa.example.org."),
+	CNAME("_993._tcp.imap", "_ourca-le-tlsa.example.org."),
+	CNAME("_4190._tcp.imap", "_ourca-le-tlsa.example.org."),
+	CNAME("www.security", "security.example.org."),
+	CNAME("www.security.ipv4", "security.ipv4.example.org."),
+	CNAME("www.security.ipv6", "security.ipv6.example.org."),
+	CNAME("_443._tcp.www.security", "_ourca-le-tlsa.example.org."),
+	CNAME("_443._tcp.www.security.ipv4", "_ourca-le-tlsa.example.org."),
+	CNAME("_443._tcp.www.security.ipv6", "_ourca-le-tlsa.example.org."),
+	CNAME("_443._tcp.security", "_ourca-le-tlsa.example.org."),
+	CNAME("_443._tcp.security.ipv4", "_ourca-le-tlsa.example.org."),
+	CNAME("_443._tcp.security.ipv6", "_ourca-le-tlsa.example.org."),
+	CNAME("_acme-challenge", "_acme-challenge.chat-acme.d.example.net.", TTL(15)),
+	CNAME("_acme-challenge.xmpp", "_acme-challenge.xmpp.chat-acme.d.example.net.", TTL(15)),
+	CNAME("_acme-challenge.chat", "_acme-challenge.chat.chat-acme.d.example.net.", TTL(15)),
+	CNAME("_acme-challenge.conference", "_acme-challenge.conference.chat-acme.d.example.net.", TTL(15)),
+	CNAME("_acme-challenge.proxy-chatfiles", "_acme-challenge.proxy-chatfiles.chat-acme.d.example.net.", TTL(15)),
+	CNAME("_acme-challenge.pubsub.xmpp", "_acme-challenge.pubsub.xmpp.chat-acme.d.example.net.", TTL(15)),
+	AAAA("imap", "2001:db8::48:4558:696d:6170"),
+	A("imap", "192.0.2.25"),
+	AAAA("smtp", "2001:db8::48:4558:736d:7470"),
+	A("smtp", "192.0.2.25"),
+	A("smtp46", "192.0.2.25"),
+	AAAA("smtp46", "2001:db8::48:4558:736d:7470"),
+	A("imap46", "192.0.2.25"),
+	AAAA("imap46", "2001:db8::48:4558:696d:6170"),
+	A("mx", "192.0.2.25"),
+	AAAA("mx", "2001:db8::48:4558:736d:7470"),
+	A("mx.ipv4", "192.0.2.25"),
+	AAAA("mx.ipv6", "2001:db8::48:4558:736d:7470"),
+	TXT("mx", "v=spf1 a include:_spflarge.example.net -all"),
+	TXT("_mta-sts", "v=STSv1; id=20191231r1;"),
+	TXT("mta-sts", "v=STSv1; id=20191231r1;"),
+	A("mta-sts", "192.0.2.93"),
+	AAAA("mta-sts", "2001:db8::48:4558:5345:5256"),
+	AAAA("xmpp.ipv6", "2001:db8::f0ab:cdef:1234:f00f"),
+	AAAA("xmpp-s2s.ipv6", "2001:db8::f0ab:cdef:1234:f00f"),
+	A("xmpp", "203.0.113.175"),
+	AAAA("xmpp", "2001:db8::f0ab:cdef:1234:f00f"),
+	A("xmpp-s2s", "203.0.113.175"),
+	AAAA("xmpp-s2s", "2001:db8::f0ab:cdef:1234:f00f"),
+	CNAME("proxy-chatfiles", "xmpp.example.org."),
+	CNAME("fileproxy.xmpp", "xmpp.example.org."),
+	CNAME("conference", "xmpp-s2s.example.org."),
+	SRV("_xmpp-server._tcp.conference", 10, 2, 5269, "xmpp-s2s.example.org."),
+	CNAME("pubsub.xmpp", "xmpp-s2s.example.org."),
+	A("chat", "203.0.113.175"),
+	AAAA("chat", "2001:db8::f0ab:cdef:1234:f00f"),
+	CNAME("proxy-chatfiles.chat", "chat.example.org."),
+	CNAME("fileproxy.chat", "chat.example.org."),
+	CNAME("conference.chat", "chat.example.org."),
+	CNAME("pubsub.chat", "chat.example.org."),
+	SRV("_xmpp-server._tcp.conference", 10, 2, 5269, "chat.example.org."),
+	AAAA("auth", "2001:db8::48:4558:6175:7468"),
+	AAAA("kpeople", "2001:db8::48:4558:6b70:706c"),
+	AAAA("ocsp.security", "2001:db8::48:4558:6f63:7370"),
+	AAAA("webauth", "2001:db8::48:4558:7765:6261"),
+	A("news-feed", "192.0.2.93"),
+	AAAA("news-feed", "2001:db8::48:4558:6e6e:7470"),
+	CNAME("go", "abcdefghijklmn.cloudfront.net."),
+	A("foo", "192.0.2.200"),
+	MX("gladys", 10, "mx.example.org."),
+	TXT("_adsp._domainkey.gladys", "dkim=all"),
+	TXT("_dmarc.gladys", "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s"),
+	TXT("_report.gladys", "r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;"),
+	TXT("_smtp._tls.gladys", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"),
+	TXT("_smtp-tlsrpt.gladys", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"),
+	MX("fred", 10, "mx.example.org."),
+	A("fred", "192.0.2.93"),
+	AAAA("fred", "2001:db8::48:4558:5345:5256"),
+	TXT("fred", "v=spf1 ip4:192.0.2.25 ip6:2001:db8::1:25 mx include:_spf.example.com ~all"),
+	TXT("d201911._domainkey.fred", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/OMUa3PnWh9LqXFVwlAgYDdTtbq3zTtTOSBmJq5yWauzXYcUuSmhW7CsV0QQlacCsQgJlwg9Nl1vO1TosAj5EKUCLTeSqjlWrM7KXKPx8FT71Q9H9wXX4MHUyGrqHFo0OPzcmtHwqcd8AD6MIvJHSRoAfiPPBp8Euc0wGnJZdGS75Hk+wA3MQ2/Tlz", "P2eenyiFyqmUTAGOYsGC/tREsWPiegR/OVxNGlzTY6quHsuVK7UYtIyFnYx9PGWdl3b3p7VjQ5V0Rp+2CLtVrCuS6Zs+/3NhZdM7mdD0a9Jgxakwa1le5YmB5lHTGF7T8quy6TlKe9lMUIRNjqTHfSFz/MwIDAQAB"]),
+	TXT("d201911e2._domainkey.fred", "v=DKIM1; k=ed25519; p=rQNsV9YcPJn/WYI1EDLjNbN/VuX1Hqq/oe4htbnhv+A="),
+	TXT("d202003._domainkey.fred", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpnx7tnRxAnE/poIRbVb2i+f1uQCXWnBHzHurgEyZX0CmGaiJuCbr8SWOW2PoXq9YX8gIv2TS3uzwGv/4yA2yX9Z9zar1LeWUfGgMWLdCol9xfmWrI+6MUzxuwhw/mXwzigbI4bHoakh3ez/i3J9KPS85GfrOODqA1emR13f2pG8EzAcje+rwW2PtYj", "c0h+FMDpeLuPYyYszFbNlrkVUneesxnoz+o4x/s6P14ZoRqz5CR7u6G02HwnNaHads5Eto6FYYErUUTtFmgWuYabHxgLVGRdRQs6B5OBYT/3L2q/lAgmEgdy/QL+c0Psfj99/XQmO8fcM0scBzw2ukQzcUwIDAQAB"]),
+	TXT("d202003e2._domainkey.fred", "v=DKIM1; k=ed25519; p=0DAPp/IRLYFI/Z4YSgJRi4gr7xcu1/EfJ5mjVn10aAw="),
+	TXT("_adsp._domainkey.fred", "dkim=all"),
+	TXT("_dmarc.fred", "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s"),
+	TXT("_report.fred", "r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;"),
+	TXT("_smtp._tls.fred", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"),
+	TXT("_smtp-tlsrpt.fred", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"),
+	MX("mailtest", 10, "mx.example.org."),
+	TXT("d201911._domainkey.mailtest", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9xHnjHyhm1weA6FjOqM8LKVsklFt26HXWoe/0XCdmBG4i/UzQ7RiSgWO4kv7anPK6qf6rtL1xYsHufaRXG8yLsZxz+BbUP99eZvxZX78tMg4cGf+yU6uFxulCbOzsMy+8Cc3bbQTtIWYjyWBwnHdRRrCkQxjZ5KAd+x7ZB5qzqg2/eLJ7fCuNsr/xn", "0XTY6XYgug95e3h4CEW3Y+bkG81AMeJmT/hoVTcXvT/Gm6ZOUmx6faQWIHSW7qOR3VS6S75HOuclEUk0gt9r7OQHKl01sXh8g02SHRk8SUMEoNVayqplYZTFFF01Z192m7enmpp+St+HHUIT6jW/CAMCO3wIDAQAB"]),
+	TXT("d201911e2._domainkey.mailtest", "v=DKIM1; k=ed25519; p=afulDDnhaTzdqKQN0jtWV04eOhAcyBk3NCyVheOf53Y="),
+	TXT("d202003._domainkey.mailtest", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2BTVZaVLvL3qZBPaF7tRR0SdOKe+hjcpQ5fqO48lEuYiyTb6lkn8DPjDK11gTN3au0Bm+y8KC7ITKSJosuJXytxt3wqc61Pwtmb/Cy7GzmOF1AuegydB3/88VbgHT5DZucHrh6+ValZk4Trkx+/1K26Uo+h2KL2n/Ldb1y91ATHujp8DqxAOhiZ7KN", "aS1okNRRB4/14jPufAbeiN8/iBPiY5Hl80KHmpjM+7vvjb5jiecZ1ZrVDj7eTES4pmVh2v1c106mZLieoqDPYaf/HVbCM4E4n1B6kjbboSOpANADIcqXxGJQ7Be7/Sk9f7KwRusrsMHXmBHgm4wPmwGVZ3QIDAQAB"]),
+	TXT("d202003e2._domainkey.mailtest", "v=DKIM1; k=ed25519; p=iqwH/hhozFdeo1xnuldr8KUi7O7g+DzmC+f0SYMKVDc="),
+	TXT("_adsp._domainkey.mailtest", "dkim=all"),
+	TXT("_dmarc.mailtest", "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s"),
+	TXT("_report.mailtest", "r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;"),
+	TXT("_smtp._tls.mailtest", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"),
+	TXT("_smtp-tlsrpt.mailtest", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"),
+	SRV("_pgpkey-http._tcp.sks", 0, 0, 0, "."),
+	SRV("_pgpkey-https._tcp.sks", 0, 0, 0, "."),
+	SRV("_hkp._tcp.sks", 0, 0, 0, "."),
+	SRV("_pgpkey-http._tcp.sks-peer", 0, 0, 0, "."),
+	SRV("_pgpkey-https._tcp.sks-peer", 0, 0, 0, "."),
+	SRV("_hkp._tcp.sks-peer", 0, 0, 0, "."),
+	NS("yoyo", "ns5.he.net."),
+	NS("yoyo", "ns4.he.net."),
+	NS("yoyo", "ns3.he.net."),
+	NS("yoyo", "ns2.he.net."),
+	NS("yoyo", "ns1.he.net."),
+	NS("khard", "ns-cloud-d1.googledomains.com."),
+	NS("khard", "ns-cloud-d2.googledomains.com."),
+	NS("khard", "ns-cloud-d3.googledomains.com."),
+	NS("khard", "ns-cloud-d4.googledomains.com."),
+	MX("realhost", 0, "."),
+	TXT("realhost", "v=spf1 -all"),
+	TLSA("_25._tcp.realhost", 3, 0, 0, "0000000000000000000000000000000000000000000000000000000000000000"),
+	CNAME("_fedcba9876543210fedcba9876543210.go", "_45678901234abcdef45678901234abcd.ggedgsdned.acm-validations.aws."),
+	CNAME("opqrstuvwxyz", "gv-abcdefghijklmn.dv.googlehosted.com."),
+	CNAME("zyxwvutsrqpo", "gv-nmlkjihgfedcba.dv.googlehosted.com."),
+	CNAME("0123456789abcdef0123456789abcdef", "verify.bing.com.")
 )
diff --git a/commands/test_data/simple.com.zone.djs b/commands/test_data/simple.com.zone.djs
index 96c82dd8d..f230f45ab 100644
--- a/commands/test_data/simple.com.zone.djs
+++ b/commands/test_data/simple.com.zone.djs
@@ -2,23 +2,23 @@ var DSP_BIND = NewDnsProvider("bind", "BIND");
 var REG_CHANGEME = NewRegistrar("none");
 D("simple.com", REG_CHANGEME
 	, DnsProvider(DSP_BIND)
-	//, SOA('@', 'ns3.serverfault.com.', 'sysadmin.stackoverflow.com.', 2020022300, 3600, 600, 604800, 1440)
-	//, NAMESERVER('ns-1313.awsdns-36.org.')
-	//, NAMESERVER('ns-736.awsdns-28.net.')
-	//, NAMESERVER('ns-cloud-c1.googledomains.com.')
-	//, NAMESERVER('ns-cloud-c2.googledomains.com.')
-	, MX('@', 1, 'aspmx.l.google.com.')
-	, MX('@', 5, 'alt1.aspmx.l.google.com.')
-	, MX('@', 5, 'alt2.aspmx.l.google.com.')
-	, MX('@', 10, 'alt3.aspmx.l.google.com.')
-	, MX('@', 10, 'alt4.aspmx.l.google.com.')
-	, TXT('@', 'google-site-verification=O54a_pYHGr4EB8iLoGFgX8OTZ1DkP1KWnOLpx0YCazI')
-	, TXT('@', 'v=spf1 mx include:mktomail.com ~all')
-	, TXT('m1._domainkey', 'v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZfEV2C82eJ4OA3Mslz4C6msjYYalg1eUcHeJQ//QM1hOZSvn4qz+hSKGi7jwNDqsZNzM8vCt2+XzdDYL3JddwUEhoDsIsZsJW0qzIVVLLWCg6TLNS3FpVyjc171o94dpoHFekfswWDoEwFQ03Woq2jchYWBrbUf7MMcdEj/EQqwIDAQAB')
-	, CNAME('dev', 'stackoverflowsandbox2.mktoweb.com.')
-	, CNAME('dev-email', 'mkto-sj310056.com.')
-	, TXT('m1._domainkey.dev-email', 'v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCIBezZ2Gc+/3PghWk+YOE6T9HdwgUTMTR0Fne2i51MNN9Qs7AqDitVdG/949iDbI2fPNZSnKtOcnlLYwvve9MhMAMI1nZ26ILhgaBJi2BMZQpGFlO4ucuo/Uj4DPZ5Ge/NZHCX0CRhAhR5sRmL2OffNcFXFrymzUuz4KzI/NyUiwIDAQAB')
-	, CNAME('email', 'mkto-sj280138.com.')
-	, CNAME('info', 'stackoverflow.mktoweb.com.')
-	, SRV('_sip._tcp', 10, 60, 5060, 'bigbox.example.com.')
+	//, SOA("@", "ns3.serverfault.com.", "sysadmin.stackoverflow.com.", 2020022300, 3600, 600, 604800, 1440)
+	//, NAMESERVER("ns-1313.awsdns-36.org.")
+	//, NAMESERVER("ns-736.awsdns-28.net.")
+	//, NAMESERVER("ns-cloud-c1.googledomains.com.")
+	//, NAMESERVER("ns-cloud-c2.googledomains.com.")
+	, MX("@", 1, "aspmx.l.google.com.")
+	, MX("@", 5, "alt1.aspmx.l.google.com.")
+	, MX("@", 5, "alt2.aspmx.l.google.com.")
+	, MX("@", 10, "alt3.aspmx.l.google.com.")
+	, MX("@", 10, "alt4.aspmx.l.google.com.")
+	, TXT("@", "google-site-verification=O54a_pYHGr4EB8iLoGFgX8OTZ1DkP1KWnOLpx0YCazI")
+	, TXT("@", "v=spf1 mx include:mktomail.com ~all")
+	, TXT("m1._domainkey", "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZfEV2C82eJ4OA3Mslz4C6msjYYalg1eUcHeJQ//QM1hOZSvn4qz+hSKGi7jwNDqsZNzM8vCt2+XzdDYL3JddwUEhoDsIsZsJW0qzIVVLLWCg6TLNS3FpVyjc171o94dpoHFekfswWDoEwFQ03Woq2jchYWBrbUf7MMcdEj/EQqwIDAQAB")
+	, CNAME("dev", "stackoverflowsandbox2.mktoweb.com.")
+	, CNAME("dev-email", "mkto-sj310056.com.")
+	, TXT("m1._domainkey.dev-email", "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCIBezZ2Gc+/3PghWk+YOE6T9HdwgUTMTR0Fne2i51MNN9Qs7AqDitVdG/949iDbI2fPNZSnKtOcnlLYwvve9MhMAMI1nZ26ILhgaBJi2BMZQpGFlO4ucuo/Uj4DPZ5Ge/NZHCX0CRhAhR5sRmL2OffNcFXFrymzUuz4KzI/NyUiwIDAQAB")
+	, CNAME("email", "mkto-sj280138.com.")
+	, CNAME("info", "stackoverflow.mktoweb.com.")
+	, SRV("_sip._tcp", 10, 60, 5060, "bigbox.example.com.")
 )
diff --git a/commands/test_data/simple.com.zone.js b/commands/test_data/simple.com.zone.js
index 89682f7e7..9f17b4545 100644
--- a/commands/test_data/simple.com.zone.js
+++ b/commands/test_data/simple.com.zone.js
@@ -2,23 +2,23 @@ var DSP_BIND = NewDnsProvider("bind", "BIND");
 var REG_CHANGEME = NewRegistrar("none");
 D("simple.com", REG_CHANGEME,
 	DnsProvider(DSP_BIND),
-	//SOA('@', 'ns3.serverfault.com.', 'sysadmin.stackoverflow.com.', 2020022300, 3600, 600, 604800, 1440),
-	//NAMESERVER('ns-1313.awsdns-36.org.'),
-	//NAMESERVER('ns-736.awsdns-28.net.'),
-	//NAMESERVER('ns-cloud-c1.googledomains.com.'),
-	//NAMESERVER('ns-cloud-c2.googledomains.com.'),
-	MX('@', 1, 'aspmx.l.google.com.'),
-	MX('@', 5, 'alt1.aspmx.l.google.com.'),
-	MX('@', 5, 'alt2.aspmx.l.google.com.'),
-	MX('@', 10, 'alt3.aspmx.l.google.com.'),
-	MX('@', 10, 'alt4.aspmx.l.google.com.'),
-	TXT('@', 'google-site-verification=O54a_pYHGr4EB8iLoGFgX8OTZ1DkP1KWnOLpx0YCazI'),
-	TXT('@', 'v=spf1 mx include:mktomail.com ~all'),
-	TXT('m1._domainkey', 'v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZfEV2C82eJ4OA3Mslz4C6msjYYalg1eUcHeJQ//QM1hOZSvn4qz+hSKGi7jwNDqsZNzM8vCt2+XzdDYL3JddwUEhoDsIsZsJW0qzIVVLLWCg6TLNS3FpVyjc171o94dpoHFekfswWDoEwFQ03Woq2jchYWBrbUf7MMcdEj/EQqwIDAQAB'),
-	CNAME('dev', 'stackoverflowsandbox2.mktoweb.com.'),
-	CNAME('dev-email', 'mkto-sj310056.com.'),
-	TXT('m1._domainkey.dev-email', 'v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCIBezZ2Gc+/3PghWk+YOE6T9HdwgUTMTR0Fne2i51MNN9Qs7AqDitVdG/949iDbI2fPNZSnKtOcnlLYwvve9MhMAMI1nZ26ILhgaBJi2BMZQpGFlO4ucuo/Uj4DPZ5Ge/NZHCX0CRhAhR5sRmL2OffNcFXFrymzUuz4KzI/NyUiwIDAQAB'),
-	CNAME('email', 'mkto-sj280138.com.'),
-	CNAME('info', 'stackoverflow.mktoweb.com.'),
-	SRV('_sip._tcp', 10, 60, 5060, 'bigbox.example.com.')
+	//SOA("@", "ns3.serverfault.com.", "sysadmin.stackoverflow.com.", 2020022300, 3600, 600, 604800, 1440),
+	//NAMESERVER("ns-1313.awsdns-36.org."),
+	//NAMESERVER("ns-736.awsdns-28.net."),
+	//NAMESERVER("ns-cloud-c1.googledomains.com."),
+	//NAMESERVER("ns-cloud-c2.googledomains.com."),
+	MX("@", 1, "aspmx.l.google.com."),
+	MX("@", 5, "alt1.aspmx.l.google.com."),
+	MX("@", 5, "alt2.aspmx.l.google.com."),
+	MX("@", 10, "alt3.aspmx.l.google.com."),
+	MX("@", 10, "alt4.aspmx.l.google.com."),
+	TXT("@", "google-site-verification=O54a_pYHGr4EB8iLoGFgX8OTZ1DkP1KWnOLpx0YCazI"),
+	TXT("@", "v=spf1 mx include:mktomail.com ~all"),
+	TXT("m1._domainkey", "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZfEV2C82eJ4OA3Mslz4C6msjYYalg1eUcHeJQ//QM1hOZSvn4qz+hSKGi7jwNDqsZNzM8vCt2+XzdDYL3JddwUEhoDsIsZsJW0qzIVVLLWCg6TLNS3FpVyjc171o94dpoHFekfswWDoEwFQ03Woq2jchYWBrbUf7MMcdEj/EQqwIDAQAB"),
+	CNAME("dev", "stackoverflowsandbox2.mktoweb.com."),
+	CNAME("dev-email", "mkto-sj310056.com."),
+	TXT("m1._domainkey.dev-email", "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCIBezZ2Gc+/3PghWk+YOE6T9HdwgUTMTR0Fne2i51MNN9Qs7AqDitVdG/949iDbI2fPNZSnKtOcnlLYwvve9MhMAMI1nZ26ILhgaBJi2BMZQpGFlO4ucuo/Uj4DPZ5Ge/NZHCX0CRhAhR5sRmL2OffNcFXFrymzUuz4KzI/NyUiwIDAQAB"),
+	CNAME("email", "mkto-sj280138.com."),
+	CNAME("info", "stackoverflow.mktoweb.com."),
+	SRV("_sip._tcp", 10, 60, 5060, "bigbox.example.com.")
 )

From c2eb98993c6f466c71bcb3657efda02168e8c2e3 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 23 Aug 2023 10:27:13 -0400
Subject: [PATCH 28/79] DOCS: Improved docker instructions (#2532)

---
 README.md                        |  8 +++++++-
 documentation/getting-started.md | 13 ++-----------
 2 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index cec66a659..f2d29ba01 100644
--- a/README.md
+++ b/README.md
@@ -103,7 +103,13 @@ Running `dnscontrol preview` will talk to the providers (here name.com as regist
 
 Running `dnscontrol push` will make those changes with the provider and my dns records will be correctly updated.
 
-See [Getting Started](https://docs.dnscontrol.org/getting-started/getting-started) page on documentation site.
+The easiest way to run DNSControl is to use the Docker container:
+
+```
+docker run --rm -it -v "$(pwd):/dns"  ghcr.io/stackexchange/dnscontrol preview
+```
+
+See [Getting Started](https://docs.dnscontrol.org/getting-started/getting-started) page on documentation site to get started!
 
 ## Benefits
 
diff --git a/documentation/getting-started.md b/documentation/getting-started.md
index cb84c2c47..bc7dc51ba 100644
--- a/documentation/getting-started.md
+++ b/documentation/getting-started.md
@@ -23,19 +23,10 @@ sudo port install dnscontrol
 
 ### Docker
 
-You can use DNSControl locally using the Docker image from [Docker hub](https://hub.docker.com/r/stackexchange/dnscontrol/) and the command below.
+You can use DNSControl locally using the Docker image from [Docker hub](https://hub.docker.com/r/stackexchange/dnscontrol/)  or [Github Container Registry](https://github.com/stackexchange/dnscontrol/pkgs/container/dnscontrol) and the command below.
 
 ```shell
-docker run --rm \
-  -it \
-  -v $(pwd)/dnsconfig.js:/dns/dnsconfig.js \
-  -v $(pwd)/creds.json:/dns/creds.json \
-  -v $(pwd)/spfcache.updated.json:/dns/spfcache.updated.json \
-  -v $(pwd)/spfcache.json:/dns/spfcache.json \
-  -v $(pwd)/zones/:/dns/zones/ \
-  -u $(id -u ${USER}):$(id -g ${USER}) \
-  stackexchange/dnscontrol \
-  preview
+  docker run --rm -it -v "$(pwd):/dns"  ghcr.io/stackexchange/dnscontrol preview
 ```
 
 ### Binaries

From a7fe17a29c91057027d3cec9b792113202f8b9e4 Mon Sep 17 00:00:00 2001
From: tomf <tom@tom-fitzhenry.me.uk>
Date: Thu, 24 Aug 2023 14:29:27 +0000
Subject: [PATCH 29/79] Display changes, even if upstream has no records.
 (#2531)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 pkg/diff2/diff2.go | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/pkg/diff2/diff2.go b/pkg/diff2/diff2.go
index c17b8db60..d9ee3a195 100644
--- a/pkg/diff2/diff2.go
+++ b/pkg/diff2/diff2.go
@@ -178,12 +178,6 @@ func ByRecord(existing models.Records, dc *models.DomainConfig, compFunc Compara
 //
 // Example providers include: BIND, AUTODNS
 func ByZone(existing models.Records, dc *models.DomainConfig, compFunc ComparableFunc) ([]string, bool, error) {
-
-	if len(existing) == 0 {
-		// Nothing previously existed. No need to output a list of individual changes.
-		return nil, true, nil
-	}
-
 	// Only return the messages.  The caller has the list of records needed to build the new zone.
 	instructions, err := byHelper(analyzeByRecord, existing, dc, compFunc)
 	changes := false

From c69bd436785956cb1f49e9078e07b05d40136cfd Mon Sep 17 00:00:00 2001
From: tomf <tom@tom-fitzhenry.me.uk>
Date: Thu, 24 Aug 2023 14:31:04 +0000
Subject: [PATCH 30/79] Doc fixes noticed while writing a provider (#2530)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/testing-txt-records.md | 2 +-
 documentation/writing-providers.md   | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/documentation/testing-txt-records.md b/documentation/testing-txt-records.md
index 5c79b3d9e..695426e9b 100644
--- a/documentation/testing-txt-records.md
+++ b/documentation/testing-txt-records.md
@@ -1,6 +1,6 @@
 # TXT record testing
 
-We recently discovered a strange but with processing TXT records and
+We recently discovered a strange bug with processing TXT records and
 double-quotes. Sadly we haven't been able to determine a way to test this
 automatically. Therefore, I've written up this methodology.
 
diff --git a/documentation/writing-providers.md b/documentation/writing-providers.md
index 4580cbddc..b83e83f96 100644
--- a/documentation/writing-providers.md
+++ b/documentation/writing-providers.md
@@ -223,6 +223,7 @@ an automated way to test for this bug.  The manual steps are here in
 
 * Edit [README.md](https://github.com/StackExchange/dnscontrol): Add the provider to the bullet list.
 * Edit [documentation/providers.md](https://github.com/StackExchange/dnscontrol/blob/master/documentation/providers.md): Add the provider to the provider list.
+* Edit [documentation/SUMMARY.md](https://github.com/StackExchange/dnscontrol/blob/master/documentation/SUMMARY.md): Add the provider to the provider list.
 * Create `documentation/providers/PROVIDERNAME.md`: Use one of the other files in that directory as a base.
 * Edit [OWNERS](https://github.com/StackExchange/dnscontrol/blob/master/OWNERS): Add the directory name and your GitHub username.
 

From 541679386b4f0fecb9ba2e2244b1606365a35ebc Mon Sep 17 00:00:00 2001
From: tomf <tom@tom-fitzhenry.me.uk>
Date: Fri, 25 Aug 2023 13:24:44 +0000
Subject: [PATCH 31/79] NEW PROVIDER: Mythic Beasts DNS (#2528)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .goreleaser.yml                               |   2 +-
 OWNERS                                        |   1 +
 README.md                                     |   1 +
 documentation/SUMMARY.md                      |   1 +
 documentation/providers.md                    |   1 +
 documentation/providers/mythicbeasts.md       |  39 +++++
 integrationTest/providers.json                |   6 +
 providers/_all/all.go                         |   1 +
 providers/mythicbeasts/auditrecords.go        |  15 ++
 .../mythicbeasts/mythicbeastsProvider.go      | 147 ++++++++++++++++++
 10 files changed, 213 insertions(+), 1 deletion(-)
 create mode 100644 documentation/providers/mythicbeasts.md
 create mode 100644 providers/mythicbeasts/auditrecords.go
 create mode 100644 providers/mythicbeasts/mythicbeastsProvider.go

diff --git a/.goreleaser.yml b/.goreleaser.yml
index dbf10e4e8..ac5568685 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -33,7 +33,7 @@ changelog:
       regexp: "(?i)^.*(major|new provider|feature)[(\\w)]*:+.*$"
       order: 1
     - title: 'Provider-specific changes:'
-      regexp: "(?i)((akamaiedge|autodns|axfrd|azure|bind|cloudflare|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|inwx|linode|loopia|luadns|msdns|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|route53|rwth|softlayer|transip|vultr).*:)+.*"
+      regexp: "(?i)((akamaiedge|autodns|axfrd|azure|bind|cloudflare|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|inwx|linode|loopia|luadns|msdns|mythicbeasts|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|route53|rwth|softlayer|transip|vultr).*:)+.*"
       order: 2
     - title: 'Deprecation warnings:'
       regexp: "(?i)^.*Deprecate[(\\w)]*:+.*$"
diff --git a/OWNERS b/OWNERS
index c57767493..b1b524718 100644
--- a/OWNERS
+++ b/OWNERS
@@ -27,6 +27,7 @@ providers/linode @koesie10
 providers/loopia @systemcrash
 providers/luadns @riku22
 providers/msdns @tlimoncelli
+providers/mythicbeasts @tomfitzhenry
 providers/namecheap @willpower232
 # providers/namedotcom NEEDS VOLUNTEER
 providers/netcup @kordianbruck
diff --git a/README.md b/README.md
index f2d29ba01..1b658f66b 100644
--- a/README.md
+++ b/README.md
@@ -42,6 +42,7 @@ Currently supported DNS providers:
 - Loopia
 - LuaDNS
 - Microsoft Windows Server DNS Server
+- Mythic Beasts
 - Namecheap
 - Name.com
 - Netcup
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 2ab2aeb2a..cecf11e51 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -124,6 +124,7 @@
     * [Loopia](providers/loopia.md)
     * [LuaDNS](providers/luadns.md)
     * [Microsoft DNS Server on Microsoft Windows Server](providers/msdns.md)
+    * [Mythic Beasts](providers/mythicbeasts.md)
     * [Namecheap](providers/namecheap.md)
     * [Name.com](providers/namedotcom.md)
     * [Netcup](providers/netcup.md)
diff --git a/documentation/providers.md b/documentation/providers.md
index 7bc3ab87a..5a1eafece 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -43,6 +43,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`LOOPIA`](providers/loopia.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ✅ |
 | [`LUADNS`](providers/luadns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ |
 | [`MSDNS`](providers/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
+| [`MYTHICBEASTS`](providers/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ |
 | [`NAMECHEAP`](providers/namecheap.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❌ | ❌ | ✅ |
 | [`NAMEDOTCOM`](providers/namedotcom.md) | ❌ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ | ✅ |
 | [`NETCUP`](providers/netcup.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ❌ |
diff --git a/documentation/providers/mythicbeasts.md b/documentation/providers/mythicbeasts.md
new file mode 100644
index 000000000..f239722ce
--- /dev/null
+++ b/documentation/providers/mythicbeasts.md
@@ -0,0 +1,39 @@
+This is the provider for [Mythic Beasts](https://www.mythic-beasts.com/) using its [Primary DNS API v2](https://www.mythic-beasts.com/support/api/dnsv2).
+
+## Configuration
+
+To use this provider, add an entry to `creds.json` with `TYPE` set to `MYTHICBEASTS` along with a Mythic Beasts API key ID and secret.
+
+Example:
+
+{% code title="creds.json" %}
+```json
+{
+  "mythicbeasts": {
+    "TYPE": "MYTHICBEASTS",
+	"keyID": "xxxxxxx",
+	"secret": "xxxxxx"
+  }
+}
+```
+{% endcode %}
+
+## Usage
+
+For each domain:
+
+* Domains must be added in the [web UI](https://www.mythic-beasts.com/customer/domains), and have DNS enabled.
+* In Mythic Beasts' DNS management web UI, new domains will have set a default DNS template of "Mythic Beasts nameservers only". You must set this to "None".
+
+An example configuration:
+
+{% code title="dnsconfig.js" %}
+```javascript
+var REG_NONE = NewRegistrar("none");
+var DSP_MYTHIC = NewDnsProvider("mythicbeasts");
+
+D("example.com", REG_NONE, DnsProvider(DSP_MYTHIC),
+    A("test", "1.2.3.4")
+);
+```
+{% endcode %}
diff --git a/integrationTest/providers.json b/integrationTest/providers.json
index 5bc22885c..019876b8d 100644
--- a/integrationTest/providers.json
+++ b/integrationTest/providers.json
@@ -179,6 +179,12 @@
     "domain": "$MSDNS_DOMAIN",
     "pssession": "$MSDNS_PSSESSION"
   },
+  "MYTHICBEASTS": {
+    "TYPE": "MYTHICBEASTS",
+    "keyID": "$MYTHICBEASTS_KEYID",
+    "secret": "$MYTHICBEASTS_SECRET",
+    "domain": "$MYTHICBEASTS_DOMAIN"
+  },
   "NAMECHEAP": {
     "BaseURL": "$NAMECHEAP_BASEURL",
     "TYPE": "NAMECHEAP",
diff --git a/providers/_all/all.go b/providers/_all/all.go
index 9fcbaa7f4..9f6ab843b 100644
--- a/providers/_all/all.go
+++ b/providers/_all/all.go
@@ -32,6 +32,7 @@ import (
 	_ "github.com/StackExchange/dnscontrol/v4/providers/loopia"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/luadns"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/msdns"
+	_ "github.com/StackExchange/dnscontrol/v4/providers/mythicbeasts"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/namecheap"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/namedotcom"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/netcup"
diff --git a/providers/mythicbeasts/auditrecords.go b/providers/mythicbeasts/auditrecords.go
new file mode 100644
index 000000000..7f7d242cb
--- /dev/null
+++ b/providers/mythicbeasts/auditrecords.go
@@ -0,0 +1,15 @@
+package mythicbeasts
+
+import (
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rejectif"
+)
+
+// AuditRecords returns a list of errors corresponding to the records
+// that aren't supported by this provider.  If all records are
+// supported, an empty list is returned.
+func AuditRecords(records []*models.RecordConfig) []error {
+	a := rejectif.Auditor{}
+	a.Add("TXT", rejectif.TxtHasDoubleQuotes)
+	return nil
+}
diff --git a/providers/mythicbeasts/mythicbeastsProvider.go b/providers/mythicbeasts/mythicbeastsProvider.go
new file mode 100644
index 000000000..69f300988
--- /dev/null
+++ b/providers/mythicbeasts/mythicbeastsProvider.go
@@ -0,0 +1,147 @@
+// Package mythicbeasts provides a provider for managing zones in Mythic Beasts.
+//
+// This package uses the Primary DNS API v2, as described in https://www.mythic-beasts.com/support/api/dnsv2
+package mythicbeasts
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"strings"
+
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
+	"github.com/StackExchange/dnscontrol/v4/providers"
+	"github.com/miekg/dns"
+)
+
+// mythicBeastsDefaultNS lists the default nameservers, per https://www.mythic-beasts.com/support/domains/nameservers.
+var mythicBeastsDefaultNS = []string{
+	"ns1.mythic-beasts.com",
+	"ns2.mythic-beasts.com",
+}
+
+// mythicBeastsProvider is the handle for this provider.
+type mythicBeastsProvider struct {
+	secret string
+	keyID  string
+	client *http.Client
+}
+
+var features = providers.DocumentationNotes{
+	providers.CanGetZones:            providers.Can(),
+	providers.CanUseAlias:            providers.Cannot(),
+	providers.CanUseCAA:              providers.Can(),
+	providers.CanUseLOC:              providers.Cannot(),
+	providers.CanUsePTR:              providers.Can(),
+	providers.CanUseSRV:              providers.Can(),
+	providers.CanUseTLSA:             providers.Can(),
+	providers.DocCreateDomains:       providers.Cannot("Requires domain registered through Web UI"),
+	providers.DocDualHost:            providers.Can(),
+	providers.DocOfficiallySupported: providers.Cannot(),
+}
+
+func init() {
+	fns := providers.DspFuncs{
+		Initializer:   newDsp,
+		RecordAuditor: AuditRecords,
+	}
+	providers.RegisterDomainServiceProviderType("MYTHICBEASTS", fns, features)
+}
+
+func newDsp(conf map[string]string, metadata json.RawMessage) (providers.DNSServiceProvider, error) {
+	if conf["keyID"] == "" {
+		return nil, fmt.Errorf("missing Mythic Beasts auth keyID")
+	}
+	if conf["secret"] == "" {
+		return nil, fmt.Errorf("missing Mythic Beasts auth secret")
+	}
+	return &mythicBeastsProvider{
+		keyID:  conf["keyID"],
+		secret: conf["secret"],
+		client: &http.Client{},
+	}, nil
+}
+
+func (n *mythicBeastsProvider) httpRequest(method, url string, body io.Reader) (*http.Response, error) {
+	req, err := http.NewRequest(method, "https://api.mythic-beasts.com/dns/v2"+url, body)
+	if err != nil {
+		return nil, err
+	}
+	// https://www.mythic-beasts.com/support/api/auth
+	req.SetBasicAuth(n.keyID, n.secret)
+	req.Header.Add("Content-Type", "text/dns")
+	req.Header.Add("Accept", "text/dns")
+	return n.client.Do(req)
+}
+
+// GetZoneRecords gets the records of a zone and returns them in RecordConfig format.
+func (n *mythicBeastsProvider) GetZoneRecords(domain string, meta map[string]string) (models.Records, error) {
+	resp, err := n.httpRequest("GET", "/zones/"+domain+"/records", nil)
+	if err != nil {
+		return nil, err
+	}
+	if got, want := resp.StatusCode, 200; got != want {
+		body, _ := ioutil.ReadAll(resp.Body)
+		return nil, fmt.Errorf("got HTTP %v, want %v: %v", got, want, string(body))
+	}
+	return zoneFileToRecords(resp.Body, domain)
+}
+
+func zoneFileToRecords(r io.Reader, origin string) (models.Records, error) {
+	zp := dns.NewZoneParser(r, origin, origin)
+	var records []*models.RecordConfig
+	for rr, ok := zp.Next(); ok; rr, ok = zp.Next() {
+		rec, err := models.RRtoRC(rr, origin)
+		if err != nil {
+			return nil, err
+		}
+		records = append(records, &rec)
+	}
+
+	if err := zp.Err(); err != nil {
+		return nil, fmt.Errorf("parsing zone for %v: %w", origin, err)
+	}
+	return records, nil
+}
+
+// GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
+func (n *mythicBeastsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, error) {
+	msgs, changes, err := diff2.ByZone(actual, dc, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var corrections []*models.Correction
+	if changes {
+		corrections = append(corrections,
+			&models.Correction{
+				Msg: strings.Join(msgs, "\n"),
+				F: func() error {
+					var b strings.Builder
+					for _, rr := range dc.Records {
+						fmt.Fprintf(&b, "%v\n", rr.ToRR().String())
+					}
+
+					resp, err := n.httpRequest("PUT", "/zones/"+dc.Name+"/records", strings.NewReader(b.String()))
+					if err != nil {
+						return err
+					}
+					if got, want := resp.StatusCode, 200; got != want {
+						body, _ := ioutil.ReadAll(resp.Body)
+						return fmt.Errorf("got HTTP %v, want %v: %v", got, want, string(body))
+					}
+					return nil
+				},
+			})
+	}
+
+	return corrections, nil
+}
+
+// GetNameservers returns the nameservers for a domain.
+func (n *mythicBeastsProvider) GetNameservers(domainName string) ([]*models.Nameserver, error) {
+	return models.ToNameservers(mythicBeastsDefaultNS)
+}

From 7e2e3bd4e45e0df2bbd942a4b33821e3dc0f1fb6 Mon Sep 17 00:00:00 2001
From: Erik <derfree@gmail.com>
Date: Fri, 25 Aug 2023 15:26:47 +0200
Subject: [PATCH 32/79] AUTODNS: Added CAA records (#2533)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers.md           |  2 +-
 providers/autodns/autoDnsProvider.go | 17 ++++++++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 5a1eafece..1e42c150b 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -15,7 +15,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | Provider name | Official Support | DNS Provider | Registrar | [`ALIAS`](functions/domain/ALIAS.md) | [`CAA`](functions/domain/CAA.md) | [`AUTODNSSEC`](functions/domain/AUTODNSSEC_ON.md) | [`LOC`](functions/domain/LOC.md) | [`NAPTR`](functions/domain/NAPTR.md) | [`PTR`](functions/domain/PTR.md) | [`SOA`](functions/domain/SOA.md) | [`SRV`](functions/domain/SRV.md) | [`SSHFP`](functions/domain/SSHFP.md) | [`TLSA`](functions/domain/TLSA.md) | [`DS`](functions/domain/DS.md) | dual host | create-domains | [`NO_PURGE`](functions/domain/NO_PURGE.md) | get-zones |
 | ------------- | ---------------- | ------------ | --------- | ------------------------------------ | -------------------------------- | ------------------------------------------------- | -------------------------------- | ------------------------------------ | -------------------------------- | -------------------------------- | -------------------------------- | ------------------------------------ | ---------------------------------- | ------------------------------ | --------- | -------------- | ------------------------------------------ | --------- |
 | [`AKAMAIEDGEDNS`](providers/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ |
-| [`AUTODNS`](providers/autodns.md) | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
+| [`AUTODNS`](providers/autodns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
 | [`AXFRDDNS`](providers/axfrddns.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ |
 | [`AZURE_DNS`](providers/azure_dns.md) | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ |
 | [`BIND`](providers/bind.md) | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ |
diff --git a/providers/autodns/autoDnsProvider.go b/providers/autodns/autoDnsProvider.go
index 7682118c5..cd0184966 100644
--- a/providers/autodns/autoDnsProvider.go
+++ b/providers/autodns/autoDnsProvider.go
@@ -20,7 +20,7 @@ import (
 var features = providers.DocumentationNotes{
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
-	providers.CanUseCAA:              providers.Cannot(),
+	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot(),
 	providers.CanUsePTR:              providers.Cannot(),
 	providers.CanUseSRV:              providers.Can(),
@@ -144,6 +144,13 @@ func (api *autoDNSProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, e
 										record.GetTargetField(),
 									)
 								}
+								if record.Type == "CAA" {
+									resourceRecord.Value = fmt.Sprintf("%d %s \"%s\"",
+										record.CaaFlag,
+										record.CaaTag,
+										record.GetTargetField(),
+									)
+								}
 
 								resourceRecords = append(resourceRecords, resourceRecord)
 							}
@@ -236,6 +243,14 @@ func recordsToNative(recs models.Records) ([]*models.Nameserver, uint32, []*Reso
 				)
 			}
 
+			if record.Type == "CAA" {
+				resourceRecord.Value = fmt.Sprintf("%d %s \"%s\"",
+					record.CaaFlag,
+					record.CaaTag,
+					record.GetTargetField(),
+				)
+			}
+
 			resourceRecords = append(resourceRecords, resourceRecord)
 		}
 	}

From d8047eb1125d65272853130c34ae5000538a4dbc Mon Sep 17 00:00:00 2001
From: Brice Figureau <brice+github@figureau.eu>
Date: Tue, 29 Aug 2023 19:23:04 +0200
Subject: [PATCH 33/79] OVH: allow native OVH records for DKIM, etc. to be
 managed (#2535)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 integrationTest/integration_test.go | 46 +++++++++++++++++++++
 providers/ovh/protocol.go           | 63 +++++++++++++++++++++++------
 2 files changed, 96 insertions(+), 13 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index c6cb7a119..2457c758c 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -348,6 +348,7 @@ func runTests(t *testing.T, prv providers.DNSServiceProvider, domainName string,
 }
 
 func TestDualProviders(t *testing.T) {
+	t.Skip()
 	p, domain, _, _ := getProvider(t)
 	if p == nil {
 		return
@@ -652,6 +653,27 @@ func sshfp(name string, algorithm uint8, fingerprint uint8, target string) *mode
 	return r
 }
 
+func ovhdkim(name, target string) *models.RecordConfig {
+	return makeOvhNativeRecord(name, target, "DKIM")
+}
+
+func ovhspf(name, target string) *models.RecordConfig {
+	return makeOvhNativeRecord(name, target, "SPF")
+}
+
+func ovhdmarc(name, target string) *models.RecordConfig {
+	return makeOvhNativeRecord(name, target, "DMARC")
+}
+
+func makeOvhNativeRecord(name, target, rType string) *models.RecordConfig {
+	r := makeRec(name, "", "TXT")
+	r.Metadata = make(map[string]string)
+	r.Metadata["create_ovh_native_record"] = rType
+	r.TxtStrings = []string{target}
+	r.SetTarget(target)
+	return r
+}
+
 func testgroup(desc string, items ...interface{}) *TestGroup {
 	group := &TestGroup{Desc: desc}
 	for _, item := range items {
@@ -2030,6 +2052,30 @@ func makeTests(t *testing.T) []*TestGroup {
 			).ExpectNoChanges(),
 		).Diff2Only(),
 
+		testgroup("structured TXT",
+			only("OVH"),
+			tc("Create TXT",
+				txt("spf", "v=spf1 ip4:99.99.99.99 -all"),
+				txt("dkim", "v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzwOUgwGWVIwQG8PBl89O37BdaoqEd/rT6r/Iot4PidtPJkPbVxWRi0mUgduAnsO8zHCz2QKAd5wPe9+l+Stwy6e0h27nAOkI/Edx3qwwWqWSUfwfIBWZG+lrFrhWgSIWCj2/TMkMMzBZJdhVszCzdGQiNPkGvKgjfqW5T0TZt0QIDAQAB"),
+				txt("_dmarc", "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com")),
+			tc("Update TXT",
+				txt("spf", "v=spf1 a mx -all"),
+				txt("dkim", "v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDk72yk6UML8LGIXFobhvx6UDUntqGzmyie2FLMyrOYk1C7CVYR139VMbO9X1rFvZ8TaPnMCkMbuEGWGgWNc27MLYKfI+wP/SYGjRS98TNl9wXxP8tPfr6id5gks95sEMMaYTu8sctnN6sBOvr4hQ2oipVcBn/oxkrfhqvlcat5gQIDAQAB"),
+				txt("_dmarc", "v=DMARC1; p=none; rua=mailto:dmarc@example.com")),
+		),
+
+		testgroup("structured TXT as native records",
+			only("OVH"),
+			tc("Create native OVH records",
+				ovhspf("spf", "v=spf1 ip4:99.99.99.99 -all"),
+				ovhdkim("dkim", "v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzwOUgwGWVIwQG8PBl89O37BdaoqEd/rT6r/Iot4PidtPJkPbVxWRi0mUgduAnsO8zHCz2QKAd5wPe9+l+Stwy6e0h27nAOkI/Edx3qwwWqWSUfwfIBWZG+lrFrhWgSIWCj2/TMkMMzBZJdhVszCzdGQiNPkGvKgjfqW5T0TZt0QIDAQAB"),
+				ovhdmarc("_dmarc", "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com")),
+			tc("Update native OVH records",
+				ovhspf("spf", "v=spf1 a mx -all"),
+				ovhdkim("dkim", "v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDk72yk6UML8LGIXFobhvx6UDUntqGzmyie2FLMyrOYk1C7CVYR139VMbO9X1rFvZ8TaPnMCkMbuEGWGgWNc27MLYKfI+wP/SYGjRS98TNl9wXxP8tPfr6id5gks95sEMMaYTu8sctnN6sBOvr4hQ2oipVcBn/oxkrfhqvlcat5gQIDAQAB"),
+				ovhdmarc("_dmarc", "v=DMARC1; p=none; rua=mailto:dmarc@example.com")),
+		),
+
 		// Narrative: Congrats! You're done!  If you've made it this far
 		// you're very close to being able to submit your PR.  Here's
 		// some tips:
diff --git a/providers/ovh/protocol.go b/providers/ovh/protocol.go
index 4d67c72b6..c86fa4ea6 100644
--- a/providers/ovh/protocol.go
+++ b/providers/ovh/protocol.go
@@ -3,7 +3,6 @@ package ovh
 import (
 	"errors"
 	"fmt"
-	"strings"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/miekg/dns/dnsutil"
@@ -109,17 +108,30 @@ func (c *ovhProvider) deleteRecordFunc(id int64, fqdn string) func() error {
 // Returns a function that can be invoked to create a record in a zone.
 func (c *ovhProvider) createRecordFunc(rc *models.RecordConfig, fqdn string) func() error {
 	return func() error {
+		recordType := rc.Type
+		if nativeType, ok := rc.Metadata["create_ovh_native_record"]; ok {
+			recordType = nativeType
+		}
 		record := Record{
 			SubDomain: dnsutil.TrimDomainName(rc.GetLabelFQDN(), fqdn),
-			FieldType: rc.Type,
+			FieldType: recordType,
 			Target:    rc.GetTargetCombined(),
 			TTL:       rc.TTL,
 		}
 		if record.SubDomain == "@" {
 			record.SubDomain = ""
 		}
+
+		// note that we never create OVH custom TXT records such as DKIM, SPF or DMARC, instead we prefer to
+		// use regular TXT records, unless the record is anotated with the `create_ovh_native_record` metadata
+
+		err := adaptNativeRecord(&record)
+		if err != nil {
+			return err
+		}
+
 		var response Record
-		err := c.client.CallAPI("POST", fmt.Sprintf("/domain/zone/%s/record", fqdn), &record, &response, true)
+		err = c.client.CallAPI("POST", fmt.Sprintf("/domain/zone/%s/record", fqdn), &record, &response, true)
 		return err
 	}
 }
@@ -127,9 +139,19 @@ func (c *ovhProvider) createRecordFunc(rc *models.RecordConfig, fqdn string) fun
 // Returns a function that can be invoked to update a record in a zone.
 func (c *ovhProvider) updateRecordFunc(old *Record, rc *models.RecordConfig, fqdn string) func() error {
 	return func() error {
+		recordType := rc.Type
+
+		if rc.Type != "TXT" && (old.FieldType == "DKIM" || old.FieldType == "SPF" || old.FieldType == "DMARC") {
+			return fmt.Errorf("OVH doesn't allow to change %s native type to a non TXT type - delete the record manually and run dnscontrol again", old.FieldType)
+		}
+
+		if old.FieldType == "DKIM" || old.FieldType == "SPF" || old.FieldType == "DMARC" {
+			recordType = old.FieldType
+		}
+
 		record := Record{
 			SubDomain: rc.GetLabel(),
-			FieldType: rc.Type,
+			FieldType: recordType,
 			Target:    rc.GetTargetCombined(),
 			TTL:       rc.TTL,
 			Zone:      fqdn,
@@ -139,21 +161,36 @@ func (c *ovhProvider) updateRecordFunc(old *Record, rc *models.RecordConfig, fqd
 			record.SubDomain = ""
 		}
 
-		// We do this last just right before the final API call
-		if c.isDKIMRecord(rc) {
-			// When DKIM value is longer than 255, the MODIFY fails with "Try to alter read-only properties: fieldType"
-			// Setting FieldType to empty string results in the property not being altered, hence error does not occur.
-			record.FieldType = "DKIM"
+		err := adaptNativeRecord(&record)
+		if err != nil {
+			return err
 		}
-		err := c.client.CallAPI("PUT", fmt.Sprintf("/domain/zone/%s/record/%d", fqdn, old.ID), &record, &Void{}, true)
+
+		// Native DKIM, SPF or DMARC record field type created through the OVH UI shouldn't be updated
+		// or  we get the "Try to alter read-only properties: fieldType" error
+		switch old.FieldType {
+		case "DKIM", "SPF", "DMARC":
+			record.FieldType = ""
+		}
+
+		err = c.client.CallAPI("PUT", fmt.Sprintf("/domain/zone/%s/record/%d", fqdn, old.ID), &record, &Void{}, true)
 
 		return err
 	}
 }
 
-// Check if provided record is DKIM
-func (c *ovhProvider) isDKIMRecord(rc *models.RecordConfig) bool {
-	return (rc != nil && rc.Type == "TXT" && strings.Contains(rc.GetLabel(), "._domainkey"))
+// adaptNativeRecord adapts the record for native OVH types such as DMARC or DKIM
+func adaptNativeRecord(r *Record) error {
+	// OVH needs DMARC and DKIM to be "unquoted"
+	if r.FieldType == "DMARC" || r.FieldType == "DKIM" {
+		// make sure target is fully unquoted to prevent "Invalid subfield found in DMARC" error
+		r.Target = models.StripQuotes(r.Target)
+	}
+	// DMARC record can be created only for `_dmarc` subdomain
+	if r.FieldType == "DMARC" && r.SubDomain != "_dmarc" {
+		return fmt.Errorf("native OVH DMARC record requires subdomain to always be _dmarc, %s given", r.SubDomain)
+	}
+	return nil
 }
 
 // refreshZone initiates a refresh task on OVHs backend

From 8bf996bb8ec455517041206e1d924e68f36b211d Mon Sep 17 00:00:00 2001
From: Costas Drogos <costas.drogos@gmail.com>
Date: Tue, 29 Aug 2023 19:24:09 +0200
Subject: [PATCH 34/79] Strip ANSI color codes from notifications (#2508)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 pkg/notifications/notifications.go      | 18 +++++++++++++++++-
 pkg/notifications/notifications_test.go | 25 +++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 pkg/notifications/notifications_test.go

diff --git a/pkg/notifications/notifications.go b/pkg/notifications/notifications.go
index 2a29490b1..c454cfd74 100644
--- a/pkg/notifications/notifications.go
+++ b/pkg/notifications/notifications.go
@@ -1,5 +1,7 @@
 package notifications
 
+import "regexp"
+
 // Notifier is a type that can send a notification
 type Notifier interface {
 	// Notify will be called after a correction is performed.
@@ -14,6 +16,9 @@ type Notifier interface {
 // new notification types should add themselves to this array
 var initers = []func(map[string]string) Notifier{}
 
+// matches ansi color codes
+var ansiColorRegex = regexp.MustCompile(`\x1b\[[0-9;]*m`)
+
 // Init will take the given config map (from creds.json notifications key) and create a single Notifier with
 // all notifications it has full config for.
 func Init(config map[string]string) Notifier {
@@ -29,9 +34,20 @@ func Init(config map[string]string) Notifier {
 
 type multiNotifier []Notifier
 
+// removes any ansi color codes from a given string
+func stripAnsiColors(colored string) string {
+	return ansiColorRegex.ReplaceAllString(colored, "")
+}
+
 func (m multiNotifier) Notify(domain, provider string, message string, err error, preview bool) {
+
+	// force-remove ansi colors that might come with the message from dnscontrol.
+	// These usually don't render well in notifiers, outputting escape codes.
+	// If a notifier wants to output colors, they should probably implement
+	// them natively.
+	nMsg := stripAnsiColors(message)
 	for _, n := range m {
-		n.Notify(domain, provider, message, err, preview)
+		n.Notify(domain, provider, nMsg, err, preview)
 	}
 }
 func (m multiNotifier) Done() {
diff --git a/pkg/notifications/notifications_test.go b/pkg/notifications/notifications_test.go
new file mode 100644
index 000000000..456302f68
--- /dev/null
+++ b/pkg/notifications/notifications_test.go
@@ -0,0 +1,25 @@
+package notifications
+
+import "testing"
+
+func Test_stripAnsiColorsValid(t *testing.T) {
+
+	coloredStr := "\x1b[0133myellow\x1b[0m" // 33 == yellow
+	nonColoredStr := "yellow"
+
+	s := stripAnsiColors(coloredStr)
+	if s != nonColoredStr {
+		t.Errorf("stripAnsiColors() stripped %q different from %q", coloredStr, nonColoredStr)
+	}
+}
+
+func Test_stripAnsiColorsInvalid(t *testing.T) {
+
+	coloredStr := "\x1b[01AAmyellow\x1b[0m" // AA not a real color
+	nonColoredStr := "yellow"
+
+	s := stripAnsiColors(coloredStr)
+	if s == nonColoredStr {
+		t.Errorf("stripAnsiColors() stripped %q should be different from %q", coloredStr, nonColoredStr)
+	}
+}

From e26afaf7e0413c62d247594e6a3b72f0d203ce8f Mon Sep 17 00:00:00 2001
From: Chris Brown <5036744+chrisbrownie@users.noreply.github.com>
Date: Wed, 30 Aug 2023 03:25:06 +1000
Subject: [PATCH 35/79] New feature: Telegram Notifier (#2503)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/notifications.md |  6 ++++
 pkg/notifications/telegram.go  | 56 ++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100644 pkg/notifications/telegram.go

diff --git a/documentation/notifications.md b/documentation/notifications.md
index 72eb739e5..081e1dc3a 100644
--- a/documentation/notifications.md
+++ b/documentation/notifications.md
@@ -82,6 +82,12 @@ Please see the [Teams documentation](https://docs.microsoft.com/en-us/microsoftt
 
 Configure `teams_url` to this webhook.
 
+### Telegram
+
+If you want to use the [Telegram](https://telegram.org/) integration, you need to create a Telegram bot and obtain a Bot Token, as well as a Chat ID. Get a Bot Token by contacting [@BotFather](https://telegram.me/botfather), and a Chat ID by contacting [@myidbot](https://telegram.me/myidbot).
+
+Configure `telegram_bot_token` and `telegram_chat_id` to these values.
+
 ### Bonfire
 
 This is Stack Overflow's built in chat system. This is probably not useful for most people.
diff --git a/pkg/notifications/telegram.go b/pkg/notifications/telegram.go
new file mode 100644
index 000000000..5d081eacf
--- /dev/null
+++ b/pkg/notifications/telegram.go
@@ -0,0 +1,56 @@
+package notifications
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strconv"
+)
+
+func init() {
+	initers = append(initers, func(cfg map[string]string) Notifier {
+		if bot_token, ok := cfg["telegram_bot_token"]; ok {
+			if chat_id, ok := cfg["telegram_chat_id"]; ok {
+				notifier := &telegramNotifier{
+					BOT_TOKEN: bot_token,
+					CHAT_ID:   chat_id,
+				}
+				return notifier
+			}
+		}
+		return nil
+	})
+}
+
+// telegramNotifier sends notifications to Telegram
+type telegramNotifier struct {
+	BOT_TOKEN string
+	CHAT_ID   string
+}
+
+func (s *telegramNotifier) Notify(domain, provider, msg string, err error, preview bool) {
+	var payload struct {
+		ChatID int64  `json:"chat_id"`
+		Text   string `json:"text"`
+	}
+
+	var url = fmt.Sprintf("https://api.telegram.org/bot%s/sendMessage", s.BOT_TOKEN)
+
+	payload.ChatID, _ = strconv.ParseInt(s.CHAT_ID, 10, 64)
+
+	if preview {
+		payload.Text = fmt.Sprintf(`DNSControl preview: %s[%s] -** %s`, domain, provider, msg)
+	} else if err != nil {
+		payload.Text = fmt.Sprintf(`DNSControl ERROR running correction on %s[%s] -** (%s) Error: %s`, domain, provider, msg, err)
+	} else {
+		payload.Text = fmt.Sprintf(`DNSControl successfully ran correction for **%s[%s]** - %s`, domain, provider, msg)
+	}
+
+	marshaled_payload, _ := json.Marshal(payload)
+
+	_, _ = http.Post(url, "application/json", bytes.NewBuffer(marshaled_payload))
+
+}
+
+func (s *telegramNotifier) Done() {}

From e32bdc053f64efc78a9f1fc3ac25cd8af6737425 Mon Sep 17 00:00:00 2001
From: Vincent Hagen <blackshadev@users.noreply.github.com>
Date: Tue, 29 Aug 2023 20:00:09 +0200
Subject: [PATCH 36/79] NEW FEATURE: Order changes based on the record
 dependencies (#2419)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Co-authored-by: Tom Limoncelli <tal@whatexit.org>
---
 commands/commands.go                  |   5 +
 docs/index.md                         |   3 +
 documentation/SUMMARY.md              |   1 +
 documentation/ordering.md             |  39 +++
 integrationTest/integration_test.go   |   6 +-
 models/record.go                      |  31 +-
 pkg/diff2/analyze.go                  |   8 +
 pkg/diff2/analyze_test.go             | 476 ++++++++++++++++----------
 pkg/diff2/compareconfig_test.go       |  27 +-
 pkg/diff2/diff2.go                    |  26 ++
 pkg/diff2/flag.go                     |   3 +
 pkg/diff2/ordering.go                 |  28 ++
 pkg/dnsgraph/dependencies.go          |  11 +
 pkg/dnsgraph/dnsgraph.go              | 143 ++++++++
 pkg/dnsgraph/dnsgraph_test.go         |  68 ++++
 pkg/dnsgraph/graphable.go             |  36 ++
 pkg/dnsgraph/testutils/stubrecords.go |  31 ++
 pkg/dnssort/graphsort.go              | 121 +++++++
 pkg/dnssort/graphsort_test.go         | 191 +++++++++++
 pkg/dnssort/result.go                 |   8 +
 pkg/dnstree/dnstree.go                | 144 ++++++++
 pkg/dnstree/dnstree_test.go           |  64 ++++
 22 files changed, 1265 insertions(+), 205 deletions(-)
 create mode 100644 documentation/ordering.md
 create mode 100644 pkg/diff2/ordering.go
 create mode 100644 pkg/dnsgraph/dependencies.go
 create mode 100644 pkg/dnsgraph/dnsgraph.go
 create mode 100644 pkg/dnsgraph/dnsgraph_test.go
 create mode 100644 pkg/dnsgraph/graphable.go
 create mode 100644 pkg/dnsgraph/testutils/stubrecords.go
 create mode 100644 pkg/dnssort/graphsort.go
 create mode 100644 pkg/dnssort/graphsort_test.go
 create mode 100644 pkg/dnssort/result.go
 create mode 100644 pkg/dnstree/dnstree.go
 create mode 100644 pkg/dnstree/dnstree_test.go

diff --git a/commands/commands.go b/commands/commands.go
index a951ad506..ac858550b 100644
--- a/commands/commands.go
+++ b/commands/commands.go
@@ -70,6 +70,11 @@ func Run(v string) int {
 			Destination: &diff2.EnableDiff2,
 			Value:       true,
 		},
+		&cli.BoolFlag{
+			Name:        "disableordering",
+			Usage:       "Disables the dns ordering part of the diff2 package",
+			Destination: &diff2.DisableOrdering,
+		},
 		&cli.BoolFlag{
 			Name:        "no-colors",
 			Usage:       "Disable colors",
diff --git a/docs/index.md b/docs/index.md
index 8b1c132a9..922a43d14 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -206,6 +206,9 @@ title: DNSControl
                 <li>
                     <a href="https://docs.dnscontrol.org/developer-info/adding-new-rtypes">Step-by-Step Guide: Adding new DNS rtypes</a>: How to add a new DNS record type
                 </li>
+                <li>
+                    <a href="https://docs.dnscontrol.org/developer-info/ordering">DNS reordering</a>: How DNSControl determines the order of the changes
+                </li>
             </ul>
         </div>
     </div>
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index cecf11e51..050ec85c3 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -169,6 +169,7 @@
 * [Debugging with dlv](debugging-with-dlv.md)
 * [ALIAS Records](alias.md)
 * [TXT record testing](testing-txt-records.md)
+* [DNS records ordering](ordering.md)
 
 ## Release
 
diff --git a/documentation/ordering.md b/documentation/ordering.md
new file mode 100644
index 000000000..f30829504
--- /dev/null
+++ b/documentation/ordering.md
@@ -0,0 +1,39 @@
+# Ordering of DNS records
+
+DNSControl tries to automatically reorder the pending changes based on the dependencies of the records.
+For example, if an A record and a CNAME that points to the A record are created at the same time, some providers require the A record to be created before the CNAME.
+
+Some providers explicitly require the targets of certain records like CNAMEs to exist, and source records to be valid. This makes it not always possible to "just" apply the pending changes in any order. This is why reordering the records based on the dependencies and the type of operation is required.
+
+## Practical example
+
+```js
+D('example.com', REG_NONE, DnsProvider(DNS_BIND),
+    CNAME('foo', 'bar')
+    A('bar', '1.2.3.4'),
+);
+```
+
+`foo` requires `bar` to exist. Thus `bar` needs to exist before `foo`. But when deleting these records, `foo` needs to be deleted before `bar`.
+
+## Unresolved records
+
+DNSControl can produce a warning stating it found `unresolved records` this is most likely because of a cycle in the targets of your records. For instance in the code sample below both `foo` and `bar` depend on each other and thus will produce the warning.
+
+Such updates will be done after all other updates to that domain.
+
+In this (contrived) example, it is impossible to know which CNAME should be created first. Therefore they will be done in a non-deterministic order after all other updates to that domain:
+
+```js
+D('example.com', REG_NONE, DnsProvider(DNS_BIND),
+    CNAME('foo', 'bar')
+    CNAME('bar', 'foo'),
+);
+```
+
+
+## Disabling ordering
+
+The re-ordering feature can be disabled using the `--disableordering` global flag (it goes before `preview` or `push`). While the code has been extensively tested, it is new and you may still find a bug.  This flag leaves the updates unordered and may require multiple `push` runs to complete the update.
+
+If you encounter any issues with the reordering please [open an issue](https://github.com/StackExchange/dnscontrol/issues). 
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 2457c758c..66dadb8fe 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1986,15 +1986,15 @@ func makeTests(t *testing.T) []*TestGroup {
 		testgroup("IGNORE_TARGET function CNAME",
 			tc("Create some records",
 				cname("foo", "test.foo.com."),
-				cname("keep", "keep.example.com."),
+				cname("keep", "keeper.example.com."),
 			),
 			tc("ignoring CNAME=test.foo.com.",
 				ignoreTarget("test.foo.com.", "CNAME"),
-				cname("keep", "keep.example.com."),
+				cname("keep", "keeper.example.com."),
 			).ExpectNoChanges(),
 			tc("ignoring CNAME=test.foo.com. and add",
 				ignoreTarget("test.foo.com.", "CNAME"),
-				cname("keep", "keep.example.com."),
+				cname("keep", "keeper.example.com."),
 				a("adding", "1.2.3.4"),
 				cname("another", "www.example.com."),
 			),
diff --git a/models/record.go b/models/record.go
index 80b206223..9c958a808 100644
--- a/models/record.go
+++ b/models/record.go
@@ -455,6 +455,19 @@ func (rc *RecordConfig) ToRR() dns.RR {
 	return rr
 }
 
+// GetDependencies returns the FQDNs on which this record dependents
+func (rc *RecordConfig) GetDependencies() []string {
+
+	switch rc.Type {
+	case "NS", "SRV", "CNAME", "MX", "ALIAS", "AZURE_ALIAS", "R53_ALIAS":
+		return []string{
+			rc.target,
+		}
+	}
+
+	return []string{}
+}
+
 // RecordKey represents a resource record in a format used by some systems.
 type RecordKey struct {
 	NameFQDN string
@@ -554,6 +567,16 @@ func (recs Records) GroupedByFQDN() ([]string, map[string]Records) {
 	return order, groups
 }
 
+// GetAllDependencies concatinates all dependencies of all records
+func (recs Records) GetAllDependencies() []string {
+	var dependencies []string
+	for _, rec := range recs {
+		dependencies = append(dependencies, rec.GetDependencies()...)
+	}
+
+	return dependencies
+}
+
 // PostProcessRecords does any post-processing of the downloaded DNS records.
 // Deprecated. zonerecords.CorrectZoneRecords() calls Downcase directly.
 func PostProcessRecords(recs []*RecordConfig) {
@@ -587,19 +610,21 @@ func Downcase(recs []*RecordConfig) {
 
 // CanonicalizeTargets turns Targets into FQDNs
 func CanonicalizeTargets(recs []*RecordConfig, origin string) {
+	originFQDN := origin + "."
+
 	for _, r := range recs {
 		switch r.Type { // #rtype_variations
 		case "AKAMAICDN", "ANAME", "CNAME", "DS", "MX", "NS", "NAPTR", "PTR", "SRV":
 			// Target is a hostname that might be a shortname. Turn it into a FQDN.
-			r.target = dnsutil.AddOrigin(r.target, origin)
+			r.target = dnsutil.AddOrigin(r.target, originFQDN)
 		case "A", "ALIAS", "CAA", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "IMPORT_TRANSFORM", "LOC", "SSHFP", "TLSA", "TXT":
 			// Do nothing.
 		case "SOA":
 			if r.target != "DEFAULT_NOT_SET." {
-				r.target = dnsutil.AddOrigin(r.target, origin) // .target stores the Ns
+				r.target = dnsutil.AddOrigin(r.target, originFQDN) // .target stores the Ns
 			}
 			if r.SoaMbox != "DEFAULT_NOT_SET." {
-				r.SoaMbox = dnsutil.AddOrigin(r.SoaMbox, origin)
+				r.SoaMbox = dnsutil.AddOrigin(r.SoaMbox, originFQDN)
 			}
 		default:
 			// TODO: we'd like to panic here, but custom record types complicate things.
diff --git a/pkg/diff2/analyze.go b/pkg/diff2/analyze.go
index fd55d32d0..e0ebf8114 100644
--- a/pkg/diff2/analyze.go
+++ b/pkg/diff2/analyze.go
@@ -32,6 +32,9 @@ func analyzeByRecordSet(cc *CompareConfig) ChangeList {
 			}
 		}
 	}
+
+	instructions = orderByDependencies(instructions)
+
 	return instructions
 }
 
@@ -74,6 +77,8 @@ func analyzeByLabel(cc *CompareConfig) ChangeList {
 		}
 	}
 
+	instructions = orderByDependencies(instructions)
+
 	return instructions
 }
 
@@ -89,6 +94,9 @@ func analyzeByRecord(cc *CompareConfig) ChangeList {
 			instructions = append(instructions, cs...)
 		}
 	}
+
+	instructions = orderByDependencies(instructions)
+
 	return instructions
 }
 
diff --git a/pkg/diff2/analyze_test.go b/pkg/diff2/analyze_test.go
index 809390448..898735b3e 100644
--- a/pkg/diff2/analyze_test.go
+++ b/pkg/diff2/analyze_test.go
@@ -18,40 +18,42 @@ func init() {
 	color.NoColor = true
 }
 
-var testDataAA1234 = makeRec("laba", "A", "1.2.3.4")               //      [0]
+var testDataAA1234 = makeRec("laba", "A", "1.2.3.4")               // [ 0]
 var testDataAA5678 = makeRec("laba", "A", "5.6.7.8")               //
 var testDataAA1234ttl700 = makeRecTTL("laba", "A", "1.2.3.4", 700) //
 var testDataAA5678ttl700 = makeRecTTL("laba", "A", "5.6.7.8", 700) //
-var testDataAMX10a = makeRec("laba", "MX", "10 laba")              //     [1]
-var testDataCCa = makeRec("labc", "CNAME", "laba")                 //     [2]
-var testDataEA15 = makeRec("labe", "A", "10.10.10.15")             //  [3]
-var e4 = makeRec("labe", "A", "10.10.10.16")                       //  [4]
-var e5 = makeRec("labe", "A", "10.10.10.17")                       //  [5]
-var e6 = makeRec("labe", "A", "10.10.10.18")                       //  [6]
-var e7 = makeRec("labg", "NS", "10.10.10.15")                      // [7]
-var e8 = makeRec("labg", "NS", "10.10.10.16")                      // [8]
-var e9 = makeRec("labg", "NS", "10.10.10.17")                      // [9]
-var e10 = makeRec("labg", "NS", "10.10.10.18")                     // [10]
-var e11mx = makeRec("labh", "MX", "22 ttt")                        //     [11]
-var e11 = makeRec("labh", "CNAME", "labd")                         //     [11]
+var testDataAMX10a = makeRec("laba", "MX", "10 laba")              // [ 1]
+var testDataCCa = makeRec("labc", "CNAME", "laba")                 // [ 2]
+var testDataEA15 = makeRec("labe", "A", "10.10.10.15")             // [ 3]
+var e4 = makeRec("labe", "A", "10.10.10.16")                       // [ 4]
+var e5 = makeRec("labe", "A", "10.10.10.17")                       // [ 5]
+var e6 = makeRec("labe", "A", "10.10.10.18")                       // [ 6]
+var e7 = makeRec("labg", "NS", "laba")                             // [ 7]
+var e8 = makeRec("labg", "NS", "labb")                             // [ 8]
+var e9 = makeRec("labg", "NS", "labc")                             // [ 9]
+var e10 = makeRec("labg", "NS", "labe")                            // [10]
+var e11mx = makeRec("labh", "MX", "22 ttt")                        // [11]
+var e11 = makeRec("labh", "CNAME", "labd")                         // [11]
 var testDataApexMX1aaa = makeRec("", "MX", "1 aaa")
 
-var testDataAA1234clone = makeRec("laba", "A", "1.2.3.4") //      [0']
-var testDataAA12345 = makeRec("laba", "A", "1.2.3.5")     //      [1']
-var testDataAMX20b = makeRec("laba", "MX", "20 labb")     //     [2']
-var d3 = makeRec("labe", "A", "10.10.10.95")              //  [3']
-var d4 = makeRec("labe", "A", "10.10.10.96")              //  [4']
-var d5 = makeRec("labe", "A", "10.10.10.97")              //  [5']
-var d6 = makeRec("labe", "A", "10.10.10.98")              //  [6']
-var d7 = makeRec("labf", "TXT", "foo")                    //      [7']
-var d8 = makeRec("labg", "NS", "10.10.10.10")             // [8']
-var d9 = makeRec("labg", "NS", "10.10.10.15")             // [9']
-var d10 = makeRec("labg", "NS", "10.10.10.16")            // [10']
-var d11 = makeRec("labg", "NS", "10.10.10.97")            // [11']
-var d12 = makeRec("labh", "A", "1.2.3.4")                 //      [12']
+var testDataAA1234clone = makeRec("laba", "A", "1.2.3.4") // [ 0']
+var testDataAA12345 = makeRec("laba", "A", "1.2.3.5")     // [ 1']
+var testDataAMX20b = makeRec("laba", "MX", "20 labb")     // [ 2']
+var d3 = makeRec("labe", "A", "10.10.10.95")              // [ 3']
+var d4 = makeRec("labe", "A", "10.10.10.96")              // [ 4']
+var d5 = makeRec("labe", "A", "10.10.10.97")              // [ 5']
+var d6 = makeRec("labe", "A", "10.10.10.98")              // [ 6']
+var d7 = makeRec("labf", "TXT", "foo")                    // [ 7']
+var d8 = makeRec("labg", "NS", "labf")                    // [ 8']
+var d9 = makeRec("labg", "NS", "laba")                    // [ 9']
+var d10 = makeRec("labg", "NS", "labe")                   // [10']
+var d11 = makeRec("labg", "NS", "labb")                   // [11']
+var d12 = makeRec("labh", "A", "1.2.3.4")                 // [12']
+var d13 = makeRec("labc", "CNAME", "labe")                // [13']
 var testDataApexMX22bbb = makeRec("", "MX", "22 bbb")
 
-func compareMsgs(t *testing.T, fnname, testname, testpart string, gotcc ChangeList, wantstring string) {
+func compareMsgs(t *testing.T, fnname, testname, testpart string, gotcc ChangeList, wantstring string, wantstringdefault string) {
+	wantstring = coalesce(wantstring, wantstringdefault)
 	t.Helper()
 	gs := strings.TrimSpace(justMsgString(gotcc))
 	ws := strings.TrimSpace(wantstring)
@@ -80,16 +82,17 @@ func Test_analyzeByRecordSet(t *testing.T) {
 	}
 
 	origin := "f.com"
-	existingSample := models.Records{testDataAA1234, testDataAMX10a, testDataCCa, testDataEA15, e4, e5, e6, e7, e8, e9, e10, e11}
-	desiredSample := models.Records{testDataAA1234clone, testDataAA12345, testDataAMX20b, d3, d4, d5, d6, d7, d8, d9, d10, d11, d12}
 
 	tests := []struct {
 		name            string
 		args            args
 		wantMsgs        string
 		wantChangeRSet  string
+		wantMsgsRSet    string
 		wantChangeLabel string
+		wantMsgsLabel   string
 		wantChangeRec   string
+		wantMsgsRec     string
 		wantChangeZone  string
 	}{
 
@@ -113,30 +116,30 @@ func Test_analyzeByRecordSet(t *testing.T) {
 				existing: models.Records{testDataAA1234, testDataAMX10a},
 				desired:  models.Records{testDataAA1234clone, testDataAMX20b},
 			},
-			wantMsgs: "± MODIFY laba.f.com MX (10 laba ttl=300) -> (20 labb ttl=300)",
+			wantMsgs: "± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)",
 			wantChangeRSet: `
 ChangeList: len=1
 00: Change: verb=CHANGE
     key={laba.f.com MX}
-    old=[10 laba]
-    new=[20 labb]
-    msg=["± MODIFY laba.f.com MX (10 laba ttl=300) -> (20 labb ttl=300)"]
+    old=[10 laba.f.com.]
+    new=[20 labb.f.com.]
+    msg=["± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)"]
 `,
 			wantChangeLabel: `
 ChangeList: len=1
 00: Change: verb=CHANGE
     key={laba.f.com }
-    old=[1.2.3.4 10 laba]
-    new=[1.2.3.4 20 labb]
-    msg=["± MODIFY laba.f.com MX (10 laba ttl=300) -> (20 labb ttl=300)"]
+    old=[1.2.3.4 10 laba.f.com.]
+    new=[1.2.3.4 20 labb.f.com.]
+    msg=["± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)"]
 `,
 			wantChangeRec: `
 ChangeList: len=1
 00: Change: verb=CHANGE
     key={laba.f.com MX}
-    old=[10 laba]
-    new=[20 labb]
-    msg=["± MODIFY laba.f.com MX (10 laba ttl=300) -> (20 labb ttl=300)"]
+    old=[10 laba.f.com.]
+    new=[20 labb.f.com.]
+    msg=["± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)"]
 `,
 		},
 
@@ -147,30 +150,30 @@ ChangeList: len=1
 				existing: models.Records{testDataAA1234, testDataApexMX1aaa},
 				desired:  models.Records{testDataAA1234clone, testDataApexMX22bbb},
 			},
-			wantMsgs: "± MODIFY f.com MX (1 aaa ttl=300) -> (22 bbb ttl=300)",
+			wantMsgs: "± MODIFY f.com MX (1 aaa.f.com. ttl=300) -> (22 bbb.f.com. ttl=300)",
 			wantChangeRSet: `
 ChangeList: len=1
 00: Change: verb=CHANGE
     key={f.com MX}
-    old=[1 aaa]
-    new=[22 bbb]
-    msg=["± MODIFY f.com MX (1 aaa ttl=300) -> (22 bbb ttl=300)"]
+    old=[1 aaa.f.com.]
+    new=[22 bbb.f.com.]
+    msg=["± MODIFY f.com MX (1 aaa.f.com. ttl=300) -> (22 bbb.f.com. ttl=300)"]
 `,
 			wantChangeLabel: `
 ChangeList: len=1
 00: Change: verb=CHANGE
     key={f.com }
-    old=[1 aaa]
-    new=[22 bbb]
-    msg=["± MODIFY f.com MX (1 aaa ttl=300) -> (22 bbb ttl=300)"]
+    old=[1 aaa.f.com.]
+    new=[22 bbb.f.com.]
+    msg=["± MODIFY f.com MX (1 aaa.f.com. ttl=300) -> (22 bbb.f.com. ttl=300)"]
 `,
 			wantChangeRec: `
 ChangeList: len=1
 00: Change: verb=CHANGE
     key={f.com MX}
-    old=[1 aaa]
-    new=[22 bbb]
-    msg=["± MODIFY f.com MX (1 aaa ttl=300) -> (22 bbb ttl=300)"]
+    old=[1 aaa.f.com.]
+    new=[22 bbb.f.com.]
+    msg=["± MODIFY f.com MX (1 aaa.f.com. ttl=300) -> (22 bbb.f.com. ttl=300)"]
 `,
 		},
 
@@ -182,41 +185,107 @@ ChangeList: len=1
 				desired:  models.Records{testDataAA1234clone, testDataAA12345, testDataAMX20b},
 			},
 			wantMsgs: `
+± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)
 + CREATE laba.f.com A 1.2.3.5 ttl=300
-± MODIFY laba.f.com MX (10 laba ttl=300) -> (20 labb ttl=300)
-		`,
+`,
+			wantMsgsLabel: `
++ CREATE laba.f.com A 1.2.3.5 ttl=300
+± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)
+`,
 			wantChangeRSet: `
 ChangeList: len=2
 00: Change: verb=CHANGE
+    key={laba.f.com MX}
+    old=[10 laba.f.com.]
+    new=[20 labb.f.com.]
+    msg=["± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)"]
+01: Change: verb=CHANGE
     key={laba.f.com A}
     old=[1.2.3.4]
     new=[1.2.3.4 1.2.3.5]
     msg=["+ CREATE laba.f.com A 1.2.3.5 ttl=300"]
-01: Change: verb=CHANGE
-    key={laba.f.com MX}
-    old=[10 laba]
-    new=[20 labb]
-    msg=["± MODIFY laba.f.com MX (10 laba ttl=300) -> (20 labb ttl=300)"]
-		`,
+`,
 			wantChangeLabel: `
 ChangeList: len=1
 00: Change: verb=CHANGE
     key={laba.f.com }
-    old=[1.2.3.4 10 laba]
-    new=[1.2.3.4 1.2.3.5 20 labb]
-    msg=["+ CREATE laba.f.com A 1.2.3.5 ttl=300" "± MODIFY laba.f.com MX (10 laba ttl=300) -> (20 labb ttl=300)"]
+    old=[1.2.3.4 10 laba.f.com.]
+    new=[1.2.3.4 1.2.3.5 20 labb.f.com.]
+    msg=["+ CREATE laba.f.com A 1.2.3.5 ttl=300" "± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)"]
 		`,
 			wantChangeRec: `
 ChangeList: len=2
-00: Change: verb=CREATE
+00: Change: verb=CHANGE
+    key={laba.f.com MX}
+    old=[10 laba.f.com.]
+    new=[20 labb.f.com.]
+    msg=["± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)"]
+01: Change: verb=CREATE
     key={laba.f.com A}
     new=[1.2.3.5]
     msg=["+ CREATE laba.f.com A 1.2.3.5 ttl=300"]
+`,
+		},
+
+		{
+			name: "order forward and backward dependent records",
+			args: args{
+				origin:   origin,
+				existing: models.Records{testDataAA1234, testDataCCa},
+				desired:  models.Records{d13, d3},
+			},
+			wantMsgs: `
++ CREATE labe.f.com A 10.10.10.95 ttl=300
+± MODIFY labc.f.com CNAME (laba.f.com. ttl=300) -> (labe.f.com. ttl=300)
+- DELETE laba.f.com A 1.2.3.4 ttl=300
+		`,
+			wantChangeRSet: `
+ChangeList: len=3
+00: Change: verb=CREATE
+    key={labe.f.com A}
+    new=[10.10.10.95]
+    msg=["+ CREATE labe.f.com A 10.10.10.95 ttl=300"]
 01: Change: verb=CHANGE
-    key={laba.f.com MX}
-    old=[10 laba]
-    new=[20 labb]
-    msg=["± MODIFY laba.f.com MX (10 laba ttl=300) -> (20 labb ttl=300)"]
+    key={labc.f.com CNAME}
+    old=[laba.f.com.]
+    new=[labe.f.com.]
+    msg=["± MODIFY labc.f.com CNAME (laba.f.com. ttl=300) -> (labe.f.com. ttl=300)"]
+02: Change: verb=DELETE
+    key={laba.f.com A}
+    old=[1.2.3.4]
+    msg=["- DELETE laba.f.com A 1.2.3.4 ttl=300"]
+		`,
+			wantChangeLabel: `
+ChangeList: len=3
+00: Change: verb=CREATE
+    key={labe.f.com }
+    new=[10.10.10.95]
+    msg=["+ CREATE labe.f.com A 10.10.10.95 ttl=300"]
+01: Change: verb=CHANGE
+    key={labc.f.com }
+    old=[laba.f.com.]
+    new=[labe.f.com.]
+    msg=["± MODIFY labc.f.com CNAME (laba.f.com. ttl=300) -> (labe.f.com. ttl=300)"]
+02: Change: verb=DELETE
+    key={laba.f.com }
+    old=[1.2.3.4]
+    msg=["- DELETE laba.f.com A 1.2.3.4 ttl=300"]
+`,
+			wantChangeRec: `
+ChangeList: len=3
+00: Change: verb=CREATE
+    key={labe.f.com A}
+    new=[10.10.10.95]
+    msg=["+ CREATE labe.f.com A 10.10.10.95 ttl=300"]
+01: Change: verb=CHANGE
+    key={labc.f.com CNAME}
+    old=[laba.f.com.]
+    new=[labe.f.com.]
+    msg=["± MODIFY labc.f.com CNAME (laba.f.com. ttl=300) -> (labe.f.com. ttl=300)"]
+02: Change: verb=DELETE
+    key={laba.f.com A}
+    old=[1.2.3.4]
+    msg=["- DELETE laba.f.com A 1.2.3.4 ttl=300"]
 `,
 		},
 
@@ -224,154 +293,176 @@ ChangeList: len=2
 			name: "big",
 			args: args{
 				origin:   origin,
-				existing: existingSample,
-				desired:  desiredSample,
+				existing: models.Records{testDataAA1234, testDataAMX10a, testDataCCa, testDataEA15, e4, e5, e6, e7, e8, e9, e10, e11},
+				desired:  models.Records{testDataAA1234clone, testDataAA12345, testDataAMX20b, d3, d4, d5, d6, d7, d8, d9, d10, d11, d12},
 			},
 			wantMsgs: `
++ CREATE labf.f.com TXT "foo" ttl=300
+± MODIFY labg.f.com NS (labc.f.com. ttl=300) -> (labf.f.com. ttl=300)
+- DELETE labh.f.com CNAME labd.f.com. ttl=300
++ CREATE labh.f.com A 1.2.3.4 ttl=300
+- DELETE labc.f.com CNAME laba.f.com. ttl=300
+± MODIFY labe.f.com A (10.10.10.15 ttl=300) -> (10.10.10.95 ttl=300)
+± MODIFY labe.f.com A (10.10.10.16 ttl=300) -> (10.10.10.96 ttl=300)
+± MODIFY labe.f.com A (10.10.10.17 ttl=300) -> (10.10.10.97 ttl=300)
+± MODIFY labe.f.com A (10.10.10.18 ttl=300) -> (10.10.10.98 ttl=300)
+± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)
 + CREATE laba.f.com A 1.2.3.5 ttl=300
-± MODIFY laba.f.com MX (10 laba ttl=300) -> (20 labb ttl=300)
-- DELETE labc.f.com CNAME laba ttl=300
+		`,
+			wantChangeRSet: `
+ChangeList: len=8
+00: Change: verb=CREATE
+    key={labf.f.com TXT}
+    new=["foo"]
+    msg=["+ CREATE labf.f.com TXT \"foo\" ttl=300"]
+01: Change: verb=CHANGE
+    key={labg.f.com NS}
+    old=[laba.f.com. labb.f.com. labc.f.com. labe.f.com.]
+    new=[laba.f.com. labb.f.com. labe.f.com. labf.f.com.]
+    msg=["± MODIFY labg.f.com NS (labc.f.com. ttl=300) -> (labf.f.com. ttl=300)"]
+02: Change: verb=DELETE
+    key={labh.f.com CNAME}
+    old=[labd.f.com.]
+    msg=["- DELETE labh.f.com CNAME labd.f.com. ttl=300"]
+03: Change: verb=CREATE
+    key={labh.f.com A}
+    new=[1.2.3.4]
+    msg=["+ CREATE labh.f.com A 1.2.3.4 ttl=300"]
+04: Change: verb=DELETE
+    key={labc.f.com CNAME}
+    old=[laba.f.com.]
+    msg=["- DELETE labc.f.com CNAME laba.f.com. ttl=300"]
+05: Change: verb=CHANGE
+    key={labe.f.com A}
+    old=[10.10.10.15 10.10.10.16 10.10.10.17 10.10.10.18]
+    new=[10.10.10.95 10.10.10.96 10.10.10.97 10.10.10.98]
+    msg=["± MODIFY labe.f.com A (10.10.10.15 ttl=300) -> (10.10.10.95 ttl=300)" "± MODIFY labe.f.com A (10.10.10.16 ttl=300) -> (10.10.10.96 ttl=300)" "± MODIFY labe.f.com A (10.10.10.17 ttl=300) -> (10.10.10.97 ttl=300)" "± MODIFY labe.f.com A (10.10.10.18 ttl=300) -> (10.10.10.98 ttl=300)"]
+06: Change: verb=CHANGE
+    key={laba.f.com MX}
+    old=[10 laba.f.com.]
+    new=[20 labb.f.com.]
+    msg=["± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)"]
+07: Change: verb=CHANGE
+    key={laba.f.com A}
+    old=[1.2.3.4]
+    new=[1.2.3.4 1.2.3.5]
+    msg=["+ CREATE laba.f.com A 1.2.3.5 ttl=300"]
+	`,
+			wantMsgsLabel: `
++ CREATE labf.f.com TXT "foo" ttl=300
+± MODIFY labg.f.com NS (labc.f.com. ttl=300) -> (labf.f.com. ttl=300)
+- DELETE labh.f.com CNAME labd.f.com. ttl=300
++ CREATE labh.f.com A 1.2.3.4 ttl=300
+- DELETE labc.f.com CNAME laba.f.com. ttl=300
+± MODIFY labe.f.com A (10.10.10.15 ttl=300) -> (10.10.10.95 ttl=300)
+± MODIFY labe.f.com A (10.10.10.16 ttl=300) -> (10.10.10.96 ttl=300)
+± MODIFY labe.f.com A (10.10.10.17 ttl=300) -> (10.10.10.97 ttl=300)
+± MODIFY labe.f.com A (10.10.10.18 ttl=300) -> (10.10.10.98 ttl=300)
++ CREATE laba.f.com A 1.2.3.5 ttl=300
+± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)
+			`,
+			wantChangeLabel: `
+ChangeList: len=6
+00: Change: verb=CREATE
+    key={labf.f.com }
+    new=["foo"]
+    msg=["+ CREATE labf.f.com TXT \"foo\" ttl=300"]
+01: Change: verb=CHANGE
+    key={labg.f.com }
+    old=[laba.f.com. labb.f.com. labc.f.com. labe.f.com.]
+    new=[laba.f.com. labb.f.com. labe.f.com. labf.f.com.]
+    msg=["± MODIFY labg.f.com NS (labc.f.com. ttl=300) -> (labf.f.com. ttl=300)"]
+02: Change: verb=CHANGE
+    key={labh.f.com }
+    old=[labd.f.com.]
+    new=[1.2.3.4]
+    msg=["- DELETE labh.f.com CNAME labd.f.com. ttl=300" "+ CREATE labh.f.com A 1.2.3.4 ttl=300"]
+03: Change: verb=DELETE
+    key={labc.f.com }
+    old=[laba.f.com.]
+    msg=["- DELETE labc.f.com CNAME laba.f.com. ttl=300"]
+04: Change: verb=CHANGE
+    key={labe.f.com }
+    old=[10.10.10.15 10.10.10.16 10.10.10.17 10.10.10.18]
+    new=[10.10.10.95 10.10.10.96 10.10.10.97 10.10.10.98]
+    msg=["± MODIFY labe.f.com A (10.10.10.15 ttl=300) -> (10.10.10.95 ttl=300)" "± MODIFY labe.f.com A (10.10.10.16 ttl=300) -> (10.10.10.96 ttl=300)" "± MODIFY labe.f.com A (10.10.10.17 ttl=300) -> (10.10.10.97 ttl=300)" "± MODIFY labe.f.com A (10.10.10.18 ttl=300) -> (10.10.10.98 ttl=300)"]
+05: Change: verb=CHANGE
+    key={laba.f.com }
+    old=[1.2.3.4 10 laba.f.com.]
+    new=[1.2.3.4 1.2.3.5 20 labb.f.com.]
+    msg=["+ CREATE laba.f.com A 1.2.3.5 ttl=300" "± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)"]
+        `,
+			wantMsgsRec: `
 ± MODIFY labe.f.com A (10.10.10.15 ttl=300) -> (10.10.10.95 ttl=300)
 ± MODIFY labe.f.com A (10.10.10.16 ttl=300) -> (10.10.10.96 ttl=300)
 ± MODIFY labe.f.com A (10.10.10.17 ttl=300) -> (10.10.10.97 ttl=300)
 ± MODIFY labe.f.com A (10.10.10.18 ttl=300) -> (10.10.10.98 ttl=300)
 + CREATE labf.f.com TXT "foo" ttl=300
-± MODIFY labg.f.com NS (10.10.10.17 ttl=300) -> (10.10.10.10 ttl=300)
-± MODIFY labg.f.com NS (10.10.10.18 ttl=300) -> (10.10.10.97 ttl=300)
-- DELETE labh.f.com CNAME labd ttl=300
+± MODIFY labg.f.com NS (labc.f.com. ttl=300) -> (labf.f.com. ttl=300)
+- DELETE labh.f.com CNAME labd.f.com. ttl=300
 + CREATE labh.f.com A 1.2.3.4 ttl=300
+- DELETE labc.f.com CNAME laba.f.com. ttl=300
+± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)
++ CREATE laba.f.com A 1.2.3.5 ttl=300
 		`,
-			wantChangeRSet: `
-ChangeList: len=8
+			wantChangeRec: `
+ChangeList: len=11
 00: Change: verb=CHANGE
-    key={laba.f.com A}
-    old=[1.2.3.4]
-    new=[1.2.3.4 1.2.3.5]
-    msg=["+ CREATE laba.f.com A 1.2.3.5 ttl=300"]
+    key={labe.f.com A}
+    old=[10.10.10.15]
+    new=[10.10.10.95]
+    msg=["± MODIFY labe.f.com A (10.10.10.15 ttl=300) -> (10.10.10.95 ttl=300)"]
 01: Change: verb=CHANGE
-    key={laba.f.com MX}
-    old=[10 laba]
-    new=[20 labb]
-    msg=["± MODIFY laba.f.com MX (10 laba ttl=300) -> (20 labb ttl=300)"]
-02: Change: verb=DELETE
-    key={labc.f.com CNAME}
-    old=[laba]
-    msg=["- DELETE labc.f.com CNAME laba ttl=300"]
+    key={labe.f.com A}
+    old=[10.10.10.16]
+    new=[10.10.10.96]
+    msg=["± MODIFY labe.f.com A (10.10.10.16 ttl=300) -> (10.10.10.96 ttl=300)"]
+02: Change: verb=CHANGE
+    key={labe.f.com A}
+    old=[10.10.10.17]
+    new=[10.10.10.97]
+    msg=["± MODIFY labe.f.com A (10.10.10.17 ttl=300) -> (10.10.10.97 ttl=300)"]
 03: Change: verb=CHANGE
     key={labe.f.com A}
-    old=[10.10.10.15 10.10.10.16 10.10.10.17 10.10.10.18]
-    new=[10.10.10.95 10.10.10.96 10.10.10.97 10.10.10.98]
-    msg=["± MODIFY labe.f.com A (10.10.10.15 ttl=300) -> (10.10.10.95 ttl=300)" "± MODIFY labe.f.com A (10.10.10.16 ttl=300) -> (10.10.10.96 ttl=300)" "± MODIFY labe.f.com A (10.10.10.17 ttl=300) -> (10.10.10.97 ttl=300)" "± MODIFY labe.f.com A (10.10.10.18 ttl=300) -> (10.10.10.98 ttl=300)"]
+    old=[10.10.10.18]
+    new=[10.10.10.98]
+    msg=["± MODIFY labe.f.com A (10.10.10.18 ttl=300) -> (10.10.10.98 ttl=300)"]
 04: Change: verb=CREATE
     key={labf.f.com TXT}
     new=["foo"]
     msg=["+ CREATE labf.f.com TXT \"foo\" ttl=300"]
 05: Change: verb=CHANGE
     key={labg.f.com NS}
-    old=[10.10.10.15 10.10.10.16 10.10.10.17 10.10.10.18]
-    new=[10.10.10.10 10.10.10.15 10.10.10.16 10.10.10.97]
-    msg=["± MODIFY labg.f.com NS (10.10.10.17 ttl=300) -> (10.10.10.10 ttl=300)" "± MODIFY labg.f.com NS (10.10.10.18 ttl=300) -> (10.10.10.97 ttl=300)"]
+    old=[labc.f.com.]
+    new=[labf.f.com.]
+    msg=["± MODIFY labg.f.com NS (labc.f.com. ttl=300) -> (labf.f.com. ttl=300)"]
 06: Change: verb=DELETE
     key={labh.f.com CNAME}
-    old=[labd]
-    msg=["- DELETE labh.f.com CNAME labd ttl=300"]
+    old=[labd.f.com.]
+    msg=["- DELETE labh.f.com CNAME labd.f.com. ttl=300"]
 07: Change: verb=CREATE
     key={labh.f.com A}
     new=[1.2.3.4]
     msg=["+ CREATE labh.f.com A 1.2.3.4 ttl=300"]
-		`,
-			wantChangeLabel: `
-ChangeList: len=6
-00: Change: verb=CHANGE
-    key={laba.f.com }
-    old=[1.2.3.4 10 laba]
-    new=[1.2.3.4 1.2.3.5 20 labb]
-    msg=["+ CREATE laba.f.com A 1.2.3.5 ttl=300" "± MODIFY laba.f.com MX (10 laba ttl=300) -> (20 labb ttl=300)"]
-01: Change: verb=DELETE
-    key={labc.f.com }
-    old=[laba]
-    msg=["- DELETE labc.f.com CNAME laba ttl=300"]
-02: Change: verb=CHANGE
-    key={labe.f.com }
-    old=[10.10.10.15 10.10.10.16 10.10.10.17 10.10.10.18]
-    new=[10.10.10.95 10.10.10.96 10.10.10.97 10.10.10.98]
-    msg=["± MODIFY labe.f.com A (10.10.10.15 ttl=300) -> (10.10.10.95 ttl=300)" "± MODIFY labe.f.com A (10.10.10.16 ttl=300) -> (10.10.10.96 ttl=300)" "± MODIFY labe.f.com A (10.10.10.17 ttl=300) -> (10.10.10.97 ttl=300)" "± MODIFY labe.f.com A (10.10.10.18 ttl=300) -> (10.10.10.98 ttl=300)"]
-03: Change: verb=CREATE
-    key={labf.f.com }
-    new=["foo"]
-    msg=["+ CREATE labf.f.com TXT \"foo\" ttl=300"]
-04: Change: verb=CHANGE
-    key={labg.f.com }
-    old=[10.10.10.15 10.10.10.16 10.10.10.17 10.10.10.18]
-    new=[10.10.10.10 10.10.10.15 10.10.10.16 10.10.10.97]
-    msg=["± MODIFY labg.f.com NS (10.10.10.17 ttl=300) -> (10.10.10.10 ttl=300)" "± MODIFY labg.f.com NS (10.10.10.18 ttl=300) -> (10.10.10.97 ttl=300)"]
-05: Change: verb=CHANGE
-    key={labh.f.com }
-    old=[labd]
-    new=[1.2.3.4]
-    msg=["- DELETE labh.f.com CNAME labd ttl=300" "+ CREATE labh.f.com A 1.2.3.4 ttl=300"]
-		`,
-			wantChangeRec: `
-ChangeList: len=12
-00: Change: verb=CREATE
+08: Change: verb=DELETE
+    key={labc.f.com CNAME}
+    old=[laba.f.com.]
+    msg=["- DELETE labc.f.com CNAME laba.f.com. ttl=300"]
+09: Change: verb=CHANGE
+    key={laba.f.com MX}
+    old=[10 laba.f.com.]
+    new=[20 labb.f.com.]
+    msg=["± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)"]
+10: Change: verb=CREATE
     key={laba.f.com A}
     new=[1.2.3.5]
     msg=["+ CREATE laba.f.com A 1.2.3.5 ttl=300"]
-01: Change: verb=CHANGE
-    key={laba.f.com MX}
-    old=[10 laba]
-    new=[20 labb]
-    msg=["± MODIFY laba.f.com MX (10 laba ttl=300) -> (20 labb ttl=300)"]
-02: Change: verb=DELETE
-    key={labc.f.com CNAME}
-    old=[laba]
-    msg=["- DELETE labc.f.com CNAME laba ttl=300"]
-03: Change: verb=CHANGE
-    key={labe.f.com A}
-    old=[10.10.10.15]
-    new=[10.10.10.95]
-    msg=["± MODIFY labe.f.com A (10.10.10.15 ttl=300) -> (10.10.10.95 ttl=300)"]
-04: Change: verb=CHANGE
-    key={labe.f.com A}
-    old=[10.10.10.16]
-    new=[10.10.10.96]
-    msg=["± MODIFY labe.f.com A (10.10.10.16 ttl=300) -> (10.10.10.96 ttl=300)"]
-05: Change: verb=CHANGE
-    key={labe.f.com A}
-    old=[10.10.10.17]
-    new=[10.10.10.97]
-    msg=["± MODIFY labe.f.com A (10.10.10.17 ttl=300) -> (10.10.10.97 ttl=300)"]
-06: Change: verb=CHANGE
-    key={labe.f.com A}
-    old=[10.10.10.18]
-    new=[10.10.10.98]
-    msg=["± MODIFY labe.f.com A (10.10.10.18 ttl=300) -> (10.10.10.98 ttl=300)"]
-07: Change: verb=CREATE
-    key={labf.f.com TXT}
-    new=["foo"]
-    msg=["+ CREATE labf.f.com TXT \"foo\" ttl=300"]
-08: Change: verb=CHANGE
-    key={labg.f.com NS}
-    old=[10.10.10.17]
-    new=[10.10.10.10]
-    msg=["± MODIFY labg.f.com NS (10.10.10.17 ttl=300) -> (10.10.10.10 ttl=300)"]
-09: Change: verb=CHANGE
-    key={labg.f.com NS}
-    old=[10.10.10.18]
-    new=[10.10.10.97]
-    msg=["± MODIFY labg.f.com NS (10.10.10.18 ttl=300) -> (10.10.10.97 ttl=300)"]
-10: Change: verb=DELETE
-    key={labh.f.com CNAME}
-    old=[labd]
-    msg=["- DELETE labh.f.com CNAME labd ttl=300"]
-11: Change: verb=CREATE
-    key={labh.f.com A}
-    new=[1.2.3.4]
-    msg=["+ CREATE labh.f.com A 1.2.3.4 ttl=300"]
 `,
 		},
 	}
 	for _, tt := range tests {
+		models.CanonicalizeTargets(tt.args.existing, tt.args.origin)
+		models.CanonicalizeTargets(tt.args.desired, tt.args.origin)
 
 		// Each "analyze*()" should return the same msgs, but a different ChangeList.
 		// Sadly the analyze*() functions are destructive to the CompareConfig struct.
@@ -379,19 +470,19 @@ ChangeList: len=12
 
 		t.Run(tt.name, func(t *testing.T) {
 			cl := analyzeByRecordSet(NewCompareConfig(tt.args.origin, tt.args.existing, tt.args.desired, tt.args.compFn))
-			compareMsgs(t, "analyzeByRecordSet", tt.name, "RSet", cl, tt.wantMsgs)
+			compareMsgs(t, "analyzeByRecordSet", tt.name, "RSet", cl, tt.wantMsgsRSet, tt.wantMsgs)
 			compareCL(t, "analyzeByRecordSet", tt.name, "RSet", cl, tt.wantChangeRSet)
 		})
 
 		t.Run(tt.name, func(t *testing.T) {
 			cl := analyzeByLabel(NewCompareConfig(tt.args.origin, tt.args.existing, tt.args.desired, tt.args.compFn))
-			compareMsgs(t, "analyzeByLabel", tt.name, "Label", cl, tt.wantMsgs)
+			compareMsgs(t, "analyzeByLabel", tt.name, "Label", cl, tt.wantMsgsLabel, tt.wantMsgs)
 			compareCL(t, "analyzeByLabel", tt.name, "Label", cl, tt.wantChangeLabel)
 		})
 
 		t.Run(tt.name, func(t *testing.T) {
 			cl := analyzeByRecord(NewCompareConfig(tt.args.origin, tt.args.existing, tt.args.desired, tt.args.compFn))
-			compareMsgs(t, "analyzeByRecord", tt.name, "Rec", cl, tt.wantMsgs)
+			compareMsgs(t, "analyzeByRecord", tt.name, "Rec", cl, tt.wantMsgsRec, tt.wantMsgs)
 			compareCL(t, "analyzeByRecord", tt.name, "Rec", cl, tt.wantChangeRec)
 		})
 
@@ -400,8 +491,17 @@ ChangeList: len=12
 	}
 }
 
+func coalesce(a string, b string) string {
+	if a != "" {
+		return a
+	}
+	return b
+}
+
 func mkTargetConfig(x ...*models.RecordConfig) []targetConfig {
 	var tc []targetConfig
+
+	models.CanonicalizeTargets(x, "f.com")
 	for _, r := range x {
 		ct, cf := mkCompareBlobs(r, nil)
 		tc = append(tc, targetConfig{
@@ -469,8 +569,8 @@ func Test_diffTargets(t *testing.T) {
 			want: ChangeList{
 				Change{Type: CREATE,
 					Key:  models.RecordKey{NameFQDN: "laba.f.com", Type: "MX"},
-					New:  models.Records{testDataAMX10a},
-					Msgs: []string{"+ CREATE laba.f.com MX 10 laba ttl=300"},
+					New:  models.Records{makeRec("laba", "MX", "10 laba.f.com.")},
+					Msgs: []string{"+ CREATE laba.f.com MX 10 laba.f.com. ttl=300"},
 				},
 			},
 		},
@@ -484,8 +584,8 @@ func Test_diffTargets(t *testing.T) {
 			want: ChangeList{
 				Change{Type: DELETE,
 					Key:  models.RecordKey{NameFQDN: "laba.f.com", Type: "MX"},
-					Old:  models.Records{testDataAMX10a},
-					Msgs: []string{"- DELETE laba.f.com MX 10 laba ttl=300"},
+					Old:  models.Records{makeRec("laba", "MX", "10 laba.f.com.")},
+					Msgs: []string{"- DELETE laba.f.com MX 10 laba.f.com. ttl=300"},
 				},
 			},
 		},
@@ -501,7 +601,7 @@ func Test_diffTargets(t *testing.T) {
 					Key:  models.RecordKey{NameFQDN: "laba.f.com", Type: "MX"},
 					Old:  models.Records{testDataAMX10a},
 					New:  models.Records{testDataAMX20b},
-					Msgs: []string{"± MODIFY laba.f.com MX (10 laba ttl=300) -> (20 labb ttl=300)"},
+					Msgs: []string{"± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)"},
 				},
 			},
 		},
diff --git a/pkg/diff2/compareconfig_test.go b/pkg/diff2/compareconfig_test.go
index 9f576d00e..51a15df15 100644
--- a/pkg/diff2/compareconfig_test.go
+++ b/pkg/diff2/compareconfig_test.go
@@ -58,8 +58,8 @@ ldata:
              tdata[2]: "CNAME" e(0, 0) d(1, 1)
 labelMap: len=1 map[labh.f.com:true]
 keyMap:   len=3 map[{labh.f.com A}:true {labh.f.com CNAME}:true {labh.f.com MX}:true]
-existing: ["22 ttt" "1.2.3.4"]
-desired: ["labd"]
+existing: ["22 ttt.f.com." "1.2.3.4"]
+desired: ["labd.f.com."]
 origin: f.com
 compFn: <nil>
 		`,
@@ -81,8 +81,8 @@ ldata:
              tdata[2]: "MX" e(0, 0) d(1, 1)
 labelMap: len=1 map[labh.f.com:true]
 keyMap:   len=3 map[{labh.f.com A}:true {labh.f.com CNAME}:true {labh.f.com MX}:true]
-existing: ["labd"]
-desired: ["1.2.3.4" "22 ttt"]
+existing: ["labd.f.com."]
+desired: ["1.2.3.4" "22 ttt.f.com."]
 origin: f.com
 compFn: <nil>
 		`,
@@ -104,7 +104,7 @@ ldata:
              tdata[0]: "CNAME" e(1, 1) d(0, 0)
 labelMap: len=2 map[laba.f.com:true labc.f.com:true]
 keyMap:   len=2 map[{laba.f.com A}:true {labc.f.com CNAME}:true]
-existing: ["1.2.3.4" "laba"]
+existing: ["1.2.3.4" "laba.f.com."]
 desired: ["1.2.3.4"]
 origin: f.com
 compFn: <nil>
@@ -127,8 +127,8 @@ ldata:
              tdata[0]: "A" e(1, 1) d(1, 1)
 labelMap: len=2 map[f.com:true laba.f.com:true]
 keyMap:   len=2 map[{f.com MX}:true {laba.f.com A}:true]
-existing: ["1.2.3.4" "1 aaa"]
-desired: ["1.2.3.4" "22 bbb"]
+existing: ["1.2.3.4" "1 aaa.f.com."]
+desired: ["1.2.3.4" "22 bbb.f.com."]
 origin: f.com
 compFn: <nil>
 `,
@@ -153,8 +153,8 @@ ldata:
              tdata[0]: "A" e(1, 1) d(2, 2)
 labelMap: len=3 map[laba.f.com:true labc.f.com:true labe.f.com:true]
 keyMap:   len=4 map[{laba.f.com A}:true {laba.f.com MX}:true {labc.f.com CNAME}:true {labe.f.com A}:true]
-existing: ["1.2.3.4" "10 laba" "laba" "10.10.10.15"]
-desired: ["1.2.3.4" "1.2.3.5" "20 labb" "10.10.10.95" "10.10.10.96"]
+existing: ["1.2.3.4" "10 laba.f.com." "laba.f.com." "10.10.10.15"]
+desired: ["1.2.3.4" "1.2.3.5" "20 labb.f.com." "10.10.10.95" "10.10.10.96"]
 origin: f.com
 compFn: <nil>
 `,
@@ -186,8 +186,8 @@ ldata:
              tdata[1]: "A" e(0, 0) d(1, 1)
 labelMap: len=6 map[laba.f.com:true labc.f.com:true labe.f.com:true labf.f.com:true labg.f.com:true labh.f.com:true]
 keyMap:   len=8 map[{laba.f.com A}:true {laba.f.com MX}:true {labc.f.com CNAME}:true {labe.f.com A}:true {labf.f.com TXT}:true {labg.f.com NS}:true {labh.f.com A}:true {labh.f.com CNAME}:true]
-existing: ["1.2.3.4" "10 laba" "laba" "10.10.10.15" "10.10.10.16" "10.10.10.17" "10.10.10.18" "10.10.10.15" "10.10.10.16" "10.10.10.17" "10.10.10.18" "labd"]
-desired: ["1.2.3.4" "1.2.3.5" "20 labb" "10.10.10.95" "10.10.10.96" "10.10.10.97" "10.10.10.98" "\"foo\"" "10.10.10.10" "10.10.10.15" "10.10.10.16" "10.10.10.97" "1.2.3.4"]
+existing: ["1.2.3.4" "10 laba.f.com." "laba.f.com." "10.10.10.15" "10.10.10.16" "10.10.10.17" "10.10.10.18" "laba.f.com." "labb.f.com." "labc.f.com." "labe.f.com." "labd.f.com."]
+desired: ["1.2.3.4" "1.2.3.5" "20 labb.f.com." "10.10.10.95" "10.10.10.96" "10.10.10.97" "10.10.10.98" "\"foo\"" "labf.f.com." "laba.f.com." "labe.f.com." "labb.f.com." "1.2.3.4"]
 origin: f.com
 compFn: <nil>
 `,
@@ -196,6 +196,10 @@ compFn: <nil>
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+
+			models.CanonicalizeTargets(tt.args.desired, "f.com")
+			models.CanonicalizeTargets(tt.args.existing, "f.com")
+
 			cc := NewCompareConfig(tt.args.origin, tt.args.existing, tt.args.desired, tt.args.compFn)
 			got := strings.TrimSpace(cc.String())
 			tt.want = strings.TrimSpace(tt.want)
@@ -229,6 +233,7 @@ func Test_mkCompareBlobs(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+
 			got, got1 := mkCompareBlobs(tt.args.rc, tt.args.f)
 			if got != tt.want {
 				t.Errorf("mkCompareBlobs() got = %q, want %q", got, tt.want)
diff --git a/pkg/diff2/diff2.go b/pkg/diff2/diff2.go
index d9ee3a195..f8e11404a 100644
--- a/pkg/diff2/diff2.go
+++ b/pkg/diff2/diff2.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/dnsgraph"
 )
 
 // Verb indicates the Change's type (create, delete, etc.)
@@ -52,6 +53,31 @@ type Change struct {
 	HintRecordSetLen1 bool
 }
 
+func (c Change) GetType() dnsgraph.NodeType {
+	if c.Type == REPORT {
+		return dnsgraph.Report
+	}
+
+	return dnsgraph.Change
+}
+
+func (c Change) GetName() string {
+	return c.Key.NameFQDN
+}
+
+func (c Change) GetDependencies() []dnsgraph.Dependency {
+	var dependencies []dnsgraph.Dependency
+
+	if c.Type == CHANGE || c.Type == DELETE {
+		dependencies = append(dependencies, dnsgraph.CreateDependencies(c.Old.GetAllDependencies(), dnsgraph.BackwardDependency)...)
+	}
+	if c.Type == CHANGE || c.Type == CREATE {
+		dependencies = append(dependencies, dnsgraph.CreateDependencies(c.New.GetAllDependencies(), dnsgraph.ForwardDependency)...)
+	}
+
+	return dependencies
+}
+
 /*
 General instructions:
 
diff --git a/pkg/diff2/flag.go b/pkg/diff2/flag.go
index 6576d9271..f46644e75 100644
--- a/pkg/diff2/flag.go
+++ b/pkg/diff2/flag.go
@@ -2,3 +2,6 @@ package diff2
 
 // EnableDiff2 is true to activate the experimental diff2 algorithm.
 var EnableDiff2 bool
+
+// DisableOrdering can be set to true to disable the reordering of the changes
+var DisableOrdering bool
diff --git a/pkg/diff2/ordering.go b/pkg/diff2/ordering.go
new file mode 100644
index 000000000..f5b82f10c
--- /dev/null
+++ b/pkg/diff2/ordering.go
@@ -0,0 +1,28 @@
+package diff2
+
+import (
+	"log"
+
+	"github.com/StackExchange/dnscontrol/v4/pkg/dnsgraph"
+	"github.com/StackExchange/dnscontrol/v4/pkg/dnssort"
+)
+
+func orderByDependencies(changes ChangeList) ChangeList {
+	if DisableOrdering {
+		log.Println("[Info: ordering of the changes has been disabled.]")
+		return changes
+	}
+
+	a := dnssort.SortUsingGraph(changes)
+
+	if len(a.UnresolvedRecords) > 0 {
+		log.Printf("Warning: Found unresolved records %v.\n"+
+			"This can indicate a circular dependency, please ensure all targets from given records exist and no circular dependencies exist in the changeset. "+
+			"These unresolved records are still added as changes and pushed to the provider, but will cause issues if and when the provider checks the changes.\n"+
+			"For more information and how to disable the reordering please consolidate our documentation at https://docs.dnscontrol.org/developer-info/ordering\n",
+			dnsgraph.GetRecordsNamesForGraphables(a.UnresolvedRecords),
+		)
+	}
+
+	return a.SortedRecords
+}
diff --git a/pkg/dnsgraph/dependencies.go b/pkg/dnsgraph/dependencies.go
new file mode 100644
index 000000000..e2acfc8ea
--- /dev/null
+++ b/pkg/dnsgraph/dependencies.go
@@ -0,0 +1,11 @@
+package dnsgraph
+
+func CreateDependencies(dependencyFQDNs []string, dependencyType DependencyType) []Dependency {
+	var dependencies []Dependency
+
+	for _, dependency := range dependencyFQDNs {
+		dependencies = append(dependencies, Dependency{NameFQDN: dependency, Type: dependencyType})
+	}
+
+	return dependencies
+}
diff --git a/pkg/dnsgraph/dnsgraph.go b/pkg/dnsgraph/dnsgraph.go
new file mode 100644
index 000000000..24df8f2a8
--- /dev/null
+++ b/pkg/dnsgraph/dnsgraph.go
@@ -0,0 +1,143 @@
+package dnsgraph
+
+import "github.com/StackExchange/dnscontrol/v4/pkg/dnstree"
+
+type edgeDirection uint8
+
+const (
+	IncomingEdge edgeDirection = iota
+	OutgoingEdge
+)
+
+type DNSGraphEdge[T Graphable] struct {
+	Dependency Dependency
+	Node       *DNSGraphNode[T]
+	Direction  edgeDirection
+}
+
+type DNSGraphEdges[T Graphable] []DNSGraphEdge[T]
+
+type DNSGraphNode[T Graphable] struct {
+	Data  T
+	Edges DNSGraphEdges[T]
+}
+
+type dnsGraphNodes[T Graphable] []*DNSGraphNode[T]
+
+type DNSGraph[T Graphable] struct {
+	All  dnsGraphNodes[T]
+	Tree *dnstree.DomainTree[dnsGraphNodes[T]]
+}
+
+func CreateGraph[T Graphable](entries []T) *DNSGraph[T] {
+	graph := &DNSGraph[T]{
+		All:  dnsGraphNodes[T]{},
+		Tree: dnstree.Create[dnsGraphNodes[T]](),
+	}
+
+	for _, data := range entries {
+		graph.AddNode(data)
+	}
+
+	for _, sourceNode := range graph.All {
+		for _, dependency := range sourceNode.Data.GetDependencies() {
+			graph.AddEdge(sourceNode, dependency)
+		}
+	}
+
+	return graph
+}
+
+func (graph *DNSGraph[T]) RemoveNode(toRemove *DNSGraphNode[T]) {
+	for _, edge := range toRemove.Edges {
+		edge.Node.Edges = edge.Node.Edges.RemoveNode(toRemove)
+	}
+
+	graph.All = graph.All.RemoveNode(toRemove)
+
+	nodes := graph.Tree.Get(toRemove.Data.GetName())
+	if nodes != nil {
+		nodes = nodes.RemoveNode(toRemove)
+		graph.Tree.Set(toRemove.Data.GetName(), nodes)
+	}
+}
+
+func (graph *DNSGraph[T]) AddNode(data T) {
+	nodes := graph.Tree.Get(data.GetName())
+	node := &DNSGraphNode[T]{
+		Data:  data,
+		Edges: DNSGraphEdges[T]{},
+	}
+	if nodes == nil {
+		nodes = dnsGraphNodes[T]{}
+	}
+	nodes = append(nodes, node)
+
+	graph.All = append(graph.All, node)
+	graph.Tree.Set(data.GetName(), nodes)
+}
+
+func (graph *DNSGraph[T]) AddEdge(sourceNode *DNSGraphNode[T], dependency Dependency) {
+	destinationNodes := graph.Tree.Get(dependency.NameFQDN)
+
+	if destinationNodes == nil {
+		return
+	}
+
+	for _, destinationNode := range destinationNodes {
+		if sourceNode == destinationNode {
+			continue
+		}
+
+		if sourceNode.Edges.Contains(destinationNode, OutgoingEdge) {
+			continue
+		}
+
+		sourceNode.Edges = append(sourceNode.Edges, DNSGraphEdge[T]{
+			Dependency: dependency,
+			Node:       destinationNode,
+			Direction:  OutgoingEdge,
+		})
+
+		destinationNode.Edges = append(destinationNode.Edges, DNSGraphEdge[T]{
+			Dependency: dependency,
+			Node:       sourceNode,
+			Direction:  IncomingEdge,
+		})
+	}
+}
+
+func (nodes dnsGraphNodes[T]) RemoveNode(toRemove *DNSGraphNode[T]) dnsGraphNodes[T] {
+	var newNodes dnsGraphNodes[T]
+
+	for _, node := range nodes {
+		if node != toRemove {
+			newNodes = append(newNodes, node)
+		}
+	}
+
+	return newNodes
+}
+
+func (edges DNSGraphEdges[T]) RemoveNode(toRemove *DNSGraphNode[T]) DNSGraphEdges[T] {
+	var newEdges DNSGraphEdges[T]
+
+	for _, edge := range edges {
+		if edge.Node != toRemove {
+			newEdges = append(newEdges, edge)
+		}
+	}
+
+	return newEdges
+}
+
+func (edges DNSGraphEdges[T]) Contains(toFind *DNSGraphNode[T], direction edgeDirection) bool {
+
+	for _, edge := range edges {
+		if edge.Node == toFind && edge.Direction == direction {
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/pkg/dnsgraph/dnsgraph_test.go b/pkg/dnsgraph/dnsgraph_test.go
new file mode 100644
index 000000000..719f92a9e
--- /dev/null
+++ b/pkg/dnsgraph/dnsgraph_test.go
@@ -0,0 +1,68 @@
+package dnsgraph_test
+
+import (
+	"testing"
+
+	"github.com/StackExchange/dnscontrol/v4/pkg/dnsgraph"
+	"github.com/StackExchange/dnscontrol/v4/pkg/dnsgraph/testutils"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_CreateGraph(t *testing.T) {
+	changes := []testutils.StubRecord{
+		{NameFQDN: "example.com", Dependencies: []dnsgraph.Dependency{}},
+		{NameFQDN: "mail.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "example.com"}, {Type: dnsgraph.ForwardDependency, NameFQDN: "someserver.example.com"}}},
+		{NameFQDN: "*.hq.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "example.com"}}},
+		{NameFQDN: "someserver.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "a.hq.example.com"}, {Type: dnsgraph.ForwardDependency, NameFQDN: "b.hq.example.com"}}},
+	}
+
+	graph := dnsgraph.CreateGraph(testutils.StubRecordsAsGraphable(changes))
+
+	nodes := graph.Tree.Get("example.com")
+	assert.Len(t, nodes, 1)
+	assert.Len(t, nodes[0].Edges, 2)
+	assert.Equal(t, "mail.example.com", nodes[0].Edges[0].Node.Data.GetName())
+	assert.Equal(t, dnsgraph.IncomingEdge, nodes[0].Edges[0].Direction)
+	assert.Equal(t, "*.hq.example.com", nodes[0].Edges[1].Node.Data.GetName())
+
+	nodes = graph.Tree.Get("someserver.example.com")
+	assert.Len(t, nodes, 1)
+	// *.hq.example.com is added once
+	assert.Len(t, nodes[0].Edges, 2)
+	assert.Equal(t, "mail.example.com", nodes[0].Edges[0].Node.Data.GetName())
+	assert.Equal(t, dnsgraph.IncomingEdge, nodes[0].Edges[0].Direction)
+	assert.Equal(t, "*.hq.example.com", nodes[0].Edges[1].Node.Data.GetName())
+	assert.Equal(t, dnsgraph.OutgoingEdge, nodes[0].Edges[1].Direction)
+
+	nodes = graph.Tree.Get("a.hq.example.com")
+	assert.Len(t, nodes, 1)
+	// someserver.example.com is added once
+	assert.Len(t, nodes[0].Edges, 2)
+	assert.Equal(t, "example.com", nodes[0].Edges[0].Node.Data.GetName())
+	assert.Equal(t, dnsgraph.OutgoingEdge, nodes[0].Edges[0].Direction)
+	assert.Equal(t, "someserver.example.com", nodes[0].Edges[1].Node.Data.GetName())
+	assert.Equal(t, dnsgraph.IncomingEdge, nodes[0].Edges[1].Direction)
+}
+
+func Test_RemoveNode(t *testing.T) {
+	changes := []testutils.StubRecord{
+		{NameFQDN: "example.com", Dependencies: []dnsgraph.Dependency{}},
+		{NameFQDN: "mail.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "example.com"}, {Type: dnsgraph.ForwardDependency, NameFQDN: "someserver.example.com"}}},
+		{NameFQDN: "*.hq.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "example.com"}}},
+		{NameFQDN: "someserver.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "a.hq.example.com"}, {Type: dnsgraph.ForwardDependency, NameFQDN: "b.hq.example.com"}}},
+	}
+
+	graph := dnsgraph.CreateGraph(testutils.StubRecordsAsGraphable(changes))
+
+	graph.RemoveNode(graph.Tree.Get("example.com")[0])
+
+	// example.com change has been removed
+	nodes := graph.Tree.Get("example.com")
+	assert.Len(t, nodes, 0)
+
+	nodes = graph.Tree.Get("a.hq.example.com")
+	assert.Len(t, nodes, 1)
+
+	assert.Len(t, nodes[0].Edges, 1)
+	assert.Equal(t, "someserver.example.com", nodes[0].Edges[0].Node.Data.GetName())
+}
diff --git a/pkg/dnsgraph/graphable.go b/pkg/dnsgraph/graphable.go
new file mode 100644
index 000000000..13dd2fb53
--- /dev/null
+++ b/pkg/dnsgraph/graphable.go
@@ -0,0 +1,36 @@
+package dnsgraph
+
+type NodeType uint8
+
+const (
+	Change NodeType = iota
+	Report
+)
+
+type DependencyType uint8
+
+const (
+	ForwardDependency DependencyType = iota
+	BackwardDependency
+)
+
+type Dependency struct {
+	NameFQDN string
+	Type     DependencyType
+}
+
+type Graphable interface {
+	GetType() NodeType
+	GetName() string
+	GetDependencies() []Dependency
+}
+
+func GetRecordsNamesForGraphables[T Graphable](graphables []T) []string {
+	var names []string
+
+	for _, graphable := range graphables {
+		names = append(names, graphable.GetName())
+	}
+
+	return names
+}
diff --git a/pkg/dnsgraph/testutils/stubrecords.go b/pkg/dnsgraph/testutils/stubrecords.go
new file mode 100644
index 000000000..e4627ffec
--- /dev/null
+++ b/pkg/dnsgraph/testutils/stubrecords.go
@@ -0,0 +1,31 @@
+package testutils
+
+import "github.com/StackExchange/dnscontrol/v4/pkg/dnsgraph"
+
+type StubRecord struct {
+	NameFQDN     string
+	Dependencies []dnsgraph.Dependency
+	Type         dnsgraph.NodeType
+}
+
+func (record StubRecord) GetType() dnsgraph.NodeType {
+	return record.Type
+}
+
+func (record StubRecord) GetName() string {
+	return record.NameFQDN
+}
+
+func (record StubRecord) GetDependencies() []dnsgraph.Dependency {
+	return record.Dependencies
+}
+
+func StubRecordsAsGraphable(records []StubRecord) []dnsgraph.Graphable {
+	sortableRecords := make([]dnsgraph.Graphable, len(records))
+
+	for iX := range records {
+		sortableRecords[iX] = records[iX]
+	}
+
+	return sortableRecords
+}
diff --git a/pkg/dnssort/graphsort.go b/pkg/dnssort/graphsort.go
new file mode 100644
index 000000000..b9476e44c
--- /dev/null
+++ b/pkg/dnssort/graphsort.go
@@ -0,0 +1,121 @@
+package dnssort
+
+import "github.com/StackExchange/dnscontrol/v4/pkg/dnsgraph"
+
+// SortUsingGraph sorts changes based on their dependencies using a directed graph.
+// Most changes have dependencies on other changes.
+// Either they are depend on already (a backwards dependency) or their new state depend on another record (a forwards dependency) which can be in our change set or an existing record.
+// A rough sketch of our sorting algorithm is as follows
+//
+// while graph has nodes:
+//
+//	  foreach node in graph:
+//
+//		  if node has no dependencies:
+//		    add node to sortedNodes
+//		    remove node from graph
+//
+// return sortedNodes
+//
+// The code below also accounts for the existence of cycles by tracking if any nodes were added to the sorted set in the last round.
+func SortUsingGraph[T dnsgraph.Graphable](records []T) SortResult[T] {
+	sortState := createDirectedSortState(records)
+
+	for sortState.hasWork() {
+
+		for _, node := range sortState.graph.All {
+			sortState.hasResolvedLastRound = false
+
+			if hasUnmetDependencies(node) {
+				continue
+			}
+
+			sortState.hasResolvedLastRound = true
+			sortState.addSortedRecord(node.Data)
+			sortState.graph.RemoveNode(node)
+		}
+
+		if sortState.hasStalled() {
+			break
+		}
+	}
+
+	sortState.finalize()
+
+	return SortResult[T]{
+		SortedRecords:     sortState.sortedRecords,
+		UnresolvedRecords: sortState.unresolvedRecords,
+	}
+}
+
+type directedSortState[T dnsgraph.Graphable] struct {
+	graph                *dnsgraph.DNSGraph[T]
+	sortedRecords        []T
+	unresolvedRecords    []T
+	hasResolvedLastRound bool
+}
+
+func createDirectedSortState[T dnsgraph.Graphable](records []T) directedSortState[T] {
+	changes, reportChanges := splitRecordsByType(records)
+
+	graph := dnsgraph.CreateGraph(changes)
+
+	return directedSortState[T]{
+		graph:                graph,
+		unresolvedRecords:    []T{},
+		sortedRecords:        reportChanges,
+		hasResolvedLastRound: false,
+	}
+}
+
+func splitRecordsByType[T dnsgraph.Graphable](records []T) ([]T, []T) {
+	var changes []T
+	var reports []T
+
+	for _, record := range records {
+		switch record.GetType() {
+		case dnsgraph.Report:
+			reports = append(reports, record)
+		case dnsgraph.Change:
+			changes = append(changes, record)
+		}
+	}
+
+	return changes, reports
+}
+
+func (sortState *directedSortState[T]) hasWork() bool {
+	return len(sortState.graph.All) > 0
+}
+
+func (sortState *directedSortState[T]) hasStalled() bool {
+	return !sortState.hasResolvedLastRound
+}
+
+func (sortState *directedSortState[T]) addSortedRecord(node T) {
+	sortState.sortedRecords = append(sortState.sortedRecords, node)
+}
+
+func (sortState *directedSortState[T]) finalize() {
+	// Add all of the changes remaining in the graph as unresolved and add them at the end of the sorted result to at least include everything
+	if len(sortState.graph.All) > 0 {
+		for _, unresolved := range sortState.graph.All {
+			sortState.addSortedRecord(unresolved.Data)
+			sortState.unresolvedRecords = append(sortState.unresolvedRecords, unresolved.Data)
+		}
+	}
+}
+
+func hasUnmetDependencies[T dnsgraph.Graphable](node *dnsgraph.DNSGraphNode[T]) bool {
+	for _, edge := range node.Edges {
+		if edge.Dependency.Type == dnsgraph.BackwardDependency && edge.Direction == dnsgraph.IncomingEdge {
+			return true
+		}
+
+		if edge.Dependency.Type == dnsgraph.ForwardDependency && edge.Direction == dnsgraph.OutgoingEdge {
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/pkg/dnssort/graphsort_test.go b/pkg/dnssort/graphsort_test.go
new file mode 100644
index 000000000..2736a9fc5
--- /dev/null
+++ b/pkg/dnssort/graphsort_test.go
@@ -0,0 +1,191 @@
+package dnssort_test
+
+import (
+	"testing"
+
+	"github.com/StackExchange/dnscontrol/v4/pkg/dnsgraph"
+	"github.com/StackExchange/dnscontrol/v4/pkg/dnsgraph/testutils"
+	"github.com/StackExchange/dnscontrol/v4/pkg/dnssort"
+)
+
+func Test_graphsort(t *testing.T) {
+
+	t.Run("Direct dependency",
+		executeGraphSort(
+			[]testutils.StubRecord{
+				{NameFQDN: "www.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "example.com"}}},
+				{NameFQDN: "example.com", Dependencies: []dnsgraph.Dependency{}},
+			},
+			[]string{
+				"example.com",
+				"www.example.com",
+			},
+			[]string{},
+		),
+	)
+
+	t.Run("Already in correct order",
+		executeGraphSort(
+			[]testutils.StubRecord{
+				{NameFQDN: "example.com", Dependencies: []dnsgraph.Dependency{}},
+				{NameFQDN: "www.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "example.com"}}},
+			},
+			[]string{
+				"example.com",
+				"www.example.com",
+			},
+			[]string{},
+		),
+	)
+
+	t.Run("Use wildcards",
+		executeGraphSort(
+			[]testutils.StubRecord{
+				{NameFQDN: "www.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "a.test.example.com"}}},
+				{NameFQDN: "*.test.example.com", Dependencies: []dnsgraph.Dependency{}},
+			},
+			[]string{
+				"*.test.example.com",
+				"www.example.com",
+			},
+			[]string{},
+		),
+	)
+
+	t.Run("Cyclic dependency added on the end",
+		executeGraphSort(
+			[]testutils.StubRecord{
+				{NameFQDN: "a.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "b.example.com"}}},
+				{NameFQDN: "b.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "a.example.com"}}},
+				{NameFQDN: "www.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "example.com"}}},
+				{NameFQDN: "example.com", Dependencies: []dnsgraph.Dependency{}},
+			},
+			[]string{
+				"example.com",
+				"www.example.com",
+				"a.example.com",
+				"b.example.com",
+			},
+			[]string{
+				"a.example.com",
+				"b.example.com",
+			},
+		),
+	)
+
+	t.Run("Dependency on the same named record resolves in correct order",
+		executeGraphSort(
+			[]testutils.StubRecord{
+				{NameFQDN: "a.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "a.example.com"}}},
+				{NameFQDN: "www.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "example.com"}}},
+				{NameFQDN: "example.com", Dependencies: []dnsgraph.Dependency{{}}},
+				{NameFQDN: "a.example.com", Dependencies: []dnsgraph.Dependency{}},
+			},
+			[]string{
+				"example.com",
+				"a.example.com",
+				"a.example.com",
+				"www.example.com",
+			},
+			[]string{},
+		),
+	)
+
+	t.Run("Ignores external dependency",
+		executeGraphSort(
+			[]testutils.StubRecord{
+				{NameFQDN: "mail.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "mail.external.tld"}}},
+			},
+			[]string{
+				"mail.example.com",
+			},
+			[]string{},
+		),
+	)
+
+	t.Run("Deletions in correct order",
+		executeGraphSort(
+			[]testutils.StubRecord{
+				{NameFQDN: "mail.example.com", Dependencies: []dnsgraph.Dependency{}},
+				{NameFQDN: "example.com", Dependencies: []dnsgraph.Dependency{{NameFQDN: "mail.example.com", Type: dnsgraph.BackwardDependency}}},
+			},
+			[]string{
+				"example.com",
+				"mail.example.com",
+			},
+			[]string{},
+		),
+	)
+
+	t.Run("A Change with dependency on old and new state",
+		executeGraphSort(
+			[]testutils.StubRecord{
+				{NameFQDN: "bar2.example.com", Dependencies: []dnsgraph.Dependency{{}}},
+				{NameFQDN: "foo.example.com", Dependencies: []dnsgraph.Dependency{{NameFQDN: "bar2.example.com", Type: dnsgraph.BackwardDependency}, {NameFQDN: "new2.example.com", Type: dnsgraph.ForwardDependency}}},
+				{NameFQDN: "new2.example.com", Dependencies: []dnsgraph.Dependency{{}}},
+			},
+			[]string{
+				"new2.example.com",
+				"foo.example.com",
+				"bar2.example.com",
+			},
+			[]string{},
+		),
+	)
+
+	t.Run("Reports first and ignore dependencies",
+		executeGraphSort(
+			[]testutils.StubRecord{
+				{NameFQDN: "example.com", Dependencies: []dnsgraph.Dependency{}},
+				{NameFQDN: "test.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "example.com"}}, Type: dnsgraph.Report},
+			},
+			[]string{
+				"test.example.com",
+				"example.com",
+			},
+			[]string{},
+		),
+	)
+
+	t.Run("Reports are not resolvable as dependencies",
+		executeGraphSort(
+			[]testutils.StubRecord{
+				{NameFQDN: "test2.example.com", Dependencies: []dnsgraph.Dependency{{Type: dnsgraph.ForwardDependency, NameFQDN: "test.example.com"}}},
+				{NameFQDN: "test.example.com", Dependencies: []dnsgraph.Dependency{}, Type: dnsgraph.Report},
+			},
+			[]string{
+				"test.example.com",
+				"test2.example.com",
+			},
+			[]string{},
+		),
+	)
+}
+
+func executeGraphSort(inputOrder []testutils.StubRecord, expectedOutputOrder []string, expectedUnresolved []string) func(*testing.T) {
+	return func(t *testing.T) {
+		inputSortableRecords := testutils.StubRecordsAsGraphable(inputOrder)
+		t.Helper()
+		result := dnssort.SortUsingGraph(inputSortableRecords)
+
+		if len(expectedOutputOrder) != len(result.SortedRecords) {
+			t.Errorf("Missing records after sort. Expected order: %v. Got order: %v\n", expectedOutputOrder, dnsgraph.GetRecordsNamesForGraphables(result.SortedRecords))
+		} else {
+			for iX := range expectedOutputOrder {
+				if result.SortedRecords[iX].GetName() != expectedOutputOrder[iX] {
+					t.Errorf("Invalid order on index %d after sort. Expected order: %v. Got order: %v\n", iX, expectedOutputOrder, dnsgraph.GetRecordsNamesForGraphables(result.SortedRecords))
+				}
+			}
+		}
+
+		if len(expectedUnresolved) != len(result.UnresolvedRecords) {
+			t.Errorf("Missing unresolved records. Expected unresolved: %v. Got: %v\n", expectedUnresolved, dnsgraph.GetRecordsNamesForGraphables(result.UnresolvedRecords))
+		} else {
+			for iX := range expectedUnresolved {
+				if result.UnresolvedRecords[iX].GetName() != expectedUnresolved[iX] {
+					t.Errorf("Invalid unresolved records after sort. Expected: %v. Got: %v\n", expectedOutputOrder, dnsgraph.GetRecordsNamesForGraphables(result.UnresolvedRecords))
+				}
+			}
+		}
+	}
+}
diff --git a/pkg/dnssort/result.go b/pkg/dnssort/result.go
new file mode 100644
index 000000000..5f90ecdb3
--- /dev/null
+++ b/pkg/dnssort/result.go
@@ -0,0 +1,8 @@
+package dnssort
+
+import "github.com/StackExchange/dnscontrol/v4/pkg/dnsgraph"
+
+type SortResult[T dnsgraph.Graphable] struct {
+	SortedRecords     []T
+	UnresolvedRecords []T
+}
diff --git a/pkg/dnstree/dnstree.go b/pkg/dnstree/dnstree.go
new file mode 100644
index 000000000..a2ec2a520
--- /dev/null
+++ b/pkg/dnstree/dnstree.go
@@ -0,0 +1,144 @@
+package dnstree
+
+import (
+	"strings"
+)
+
+// Create creates a tree like structure to add arbitrary data to DNS names.
+// The DomainTree splits the domain name based on the dot (.), reverses the resulting list and add all strings the tree in order.
+// It has support for wildcard domain names the tree nodes (`Set`), but not during retrieval (Get and Has).
+// Get always returns the most specific node; it doesn't immediately return the node upon finding a wildcard node.
+func Create[T any]() *DomainTree[T] {
+	return &DomainTree[T]{
+		IsLeaf:     false,
+		IsWildcard: false,
+		Name:       "",
+		Children:   map[string]*domainNode[T]{},
+	}
+}
+
+type DomainTree[T any] domainNode[T]
+
+type domainNode[T any] struct {
+	IsLeaf     bool
+	IsWildcard bool
+	Name       string
+	Children   map[string]*domainNode[T]
+	data       T
+}
+
+func createNode[T any](name string) *domainNode[T] {
+	return &domainNode[T]{
+		IsLeaf:   false,
+		Name:     name,
+		Children: map[string]*domainNode[T]{},
+	}
+}
+
+// Set adds given data to the given fqdn.
+// The FQDN can contain a wildcard on the start.
+// example fqdn: *.example.com
+func (tree *DomainTree[T]) Set(fqdn string, data T) {
+	domainParts := splitFQDN(fqdn)
+
+	isWildcard := domainParts[0] == "*"
+	if isWildcard {
+		domainParts = domainParts[1:]
+	}
+
+	ptr := (*domainNode[T])(tree)
+	for iX := len(domainParts) - 1; iX > 0; iX -= 1 {
+		ptr = ptr.addIntermediate(domainParts[iX])
+	}
+
+	ptr.addLeaf(domainParts[0], isWildcard, data)
+}
+
+// Retrieves the attached data from a given FQDN.
+// The tree will return the data entry for the most specific FQDN entry.
+// If no entry is found Get will return the default value for the specific type.
+//
+// tree.Set("*.example.com", 1)
+// tree.Set("a.example.com", 2)
+// tree.Get("a.example.com") // 2
+// tree.Get("a.a.example.com") // 1
+// tree.Get("other.com") // 0
+func (tree *DomainTree[T]) Get(fqdn string) T {
+	domainParts := splitFQDN(fqdn)
+
+	var mostSpecificNode *domainNode[T]
+	ptr := (*domainNode[T])(tree)
+
+	for iX := len(domainParts) - 1; iX >= 0; iX -= 1 {
+		node, ok := ptr.Children[domainParts[iX]]
+		if !ok {
+			if mostSpecificNode != nil {
+				return mostSpecificNode.data
+			}
+			return *new(T)
+		}
+
+		if node.IsWildcard {
+			mostSpecificNode = node
+		}
+
+		ptr = node
+	}
+
+	if ptr.IsLeaf || ptr.IsWildcard {
+		return ptr.data
+	}
+
+	if mostSpecificNode != nil {
+		return mostSpecificNode.data
+	}
+
+	return *new(T)
+}
+
+// Has returns if the tree contains data for given FQDN.
+func (tree *DomainTree[T]) Has(fqdn string) bool {
+	domainParts := splitFQDN(fqdn)
+
+	var mostSpecificNode *domainNode[T]
+	ptr := (*domainNode[T])(tree)
+
+	for iX := len(domainParts) - 1; iX >= 0; iX -= 1 {
+		node, ok := ptr.Children[domainParts[iX]]
+		if !ok {
+			return mostSpecificNode != nil
+		}
+
+		if node.IsWildcard {
+			mostSpecificNode = node
+		}
+
+		ptr = node
+	}
+
+	return ptr.IsLeaf || ptr.IsWildcard || mostSpecificNode != nil
+}
+
+func splitFQDN(fqdn string) []string {
+	normalizedFQDN := strings.TrimSuffix(fqdn, ".")
+
+	return strings.Split(normalizedFQDN, ".")
+}
+
+func (tree *domainNode[T]) addIntermediate(name string) *domainNode[T] {
+	if _, ok := tree.Children[name]; !ok {
+		tree.Children[name] = createNode[T](name)
+	}
+
+	return tree.Children[name]
+}
+
+func (tree *domainNode[T]) addLeaf(name string, isWildcard bool, data T) *domainNode[T] {
+	node := tree.addIntermediate(name)
+
+	node.data = data
+	node.IsLeaf = true
+	node.IsWildcard = node.IsWildcard || isWildcard
+
+	return node
+}
diff --git a/pkg/dnstree/dnstree_test.go b/pkg/dnstree/dnstree_test.go
new file mode 100644
index 000000000..5e1957491
--- /dev/null
+++ b/pkg/dnstree/dnstree_test.go
@@ -0,0 +1,64 @@
+package dnstree_test
+
+import (
+	"testing"
+
+	"github.com/StackExchange/dnscontrol/v4/pkg/dnstree"
+)
+
+func Test_domaintree(t *testing.T) {
+
+	t.Run("Single FQDN",
+		executeTreeTest(
+			[]string{
+				"other.example.com",
+			},
+			[]string{"other.example.com"},
+			[]string{"com", "x.example.com", "x.www.example.com", "example.com"},
+		),
+	)
+
+	t.Run("Wildcard",
+		executeTreeTest(
+			[]string{
+				"*.example.com",
+			},
+			[]string{"example.com", "other.example.com"},
+			[]string{"com", "example.nl", "*.com"},
+		),
+	)
+
+	t.Run("Combined domains",
+		executeTreeTest(
+			[]string{
+				"*.other.example.com",
+				"specific.example.com",
+				"specific.example.nl",
+			},
+			[]string{"any.other.example.com", "specific.example.com", "specific.example.nl"},
+			[]string{"com", "nl", "", "example.nl", "other.nl"},
+		),
+	)
+}
+
+func executeTreeTest(inputs []string, founds []string, missings []string) func(*testing.T) {
+	return func(t *testing.T) {
+		t.Helper()
+		tree := dnstree.Create[interface{}]()
+		for _, input := range inputs {
+			tree.Set(input, struct{}{})
+		}
+
+		for _, found := range founds {
+			if tree.Has(found) == false {
+				t.Errorf("Expected %s to be found in tree, but is missing", found)
+			}
+		}
+
+		for _, missing := range missings {
+			if tree.Has(missing) == true {
+				t.Errorf("Expected %s to be missing in tree, but is found", missing)
+			}
+		}
+	}
+}

From 84f0bc15521775e6c4828593d701c5c5e695ad36 Mon Sep 17 00:00:00 2001
From: Major Hayden <major@mhtx.net>
Date: Tue, 5 Sep 2023 15:26:03 +0000
Subject: [PATCH 37/79] docs: Fix small route53 typo (#2546)

---
 documentation/providers/route53.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/providers/route53.md b/documentation/providers/route53.md
index 3c71b70f0..7f1402c1d 100644
--- a/documentation/providers/route53.md
+++ b/documentation/providers/route53.md
@@ -80,7 +80,7 @@ D("example.com", REG_NONE, DnsProvider(DSP_R53),
 
 ## Split horizon
 
-This provider supports spilt horizons using the [`R53_ZONE()`](../functions/record/R53_ZONE.md) domain function.
+This provider supports split horizons using the [`R53_ZONE()`](../functions/record/R53_ZONE.md) domain function.
 
 In this example the domain `testzone.net` appears in the same account twice,
 each with different zone IDs specified using [`R53_ZONE()`](../functions/record/R53_ZONE.md).

From c9ce326ae1dc5294cbe2e42b224d4c54002ab1bc Mon Sep 17 00:00:00 2001
From: tomf <tomfitzhenry@google.com>
Date: Tue, 5 Sep 2023 15:27:04 +0000
Subject: [PATCH 38/79] MYTHICBEASTS: Add SSHFP record support (#2545)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers.md                     |  2 +-
 providers/mythicbeasts/mythicbeastsProvider.go | 12 ++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 1e42c150b..3ea68f8fd 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -43,7 +43,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`LOOPIA`](providers/loopia.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ✅ |
 | [`LUADNS`](providers/luadns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ |
 | [`MSDNS`](providers/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
-| [`MYTHICBEASTS`](providers/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ |
+| [`MYTHICBEASTS`](providers/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ |
 | [`NAMECHEAP`](providers/namecheap.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❌ | ❌ | ✅ |
 | [`NAMEDOTCOM`](providers/namedotcom.md) | ❌ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ | ✅ |
 | [`NETCUP`](providers/netcup.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ❌ |
diff --git a/providers/mythicbeasts/mythicbeastsProvider.go b/providers/mythicbeasts/mythicbeastsProvider.go
index 69f300988..f5798c012 100644
--- a/providers/mythicbeasts/mythicbeastsProvider.go
+++ b/providers/mythicbeasts/mythicbeastsProvider.go
@@ -36,6 +36,7 @@ var features = providers.DocumentationNotes{
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
 	providers.CanUsePTR:              providers.Can(),
+	providers.CanUseSSHFP:            providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseTLSA:             providers.Can(),
 	providers.DocCreateDomains:       providers.Cannot("Requires domain registered through Web UI"),
@@ -121,8 +122,15 @@ func (n *mythicBeastsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig
 				Msg: strings.Join(msgs, "\n"),
 				F: func() error {
 					var b strings.Builder
-					for _, rr := range dc.Records {
-						fmt.Fprintf(&b, "%v\n", rr.ToRR().String())
+					for _, record := range dc.Records {
+						switch rr := record.ToRR().(type) {
+						case *dns.SSHFP:
+							// "Hex strings [for SSHFP] must be in lower-case", per Mythic Beasts API docs.
+							// miekg's DNS outputs uppercase: https://github.com/miekg/dns/blob/48f38ebef989eedc6b57f1869ae849ccc8f5fe29/types.go#L988
+							fmt.Fprintf(&b, "%s %d %d %s\n", rr.Header().String(), rr.Algorithm, rr.Type, strings.ToLower(rr.FingerPrint))
+						default:
+							fmt.Fprintf(&b, "%v\n", rr.String())
+						}
 					}
 
 					resp, err := n.httpRequest("PUT", "/zones/"+dc.Name+"/records", strings.NewReader(b.String()))

From a1c7a26351c815749d86206d4107a534f162472d Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 7 Sep 2023 10:30:18 -0400
Subject: [PATCH 39/79] MSDNS: Improve PowerShell reliability (#2551)

---
 providers/msdns/powershell.go      | 36 +++++++++++++++---------------
 providers/msdns/powershell_test.go |  4 ++--
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/providers/msdns/powershell.go b/providers/msdns/powershell.go
index 2022367bc..367deb5a5 100644
--- a/providers/msdns/powershell.go
+++ b/providers/msdns/powershell.go
@@ -19,12 +19,12 @@ type psHandle struct {
 	shell ps.Shell
 }
 
-// func eLog(s string) {
-// 	f, _ := os.OpenFile("powershell.log", os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
-// 	f.WriteString(s)
-// 	f.WriteString("\n")
-// 	f.Close()
-// }
+func eLog(s string) {
+	f, _ := os.OpenFile("powershell.log", os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+	f.WriteString(s)
+	f.WriteString("\n")
+	f.Close()
+}
 
 func newPowerShell(config map[string]string) (*psHandle, error) {
 
@@ -70,7 +70,7 @@ func (psh *psHandle) Exit() {
 type dnsZone map[string]interface{}
 
 func (psh *psHandle) GetDNSServerZoneAll(dnsserver string) ([]string, error) {
-	stdout, stderr, err := psh.shell.Execute(generatePSZoneAll(dnsserver))
+	stdout, stderr, err := psh.shell.Execute("\n\r" + generatePSZoneAll(dnsserver) + "\n\r")
 	if err != nil {
 		return nil, err
 	}
@@ -115,7 +115,8 @@ func (psh *psHandle) GetDNSZoneRecords(dnsserver, domain string) ([]nativeRecord
 	filename := tmpfile.Name()
 	tmpfile.Close()
 
-	stdout, stderr, err := psh.shell.Execute(generatePSZoneDump(dnsserver, domain, filename))
+	stdout, stderr, err := psh.shell.Execute(
+		"\n\r" + generatePSZoneDump(dnsserver, domain, filename) + "\n\r")
 	if err != nil {
 		return nil, err
 	}
@@ -207,8 +208,8 @@ func (psh *psHandle) RecordDelete(dnsserver, domain string, rec *models.RecordCo
 		c = generatePSDelete(dnsserver, domain, rec)
 	}
 
-	//eLog(c)
-	_, stderr, err := psh.shell.Execute(c)
+	eLog(c)
+	_, stderr, err := psh.shell.Execute("\n\r" + c + "\n\r")
 	if err != nil {
 		printer.Printf("PowerShell code was:\nSTART\n%s\nEND\n", c)
 		return err
@@ -266,8 +267,8 @@ func (psh *psHandle) RecordCreate(dnsserver, domain string, rec *models.RecordCo
 		//printer.Printf("DEBUG: PScreate\n")
 	}
 
-	//eLog(c)
-	stdout, stderr, err := psh.shell.Execute(c)
+	eLog(c)
+	stdout, stderr, err := psh.shell.Execute("\n\r" + c + "\n\r")
 	if err != nil {
 		printer.Printf("PowerShell code was:\nSTART\n%s\nEND\n", c)
 		return err
@@ -350,8 +351,8 @@ func generatePSCreate(dnsserver, domain string, rec *models.RecordConfig) string
 
 func (psh *psHandle) RecordModify(dnsserver, domain string, old, rec *models.RecordConfig) error {
 	c := generatePSModify(dnsserver, domain, old, rec)
-	//eLog(c)
-	_, stderr, err := psh.shell.Execute(c)
+	eLog(c)
+	_, stderr, err := psh.shell.Execute("\n\r" + c + "\n\r")
 	if err != nil {
 		printer.Printf("PowerShell code was:\nSTART\n%s\nEND\n", c)
 		return err
@@ -363,10 +364,9 @@ func (psh *psHandle) RecordModify(dnsserver, domain string, old, rec *models.Rec
 	}
 	return nil
 }
-
 func generatePSModify(dnsserver, domain string, old, rec *models.RecordConfig) string {
 	// The simple way is to just remove the old record and insert the new record.
-	return generatePSDelete(dnsserver, domain, old) + ` ; ` + generatePSCreate(dnsserver, domain, rec)
+	return "\n\r" + generatePSDelete(dnsserver, domain, old) + " ; " + generatePSCreate(dnsserver, domain, rec) + "\n\r"
 	// NB: SOA records can't be deleted. When we implement them, we'll
 	// need to special case them and generate an in-place modification
 	// command.
@@ -374,8 +374,8 @@ func generatePSModify(dnsserver, domain string, old, rec *models.RecordConfig) s
 
 func (psh *psHandle) RecordModifyTTL(dnsserver, domain string, old *models.RecordConfig, newTTL uint32) error {
 	c := generatePSModifyTTL(dnsserver, domain, old, newTTL)
-	//eLog(c)
-	_, stderr, err := psh.shell.Execute(c)
+	eLog(c)
+	_, stderr, err := psh.shell.Execute("\n\r" + c + "\n\r")
 	if err != nil {
 		printer.Printf("PowerShell code was:\nSTART\n%s\nEND\n", c)
 		return err
diff --git a/providers/msdns/powershell_test.go b/providers/msdns/powershell_test.go
index 31a92c9d1..5d36249c7 100644
--- a/providers/msdns/powershell_test.go
+++ b/providers/msdns/powershell_test.go
@@ -29,7 +29,7 @@ func Test_generatePSZoneAll(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := generatePSZoneAll(tt.args.dnsserver); got != tt.want {
+			if got := generatePSZoneAll(tt.args.dnsserver); got != strings.TrimSpace(tt.want) {
 				t.Errorf("generatePSZoneAll() = got=(\n%s\n) want=(\n%s\n)", got, tt.want)
 			}
 		})
@@ -59,7 +59,7 @@ func Test_generatePSZoneDump(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := generatePSZoneDump(tt.args.dnsserver, tt.args.domainname, "foo"); got != tt.want {
+			if got := generatePSZoneDump(tt.args.dnsserver, tt.args.domainname, "foo"); got != strings.TrimSpace(tt.want) {
 				t.Errorf("generatePSZoneDump() = got=(\n%s\n) want=(\n%s\n)", got, tt.want)
 			}
 		})

From c4d5d9bf20242ee02b838a1f6d48058014350104 Mon Sep 17 00:00:00 2001
From: imlonghao <git@imlonghao.com>
Date: Thu, 7 Sep 2023 23:03:27 +0800
Subject: [PATCH 40/79] NETLIFY: fix SRV priority and allow apex NS records
 (#2549)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/netlify/api.go             |  2 +-
 providers/netlify/netlifyProvider.go | 36 ----------------------------
 2 files changed, 1 insertion(+), 37 deletions(-)

diff --git a/providers/netlify/api.go b/providers/netlify/api.go
index 70eaae389..31b700f85 100644
--- a/providers/netlify/api.go
+++ b/providers/netlify/api.go
@@ -48,7 +48,7 @@ type dnsRecordCreate struct {
 	Flag     int64  `json:"flag"`
 	Hostname string `json:"hostname,omitempty"`
 	Port     int64  `json:"port,omitempty"`
-	Priority int64  `json:"priority,omitempty"`
+	Priority int64  `json:"priority"`
 	Tag      string `json:"tag,omitempty"`
 	TTL      int64  `json:"ttl,omitempty"`
 	Type     string `json:"type,omitempty"`
diff --git a/providers/netlify/netlifyProvider.go b/providers/netlify/netlifyProvider.go
index 42f474d03..203e3d61a 100644
--- a/providers/netlify/netlifyProvider.go
+++ b/providers/netlify/netlifyProvider.go
@@ -8,7 +8,6 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
-	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/miekg/dns"
 )
@@ -144,43 +143,8 @@ func (n *netlifyProvider) GetZoneRecords(domain string, meta map[string]string)
 	return cleanRecords, nil
 }
 
-// Return true if the string ends in one of Netlify's name server domains
-// False if anything else
-func isNetlifyNameServerDomain(name string) bool {
-	for _, i := range nameServerSuffixes {
-		if strings.HasSuffix(name, i) {
-			return true
-		}
-	}
-	return false
-}
-
-// remove all non-netlify NS records from our desired state.
-// if any are found, print a warning
-func removeOtherApexNS(dc *models.DomainConfig) {
-	newList := make([]*models.RecordConfig, 0, len(dc.Records))
-	for _, rec := range dc.Records {
-		if rec.Type == "NS" {
-			// apex NS inside netlify are expected.
-			// We ignore them, warning as needed.
-			// Child delegations are supported so, we allow non-apex NS records.
-			if rec.GetLabelFQDN() == dc.Name {
-				if !isNetlifyNameServerDomain(rec.GetTargetField()) {
-					printer.Printf("Warning: Netlify does not allow NS records to be modified. %s will not be added.\n", rec.GetTargetField())
-				}
-				continue
-			}
-		}
-		newList = append(newList, rec)
-	}
-	dc.Records = newList
-}
-
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (n *netlifyProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, records models.Records) ([]*models.Correction, error) {
-
-	removeOtherApexNS(dc)
-
 	var corrections []*models.Correction
 	var differ diff.Differ
 	if !diff2.EnableDiff2 {

From 56acf4a6b29f9b2667440872205348a6a80d59ac Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 7 Sep 2023 14:10:00 -0400
Subject: [PATCH 41/79] CHORE: Update dependencies (#2552)

---
 go.mod |  66 ++++++++++++++--------------
 go.sum | 136 ++++++++++++++++++++++++++++-----------------------------
 2 files changed, 101 insertions(+), 101 deletions(-)

diff --git a/go.mod b/go.mod
index 6179816c0..87592f409 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module github.com/StackExchange/dnscontrol/v4
 go 1.18
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0
 	github.com/Azure/go-autorest/autorest/to v0.4.0
 	github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7
@@ -11,17 +11,17 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.20.1
-	github.com/aws/aws-sdk-go-v2/config v1.18.33
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.32
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.29.2
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.16.2
+	github.com/aws/aws-sdk-go-v2 v1.21.0
+	github.com/aws/aws-sdk-go-v2/config v1.18.39
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.37
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.29.5
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.3
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5
-	github.com/cloudflare/cloudflare-go v0.75.0
-	github.com/digitalocean/godo v1.100.0
+	github.com/cloudflare/cloudflare-go v0.76.0
+	github.com/digitalocean/godo v1.102.1
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.2.0
 	github.com/exoscale/egoscale v0.90.2
@@ -30,9 +30,9 @@ require (
 	github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe
 	github.com/google/go-github/v35 v35.3.0
 	github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038
-	github.com/hashicorp/vault/api v1.9.2
+	github.com/hashicorp/vault/api v1.10.0
 	github.com/jarcoal/httpmock v1.0.8 // indirect
-	github.com/jinzhu/copier v0.3.5
+	github.com/jinzhu/copier v0.4.0
 	github.com/miekg/dns v1.1.55
 	github.com/mittwald/go-powerdns v0.6.2
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04
@@ -49,9 +49,9 @@ require (
 	github.com/transip/gotransip/v6 v6.21.0
 	github.com/urfave/cli/v2 v2.25.7
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/net v0.14.0
-	golang.org/x/oauth2 v0.11.0
-	google.golang.org/api v0.135.0
+	golang.org/x/net v0.15.0
+	golang.org/x/oauth2 v0.12.0
+	google.golang.org/api v0.138.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.8
 )
 
@@ -63,28 +63,28 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.19
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20230807204917-050eac23e9de
-	golang.org/x/text v0.12.0
+	golang.org/x/exp v0.0.0-20230905200255-921286631fa9
+	golang.org/x/text v0.13.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/compute v1.20.1 // indirect
+	cloud.google.com/go/compute v1.23.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
 	github.com/andybalholm/cascadia v1.3.1 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.13.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.21.2 // indirect
-	github.com/aws/smithy-go v1.14.1 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.13.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.21.5 // indirect
+	github.com/aws/smithy-go v1.14.2 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
@@ -96,11 +96,11 @@ require (
 	github.com/go-test/deep v1.0.3 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gofrs/uuid v4.0.0+incompatible // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/google/s2a-go v0.1.4 // indirect
+	github.com/google/s2a-go v0.1.5 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
@@ -133,14 +133,14 @@ require (
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/crypto v0.12.0 // indirect
+	golang.org/x/crypto v0.13.0 // indirect
 	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.11.0 // indirect
+	golang.org/x/sys v0.12.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.11.0 // indirect
+	golang.org/x/tools v0.13.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230726155614-23370e0ffb3e // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577 // indirect
 	google.golang.org/grpc v1.57.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/ini.v1 v1.66.6 // indirect
diff --git a/go.sum b/go.sum
index ee48ee01a..2a16430c2 100644
--- a/go.sum
+++ b/go.sum
@@ -1,13 +1,13 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg=
-cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
+cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY=
+cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 h1:8kDqDngH+DmVBiCtIjCFTGa7MBnsIOkF9IccInFEbjk=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 h1:vcYCAze6p19qBW7MhZybIsqD8sMV8js0NyQM8JDnVtg=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0/go.mod h1:OQeznEEkTZ9OrhHJoDD8ZDq51FHgXjqtP9z6bEwBq9U=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1 h1:/iHxaJhsFr0+xVFfbMr5vxz848jyiWuIEDhYq3y5odY=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1 h1:LNHhpdK7hzUcx/k1LIcuh5k7k1LGIWLQfCjaneSj7Fc=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1/go.mod h1:uE9zaUfEQT/nbQjVi2IblCG9iaLtZsuYZ8ne+PuQ02M=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0 h1:8iR6OLffWWorFdzL2JFCab5xpD8VKEE2DUBBl+HNTDY=
@@ -16,8 +16,8 @@ github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
 github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 h1:OBhqkivkhkMqLPymWEppkm7vgPQY2XsHoEkaMQ0AdZY=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 h1:WpB/QDNLpMw72xHJc34BNNykqSOeEJDAWkhf0u12/Jk=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7 h1:AJKJCKcb/psppPl/9CUiQQnTG+Bce0/cIweD5w5Q7aQ=
 github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7/go.mod h1:GCzqZQHydohgVLSIqRKZeTt8IGb1Y4NaFfim3H40uUI=
@@ -35,34 +35,34 @@ github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x0
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.20.1 h1:rZBf5DWr7YGrnlTK4kgDQGn1ltqOg5orCYb/UhOFZkg=
-github.com/aws/aws-sdk-go-v2 v1.20.1/go.mod h1:NU06lETsFm8fUC6ZjhgDpVBcGZTFQ6XM+LZWZxMI4ac=
-github.com/aws/aws-sdk-go-v2/config v1.18.33 h1:JKcw5SFxFW/rpM4mOPjv0VQ11E2kxW13F3exWOy7VZU=
-github.com/aws/aws-sdk-go-v2/config v1.18.33/go.mod h1:hXO/l9pgY3K5oZJldamP0pbZHdPqqk+4/maa7DSD3cA=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.32 h1:lIH1eKPcCY1ylR4B6PkBGRWMHO3aVenOKJHWiS4/G2w=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.32/go.mod h1:lL8U3v/Y79YRG69WlAho0OHIKUXCyFvSXaIvfo81sls=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8 h1:DK/9C+UN/X+1+Wm8pqaDksQr2tSLzq+8X1/rI/ZxKEQ=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8/go.mod h1:ce7BgLQfYr5hQFdy67oX2svto3ufGtm6oBvmsHScI1Q=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38 h1:c8ed/T9T2K5I+h/JzmF5tpI46+OODQ74dzmdo+QnaMg=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38/go.mod h1:qggunOChCMu9ZF/UkAfhTz25+U2rLVb3ya0Ua6TTfCA=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32 h1:hNeAAymUY5gu11WrrmFb3CVIp9Dar9hbo44yzzcQpzA=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32/go.mod h1:0ZXSqrty4FtQ7p8TEuRde/SZm9X05KT18LAUlR40Ln0=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39 h1:fc0ukRAiP1syoSGZYu+DaE+FulSYhTiJ8WpVu5jElU4=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39/go.mod h1:WLAW8PT7+JhjZfLSWe7WEJaJu0GNo0cKc2Zyo003RBs=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32 h1:dGAseBFEYxth10V23b5e2mAS+tX7oVbfYHD6dnDdAsg=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32/go.mod h1:4jwAWKEkCR0anWk5+1RbfSg1R5Gzld7NLiuaq5bTR/Y=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.29.2 h1:6rbDtLVUDUBMCciu5ipjwGpGq1roAFXCVhliS2S+SAE=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.29.2/go.mod h1:rsvxuoKwhm9C5yWTqQ2zYtlb/aSkM+StNs/jcy93QQw=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.16.2 h1:+QM69OrWCsp5A6g1oQyC4Rbl9U9F0/xBvugb1N0Ha/U=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.16.2/go.mod h1:sVEjwdvFyw2UY9cvFeeWgVq4y2QEILPcmRF2glyTshM=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.2 h1:A2RlEMo4SJSwbNoUUgkxTAEMduAy/8wG3eB2b2lP4gY=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.2/go.mod h1:ju+nNXUunfIFamXUIZQiICjnO/TPlOmWcYhZcSy7xaE=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2 h1:OJELEgyaT2kmaBGZ+myyZbTTLobfe3ox3FSh5eYK9Qs=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2/go.mod h1:ubDBBaDFs1GHijSOTi8ljppML15GLG0HxhILtbjNNYQ=
-github.com/aws/aws-sdk-go-v2/service/sts v1.21.2 h1:ympg1+Lnq33XLhcK/xTG4yZHPs1Oyxu+6DEWbl7qOzA=
-github.com/aws/aws-sdk-go-v2/service/sts v1.21.2/go.mod h1:FQ/DQcOfESELfJi5ED+IPPAjI5xC6nxtSolVVB773jM=
-github.com/aws/smithy-go v1.14.1 h1:EFKMUmH/iHMqLiwoEDx2rRjRQpI1YCn5jTysoaDujFs=
-github.com/aws/smithy-go v1.14.1/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc=
+github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
+github.com/aws/aws-sdk-go-v2/config v1.18.39 h1:oPVyh6fuu/u4OiW4qcuQyEtk7U7uuNBmHmJSLg1AJsQ=
+github.com/aws/aws-sdk-go-v2/config v1.18.39/go.mod h1:+NH/ZigdPckFpgB1TRcRuWCB/Kbbvkxc/iNAKTq5RhE=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.37 h1:BvEdm09+ZEh2XtN+PVHPcYwKY3wIeB6pw7vPRM4M9/U=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.37/go.mod h1:ACLrdkd4CLZyXOghZ8IYumQbcooAcp2jo/s2xsFH8IM=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 h1:uDZJF1hu0EVT/4bogChk8DyjSF6fof6uL/0Y26Ma7Fg=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11/go.mod h1:TEPP4tENqBGO99KwVpV9MlOX4NSrSLP8u3KRy2CDwA8=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 h1:22dGT7PneFMx4+b3pz7lMTRyN8ZKH7M2cW4GP9yUS2g=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 h1:SijA0mgjV8E+8G45ltVHs0fvKpTj8xmZJ3VwhGKtUSI=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42 h1:GPUcE/Yq7Ur8YSUk6lVkoIMWnJNO0HT18GUzCWCgCI0=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42/go.mod h1:rzfdUlfA+jdgLDmPKjd3Chq9V7LVLYo1Nz++Wb91aRo=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 h1:CdzPW9kKitgIiLV1+MHobfR5Xg25iYnyzWZhyQuSlDI=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35/go.mod h1:QGF2Rs33W5MaN9gYdEQOBBFPLwTZkEhRwI33f7KIG0o=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.29.5 h1:6wPin3WPyQpBl/QZsoNUnqvXy4Ib1Ygv7VagGvLKJAc=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.29.5/go.mod h1:6zl0jh5MUKuJ07eHn3MNeLOVutxwl8m9vQltZjoLakM=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.3 h1:aaHlZb06fyEQ3uqEVJiN3hLt8syCzX+tWZiz40S4c0Y=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.3/go.mod h1:SK+5R1cYgVgSfBGi9T/gPGNIuLInF3eIRYNruia62rg=
+github.com/aws/aws-sdk-go-v2/service/sso v1.13.6 h1:2PylFCfKCEDv6PeSN09pC/VUiRd10wi1VfHG5FrW0/g=
+github.com/aws/aws-sdk-go-v2/service/sso v1.13.6/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.6 h1:pSB560BbVj9ZlJZF4WYj5zsytWHWKxg+NgyGV4B2L58=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.6/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
+github.com/aws/aws-sdk-go-v2/service/sts v1.21.5 h1:CQBFElb0LS8RojMJlxRSo/HXipvTZW2S44Lt9Mk2aYQ=
+github.com/aws/aws-sdk-go-v2/service/sts v1.21.5/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
+github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ=
+github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
@@ -84,8 +84,8 @@ github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.75.0 h1:03a4EkwwsDo0yAHjQ/l+D36K9wTkvr0afDiI/uHQ0Xw=
-github.com/cloudflare/cloudflare-go v0.75.0/go.mod h1:5ocQT9qQ99QsT1Ii2751490Z5J+W/nv6jOj+lSAe4ug=
+github.com/cloudflare/cloudflare-go v0.76.0 h1:0YsPw0KHWJK2fpivzx38X5onurfM0GkanZtS8HAqlj0=
+github.com/cloudflare/cloudflare-go v0.76.0/go.mod h1:5ocQT9qQ99QsT1Ii2751490Z5J+W/nv6jOj+lSAe4ug=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
@@ -103,8 +103,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.100.0 h1:3MuDCh9Hw0MCBwV8GbHBiGrKZXCZ+VJfAY8iNCW+Mks=
-github.com/digitalocean/godo v1.100.0/go.mod h1:SsS2oXo2rznfM/nORlZ/6JaUJZFhmKTib1YhopUc8NA=
+github.com/digitalocean/godo v1.102.1 h1:BrNePwIXjQWjOJXVTBqkURMjm70BRR0qXbRKfHNBF24=
+github.com/digitalocean/godo v1.102.1/go.mod h1:SaUYccN7r+CO1QtsbXGypAsgobDrmSfVMJESEfXgoEg=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
@@ -155,8 +155,8 @@ github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MG
 github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
-github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
-github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
+github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
@@ -196,8 +196,8 @@ github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc=
-github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
+github.com/google/s2a-go v0.1.5 h1:8IYp3w9nysqv3JH+NJgXJzGbDHzLOTj43BmSkp+O7qg=
+github.com/google/s2a-go v0.1.5/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -240,12 +240,12 @@ github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0S
 github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/vault/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3Cl2as=
-github.com/hashicorp/vault/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
+github.com/hashicorp/vault/api v1.10.0 h1:/US7sIjWN6Imp4o/Rj1Ce2Nr5bki/AXi9vAW3p2tOJQ=
+github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
 github.com/jarcoal/httpmock v1.0.8 h1:8kI16SoO6LQKgPE7PvQuV+YuD/inwHd7fOOe2zMbo4k=
 github.com/jarcoal/httpmock v1.0.8/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik=
-github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
-github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
+github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
+github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
@@ -447,11 +447,11 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
-golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
+golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20230807204917-050eac23e9de h1:l5Za6utMv/HsBWWqzt4S8X17j+kt1uVETUX5UFhn2rE=
-golang.org/x/exp v0.0.0-20230807204917-050eac23e9de/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
+golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
+golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -479,12 +479,12 @@ golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
-golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
+golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU=
-golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk=
+golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4=
+golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -517,8 +517,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
-golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -530,8 +530,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
-golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
@@ -546,14 +546,14 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.11.0 h1:EMCa6U9S2LtZXLAMoWiR/R8dAQFRqbAitmbJ2UKhoi8=
-golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8=
+golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.135.0 h1:6Vgfj6uPMXcyy66waYWBwmkeNB+9GmUlJDOzkukPQYQ=
-google.golang.org/api v0.135.0/go.mod h1:Bp77uRFgwsSKI0BWH573F5Q6wSlznwI2NFayLOp/7mQ=
+google.golang.org/api v0.138.0 h1:K/tVp05MxNVbHShRw9m7e9VJGdagNeTdMzqPH7AUqr0=
+google.golang.org/api v0.138.0/go.mod h1:4xyob8CxC+0GChNBvEUAk8VBKNvYOTWM9T3v3UfRxuY=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
@@ -562,10 +562,10 @@ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoA
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20230706204954-ccb25ca9f130 h1:Au6te5hbKUV8pIYWHqOUZ1pva5qK/rwbIhoXEUB9Lu8=
-google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 h1:XVeBY8d/FaK4848myy41HBqnDwvxeV3zMZhwN1TvAMU=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230726155614-23370e0ffb3e h1:S83+ibolgyZ0bqz7KEsUOPErxcv4VzlszxY+31OfB/E=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM=
+google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 h1:L6iMMGrtzgHsWofoFcihmDEMYeDR9KN/ThbPWGrh++g=
+google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5 h1:nIgk/EEq3/YlnmVVXVnm14rC2oxgs1o0ong4sD/rd44=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577 h1:wukfNtZmZUurLN/atp2hiIeTKn7QJWIQdHzqmsOnAOk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=

From 0b5de1adf236030f9253c92d4d1bd98fc11ce941 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Sep 2023 14:10:49 -0400
Subject: [PATCH 42/79] Build(deps): Bump actions/checkout from 3 to 4 (#2544)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/build.yml         | 8 ++++----
 .github/workflows/codeql.yml        | 2 +-
 .github/workflows/draft_release.yml | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5f862cf5c..a1ea1e9f4 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -14,7 +14,7 @@ jobs:
     env:
       TEST_RESULTS: "/tmp/test-results"
     steps:
-    - uses: actions/checkout@v3.5.0
+    - uses: actions/checkout@v4
     - name: restore_cache
       uses: actions/cache@v3.3.1
       with:
@@ -175,7 +175,7 @@ jobs:
       matrix:
         provider: ${{ fromJson(needs.integration-test-providers.outputs.integration_test_providers )}}
     steps:
-    - uses: actions/checkout@v3.5.0
+    - uses: actions/checkout@v4
     - run: mkdir -p "$TEST_RESULTS"
     - name: restore_cache
       uses: actions/cache@v3.3.1
@@ -282,7 +282,7 @@ jobs:
       matrix:
         provider: ${{ fromJson(needs.integration-test-providers.outputs.integration_test_providers )}}
     steps:
-    - uses: actions/checkout@v3.5.0
+    - uses: actions/checkout@v4
     - run: mkdir -p "$TEST_RESULTS"
     - name: restore_cache
       uses: actions/cache@v3.3.1
@@ -314,7 +314,7 @@ jobs:
 #      DOCKERHUB_ACCESS_TOKEN:
 #      DOCKERHUB_USERNAME:
 #    steps:
-#    - uses: actions/checkout@v3.5.0
+#    - uses: actions/checkout@v4
 ##     # 'setup_remote_docker' was not transformed because there is no suitable equivalent in GitHub Actions
 #    - uses: "./.github/actions/docker_check"
 #      with:
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 985604ee8..e9429297d 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -40,7 +40,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
diff --git a/.github/workflows/draft_release.yml b/.github/workflows/draft_release.yml
index fbe2623d0..82494ff90 100644
--- a/.github/workflows/draft_release.yml
+++ b/.github/workflows/draft_release.yml
@@ -19,7 +19,7 @@ jobs:
       uses: docker/setup-qemu-action@v2
 
     - name: Checkout repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 # Why "fetch-depth: 0"?  To generate the release notes, we need the

From af91e37043d49ce1d5f8ecc54c0196d972772bae Mon Sep 17 00:00:00 2001
From: asn-iac <134323752+asn-iac@users.noreply.github.com>
Date: Thu, 7 Sep 2023 13:31:34 -0700
Subject: [PATCH 43/79] CLOUDFLAREAPI: Add NAPTR record support (#2548)

---
 documentation/providers.md                 |  2 +-
 providers/cloudflare/cloudflareProvider.go | 10 ++++++++++
 providers/cloudflare/rest.go               | 20 ++++++++++++++++++++
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 3ea68f8fd..d9a37484f 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -19,7 +19,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`AXFRDDNS`](providers/axfrddns.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ |
 | [`AZURE_DNS`](providers/azure_dns.md) | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ |
 | [`BIND`](providers/bind.md) | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ |
-| [`CLOUDFLAREAPI`](providers/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ✅ |
+| [`CLOUDFLAREAPI`](providers/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ✅ |
 | [`CLOUDNS`](providers/cloudns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`CSCGLOBAL`](providers/cscglobal.md) | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ✅ |
 | [`DESEC`](providers/desec.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 9f303fae1..a310c4136 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -45,6 +45,7 @@ var features = providers.DocumentationNotes{
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDSForChildren:    providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
+	providers.CanUseNAPTR:            providers.Can(),
 	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
@@ -793,6 +794,15 @@ func (c cfTarget) FQDN() string {
 	return strings.TrimRight(string(c), ".") + "."
 }
 
+type cfNaptrRecData struct {
+	Flags       string `json:"flags"`
+	Order       uint16 `json:"order"`
+	Preference  uint16 `json:"preference"`
+	Regex       string `json:"regex"`
+	Replacement string `json:"replacement"`
+	Service     string `json:"service"`
+}
+
 // uint16Zero converts value to uint16 or returns 0.
 func uint16Zero(value interface{}) uint16 {
 	switch v := value.(type) {
diff --git a/providers/cloudflare/rest.go b/providers/cloudflare/rest.go
index ec2138b4b..b2072b11e 100644
--- a/providers/cloudflare/rest.go
+++ b/providers/cloudflare/rest.go
@@ -118,6 +118,17 @@ func cfSshfpData(rec *models.RecordConfig) *cfRecData {
 	}
 }
 
+func cfNaptrData(rec *models.RecordConfig) *cfNaptrRecData {
+	return &cfNaptrRecData{
+		Flags:       rec.NaptrFlags,
+		Order:       rec.NaptrOrder,
+		Preference:  rec.NaptrPreference,
+		Regex:       rec.NaptrRegexp,
+		Replacement: rec.GetTargetField(),
+		Service:     rec.NaptrService,
+	}
+}
+
 func (c *cloudflareProvider) createRec(rec *models.RecordConfig, domainID string) []*models.Correction {
 	var id string
 	content := rec.GetTargetField()
@@ -159,6 +170,9 @@ func (c *cloudflareProvider) createRec(rec *models.RecordConfig, domainID string
 				cf.Name = rec.GetLabelFQDN()
 			} else if rec.Type == "DS" {
 				cf.Data = cfDSData(rec)
+			} else if rec.Type == "NAPTR" {
+				cf.Data = cfNaptrData(rec)
+				cf.Name = rec.GetLabelFQDN()
 			}
 			resp, err := c.cfClient.CreateDNSRecord(context.Background(), cloudflare.ZoneIdentifier(domainID), cf)
 			if err != nil {
@@ -225,6 +239,9 @@ func (c *cloudflareProvider) createRecDiff2(rec *models.RecordConfig, domainID s
 				cf.Name = rec.GetLabelFQDN()
 			} else if rec.Type == "DS" {
 				cf.Data = cfDSData(rec)
+			} else if rec.Type == "NAPTR" {
+				cf.Data = cfNaptrData(rec)
+				cf.Name = rec.GetLabelFQDN()
 			}
 			resp, err := c.cfClient.CreateDNSRecord(context.Background(), cloudflare.ZoneIdentifier(domainID), cf)
 			if err != nil {
@@ -275,6 +292,9 @@ func (c *cloudflareProvider) modifyRecord(domainID, recID string, proxied bool,
 	} else if rec.Type == "DS" {
 		r.Data = cfDSData(rec)
 		r.Content = ""
+	} else if rec.Type == "NAPTR" {
+		r.Data = cfNaptrData(rec)
+		r.Name = rec.GetLabelFQDN()
 	}
 	_, err := c.cfClient.UpdateDNSRecord(context.Background(), cloudflare.ZoneIdentifier(domainID), r)
 	return err

From 1c5e038c67fca647daa3ea651b935ce90e777cc2 Mon Sep 17 00:00:00 2001
From: Florian Ritterhoff <florian@ritterhoff.org>
Date: Fri, 2 Jun 2023 06:10:35 +0200
Subject: [PATCH 44/79] add dhcid type

---
 build/generate/featureMatrix.go        |  6 ++++++
 models/dnsrr.go                        |  2 ++
 models/record.go                       |  2 ++
 pkg/js/helpers.js                      |  3 +++
 pkg/js/parse_tests/046-DHCID.js        |  3 +++
 pkg/js/parse_tests/046-DHCID.json      | 18 ++++++++++++++++++
 pkg/normalize/validate.go              |  4 +++-
 providers/axfrddns/axfrddnsProvider.go |  1 +
 providers/bind/bindProvider.go         |  1 +
 providers/capabilities.go              |  3 +++
 providers/capability_string.go         |  5 +++--
 11 files changed, 45 insertions(+), 3 deletions(-)
 create mode 100644 pkg/js/parse_tests/046-DHCID.js
 create mode 100644 pkg/js/parse_tests/046-DHCID.json

diff --git a/build/generate/featureMatrix.go b/build/generate/featureMatrix.go
index 06c0178fe..c032d092f 100644
--- a/build/generate/featureMatrix.go
+++ b/build/generate/featureMatrix.go
@@ -87,6 +87,7 @@ func matrixData() *FeatureMatrix {
 		DomainModifierSshfp  = "[`SSHFP`](functions/domain/SSHFP.md)"
 		DomainModifierTlsa   = "[`TLSA`](functions/domain/TLSA.md)"
 		DomainModifierDs     = "[`DS`](functions/domain/DS.md)"
+		DomainModifierDhcid  = "[`DHCID`](functions/domain/DHCID.md)"
 		DualHost             = "dual host"
 		CreateDomains        = "create-domains"
 		NoPurge              = "[`NO_PURGE`](functions/domain/NO_PURGE.md)"
@@ -110,6 +111,7 @@ func matrixData() *FeatureMatrix {
 			DomainModifierSshfp,
 			DomainModifierTlsa,
 			DomainModifierDs,
+			DomainModifierDhcid,
 			DualHost,
 			CreateDomains,
 			NoPurge,
@@ -212,6 +214,10 @@ func matrixData() *FeatureMatrix {
 			DomainModifierTlsa,
 			providers.CanUseTLSA,
 		)
+		setCapability(
+			DomainModifierDhcid,
+			providers.CanUseDHCID,
+		)
 		setCapability(
 			GetZones,
 			providers.CanGetZones,
diff --git a/models/dnsrr.go b/models/dnsrr.go
index 2361c7f38..b7b73e264 100644
--- a/models/dnsrr.go
+++ b/models/dnsrr.go
@@ -96,6 +96,8 @@ func RRtoRC(rr dns.RR, origin string) (RecordConfig, error) {
 		err = rc.SetTargetTLSA(v.Usage, v.Selector, v.MatchingType, v.Certificate)
 	case *dns.TXT:
 		err = rc.SetTargetTXTs(v.Txt)
+	case *dns.DHCID:
+		err = rc.SetTarget(v.Digest)
 	default:
 		return *rc, fmt.Errorf("rrToRecord: Unimplemented zone record type=%s (%v)", rc.Type, rr)
 	}
diff --git a/models/record.go b/models/record.go
index 9c958a808..fb2f7cccd 100644
--- a/models/record.go
+++ b/models/record.go
@@ -446,6 +446,8 @@ func (rc *RecordConfig) ToRR() dns.RR {
 		rr.(*dns.TLSA).Certificate = rc.GetTargetField()
 	case dns.TypeTXT:
 		rr.(*dns.TXT).Txt = rc.TxtStrings
+	case dns.TypeDHCID:
+		rr.(*dns.DHCID).Digest = rc.GetTargetField()
 	default:
 		panic(fmt.Sprintf("ToRR: Unimplemented rtype %v", rc.Type))
 		// We panic so that we quickly find any switch statements
diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js
index 6581cfaf2..10dfa1f69 100644
--- a/pkg/js/helpers.js
+++ b/pkg/js/helpers.js
@@ -407,6 +407,9 @@ var DS = recordBuilder('DS', {
     },
 });
 
+// DHCID(name,target, recordModifiers...)
+var DHCID = recordBuilder('DHCID');
+
 // PTR(name,target, recordModifiers...)
 var PTR = recordBuilder('PTR');
 
diff --git a/pkg/js/parse_tests/046-DHCID.js b/pkg/js/parse_tests/046-DHCID.js
new file mode 100644
index 000000000..8847c54ff
--- /dev/null
+++ b/pkg/js/parse_tests/046-DHCID.js
@@ -0,0 +1,3 @@
+D("foo.com","none",
+    DHCID("@", "Test")
+);
diff --git a/pkg/js/parse_tests/046-DHCID.json b/pkg/js/parse_tests/046-DHCID.json
new file mode 100644
index 000000000..a64818280
--- /dev/null
+++ b/pkg/js/parse_tests/046-DHCID.json
@@ -0,0 +1,18 @@
+{
+  "registrars": [],
+  "dns_providers": [],
+  "domains": [
+    {
+      "name": "foo.com",
+      "registrar": "none",
+      "dnsProviders": {},
+      "records": [
+        {
+          "type": "DHCID",
+          "name": "@",
+          "target": "Test"
+        }
+      ]
+    }
+  ]
+}
diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index 0a52cad1a..23694c98c 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -73,6 +73,7 @@ func validateRecordTypes(rec *models.RecordConfig, domain string, pTypes []strin
 		"SSHFP":            true,
 		"TLSA":             true,
 		"TXT":              true,
+		"DHCID":            true,
 	}
 	_, ok := validTypes[rec.Type]
 	if !ok {
@@ -221,7 +222,7 @@ func checkTargets(rec *models.RecordConfig, domain string) (errs []error) {
 		}
 	case "SRV":
 		check(checkTarget(target))
-	case "TXT", "IMPORT_TRANSFORM", "CAA", "SSHFP", "TLSA", "DS":
+	case "TXT", "IMPORT_TRANSFORM", "CAA", "SSHFP", "TLSA", "DS", "DHCID":
 	default:
 		if rec.Metadata["orig_custom_type"] != "" {
 			// it is a valid custom type. We perform no validation on target
@@ -696,6 +697,7 @@ var providerCapabilityChecks = []pairTypeCapability{
 	capabilityCheck("SRV", providers.CanUseSRV),
 	capabilityCheck("SSHFP", providers.CanUseSSHFP),
 	capabilityCheck("TLSA", providers.CanUseTLSA),
+	capabilityCheck("DHCID", providers.CanUseDHCID),
 
 	// DS needs special record-level checks
 	{
diff --git a/providers/axfrddns/axfrddnsProvider.go b/providers/axfrddns/axfrddnsProvider.go
index d455fc205..d670b775b 100644
--- a/providers/axfrddns/axfrddnsProvider.go
+++ b/providers/axfrddns/axfrddnsProvider.go
@@ -49,6 +49,7 @@ var features = providers.DocumentationNotes{
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
 	providers.CanUseTLSA:             providers.Can(),
+	providers.CanUseDHCID:            providers.Can(),
 	providers.CantUseNOPURGE:         providers.Cannot(),
 	providers.DocCreateDomains:       providers.Cannot(),
 	providers.DocDualHost:            providers.Cannot(),
diff --git a/providers/bind/bindProvider.go b/providers/bind/bindProvider.go
index fdb746625..21c98da64 100644
--- a/providers/bind/bindProvider.go
+++ b/providers/bind/bindProvider.go
@@ -44,6 +44,7 @@ var features = providers.DocumentationNotes{
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
 	providers.CanUseTLSA:             providers.Can(),
+	providers.CanUseDHCID:            providers.Can(),
 	providers.CantUseNOPURGE:         providers.Cannot(),
 	providers.DocCreateDomains:       providers.Can("Driver just maintains list of zone files. It should automatically add missing ones."),
 	providers.DocDualHost:            providers.Can(),
diff --git a/providers/capabilities.go b/providers/capabilities.go
index 3335c8f5a..972163391 100644
--- a/providers/capabilities.go
+++ b/providers/capabilities.go
@@ -78,6 +78,9 @@ const (
 
 	// DocOfficiallySupported means it is actively used and maintained by stack exchange
 	DocOfficiallySupported
+
+	// CanUseDHCID indicates the provider can handle DHCID records
+	CanUseDHCID
 )
 
 var providerCapabilities = map[string]map[Capability]bool{}
diff --git a/providers/capability_string.go b/providers/capability_string.go
index fb35841af..fd5753163 100644
--- a/providers/capability_string.go
+++ b/providers/capability_string.go
@@ -28,11 +28,12 @@ func _() {
 	_ = x[DocCreateDomains-17]
 	_ = x[DocDualHost-18]
 	_ = x[DocOfficiallySupported-19]
+	_ = x[CanUseDHCID-20]
 }
 
-const _Capability_name = "CanAutoDNSSECCanGetZonesCanUseAKAMAICDNCanUseAliasCanUseAzureAliasCanUseCAACanUseDSCanUseDSForChildrenCanUseLOCCanUseNAPTRCanUsePTRCanUseRoute53AliasCanUseSOACanUseSRVCanUseSSHFPCanUseTLSACantUseNOPURGEDocCreateDomainsDocDualHostDocOfficiallySupported"
+const _Capability_name = "CanAutoDNSSECCanGetZonesCanUseAKAMAICDNCanUseAliasCanUseAzureAliasCanUseCAACanUseDSCanUseDSForChildrenCanUseLOCCanUseNAPTRCanUsePTRCanUseRoute53AliasCanUseSOACanUseSRVCanUseSSHFPCanUseTLSACantUseNOPURGEDocCreateDomainsDocDualHostDocOfficiallySupportedCanUseDHCID"
 
-var _Capability_index = [...]uint8{0, 13, 24, 39, 50, 66, 75, 83, 102, 111, 122, 131, 149, 158, 167, 178, 188, 202, 218, 229, 251}
+var _Capability_index = [...]uint16{0, 13, 24, 39, 50, 66, 75, 83, 102, 111, 122, 131, 149, 158, 167, 178, 188, 202, 218, 229, 251, 262}
 
 func (i Capability) String() string {
 	if i >= Capability(len(_Capability_index)-1) {

From 3e1e7aeb8ee45cd987f1e78da76f5d447709f1a3 Mon Sep 17 00:00:00 2001
From: Florian Ritterhoff <florian.ritterhoff@hm.edu>
Date: Tue, 22 Aug 2023 11:09:50 +0200
Subject: [PATCH 45/79] fix: correct order for dhcid

---
 build/generate/featureMatrix.go | 8 ++++----
 models/dnsrr.go                 | 4 ++--
 models/record.go                | 4 ++--
 pkg/normalize/validate.go       | 4 ++--
 providers/bind/bindProvider.go  | 2 +-
 providers/capabilities.go       | 6 +++---
 6 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/build/generate/featureMatrix.go b/build/generate/featureMatrix.go
index c032d092f..e204728e0 100644
--- a/build/generate/featureMatrix.go
+++ b/build/generate/featureMatrix.go
@@ -182,6 +182,10 @@ func matrixData() *FeatureMatrix {
 			DomainModifierCaa,
 			providers.CanUseCAA,
 		)
+		setCapability(
+			DomainModifierDhcid,
+			providers.CanUseDHCID,
+		)
 		setCapability(
 			DomainModifierDs,
 			providers.CanUseDS,
@@ -214,10 +218,6 @@ func matrixData() *FeatureMatrix {
 			DomainModifierTlsa,
 			providers.CanUseTLSA,
 		)
-		setCapability(
-			DomainModifierDhcid,
-			providers.CanUseDHCID,
-		)
 		setCapability(
 			GetZones,
 			providers.CanGetZones,
diff --git a/models/dnsrr.go b/models/dnsrr.go
index b7b73e264..1ef0f8212 100644
--- a/models/dnsrr.go
+++ b/models/dnsrr.go
@@ -74,6 +74,8 @@ func RRtoRC(rr dns.RR, origin string) (RecordConfig, error) {
 		err = rc.SetTargetCAA(v.Flag, v.Tag, v.Value)
 	case *dns.CNAME:
 		err = rc.SetTarget(v.Target)
+	case *dns.DHCID:
+		err = rc.SetTarget(v.Digest)
 	case *dns.DS:
 		err = rc.SetTargetDS(v.KeyTag, v.Algorithm, v.DigestType, v.Digest)
 	case *dns.LOC:
@@ -96,8 +98,6 @@ func RRtoRC(rr dns.RR, origin string) (RecordConfig, error) {
 		err = rc.SetTargetTLSA(v.Usage, v.Selector, v.MatchingType, v.Certificate)
 	case *dns.TXT:
 		err = rc.SetTargetTXTs(v.Txt)
-	case *dns.DHCID:
-		err = rc.SetTarget(v.Digest)
 	default:
 		return *rc, fmt.Errorf("rrToRecord: Unimplemented zone record type=%s (%v)", rc.Type, rr)
 	}
diff --git a/models/record.go b/models/record.go
index fb2f7cccd..a8ebd9436 100644
--- a/models/record.go
+++ b/models/record.go
@@ -390,6 +390,8 @@ func (rc *RecordConfig) ToRR() dns.RR {
 		rr.(*dns.CAA).Value = rc.GetTargetField()
 	case dns.TypeCNAME:
 		rr.(*dns.CNAME).Target = rc.GetTargetField()
+	case dns.TypeDHCID:
+		rr.(*dns.DHCID).Digest = rc.GetTargetField()
 	case dns.TypeDS:
 		rr.(*dns.DS).Algorithm = rc.DsAlgorithm
 		rr.(*dns.DS).DigestType = rc.DsDigestType
@@ -446,8 +448,6 @@ func (rc *RecordConfig) ToRR() dns.RR {
 		rr.(*dns.TLSA).Certificate = rc.GetTargetField()
 	case dns.TypeTXT:
 		rr.(*dns.TXT).Txt = rc.TxtStrings
-	case dns.TypeDHCID:
-		rr.(*dns.DHCID).Digest = rc.GetTargetField()
 	default:
 		panic(fmt.Sprintf("ToRR: Unimplemented rtype %v", rc.Type))
 		// We panic so that we quickly find any switch statements
diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index 23694c98c..998baeaf0 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -222,7 +222,7 @@ func checkTargets(rec *models.RecordConfig, domain string) (errs []error) {
 		}
 	case "SRV":
 		check(checkTarget(target))
-	case "TXT", "IMPORT_TRANSFORM", "CAA", "SSHFP", "TLSA", "DS", "DHCID":
+	case "CAA", "DHCID", "DS", "IMPORT_TRANSFORM", "SSHFP", "TLSA", "TXT":
 	default:
 		if rec.Metadata["orig_custom_type"] != "" {
 			// it is a valid custom type. We perform no validation on target
@@ -689,6 +689,7 @@ var providerCapabilityChecks = []pairTypeCapability{
 	capabilityCheck("AUTODNSSEC", providers.CanAutoDNSSEC),
 	capabilityCheck("AZURE_ALIAS", providers.CanUseAzureAlias),
 	capabilityCheck("CAA", providers.CanUseCAA),
+	capabilityCheck("DHCID", providers.CanUseDHCID),
 	capabilityCheck("LOC", providers.CanUseLOC),
 	capabilityCheck("NAPTR", providers.CanUseNAPTR),
 	capabilityCheck("PTR", providers.CanUsePTR),
@@ -697,7 +698,6 @@ var providerCapabilityChecks = []pairTypeCapability{
 	capabilityCheck("SRV", providers.CanUseSRV),
 	capabilityCheck("SSHFP", providers.CanUseSSHFP),
 	capabilityCheck("TLSA", providers.CanUseTLSA),
-	capabilityCheck("DHCID", providers.CanUseDHCID),
 
 	// DS needs special record-level checks
 	{
diff --git a/providers/bind/bindProvider.go b/providers/bind/bindProvider.go
index 21c98da64..444ce6d72 100644
--- a/providers/bind/bindProvider.go
+++ b/providers/bind/bindProvider.go
@@ -36,6 +36,7 @@ var features = providers.DocumentationNotes{
 	providers.CanAutoDNSSEC:          providers.Can("Just writes out a comment indicating DNSSEC was requested"),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
+	providers.CanUseDHCID:            providers.Can(),
 	providers.CanUseDS:               providers.Can(),
 	providers.CanUseLOC:              providers.Can(),
 	providers.CanUseNAPTR:            providers.Can(),
@@ -44,7 +45,6 @@ var features = providers.DocumentationNotes{
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
 	providers.CanUseTLSA:             providers.Can(),
-	providers.CanUseDHCID:            providers.Can(),
 	providers.CantUseNOPURGE:         providers.Cannot(),
 	providers.DocCreateDomains:       providers.Can("Driver just maintains list of zone files. It should automatically add missing ones."),
 	providers.DocDualHost:            providers.Can(),
diff --git a/providers/capabilities.go b/providers/capabilities.go
index 972163391..5af2817ca 100644
--- a/providers/capabilities.go
+++ b/providers/capabilities.go
@@ -32,6 +32,9 @@ const (
 	// CanUseCAA indicates the provider can handle CAA records
 	CanUseCAA
 
+	// CanUseDHCID indicates the provider can handle DHCID records
+	CanUseDHCID
+
 	// CanUseDS indicates that the provider can handle DS record types. This
 	// implies CanUseDSForChildren without specifying the latter explicitly.
 	CanUseDS
@@ -78,9 +81,6 @@ const (
 
 	// DocOfficiallySupported means it is actively used and maintained by stack exchange
 	DocOfficiallySupported
-
-	// CanUseDHCID indicates the provider can handle DHCID records
-	CanUseDHCID
 )
 
 var providerCapabilities = map[string]map[Capability]bool{}

From b6e183d4b53bad1af133ab977b3d70f54dfc20a9 Mon Sep 17 00:00:00 2001
From: Florian Ritterhoff <florian.ritterhoff@hm.edu>
Date: Sun, 10 Sep 2023 08:05:26 +0200
Subject: [PATCH 46/79] add missing handling of dhcid

---
 integrationTest/integration_test.go |  9 ++++++++
 models/domain.go                    |  2 +-
 models/record.go                    |  4 ++--
 models/t_parse.go                   |  2 ++
 pkg/normalize/validate.go           |  2 +-
 pkg/prettyzone/prettyzone_test.go   |  2 ++
 providers/capability_string.go      | 34 ++++++++++++++---------------
 7 files changed, 34 insertions(+), 21 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 66dadb8fe..366898880 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -536,6 +536,10 @@ func cname(name, target string) *models.RecordConfig {
 	return makeRec(name, target, "CNAME")
 }
 
+func dhcid(name, target string) *models.RecordConfig {
+	return makeRec(name, target, "DHCID")
+}
+
 func ds(name string, keyTag uint16, algorithm, digestType uint8, digest string) *models.RecordConfig {
 	r := makeRec(name, "", "DS")
 	r.SetTargetDS(keyTag, algorithm, digestType, digest)
@@ -1554,6 +1558,11 @@ func makeTests(t *testing.T) []*TestGroup {
 			//	ns("another-child", "ns101.cloudns.net."),
 			//),
 		),
+		testgroup("PTR",
+			requires(providers.CanUsePTR),
+			tc("Create DHCPID record", dhcid("test", "AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=")),
+			tc("Modify DHCPID record", dhcid("test", "Test/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=")),
+		),
 
 		//// Vendor-specific record types
 
diff --git a/models/domain.go b/models/domain.go
index 63c8a8a27..b7640745d 100644
--- a/models/domain.go
+++ b/models/domain.go
@@ -135,7 +135,7 @@ func (dc *DomainConfig) Punycode() error {
 			rec.SetTarget(t)
 		case "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE":
 			rec.SetTarget(rec.GetTargetField())
-		case "A", "AAAA", "CAA", "DS", "LOC", "NAPTR", "SOA", "SSHFP", "TXT", "TLSA", "AZURE_ALIAS":
+		case "A", "AAAA", "CAA", "DHCPID", "DS", "LOC", "NAPTR", "SOA", "SSHFP", "TXT", "TLSA", "AZURE_ALIAS":
 			// Nothing to do.
 		default:
 			return fmt.Errorf("Punycode rtype %v unimplemented", rec.Type)
diff --git a/models/record.go b/models/record.go
index a8ebd9436..894c49dac 100644
--- a/models/record.go
+++ b/models/record.go
@@ -595,7 +595,7 @@ func Downcase(recs []*RecordConfig) {
 			// Target is case insensitive. Downcase it.
 			r.target = strings.ToLower(r.target)
 			// BUGFIX(tlim): isn't ALIAS in the wrong case statement?
-		case "A", "ALIAS", "CAA", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "IMPORT_TRANSFORM", "LOC", "SSHFP", "TXT":
+		case "A", "ALIAS", "CAA", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "DHCID", "IMPORT_TRANSFORM", "LOC", "SSHFP", "TXT":
 			// Do nothing. (IP address or case sensitive target)
 		case "SOA":
 			if r.target != "DEFAULT_NOT_SET." {
@@ -619,7 +619,7 @@ func CanonicalizeTargets(recs []*RecordConfig, origin string) {
 		case "AKAMAICDN", "ANAME", "CNAME", "DS", "MX", "NS", "NAPTR", "PTR", "SRV":
 			// Target is a hostname that might be a shortname. Turn it into a FQDN.
 			r.target = dnsutil.AddOrigin(r.target, originFQDN)
-		case "A", "ALIAS", "CAA", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "IMPORT_TRANSFORM", "LOC", "SSHFP", "TLSA", "TXT":
+		case "A", "ALIAS", "CAA", "DHCID", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "IMPORT_TRANSFORM", "LOC", "SSHFP", "TLSA", "TXT":
 			// Do nothing.
 		case "SOA":
 			if r.target != "DEFAULT_NOT_SET." {
diff --git a/models/t_parse.go b/models/t_parse.go
index 374526e91..1cbfeea63 100644
--- a/models/t_parse.go
+++ b/models/t_parse.go
@@ -59,6 +59,8 @@ func (rc *RecordConfig) PopulateFromString(rtype, contents, origin string) error
 		return rc.SetTargetCAAString(contents)
 	case "DS":
 		return rc.SetTargetDSString(contents)
+	case "DHCID":
+		return rc.SetTarget(contents)
 	case "LOC":
 		return rc.SetTargetLOCString(origin, contents)
 	case "MX":
diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index 998baeaf0..3b30cc34b 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -61,6 +61,7 @@ func validateRecordTypes(rec *models.RecordConfig, domain string, pTypes []strin
 		"ALIAS":            false,
 		"CAA":              true,
 		"CNAME":            true,
+		"DHCID":            true,
 		"DS":               true,
 		"IMPORT_TRANSFORM": false,
 		"LOC":              true,
@@ -73,7 +74,6 @@ func validateRecordTypes(rec *models.RecordConfig, domain string, pTypes []strin
 		"SSHFP":            true,
 		"TLSA":             true,
 		"TXT":              true,
-		"DHCID":            true,
 	}
 	_, ok := validTypes[rec.Type]
 	if !ok {
diff --git a/pkg/prettyzone/prettyzone_test.go b/pkg/prettyzone/prettyzone_test.go
index 85e2f3c93..88f93454d 100644
--- a/pkg/prettyzone/prettyzone_test.go
+++ b/pkg/prettyzone/prettyzone_test.go
@@ -272,6 +272,7 @@ func TestWriteZoneFileEach(t *testing.T) {
 	d = append(d, mustNewRR(`_443._tcp.bosun.org. 300 IN TLSA  3 1 1 abcdef0`)) // Label must be _port._proto
 	d = append(d, mustNewRR(`sub.bosun.org.       300 IN NS    bosun.org.`))    // Must be a label with no other records.
 	d = append(d, mustNewRR(`x.bosun.org.         300 IN CNAME bosun.org.`))    // Must be a label with no other records.
+	d = append(d, mustNewRR(`bosun.org.           300 IN DHCID   AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=`))
 	buf := &bytes.Buffer{}
 	WriteZoneFileRR(buf, d, "bosun.org")
 	if buf.String() != testdataZFEach {
@@ -289,6 +290,7 @@ var testdataZFEach = `$TTL 300
                  IN SRV   10 10 9999 foo.com.
                  IN TXT   "my text"
                  IN CAA   0 issue "letsencrypt.org"
+                 IN DHCID AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=
 4.5              IN PTR   y.bosun.org.
 _443._tcp        IN TLSA  3 1 1 abcdef0
 sub              IN NS    bosun.org.
diff --git a/providers/capability_string.go b/providers/capability_string.go
index fd5753163..1363be8dd 100644
--- a/providers/capability_string.go
+++ b/providers/capability_string.go
@@ -14,26 +14,26 @@ func _() {
 	_ = x[CanUseAlias-3]
 	_ = x[CanUseAzureAlias-4]
 	_ = x[CanUseCAA-5]
-	_ = x[CanUseDS-6]
-	_ = x[CanUseDSForChildren-7]
-	_ = x[CanUseLOC-8]
-	_ = x[CanUseNAPTR-9]
-	_ = x[CanUsePTR-10]
-	_ = x[CanUseRoute53Alias-11]
-	_ = x[CanUseSOA-12]
-	_ = x[CanUseSRV-13]
-	_ = x[CanUseSSHFP-14]
-	_ = x[CanUseTLSA-15]
-	_ = x[CantUseNOPURGE-16]
-	_ = x[DocCreateDomains-17]
-	_ = x[DocDualHost-18]
-	_ = x[DocOfficiallySupported-19]
-	_ = x[CanUseDHCID-20]
+	_ = x[CanUseDHCID-6]
+	_ = x[CanUseDS-7]
+	_ = x[CanUseDSForChildren-8]
+	_ = x[CanUseLOC-9]
+	_ = x[CanUseNAPTR-10]
+	_ = x[CanUsePTR-11]
+	_ = x[CanUseRoute53Alias-12]
+	_ = x[CanUseSOA-13]
+	_ = x[CanUseSRV-14]
+	_ = x[CanUseSSHFP-15]
+	_ = x[CanUseTLSA-16]
+	_ = x[CantUseNOPURGE-17]
+	_ = x[DocCreateDomains-18]
+	_ = x[DocDualHost-19]
+	_ = x[DocOfficiallySupported-20]
 }
 
-const _Capability_name = "CanAutoDNSSECCanGetZonesCanUseAKAMAICDNCanUseAliasCanUseAzureAliasCanUseCAACanUseDSCanUseDSForChildrenCanUseLOCCanUseNAPTRCanUsePTRCanUseRoute53AliasCanUseSOACanUseSRVCanUseSSHFPCanUseTLSACantUseNOPURGEDocCreateDomainsDocDualHostDocOfficiallySupportedCanUseDHCID"
+const _Capability_name = "CanAutoDNSSECCanGetZonesCanUseAKAMAICDNCanUseAliasCanUseAzureAliasCanUseCAACanUseDHCIDCanUseDSCanUseDSForChildrenCanUseLOCCanUseNAPTRCanUsePTRCanUseRoute53AliasCanUseSOACanUseSRVCanUseSSHFPCanUseTLSACantUseNOPURGEDocCreateDomainsDocDualHostDocOfficiallySupported"
 
-var _Capability_index = [...]uint16{0, 13, 24, 39, 50, 66, 75, 83, 102, 111, 122, 131, 149, 158, 167, 178, 188, 202, 218, 229, 251, 262}
+var _Capability_index = [...]uint16{0, 13, 24, 39, 50, 66, 75, 86, 94, 113, 122, 133, 142, 160, 169, 178, 189, 199, 213, 229, 240, 262}
 
 func (i Capability) String() string {
 	if i >= Capability(len(_Capability_index)-1) {

From 5b95f29082d5ebf175aec394227de4ffcaafea39 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 14 Sep 2023 10:25:45 -0400
Subject: [PATCH 47/79] Improve require() docs (#2553)

---
 documentation/functions/global/require.md     | 46 +++++++++++++------
 .../functions/global/require_glob.md          | 14 +++---
 2 files changed, 41 insertions(+), 19 deletions(-)

diff --git a/documentation/functions/global/require.md b/documentation/functions/global/require.md
index 07e93fba6..7e7482e24 100644
--- a/documentation/functions/global/require.md
+++ b/documentation/functions/global/require.md
@@ -8,17 +8,38 @@ ts_ignore: true
 `require(...)` loads the specified JavaScript or JSON file, allowing
 to split your configuration across multiple files.
 
+A better name for this function might be "include".
+
 If the supplied `path` string ends with `.js`, the file is interpreted
 as JavaScript code, almost as though its contents had been included in
 the currently-executing file.  If  the path string ends with `.json`,
 `require()` returns the `JSON.parse()` of the file's contents.
 
-If the path string begins with a `.`, it is interpreted relative to
+If the path string begins with a `./`, it is interpreted relative to
 the currently-loading file (which may not be the file where the
-`require()` statement is, if called within a function), otherwise it
+`require()` statement is, if called within a function). Otherwise it
 is interpreted relative to the program's working directory at the time
 of the call.
 
+### Example 1: Simple
+
+In this example, we separate our macros in one file, and put groups of domains
+in 3 other files. The result is a cleaner separation of code vs. domains.
+
+{% code title="dnsconfig.js" %}
+```javascript
+require("lib/macros.json");
+
+require("domains/main.json");
+require("domains/parked.json");
+require("domains/otherstuff.json");
+```
+{% endcode %}
+
+### Example 2: Complex
+
+Here's a more complex example:
+
 {% code title="dnsconfig.js" %}
 ```javascript
 require("kubernetes/clusters.js");
@@ -60,7 +81,9 @@ function includeK8Sdev() {
 ```
 {% endcode %}
 
-You can also use it to require JSON files and initialize variables with it:
+### Example 3: JSON
+
+Requiring JSON files initializes variables:
 
 {% code title="dnsconfig.js" %}
 ```javascript
@@ -83,16 +106,13 @@ for (var domain in domains) {
 ```
 {% endcode %}
 
-# Future
+# Notes
 
-It might be better to rename the function to something like
-`include()` instead, (leaving `require` as a deprecated alias) because
-by analogy it is *much* closer to PHP's `include()` function than it
-is to node's `require()`.  After all, the reason node.js calls it
-"require" is because it's a declarative statement saying the file is
-needed, and so should be loaded if it hasn't already been loaded.
+`require()` is *much* closer to PHP's `include()` function than it
+is to node's `require()`.
 
+Node's `require()` only includes a file once.
 In contrast, DNSControl's `require()` is actually an imperative command to
-load the file and execute the code or parse the data from it.  (So if
-two files both `require("./tools.js")`, for example, then it will be
-loaded twice, whereas in node.js it would only be loaded once.)
+load the file and execute the code or parse the data from it.  For example if
+two files both `require("./tools.js")`, then it will be
+loaded twice, whereas in node.js it would only be loaded once.
diff --git a/documentation/functions/global/require_glob.md b/documentation/functions/global/require_glob.md
index da7b4cd77..d56cad985 100644
--- a/documentation/functions/global/require_glob.md
+++ b/documentation/functions/global/require_glob.md
@@ -8,7 +8,7 @@ parameter_types:
   recursive: boolean
 ---
 
-`require_glob()` can recursively load `.js` files, optionally non-recursive as well.
+`require_glob()` recursively loads `.js` files that match a glob (wildcard). The recursion can be disabled.
 
 Possible parameters are:
 
@@ -31,8 +31,13 @@ require_glob("./domains/", false);
 ```
 {% endcode %}
 
-One more important thing to note: `require_glob()` is as smart as `require()` is. It loads files always relative to the JavaScript
-file where it's being executed in. Let's go with an example, as it describes it better:
+# Comparison to require()
+
+`require_glob()` and `require()` both use the same rules for determining which directory path is
+relative to.
+
+This will load files being present underneath `./domains/user1/` and **NOT** at below `./domains/`, as `require_glob()`
+is called in the subfolder `domains/`.
 
 {% code title="dnsconfig.js" %}
 ```javascript
@@ -45,6 +50,3 @@ require("domains/index.js");
 require_glob("./user1/");
 ```
 {% endcode %}
-
-This will now load files being present underneath `./domains/user1/` and **NOT** at below `./domains/`, as `require_glob()`
-is called in the subfolder `domains/`.

From d75b72f08a3a333519bc8f06b81e49e195540966 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Sep 2023 10:26:22 -0400
Subject: [PATCH 48/79] Build(deps): Bump actions/upload-artifact from 3.1.2 to
 3.1.3 (#2555)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/build.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a1ea1e9f4..ca60ee815 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -28,7 +28,7 @@ jobs:
         gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES
     - name: Enforce Go Formatted Code
       run: "[ `go fmt ./... | wc -l` -eq 0 ]"
-    - uses: actions/upload-artifact@v3.1.2
+    - uses: actions/upload-artifact@v3.1.3
       with:
         path: "/tmp/test-results"
 
@@ -192,7 +192,7 @@ jobs:
           gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- -timeout 30m -v -verbose -provider ${{ matrix.provider }} -cfworkers=false
         fi
       working-directory: integrationTest
-    - uses: actions/upload-artifact@v3.1.2
+    - uses: actions/upload-artifact@v3.1.3
       with:
         path: "/tmp/test-results"
   integrtests-diff2:
@@ -299,7 +299,7 @@ jobs:
           echo "Skip test for ${{ matrix.provider }} provider"
         fi
       working-directory: integrationTest
-    - uses: actions/upload-artifact@v3.1.2
+    - uses: actions/upload-artifact@v3.1.3
       with:
         path: "/tmp/test-results"
 #  release:
@@ -328,10 +328,10 @@ jobs:
 #    - name: Install goreleaser
 #      run: go install github.com/goreleaser/goreleaser@latest
 #    - run: goreleaser release
-#    - uses: actions/upload-artifact@v3.1.2
+#    - uses: actions/upload-artifact@v3.1.3
 #      with:
 #        path: dist
-#    - uses: actions/upload-artifact@v3.1.2
+#    - uses: actions/upload-artifact@v3.1.3
 #      with:
 #        path: |-
 #          dist/*.rpm

From f1fd723c809e153f806c6f1573426b9c0109d430 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Sep 2023 10:26:51 -0400
Subject: [PATCH 49/79] Build(deps): Bump actions/cache from 3.3.1 to 3.3.2
 (#2554)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/build.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ca60ee815..d13048b13 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -16,7 +16,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: restore_cache
-      uses: actions/cache@v3.3.1
+      uses: actions/cache@v3.3.2
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
@@ -178,7 +178,7 @@ jobs:
     - uses: actions/checkout@v4
     - run: mkdir -p "$TEST_RESULTS"
     - name: restore_cache
-      uses: actions/cache@v3.3.1
+      uses: actions/cache@v3.3.2
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
@@ -285,7 +285,7 @@ jobs:
     - uses: actions/checkout@v4
     - run: mkdir -p "$TEST_RESULTS"
     - name: restore_cache
-      uses: actions/cache@v3.3.1
+      uses: actions/cache@v3.3.2
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
@@ -321,7 +321,7 @@ jobs:
 #        docker-password: "${{ secrets.DOCKER_PASSWORD }}"
 #        docker-username: "${{ env.DOCKER_LOGIN }}"
 #    - name: restore_cache
-#      uses: actions/cache@v3.3.1
+#      uses: actions/cache@v3.3.2
 #      with:
 #        key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
 #        restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}

From 1d825be67a26e5a83405469a1d901daf181f144f Mon Sep 17 00:00:00 2001
From: Florian Ritterhoff <32478819+fritterhoff@users.noreply.github.com>
Date: Thu, 14 Sep 2023 19:15:54 +0200
Subject: [PATCH 50/79] NEW FEATURE: Added "push --report" flag which generates
 JSON report of changes made (#2543)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 commands/previewPush.go       | 46 ++++++++++++++++++++++++++++++++---
 documentation/SUMMARY.md      |  1 +
 documentation/json-reports.md | 34 ++++++++++++++++++++++++++
 3 files changed, 77 insertions(+), 4 deletions(-)
 create mode 100644 documentation/json-reports.md

diff --git a/commands/previewPush.go b/commands/previewPush.go
index c1915deac..70b1d4370 100644
--- a/commands/previewPush.go
+++ b/commands/previewPush.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"encoding/json"
 	"fmt"
 	"os"
 	"strings"
@@ -45,6 +46,13 @@ type PreviewArgs struct {
 	Full        bool
 }
 
+type ReportItem struct {
+	Domain      string `json:"domain"`
+	Corrections int    `json:"corrections"`
+	Provider    string `json:"provider,omitempty"`
+	Registrar   string `json:"registrar,omitempty"`
+}
+
 func (args *PreviewArgs) flags() []cli.Flag {
 	flags := args.GetDNSConfigArgs.flags()
 	flags = append(flags, args.GetCredentialsArgs.flags()...)
@@ -93,6 +101,7 @@ var _ = cmd(catMain, func() *cli.Command {
 type PushArgs struct {
 	PreviewArgs
 	Interactive bool
+	Report      string
 }
 
 func (args *PushArgs) flags() []cli.Flag {
@@ -102,21 +111,26 @@ func (args *PushArgs) flags() []cli.Flag {
 		Destination: &args.Interactive,
 		Usage:       "Interactive. Confirm or Exclude each correction before they run",
 	})
+	flags = append(flags, &cli.StringFlag{
+		Name:        "report",
+		Destination: &args.Report,
+		Usage:       `Generate a machine-parseable report of performed corrections.`,
+	})
 	return flags
 }
 
 // Preview implements the preview subcommand.
 func Preview(args PreviewArgs) error {
-	return run(args, false, false, printer.DefaultPrinter)
+	return run(args, false, false, printer.DefaultPrinter, nil)
 }
 
 // Push implements the push subcommand.
 func Push(args PushArgs) error {
-	return run(args.PreviewArgs, true, args.Interactive, printer.DefaultPrinter)
+	return run(args.PreviewArgs, true, args.Interactive, printer.DefaultPrinter, &args.Report)
 }
 
 // run is the main routine common to preview/push
-func run(args PreviewArgs, push bool, interactive bool, out printer.CLI) error {
+func run(args PreviewArgs, push bool, interactive bool, out printer.CLI, report *string) error {
 	// TODO: make truly CLI independent. Perhaps return results on a channel as they occur
 
 	// This is a hack until we have the new printer replacement.
@@ -151,7 +165,7 @@ func run(args PreviewArgs, push bool, interactive bool, out printer.CLI) error {
 	// create a WaitGroup with the length of domains for the anonymous functions (later goroutines) to wait for
 	var wg sync.WaitGroup
 	wg.Add(len(cfg.Domains))
-
+	var reportItems []ReportItem
 	// For each domain in dnsconfig.js...
 	for _, domain := range cfg.Domains {
 		// Run preview or push operations per domain as anonymous function, in preparation for the later use of goroutines.
@@ -232,6 +246,11 @@ func run(args PreviewArgs, push bool, interactive bool, out printer.CLI) error {
 				totalCorrections += len(corrections)
 				// When diff1 goes away, the call to printReports() should be moved to HERE.
 				//printReports(domain.Name, provider.Name, reports, out, push, notifier)
+				reportItems = append(reportItems, ReportItem{
+					Domain:      domain.Name,
+					Corrections: len(corrections),
+					Provider:    provider.Name,
+				})
 				anyErrors = printOrRunCorrections(domain.Name, provider.Name, corrections, out, push, interactive, notifier) || anyErrors
 			}
 
@@ -253,6 +272,11 @@ func run(args PreviewArgs, push bool, interactive bool, out printer.CLI) error {
 				return
 			}
 			totalCorrections += len(corrections)
+			reportItems = append(reportItems, ReportItem{
+				Domain:      domain.Name,
+				Corrections: len(corrections),
+				Registrar:   domain.RegistrarName,
+			})
 			anyErrors = printOrRunCorrections(domain.Name, domain.RegistrarName, corrections, out, push, interactive, notifier) || anyErrors
 		}(domain)
 	}
@@ -269,6 +293,20 @@ func run(args PreviewArgs, push bool, interactive bool, out printer.CLI) error {
 	if totalCorrections != 0 && args.WarnChanges {
 		return fmt.Errorf("there are pending changes")
 	}
+	if report != nil {
+		f, err := os.OpenFile(*report, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644)
+		if err != nil {
+			return err
+		}
+		defer f.Close()
+		b, err := json.MarshalIndent(reportItems, "", "  ")
+		if err != nil {
+			return err
+		}
+		if _, err := f.Write(b); err != nil {
+			return err
+		}
+	}
 	return nil
 }
 
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 050ec85c3..3ff6172a7 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -154,6 +154,7 @@
 * [Nameservers and Delegations](nameservers.md)
 * [Notifications](notifications.md)
 * [Useful code tricks](code-tricks.md)
+* [JSON Reports](json-reports.md)
 
 ## Developer info
 
diff --git a/documentation/json-reports.md b/documentation/json-reports.md
new file mode 100644
index 000000000..e6efa7928
--- /dev/null
+++ b/documentation/json-reports.md
@@ -0,0 +1,34 @@
+# JSON Reports
+
+DNSControl has build in functionality to generate a machine-parseable report after pushing changes. This report is JSON formated and contains the zonename, the provider or registrar name and the amount of performed changes.
+
+## Usage
+
+To enable the report option you must use the `push` operation in combination with the `--report <filename>` option. This generates the json file.
+
+{% code title="report.json" %}
+```json
+[
+  {
+    "domain": "private.example.com",
+    "corrections": 10,
+    "provider": "bind"
+  },
+  {
+    "domain": "private.example.com",
+    "corrections": 0,
+    "registrar": "none"
+  },
+  {
+    "domain": "admin.example.com",
+    "corrections": 5,
+    "provider": "bind"
+  },
+  {
+    "domain": "admin.example.com",
+    "corrections": 0,
+    "registrar": "none"
+  }
+]
+```
+{% endcode %}

From 255e08cff2c64b6e1a871c456fdeccc64799780c Mon Sep 17 00:00:00 2001
From: str4d <thestr4d@gmail.com>
Date: Thu, 14 Sep 2023 18:17:02 +0100
Subject: [PATCH 51/79] PORKBUN: Add registrar support (#2542)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers.md           |  2 +-
 providers/porkbun/api.go             | 39 ++++++++++++++++++++----
 providers/porkbun/porkbunProvider.go | 44 ++++++++++++++++++++++++++--
 3 files changed, 76 insertions(+), 9 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index d9a37484f..daa8edce8 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -53,7 +53,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`ORACLE`](providers/oracle.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ |
 | [`OVH`](providers/ovh.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ |
 | [`PACKETFRAME`](providers/packetframe.md) | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ |
-| [`PORKBUN`](providers/porkbun.md) | ❌ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
+| [`PORKBUN`](providers/porkbun.md) | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
 | [`POWERDNS`](providers/powerdns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
 | [`ROUTE53`](providers/route53.md) | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
 | [`RWTH`](providers/rwth.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ✅ |
diff --git a/providers/porkbun/api.go b/providers/porkbun/api.go
index 9c083f926..3145319af 100644
--- a/providers/porkbun/api.go
+++ b/providers/porkbun/api.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"sort"
 	"time"
 )
 
@@ -18,7 +19,7 @@ type porkbunProvider struct {
 	secretKey string
 }
 
-type requestParams map[string]string
+type requestParams map[string]any
 
 type errorResponse struct {
 	Status  string `json:"status"`
@@ -40,6 +41,11 @@ type recordResponse struct {
 	Records []domainRecord `json:"records"`
 }
 
+type nsResponse struct {
+	Status      string   `json:"status"`
+	Nameservers []string `json:"ns"`
+}
+
 func (c *porkbunProvider) post(endpoint string, params requestParams) ([]byte, error) {
 	params["apikey"] = c.apiKey
 	params["secretapikey"] = c.secretKey
@@ -82,7 +88,7 @@ func (c *porkbunProvider) ping() error {
 
 func (c *porkbunProvider) createRecord(domain string, rec requestParams) error {
 	if _, err := c.post("/dns/create/"+domain, rec); err != nil {
-		return fmt.Errorf("failed create record (porkbun): %s", err)
+		return fmt.Errorf("failed create record (porkbun): %w", err)
 	}
 	return nil
 }
@@ -90,14 +96,14 @@ func (c *porkbunProvider) createRecord(domain string, rec requestParams) error {
 func (c *porkbunProvider) deleteRecord(domain string, recordID string) error {
 	params := requestParams{}
 	if _, err := c.post(fmt.Sprintf("/dns/delete/%s/%s", domain, recordID), params); err != nil {
-		return fmt.Errorf("failed delete record (porkbun): %s", err)
+		return fmt.Errorf("failed delete record (porkbun): %w", err)
 	}
 	return nil
 }
 
 func (c *porkbunProvider) modifyRecord(domain string, recordID string, rec requestParams) error {
 	if _, err := c.post(fmt.Sprintf("/dns/edit/%s/%s", domain, recordID), rec); err != nil {
-		return fmt.Errorf("failed update (porkbun): %s", err)
+		return fmt.Errorf("failed update (porkbun): %w", err)
 	}
 	return nil
 }
@@ -106,7 +112,7 @@ func (c *porkbunProvider) getRecords(domain string) ([]domainRecord, error) {
 	params := requestParams{}
 	var bodyString, err = c.post("/dns/retrieve/"+domain, params)
 	if err != nil {
-		return nil, fmt.Errorf("failed fetching record list from porkbun: %s", err)
+		return nil, fmt.Errorf("failed fetching record list from porkbun: %w", err)
 	}
 
 	var dr recordResponse
@@ -121,3 +127,26 @@ func (c *porkbunProvider) getRecords(domain string) ([]domainRecord, error) {
 	}
 	return records, nil
 }
+
+func (c *porkbunProvider) getNameservers(domain string) ([]string, error) {
+	params := requestParams{}
+	var bodyString, err = c.post(fmt.Sprintf("/domain/getNs/%s", domain), params)
+	if err != nil {
+		return nil, fmt.Errorf("failed fetching nameserver list from porkbun: %w", err)
+	}
+
+	var ns nsResponse
+	json.Unmarshal(bodyString, &ns)
+
+	sort.Strings(ns.Nameservers)
+	return ns.Nameservers, nil
+}
+
+func (c *porkbunProvider) updateNameservers(ns []string, domain string) error {
+	params := requestParams{}
+	params["ns"] = ns
+	if _, err := c.post(fmt.Sprintf("/domain/updateNs/%s", domain), params); err != nil {
+		return fmt.Errorf("failed NS update (porkbun): %w", err)
+	}
+	return nil
+}
diff --git a/providers/porkbun/porkbunProvider.go b/providers/porkbun/porkbunProvider.go
index 1825a7550..0eddd1c9f 100644
--- a/providers/porkbun/porkbunProvider.go
+++ b/providers/porkbun/porkbunProvider.go
@@ -3,6 +3,7 @@ package porkbun
 import (
 	"encoding/json"
 	"fmt"
+	"sort"
 	"strconv"
 	"strings"
 
@@ -25,8 +26,16 @@ var defaultNS = []string{
 	"salvador.ns.porkbun.com",
 }
 
-// NewPorkbun creates the provider.
-func NewPorkbun(m map[string]string, metadata json.RawMessage) (providers.DNSServiceProvider, error) {
+func newReg(conf map[string]string) (providers.Registrar, error) {
+	return newPorkbun(conf, nil)
+}
+
+func newDsp(conf map[string]string, metadata json.RawMessage) (providers.DNSServiceProvider, error) {
+	return newPorkbun(conf, metadata)
+}
+
+// newPorkbun creates the provider.
+func newPorkbun(m map[string]string, metadata json.RawMessage) (*porkbunProvider, error) {
 	c := &porkbunProvider{}
 
 	c.apiKey, c.secretKey = m["api_key"], m["secret_key"]
@@ -63,8 +72,9 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	providers.RegisterRegistrarType("PORKBUN", newReg)
 	fns := providers.DspFuncs{
-		Initializer:   NewPorkbun,
+		Initializer:   newDsp,
 		RecordAuditor: AuditRecords,
 	}
 	providers.RegisterDomainServiceProviderType("PORKBUN", fns, features)
@@ -317,3 +327,31 @@ func fixTTL(ttl uint32) uint32 {
 	}
 	return minimumTTL
 }
+
+func (c *porkbunProvider) GetRegistrarCorrections(dc *models.DomainConfig) ([]*models.Correction, error) {
+	nss, err := c.getNameservers(dc.Name)
+	if err != nil {
+		return nil, err
+	}
+	foundNameservers := strings.Join(nss, ",")
+
+	expected := []string{}
+	for _, ns := range dc.Nameservers {
+		expected = append(expected, ns.Name)
+	}
+	sort.Strings(expected)
+	expectedNameservers := strings.Join(expected, ",")
+
+	if foundNameservers == expectedNameservers {
+		return nil, nil
+	}
+
+	return []*models.Correction{
+		{
+			Msg: fmt.Sprintf("Update nameservers %s -> %s", foundNameservers, expectedNameservers),
+			F: func() error {
+				return c.updateNameservers(expected, dc.Name)
+			},
+		},
+	}, nil
+}

From 6ad7f348f7b634a1b70993d78ff083f7edfe2a81 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 15 Sep 2023 09:11:30 -0400
Subject: [PATCH 52/79] NEW RECORD TYPE: DHCID (#2557)

Co-authored-by: Tom Limoncelli <tlimoncelli@tlimworkm1.mynetworksettings.com>
---
 commands/types/dnscontrol.d.ts      | 14 +++--
 documentation/providers.md          | 96 ++++++++++++++---------------
 integrationTest/integration_test.go |  4 +-
 models/target.go                    |  2 +-
 4 files changed, 59 insertions(+), 57 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index e19bce20c..aa1aeada6 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -3054,7 +3054,7 @@ declare function URL301(name: string, ...modifiers: RecordModifier[]): DomainMod
 declare function getConfiguredDomains(): string[];
 
 /**
- * `require_glob()` can recursively load `.js` files, optionally non-recursive as well.
+ * `require_glob()` recursively loads `.js` files that match a glob (wildcard). The recursion can be disabled.
  *
  * Possible parameters are:
  *
@@ -3073,8 +3073,13 @@ declare function getConfiguredDomains(): string[];
  * require_glob("./domains/", false);
  * ```
  *
- * One more important thing to note: `require_glob()` is as smart as `require()` is. It loads files always relative to the JavaScript
- * file where it's being executed in. Let's go with an example, as it describes it better:
+ * # Comparison to require()
+ *
+ * `require_glob()` and `require()` both use the same rules for determining which directory path is
+ * relative to.
+ *
+ * This will load files being present underneath `./domains/user1/` and **NOT** at below `./domains/`, as `require_glob()`
+ * is called in the subfolder `domains/`.
  *
  * ```javascript
  * require("domains/index.js");
@@ -3084,9 +3089,6 @@ declare function getConfiguredDomains(): string[];
  * require_glob("./user1/");
  * ```
  *
- * This will now load files being present underneath `./domains/user1/` and **NOT** at below `./domains/`, as `require_glob()`
- * is called in the subfolder `domains/`.
- *
  * @see https://docs.dnscontrol.org/language-reference/top-level-functions/require_glob
  */
 declare function require_glob(path: string, recursive: boolean): void;
diff --git a/documentation/providers.md b/documentation/providers.md
index daa8edce8..4f2c37a2a 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -12,54 +12,54 @@ a provider that supports it, we'd love your contribution to ensure it works corr
 If a feature is definitively not supported for whatever reason, we would also like a PR to clarify why it is not supported, and fill in this entire matrix.
 
 <!-- provider-matrix-start -->
-| Provider name | Official Support | DNS Provider | Registrar | [`ALIAS`](functions/domain/ALIAS.md) | [`CAA`](functions/domain/CAA.md) | [`AUTODNSSEC`](functions/domain/AUTODNSSEC_ON.md) | [`LOC`](functions/domain/LOC.md) | [`NAPTR`](functions/domain/NAPTR.md) | [`PTR`](functions/domain/PTR.md) | [`SOA`](functions/domain/SOA.md) | [`SRV`](functions/domain/SRV.md) | [`SSHFP`](functions/domain/SSHFP.md) | [`TLSA`](functions/domain/TLSA.md) | [`DS`](functions/domain/DS.md) | dual host | create-domains | [`NO_PURGE`](functions/domain/NO_PURGE.md) | get-zones |
-| ------------- | ---------------- | ------------ | --------- | ------------------------------------ | -------------------------------- | ------------------------------------------------- | -------------------------------- | ------------------------------------ | -------------------------------- | -------------------------------- | -------------------------------- | ------------------------------------ | ---------------------------------- | ------------------------------ | --------- | -------------- | ------------------------------------------ | --------- |
-| [`AKAMAIEDGEDNS`](providers/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ |
-| [`AUTODNS`](providers/autodns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
-| [`AXFRDDNS`](providers/axfrddns.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ |
-| [`AZURE_DNS`](providers/azure_dns.md) | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`BIND`](providers/bind.md) | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ |
-| [`CLOUDFLAREAPI`](providers/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ✅ |
-| [`CLOUDNS`](providers/cloudns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`CSCGLOBAL`](providers/cscglobal.md) | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ✅ |
-| [`DESEC`](providers/desec.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
-| [`DIGITALOCEAN`](providers/digitalocean.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`DNSIMPLE`](providers/dnsimple.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
-| [`DNSMADEEASY`](providers/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ |
-| [`DNSOVERHTTPS`](providers/dnsoverhttps.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
-| [`DOMAINNAMESHOP`](providers/domainnameshop.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ |
-| [`EASYNAME`](providers/easyname.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
-| [`EXOSCALE`](providers/exoscale.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❌ | ❌ | ✅ | ❔ |
-| [`GANDI_V5`](providers/gandi_v5.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ |
-| [`GCLOUD`](providers/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ |
-| [`HEDNS`](providers/hedns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ |
-| [`HETZNER`](providers/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| [`HEXONET`](providers/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ |
-| [`HOSTINGDE`](providers/hostingde.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| [`INTERNETBS`](providers/internetbs.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
-| [`INWX`](providers/inwx.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`LINODE`](providers/linode.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
-| [`LOOPIA`](providers/loopia.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ✅ |
-| [`LUADNS`](providers/luadns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`MSDNS`](providers/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
-| [`MYTHICBEASTS`](providers/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ |
-| [`NAMECHEAP`](providers/namecheap.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❌ | ❌ | ✅ |
-| [`NAMEDOTCOM`](providers/namedotcom.md) | ❌ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ | ✅ |
-| [`NETCUP`](providers/netcup.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ❌ |
-| [`NETLIFY`](providers/netlify.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
-| [`NS1`](providers/ns1.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| [`OPENSRS`](providers/opensrs.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
-| [`ORACLE`](providers/oracle.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ |
-| [`OVH`](providers/ovh.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ |
-| [`PACKETFRAME`](providers/packetframe.md) | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ |
-| [`PORKBUN`](providers/porkbun.md) | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
-| [`POWERDNS`](providers/powerdns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| [`ROUTE53`](providers/route53.md) | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`RWTH`](providers/rwth.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ✅ |
-| [`SOFTLAYER`](providers/softlayer.md) | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
-| [`TRANSIP`](providers/transip.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❌ | ✅ | ✅ |
-| [`VULTR`](providers/vultr.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| Provider name | Official Support | DNS Provider | Registrar | [`ALIAS`](functions/domain/ALIAS.md) | [`CAA`](functions/domain/CAA.md) | [`AUTODNSSEC`](functions/domain/AUTODNSSEC_ON.md) | [`LOC`](functions/domain/LOC.md) | [`NAPTR`](functions/domain/NAPTR.md) | [`PTR`](functions/domain/PTR.md) | [`SOA`](functions/domain/SOA.md) | [`SRV`](functions/domain/SRV.md) | [`SSHFP`](functions/domain/SSHFP.md) | [`TLSA`](functions/domain/TLSA.md) | [`DS`](functions/domain/DS.md) | [`DHCID`](functions/domain/DHCID.md) | dual host | create-domains | [`NO_PURGE`](functions/domain/NO_PURGE.md) | get-zones |
+| ------------- | ---------------- | ------------ | --------- | ------------------------------------ | -------------------------------- | ------------------------------------------------- | -------------------------------- | ------------------------------------ | -------------------------------- | -------------------------------- | -------------------------------- | ------------------------------------ | ---------------------------------- | ------------------------------ | ------------------------------------ | --------- | -------------- | ------------------------------------------ | --------- |
+| [`AKAMAIEDGEDNS`](providers/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ❌ | ✅ |
+| [`AUTODNS`](providers/autodns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ✅ |
+| [`AXFRDDNS`](providers/axfrddns.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ |
+| [`AZURE_DNS`](providers/azure_dns.md) | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
+| [`BIND`](providers/bind.md) | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ |
+| [`CLOUDFLAREAPI`](providers/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ✅ | ✅ | ✅ |
+| [`CLOUDNS`](providers/cloudns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`CSCGLOBAL`](providers/cscglobal.md) | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ✅ |
+| [`DESEC`](providers/desec.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`DIGITALOCEAN`](providers/digitalocean.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`DNSIMPLE`](providers/dnsimple.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ✅ |
+| [`DNSMADEEASY`](providers/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ |
+| [`DNSOVERHTTPS`](providers/dnsoverhttps.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
+| [`DOMAINNAMESHOP`](providers/domainnameshop.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ |
+| [`EASYNAME`](providers/easyname.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
+| [`EXOSCALE`](providers/exoscale.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ |
+| [`GANDI_V5`](providers/gandi_v5.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`GCLOUD`](providers/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
+| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ |
+| [`HEDNS`](providers/hedns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ |
+| [`HETZNER`](providers/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ |
+| [`HEXONET`](providers/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❔ |
+| [`HOSTINGDE`](providers/hostingde.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ |
+| [`INTERNETBS`](providers/internetbs.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
+| [`INWX`](providers/inwx.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
+| [`LINODE`](providers/linode.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
+| [`LOOPIA`](providers/loopia.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ❌ | ✅ | ✅ |
+| [`LUADNS`](providers/luadns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
+| [`MSDNS`](providers/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
+| [`MYTHICBEASTS`](providers/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❌ | ✅ | ✅ |
+| [`NAMECHEAP`](providers/namecheap.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❔ | ❌ | ❌ | ❌ | ✅ |
+| [`NAMEDOTCOM`](providers/namedotcom.md) | ❌ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ | ✅ |
+| [`NETCUP`](providers/netcup.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ❌ |
+| [`NETLIFY`](providers/netlify.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ✅ |
+| [`NS1`](providers/ns1.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ |
+| [`OPENSRS`](providers/opensrs.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
+| [`ORACLE`](providers/oracle.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ |
+| [`OVH`](providers/ovh.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❌ | ✅ | ✅ |
+| [`PACKETFRAME`](providers/packetframe.md) | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ |
+| [`PORKBUN`](providers/porkbun.md) | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ✅ |
+| [`POWERDNS`](providers/powerdns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ |
+| [`ROUTE53`](providers/route53.md) | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
+| [`RWTH`](providers/rwth.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
+| [`SOFTLAYER`](providers/softlayer.md) | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
+| [`TRANSIP`](providers/transip.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
+| [`VULTR`](providers/vultr.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 <!-- provider-matrix-end -->
 
 ### Providers with "official support"
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 366898880..22d66a777 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1558,8 +1558,8 @@ func makeTests(t *testing.T) []*TestGroup {
 			//	ns("another-child", "ns101.cloudns.net."),
 			//),
 		),
-		testgroup("PTR",
-			requires(providers.CanUsePTR),
+		testgroup("DHCPID",
+			requires(providers.CanUseDHCID),
 			tc("Create DHCPID record", dhcid("test", "AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=")),
 			tc("Modify DHCPID record", dhcid("test", "Test/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=")),
 		),
diff --git a/models/target.go b/models/target.go
index 6d3c38620..9a189d8ff 100644
--- a/models/target.go
+++ b/models/target.go
@@ -101,7 +101,7 @@ func (rc *RecordConfig) GetTargetSortable() string {
 func (rc *RecordConfig) GetTargetDebug() string {
 	content := fmt.Sprintf("%s %s %s %d", rc.Type, rc.NameFQDN, rc.target, rc.TTL)
 	switch rc.Type { // #rtype_variations
-	case "A", "AAAA", "CNAME", "NS", "PTR", "TXT", "AKAMAICDN":
+	case "A", "AAAA", "AKAMAICDN", "CNAME", "DHCID", "NS", "PTR", "TXT":
 		// Nothing special.
 	case "AZURE_ALIAS":
 		content += fmt.Sprintf(" type=%s", rc.AzureAlias["type"])

From c01fb2d40b50df90db17729b8165b232ff534a11 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 15 Sep 2023 15:30:55 -0400
Subject: [PATCH 53/79] Update Deps, fix staticcheck and golint warnings
 (#2558)

---
 go.mod                                     | 14 +++---
 go.sum                                     | 52 ++++++--------------
 integrationTest/integration_test.go        | 56 +++++++++++-----------
 pkg/dnstree/dnstree.go                     |  9 ++--
 pkg/notifications/telegram.go              | 20 ++++----
 providers/cloudflare/cloudflareProvider.go |  4 +-
 providers/cloudflare/rest.go               |  4 +-
 providers/netlify/netlifyProvider.go       |  4 --
 providers/ns1/ns1Provider.go               | 18 +++----
 9 files changed, 77 insertions(+), 104 deletions(-)

diff --git a/go.mod b/go.mod
index 87592f409..a666a2b22 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5
-	github.com/cloudflare/cloudflare-go v0.76.0
+	github.com/cloudflare/cloudflare-go v0.77.0
 	github.com/digitalocean/godo v1.102.1
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.2.0
@@ -33,10 +33,10 @@ require (
 	github.com/hashicorp/vault/api v1.10.0
 	github.com/jarcoal/httpmock v1.0.8 // indirect
 	github.com/jinzhu/copier v0.4.0
-	github.com/miekg/dns v1.1.55
+	github.com/miekg/dns v1.1.56
 	github.com/mittwald/go-powerdns v0.6.2
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04
-	github.com/nrdcg/goinwx v0.8.2
+	github.com/nrdcg/goinwx v0.8.3
 	github.com/oracle/oci-go-sdk/v32 v32.0.0
 	github.com/ovh/go-ovh v1.1.0
 	github.com/philhug/opensrs-go v0.0.0-20171126225031-9dfa7433020d
@@ -51,7 +51,7 @@ require (
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
 	golang.org/x/net v0.15.0
 	golang.org/x/oauth2 v0.12.0
-	google.golang.org/api v0.138.0
+	google.golang.org/api v0.141.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.8
 )
 
@@ -100,8 +100,8 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/google/s2a-go v0.1.5 // indirect
-	github.com/google/uuid v1.3.0 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/google/uuid v1.3.1 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/gopherjs/gopherjs v1.17.2 // indirect
@@ -140,7 +140,7 @@ require (
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.13.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832 // indirect
 	google.golang.org/grpc v1.57.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/ini.v1 v1.66.6 // indirect
diff --git a/go.sum b/go.sum
index 2a16430c2..acb8bb383 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,4 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY=
 cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
@@ -33,7 +32,6 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNg
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc=
 github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
@@ -80,18 +78,12 @@ github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4r
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5 h1:awE2kiwdJa409MC5i3OH9fJHCr2yE75yHuWWoA5zx8Q=
 github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5/go.mod h1:1usm1EQvugrIio3ODIAMrDG9NzA86AHIqhZCxJgNdxY=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.76.0 h1:0YsPw0KHWJK2fpivzx38X5onurfM0GkanZtS8HAqlj0=
-github.com/cloudflare/cloudflare-go v0.76.0/go.mod h1:5ocQT9qQ99QsT1Ii2751490Z5J+W/nv6jOj+lSAe4ug=
+github.com/cloudflare/cloudflare-go v0.77.0 h1:bVUGkSKdXEz8+u2Yj3ASqZsqlcsPkeB+PDqVs9OE7TY=
+github.com/cloudflare/cloudflare-go v0.77.0/go.mod h1:R+Q/Im0G0MzKJxj3eXOBBE8xpnchVA9tSiQwOEvfW4Y=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -113,8 +105,6 @@ github.com/dnsimple/dnsimple-go v1.2.0/go.mod h1:z/cs26v/eiRvUyXsHQBLd8lWF8+cD6G
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/exoscale/egoscale v0.90.2 h1:oGSJy5Dxbcn5m5F0/DcnU4WXJg+2j3g+UgEu4yyKG9M=
 github.com/exoscale/egoscale v0.90.2/go.mod h1:NDhQbdGNKwnLVC2YGTB6ds9WIPw+V5ckvEEV8ho7pFE=
@@ -172,7 +162,6 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
@@ -196,14 +185,14 @@ github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/s2a-go v0.1.5 h1:8IYp3w9nysqv3JH+NJgXJzGbDHzLOTj43BmSkp+O7qg=
-github.com/google/s2a-go v0.1.5/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
+github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
+github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
+github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.2.5 h1:UR4rDjcgpgEnqpIEvkiqTYKBCKLNmlge2eVjoZfySzM=
 github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w=
 github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
@@ -214,7 +203,6 @@ github.com/gopherjs/gopherjs v1.17.2/go.mod h1:pRRIvn/QzFLrKfvEz3qUuEhtE/zLCWfre
 github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038 h1:/gx6joY4PjXUu6mKM4yx7yj9Ti6yP8ljOxY/Qt0J25g=
 github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038/go.mod h1:xKR3tvLne+vYYPH9d4DM8X9MKlNV2yXDEomxulcK218=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -326,8 +314,8 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
-github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
+github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE=
+github.com/miekg/dns v1.1.56/go.mod h1:cRm6Oo2C8TY9ZS/TqsSrseAcncm74lfK5G+ikN2SWWY=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
@@ -345,8 +333,8 @@ github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 h1:o6uBwrhM5C8Ll3MAA
 github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nrdcg/goinwx v0.8.2 h1:RmjiHlEA+lzi3toXyPSaE6hWnBQ0+G+1u7w8C6Fpp4g=
-github.com/nrdcg/goinwx v0.8.2/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4=
+github.com/nrdcg/goinwx v0.8.3 h1:ARgoqQ+HhKhOhsey1qwHfxBJ6tDfb42iHt3tqED6chU=
+github.com/nrdcg/goinwx v0.8.3/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4=
 github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d/go.mod h1:YUTz3bUH2ZwIWBy3CJBeOBEugqcmXREj14T+iG/4k4U=
 github.com/oracle/oci-go-sdk/v32 v32.0.0 h1:SSbzrQO3WRcPJEZ8+b3SFPYsPtkFM96clqrp03lrwbU=
 github.com/oracle/oci-go-sdk/v32 v32.0.0/go.mod h1:aZc4jC59IuNP3cr5y1nj555QvwojMX2nMJaBiozuuEs=
@@ -374,7 +362,6 @@ github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494/go.mod h1:yipyliwI08
 github.com/robertkrimen/otto v0.0.0-20200922221731-ef014fd054ac/go.mod h1:xvqspoSXJTIpemEonrMDFq6XzwHYYgToXWj5eRX1OtY=
 github.com/robertkrimen/otto v0.2.1 h1:FVP0PJ0AHIjC+N4pKCG9yCDz6LHNPCwi/GKID5pGGF0=
 github.com/robertkrimen/otto v0.2.1/go.mod h1:UPwtJ1Xu7JrLcZjNWN8orJaM5n5YEtqL//farB5FlRY=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
@@ -435,7 +422,6 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 golang.org/x/crypto v0.0.0-20180214000028-650f4a345ab4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -446,7 +432,6 @@ golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -463,7 +448,6 @@ golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180406214816-61147c48b25b/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -476,18 +460,15 @@ golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
 golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4=
 golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -552,28 +533,24 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.138.0 h1:K/tVp05MxNVbHShRw9m7e9VJGdagNeTdMzqPH7AUqr0=
-google.golang.org/api v0.138.0/go.mod h1:4xyob8CxC+0GChNBvEUAk8VBKNvYOTWM9T3v3UfRxuY=
+google.golang.org/api v0.141.0 h1:Df6vfMgDoIM6ss0m7H4MPwFwY87WNXHfBIda/Bmfl4E=
+google.golang.org/api v0.141.0/go.mod h1:iZqLkdPlXKyG0b90eu6KxVSE4D/ccRF2e/doKD2CnQQ=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 h1:L6iMMGrtzgHsWofoFcihmDEMYeDR9KN/ThbPWGrh++g=
 google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5 h1:nIgk/EEq3/YlnmVVXVnm14rC2oxgs1o0ong4sD/rd44=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577 h1:wukfNtZmZUurLN/atp2hiIeTKn7QJWIQdHzqmsOnAOk=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832 h1:o4LtQxebKIJ4vkzyhtD2rfUNZ20Zf0ik5YVP5E7G7VE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
 google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw=
 google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
@@ -619,7 +596,6 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
 gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637/go.mod h1:BHsqpu/nsuzkT5BpiH1EMZPLyqSMM8JbIavyFACoFNk=
 gopkg.in/yaml.v2 v2.0.0-20170712054546-1be3d31502d6/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 22d66a777..a40288104 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -37,13 +37,13 @@ func init() {
 
 // Helper constants/funcs for the CLOUDFLARE proxy testing:
 
-func CF_PROXY_OFF() *TestCase   { return tc("proxyoff", cfProxyA("prxy", "174.136.107.111", "off")) }
-func CF_PROXY_ON() *TestCase    { return tc("proxyon", cfProxyA("prxy", "174.136.107.111", "on")) }
-func CF_PROXY_FULL1() *TestCase { return tc("proxyf1", cfProxyA("prxy", "174.136.107.111", "full")) }
-func CF_PROXY_FULL2() *TestCase { return tc("proxyf2", cfProxyA("prxy", "174.136.107.222", "full")) }
-func CF_CPROXY_OFF() *TestCase  { return tc("cproxyoff", cfProxyCNAME("cproxy", "example.com.", "off")) }
-func CF_CPROXY_ON() *TestCase   { return tc("cproxyon", cfProxyCNAME("cproxy", "example.com.", "on")) }
-func CF_CPROXY_FULL() *TestCase { return tc("cproxyf", cfProxyCNAME("cproxy", "example.com.", "full")) }
+func CfProxyOff() *TestCase   { return tc("proxyoff", cfProxyA("prxy", "174.136.107.111", "off")) }
+func CfProxyOn() *TestCase    { return tc("proxyon", cfProxyA("prxy", "174.136.107.111", "on")) }
+func CfProxyFull1() *TestCase { return tc("proxyf1", cfProxyA("prxy", "174.136.107.111", "full")) }
+func CfProxyFull2() *TestCase { return tc("proxyf2", cfProxyA("prxy", "174.136.107.222", "full")) }
+func CfCProxyOff() *TestCase  { return tc("cproxyoff", cfProxyCNAME("cproxy", "example.com.", "off")) }
+func CfCProxyOn() *TestCase   { return tc("cproxyon", cfProxyCNAME("cproxy", "example.com.", "on")) }
+func CfCProxyFull() *TestCase { return tc("cproxyf", cfProxyCNAME("cproxy", "example.com.", "full")) }
 
 // ---
 
@@ -1778,10 +1778,10 @@ func makeTests(t *testing.T) []*TestGroup {
 
 		testgroup("CF_PROXY A create",
 			only("CLOUDFLAREAPI"),
-			CF_PROXY_OFF(), clear(),
-			CF_PROXY_ON(), clear(),
-			CF_PROXY_FULL1(), clear(),
-			CF_PROXY_FULL2(), clear(),
+			CfProxyOff(), clear(),
+			CfProxyOn(), clear(),
+			CfProxyFull1(), clear(),
+			CfProxyFull2(), clear(),
 		),
 
 		// These next testgroups attempt every possible transition between off, on, full1 and full2.
@@ -1791,59 +1791,59 @@ func makeTests(t *testing.T) []*TestGroup {
 		testgroup("CF_PROXY A off to X",
 			only("CLOUDFLAREAPI"),
 			//CF_PROXY_OFF(), CF_PROXY_OFF(), clear(), // redundant
-			CF_PROXY_OFF(), CF_PROXY_ON(), clear(),
-			CF_PROXY_OFF(), CF_PROXY_FULL1(), clear(),
-			CF_PROXY_OFF(), CF_PROXY_FULL2(), clear(),
+			CfProxyOff(), CfProxyOn(), clear(),
+			CfProxyOff(), CfProxyFull1(), clear(),
+			CfProxyOff(), CfProxyFull2(), clear(),
 		),
 
 		testgroup("CF_PROXY A on to X",
 			only("CLOUDFLAREAPI"),
-			CF_PROXY_ON(), CF_PROXY_OFF(), clear(),
+			CfProxyOn(), CfProxyOff(), clear(),
 			//CF_PROXY_ON(), CF_PROXY_ON(), clear(), // redundant
 			//CF_PROXY_ON(), CF_PROXY_FULL1().ExpectNoChanges(), clear(), // Removed for speed
-			CF_PROXY_ON(), CF_PROXY_FULL2(), clear(),
+			CfProxyOn(), CfProxyFull2(), clear(),
 		),
 
 		testgroup("CF_PROXY A full1 to X",
 			only("CLOUDFLAREAPI"),
-			CF_PROXY_FULL1(), CF_PROXY_OFF(), clear(),
+			CfProxyFull1(), CfProxyOff(), clear(),
 			//CF_PROXY_FULL1(), CF_PROXY_ON().ExpectNoChanges(), clear(), // Removed for speed
 			//CF_PROXY_FULL1(), CF_PROXY_FULL1(), clear(), // redundant
-			CF_PROXY_FULL1(), CF_PROXY_FULL2(), clear(),
+			CfProxyFull1(), CfProxyFull2(), clear(),
 		),
 
 		testgroup("CF_PROXY A full2 to X",
 			only("CLOUDFLAREAPI"),
-			CF_PROXY_FULL2(), CF_PROXY_OFF(), clear(),
-			CF_PROXY_FULL2(), CF_PROXY_ON(), clear(),
-			CF_PROXY_FULL2(), CF_PROXY_FULL1(), clear(),
+			CfProxyFull2(), CfProxyOff(), clear(),
+			CfProxyFull2(), CfProxyOn(), clear(),
+			CfProxyFull2(), CfProxyFull1(), clear(),
 			//CF_PROXY_FULL2(), CF_PROXY_FULL2(), clear(), // redundant
 		),
 
 		testgroup("CF_PROXY CNAME create",
 			only("CLOUDFLAREAPI"),
-			CF_CPROXY_OFF(), clear(),
-			CF_CPROXY_ON(), clear(),
-			CF_CPROXY_FULL(), clear(),
+			CfCProxyOff(), clear(),
+			CfCProxyOn(), clear(),
+			CfCProxyFull(), clear(),
 		),
 
 		testgroup("CF_PROXY CNAME off to X",
 			only("CLOUDFLAREAPI"),
 			//CF_CPROXY_OFF(), CF_CPROXY_OFF(), clear(),  // redundant
-			CF_CPROXY_OFF(), CF_CPROXY_ON(), clear(),
-			CF_CPROXY_OFF(), CF_CPROXY_FULL(), clear(),
+			CfCProxyOff(), CfCProxyOn(), clear(),
+			CfCProxyOff(), CfCProxyFull(), clear(),
 		),
 
 		testgroup("CF_PROXY CNAME on to X",
 			only("CLOUDFLAREAPI"),
-			CF_CPROXY_ON(), CF_CPROXY_OFF(), clear(),
+			CfCProxyOn(), CfCProxyOff(), clear(),
 			//CF_CPROXY_ON(), CF_CPROXY_ON(), clear(), // redundant
 			//CF_CPROXY_ON(), CF_CPROXY_FULL().ExpectNoChanges(), clear(), // Removed for speed
 		),
 
 		testgroup("CF_PROXY CNAME full to X",
 			only("CLOUDFLAREAPI"),
-			CF_CPROXY_FULL(), CF_CPROXY_OFF(), clear(),
+			CfCProxyFull(), CfCProxyOff(), clear(),
 			//CF_CPROXY_FULL(), CF_CPROXY_ON().ExpectNoChanges(), clear(), // Removed for speed
 			//CF_CPROXY_FULL(), CF_CPROXY_FULL(), clear(), // redundant
 		),
diff --git a/pkg/dnstree/dnstree.go b/pkg/dnstree/dnstree.go
index a2ec2a520..d07a4bb59 100644
--- a/pkg/dnstree/dnstree.go
+++ b/pkg/dnstree/dnstree.go
@@ -17,6 +17,7 @@ func Create[T any]() *DomainTree[T] {
 	}
 }
 
+// DomainTree is a domain tree.
 type DomainTree[T any] domainNode[T]
 
 type domainNode[T any] struct {
@@ -47,14 +48,14 @@ func (tree *DomainTree[T]) Set(fqdn string, data T) {
 	}
 
 	ptr := (*domainNode[T])(tree)
-	for iX := len(domainParts) - 1; iX > 0; iX -= 1 {
+	for iX := len(domainParts) - 1; iX > 0; iX-- {
 		ptr = ptr.addIntermediate(domainParts[iX])
 	}
 
 	ptr.addLeaf(domainParts[0], isWildcard, data)
 }
 
-// Retrieves the attached data from a given FQDN.
+// Get retrieves the attached data from a given FQDN.
 // The tree will return the data entry for the most specific FQDN entry.
 // If no entry is found Get will return the default value for the specific type.
 //
@@ -69,7 +70,7 @@ func (tree *DomainTree[T]) Get(fqdn string) T {
 	var mostSpecificNode *domainNode[T]
 	ptr := (*domainNode[T])(tree)
 
-	for iX := len(domainParts) - 1; iX >= 0; iX -= 1 {
+	for iX := len(domainParts) - 1; iX >= 0; iX-- {
 		node, ok := ptr.Children[domainParts[iX]]
 		if !ok {
 			if mostSpecificNode != nil {
@@ -103,7 +104,7 @@ func (tree *DomainTree[T]) Has(fqdn string) bool {
 	var mostSpecificNode *domainNode[T]
 	ptr := (*domainNode[T])(tree)
 
-	for iX := len(domainParts) - 1; iX >= 0; iX -= 1 {
+	for iX := len(domainParts) - 1; iX >= 0; iX-- {
 		node, ok := ptr.Children[domainParts[iX]]
 		if !ok {
 			return mostSpecificNode != nil
diff --git a/pkg/notifications/telegram.go b/pkg/notifications/telegram.go
index 5d081eacf..bdadda38a 100644
--- a/pkg/notifications/telegram.go
+++ b/pkg/notifications/telegram.go
@@ -10,11 +10,11 @@ import (
 
 func init() {
 	initers = append(initers, func(cfg map[string]string) Notifier {
-		if bot_token, ok := cfg["telegram_bot_token"]; ok {
-			if chat_id, ok := cfg["telegram_chat_id"]; ok {
+		if botToken, ok := cfg["telegram_bot_token"]; ok {
+			if chatID, ok := cfg["telegram_chat_id"]; ok {
 				notifier := &telegramNotifier{
-					BOT_TOKEN: bot_token,
-					CHAT_ID:   chat_id,
+					BotToken: botToken,
+					ChatID:   chatID,
 				}
 				return notifier
 			}
@@ -25,8 +25,8 @@ func init() {
 
 // telegramNotifier sends notifications to Telegram
 type telegramNotifier struct {
-	BOT_TOKEN string
-	CHAT_ID   string
+	BotToken string
+	ChatID   string
 }
 
 func (s *telegramNotifier) Notify(domain, provider, msg string, err error, preview bool) {
@@ -35,9 +35,9 @@ func (s *telegramNotifier) Notify(domain, provider, msg string, err error, previ
 		Text   string `json:"text"`
 	}
 
-	var url = fmt.Sprintf("https://api.telegram.org/bot%s/sendMessage", s.BOT_TOKEN)
+	var url = fmt.Sprintf("https://api.telegram.org/bot%s/sendMessage", s.BotToken)
 
-	payload.ChatID, _ = strconv.ParseInt(s.CHAT_ID, 10, 64)
+	payload.ChatID, _ = strconv.ParseInt(s.ChatID, 10, 64)
 
 	if preview {
 		payload.Text = fmt.Sprintf(`DNSControl preview: %s[%s] -** %s`, domain, provider, msg)
@@ -47,9 +47,9 @@ func (s *telegramNotifier) Notify(domain, provider, msg string, err error, previ
 		payload.Text = fmt.Sprintf(`DNSControl successfully ran correction for **%s[%s]** - %s`, domain, provider, msg)
 	}
 
-	marshaled_payload, _ := json.Marshal(payload)
+	marshaledPayload, _ := json.Marshal(payload)
 
-	_, _ = http.Post(url, "application/json", bytes.NewBuffer(marshaled_payload))
+	_, _ = http.Post(url, "application/json", bytes.NewBuffer(marshaledPayload))
 
 }
 
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index a310c4136..883725851 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -74,7 +74,7 @@ type cloudflareProvider struct {
 	ignoredLabels   []string
 	manageRedirects bool
 	manageWorkers   bool
-	accountId       string
+	accountID       string
 	cfClient        *cloudflare.API
 }
 
@@ -690,7 +690,7 @@ func newCloudflare(m map[string]string, metadata json.RawMessage) (providers.DNS
 
 	// Check account data if set
 	if m["accountid"] != "" {
-		api.accountId = m["accountid"]
+		api.accountID = m["accountid"]
 	}
 
 	debug, err := strconv.ParseBool(os.Getenv("CLOUDFLAREAPI_DEBUG"))
diff --git a/providers/cloudflare/rest.go b/providers/cloudflare/rest.go
index b2072b11e..0f6bebfec 100644
--- a/providers/cloudflare/rest.go
+++ b/providers/cloudflare/rest.go
@@ -66,7 +66,7 @@ func (c *cloudflareProvider) deleteRec(rec cloudflare.DNSRecord, domainID string
 }
 
 func (c *cloudflareProvider) createZone(domainName string) (string, error) {
-	zone, err := c.cfClient.CreateZone(context.Background(), domainName, false, cloudflare.Account{ID: c.accountId}, "full")
+	zone, err := c.cfClient.CreateZone(context.Background(), domainName, false, cloudflare.Account{ID: c.accountID}, "full")
 	return zone.ID, err
 }
 
@@ -443,7 +443,7 @@ func (c *cloudflareProvider) createTestWorker(workerName string) error {
 			});`,
 	}
 
-	_, err := c.cfClient.UploadWorker(context.Background(), cloudflare.AccountIdentifier(c.accountId), wp)
+	_, err := c.cfClient.UploadWorker(context.Background(), cloudflare.AccountIdentifier(c.accountID), wp)
 	return err
 }
 
diff --git a/providers/netlify/netlifyProvider.go b/providers/netlify/netlifyProvider.go
index 203e3d61a..6b8b050fb 100644
--- a/providers/netlify/netlifyProvider.go
+++ b/providers/netlify/netlifyProvider.go
@@ -12,10 +12,6 @@ import (
 	"github.com/miekg/dns"
 )
 
-var nameServerSuffixes = []string{
-	".nsone.net.",
-}
-
 var features = providers.DocumentationNotes{
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
diff --git a/providers/ns1/ns1Provider.go b/providers/ns1/ns1Provider.go
index 28f1ec478..b642e0c7e 100644
--- a/providers/ns1/ns1Provider.go
+++ b/providers/ns1/ns1Provider.go
@@ -31,8 +31,8 @@ var docNotes = providers.DocumentationNotes{
 	providers.DocOfficiallySupported: providers.Cannot(),
 }
 
-// Number of retries for API backend requests in case of StatusTooManyRequests responses
-const CLIENT_RETRIES = 10
+// clientRetries is the number of retries for API backend requests in case of StatusTooManyRequests responses
+const clientRetries = 10
 
 func init() {
 	fns := providers.DspFuncs{
@@ -69,7 +69,7 @@ func newProvider(creds map[string]string, meta json.RawMessage) (providers.DNSSe
 func (n *nsone) GetZone(domain string) (*dns.Zone, error) {
 	for rtr := 0; ; rtr++ {
 		z, httpResp, err := n.Zones.Get(domain, true)
-		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < CLIENT_RETRIES {
+		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < clientRetries {
 			continue
 		}
 		return z, err
@@ -87,7 +87,7 @@ func (n *nsone) EnsureZoneExists(domain string) error {
 			return nil
 		}
 		// too many requests - retry w/out waiting. We specified rate limit strategy creating the client
-		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < CLIENT_RETRIES {
+		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < clientRetries {
 			continue
 		}
 		return err
@@ -147,7 +147,7 @@ func (n *nsone) GetZoneDNSSEC(domain string) (bool, error) {
 		if err != nil && err == rest.ErrDNSECNotEnabled {
 			return false, nil
 		}
-		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < CLIENT_RETRIES {
+		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < clientRetries {
 			continue
 		}
 		// any other errors not expected, let's surface them
@@ -278,7 +278,7 @@ func (n *nsone) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecor
 func (n *nsone) add(recs models.Records, domain string) error {
 	for rtr := 0; ; rtr++ {
 		httpResp, err := n.Records.Create(buildRecord(recs, domain, ""))
-		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < CLIENT_RETRIES {
+		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < clientRetries {
 			continue
 		}
 		return err
@@ -292,7 +292,7 @@ func (n *nsone) remove(key models.RecordKey, domain string) error {
 
 	for rtr := 0; ; rtr++ {
 		httpResp, err := n.Records.Delete(domain, key.NameFQDN, key.Type)
-		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < CLIENT_RETRIES {
+		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < clientRetries {
 			continue
 		}
 		return err
@@ -302,7 +302,7 @@ func (n *nsone) remove(key models.RecordKey, domain string) error {
 func (n *nsone) modify(recs models.Records, domain string) error {
 	for rtr := 0; ; rtr++ {
 		httpResp, err := n.Records.Update(buildRecord(recs, domain, ""))
-		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < CLIENT_RETRIES {
+		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < clientRetries {
 			continue
 		}
 		return err
@@ -325,7 +325,7 @@ func (n *nsone) configureDNSSEC(domain string, enabled bool) error {
 	z.DNSSEC = &enabled
 	for rtr := 0; ; rtr++ {
 		httpResp, err := n.Zones.Update(z)
-		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < CLIENT_RETRIES {
+		if httpResp.StatusCode == http.StatusTooManyRequests && rtr < clientRetries {
 			continue
 		}
 		return err

From fa890063a18fb97470b1b4b47318e016bc2b5b85 Mon Sep 17 00:00:00 2001
From: imlonghao <git@imlonghao.com>
Date: Sun, 17 Sep 2023 03:52:59 +0800
Subject: [PATCH 54/79] BUG: Ensure report location is not empty (#2560)

---
 commands/previewPush.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/commands/previewPush.go b/commands/previewPush.go
index 70b1d4370..38b6a3543 100644
--- a/commands/previewPush.go
+++ b/commands/previewPush.go
@@ -293,7 +293,7 @@ func run(args PreviewArgs, push bool, interactive bool, out printer.CLI, report
 	if totalCorrections != 0 && args.WarnChanges {
 		return fmt.Errorf("there are pending changes")
 	}
-	if report != nil {
+	if report != nil && *report != "" {
 		f, err := os.OpenFile(*report, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644)
 		if err != nil {
 			return err

From 39445b1cadccfa4729428bc7e71f6613159b4d51 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Sep 2023 10:57:44 -0400
Subject: [PATCH 55/79] Build(deps): Bump docker/setup-qemu-action from 2 to 3
 (#2561)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/draft_release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/draft_release.yml b/.github/workflows/draft_release.yml
index 82494ff90..a41517a85 100644
--- a/.github/workflows/draft_release.yml
+++ b/.github/workflows/draft_release.yml
@@ -16,7 +16,7 @@ jobs:
     steps:
 
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
+      uses: docker/setup-qemu-action@v3
 
     - name: Checkout repo
       uses: actions/checkout@v4

From 08338b322306ce2db513348f0ad46c4de255c3ce Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Sep 2023 11:32:58 -0400
Subject: [PATCH 56/79] Build(deps): Bump docker/login-action from 2 to 3
 (#2563)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/draft_release.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/draft_release.yml b/.github/workflows/draft_release.yml
index a41517a85..4f9e9312f 100644
--- a/.github/workflows/draft_release.yml
+++ b/.github/workflows/draft_release.yml
@@ -27,13 +27,13 @@ jobs:
 # back one commit.
 
     - name: Login to Docker Hub
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
 
     - name: Login to GitHub Container Registry
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ github.repository_owner }}

From bf94f193459e1df879e00cf221cd288169613dc0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Sep 2023 11:34:59 -0400
Subject: [PATCH 57/79] Build(deps): Bump goreleaser/goreleaser-action from 4
 to 5 (#2562)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/build.yml         | 4 ++--
 .github/workflows/draft_release.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d13048b13..f7363f33b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -46,7 +46,7 @@ jobs:
       id: build_binaries_tagged
       name: Build binaries (if tagged)
       if: github.ref_type == 'tag'
-      uses: goreleaser/goreleaser-action@v4
+      uses: goreleaser/goreleaser-action@v5
       with:
         distribution: goreleaser
         version: latest
@@ -57,7 +57,7 @@ jobs:
       id: build_binaries_not_tagged
       name: Build binaries (not tagged)
       if: github.ref_type != 'tag'
-      uses: goreleaser/goreleaser-action@v4
+      uses: goreleaser/goreleaser-action@v5
       with:
         distribution: goreleaser
         version: latest
diff --git a/.github/workflows/draft_release.yml b/.github/workflows/draft_release.yml
index 4f9e9312f..cd443ce40 100644
--- a/.github/workflows/draft_release.yml
+++ b/.github/workflows/draft_release.yml
@@ -59,7 +59,7 @@ jobs:
     -
       id: release
       name: Goreleaser release
-      uses: goreleaser/goreleaser-action@v4
+      uses: goreleaser/goreleaser-action@v5
       with:
         distribution: goreleaser
         version: latest

From 08afef7f7c2c34674525f729f1b41edb06aa1667 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 20 Sep 2023 13:03:46 -0400
Subject: [PATCH 58/79] CHORE: Clean up checkRecordSetHasMultipleTTLs (#2565)

---
 pkg/normalize/validate.go      | 6 ++----
 pkg/normalize/validate_test.go | 4 ++--
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index 3b30cc34b..88c9b8578 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -12,7 +12,6 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/miekg/dns"
 	"github.com/miekg/dns/dnsutil"
-	"golang.org/x/exp/slices"
 )
 
 // Returns false if target does not validate.
@@ -620,13 +619,12 @@ func checkRecordSetHasMultipleTTLs(records []*models.RecordConfig) (errs []error
 		labels[i] = k
 		i++
 	}
-
 	sort.Strings(labels)
-	slices.Compact(labels)
+	// NB(tlim): No need to de-dup labels. They come from map keys.
 
-	// Invert for a more clear error message:
 	for _, label := range labels {
 		if len(m[label]) > 1 {
+			// Invert for a more clear error message:
 			r := make(map[string]map[uint32]bool)
 			for ttl, rtypes := range m[label] {
 				for rtype := range rtypes {
diff --git a/pkg/normalize/validate_test.go b/pkg/normalize/validate_test.go
index 528827f6c..0bd842014 100644
--- a/pkg/normalize/validate_test.go
+++ b/pkg/normalize/validate_test.go
@@ -411,7 +411,7 @@ func TestCheckRecordSetHasMultipleTTLs_err_3type_2ttl(t *testing.T) {
 	}
 	errs := checkRecordSetHasMultipleTTLs(records)
 	if len(errs) != 0 {
-		t.Errorf("Expected 0 errors (differnt types, no errors), but got %d: %v", len(errs), errs)
+		t.Errorf("Expected 0 errors (different types, no errors), but got %d: %v", len(errs), errs)
 	}
 }
 
@@ -424,7 +424,7 @@ func TestCheckRecordSetHasMultipleTTLs_err_3type_3ttl(t *testing.T) {
 	}
 	errs := checkRecordSetHasMultipleTTLs(records)
 	if len(errs) != 1 {
-		t.Errorf("Expected 0 errors (differnt types, 1 error), but got %d: %v", len(errs), errs)
+		t.Errorf("Expected 0 errors (different types, 1 error), but got %d: %v", len(errs), errs)
 	}
 }
 

From 69bf714852e6e757887376676410a561313ab2d0 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 26 Sep 2023 11:25:57 -0400
Subject: [PATCH 59/79] TESTING: handoff() tests should disable NO_PURGE
 (#2568)

---
 pkg/diff2/handsoff_test.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkg/diff2/handsoff_test.go b/pkg/diff2/handsoff_test.go
index 94e315292..7f89fb82a 100644
--- a/pkg/diff2/handsoff_test.go
+++ b/pkg/diff2/handsoff_test.go
@@ -164,7 +164,7 @@ D("f.com", "none",
 	A("foo3", "3.3.3.3", ENSURE_ABSENT_REC()),
 {})
 `
-	handsoffHelper(t, existingZone, desiredJs, true, `
+	handsoffHelper(t, existingZone, desiredJs, false, `
 IGNORED:
 FOREIGN:
 	`)
@@ -184,7 +184,7 @@ D("f.com", "none",
 	IGNORE_NAME("foo3"),
 {})
 `
-	handsoffHelper(t, existingZone, desiredJs, true, `
+	handsoffHelper(t, existingZone, desiredJs, false, `
 IGNORED:
 foo3 A 3.3.3.3
 foo3 MX 10 mymx.example.com.
@@ -207,7 +207,7 @@ D("f.com", "none",
 	IGNORE_NAME("foo3", "MX"),
 {})
 `
-	handsoffHelper(t, existingZone, desiredJs, true, `
+	handsoffHelper(t, existingZone, desiredJs, false, `
 IGNORED:
 foo3 MX 10 mymx.example.com.
 FOREIGN:
@@ -228,7 +228,7 @@ D("f.com", "none",
 	IGNORE_TARGET('**.acm-validations.aws.', 'CNAME'),
 {})
 `
-	handsoffHelper(t, existingZone, desiredJs, true, `
+	handsoffHelper(t, existingZone, desiredJs, false, `
 IGNORED:
 _2222222222222222.cr CNAME _333333.nnn.acm-validations.aws.
 FOREIGN:

From 4e3f5f31c74af8ca6aa034a864c3a99d94a1856e Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Wed, 27 Sep 2023 14:13:07 +0100
Subject: [PATCH 60/79] INWX: Support up to 2,147,483,647 domains (old limit
 was 20) (#2566)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/inwx/inwxProvider.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/providers/inwx/inwxProvider.go b/providers/inwx/inwxProvider.go
index 3c50f7c27..6768dd24f 100644
--- a/providers/inwx/inwxProvider.go
+++ b/providers/inwx/inwxProvider.go
@@ -402,6 +402,7 @@ func (api *inwxAPI) GetRegistrarCorrections(dc *models.DomainConfig) ([]*models.
 // fetchNameserverDomains returns the domains configured in INWX nameservers
 func (api *inwxAPI) fetchNameserverDomains() error {
 	request := &goinwx.DomainListRequest{}
+	request.PageLimit = 2147483647 // int32 max value, highest number API accepts
 	info, err := api.client.Domains.List(request)
 	if err != nil {
 		return err

From 2d6d536ade4b516f51d618f5ed2a97130fd74da3 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 28 Sep 2023 09:32:18 -0400
Subject: [PATCH 61/79] CHORE: Update deps (#2569)

---
 go.mod | 20 ++++++++++----------
 go.sum | 44 ++++++++++++++++++++++----------------------
 2 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/go.mod b/go.mod
index a666a2b22..d10617c9a 100644
--- a/go.mod
+++ b/go.mod
@@ -12,15 +12,15 @@ require (
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
 	github.com/aws/aws-sdk-go-v2 v1.21.0
-	github.com/aws/aws-sdk-go-v2/config v1.18.39
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.37
+	github.com/aws/aws-sdk-go-v2/config v1.18.42
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.40
 	github.com/aws/aws-sdk-go-v2/service/route53 v1.29.5
 	github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.3
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5
-	github.com/cloudflare/cloudflare-go v0.77.0
+	github.com/cloudflare/cloudflare-go v0.78.0
 	github.com/digitalocean/godo v1.102.1
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.2.0
@@ -51,7 +51,7 @@ require (
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
 	golang.org/x/net v0.15.0
 	golang.org/x/oauth2 v0.12.0
-	google.golang.org/api v0.141.0
+	google.golang.org/api v0.143.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.8
 )
 
@@ -79,11 +79,11 @@ require (
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.13.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.21.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.14.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.22.0 // indirect
 	github.com/aws/smithy-go v1.14.2 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
@@ -102,7 +102,7 @@ require (
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/uuid v1.3.1 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/gopherjs/gopherjs v1.17.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
@@ -140,7 +140,7 @@ require (
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.13.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 // indirect
 	google.golang.org/grpc v1.57.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/ini.v1 v1.66.6 // indirect
diff --git a/go.sum b/go.sum
index acb8bb383..f17552aca 100644
--- a/go.sum
+++ b/go.sum
@@ -35,30 +35,30 @@ github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEq
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc=
 github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
-github.com/aws/aws-sdk-go-v2/config v1.18.39 h1:oPVyh6fuu/u4OiW4qcuQyEtk7U7uuNBmHmJSLg1AJsQ=
-github.com/aws/aws-sdk-go-v2/config v1.18.39/go.mod h1:+NH/ZigdPckFpgB1TRcRuWCB/Kbbvkxc/iNAKTq5RhE=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.37 h1:BvEdm09+ZEh2XtN+PVHPcYwKY3wIeB6pw7vPRM4M9/U=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.37/go.mod h1:ACLrdkd4CLZyXOghZ8IYumQbcooAcp2jo/s2xsFH8IM=
+github.com/aws/aws-sdk-go-v2/config v1.18.42 h1:28jHROB27xZwU0CB88giDSjz7M1Sba3olb5JBGwina8=
+github.com/aws/aws-sdk-go-v2/config v1.18.42/go.mod h1:4AZM3nMMxwlG+eZlxvBKqwVbkDLlnN2a4UGTL6HjaZI=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.40 h1:s8yOkDh+5b1jUDhMBtngF6zKWLDs84chUk2Vk0c38Og=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.40/go.mod h1:VtEHVAAqDWASwdOqj/1huyT6uHbs5s8FUHfDQdky/Rs=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 h1:uDZJF1hu0EVT/4bogChk8DyjSF6fof6uL/0Y26Ma7Fg=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11/go.mod h1:TEPP4tENqBGO99KwVpV9MlOX4NSrSLP8u3KRy2CDwA8=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 h1:22dGT7PneFMx4+b3pz7lMTRyN8ZKH7M2cW4GP9yUS2g=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 h1:SijA0mgjV8E+8G45ltVHs0fvKpTj8xmZJ3VwhGKtUSI=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42 h1:GPUcE/Yq7Ur8YSUk6lVkoIMWnJNO0HT18GUzCWCgCI0=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42/go.mod h1:rzfdUlfA+jdgLDmPKjd3Chq9V7LVLYo1Nz++Wb91aRo=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43 h1:g+qlObJH4Kn4n21g69DjspU0hKTjWtq7naZ9OLCv0ew=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43/go.mod h1:rzfdUlfA+jdgLDmPKjd3Chq9V7LVLYo1Nz++Wb91aRo=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 h1:CdzPW9kKitgIiLV1+MHobfR5Xg25iYnyzWZhyQuSlDI=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35/go.mod h1:QGF2Rs33W5MaN9gYdEQOBBFPLwTZkEhRwI33f7KIG0o=
 github.com/aws/aws-sdk-go-v2/service/route53 v1.29.5 h1:6wPin3WPyQpBl/QZsoNUnqvXy4Ib1Ygv7VagGvLKJAc=
 github.com/aws/aws-sdk-go-v2/service/route53 v1.29.5/go.mod h1:6zl0jh5MUKuJ07eHn3MNeLOVutxwl8m9vQltZjoLakM=
 github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.3 h1:aaHlZb06fyEQ3uqEVJiN3hLt8syCzX+tWZiz40S4c0Y=
 github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.3/go.mod h1:SK+5R1cYgVgSfBGi9T/gPGNIuLInF3eIRYNruia62rg=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.6 h1:2PylFCfKCEDv6PeSN09pC/VUiRd10wi1VfHG5FrW0/g=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.6/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.6 h1:pSB560BbVj9ZlJZF4WYj5zsytWHWKxg+NgyGV4B2L58=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.6/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
-github.com/aws/aws-sdk-go-v2/service/sts v1.21.5 h1:CQBFElb0LS8RojMJlxRSo/HXipvTZW2S44Lt9Mk2aYQ=
-github.com/aws/aws-sdk-go-v2/service/sts v1.21.5/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
+github.com/aws/aws-sdk-go-v2/service/sso v1.14.1 h1:YkNzx1RLS0F5qdf9v1Q8Cuv9NXCL2TkosOxhzlUPV64=
+github.com/aws/aws-sdk-go-v2/service/sso v1.14.1/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1 h1:8lKOidPkmSmfUtiTgtdXWgaKItCZ/g75/jEk6Ql6GsA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
+github.com/aws/aws-sdk-go-v2/service/sts v1.22.0 h1:s4bioTgjSFRwOoyEFzAVCmFmoowBgjTR8gkrF/sQ4wk=
+github.com/aws/aws-sdk-go-v2/service/sts v1.22.0/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
 github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ=
 github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -81,8 +81,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.77.0 h1:bVUGkSKdXEz8+u2Yj3ASqZsqlcsPkeB+PDqVs9OE7TY=
-github.com/cloudflare/cloudflare-go v0.77.0/go.mod h1:R+Q/Im0G0MzKJxj3eXOBBE8xpnchVA9tSiQwOEvfW4Y=
+github.com/cloudflare/cloudflare-go v0.78.0 h1:xMPdjJ+e2tGNUkw5LyduPlsMCaILEoN1Kqq/uEMx78w=
+github.com/cloudflare/cloudflare-go v0.78.0/go.mod h1:R+Q/Im0G0MzKJxj3eXOBBE8xpnchVA9tSiQwOEvfW4Y=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -193,8 +193,8 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.5 h1:UR4rDjcgpgEnqpIEvkiqTYKBCKLNmlge2eVjoZfySzM=
-github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w=
+github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nwzf+AHBxnbFjViHQS4P0yVpmQ=
+github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
 github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
 github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -533,8 +533,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.141.0 h1:Df6vfMgDoIM6ss0m7H4MPwFwY87WNXHfBIda/Bmfl4E=
-google.golang.org/api v0.141.0/go.mod h1:iZqLkdPlXKyG0b90eu6KxVSE4D/ccRF2e/doKD2CnQQ=
+google.golang.org/api v0.143.0 h1:o8cekTkqhywkbZT6p1UHJPZ9+9uuCAJs/KYomxZB8fA=
+google.golang.org/api v0.143.0/go.mod h1:FoX9DO9hT7DLNn97OuoZAGSDuNAXdJRuGK98rSUgurk=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
@@ -542,10 +542,10 @@ google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCID
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 h1:L6iMMGrtzgHsWofoFcihmDEMYeDR9KN/ThbPWGrh++g=
-google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5 h1:nIgk/EEq3/YlnmVVXVnm14rC2oxgs1o0ong4sD/rd44=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832 h1:o4LtQxebKIJ4vkzyhtD2rfUNZ20Zf0ik5YVP5E7G7VE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
+google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb h1:XFBgcDwm7irdHTbz4Zk2h7Mh+eis4nfJEFQFYzJzuIA=
+google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb h1:lK0oleSc7IQsUxO3U5TjL9DWlsxpEBemh+zpB7IqhWI=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 h1:N3bU/SQDCDyD6R528GJ/PwW9KjYcJA3dgyH+MovAkIM=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:KSqppvjFjtoCI+KGd4PELB0qLNxdJHRGqRI09mB6pQA=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=

From dd23e88f9fe622cb4df32b67d88e246d22d9df41 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Fri, 29 Sep 2023 19:48:40 +0200
Subject: [PATCH 62/79] DOCS: Align Docker command (#2571)

---
 documentation/getting-started.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/getting-started.md b/documentation/getting-started.md
index bc7dc51ba..80f2169b5 100644
--- a/documentation/getting-started.md
+++ b/documentation/getting-started.md
@@ -26,7 +26,7 @@ sudo port install dnscontrol
 You can use DNSControl locally using the Docker image from [Docker hub](https://hub.docker.com/r/stackexchange/dnscontrol/)  or [Github Container Registry](https://github.com/stackexchange/dnscontrol/pkgs/container/dnscontrol) and the command below.
 
 ```shell
-  docker run --rm -it -v "$(pwd):/dns"  ghcr.io/stackexchange/dnscontrol preview
+docker run --rm -it -v "$(pwd):/dns"  ghcr.io/stackexchange/dnscontrol preview
 ```
 
 ### Binaries

From e29642fb527eaebef43faf4619d891e655f91c6e Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Fri, 29 Sep 2023 19:50:42 +0200
Subject: [PATCH 63/79] DOCS: Typo GitHub (#2570)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/getting-started.md  | 2 +-
 documentation/providers/loopia.md | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/documentation/getting-started.md b/documentation/getting-started.md
index 80f2169b5..9235b3c53 100644
--- a/documentation/getting-started.md
+++ b/documentation/getting-started.md
@@ -23,7 +23,7 @@ sudo port install dnscontrol
 
 ### Docker
 
-You can use DNSControl locally using the Docker image from [Docker hub](https://hub.docker.com/r/stackexchange/dnscontrol/)  or [Github Container Registry](https://github.com/stackexchange/dnscontrol/pkgs/container/dnscontrol) and the command below.
+You can use DNSControl locally using the Docker image from [Docker hub](https://hub.docker.com/r/stackexchange/dnscontrol/) or [GitHub Container Registry](https://github.com/stackexchange/dnscontrol/pkgs/container/dnscontrol) and the command below.
 
 ```shell
 docker run --rm -it -v "$(pwd):/dns"  ghcr.io/stackexchange/dnscontrol preview
diff --git a/documentation/providers/loopia.md b/documentation/providers/loopia.md
index a608cf1f1..034cc49e4 100644
--- a/documentation/providers/loopia.md
+++ b/documentation/providers/loopia.md
@@ -6,7 +6,7 @@ They provide support in English and other regional variants (Norwegian, Serbian,
 
 This plugin is based on API documents found at 
 [https://www.loopia.com/api/](https://www.loopia.com/api/)
-and by observing API responses. Hat tip to Github @hazzeh whose code for the
+and by observing API responses. Hat tip to GitHub @hazzeh whose code for the
 LEGO Loopia implementation was helpful.
 
 Sadly the Loopia API has some problems:
@@ -70,7 +70,7 @@ There is no test endpoint. Fly free, grasshopper.
 
 Turning on debug will show the XML requests and responses, and include the
 username and password from your `creds.json` file. If you want to share these, 
-like for a Github issue, be sure to redact those from the XML.
+like for a GitHub issue, be sure to redact those from the XML.
 
 ### Fetch Apex NS Entries
 

From 60949c3ca666c5e925dfe586c367defa481354db Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 1 Oct 2023 12:07:10 -0400
Subject: [PATCH 64/79] Build(deps): Bump alpine from 3.18.3 to 3.18.4 (#2574)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index c2405e582..f392fc6ff 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax = docker/dockerfile:1.4
 
-FROM alpine:3.18.3@sha256:7144f7bab3d4c2648d7e59409f15ec52a18006a128c733fcff20d3a4a54ba44a as RUN
+FROM alpine:3.18.4@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978 as RUN
 
 # Add runtime dependencies
 # - tzdata: Go time required external dependency eg: TRANSIP and possibly others

From a87cf1787d64dd1ec6fcadf2ffbb7edc7878af88 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Tue, 3 Oct 2023 18:31:59 +0100
Subject: [PATCH 65/79] INWX: Updated docs for limit up to 2,147,483,647
 domains (#2579)

---
 documentation/providers/inwx.md | 33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/documentation/providers/inwx.md b/documentation/providers/inwx.md
index b17f381ec..6df8d8fd7 100644
--- a/documentation/providers/inwx.md
+++ b/documentation/providers/inwx.md
@@ -5,7 +5,7 @@ INWX.de is a Berlin-based domain registrar.
 To use this provider, add an entry to `creds.json` with `TYPE` set to `INWX`
 along with your INWX username and password.
 
-Example:
+**Example:**
 
 {% code title="creds.json" %}
 ```json
@@ -19,18 +19,19 @@ Example:
 ```
 {% endcode %}
 
-### Two factor authentication
+### Two-factor authentication
+
+INWX supports two-factor authentication via TOTP and does not allow TOTP codes to be reused. This means that you will only be able to log into your INWX account once every 30 seconds.
 
-INWX supports two factor authentication via TOTP and does not allow TOTP codes to be reused. This means that you will only be able to log into your INWX account once every 30 seconds.
 You will hit this limitation in the following two scenarios:
 
 * You run DNSControl twice very quickly (to e.g. first use preview and then push). Waiting for 30 seconds to pass between these two invocations will work fine though.
-* You use INWX as both the registrar and the DNS provider. In this case, DNSControl will try to login twice too quickly and the second login will fail because a TOTP code will be reused. The only way to support this configuration is to use a INWX account without two factor authentication.
+* You use INWX as both the registrar and the DNS provider. In this case, DNSControl will try to login twice too quickly and the second login will fail because a TOTP code will be reused. The only way to support this configuration is to use a INWX account without two-factor authentication.
 
-If you cannot work around these two limitation it is possible to contact the INWX support to request a sub-account for API access only without two factor authentication.
-See issue [issue 848](https://github.com/StackExchange/dnscontrol/issues/848#issuecomment-692288859) for details.
+If you cannot work around these two limitation it is possible to create and manage sub-account - with specific permission sets - dedicated for API access with two-factor
+authentication disabled. This is possible at [inwx.de/en/account](https://www.inwx.de/en/account).
 
-If two factor authentication has been enabled you will also need to provide a valid TOTP number.
+If two-factor authentication has been enabled you will also need to provide a valid TOTP number.
 This can also be done via an environment variable:
 
 {% code title="creds.json" %}
@@ -53,11 +54,11 @@ INWX_TOTP=12345 dnscontrol preview
 ```
 
 It is also possible to directly provide the shared TOTP secret using the key "totp-key" in `creds.json`.
-This secret is only shown once when two factor authentication is enabled and you'll have to make sure to write it down then.
+This secret is only shown once when two-factor authentication is enabled and you'll have to make sure to write it down then.
 
 **Important Notes**:
 * Anyone with access to this `creds.json` file will have *full* access to your INWX account and will be able to transfer and/or delete your domains
-* Storing the shared secret together with the password weakens two factor authentication because both factors are stored in a single place.
+* Storing the shared secret together with the password weakens two-factor authentication because both factors are stored in a single place.
 
 {% code title="creds.json" %}
 ```json
@@ -73,8 +74,7 @@ This secret is only shown once when two factor authentication is enabled and you
 {% endcode %}
 
 ### Sandbox
-You can optionally also specify sandbox with a value of 1 to
-redirect all requests to the sandbox API instead:
+You can optionally also specify sandbox with a value of 1 to redirect all requests to the sandbox API instead:
 
 {% code title="creds.json" %}
 ```json
@@ -89,13 +89,10 @@ redirect all requests to the sandbox API instead:
 ```
 {% endcode %}
 
-If sandbox is omitted or set to any other value the production
-API will be used.
-
+If sandbox is omitted or set to any other value the production API will be used.
 
 ## Metadata
-This provider does not recognize any special metadata fields unique to
-INWX.
+This provider does not recognize any special metadata fields unique to INWX.
 
 ## Usage
 An example `dnsconfig.js` configuration file
@@ -112,3 +109,7 @@ D("example.com", REG_INWX, DnsProvider(DSP_CF),
 );
 ```
 {% endcode %}
+
+**Note**: The INWX provider implementation currently only supports up to 2,147,483,647 domains. If you exceed
+this limit, it is expected that dnscontrol will fail to recognize some domains. Should you exceed this
+limit, please open an issue on GitHub.

From 60f9e4f87f122fa121c4947164b879ffc853a905 Mon Sep 17 00:00:00 2001
From: Jakob Ackermann <das7pad@outlook.com>
Date: Tue, 3 Oct 2023 19:35:48 +0200
Subject: [PATCH 66/79] TESTING: un-skip TestDualProviders (#2576)

Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 integrationTest/integration_test.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index a40288104..69bed066d 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -348,7 +348,6 @@ func runTests(t *testing.T, prv providers.DNSServiceProvider, domainName string,
 }
 
 func TestDualProviders(t *testing.T) {
-	t.Skip()
 	p, domain, _, _ := getProvider(t)
 	if p == nil {
 		return

From 46f15114ddd26f4eae28dbffacd91ae0f8542192 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 8 Oct 2023 11:33:19 -0400
Subject: [PATCH 67/79] IMPORT_TRANSFORM: Be more forgiving about non-standard
 rtypes (#2587)

---
 pkg/normalize/validate.go | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index 88c9b8578..ad00650d6 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -263,7 +263,7 @@ func importTransform(srcDomain, dstDomain *models.DomainConfig, transforms []tra
 			}
 			return rec2
 		}
-		switch rec.Type { // #rtype_variations
+		switch rec.Type {
 		case "A":
 			trs, err := transform.IPToList(net.ParseIP(rec.GetTargetField()), transforms)
 			if err != nil {
@@ -278,14 +278,9 @@ func importTransform(srcDomain, dstDomain *models.DomainConfig, transforms []tra
 			r := newRec()
 			r.SetTarget(transformCNAME(r.GetTargetField(), srcDomain.Name, dstDomain.Name))
 			dstDomain.Records = append(dstDomain.Records, r)
-		case "AKAMAICDN", "MX", "NAPTR", "NS", "SOA", "SRV", "TXT", "CAA", "TLSA":
-			// Not imported.
-			continue
-		case "LOC":
-			continue
 		default:
-			return fmt.Errorf("import_transform: Unimplemented record type %v (%v)",
-				rec.Type, rec.GetLabel())
+			// Anything else is ignored.
+			continue
 		}
 	}
 	return nil

From e7f1872fd5f90f019268a153265f079446b73e65 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 8 Oct 2023 11:33:42 -0400
Subject: [PATCH 68/79] CSCGLOBAL: Be silent about backoffs less than 10s
 (#2588)

---
 providers/cscglobal/api.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/providers/cscglobal/api.go b/providers/cscglobal/api.go
index df141d753..dd8224013 100644
--- a/providers/cscglobal/api.go
+++ b/providers/cscglobal/api.go
@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"log"
 	"net/http"
 	"os"
 	"sort"
@@ -665,7 +664,11 @@ retry:
 
 		if string(bodyString) == "Requests exceeded API Rate limit." {
 			// a simple exponential back-off with a 3-minute max.
-			log.Printf("Delaying %v due to ratelimit\n", backoff)
+			if backoff > 10 {
+				// With this provider backups seem to be pretty common. Only
+				// announce it when the problem gets really bad.
+				printer.Printf("Delaying %v due to ratelimit (CSCGLOBAL)\n", backoff)
+			}
 			time.Sleep(backoff)
 			backoff = backoff + (backoff / 2)
 			if backoff > maxBackoff {

From f661cd47779a433d7f26138a0b93c6e8246a0453 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Sun, 8 Oct 2023 17:35:53 +0200
Subject: [PATCH 69/79] DOCS: TypeScript improvements (#2586)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/typescript.md | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/documentation/typescript.md b/documentation/typescript.md
index 16db1f036..e1d3a92ab 100644
--- a/documentation/typescript.md
+++ b/documentation/typescript.md
@@ -25,9 +25,11 @@ dnscontrol write-types
 
 This file has all the information your editor or IDE needs.  It must be in the same directory as the `dnsconfig.js` file you are editing.
 
-NOTE: Re-run the `dnscontrol write-types` command any time you upgrade
+{% hint style="info" %}
+**NOTE**: Re-run the `dnscontrol write-types` command any time you upgrade
 DNSControl. Because it is generated from the command, it will always be correct
 for the version of DNSControl you are using.
+{% endhint %}
 
 2. Tell your editor
 
@@ -50,15 +52,19 @@ If your editor requires extra steps, please [file a bug](https://github.com/Stac
 
 ### Bugs?
 
-**Bugs?**  Not all features of DNSControl work perfectly at the moment. Please report bugs and feature requests on https://github.com/StackExchange/dnscontrol/issues
+{% hint style="warning" %}
+**BUGS**: Not all features of DNSControl work perfectly at the moment. Please report bugs and feature requests on https://github.com/StackExchange/dnscontrol/issues
+{% endhint %}
 
-**This is experimental.** This feature is currently experimental. We might change the installation instructions as we find better ways to enable this.
+{% hint style="info" %}
+**NOTE**: This feature is currently experimental. We might change the installation instructions as we find better ways to enable this.
+{% endhint %}
 
-## Known bugs
+## Known bugs/issue
 
-## Bug: `CLI_DEFAULTS` not implemented
+### Bug: `CLI_DEFAULTS` not implemented
 
-Bug: Values passed to `CLI_DEFAULTS` (and the corresponding `-v` command-line option) don’t show up as global variables
+Values passed to `CLI_DEFAULTS` (and the corresponding `-v` command-line option) don’t show up as global variables
 
 Workaround: create a new `.d.ts` file in the same folder as your `dnsconfig.js` file. In that file, add the following line for each variable you want to use (replacing `VARIABLE_NAME` with the name of the variable).
 
@@ -71,7 +77,6 @@ declare const VARIABLE_NAME: string;
 
 This will tell TypeScript that the variable exists, and that it’s a string.
 
-## Known issue: `FETCH` not always accurate
-
-Bug: `FETCH` is always shown as available, even if you don’t run DNSControl with the `--allow-fetch` flag.
+### Known issue: `FETCH` not always accurate
 
+`FETCH` is always shown as available, even if you don’t run DNSControl with the `--allow-fetch` flag.

From 7e79713603410c301121ea8f7f40eaa6d2a91e67 Mon Sep 17 00:00:00 2001
From: Purrrpley <63091454+Purrrpley@users.noreply.github.com>
Date: Mon, 9 Oct 2023 02:39:18 +1100
Subject: [PATCH 70/79] Fix the return types of `*_BUILDER` functions (#2583)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 commands/types/dnscontrol.d.ts                | 28 +++++++++----------
 .../{record => domain}/CAA_BUILDER.md         |  0
 .../{record => domain}/DMARC_BUILDER.md       |  0
 .../{record => domain}/LOC_BUILDER_DD.md      |  0
 .../{record => domain}/LOC_BUILDER_DMM_STR.md |  0
 .../{record => domain}/LOC_BUILDER_DMS_STR.md |  0
 .../{record => domain}/LOC_BUILDER_STR.md     |  0
 .../{record => domain}/M365_BUILDER.md        |  0
 8 files changed, 14 insertions(+), 14 deletions(-)
 rename documentation/functions/{record => domain}/CAA_BUILDER.md (100%)
 rename documentation/functions/{record => domain}/DMARC_BUILDER.md (100%)
 rename documentation/functions/{record => domain}/LOC_BUILDER_DD.md (100%)
 rename documentation/functions/{record => domain}/LOC_BUILDER_DMM_STR.md (100%)
 rename documentation/functions/{record => domain}/LOC_BUILDER_DMS_STR.md (100%)
 rename documentation/functions/{record => domain}/LOC_BUILDER_STR.md (100%)
 rename documentation/functions/{record => domain}/M365_BUILDER.md (100%)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index aa1aeada6..f91aedc10 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -409,9 +409,9 @@ declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value:
  * CAA("@", "issuewild", ";")
  * ```
  *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/caa_builder
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/caa_builder
  */
-declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critical?: boolean; issue: string[]; issuewild: string }): RecordModifier;
+declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critical?: boolean; issue: string[]; issuewild: string }): DomainModifier;
 
 /**
  * `CF_REDIRECT` uses Cloudflare-specific features ("Forwarding URL" Page Rules) to
@@ -753,9 +753,9 @@ declare const DISABLE_IGNORE_SAFETY_CHECK: DomainModifier;
  * * TXT records are automatically split using `AUTOSPLIT`.
  * * URIs in the `rua` and `ruf` arrays are passed raw. You must percent-encode all commas and exclamation points in the URI itself.
  *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/dmarc_builder
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/dmarc_builder
  */
-declare function DMARC_BUILDER(opts: { label?: string; version?: string; policy: 'none' | 'quarantine' | 'reject'; subdomainPolicy?: 'none' | 'quarantine' | 'reject'; alignmentSPF?: 'strict' | 's' | 'relaxed' | 'r'; alignmentDKIM?: 'strict' | 's' | 'relaxed' | 'r'; percent?: number; rua?: string[]; ruf?: string[]; failureOptions?: { SPF: boolean, DKIM: boolean } | string; failureFormat?: string; reportInterval?: Duration; ttl?: Duration }): RecordModifier;
+declare function DMARC_BUILDER(opts: { label?: string; version?: string; policy: 'none' | 'quarantine' | 'reject'; subdomainPolicy?: 'none' | 'quarantine' | 'reject'; alignmentSPF?: 'strict' | 's' | 'relaxed' | 'r'; alignmentDKIM?: 'strict' | 's' | 'relaxed' | 'r'; percent?: number; rua?: string[]; ruf?: string[]; failureOptions?: { SPF: boolean, DKIM: boolean } | string; failureFormat?: string; reportInterval?: Duration; ttl?: Duration }): DomainModifier;
 
 /**
  * `DOMAIN_ELSEWHERE()` is a helper macro that lets you easily indicate that
@@ -1561,9 +1561,9 @@ declare function LOC(deg1: number, min1: number, sec1: number, deg2: number, min
  *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
  *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
  *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/loc_builder_dd
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_dd
  */
-declare function LOC_BUILDER_DD(opts: { label?: string; x: number; y: number; alt?: number; ttl?: Duration }): RecordModifier;
+declare function LOC_BUILDER_DD(opts: { label?: string; x: number; y: number; alt?: number; ttl?: Duration }): DomainModifier;
 
 /**
  * `LOC_BUILDER_DMM({})` actually takes an object with the following properties:
@@ -1603,9 +1603,9 @@ declare function LOC_BUILDER_DD(opts: { label?: string; x: number; y: number; al
  *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
  *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
  *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/loc_builder_dmm_str
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_dmm_str
  */
-declare function LOC_BUILDER_DMM_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): RecordModifier;
+declare function LOC_BUILDER_DMM_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): DomainModifier;
 
 /**
  * `LOC_BUILDER_DMS_STR({})` actually takes an object with the following properties:
@@ -1646,9 +1646,9 @@ declare function LOC_BUILDER_DMM_STR(opts: { label?: string; str: string; alt?:
  *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
  *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
  *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/loc_builder_dms_str
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_dms_str
  */
-declare function LOC_BUILDER_DMS_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): RecordModifier;
+declare function LOC_BUILDER_DMS_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): DomainModifier;
 
 /**
  * `LOC_BUILDER_STR({})` actually takes an object with the following: properties.
@@ -1694,9 +1694,9 @@ declare function LOC_BUILDER_DMS_STR(opts: { label?: string; str: string; alt?:
  *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
  *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
  *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/loc_builder_str
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_str
  */
-declare function LOC_BUILDER_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): RecordModifier;
+declare function LOC_BUILDER_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): DomainModifier;
 
 /**
  * DNSControl offers a `M365_BUILDER` which can be used to simply set up Microsoft 365 for a domain in an opinionated way.
@@ -1743,9 +1743,9 @@ declare function LOC_BUILDER_STR(opts: { label?: string; str: string; alt?: numb
  * * `domainGUID` The GUID of _this_ Microsoft 365 domain (default: `<label>.<context>` with `.` replaced by `-`, no default if domain contains dashes)
  * * `initialDomain` The initial domain of your Microsoft 365 tenant/account, ends in `onmicrosoft.com`
  *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/m365_builder
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/m365_builder
  */
-declare function M365_BUILDER(opts: { label?: string; mx?: boolean; autodiscover?: boolean; dkim?: boolean; skypeForBusiness?: boolean; mdm?: boolean; domainGUID?: string; initialDomain?: string }): RecordModifier;
+declare function M365_BUILDER(opts: { label?: string; mx?: boolean; autodiscover?: boolean; dkim?: boolean; skypeForBusiness?: boolean; mdm?: boolean; domainGUID?: string; initialDomain?: string }): DomainModifier;
 
 /**
  * MX adds an MX record to the domain.
diff --git a/documentation/functions/record/CAA_BUILDER.md b/documentation/functions/domain/CAA_BUILDER.md
similarity index 100%
rename from documentation/functions/record/CAA_BUILDER.md
rename to documentation/functions/domain/CAA_BUILDER.md
diff --git a/documentation/functions/record/DMARC_BUILDER.md b/documentation/functions/domain/DMARC_BUILDER.md
similarity index 100%
rename from documentation/functions/record/DMARC_BUILDER.md
rename to documentation/functions/domain/DMARC_BUILDER.md
diff --git a/documentation/functions/record/LOC_BUILDER_DD.md b/documentation/functions/domain/LOC_BUILDER_DD.md
similarity index 100%
rename from documentation/functions/record/LOC_BUILDER_DD.md
rename to documentation/functions/domain/LOC_BUILDER_DD.md
diff --git a/documentation/functions/record/LOC_BUILDER_DMM_STR.md b/documentation/functions/domain/LOC_BUILDER_DMM_STR.md
similarity index 100%
rename from documentation/functions/record/LOC_BUILDER_DMM_STR.md
rename to documentation/functions/domain/LOC_BUILDER_DMM_STR.md
diff --git a/documentation/functions/record/LOC_BUILDER_DMS_STR.md b/documentation/functions/domain/LOC_BUILDER_DMS_STR.md
similarity index 100%
rename from documentation/functions/record/LOC_BUILDER_DMS_STR.md
rename to documentation/functions/domain/LOC_BUILDER_DMS_STR.md
diff --git a/documentation/functions/record/LOC_BUILDER_STR.md b/documentation/functions/domain/LOC_BUILDER_STR.md
similarity index 100%
rename from documentation/functions/record/LOC_BUILDER_STR.md
rename to documentation/functions/domain/LOC_BUILDER_STR.md
diff --git a/documentation/functions/record/M365_BUILDER.md b/documentation/functions/domain/M365_BUILDER.md
similarity index 100%
rename from documentation/functions/record/M365_BUILDER.md
rename to documentation/functions/domain/M365_BUILDER.md

From 9abbf44b30729e84dc50e2da6ed76a384cb3cfe1 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Sun, 8 Oct 2023 17:46:24 +0200
Subject: [PATCH 71/79] DOCS: INWX provider improvements (#2580)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers/inwx.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/documentation/providers/inwx.md b/documentation/providers/inwx.md
index 6df8d8fd7..036a77ede 100644
--- a/documentation/providers/inwx.md
+++ b/documentation/providers/inwx.md
@@ -110,6 +110,8 @@ D("example.com", REG_INWX, DnsProvider(DSP_CF),
 ```
 {% endcode %}
 
-**Note**: The INWX provider implementation currently only supports up to 2,147,483,647 domains. If you exceed
-this limit, it is expected that dnscontrol will fail to recognize some domains. Should you exceed this
-limit, please open an issue on GitHub.
+{% hint style="info" %}
+**NOTE**: The INWX provider implementation currently only supports up to 2,147,483,647 domains. If you exceed
+this limit, it is expected that DNSControl will fail to recognize some domains. Should you exceed this
+limit, please [open an issue on GitHub](https://github.com/StackExchange/dnscontrol/issues/new/choose).
+{% endhint %}

From 7bf5fc6b656a1fe0241955a72d4593c5029a83df Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 8 Oct 2023 11:52:39 -0400
Subject: [PATCH 72/79] CHORE: Increase minimum Go version to 1.21 (#2590)

---
 .github/workflows/build.yml            | 6 +++---
 .github/workflows/draft_release.yml    | 2 +-
 .github/workflows/release.yml.DISABLED | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f7363f33b..f222624cf 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -10,7 +10,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     container:
-      image: golang:1.20
+      image: golang:1.21
     env:
       TEST_RESULTS: "/tmp/test-results"
     steps:
@@ -95,7 +95,7 @@ jobs:
     needs: integration-test-providers
     runs-on: ubuntu-latest
     container:
-      image: golang:1.20
+      image: golang:1.21
       env:
         TEST_RESULTS: "/tmp/test-results"
         GOTESTSUM_FORMAT: testname
@@ -199,7 +199,7 @@ jobs:
     if: github.ref != 'refs/heads/master' && github.ref != 'refs/heads/main'
     runs-on: ubuntu-latest
     container:
-      image: golang:1.20
+      image: golang:1.21
     needs:
     - integration-test-providers
     - integrtests-diff1
diff --git a/.github/workflows/draft_release.yml b/.github/workflows/draft_release.yml
index cd443ce40..77845f4f2 100644
--- a/.github/workflows/draft_release.yml
+++ b/.github/workflows/draft_release.yml
@@ -42,7 +42,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v4
       with:
-        go-version: ^1.20
+        go-version: ^1.21
 
 # For some reason goreleaser isn't correctly setting the version
 # string used by "dnscontrol version".  Therefore, we're forcing the
diff --git a/.github/workflows/release.yml.DISABLED b/.github/workflows/release.yml.DISABLED
index 8c81178be..bb14282e3 100644
--- a/.github/workflows/release.yml.DISABLED
+++ b/.github/workflows/release.yml.DISABLED
@@ -23,7 +23,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v4
       with:
-        go-version: ^1.20
+        go-version: ^1.21
 
     - name: Build binaries
       run: go run build/build.go

From cb3c020f45a3dd63a7e585ffb3d7c08aea601e62 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 8 Oct 2023 13:06:39 -0400
Subject: [PATCH 73/79] CHORE: Update deps (#2589)

---
 go.mod |  54 +++++++++++++++--------------
 go.sum | 108 +++++++++++++++++++++++++++++++--------------------------
 2 files changed, 86 insertions(+), 76 deletions(-)

diff --git a/go.mod b/go.mod
index d10617c9a..8b4b32050 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,8 @@
 module github.com/StackExchange/dnscontrol/v4
 
-go 1.18
+go 1.21
+
+toolchain go1.21.1
 
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
@@ -11,17 +13,17 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.21.0
-	github.com/aws/aws-sdk-go-v2/config v1.18.42
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.40
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.29.5
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.3
+	github.com/aws/aws-sdk-go-v2 v1.21.1
+	github.com/aws/aws-sdk-go-v2/config v1.18.44
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.42
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.30.1
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.4
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5
 	github.com/cloudflare/cloudflare-go v0.78.0
-	github.com/digitalocean/godo v1.102.1
+	github.com/digitalocean/godo v1.103.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.2.0
 	github.com/exoscale/egoscale v0.90.2
@@ -49,9 +51,9 @@ require (
 	github.com/transip/gotransip/v6 v6.21.0
 	github.com/urfave/cli/v2 v2.25.7
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/net v0.15.0
-	golang.org/x/oauth2 v0.12.0
-	google.golang.org/api v0.143.0
+	golang.org/x/net v0.16.0
+	golang.org/x/oauth2 v0.13.0
+	google.golang.org/api v0.145.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.8
 )
 
@@ -63,7 +65,7 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.19
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20230905200255-921286631fa9
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
 	golang.org/x/text v0.13.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -76,15 +78,15 @@ require (
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
 	github.com/andybalholm/cascadia v1.3.1 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.14.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.22.0 // indirect
-	github.com/aws/smithy-go v1.14.2 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.15.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.23.1 // indirect
+	github.com/aws/smithy-go v1.15.0 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
@@ -133,15 +135,15 @@ require (
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/crypto v0.13.0 // indirect
-	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.12.0 // indirect
+	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/mod v0.13.0 // indirect
+	golang.org/x/sync v0.4.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.13.0 // indirect
+	golang.org/x/tools v0.14.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 // indirect
-	google.golang.org/grpc v1.57.0 // indirect
+	google.golang.org/grpc v1.58.2 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/ini.v1 v1.66.6 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
diff --git a/go.sum b/go.sum
index f17552aca..e40a170eb 100644
--- a/go.sum
+++ b/go.sum
@@ -33,34 +33,34 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc=
-github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
-github.com/aws/aws-sdk-go-v2/config v1.18.42 h1:28jHROB27xZwU0CB88giDSjz7M1Sba3olb5JBGwina8=
-github.com/aws/aws-sdk-go-v2/config v1.18.42/go.mod h1:4AZM3nMMxwlG+eZlxvBKqwVbkDLlnN2a4UGTL6HjaZI=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.40 h1:s8yOkDh+5b1jUDhMBtngF6zKWLDs84chUk2Vk0c38Og=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.40/go.mod h1:VtEHVAAqDWASwdOqj/1huyT6uHbs5s8FUHfDQdky/Rs=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 h1:uDZJF1hu0EVT/4bogChk8DyjSF6fof6uL/0Y26Ma7Fg=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11/go.mod h1:TEPP4tENqBGO99KwVpV9MlOX4NSrSLP8u3KRy2CDwA8=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 h1:22dGT7PneFMx4+b3pz7lMTRyN8ZKH7M2cW4GP9yUS2g=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 h1:SijA0mgjV8E+8G45ltVHs0fvKpTj8xmZJ3VwhGKtUSI=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43 h1:g+qlObJH4Kn4n21g69DjspU0hKTjWtq7naZ9OLCv0ew=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43/go.mod h1:rzfdUlfA+jdgLDmPKjd3Chq9V7LVLYo1Nz++Wb91aRo=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 h1:CdzPW9kKitgIiLV1+MHobfR5Xg25iYnyzWZhyQuSlDI=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35/go.mod h1:QGF2Rs33W5MaN9gYdEQOBBFPLwTZkEhRwI33f7KIG0o=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.29.5 h1:6wPin3WPyQpBl/QZsoNUnqvXy4Ib1Ygv7VagGvLKJAc=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.29.5/go.mod h1:6zl0jh5MUKuJ07eHn3MNeLOVutxwl8m9vQltZjoLakM=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.3 h1:aaHlZb06fyEQ3uqEVJiN3hLt8syCzX+tWZiz40S4c0Y=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.3/go.mod h1:SK+5R1cYgVgSfBGi9T/gPGNIuLInF3eIRYNruia62rg=
-github.com/aws/aws-sdk-go-v2/service/sso v1.14.1 h1:YkNzx1RLS0F5qdf9v1Q8Cuv9NXCL2TkosOxhzlUPV64=
-github.com/aws/aws-sdk-go-v2/service/sso v1.14.1/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1 h1:8lKOidPkmSmfUtiTgtdXWgaKItCZ/g75/jEk6Ql6GsA=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
-github.com/aws/aws-sdk-go-v2/service/sts v1.22.0 h1:s4bioTgjSFRwOoyEFzAVCmFmoowBgjTR8gkrF/sQ4wk=
-github.com/aws/aws-sdk-go-v2/service/sts v1.22.0/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
-github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ=
-github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/aws-sdk-go-v2 v1.21.1 h1:wjHYshtPpYOZm+/mu3NhVgRRc0baM6LJZOmxPZ5Cwzs=
+github.com/aws/aws-sdk-go-v2 v1.21.1/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
+github.com/aws/aws-sdk-go-v2/config v1.18.44 h1:U10NQ3OxiY0dGGozmVIENIDnCT0W432PWxk2VO8wGnY=
+github.com/aws/aws-sdk-go-v2/config v1.18.44/go.mod h1:pHxnQBldd0heEdJmolLBk78D1Bf69YnKLY3LOpFImlU=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.42 h1:KMkjpZqcMOwtRHChVlHdNxTUUAC6NC/b58mRZDIdcRg=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.42/go.mod h1:7ltKclhvEB8305sBhrpls24HGxORl6qgnQqSJ314Uw8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12 h1:3j5lrl9kVQrJ1BU4O0z7MQ8sa+UXdiLuo4j0V+odNI8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12/go.mod h1:JbFpcHDBdsex1zpIKuVRorZSQiZEyc3MykNCcjgz174=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42 h1:817VqVe6wvwE46xXy6YF5RywvjOX6U2zRQQ6IbQFK0s=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42/go.mod h1:oDfgXoBBmj+kXnqxDDnIDnC56QBosglKp8ftRCTxR+0=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36 h1:7ZApaXzWbo8slc+W5TynuUlB4z66g44h7uqa3/d/BsY=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36/go.mod h1:rwr4WnmFi3RJO0M4dxbJtgi9BPLMpVBMX1nUte5ha9U=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44 h1:quOJOqlbSfeJTboXLjYXM1M9T52LBXqLoTPlmsKLpBo=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44/go.mod h1:LNy+P1+1LiRcCsVYr/4zG5n8zWFL0xsvZkOybjbftm8=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36 h1:YXlm7LxwNlauqb2OrinWlcvtsflTzP8GaMvYfQBhoT4=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36/go.mod h1:ou9ffqJ9hKOVZmjlC6kQ6oROAyG1M4yBKzR+9BKbDwk=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.30.1 h1:0gm0oqA2ymMkWeCeQ1KS0i+8SiVJmnqH/7BNeuHuRus=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.30.1/go.mod h1:oOxDG1TB1dEYnCFiLHWVaSoQxWvolSJOytDdIJrqaEw=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.4 h1:1uA3FBoMAcAPqb/TqI4dm9QgxmOJGXc8jnf3eaSgu9I=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.4/go.mod h1:hxqmMdnrGjnzRY2has/lmletY1Exs/iKmzOLjvpMy/c=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.1 h1:ZN3bxw9OYC5D6umLw6f57rNJfGfhg1DIAAcKpzyUTOE=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.1/go.mod h1:PieckvBoT5HtyB9AsJRrYZFY2Z+EyfVM/9zG6gbV8DQ=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2 h1:fSCCJuT5i6ht8TqGdZc5Q5K9pz/atrf7qH4iK5C9XzU=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2/go.mod h1:5eNtr+vNc5vVd92q7SJ+U/HszsIdhZBEyi9dkMRKsp8=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.1 h1:ASNYk1ypWAxRhJjKS0jBnTUeDl7HROOpeSMu1xDA/I8=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.1/go.mod h1:2cnsAhVT3mqusovc2stUSUrSBGTcX9nh8Tu6xh//2eI=
+github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
+github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
@@ -95,11 +95,12 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.102.1 h1:BrNePwIXjQWjOJXVTBqkURMjm70BRR0qXbRKfHNBF24=
-github.com/digitalocean/godo v1.102.1/go.mod h1:SaUYccN7r+CO1QtsbXGypAsgobDrmSfVMJESEfXgoEg=
+github.com/digitalocean/godo v1.103.0 h1:ynhlulyoBN+VvQ/yquIsh93DlY3lZxmcwgiw3XrsAyQ=
+github.com/digitalocean/godo v1.103.0/go.mod h1:rUTTOeu4ozN+i3BnyQasMpDyhIVIefANbc4dYe6v6N0=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
+github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
 github.com/dnsimple/dnsimple-go v1.2.0 h1:ddTGyLVKly5HKb5L65AkLqFqwZlWo3WnR0BlFZlIddM=
 github.com/dnsimple/dnsimple-go v1.2.0/go.mod h1:z/cs26v/eiRvUyXsHQBLd8lWF8+cD6GbmkPH84plM4U=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -179,6 +180,7 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-github/v35 v35.3.0 h1:fU+WBzuukn0VssbayTT+Zo3/ESKX9JYWjbZTLOTEyho=
 github.com/google/go-github/v35 v35.3.0/go.mod h1:yWB7uCcVWaUbUP74Aq3whuMySRMatyRmq5U9FTNlbio=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
@@ -212,6 +214,7 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
+github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
@@ -365,6 +368,7 @@ github.com/robertkrimen/otto v0.2.1/go.mod h1:UPwtJ1Xu7JrLcZjNWN8orJaM5n5YEtqL//
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
+github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
@@ -379,6 +383,7 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykE
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
+github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM=
 github.com/softlayer/softlayer-go v1.1.2 h1:rUSSGCyaxymvTOsaFjwr+cGxA8muw3xg2LSrIMNcN/c=
 github.com/softlayer/softlayer-go v1.1.2/go.mod h1:hvAbzGH4LRXA6yXY8BNx99yoqZ7urfDdtl9mvBf0G+g=
 github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e h1:3OgWYFw7jxCZPcvAg+4R8A50GZ+CCkARF10lxu2qDsQ=
@@ -432,19 +437,19 @@ golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
-golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
-golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
-golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
+golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180406214816-61147c48b25b/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -462,19 +467,19 @@ golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
-golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
+golang.org/x/net v0.16.0 h1:7eBu7KsSvFDtSXUIDbh3aqlK4DPsZ1rByC8PFfBThos=
+golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4=
-golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4=
+golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
+golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
+golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -498,8 +503,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
-golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -527,14 +532,14 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
-golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
+golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
+golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.143.0 h1:o8cekTkqhywkbZT6p1UHJPZ9+9uuCAJs/KYomxZB8fA=
-google.golang.org/api v0.143.0/go.mod h1:FoX9DO9hT7DLNn97OuoZAGSDuNAXdJRuGK98rSUgurk=
+google.golang.org/api v0.145.0 h1:kBjvf1A3/m30kUvnUX9jZJxTu3lJrpGFt5V/1YZrjwg=
+google.golang.org/api v0.145.0/go.mod h1:OARJqIfoYjXJj4C1AiBSXYZt03qsoz8FQYU6fBEfrHM=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
@@ -543,7 +548,9 @@ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoA
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb h1:XFBgcDwm7irdHTbz4Zk2h7Mh+eis4nfJEFQFYzJzuIA=
+google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4=
 google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb h1:lK0oleSc7IQsUxO3U5TjL9DWlsxpEBemh+zpB7IqhWI=
+google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 h1:N3bU/SQDCDyD6R528GJ/PwW9KjYcJA3dgyH+MovAkIM=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:KSqppvjFjtoCI+KGd4PELB0qLNxdJHRGqRI09mB6pQA=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -551,8 +558,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw=
-google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
+google.golang.org/grpc v1.58.2 h1:SXUpjxeVF3FKrTYQI4f4KvbGD5u2xccdYdurwowix5I=
+google.golang.org/grpc v1.58.2/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -578,6 +585,7 @@ gopkg.in/errgo.v1 v1.0.0-20161222125816-442357a80af5/go.mod h1:u0ALmqvLRxLI95fkd
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/h2non/gock.v1 v1.0.15/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE=
 gopkg.in/h2non/gock.v1 v1.1.2 h1:jBbHXgGBK/AoPVfJh5x4r/WxIrElvbLel8TCZkkZJoY=
+gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaDva0=
 gopkg.in/httprequest.v1 v1.1.1/go.mod h1:/CkavNL+g3qLOrpFHVrEx4NKepeqR4XTZWNj4sGGjz0=
 gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=

From 071fd2b7dfefeb15e6cbe81f2c296320d978120e Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 9 Oct 2023 15:39:45 +0200
Subject: [PATCH 74/79] DOCS: Updated *_BUILDER  (#2585)

---
 documentation/SUMMARY.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 3ff6172a7..fd4ee0124 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -35,11 +35,13 @@
     * [AUTODNSSEC_OFF](functions/domain/AUTODNSSEC_OFF.md)
     * [AUTODNSSEC_ON](functions/domain/AUTODNSSEC_ON.md)
     * [CAA](functions/domain/CAA.md)
+    * [CAA_BUILDER](functions/domain/CAA_BUILDER.md)
     * [CNAME](functions/domain/CNAME.md)
-    * [DefaultTTL](functions/domain/DefaultTTL.md)
     * [DISABLE_IGNORE_SAFETY_CHECK](functions/domain/DISABLE_IGNORE_SAFETY_CHECK.md)
-    * [DnsProvider](functions/domain/DnsProvider.md)
+    * [DMARC_BUILDER](functions/domain/DMARC_BUILDER.md)
     * [DS](functions/domain/DS.md)
+    * [DefaultTTL](functions/domain/DefaultTTL.md)
+    * [DnsProvider](functions/domain/DnsProvider.md)
     * [FRAME](functions/domain/FRAME.md)
     * [IGNORE](functions/domain/IGNORE.md)
     * [IGNORE_NAME](functions/domain/IGNORE_NAME.md)
@@ -47,6 +49,11 @@
     * [IMPORT_TRANSFORM](functions/domain/IMPORT_TRANSFORM.md)
     * [INCLUDE](functions/domain/INCLUDE.md)
     * [LOC](functions/domain/LOC.md)
+    * [LOC_BUILDER_DD](functions/domain/LOC_BUILDER_DD.md)
+    * [LOC_BUILDER_DMM_STR](functions/domain/LOC_BUILDER_DMM_STR.md)
+    * [LOC_BUILDER_DMS_STR](functions/domain/LOC_BUILDER_DMS_STR.md)
+    * [LOC_BUILDER_STR](functions/domain/LOC_BUILDER_STR.md)
+    * [M365_BUILDER](functions/domain/M365_BUILDER.md)
     * [MX](functions/domain/MX.md)
     * [NAMESERVER](functions/domain/NAMESERVER.md)
     * [NAMESERVER_TTL](functions/domain/NAMESERVER_TTL.md)
@@ -56,6 +63,7 @@
     * [PTR](functions/domain/PTR.md)
     * [PURGE](functions/domain/PURGE.md)
     * [SOA](functions/domain/SOA.md)
+    * [SPF_BUILDER](functions/domain/SPF_BUILDER.md)
     * [SRV](functions/domain/SRV.md)
     * [SSHFP](functions/domain/SSHFP.md)
     * [TLSA](functions/domain/TLSA.md)
@@ -78,14 +86,6 @@
         * NS1
             * [NS1_URLFWD](functions/domain/NS1_URLFWD.md)
 * Record Modifiers
-    * [CAA_BUILDER](functions/record/CAA_BUILDER.md)
-    * [DMARC_BUILDER](functions/record/DMARC_BUILDER.md)
-    * [LOC_BUILDER_DD](functions/record/LOC_BUILDER_DD.md)
-    * [LOC_BUILDER_DMM_STR](functions/record/LOC_BUILDER_DMM_STR.md)
-    * [LOC_BUILDER_DMS_STR](functions/record/LOC_BUILDER_DMS_STR.md)
-    * [LOC_BUILDER_STR](functions/record/LOC_BUILDER_STR.md)
-    * [M365_BUILDER](functions/record/M365_BUILDER.md)
-    * [SPF_BUILDER](functions/record/SPF_BUILDER.md)
     * [TTL](functions/record/TTL.md)
     * Service Provider specific
         * Amazon Route 53

From 71174551c4a638c3e3b6c4825a1b10a0fa5c2534 Mon Sep 17 00:00:00 2001
From: Yuhui Xu <xuyh0120@outlook.com>
Date: Fri, 13 Oct 2023 04:36:36 -0700
Subject: [PATCH 75/79] GCORE: fix TXT record double quoting (#2592)

Thanks!
---
 providers/gcore/convert.go | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/providers/gcore/convert.go b/providers/gcore/convert.go
index 938caf9d7..0854409b6 100644
--- a/providers/gcore/convert.go
+++ b/providers/gcore/convert.go
@@ -40,7 +40,12 @@ func nativeToRecords(n gcoreRRSetExtended, zoneName string) ([]*models.RecordCon
 				return nil, fmt.Errorf("unparsable record received from G-Core: %w", err)
 			}
 
-		default: //  "A", "AAAA", "CAA", "NS", "CNAME", "MX", "PTR", "SRV", "TXT"
+		case "TXT": // Avoid double quoting for TXT records
+			if err := rc.SetTargetTXTs(convertSdkAnySliceToTxtSlice(value.Content)); err != nil {
+				return nil, fmt.Errorf("unparsable record received from G-Core: %w", err)
+			}
+
+		default: //  "A", "AAAA", "CAA", "NS", "CNAME", "MX", "PTR", "SRV"
 			if err := rc.PopulateFromString(recType, value.ContentToString(), zoneName); err != nil {
 				return nil, fmt.Errorf("unparsable record received from G-Core: %w", err)
 			}
@@ -79,6 +84,12 @@ func recordsToNative(rcs []*models.RecordConfig, expectedKey models.RecordKey) *
 				Meta:    nil,
 				Enabled: true,
 			}
+		case "TXT":	// Avoid double quoting for TXT records
+			rr = dnssdk.ResourceRecord{
+				Content: convertTxtSliceToSdkAnySlice(r.TxtStrings),
+				Meta:    nil,
+				Enabled: true,
+			}
 		default:
 			rr = dnssdk.ResourceRecord{
 				Content: dnssdk.ContentFromValue(key.Type, r.GetTargetCombined()),
@@ -107,3 +118,19 @@ func recordsToNative(rcs []*models.RecordConfig, expectedKey models.RecordKey) *
 
 	return result
 }
+
+func convertTxtSliceToSdkAnySlice(records []string) []any {
+	result := []any{}
+	for _, record := range records {
+		result = append(result, record)
+	}
+	return result
+}
+
+func convertSdkAnySliceToTxtSlice(records []any) []string {
+	result := []string{}
+	for _, record := range records {
+		result = append(result, record.(string))
+	}
+	return result
+}

From c41a975bdb55a3c54e9b443425df2d7a8ce140be Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 13 Oct 2023 10:48:15 -0400
Subject: [PATCH 76/79] CHORE: Update deps (#2594)

---
 go.mod                     | 42 ++++++++---------
 go.sum                     | 92 +++++++++++++++++++-------------------
 providers/gcore/convert.go |  2 +-
 3 files changed, 68 insertions(+), 68 deletions(-)

diff --git a/go.mod b/go.mod
index 8b4b32050..51eafd1e1 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.21
 toolchain go1.21.1
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0
 	github.com/Azure/go-autorest/autorest/to v0.4.0
 	github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7
@@ -13,17 +13,17 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.21.1
-	github.com/aws/aws-sdk-go-v2/config v1.18.44
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.42
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.30.1
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.4
+	github.com/aws/aws-sdk-go-v2 v1.21.2
+	github.com/aws/aws-sdk-go-v2/config v1.18.45
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.43
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.30.2
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.5
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5
-	github.com/cloudflare/cloudflare-go v0.78.0
-	github.com/digitalocean/godo v1.103.0
+	github.com/cloudflare/cloudflare-go v0.79.0
+	github.com/digitalocean/godo v1.104.1
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.2.0
 	github.com/exoscale/egoscale v0.90.2
@@ -48,12 +48,12 @@ require (
 	github.com/robertkrimen/otto v0.2.1
 	github.com/softlayer/softlayer-go v1.1.2
 	github.com/stretchr/testify v1.8.4
-	github.com/transip/gotransip/v6 v6.21.0
+	github.com/transip/gotransip/v6 v6.22.0
 	github.com/urfave/cli/v2 v2.25.7
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/net v0.16.0
+	golang.org/x/net v0.17.0
 	golang.org/x/oauth2 v0.13.0
-	google.golang.org/api v0.145.0
+	google.golang.org/api v0.147.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.8
 )
 
@@ -73,19 +73,19 @@ require (
 require (
 	cloud.google.com/go/compute v1.23.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
 	github.com/andybalholm/cascadia v1.3.1 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.15.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.23.1 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
 	github.com/aws/smithy-go v1.15.0 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
@@ -142,7 +142,7 @@ require (
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.14.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c // indirect
 	google.golang.org/grpc v1.58.2 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/ini.v1 v1.66.6 // indirect
diff --git a/go.sum b/go.sum
index e40a170eb..d5a9a27e9 100644
--- a/go.sum
+++ b/go.sum
@@ -3,10 +3,10 @@ cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopT
 cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1 h1:/iHxaJhsFr0+xVFfbMr5vxz848jyiWuIEDhYq3y5odY=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1 h1:LNHhpdK7hzUcx/k1LIcuh5k7k1LGIWLQfCjaneSj7Fc=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1/go.mod h1:uE9zaUfEQT/nbQjVi2IblCG9iaLtZsuYZ8ne+PuQ02M=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 h1:9kDVnTz3vbfweTqAUmk/a/pH5pWFCHtvRpHYC0G/dcA=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0 h1:8iR6OLffWWorFdzL2JFCab5xpD8VKEE2DUBBl+HNTDY=
@@ -33,32 +33,32 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.21.1 h1:wjHYshtPpYOZm+/mu3NhVgRRc0baM6LJZOmxPZ5Cwzs=
-github.com/aws/aws-sdk-go-v2 v1.21.1/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
-github.com/aws/aws-sdk-go-v2/config v1.18.44 h1:U10NQ3OxiY0dGGozmVIENIDnCT0W432PWxk2VO8wGnY=
-github.com/aws/aws-sdk-go-v2/config v1.18.44/go.mod h1:pHxnQBldd0heEdJmolLBk78D1Bf69YnKLY3LOpFImlU=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.42 h1:KMkjpZqcMOwtRHChVlHdNxTUUAC6NC/b58mRZDIdcRg=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.42/go.mod h1:7ltKclhvEB8305sBhrpls24HGxORl6qgnQqSJ314Uw8=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12 h1:3j5lrl9kVQrJ1BU4O0z7MQ8sa+UXdiLuo4j0V+odNI8=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12/go.mod h1:JbFpcHDBdsex1zpIKuVRorZSQiZEyc3MykNCcjgz174=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42 h1:817VqVe6wvwE46xXy6YF5RywvjOX6U2zRQQ6IbQFK0s=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42/go.mod h1:oDfgXoBBmj+kXnqxDDnIDnC56QBosglKp8ftRCTxR+0=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36 h1:7ZApaXzWbo8slc+W5TynuUlB4z66g44h7uqa3/d/BsY=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36/go.mod h1:rwr4WnmFi3RJO0M4dxbJtgi9BPLMpVBMX1nUte5ha9U=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44 h1:quOJOqlbSfeJTboXLjYXM1M9T52LBXqLoTPlmsKLpBo=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44/go.mod h1:LNy+P1+1LiRcCsVYr/4zG5n8zWFL0xsvZkOybjbftm8=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36 h1:YXlm7LxwNlauqb2OrinWlcvtsflTzP8GaMvYfQBhoT4=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36/go.mod h1:ou9ffqJ9hKOVZmjlC6kQ6oROAyG1M4yBKzR+9BKbDwk=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.30.1 h1:0gm0oqA2ymMkWeCeQ1KS0i+8SiVJmnqH/7BNeuHuRus=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.30.1/go.mod h1:oOxDG1TB1dEYnCFiLHWVaSoQxWvolSJOytDdIJrqaEw=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.4 h1:1uA3FBoMAcAPqb/TqI4dm9QgxmOJGXc8jnf3eaSgu9I=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.4/go.mod h1:hxqmMdnrGjnzRY2has/lmletY1Exs/iKmzOLjvpMy/c=
-github.com/aws/aws-sdk-go-v2/service/sso v1.15.1 h1:ZN3bxw9OYC5D6umLw6f57rNJfGfhg1DIAAcKpzyUTOE=
-github.com/aws/aws-sdk-go-v2/service/sso v1.15.1/go.mod h1:PieckvBoT5HtyB9AsJRrYZFY2Z+EyfVM/9zG6gbV8DQ=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2 h1:fSCCJuT5i6ht8TqGdZc5Q5K9pz/atrf7qH4iK5C9XzU=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2/go.mod h1:5eNtr+vNc5vVd92q7SJ+U/HszsIdhZBEyi9dkMRKsp8=
-github.com/aws/aws-sdk-go-v2/service/sts v1.23.1 h1:ASNYk1ypWAxRhJjKS0jBnTUeDl7HROOpeSMu1xDA/I8=
-github.com/aws/aws-sdk-go-v2/service/sts v1.23.1/go.mod h1:2cnsAhVT3mqusovc2stUSUrSBGTcX9nh8Tu6xh//2eI=
+github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
+github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
+github.com/aws/aws-sdk-go-v2/config v1.18.45 h1:Aka9bI7n8ysuwPeFdm77nfbyHCAKQ3z9ghB3S/38zes=
+github.com/aws/aws-sdk-go-v2/config v1.18.45/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43 h1:LU8vo40zBlo3R7bAvBVy/ku4nxGEyZe9N8MqAeFTzF8=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43/go.mod h1:zWJBz1Yf1ZtX5NGax9ZdNjhhI4rgjfgsyk6vTY1yfVg=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 h1:PIktER+hwIG286DqXyvVENjgLTAwGgoeriLDD5C+YlQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13/go.mod h1:f/Ib/qYjhV2/qdsf79H3QP/eRE4AkVyEf6sk7XfZ1tg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 h1:nFBQlGtkbPzp/NjZLuFxRqmT91rLJkgvsEQs68h962Y=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 h1:JRVhO25+r3ar2mKGP7E0LDl8K9/G36gjlqca5iQbaqc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 h1:hze8YsjSh8Wl1rYa1CJpRmXP21BvOBuc76YhW0HsuQ4=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45/go.mod h1:lD5M20o09/LCuQ2mE62Mb/iSdSlCNuj6H5ci7tW7OsE=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 h1:WWZA/I2K4ptBS1kg0kV1JbBtG/umed0vwHRrmcr9z7k=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37/go.mod h1:vBmDnwWXWxNPFRMmG2m/3MKOe+xEcMDo1tanpaWCcck=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.30.2 h1:/RPQNjh1sDIezpXaFIkZb7MlXnSyAqjVdAwcJuGYTqg=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.30.2/go.mod h1:TQZBt/WaQy+zTHoW++rnl8JBrmZ0VO6EUbVua1+foCA=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.5 h1:18p6+HD6xj5oOtDNi1XvW0PkZw/xticjOvSbIWFyw6I=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.5/go.mod h1:BhMj1pZPuQfzuS96s4ScniYr9qhPwDMA19N4eWPM1Lg=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 h1:JuPGc7IkOP4AaqcZSIcyqLpFSqBWK32rM9+a1g6u73k=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2/go.mod h1:gsL4keucRCgW+xA85ALBpRFfdSLH4kHOVSnLMSuBECo=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 h1:HFiiRkf1SdaAmV3/BHOFZ9DjFynPHj8G/UIO1lQS+fk=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3/go.mod h1:a7bHA82fyUXOm+ZSWKU6PIoBxrjSprdLoM8xPYvzYVg=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 h1:0BkLfgeDjfZnZ+MhB3ONb01u9pwFYTCZVhlsSSBvlbU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2/go.mod h1:Eows6e1uQEsc4ZaHANmsPRzAKcVDrcmjjWiih2+HUUQ=
 github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
 github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -81,8 +81,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.78.0 h1:xMPdjJ+e2tGNUkw5LyduPlsMCaILEoN1Kqq/uEMx78w=
-github.com/cloudflare/cloudflare-go v0.78.0/go.mod h1:R+Q/Im0G0MzKJxj3eXOBBE8xpnchVA9tSiQwOEvfW4Y=
+github.com/cloudflare/cloudflare-go v0.79.0 h1:ErwCYDjFCYppDJlDJ/5WhsSmzegAUe2+K9qgFyQDg3M=
+github.com/cloudflare/cloudflare-go v0.79.0/go.mod h1:gkHQf9xEubaQPEuerBuoinR9P8bf8a05Lq0X6WKy1Oc=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -95,8 +95,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.103.0 h1:ynhlulyoBN+VvQ/yquIsh93DlY3lZxmcwgiw3XrsAyQ=
-github.com/digitalocean/godo v1.103.0/go.mod h1:rUTTOeu4ozN+i3BnyQasMpDyhIVIefANbc4dYe6v6N0=
+github.com/digitalocean/godo v1.104.1 h1:SZNxjAsskM/su0YW9P8Wx3gU0W1Z13b6tZlYNpl5BnA=
+github.com/digitalocean/godo v1.104.1/go.mod h1:VAI/L5YDzMuPRU01lEEUSQ/sp5Z//1HnnFv/RBTEdbg=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
@@ -404,8 +404,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/transip/gotransip/v6 v6.21.0 h1:UIcO7uxhSuMbBjte960ypm/mZqqntuHo44Qk08RLzqM=
-github.com/transip/gotransip/v6 v6.21.0/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgsMwIn2c0EZLk8c=
+github.com/transip/gotransip/v6 v6.22.0 h1:22nRVa0wQwCakRB4zlCVBgexEACBnvLjYuvDRm31q3w=
+github.com/transip/gotransip/v6 v6.22.0/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgsMwIn2c0EZLk8c=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
@@ -467,8 +467,8 @@ golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.16.0 h1:7eBu7KsSvFDtSXUIDbh3aqlK4DPsZ1rByC8PFfBThos=
-golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
 golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
@@ -538,8 +538,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.145.0 h1:kBjvf1A3/m30kUvnUX9jZJxTu3lJrpGFt5V/1YZrjwg=
-google.golang.org/api v0.145.0/go.mod h1:OARJqIfoYjXJj4C1AiBSXYZt03qsoz8FQYU6fBEfrHM=
+google.golang.org/api v0.147.0 h1:Can3FaQo9LlVqxJCodNmeZW/ib3/qKAY3rFeXiHo5gc=
+google.golang.org/api v0.147.0/go.mod h1:pQ/9j83DcmPd/5C9e2nFOdjjNkDZ1G+zkbK2uvdkJMs=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
@@ -547,12 +547,12 @@ google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCID
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb h1:XFBgcDwm7irdHTbz4Zk2h7Mh+eis4nfJEFQFYzJzuIA=
-google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4=
-google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb h1:lK0oleSc7IQsUxO3U5TjL9DWlsxpEBemh+zpB7IqhWI=
-google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 h1:N3bU/SQDCDyD6R528GJ/PwW9KjYcJA3dgyH+MovAkIM=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:KSqppvjFjtoCI+KGd4PELB0qLNxdJHRGqRI09mB6pQA=
+google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 h1:SeZZZx0cP0fqUyA+oRzP9k7cSwJlvDFiROO72uwD6i0=
+google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk=
+google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 h1:W18sezcAYs+3tDZX4F80yctqa12jcP1PUS2gQu1zTPU=
+google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97/go.mod h1:iargEX0SFPm3xcfMI0d1domjg0ZF4Aa0p2awqyxhvF0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c h1:jHkCUWkseRf+W+edG5hMzr/Uh1xkDREY4caybAq4dpY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
diff --git a/providers/gcore/convert.go b/providers/gcore/convert.go
index 0854409b6..f3e4ebb5a 100644
--- a/providers/gcore/convert.go
+++ b/providers/gcore/convert.go
@@ -84,7 +84,7 @@ func recordsToNative(rcs []*models.RecordConfig, expectedKey models.RecordKey) *
 				Meta:    nil,
 				Enabled: true,
 			}
-		case "TXT":	// Avoid double quoting for TXT records
+		case "TXT": // Avoid double quoting for TXT records
 			rr = dnssdk.ResourceRecord{
 				Content: convertTxtSliceToSdkAnySlice(r.TxtStrings),
 				Meta:    nil,

From 431d9cf7fb1533df782f60aa6c0124ca4c338b42 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 13 Oct 2023 13:54:50 -0400
Subject: [PATCH 77/79] CICD: Rename build filenames and names (dnscontrol)
 (#2593)

---
 .github/workflows/{build.yml => pr_test.yml}               | 2 +-
 .github/workflows/{draft_release.yml => release_draft.yml} | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename .github/workflows/{build.yml => pr_test.yml} (99%)
 rename .github/workflows/{draft_release.yml => release_draft.yml} (97%)

diff --git a/.github/workflows/build.yml b/.github/workflows/pr_test.yml
similarity index 99%
rename from .github/workflows/build.yml
rename to .github/workflows/pr_test.yml
index f222624cf..22741524e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/pr_test.yml
@@ -1,4 +1,4 @@
-name: StackExchange/dnscontrol/build
+name: "PR: Run all tests"
 on:
   pull_request:
 
diff --git a/.github/workflows/draft_release.yml b/.github/workflows/release_draft.yml
similarity index 97%
rename from .github/workflows/draft_release.yml
rename to .github/workflows/release_draft.yml
index 77845f4f2..b2bd1223f 100644
--- a/.github/workflows/draft_release.yml
+++ b/.github/workflows/release_draft.yml
@@ -4,7 +4,7 @@ on:
     - v[0-9]+.[0-9]+.[0-9]+
     - v[0-9]+.[0-9]+.[0-9]+-*
 
-name: draft release
+name: "Release: Make release candidate"
 jobs:
   draft_release:
     name: draft release

From 94f6a9930979b17b89c207e45ad6f9c61633ebce Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Wed, 18 Oct 2023 15:39:46 +0200
Subject: [PATCH 78/79] DOCS: Deprecated get-certs command (#2595)

---
 commands/getCerts.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/commands/getCerts.go b/commands/getCerts.go
index 8a70b10d9..16bd4420b 100644
--- a/commands/getCerts.go
+++ b/commands/getCerts.go
@@ -19,7 +19,7 @@ var _ = cmd(catUtils, func() *cli.Command {
 	var args GetCertsArgs
 	return &cli.Command{
 		Name:  "get-certs",
-		Usage: "Issue certificates via Let's Encrypt",
+		Usage: "DEPRECATED: Issue certificates via Let's Encrypt",
 		Action: func(c *cli.Context) error {
 			return exit(GetCerts(args))
 		},

From 397c2dcc7a2523ea13d2637449fe997e35f4a4d7 Mon Sep 17 00:00:00 2001
From: Costas Drogos <costas.drogos@gmail.com>
Date: Wed, 18 Oct 2023 16:30:31 +0200
Subject: [PATCH 79/79] INWX: Pull list of zones from zones, not registrar
 (#2577)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 go.mod                         | 2 +-
 go.sum                         | 2 ++
 providers/inwx/inwxProvider.go | 4 ++--
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 51eafd1e1..86e254bc8 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/miekg/dns v1.1.56
 	github.com/mittwald/go-powerdns v0.6.2
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04
-	github.com/nrdcg/goinwx v0.8.3
+	github.com/nrdcg/goinwx v0.9.0
 	github.com/oracle/oci-go-sdk/v32 v32.0.0
 	github.com/ovh/go-ovh v1.1.0
 	github.com/philhug/opensrs-go v0.0.0-20171126225031-9dfa7433020d
diff --git a/go.sum b/go.sum
index d5a9a27e9..299958071 100644
--- a/go.sum
+++ b/go.sum
@@ -338,6 +338,8 @@ github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uY
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nrdcg/goinwx v0.8.3 h1:ARgoqQ+HhKhOhsey1qwHfxBJ6tDfb42iHt3tqED6chU=
 github.com/nrdcg/goinwx v0.8.3/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4=
+github.com/nrdcg/goinwx v0.9.0 h1:oh+yPdRDwc1IWsAU2nfsNorI/fkR+Gxm4O7yS+0NnjM=
+github.com/nrdcg/goinwx v0.9.0/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4=
 github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d/go.mod h1:YUTz3bUH2ZwIWBy3CJBeOBEugqcmXREj14T+iG/4k4U=
 github.com/oracle/oci-go-sdk/v32 v32.0.0 h1:SSbzrQO3WRcPJEZ8+b3SFPYsPtkFM96clqrp03lrwbU=
 github.com/oracle/oci-go-sdk/v32 v32.0.0/go.mod h1:aZc4jC59IuNP3cr5y1nj555QvwojMX2nMJaBiozuuEs=
diff --git a/providers/inwx/inwxProvider.go b/providers/inwx/inwxProvider.go
index 6768dd24f..11fe2c3fb 100644
--- a/providers/inwx/inwxProvider.go
+++ b/providers/inwx/inwxProvider.go
@@ -401,9 +401,9 @@ func (api *inwxAPI) GetRegistrarCorrections(dc *models.DomainConfig) ([]*models.
 
 // fetchNameserverDomains returns the domains configured in INWX nameservers
 func (api *inwxAPI) fetchNameserverDomains() error {
-	request := &goinwx.DomainListRequest{}
+	request := &goinwx.NameserverListRequest{}
 	request.PageLimit = 2147483647 // int32 max value, highest number API accepts
-	info, err := api.client.Domains.List(request)
+	info, err := api.client.Nameservers.ListWithParams(request)
 	if err != nil {
 		return err
 	}