Thank you for doing this, it mostly look good.

Also forgive me if my comments doesn't make sense, as I don't have a deep understanding of BIND 9 source code, so you'll have to be patient with me.

A general comment - you never change the snprintf return value, so the assumption is that the resulting string always fits from the previous usage of sprintf (otherwise it would smash the stack), but is the assumption always true? Especially in the places where the correct output matters (like totext_* functions).

One little nitpick - in lib/dns/gssapictx.c

Could you change this:

+                       size = strlen(gssapi_keytab) + 13;
+                       kt = malloc(size);

to:

+                       size_t size = strlen(gssapi_keytab) + sizeof("KRB5_KTNAME=") + 1;
+                       char *kt = malloc(size);

--

I am curious about changes in lib/dns/rdata/generic/loc_29.c

While I am generally in favour of using curly braces even around single statements (as I do believe it makes the code more readable and a tad bit safer for mistakes), this is not really consistent with the rest of the coding style found in the BIND 9.

--

Again a nitpick (if we are going to go toward C11), in lib/isc/inet_ntop.c, could you please create the variable close to the usage, e.g. change:

+       int n;
+
+       n = snprintf(tmp, sizeof(tmp), fmt, src[0], src[1], src[2], src[3]);

to single line:

+       int n = snprintf(tmp, sizeof(tmp), fmt, src[0], src[1], src[2], src[3]);

--

dtto in lib/isc/log.c and why is size unsigned int and not size_t?

--

In lib/isccfg/parser.c, it seems to me that this change could be rewritten as:

-               message[sizeof(message) - sizeof(ELIPSIS)] = 0;
-               strlcat(message, ELIPSIS, sizeof(message));
+               strncpy(message + sizeof(message) - sizeof(ELIPSIS), ELIPSIS, sizeof(ELIPSIS));

strlcat() can be used, but the result should be same.  It would save one iteration through 2048 sized buffer every time the log message overflows.