1 2990. [bug] 'dnssec-settime -S' no longer tests prepublication
2 interval validity when the interval is set to 0.
5 2989. [func] Added support for writable DLZ zones. (Contributed
6 by Andrew Tridgell of the Samba project.) [RT #22629]
8 2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
9 of external DLZ drivers that can be loaded as
10 shared objects at runtime rather than linked with
11 named. Currently this is switched on via a
12 compile-time option, "configure --with-dlz-dlopen".
13 Note: the syntax for configuring DLZ zones
14 is likely to be refined in future releases.
15 (Contributed by Andrew Tridgell of the Samba
18 2987. [func] Improve ease of configuring TKEY/GSS updates by
19 adding a "tkey-gssapi-keytab" option. If set,
20 updates will be allowed with any key matching
21 a principal in the specified keytab file.
22 "tkey-gssapi-credential" is no longer required
23 and is expected to be deprecated. (Contributed
24 by Andrew Tridgell of the Samba project.)
27 2986. [func] Add new zone type "static-stub". It's like a stub
28 zone, but the nameserver names and/or their IP
29 addresses are statically configured. [RT #21474]
31 2985. [bug] Add a regression test for change #2896. [RT #21324]
33 2984. [bug] Don't run MX checks when the target of the MX record
36 2983. [bug] Include "loadkeys" in rndc help output. [RT #22493]
38 --- 9.8.0a1 released ---
40 2982. [bug] Reference count dst keys. dst_key_attach() can be used
41 increment the reference count.
43 Note: dns_tsigkey_createfromkey() callers should now
44 always call dst_key_free() rather than setting it
45 to NULL on success. [RT #22672]
47 2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991]
49 2980. [bug] named didn't properly handle UPDATES that changed the
50 TTL of the NSEC3PARAM RRset. [RT #22363]
52 2979. [bug] named could deadlock during shutdown if two
53 "rndc stop" commands were issued at the same
56 2978. [port] hpux: look for <devpoll.h> [RT #21919]
58 2977. [bug] 'nsupdate -l' report if the session key is missing.
61 2976. [bug] named could die on exit after negotiating a GSS-TSIG
64 2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() aquired the
65 wrong lock which could lead to server deadlock.
68 2974. [bug] Some vaild UPDATE requests could fail due to a
69 consistency check examining the existing version
70 of the zone rather than the new version resulting
71 from the UPDATE. [RT #22413]
73 2973. [bug] bind.keys.h was being removed by the "make clean"
74 at the end of configure resulting in build failures
75 where there is very old version of perl installed.
76 Move it to "make maintainer-clean". [RT #22230]
78 2972. [bug] win32: address windows socket errors. [RT #21906]
80 2971. [bug] Fixed a bug that caused journal files not to be
81 compacted on Windows systems as a result of
82 non-POSIX-compliant rename() semantics. [RT #22434]
84 2970. [security] Adding a NO DATA negative cache entry failed to clear
85 any matching RRSIG records. A subsequent lookup of
86 of NO DATA cache entry could trigger a INSIST when the
87 unexpected RRSIG was also returned with the NO DATA
90 CVE-2010-3613, VU#706148. [RT #22288]
92 2969. [security] Fix acl type processing so that allow-query works
93 in options and view statements. Also add a new
94 set of tests to verify proper functioning.
96 CVE-2010-3615, VU#510208. [RT #22418]
98 2968. [security] Named could fail to prove a data set was insecure
99 before marking it as insecure. One set of conditions
100 that can trigger this occurs naturally when rolling
103 CVE-2010-3614, VU#837744. [RT #22309]
105 2967. [bug] 'host -D' now turns on debugging messages earlier.
108 2966. [bug] isc_print_vsnprintf() failed to check if there was
109 space available in the buffer when adding a left
110 justified character with a non zero width,
111 (e.g. "%-1c"). [RT #22270]
113 2965. [func] Test HMAC functions using test data from RFC 2104 and
114 RFC 4634. [RT #21702]
118 2963. [security] The allow-query acl was being applied instead of the
119 allow-query-cache acl to cache lookups. [RT #22114]
121 2962. [port] win32: add more dependencies to BINDBuild.dsw.
124 2961. [bug] Be still more selective about the non-authoritative
125 answers we apply change 2748 to. [RT #22074]
127 2960. [func] Check that named accepts non-authoritative answers.
130 2959. [func] Check that named starts with a missing masterfile.
133 2958. [bug] named failed to start with a missing master file.
136 2957. [bug] entropy_get() and entropy_getpseudo() failed to match
137 the API for RAND_bytes() and RAND_pseudo_bytes()
138 respectively. [RT #21962]
140 2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
142 2955. [func] Provide more detail in the recursing log. [RT #22043]
144 2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
145 build_sqldbinstance failure. [RT #21623]
147 2953. [bug] Silence spurious "expected covering NSEC3, got an
148 exact match" message when returning a wildcard
149 no data response. [RT #21744]
151 2952. [port] win32: named-checkzone and named-checkconf failed
152 to initialise winsock. [RT #21932]
154 2951. [bug] named failed to generate a correct signed response
155 in a optout, delegation only zone with no secure
156 delegations. [RT #22007]
158 2950. [bug] named failed to perform a SOA up to date check when
159 falling back to TCP on UDP timeouts when
160 ixfr-from-differences was set. [RT #21595]
162 2949. [bug] dns_view_setnewzones() contained a memory leak if
163 it was called multiple times. [RT #21942]
165 2948. [port] MacOS: provide a mechanism to configure the test
166 interfaces at reboot. See bin/tests/system/README
171 2946. [doc] Document the default values for the minimum and maximum
172 zone refresh and retry values in the ARM. [RT #21886]
174 2945. [doc] Update empty-zones list in ARM. [RT #21772]
176 2944. [maint] Remove ORCHID prefix from built in empty zones.
179 2943. [func] Add support to load new keys into managed zones
180 without signing immediately with "rndc loadkeys".
181 Add support to link keys with "dnssec-keygen -S"
182 and "dnssec-settime -S". [RT #21351]
184 2942. [contrib] zone2sqlite failed to setup the entropy sources.
187 2941. [bug] sdb and sdlz (dlz's zone database) failed to support
188 DNAME at the zone apex. [RT #21610]
190 2940. [port] Remove connection aborted error message on
193 2939. [func] Check that named successfully skips NSEC3 records
194 that fail to match the NSEC3PARAM record currently
197 2938. [bug] When generating signed responses, from a signed zone
198 that uses NSEC3, named would use a uninitialised
199 pointer if it needed to skip a NSEC3 record because
200 it didn't match the selected NSEC3PARAM record for
203 2937. [bug] Worked around an apparent race condition in over
204 memory conditions. Without this fix a DNS cache DB or
205 ADB could incorrectly stay in an over memory state,
206 effectively refusing further caching, which
207 subsequently made a BIND 9 caching server unworkable.
208 This fix prevents this problem from happening by
209 polling the state of the memory context, rather than
210 making a copy of the state, which appeared to cause
211 a race. This is a "workaround" in that it doesn't
212 solve the possible race per se, but several experiments
213 proved this change solves the symptom. Also, the
214 polling overhead hasn't been reported to be an issue.
215 This bug should only affect a caching server that
216 specifies a finite max-cache-size. It's also quite
217 likely that the bug happens only when enabling threads,
218 but it's not confirmed yet. [RT #21818]
220 2936. [func] Improved configuration syntax and multiple-view
221 support for addzone/delzone feature (see change
222 #2930). Removed "new-zone-file" option, replaced
223 with "allow-new-zones (yes|no)". The new-zone-file
224 for each view is now created automatically, with
225 a filename generated from a hash of the view name.
226 It is no longer necessary to "include" the
227 new-zone-file in named.conf; this happens
228 automatically. Zones that were not added via
229 "rndc addzone" can no longer be removed with
230 "rndc delzone". [RT #19447]
232 2935. [bug] nsupdate: improve 'file not found' error message.
235 2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
238 2933. [bug] 'dig +nsid' used stack memory after it went out of
239 scope. This could potentially result in a unknown,
240 potentially malformed, EDNS option being sent instead
241 of the desired NSID option. [RT #21781]
243 2932. [cleanup] Corrected a numbering error in the "dnssec" test.
246 2931. [bug] Temporarily and partially disable change 2864
247 because it would cause infinite attempts of RRSIG
248 queries. This is an urgent care fix; we'll
249 revisit the issue and complete the fix later.
252 2930. [experimental] New "rndc addzone" and "rndc delzone" commads
253 allow dynamic addition and deletion of zones.
254 To enable this feature, specify a "new-zone-file"
255 option at the view or options level in named.conf.
256 Zone configuration information for the new zones
257 will be written into that file. To make the new
258 zones persist after a restart, "include" the file
259 into named.conf in the appropriate view. (Note:
260 This feature is not yet documented, and its syntax
261 is expected to change.) [RT #19447]
263 2929. [bug] Improved handling of GSS security contexts:
264 - added LRU expiration for generated TSIGs
265 - added the ability to use a non-default realm
266 - added new "realm" keyword in nsupdate
267 - limited lifetime of generated keys to 1 hour
268 or the lifetime of the context (whichever is
272 2928. [bug] Be more selective about the non-authoritative
273 answer we apply change 2748 to. [RT #21594]
279 2925. [bug] Named failed to accept uncachable negative responses
280 from insecure zones. [RT# 21555]
282 2924. [func] 'rndc secroots' dump a combined summary of the
283 current managed keys combined with trusted keys.
286 2923. [bug] 'dig +trace' could drop core after "connection
287 timeout". [RT #21514]
289 2922. [contrib] Update zkt to version 1.0.
291 2921. [bug] The resolver could attempt to destroy a fetch context
292 too soon. [RT #19878]
294 2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
295 to IPv4 clients. New acl 'filter-aaaa' (default any).
297 2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
300 2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
302 2917. [func] Virtual time test framework. [RT #20801]
304 2916. [func] Add framework to use IPv6 in tests.
305 fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
307 2915. [cleanup] Be smarter about which objects we attempt to compile
308 based on configure options. [RT #21444]
310 2914. [bug] Make the "autosign" system test more portable.
313 2913. [func] Add pkcs#11 system tests. [RT #20784]
315 2912. [func] Windows clients don't like UPDATE responses that clear
316 the zone section. [RT #20986]
318 2911. [bug] dnssec-signzone didn't handle out of zone records well.
321 2910. [func] Sanity check Kerberos credentials. [RT #20986]
323 2909. [bug] named-checkconf -p could die if "update-policy local;"
324 was specified in named.conf. [RT #21416]
326 2908. [bug] It was possible for re-signing to stop after removing
327 a DNSKEY. [RT #21384]
329 2907. [bug] The export version of libdns had undefined references.
332 2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
334 2905. [port] aix: set use_atomic=yes with native compiler.
337 2904. [bug] When using DLV, sub-zones of the zones in the DLV,
338 could be incorrectly marked as insecure instead of
339 secure leading to negative proofs failing. This was
340 a unintended outcome from change 2890. [RT# 21392]
342 2903. [bug] managed-keys-directory missing from namedconf.c.
345 2902. [func] Add regression test for change 2897. [RT #21040]
347 2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
349 2900. [bug] The placeholder negative caching element was not
350 properly constructed triggering a INSIST in
351 dns_ncache_towire(). [RT #21346]
353 2899. [port] win32: Support linking against OpenSSL 1.0.0.
355 2898. [bug] nslookup leaked memory when -domain=value was
356 specified. [RT #21301]
358 2897. [bug] NSEC3 chains could be left behind when transitioning
359 to insecure. [RT #21040]
361 2896. [bug] "rndc sign" failed to properly update the zone
362 when adding a DNSKEY for publication only. [RT #21045]
364 2895. [func] genrandom: add support for the generation of multiple
367 2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
369 2893. [bug] Improve managed keys support. New named.conf option
370 managed-keys-directory. [RT #20924]
372 2892. [bug] Handle REVOKED keys better. [RT #20961]
374 2891. [maint] Update empty-zones list to match
375 draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
377 2890. [bug] Handle the introduction of new trusted-keys and
378 DS, DLV RRsets better. [RT #21097]
380 2889. [bug] Elements of the grammar where not properly reported.
383 2888. [bug] Only the first EDNS option was displayed. [RT #21273]
385 2887. [bug] Report the keytag times in UTC in the .key file,
386 local time is presented as a comment within the
389 2886. [bug] ctime() is not thread safe. [RT #21223]
391 2885. [bug] Improve -fno-strict-aliasing support probing in
392 configure. [RT #21080]
394 2884. [bug] Insufficient validation in dns_name_getlabelsequence().
397 2883. [bug] 'dig +short' failed to handle really large datasets.
400 2882. [bug] Remove memory context from list of active contexts
401 before clearing 'magic'. [RT #21274]
403 2881. [bug] Reduce the amount of time the rbtdb write lock
404 is held when closing a version. [RT #21198]
406 2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
407 consistent. [RT #21078]
409 2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
412 2878. [func] Incrementally write the master file after performing
415 2877. [bug] The validator failed to skip obviously mismatching
418 2876. [bug] Named could return SERVFAIL for negative responses
419 from unsigned zones. [RT #21131]
421 2875. [bug] dns_time64_fromtext() could accept non digits.
424 2874. [bug] Cache lack of EDNS support only after the server
425 successfully responds to the query using plain DNS.
428 2873. [bug] Cancelling a dynamic update via the dns/client module
429 could trigger an assertion failure. [RT #21133]
431 2872. [bug] Modify dns/client.c:dns_client_createx() to only
432 require one of IPv4 or IPv6 rather than both.
435 2871. [bug] Type mismatch in mem_api.c between the definition and
436 the header file, causing build failure with
437 --enable-exportlib. [RT #21138]
439 2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
441 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
444 2868. [cleanup] Run "make clean" at the end of configure to ensure
445 any changes made by configure are integrated.
446 Use --with-make-clean=no to disable. [RT #20994]
448 2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
449 don't like it. [RT #20986]
451 2866. [bug] Windows does not like the TSIG name being compressed.
454 2865. [bug] memset to zero event.data. [RT #20986]
456 2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
459 2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
462 2862. [bug] nsupdate didn't default to the parent zone when
463 updating DS records. [RT #20896]
465 2861. [doc] dnssec-settime man pages didn't correctly document the
466 inactivation time. [RT #21039]
468 2860. [bug] named-checkconf's usage was out of date. [RT #21039]
470 2859. [bug] When cancelling validation it was possible to leak
473 2858. [bug] RTT estimates were not being adjusted on ICMP errors.
476 2857. [bug] named-checkconf did not fail on a bad trusted key.
479 2856. [bug] The size of a memory allocation was not always properly
480 recorded. [RT #20927]
482 2855. [func] nsupdate will now preserve the entered case of domain
483 names in update requests it sends. [RT #20928]
485 2854. [func] dig: allow the final soa record in a axfr response to
486 be suppressed, dig +onesoa. [RT #20929]
488 2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
490 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
492 2851. [doc] nslookup.1, removed <informalexample> from the docbook
493 source as it produced bad nroff. [RT #21007]
495 2850. [bug] If isc_heap_insert() failed due to memory shortage
496 the heap would have corrupted entries. [RT #20951]
498 2849. [bug] Don't treat errors from the xml2 library as fatal.
501 2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and
502 README.rfc5011 into the ARM. [RT #20899]
504 2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921]
506 2846. [bug] EOF on unix domain sockets was not being handled
507 correctly. [RT #20731]
509 2845. [bug] RFC 5011 client could crash on shutdown. [RT #20903]
511 2844. [doc] notify-delay default in ARM was wrong. It should have
512 been five (5) seconds.
514 2843. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from
515 creating key files if there is a chance that the new
516 key ID will collide with an existing one after
517 either of the keys has been revoked. (To override
518 this in the case of dnssec-keyfromlabel, use the -y
519 option. dnssec-keygen will simply create a
520 different, non-colliding key, so an override is
521 not necessary.) [RT #20838]
523 2842. [func] Added "smartsign" and improved "autosign" and
524 "dnssec" regression tests. [RT #20865]
526 2841. [bug] Change 2836 was not complete. [RT #20883]
528 2840. [bug] Temporary fixed pkcs11-destroy usage check.
531 2839. [bug] A KSK revoked by named could not be deleted.
536 2837. [port] Prevent Linux spurious warnings about fwrite().
539 2836. [bug] Keys that were scheduled to become active could
540 be delayed. [RT #20874]
542 2835. [bug] Key inactivity dates were inadvertently stored in
543 the private key file with the outdated tag
544 "Unpublish" rather than "Inactive". This has been
545 fixed; however, any existing keys that had Inactive
546 dates set will now need to have them reset, using
547 'dnssec-settime -I'. [RT #20868]
549 2834. [bug] HMAC-SHA* keys that were longer than the algorithm
550 digest length were used incorrectly, leading to
551 interoperability problems with other DNS
552 implementations. This has been corrected.
553 (Note: If an oversize key is in use, and
554 compatibility is needed with an older release of
555 BIND, the new tool "isc-hmac-fixup" can convert
556 the key secret to a form that will work with all
557 versions.) [RT #20751]
559 2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime.
562 2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
563 to avoid redefinition in some OSs [RT 20831]
565 2831. [security] Do not attempt to validate or cache
566 out-of-bailiwick data returned with a secure
567 answer; it must be re-fetched from its original
568 source and validated in that context. [RT #20819]
570 2830. [bug] Changing the OPTOUT setting could take multiple
573 2829. [bug] Fixed potential node inconsistency in rbtdb.c.
576 2828. [security] Cached CNAME or DNAME RR could be returned to clients
577 without DNSSEC validation. [RT #20737]
579 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
581 2826. [bug] NSEC3->NSEC transitions could fail due to a lock not
582 being released. [RT #20740]
584 2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
585 was in the process of being created was not properly
586 recorded in the zone. [RT #20786]
588 2824. [bug] "rndc sign" was not being run by the correct task.
591 2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
593 2822. [bug] rbtdb.c:loadnode() could return the wrong result.
596 2821. [doc] Add note that named-checkconf doesn't automatically
597 read rndc.key and bind.keys [RT #20758]
599 2820. [func] Handle read access failure of OpenSSL configuration
600 file more user friendly (PKCS#11 engine patch).
603 2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
606 2818. [cleanup] rndc could return an incorrect error code
607 when a zone was not found. [RT #20767]
609 2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
612 2816. [bug] previous_closest_nsec() could fail to return
613 data for NSEC3 nodes [RT #29730]
615 2815. [bug] Exclusively lock the task when freezing a zone.
618 2814. [func] Provide a definitive error message when a master
619 zone is not loaded. [RT #20757]
621 2813. [bug] Better handling of unreadable DNSSEC key files.
624 2812. [bug] Make sure updates can't result in a zone with
625 NSEC-only keys and NSEC3 records. [RT 20748]
627 2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
630 2810. [doc] Clarified the process of transitioning an NSEC3 zone
631 to insecure. [RT #20746]
633 2809. [cleanup] Restored accidentally-deleted text in usage output
634 in dnssec-settime and dnssec-revoke [RT #20739]
636 2808. [bug] Remove the attempt to install atomic.h from lib/isc.
637 atomic.h is correctly installed by the architecture
638 specific subdirectories. [RT #20722]
640 2807. [bug] Fixed a possible ASSERT when reconfiguring zone
643 --- 9.7.0rc1 released ---
645 2806. [bug] "rdnc sign" could delay re-signing the DNSKEY
646 when it had changed. [RT #20703]
648 2805. [bug] Fixed namespace problems encountered when building
649 external programs using non-exported BIND9 libraries
650 (i.e., built without --enable-exportlib). [RT #20679]
652 2804. [bug] Send notifies when a zone is signed with "rndc sign"
653 or as a result of a scheduled key change. [RT #20700]
655 2803. [port] win32: Install named-journalprint, nsec3hash, arpaname
656 and genrandom under windows. [RT #20670]
658 2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670]
660 2801. [func] Detect and report records that are different according
661 to DNSSEC but are semantically equal according to plain
662 DNS. Apply plain DNS comparisons rather than DNSSEC
663 comparisons when processing UPDATE requests.
664 dnssec-signzone now removes such semantically duplicate
665 records prior to signing the RRset.
667 named-checkzone -r {ignore|warn|fail} (default warn)
668 named-compilezone -r {ignore|warn|fail} (default warn)
670 named.conf: check-dup-records {ignore|warn|fail};
672 2800. [func] Reject zones which have NS records which refer to
673 CNAMEs, DNAMEs or don't have address record (class IN
674 only). Reject UPDATEs which would cause the zone
675 to fail the above checks if committed. [RT #20678]
677 2799. [cleanup] Changed the "secure-to-insecure" option to
678 "dnssec-secure-to-insecure", and "dnskey-ksk-only"
679 to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
681 2798. [bug] Addressed bugs in managed-keys initialization
682 and rollover. [RT #20683]
684 2797. [bug] Don't decrement the dispatch manager's maxbuffers.
687 2796. [bug] Missing dns_rdataset_disassociate() call in
688 dns_nsec3_delnsec3sx(). [RT #20681]
690 2795. [cleanup] Add text to differentiate "update with no effect"
691 log messages. [RT #18889]
693 2794. [bug] Install <isc/namespace.h>. [RT #20677]
695 2793. [func] Add "autosign" and "metadata" tests to the
696 automatic tests. [RT #19946]
698 2792. [func] "filter-aaaa-on-v4" can now be set in view
699 options (if compiled in). [RT #20635]
701 2791. [bug] The installation of isc-config.sh was broken.
704 2790. [bug] Handle DS queries to stub zones. [RT #20440]
706 2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
708 2788. [bug] dnssec-signzone could sign with keys that were
709 not requested [RT #20625]
711 2787. [bug] Spurious log message when zone keys were
712 dynamically reconfigured. [RT #20659]
714 2786. [bug] Additional could be promoted to answer. [RT #20663]
716 --- 9.7.0b3 released ---
718 2785. [bug] Revoked keys could fail to self-sign [RT #20652]
720 2784. [bug] TC was not always being set when required glue was
723 2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
724 buffer size of 512 or less. [RT #20654]
726 2782. [port] win32: use getaddrinfo() for hostname lookups.
729 2781. [bug] Inactive keys could be used for signing. [RT #20649]
731 2780. [bug] dnssec-keygen -A none didn't properly unset the
732 activation date in all cases. [RT #20648]
734 2779. [bug] Dynamic key revocation could fail. [RT #20644]
736 2778. [bug] dnssec-signzone could fail when a key was revoked
737 without deleting the unrevoked version. [RT #20638]
739 2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
741 2776. [bug] Change #2762 was not correct. [RT #20647]
743 2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible
744 in dnssec-keyfromlabel. [RT #20643]
746 2774. [bug] Existing cache DB wasn't being reused after
747 reconfiguration. [RT #20629]
749 2773. [bug] In autosigned zones, the SOA could be signed
750 with the KSK. [RT #20628]
752 2772. [security] When validating, track whether pending data was from
753 the additional section or not and only return it if
754 validates as secure. [RT #20438]
756 2771. [bug] dnssec-signzone: DNSKEY records could be
757 corrupted when importing from key files [RT #20624]
759 2770. [cleanup] Add log messages to resolver.c to indicate events
760 causing FORMERR responses. [RT #20526]
762 2769. [cleanup] Change #2742 was incomplete. [RT #19589]
764 2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568]
766 2767. [bug] named could crash on startup if a zone was
767 configured with auto-dnssec and there was no
768 key-directory. [RT #20615]
770 2766. [bug] isc_socket_fdwatchpoke() should only update the
771 socketmgr state if the socket is not pending on a
772 read or write. [RT #20603]
774 2765. [bug] Skip masters for which the TSIG key cannot be found.
777 2764. [bug] "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
779 2763. [bug] "rndc sign" didn't create an NSEC chain. [RT #20591]
781 2762. [bug] DLV validation failed with a local slave DLV zone.
784 2761. [cleanup] Enable internal symbol table for backtrace only for
785 systems that are known to work. Currently, BSD
786 variants, Linux and Solaris are supported. [RT# 20202]
788 2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
790 2759. [doc] Add information about .jbk/.jnw files to
793 2758. [bug] win32: Added a workaround for a windows 2008 bug
794 that could cause the UDP client handler to shut
797 2757. [bug] dig: assertion failure could occur in connect
800 2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]
804 2754. [bug] Secure-to-insecure transitions failed when zone
805 was signed with NSEC3. [RT #20587]
807 2753. [bug] Removed an unnecessary warning that could appear when
808 building an NSEC chain. [RT #20589]
810 2752. [bug] Locking violation. [RT #20587]
812 2751. [bug] Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
814 2750. [bug] dig: assertion failure could occur when a server
815 didn't have an address. [RT #20579]
817 2749. [bug] ixfr-from-differences generated a non-minimal ixfr
818 for NSEC3 signed zones. [RT #20452]
820 2748. [func] Identify bad answers from GTLD servers and treat them
821 as referrals. [RT #18884]
823 2747. [bug] Journal roll forwards failed to set the re-signing
824 time of RRSIGs correctly. [RT #20541]
826 2746. [port] hpux: address signed/unsigned expansion mismatch of
827 dns_rbtnode_t.nsec. [RT #20542]
829 2745. [bug] configure script didn't probe the return type of
830 gai_strerror(3) correctly. [RT #20573]
832 2744. [func] Log if a query was over TCP. [RT #19961]
834 2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
835 for a insecure delegation.
837 --- 9.7.0b2 released ---
839 2742. [cleanup] Clarify some DNSSEC-related log messages in
840 validator.c. [RT #19589]
842 2741. [func] Allow the dnssec-keygen progress messages to be
843 suppressed (dnssec-keygen -q). Automatically
844 suppress the progress messages when stdin is not
849 2739. [cleanup] Clean up API for initializing and clearing trust
850 anchors for a view. [RT #20211]
852 2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system
855 2737. [func] UPDATE requests can leak existence information.
858 2736. [func] Improve the performance of NSEC signed zones with
859 more than a normal amount of glue below a delegation.
862 2735. [bug] dnssec-signzone could fail to read keys
863 that were specified on the command line with
864 full paths, but weren't in the current
865 directory. [RT #20421]
867 2734. [port] cygwin: arpaname did not compile. [RT #20473]
869 2733. [cleanup] Clean up coding style in pkcs11-* tools. [RT #20355]
871 2732. [func] Add optional filter-aaaa-on-v4 option, available
872 if built with './configure --enable-filter-aaaa'.
873 Filters out AAAA answers to clients connecting
874 via IPv4. (This is NOT recommended for general
877 2731. [func] Additional work on change 2709. The key parser
878 will now ignore unrecognized fields when the
879 minor version number of the private key format
880 has been increased. It will reject any key with
881 the major version number increased. [RT #20310]
883 2730. [func] Have dnssec-keygen display a progress indication
884 a la 'openssl genrsa' on standard error. Note
885 when the first '.' is followed by a long stop
886 one has the choice between slow generation vs.
887 poor random quality, i.e., '-r /dev/urandom'.
890 2729. [func] When constructing a CNAME from a DNAME use the DNAME
893 2728. [bug] dnssec-keygen, dnssec-keyfromlabel and
894 dnssec-signzone now warn immediately if asked to
895 write into a nonexistent directory. [RT #20278]
897 2727. [func] The 'key-directory' option can now specify a relative
900 2726. [func] Added support for SHA-2 DNSSEC algorithms,
901 RSASHA256 and RSASHA512. [RT #20023]
903 2725. [doc] Added information about the file "managed-keys.bind"
904 to the ARM. [RT #20235]
906 2724. [bug] Updates to a existing node in secure zone using NSEC
907 were failing. [RT #20448]
909 2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
910 isc_base64_totext(), didn't always mark regions of
911 memory as fully consumed after conversion. [RT #20445]
913 2722. [bug] Ensure that the memory associated with the name of
914 a node in a rbt tree is not altered during the life
915 of the node. [RT #20431]
917 2721. [port] Have dst__entropy_status() prime the random number
918 generator. [RT #20369]
920 2720. [bug] RFC 5011 trust anchor updates could trigger an
921 assert if the DNSKEY record was unsigned. [RT #20406]
923 2719. [func] Skip trusted/managed keys for unsupported algorithms.
926 2718. [bug] The space calculations in opensslrsa_todns() were
927 incorrect. [RT #20394]
929 2717. [bug] named failed to update the NSEC/NSEC3 record when
930 the last private type record was removed as a result
931 of completing the signing the zone with a key.
934 2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]
936 --- 9.7.0b1 released ---
938 2715. [bug] Require OpenSSL support to be explicitly disabled.
941 2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
944 2713. [bug] powerpc: atomic operations missing asm("ics") /
947 2712. [func] New 'auto-dnssec' zone option allows zone signing
948 to be fully automated in zones configured for
949 dynamic DNS. 'auto-dnssec allow;' permits a zone
950 to be signed by creating keys for it in the
951 key-directory and using 'rndc sign <zone>'.
952 'auto-dnssec maintain;' allows that too, plus it
953 also keeps the zone's DNSSEC keys up to date
954 according to their timing metadata. [RT #19943]
956 2711. [port] win32: Add the bin/pkcs11 tools into the full
959 2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only'
960 zone option cause a zone to be signed with only KSKs
961 signing the DNSKEY RRset, not ZSKs. This reduces
962 the size of a DNSKEY answer. [RT #20340]
964 2709. [func] Added some data fields, currently unused, to the
965 private key file format, to allow implementation
966 of explicit key rollover in a future release
967 without impairing backward or forward compatibility.
970 2708. [func] Insecure to secure and NSEC3 parameter changes via
971 update are now fully supported and no longer require
972 defines to enable. We now no longer overload the
973 NSEC3PARAM flag field, nor the NSEC OPT bit at the
974 apex. Secure to insecure changes are controlled by
975 by the named.conf option 'secure-to-insecure'.
977 Warning: If you had previously enabled support by
978 adding defines at compile time to BIND 9.6 you should
979 ensure that all changes that are in progress have
980 completed prior to upgrading to BIND 9.7. BIND 9.7
981 is not backwards compatible.
983 2707. [func] dnssec-keyfromlabel no longer require engine name
984 to be specified in the label if there is a default
985 engine or the -E option has been used. Also, it
986 now uses default algorithms as dnssec-keygen does
987 (i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
990 2706. [bug] Loading a zone with a very large NSEC3 salt could
991 trigger an assert. [RT #20368]
995 2704. [bug] Serial of dynamic and stub zones could be inconsistent
996 with their SOA serial. [RT #19387]
998 2703. [func] Introduce an OpenSSL "engine" argument with -E
999 for all binaries which can take benefit of
1000 crypto hardware. [RT #20230]
1002 2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
1004 2701. [doc] Correction to ARM: hmac-md5 is no longer the only
1005 supported TSIG key algorithm. [RT #18046]
1007 2700. [doc] The match-mapped-addresses option is discouraged.
1010 2699. [bug] Missing lock in rbtdb.c. [RT #20037]
1014 2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
1015 S_IFREG are defined after including <isc/stat.h>.
1018 2696. [bug] named failed to successfully process some valid
1019 acl constructs. [RT #20308]
1021 2695. [func] DHCP/DDNS - update fdwatch code for use by
1022 DHCP. Modify the api to isc_sockfdwatch_t (the
1023 callback funciton for isc_socket_fdwatchcreate)
1024 to include information about the direction (read
1025 or write) and add isc_socket_fdwatchpoke.
1028 2694. [bug] Reduce default NSEC3 iterations from 100 to 10.
1031 2693. [port] Add some noreturn attributes. [RT #20257]
1033 2692. [port] win32: 32/64 bit cleanups. [RT #20335]
1035 2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3
1036 chain when re-signing a previously-signed zone.
1037 Use -u to modify NSEC3 parameters or switch
1038 between NSEC and NSEC3. [RT #20304]
1040 2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
1043 2689. [bug] Correctly handle snprintf result. [RT #20306]
1045 2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
1046 to decide to fetch the destination address. [RT #20305]
1048 2687. [bug] Fixed dnssec-signzone -S handling of revoked keys.
1049 Also, added warnings when revoking a ZSK, as this is
1050 not defined by protocol (but is legal). [RT #19943]
1052 2686. [bug] dnssec-signzone should clean the old NSEC chain when
1053 signing with NSEC3 and vice versa. [RT #20301]
1055 2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
1057 2684. [cleanup] dig: formalize +ad and +cd as synonyms for
1058 +adflag and +cdflag. [RT #19305]
1060 2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
1061 the NSEC3 parameters used to sign the zone change.
1064 2682. [bug] "configure --enable-symtable=all" failed to
1067 2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
1068 decoded. [RT #20269]
1070 2680. [func] Move contrib/pkcs11-keygen to bin/pkcs11. [RT #20067]
1072 2679. [func] dig -k can now accept TSIG keys in named.conf
1075 2678. [func] Treat DS queries as if "minimal-response yes;"
1076 was set. [RT #20258]
1078 2677. [func] Changes to key metadata behavior:
1079 - Keys without "publish" or "active" dates set will
1080 no longer be used for smart signing. However,
1081 those dates will be set to "now" by default when
1082 a key is created; to generate a key but not use
1083 it yet, use dnssec-keygen -G.
1084 - New "inactive" date (dnssec-keygen/settime -I)
1085 sets the time when a key is no longer used for
1086 signing but is still published.
1087 - The "unpublished" date (-U) is deprecated in
1088 favor of "deleted" (-D).
1091 2676. [bug] --with-export-installdir should have been
1092 --with-export-includedir. [RT #20252]
1094 2675. [bug] dnssec-signzone could crash if the key directory
1095 did not exist. [RT #20232]
1097 --- 9.7.0a3 released ---
1099 2674. [bug] "dnssec-lookaside auto;" crashed if named was built
1100 without openssl. [RT #20231]
1102 2673. [bug] The managed-keys.bind zone file could fail to
1103 load due to a spurious result from sync_keyzone()
1106 2672. [bug] Don't enable searching in 'host' when doing reverse
1107 lookups. [RT #20218]
1109 2671. [bug] Add support for PKCS#11 providers not returning
1110 the public exponent in RSA private keys
1111 (OpenCryptoki for instance) in
1112 dnssec-keyfromlabel. [RT #19294]
1114 2670. [bug] Unexpected connect failures failed to log enough
1115 information to be useful. [RT #20205]
1117 2669. [func] Update PKCS#11 support to support Keyper HSM.
1118 Update PKCS#11 patch to be against openssl-0.9.8i.
1120 2668. [func] Several improvements to dnssec-* tools, including:
1121 - dnssec-keygen and dnssec-settime can now set key
1122 metadata fields 0 (to unset a value, use "none")
1123 - dnssec-revoke sets the revocation date in
1124 addition to the revoke bit
1125 - dnssec-settime can now print individual metadata
1126 fields instead of always printing all of them,
1127 and can print them in unix epoch time format for
1131 2667. [func] Add support for logging stack backtrace on assertion
1132 failure (not available for all platforms). [RT #19780]
1134 2666. [func] Added an 'options' argument to dns_name_fromstring()
1135 (API change from 9.7.0a2). [RT #20196]
1137 2665. [func] Clarify syntax for managed-keys {} statement, add
1138 ARM documentation about RFC 5011 support. [RT #19874]
1140 2664. [bug] create_keydata() and minimal_update() in zone.c
1141 didn't properly check return values for some
1142 functions. [RT #19956]
1144 2663. [func] win32: allow named to run as a service using
1145 "NT AUTHORITY\LocalService" as the account. [RT #19977]
1147 2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
1148 returned a misleading error code when lwresd was
1151 2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
1152 creating lwres context. [RT #20029]
1154 2660. [func] Add a new set of DNS libraries for non-BIND9
1155 applications. See README.libdns. [RT #19369]
1157 2659. [doc] Clarify dnssec-keygen doc: key name must match zone
1158 name for DNSSEC keys. [RT #19938]
1160 2658. [bug] dnssec-settime and dnssec-revoke didn't process
1161 key file paths correctly. [RT #20078]
1163 2657. [cleanup] Lower "journal file <path> does not exist, creating it"
1164 log level to debug 1. [RT #20058]
1166 2656. [func] win32: add a "tools only" check box to the installer
1167 which causes it to only install dig, host, nslookup,
1168 nsupdate and relevant DLLs. [RT #19998]
1170 2655. [doc] Document that key-directory does not affect
1171 bind.keys, rndc.key or session.key. [RT #20155]
1173 2654. [bug] Improve error reporting on duplicated names for
1174 deny-answer-xxx. [RT #20164]
1176 2653. [bug] Treat ENGINE_load_private_key() failures as key
1177 not found rather than out of memory. [RT #18033]
1179 2652. [func] Provide more detail about what record is being
1180 deleted. [RT #20061]
1182 2651. [bug] Dates could print incorrectly in K*.key files on
1183 64-bit systems. [RT #20076]
1185 2650. [bug] Assertion failure in dnssec-signzone when trying
1186 to read keyset-* files. [RT #20075]
1188 2649. [bug] Set the domain for forward only zones. [RT #19944]
1190 2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
1192 2647. [bug] Remove unnecessary SOA updates when a new KSK is
1195 2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
1197 2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
1198 which default to 64 bits. [RT #19927]
1200 --- 9.7.0a2 released ---
1202 2644. [bug] Change #2628 caused a regression on some systems;
1203 named was unable to write the PID file and would
1204 fail on startup. [RT #20001]
1206 2643. [bug] Stub zones interacted badly with NSEC3 support.
1209 2642. [bug] nsupdate could dump core on solaris when reading
1210 improperly formatted key files. [RT #20015]
1212 2641. [bug] Fixed an error in parsing update-policy syntax,
1213 added a regression test to check it. [RT #20007]
1215 2640. [security] A specially crafted update packet will cause named
1216 to exit. [RT #20000]
1218 2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
1220 2638. [bug] Install arpaname. [RT #19957]
1222 2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
1225 2636. [func] Simplify zone signing and key maintenance with the
1226 dnssec-* tools. Major changes:
1227 - all dnssec-* tools now take a -K option to
1228 specify a directory in which key files will be
1230 - DNSSEC can now store metadata indicating when
1231 they are scheduled to be published, activated,
1232 revoked or removed; these values can be set by
1233 dnssec-keygen or overwritten by the new
1234 dnssec-settime command
1235 - dnssec-signzone -S (for "smart") option reads key
1236 metadata and uses it to determine automatically
1237 which keys to publish to the zone, use for
1238 signing, revoke, or remove from the zone
1241 2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
1244 2634. [port] win32: Add support for libxml2, enable
1245 statschannel. [RT #19773]
1247 2633. [bug] Handle 15 bit rand() functions. [RT #19783]
1249 2632. [func] util/kit.sh: warn if documentation appears to be out of
1252 2631. [bug] Handle "//", "/./" and "/../" in mkdirpath().
1255 2630. [func] Improved syntax for DDNS autoconfiguration: use
1256 "update-policy local;" to switch on local DDNS in a
1257 zone. (The "ddns-autoconf" option has been removed.)
1260 2629. [port] Check for seteuid()/setegid(), use setresuid()/
1261 setresgid() if not present. [RT #19932]
1263 2628. [port] linux: Allow /var/run/named/named.pid to be opened
1264 at startup with reduced capabilities in operation.
1267 2627. [bug] Named aborted if the same key was included in
1268 trusted-keys more than once. [RT #19918]
1270 2626. [bug] Multiple trusted-keys could trigger an assertion
1271 failure. [RT #19914]
1273 2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
1275 2624. [func] 'named-checkconf -p' will print out the parsed
1276 configuration. [RT #18871]
1278 2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
1280 2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
1282 2621. [doc] Made copyright boilterplate consistent. [RT #19833]
1284 2620. [bug] Delay thawing the zone until the reload of it has
1285 completed successfully. [RT #19750]
1287 2619. [func] Add support for RFC 5011, automatic trust anchor
1288 maintenance. The new "managed-keys" statement can
1289 be used in place of "trusted-keys" for zones which
1290 support this protocol. (Note: this syntax is
1291 expected to change prior to 9.7.0 final.) [RT #19248]
1293 2618. [bug] The sdb and sdlz db_interator_seek() methods could
1294 loop infinitely. [RT #19847]
1296 2617. [bug] ifconfig.sh failed to emit an error message when
1297 run from the wrong location. [RT #19375]
1299 2616. [bug] 'host' used the nameservers from resolv.conf even
1300 when a explicit nameserver was specified. [RT #19852]
1302 2615. [bug] "__attribute__((unused))" was in the wrong place
1303 for ia64 gcc builds. [RT #19854]
1305 2614. [port] win32: 'named -v' should automatically be executed
1306 in the foreground. [RT #19844]
1310 --- 9.7.0a1 released ---
1312 2612. [func] Add default values for the arguments to
1313 dnssec-keygen. Without arguments, it will now
1314 generate a 1024-bit RSASHA1 zone-signing key,
1315 or with the -f KSK option, a 2048-bit RSASHA1
1316 key-signing key. [RT #19300]
1318 2611. [func] Add -l option to dnssec-dsfromkey to generate
1319 DLV records instead of DS records. [RT #19300]
1321 2610. [port] sunos: Change #2363 was not complete. [RT #19796]
1323 2609. [func] Simplify the configuration of dynamic zones:
1324 - add ddns-confgen command to generate
1325 configuration text for named.conf
1326 - add zone option "ddns-autoconf yes;", which
1327 causes named to generate a TSIG session key
1328 and allow updates to the zone using that key
1329 - add '-l' (localhost) option to nsupdate, which
1330 causes nsupdate to connect to a locally-running
1331 named process using the session key generated
1335 2608. [func] Perform post signing verification checks in
1336 dnssec-signzone. These can be disabled with -P.
1338 The post sign verification test ensures that for each
1339 algorithm in use there is at least one non revoked
1340 self signed KSK key. That all revoked KSK keys are
1341 self signed. That all records in the zone are signed
1342 by the algorithm. [RT #19653]
1344 2607. [bug] named could incorrectly delete NSEC3 records for
1345 empty nodes when processing a update request.
1348 2606. [bug] "delegation-only" was not being accepted in
1349 delegation-only type zones. [RT #19717]
1351 2605. [bug] Accept DS responses from delegation only zones.
1354 2604. [func] Add support for DNS rebinding attack prevention through
1355 new options, deny-answer-addresses and
1356 deny-answer-aliases. Based on contributed code from
1357 JD Nurmi, Google. [RT #18192]
1359 2603. [port] win32: handle .exe extension of named-checkzone and
1360 named-comilezone argv[0] names under windows.
1363 2602. [port] win32: fix debugging command line build of libisccfg.
1366 2601. [doc] Mention file creation mode mask in the
1369 2600. [doc] ARM: miscellaneous reformatting for different
1370 page widths. [RT #19574]
1372 2599. [bug] Address rapid memory growth when validation fails.
1375 2598. [func] Reserve the -F flag. [RT #19657]
1377 2597. [bug] Handle a validation failure with a insecure delegation
1378 from a NSEC3 signed master/slave zone. [RT #19464]
1380 2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
1381 long, leading to inefficient memory usage or rejecting
1382 newer cache entries in the worst case. [RT #19563]
1384 2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
1386 2594. [func] Have rndc warn if using its default configuration
1387 file when the key file also exists. [RT #19424]
1389 2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
1391 2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
1393 2591. [bug] named could die when processing a update in
1394 removed_orphaned_ds(). [RT #19507]
1396 2590. [func] Report zone/class of "update with no effect".
1399 2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
1402 2588. [bug] SO_REUSEADDR could be set unconditionally after failure
1403 of bind(2) call. This should be rare and mostly
1404 harmless, but may cause interference with other
1405 processes that happen to use the same port. [RT #19642]
1407 2587. [func] Improve logging by reporting serial numbers for
1408 when zone serial has gone backwards or unchanged.
1411 2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
1414 2585. [bug] Uninitialized socket name could be referenced via a
1415 statistics channel, triggering an assertion failure in
1416 XML rendering. [RT #19427]
1418 2584. [bug] alpha: gcc optimization could break atomic operations.
1421 2583. [port] netbsd: provide a control to not add the compile
1422 date to the version string, -DNO_VERSION_DATE.
1424 2582. [bug] Don't emit warning log message when we attempt to
1425 remove non-existent journal. [RT #19516]
1427 2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
1428 Requires MySQL 5.0.19 or later. [RT #19084]
1430 2580. [bug] UpdateRej statistics counter could be incremented twice
1431 for one rejection. [RT #19476]
1433 2579. [bug] DNSSEC lookaside validation failed to handle unknown
1434 algorithms. [RT #19479]
1436 2578. [bug] Changed default sig-signing-type to 65534, because
1437 65535 turns out to be reserved. [RT #19477]
1439 2577. [doc] Clarified some statistics counters. [RT #19454]
1441 2576. [bug] NSEC record were not being correctly signed when
1442 a zone transitions from insecure to secure.
1443 Handle such incorrectly signed zones. [RT #19114]
1445 2575. [func] New functions dns_name_fromstring() and
1446 dns_name_tostring(), to simplify conversion
1447 of a string to a dns_name structure and vice
1450 2574. [doc] Document nsupdate -g and -o. [RT #19351]
1452 2573. [bug] Replacing a non-CNAME record with a CNAME record in a
1453 single transaction in a signed zone failed. [RT #19397]
1455 2572. [func] Simplify DLV configuration, with a new option
1456 "dnssec-lookaside auto;" This is the equivalent
1457 of "dnssec-lookaside . trust-anchor dlv.isc.org;"
1458 plus setting a trusted-key for dlv.isc.org.
1460 Note: The trusted key is hard-coded into named,
1461 but is also stored in (and can be overridden
1462 by) $sysconfdir/bind.keys. As the ISC DLV key
1463 rolls over it can be kept up to date by replacing
1464 the bind.keys file with a key downloaded from
1465 https://www.isc.org/solutions/dlv. [RT #18685]
1467 2571. [func] Add a new tool "arpaname" which translates IP addresses
1468 to the corresponding IN-ADDR.ARPA or IP6.ARPA name.
1471 2570. [func] Log the destination address the query was sent to.
1474 2569. [func] Move journalprint, nsec3hash, and genrandom
1475 commands from bin/tests into bin/tools;
1476 "make install" will put them in $sbindir. [RT #19301]
1478 2568. [bug] Report when the write to indicate a otherwise
1479 successful start fails. [RT #19360]
1481 2567. [bug] dst__privstruct_writefile() could miss write errors.
1482 write_public_key() could miss write errors.
1483 dnssec-dsfromkey could miss write errors.
1486 2566. [cleanup] Clarify logged message when an insecure DNSSEC
1487 response arrives from a zone thought to be secure:
1488 "insecurity proof failed" instead of "not
1489 insecure". [RT #19400]
1491 2565. [func] Add support for HIP record. Includes new functions
1492 dns_rdata_hip_first(), dns_rdata_hip_next()
1493 and dns_rdata_hip_current(). [RT #19384]
1495 2564. [bug] Only take EDNS fallback steps when processing timeouts.
1498 2563. [bug] Dig could leak a socket causing it to wait forever
1499 to exit. [RT #19359]
1501 2562. [doc] ARM: miscellaneous improvements, reorganization,
1502 and some new content.
1504 2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
1506 2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
1508 2559. [bug] dnssec-dsfromkey could compute bad DS records when
1509 reading from a K* files. [RT #19357]
1511 2558. [func] Set the ownership of missing directories created
1512 for pid-file if -u has been specified on the command
1515 2557. [cleanup] PCI compliance:
1516 * new libisc log module file
1517 * isc_dir_chroot() now also changes the working
1519 * additional INSISTs
1520 * additional logging when files can't be removed.
1522 2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
1523 error checks in the correct order resulting in the
1524 wrong error code sometimes being returned. [RT #19249]
1526 2555. [func] dig: when emitting a hex dump also display the
1527 corresponding characters. [RT #19258]
1529 2554. [bug] Validation of uppercase queries from NSEC3 zones could
1532 2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
1534 2552. [bug] zero-no-soa-ttl-cache was not being honoured.
1537 2551. [bug] Potential Reference leak on return. [RT #19341]
1539 2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
1542 2549. [port] linux: define NR_OPEN if not currently defined.
1545 2548. [bug] Install iterated_hash.h. [RT #19335]
1547 2547. [bug] openssl_link.c:mem_realloc() could reference an
1548 out-of-range area of the source buffer. New public
1549 function isc_mem_reallocate() was introduced to address
1550 this bug. [RT #19313]
1552 2546. [func] Add --enable-openssl-hash configure flag to use
1553 OpenSSL (in place of internal routine) for hash
1554 functions (MD5, SHA[12] and HMAC). [RT #18815]
1556 2545. [doc] ARM: Legal hostname checking (check-names) is
1557 for SRV RDATA too. [RT #19304]
1559 2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
1561 2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
1563 2542. [doc] Update the description of dig +adflag. [RT #19290]
1565 2541. [bug] Conditionally update dispatch manager statistics.
1568 2540. [func] Add a nibble mode to $GENERATE. [RT #18872]
1570 2539. [security] Update the interaction between recursion, allow-query,
1571 allow-query-cache and allow-recursion. [RT #19198]
1573 2538. [bug] cache/ADB memory could grow over max-cache-size,
1574 especially with threads and smaller max-cache-size
1577 2537. [func] Added more statistics counters including those on socket
1578 I/O events and query RTT histograms. [RT #18802]
1580 2536. [cleanup] Silence some warnings when -Werror=format-security is
1581 specified. [RT #19083]
1583 2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
1585 2534. [func] Check NAPTR records regular expressions and
1586 replacement strings to ensure they are syntactically
1587 valid and consistant. [RT #18168]
1589 2533. [doc] ARM: document @ (at-sign). [RT #17144]
1591 2532. [bug] dig: check the question section of the response to
1592 see if it matches the asked question. [RT #18495]
1594 2531. [bug] Change #2207 was incomplete. [RT #19098]
1596 2530. [bug] named failed to reject insecure to secure transitions
1597 via UPDATE. [RT #19101]
1599 2529. [cleanup] Upgrade libtool to silence complaints from recent
1600 version of autoconf. [RT #18657]
1602 2528. [cleanup] Silence spurious configure warning about
1603 --datarootdir [RT #19096]
1607 2526. [func] New named option "attach-cache" that allows multiple
1608 views to share a single cache to save memory and
1609 improve lookup efficiency. Based on contributed code
1610 from Barclay Osborn, Google. [RT #18905]
1612 2525. [func] New logging category "query-errors" to provide detailed
1613 internal information about query failures, especially
1614 about server failures. [RT #19027]
1616 2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
1618 2523. [bug] Random type rdata freed by dns_nsec_typepresent().
1621 2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
1623 2521. [bug] Improve epoll cross compilation support. [RT #19047]
1625 2520. [bug] Update xml statistics version number to 2.0 as change
1626 #2388 made the schema incompatible to the previous
1627 version. [RT #19080]
1629 2519. [bug] dig/host with -4 or -6 didn't work if more than two
1630 nameserver addresses of the excluded address family
1631 preceded in resolv.conf. [RT #19081]
1633 2518. [func] Add support for the new CERT types from RFC 4398.
1636 2517. [bug] dig +trace with -4 or -6 failed when it chose a
1637 nameserver address of the excluded address type.
1640 2516. [bug] glue sort for responses was performed even when not
1643 2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
1646 2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
1647 a nameserver of the excluded address family.
1650 2513. [bug] Fix windows cli build. [RT #19062]
1652 2512. [func] Print a summary of the cached records which make up
1653 the negative response. [RT #18885]
1655 2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
1658 2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
1661 2509. [bug] Specifying a fixed query source port was broken.
1666 2507. [func] Log the recursion quota values when killing the
1667 oldest query or refusing to recurse due to quota.
1670 2506. [port] solaris: Check at configure time if
1671 hack_shutup_pthreadonceinit is needed. [RT #19037]
1673 2505. [port] Treat amd64 similarly to x86_64 when determining
1674 atomic operation support. [RT #19031]
1676 2504. [bug] Address race condition in the socket code. [RT #18899]
1678 2503. [port] linux: improve compatibility with Linux Standard
1681 2502. [cleanup] isc_radix: Improve compliance with coding style,
1682 document function in <isc/radix.h>. [RT #18534]
1684 2501. [func] $GENERATE now supports all rdata types. Multi-field
1685 rdata types need to be quoted. See the ARM for
1686 details. [RT #18368]
1688 2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
1689 function. [RT #18582]
1691 2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
1694 --- 9.6.0rc1 released ---
1696 2498. [bug] Removed a bogus function argument used with
1697 ISC_SOCKET_USE_POLLWATCH: it could cause compiler
1698 warning or crash named with the debug 1 level
1699 of logging. [RT #18917]
1701 2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
1704 2496. [bug] Add sanity length checks to NSID option. [RT #18813]
1706 2495. [bug] Tighten RRSIG checks. [RT #18795]
1708 2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
1709 installed. [RT #18826]
1711 2493. [bug] The linux capabilities code was not correctly cleaning
1712 up after itself. [RT #18767]
1714 2492. [func] Rndc status now reports the number of cpus discovered
1715 and the number of worker threads when running
1716 multi-threaded. [RT #18273]
1718 2491. [func] Attempt to re-use a local port if we are already using
1719 the port. [RT #18548]
1721 2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
1722 is cleared when IPV6_V6ONLY is set. [RT #18785]
1724 2489. [port] solaris: Workaround Solaris's kernel bug about
1726 http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
1727 Define ISC_SOCKET_USE_POLLWATCH at build time to enable
1728 this workaround. [RT #18870]
1730 2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
1731 from keyset and .key files. [RT #18694]
1733 2487. [bug] Give TCP connections longer to complete. [RT #18675]
1735 2486. [func] The default locations for named.pid and lwresd.pid
1736 are now /var/run/named/named.pid and
1737 /var/run/lwresd/lwresd.pid respectively.
1739 This allows the owner of the containing directory
1740 to be set, for "named -u" support, and allows there
1741 to be a permanent symbolic link in the path, for
1742 "named -t" support. [RT #18306]
1744 2485. [bug] Change update's the handling of obscured RRSIG
1745 records. Not all orphaned DS records were being
1746 removed. [RT #18828]
1748 2484. [bug] It was possible to trigger a REQUIRE failure when
1749 adding NSEC3 proofs to the response in
1750 query_addwildcardproof(). [RT #18828]
1752 2483. [port] win32: chroot() is not supported. [RT #18805]
1754 2482. [port] libxml2: support versions 2.7.* in addition
1755 to 2.6.*. [RT #18806]
1757 --- 9.6.0b1 released ---
1759 2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
1760 collisions. [RT #18812]
1762 2480. [bug] named could fail to emit all the required NSEC3
1763 records. [RT #18812]
1765 2479. [bug] xfrout:covers was not properly initialized. [RT #18801]
1767 2478. [bug] 'addresses' could be used uninitialized in
1768 configure_forward(). [RT #18800]
1770 2477. [bug] dig: the global option to print the command line is
1771 +cmd not print_cmd. Update the output to reflect
1774 2476. [doc] ARM: improve documentation for max-journal-size and
1775 ixfr-from-differences. [RT #15909] [RT #18541]
1777 2475. [bug] LRU cache cleanup under overmem condition could purge
1778 particular entries more aggressively. [RT #17628]
1780 2474. [bug] ACL structures could be allocated with insufficient
1781 space, causing an array overrun. [RT #18765]
1783 2473. [port] linux: raise the limit on open files to the possible
1784 maximum value before spawning threads; 'files'
1785 specified in named.conf doesn't seem to work with
1786 threads as expected. [RT #18784]
1788 2472. [port] linux: check the number of available cpu's before
1789 calling chroot as it depends on "/proc". [RT #16923]
1791 2471. [bug] named-checkzone was not reporting missing mandatory
1792 glue when sibling checks were disabled. [RT #18768]
1794 2470. [bug] Elements of the isc_radix_node_t could be incorrectly
1795 overwritten. [RT# 18719]
1797 2469. [port] solaris: Work around Solaris's select() limitations.
1800 2468. [bug] Resolver could try unreachable servers multiple times.
1803 2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
1805 2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
1808 2465. [bug] Adb's handling of lame addresses was different
1809 for IPv4 and IPv6. [RT #18738]
1811 2464. [port] linux: check that a capability is present before
1812 trying to set it. [RT #18135]
1814 2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
1815 API and glibc hides parts of the IPv6 Advanced Socket
1816 API as a result. This is stupid as it breaks how the
1817 two halves (Basic and Advanced) of the IPv6 Socket API
1818 were designed to be used but we have to live with it.
1819 Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
1822 2462. [doc] Document -m (enable memory usage debugging)
1823 option for dig. [RT #18757]
1825 2461. [port] sunos: Change #2363 was not complete. [RT #17513]
1827 --- 9.6.0a1 released ---
1829 2460. [bug] Don't call dns_db_getnsec3parameters() on the cache.
1832 2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
1834 2458. [doc] ARM: update and correction for max-cache-size.
1837 2457. [tuning] max-cache-size is reverted to 0, the previous
1838 default. It should be safe because expired cache
1839 entries are also purged. [RT #18684]
1841 2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
1842 address, regardless of family. They now correctly
1843 distinguish IPv4 from IPv6. [RT #18559]
1845 2455. [bug] Stop metadata being transferred via axfr/ixfr.
1848 2454. [func] nsupdate: you can now set a default ttl. [RT #18317]
1850 2453. [bug] Remove NULL pointer dereference in dns_journal_print().
1853 2452. [func] Improve bin/test/journalprint. [RT #18316]
1855 2451. [port] solaris: handle runtime linking better. [RT #18356]
1857 2450. [doc] Fix lwresd docbook problem for manual page.
1862 2448. [func] Add NSEC3 support. [RT #15452]
1864 2447. [cleanup] libbind has been split out as a separate product.
1866 2446. [func] Add a new log message about build options on startup.
1867 A new command-line option '-V' for named is also
1868 provided to show this information. [RT# 18645]
1870 2445. [doc] ARM out-of-date on empty reverse zones (list includes
1871 RFC1918 address, but these are not yet compiled in).
1874 2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
1875 (clear DF) for UDP responses and requests.
1877 2443. [bug] win32: UDP connect() would not generate an event,
1878 and so connected UDP sockets would never clean up.
1879 Fix this by doing an immediate WSAConnect() rather
1880 than an io completion port type for UDP.
1882 2442. [bug] A lock could be destroyed twice. [RT# 18626]
1884 2441. [bug] isc_radix_insert() could copy radix tree nodes
1885 incompletely. [RT #18573]
1887 2440. [bug] named-checkconf used an incorrect test to determine
1888 if an ACL was set to none.
1890 2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
1893 2438. [bug] Timeouts could be logged incorrectly under win32.
1895 2437. [bug] Sockets could be closed too early, leading to
1896 inconsistent states in the socket module. [RT #18298]
1898 2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
1900 2435. [bug] Fixed an ACL memory leak affecting win32.
1902 2434. [bug] Fixed a minor error-reporting bug in
1903 lib/isc/win32/socket.c.
1905 2433. [tuning] Set initial timeout to 800ms.
1907 2432. [bug] More Windows socket handling improvements. Stop
1908 using I/O events and use IO Completion Ports
1909 throughout. Rewrite the receive path logic to make
1910 it easier to support multiple simultaneous
1911 requesters in the future. Add stricter consistency
1912 checking as a compile-time option (define
1913 ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
1915 2431. [bug] Acl processing could leak memory. [RT #18323]
1917 2430. [bug] win32: isc_interval_set() could round down to
1918 zero if the input was less than NS_INTERVAL
1919 nanoseconds. Round up instead. [RT #18549]
1921 2429. [doc] nsupdate should be in section 1 of the man pages.
1924 2428. [bug] dns_iptable_merge() mishandled merges of negative
1927 2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
1928 was set. [RT #18528]
1930 2426. [bug] libbind: inet_net_pton() can sometimes return the
1931 wrong value if excessively large net masks are
1932 supplied. [RT #18512]
1934 2425. [bug] named didn't detect unavailable query source addresses
1935 at load time. [RT #18536]
1937 2424. [port] configure now probes for a working epoll
1938 implementation. Allow the use of kqueue,
1939 epoll and /dev/poll to be selected at compile
1942 2423. [security] Randomize server selection on queries, so as to
1943 make forgery a little more difficult. Instead of
1944 always preferring the server with the lowest RTT,
1945 pick a server with RTT within the same 128
1946 millisecond band. [RT #18441]
1948 2422. [bug] Handle the special return value of a empty node as
1949 if it was a NXRRSET in the validator. [RT #18447]
1951 2421. [func] Add new command line option '-S' for named to specify
1952 the max number of sockets. [RT #18493]
1953 Use caution: this option may not work for some
1954 operating systems without rebuilding named.
1956 2420. [bug] Windows socket handling cleanup. Let the io
1957 completion event send out canceled read/write
1958 done events, which keeps us from writing to memory
1959 we no longer have ownership of. Add debugging
1960 socket_log() function. Rework TCP socket handling
1961 to not leak sockets.
1963 2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
1964 should not be used for isc_sockettype_fdwatch sockets.
1967 2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
1970 2417. [bug] Connecting UDP sockets for outgoing queries could
1971 unexpectedly fail with an 'address already in use'
1974 2416. [func] Log file descriptors that cause exceeding the
1975 internal maximum. [RT #18460]
1977 2415. [bug] 'rndc dumpdb' could trigger various assertion failures
1978 in rbtdb.c. [RT #18455]
1980 2414. [bug] A masterdump context held the database lock too long,
1981 causing various troubles such as dead lock and
1982 recursive lock acquisition. [RT #18311, #18456]
1984 2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
1986 2412. [bug] win32: address a resource leak. [RT #18374]
1988 2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
1989 for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
1990 at compilation time. [RT #18433]
1992 Note: with changes #2469 and #2421 above, there is no
1993 need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
1996 2410. [bug] Correctly delete m_versionInfo. [RT #18432]
1998 2409. [bug] Only log that we disabled EDNS processing if we were
1999 subsequently successful. [RT #18029]
2001 2408. [bug] A duplicate TCP dispatch event could be sent, which
2002 could then trigger an assertion failure in
2003 resquery_response(). [RT #18275]
2005 2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2009 2405. [cleanup] The default value for dnssec-validation was changed to
2010 "yes" in 9.5.0-P1 and all subsequent releases; this
2011 was inadvertently omitted from CHANGES at the time.
2013 2404. [port] hpux: files unlimited support.
2015 2403. [bug] TSIG context leak. [RT #18341]
2017 2402. [port] Support Solaris 2.11 and over. [RT #18362]
2019 2401. [bug] Expect to get E[MN]FILE errno internal_accept()
2020 (from accept() or fcntl() system calls). [RT #18358]
2022 2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
2027 2398. [bug] Improve file descriptor management. New,
2028 temporary, named.conf option reserved-sockets,
2029 default 512. [RT #18344]
2031 2397. [bug] gssapi_functions had too many elements. [RT #18355]
2033 2396. [bug] Don't set SO_REUSEADDR for randomized ports.
2036 2395. [port] Avoid warning and no effect from "files unlimited"
2037 on Linux when running as root. [RT #18335]
2039 2394. [bug] Default configuration options set the limit for
2040 open files to 'unlimited' as described in the
2041 documentation. [RT #18331]
2043 2393. [bug] nested acls containing keys could trigger an
2044 assertion in acl.c. [RT #18166]
2046 2392. [bug] remove 'grep -q' from acl test script, some platforms
2047 don't support it. [RT #18253]
2049 2391. [port] hpux: cover additional recvmsg() error codes.
2052 2390. [bug] dispatch.c could make a false warning on 'odd socket'.
2055 2389. [bug] Move the "working directory writable" check to after
2056 the ns_os_changeuser() call. [RT #18326]
2058 2388. [bug] Avoid using tables for layout purposes in
2059 statistics XSL [RT #18159].
2061 2387. [bug] Silence compiler warnings in lib/isc/radix.c.
2062 [RT #18147] [RT #18258]
2064 2386. [func] Add warning about too small 'open files' limit.
2067 2385. [bug] A condition variable in socket.c could leak in
2068 rare error handling [RT #17968].
2070 2384. [security] Fully randomize UDP query ports to improve
2071 forgery resilience. [RT #17949, #18098]
2073 2383. [bug] named could double queries when they resulted in
2074 SERVFAIL due to overkilling EDNS0 failure detection.
2077 2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
2080 2381. [port] dlz/mysql: support multiple install layouts for
2081 mysql. <prefix>/include/{,mysql/}mysql.h and
2082 <prefix>/lib/{,mysql/}. [RT #18152]
2084 2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
2085 proofs which, in turn, caused validation failures
2086 for insecure zones immediately below a secure zone
2087 the server was authoritative for. [RT #18112]
2089 2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
2090 TLDs and supported RRs with TTLs [RT #17972]
2092 2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
2095 2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
2097 2376. [bug] Change #2144 was not complete.
2101 2374. [bug] "blackhole" ACLs could cause named to segfault due
2102 to some uninitialized memory. [RT #18095]
2104 2373. [bug] Default values of zone ACLs were re-parsed each time a
2105 new zone was configured, causing an overconsumption
2106 of memory. [RT #18092]
2108 2372. [bug] Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
2110 2371. [doc] Add +nsid option to dig man page. [RT #18039]
2112 2370. [bug] "rndc freeze" could trigger an assertion in named
2113 when called on a nonexistent zone. [RT #18050]
2115 2369. [bug] libbind: Array bounds overrun on read in bitncmp().
2118 2368. [port] Linux: use libcap for capability management if
2119 possible. [RT# 18026]
2121 2367. [bug] Improve counting of dns_resstatscounter_retry
2124 2366. [bug] Adb shutdown race. [RT #18021]
2126 2365. [bug] Fix a bug that caused dns_acl_isany() to return
2127 spurious results. [RT #18000]
2129 2364. [bug] named could trigger a assertion when serving a
2130 malformed signed zone. [RT #17828]
2132 2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
2135 2362. [cleanup] Make "rrset-order fixed" a compile-time option.
2136 settable by "./configure --enable-fixed-rrset".
2137 Disabled by default. [RT #17977]
2139 2361. [bug] "recursion" statistics counter could be counted
2140 multiple times for a single query. [RT #17990]
2142 2360. [bug] Fix a condition where we release a database version
2143 (which may acquire a lock) while holding the lock.
2145 2359. [bug] Fix NSID bug. [RT #17942]
2147 2358. [doc] Update host's default query description. [RT #17934]
2149 2357. [port] Don't use OpenSSL's engine support in versions before
2150 OpenSSL 0.9.7f. [RT #17922]
2152 2356. [bug] Built in mutex profiler was not scalable enough.
2155 2355. [func] Extend the number statistics counters available.
2158 2354. [bug] Failed to initialize some rdatasetheader_t elements.
2161 2353. [func] Add support for Name Server ID (RFC 5001).
2162 'dig +nsid' requests NSID from server.
2163 'request-nsid yes;' causes recursive server to send
2164 NSID requests to upstream servers. Server responds
2165 to NSID requests with the string configured by
2166 'server-id' option. [RT #17091]
2168 2352. [bug] Various GSS_API fixups. [RT #17729]
2170 2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
2172 2350. [port] win32: IPv6 support. [RT #17797]
2174 2349. [func] Provide incremental re-signing support for secure
2175 dynamic zones. [RT #1091]
2177 2348. [func] Use the EVP interface to OpenSSL. Add PKCS#11 support.
2178 Documentation is in the new README.pkcs11 file.
2179 New tool, dnssec-keyfromlabel, which takes the
2180 label of a key pair in a HSM and constructs a DNS
2181 key pair for use by named and dnssec-signzone.
2184 2347. [bug] Delete now traverses the RB tree in the canonical
2187 2346. [func] Memory statistics now cover all active memory contexts
2188 in increased detail. [RT #17580]
2190 2345. [bug] named-checkconf failed to detect when forwarders
2191 were set at both the options/view level and in
2192 a root zone. [RT #17671]
2194 2344. [bug] Improve "logging{ file ...; };" documentation.
2197 2343. [bug] (Seemingly) duplicate IPv6 entries could be
2198 created in ADB. [RT #17837]
2200 2342. [func] Use getifaddrs() if available under Linux. [RT #17224]
2202 2341. [bug] libbind: add missing -I../include for off source
2203 tree builds. [RT #17606]
2205 2340. [port] openbsd: interface configuration. [RT #17700]
2207 2339. [port] tru64: support for libbind. [RT #17589]
2209 2338. [bug] check_ds() could be called with a non DS rdataset.
2212 2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
2214 2336. [func] If "named -6" is specified then listen on all IPv6
2215 interfaces if there are not listen-on-v6 clauses in
2216 named.conf. [RT #17581]
2218 2335. [port] sunos: libbind and *printf() support for long long.
2221 2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
2222 bug in fromstruct_txt(). [RT #17609]
2224 2333. [bug] Fix off by one error in isc_time_nowplusinterval().
2227 2332. [contrib] query-loc-0.4.0. [RT #17602]
2229 2331. [bug] Failure to regenerate any signatures was not being
2230 reported nor being past back to the UPDATE client.
2233 2330. [bug] Remove potential race condition when handling
2234 over memory events. [RT #17572]
2236 WARNING: API CHANGE: over memory callback
2237 function now needs to call isc_mem_waterack().
2238 See <isc/mem.h> for details.
2240 2329. [bug] Clearer help text for dig's '-x' and '-i' options.
2242 2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
2243 F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
2244 J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
2247 2327. [bug] It was possible to dereference a NULL pointer in
2248 rbtdb.c. Implement dead node processing in zones as
2249 we do for caches. [RT #17312]
2251 2326. [bug] It was possible to trigger a INSIST in the acache
2254 2325. [port] Linux: use capset() function if available. [RT #17557]
2256 2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
2258 2323. [port] tru64: namespace clash. [RT #17547]
2260 2322. [port] MacOS: work around the limitation of setrlimit()
2261 for RLIMIT_NOFILE. [RT #17526]
2265 2320. [func] Make statistics counters thread-safe for platforms
2266 that support certain atomic operations. [RT #17466]
2268 2319. [bug] Silence Coverity warnings in
2269 lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2271 2318. [port] sunos fixes for libbind. [RT #17514]
2273 2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
2275 2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
2278 2315. [bug] Used incorrect address family for mapped IPv4
2279 addresses in acl.c. [RT #17519]
2281 2314. [bug] Uninitialized memory use on error path in
2282 bin/named/lwdnoop.c. [RT #17476]
2284 2313. [cleanup] Silence Coverity warnings. Handle private stacks.
2285 [RT #17447] [RT #17478]
2287 2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
2290 2311. [bug] IPv6 addresses could match IPv4 ACL entries and
2291 vice versa. [RT #17462]
2293 2310. [bug] dig, host, nslookup: flush stdout before emitting
2294 debug/fatal messages. [RT #17501]
2296 2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
2299 2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
2302 2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
2304 2306. [bug] Remove potential race from lib/dns/resolver.c.
2307 2305. [security] inet_network() buffer overflow. CVE-2008-0122.
2309 2304. [bug] Check returns from all dns_rdata_tostruct() calls.
2312 2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
2315 2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
2317 2301. [bug] Remove resource leak and fix error messages in
2318 bin/tests/system/lwresd/lwtest.c. [RT #17474]
2320 2300. [bug] Fixed failure to close open file in
2321 bin/tests/names/t_names.c. [RT #17473]
2323 2299. [bug] Remove unnecessary NULL check in
2324 bin/nsupdate/nsupdate.c. [RT #17475]
2326 2298. [bug] isc_mutex_lock() failure not caught in
2327 bin/tests/timers/t_timers.c. [RT #17468]
2329 2297. [bug] isc_entropy_createfilesource() failure not caught in
2330 bin/tests/dst/t_dst.c. [RT #17467]
2332 2296. [port] Allow docbook stylesheet location to be specified to
2333 configure. [RT #17457]
2335 2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
2338 2294. [func] Allow the experimental statistics channels to have
2339 multiple connections and ACL.
2340 Note: the stats-server and stats-server-v6 options
2341 available in the previous beta releases are replaced
2342 with the generic statistics-channels statement.
2344 2293. [func] Add ACL regression test. [RT #17375]
2346 2292. [bug] Log if the working directory is not writable.
2349 2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
2350 failure to set PR_SET_DUMPABLE. [RT #17312]
2352 2290. [bug] Let AD in the query signal that the client wants AD
2353 set in the response. [RT #17301]
2355 2289. [func] named-checkzone now reports the out-of-zone CNAME
2358 2288. [port] win32: mark service as running when we have finished
2359 loading. [RT #17441]
2361 2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
2363 2286. [func] Allow a TCP connection to be used as a weak
2364 authentication method for reverse zones.
2365 New update-policy methods tcp-self and 6to4-self.
2368 2285. [func] Test framework for client memory context management.
2371 2284. [bug] Memory leak in UPDATE prerequisite processing.
2374 2283. [bug] TSIG keys were not attaching to the memory
2375 context. TSIG keys should use the rings
2376 memory context rather than the clients memory
2377 context. [RT #17377]
2379 2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
2381 2281. [bug] Attempts to use undefined acls were not being logged.
2384 2280. [func] Allow the experimental http server to be reached
2385 over IPv6 as well as IPv4. [RT #17332]
2387 2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
2388 to protect applications from receiving spurious
2389 SIGPIPE signals when using the resolver.
2391 2278. [bug] win32: handle the case where Windows returns no
2392 search list or DNS suffix. [RT #17354]
2394 2277. [bug] Empty zone names were not correctly being caught at
2395 in the post parse checks. [RT #17357]
2397 2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
2399 2275. [func] Add support to dig to perform IXFR queries over UDP.
2402 2274. [func] Log zone transfer statistics. [RT #17336]
2404 2273. [bug] Adjust log level to WARNING when saving inconsistent
2405 stub/slave master and journal files. [RT# 17279]
2407 2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
2410 2271. [bug] Fix a memory leak in http server code [RT #17100]
2412 2270. [bug] dns_db_closeversion() version->writer could be reset
2413 before it is tested. [RT #17290]
2415 2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
2417 2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
2420 --- 9.5.0b1 released ---
2422 2267. [bug] Radix tree node_num value could be set incorrectly,
2423 causing positive ACL matches to look like negative
2426 2266. [bug] client.c:get_clientmctx() returned the same mctx
2427 once the pool of mctx's was filled. [RT #17218]
2429 2265. [bug] Test that the memory context's basic_table is non NULL
2430 before freeing. [RT #17265]
2432 2264. [bug] Server prefix length was being ignored. [RT #17308]
2434 2263. [bug] "named-checkconf -z" failed to set default value
2435 for "check-integrity". [RT #17306]
2437 2262. [bug] Error status from all but the last view could be
2440 2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
2442 2260. [bug] Reported wrong clients-per-query when increasing the
2447 --- 9.5.0a7 released ---
2449 2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
2452 2257. [bug] win32: Use the full path to vcredist_x86.exe when
2453 calling it. [RT #17222]
2455 2256. [bug] win32: Correctly register the installation location of
2456 bindevt.dll. [RT #17159]
2458 2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
2460 2254. [bug] timer.c:dispatch() failed to lock timer->lock
2461 when reading timer->idle allowing it to see
2462 intermediate values as timer->idle was reset by
2463 isc_timer_touch(). [RT #17243]
2465 2253. [func] "max-cache-size" defaults to 32M.
2466 "max-acache-size" defaults to 16M.
2468 2252. [bug] Fixed errors in sortlist code [RT #17216]
2472 2250. [func] New flag 'memstatistics' to state whether the
2473 memory statistics file should be written or not.
2474 Additionally named's -m option will cause the
2475 statistics file to be written. [RT #17113]
2477 2249. [bug] Only set Authentic Data bit if client requested
2478 DNSSEC, per RFC 3655 [RT #17175]
2480 2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
2482 2247. [doc] Sort doc/misc/options. [RT #17067]
2484 2246. [bug] Make the startup of test servers (ans.pl) more
2487 2245. [bug] Validating lack of DS records at trust anchors wasn't
2488 working. [RT #17151]
2490 2244. [func] Allow the check of nameserver names against the
2491 SOA MNAME field to be disabled by specifying
2492 'notify-to-soa yes;'. [RT #17073]
2494 2243. [func] Configuration files without a newline at the end now
2495 parse without error. [RT #17120]
2497 2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
2498 library could require a source of random data.
2501 2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
2503 2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
2504 a number of INSIST()s into plain fatal() errors
2505 which report the triggering result code.
2506 The 'key' command wasn't disabling GSS-TSIG.
2509 2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
2511 2238. [bug] It was possible to trigger a REQUIRE when a
2512 validation was canceled. [RT #17106]
2514 2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
2516 2236. [bug] dnssec-signzone failed to preserve the case of
2517 of wildcard owner names. [RT #17085]
2519 2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2521 2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
2523 2233. [func] Add support for O(1) ACL processing, based on
2524 radix tree code originally written by Kevin
2525 Brintnall. [RT #16288]
2527 2232. [bug] dns_adb_findaddrinfo() could fail and return
2528 ISC_R_SUCCESS. [RT #17137]
2530 2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
2533 2230. [bug] We could INSIST reading a corrupted journal.
2536 2229. [bug] Null pointer dereference on query pool creation
2537 failure. [RT #17133]
2539 2228. [contrib] contrib: Change 2188 was incomplete.
2541 2227. [cleanup] Tidied up the FAQ. [RT #17121]
2545 2225. [bug] More support for systems with no IPv4 addresses.
2548 2224. [bug] Defer journal compaction if a xfrin is in progress.
2551 2223. [bug] Make a new journal when compacting. [RT #17119]
2553 2222. [func] named-checkconf now checks server key references.
2556 2221. [bug] Set the event result code to reflect the actual
2557 record turned to caller when a cache update is
2558 rejected due to a more credible answer existing.
2561 2220. [bug] win32: Address a race condition in final shutdown of
2562 the Windows socket code. [RT #17028]
2564 2219. [bug] Apply zone consistency checks to additions, not
2565 removals, when updating. [RT #17049]
2567 2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
2570 2217. [func] Adjust update log levels. [RT #17092]
2572 2216. [cleanup] Fix a number of errors reported by Coverity.
2575 2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
2577 2214. [bug] Deregister OpenSSL lock callback when cleaning
2578 up. Reorder OpenSSL cleanup so that RAND_cleanup()
2579 is called before the locks are destroyed. [RT #17098]
2581 2213. [bug] SIG0 diagnostic failure messages were looking at the
2582 wrong status code. [RT #17101]
2584 2212. [func] 'host -m' now causes memory statistics and active
2585 memory to be printed at exit. [RT 17028]
2587 2211. [func] Update "dynamic update temporarily disabled" message.
2590 2210. [bug] Deleting class specific records via UPDATE could
2593 2209. [port] osx: linking against user supplied static OpenSSL
2594 libraries failed as the system ones were still being
2597 2208. [port] win32: make sure both build methods produce the
2598 same output. [RT #17058]
2600 2207. [port] Some implementations of getaddrinfo() fail to set
2601 ai_canonname correctly. [RT #17061]
2603 --- 9.5.0a6 released ---
2605 2206. [security] "allow-query-cache" and "allow-recursion" now
2606 cross inherit from each other.
2608 If allow-query-cache is not set in named.conf then
2609 allow-recursion is used if set, otherwise allow-query
2610 is used if set, otherwise the default (localnets;
2611 localhost;) is used.
2613 If allow-recursion is not set in named.conf then
2614 allow-query-cache is used if set, otherwise allow-query
2615 is used if set, otherwise the default (localnets;
2616 localhost;) is used.
2620 2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
2622 2204. [bug] "rndc flushanme name unknown-view" caused named
2623 to crash. [RT #16984]
2625 2203. [security] Query id generation was cryptographically weak.
2628 2202. [security] The default acls for allow-query-cache and
2629 allow-recursion were not being applied. [RT #16960]
2631 2201. [bug] The build failed in a separate object directory.
2634 2200. [bug] The search for cached NSEC records was stopping to
2635 early leading to excessive DLV queries. [RT #16930]
2637 2199. [bug] win32: don't call WSAStartup() while loading dlls.
2640 2198. [bug] win32: RegCloseKey() could be called when
2641 RegOpenKeyEx() failed. [RT #16911]
2643 2197. [bug] Add INSIST to catch negative responses which are
2644 not setting the event result code appropriately.
2647 2196. [port] win32: yield processor while waiting for once to
2648 to complete. [RT #16958]
2650 2195. [func] dnssec-keygen now defaults to nametype "ZONE"
2651 when generating DNSKEYs. [RT #16954]
2653 2194. [bug] Close journal before calling 'done' in xfrin.c.
2655 --- 9.5.0a5 released ---
2657 2193. [port] win32: BINDInstall.exe is now linked statically.
2660 2192. [port] win32: use vcredist_x86.exe to install Visual
2661 Studio's redistributable dlls if building with
2662 Visual Stdio 2005 or later.
2664 2191. [func] named-checkzone now allows dumping to stdout (-).
2665 named-checkconf now has -h for help.
2666 named-checkzone now has -h for help.
2667 rndc now has -h for help.
2668 Better handling of '-?' for usage summaries.
2671 2190. [func] Make fallback to plain DNS from EDNS due to timeouts
2672 more visible. New logging category "edns-disabled".
2675 2189. [bug] Handle socket() returning EINTR. [RT #15949]
2677 2188. [contrib] queryperf: autoconf changes to make the search for
2678 libresolv or libbind more robust. [RT #16299]
2680 2187. [bug] query_addds(), query_addwildcardproof() and
2681 query_addnxrrsetnsec() should take a version
2682 argument. [RT #16368]
2684 2186. [port] cygwin: libbind: check for struct sockaddr_storage
2685 independently of IPv6. [RT #16482]
2687 2185. [port] sunos: libbind: check for ssize_t, memmove() and
2688 memchr(). [RT #16463]
2690 2184. [bug] bind9.xsl.h didn't build out of the source tree.
2693 2183. [bug] dnssec-signzone didn't handle offline private keys
2696 2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
2697 could return ISC_R_SUCCESS when they ran out of
2700 2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
2702 2180. [cleanup] Remove bit test from 'compress_test' as they
2703 are no longer needed. [RT #16497]
2705 2179. [func] 'rndc command zone' will now find 'zone' if it is
2706 unique to all the views. [RT #16821]
2708 2178. [bug] 'rndc reload' of a slave or stub zone resulted in
2709 a reference leak. [RT #16867]
2711 2177. [bug] Array bounds overrun on read (rcodetext) at
2712 debug level 10+. [RT #16798]
2714 2176. [contrib] dbus update to handle race condition during
2715 initialization (Bugzilla 235809). [RT #16842]
2717 2175. [bug] win32: windows broadcast condition variable support
2718 was broken. [RT #16592]
2720 2174. [bug] I/O errors should always be fatal when reading
2721 master files. [RT #16825]
2723 2173. [port] win32: When compiling with MSVS 2005 SP1 we also
2724 need to ship Microsoft.VC80.MFCLOC.
2726 --- 9.5.0a4 released ---
2728 2172. [bug] query_addsoa() was being called with a non zone db.
2731 2171. [bug] Handle breaks in DNSSEC trust chains where the parent
2732 servers are not DS aware (DS queries to the parent
2733 return a referral to the child).
2735 2170. [func] Add acache processing to test suite. [RT #16711]
2737 2169. [bug] host, nslookup: when reporting NXDOMAIN report the
2738 given name and not the last name searched for.
2741 2168. [bug] nsupdate: in non-interactive mode treat syntax errors
2742 as fatal errors. [RT #16785]
2744 2167. [bug] When re-using a automatic zone named failed to
2745 attach it to the new view. [RT #16786]
2747 --- 9.5.0a3 released ---
2749 2166. [bug] When running in batch mode, dig could misinterpret
2750 a server address as a name to be looked up, causing
2751 unexpected output. [RT #16743]
2753 2165. [func] Allow the destination address of a query to determine
2754 if we will answer the query or recurse.
2755 allow-query-on, allow-recursion-on and
2756 allow-query-cache-on. [RT #16291]
2758 2164. [bug] The code to determine how named-checkzone /
2759 named-compilezone was called failed under windows.
2762 2163. [bug] If only one of query-source and query-source-v6
2763 specified a port the query pools code broke (change
2766 2162. [func] Allow "rrset-order fixed" to be disabled at compile
2769 2161. [bug] Fix which log messages are emitted for 'rndc flush'.
2772 2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
2773 from getifaddrs(). [RT #16708]
2775 --- 9.5.0a2 released ---
2777 2159. [bug] Array bounds overrun in acache processing. [RT #16710]
2779 2158. [bug] ns_client_isself() failed to initialize key
2780 leading to a REQUIRE failure. [RT #16688]
2782 2157. [func] dns_db_transfernode() created. [RT #16685]
2784 2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
2785 resolver.c:validated() and resolver.c:cache_name().
2786 Fix a memory leak in rbtdb.c:free_noqname().
2787 Make lookup.c:lookup_find() robust against
2788 event leaks. [RT #16685]
2790 2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
2793 2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
2794 matched in acls by omitting the scope. [RT #16599]
2796 2153. [bug] nsupdate could leak memory. [RT #16691]
2798 2152. [cleanup] Use sizeof(buf) instead of fixed number in
2799 dighost.c:get_trusted_key(). [RT #16678]
2801 2151. [bug] Missing newline in usage message for journalprint.
2804 2150. [bug] 'rrset-order cyclic' uniformly distribute the
2805 starting point for the first response for a given
2808 2149. [bug] isc_mem_checkdestroyed() failed to abort on
2809 if there were still active memory contexts.
2812 2148. [func] Add positive logging for rndc commands. [RT #14623]
2814 2147. [bug] libbind: remove potential buffer overflow from
2815 hmac_link.c. [RT #16437]
2817 2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
2818 SO_BSDCOMPAT" message. [RT #16641]
2820 2145. [bug] Check DS/DLV digest lengths for known digests.
2823 2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
2826 2143. [bug] We failed to restart the IPv6 client when the
2827 kernel failed to return the destination the
2828 packet was sent to. [RT #16613]
2830 2142. [bug] Handle master files with a modification time that
2831 matches the epoch. [RT# 16612]
2833 2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
2834 equivalent of LDH checks). [RT #16609]
2836 2140. [bug] libbind: missing unlock on pthread_key_create()
2837 failures. [RT #16654]
2839 2139. [bug] dns_view_find() was being called with wrong type
2840 in adb.c. [RT #16670]
2842 2138. [bug] Lock order reversal in resolver.c. [RT #16653]
2844 2137. [port] Mips little endian and/or mips 64 bit are now
2845 supported for atomic operations. [RT#16648]
2847 2136. [bug] nslookup/host looped if there was no search list
2848 and the host didn't exist. [RT #16657]
2850 2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
2852 2134. [func] Additional statistics support. [RT #16666]
2854 2133. [port] powerpc: Support both IBM and MacOS Power PC
2855 assembler syntaxes. [RT #16647]
2857 2132. [bug] Missing unlock on out of memory in
2858 dns_dispatchmgr_setudp().
2860 2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
2862 2130. [func] Log if CD or DO were set. [RT #16640]
2864 2129. [func] Provide a pool of UDP sockets for queries to be
2865 made over. See use-queryport-pool, queryport-pool-ports
2866 and queryport-pool-updateinterval. [RT #16415]
2868 2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
2870 2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
2872 2126. [security] Serialize validation of type ANY responses. [RT #16555]
2874 2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
2875 was defined. [RT #16574]
2877 2124. [security] It was possible to dereference a freed fetch
2878 context. [RT #16584]
2880 --- 9.5.0a1 released ---
2882 2123. [func] Use Doxygen to generate internal documentation.
2885 2122. [func] Experimental http server and statistics support
2888 2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
2889 second timeout. [RT #16553]
2891 2120. [doc] Fix markup on nsupdate man page. [RT #16556]
2893 2119. [compat] libbind: allow res_init() to succeed enough to
2894 return the default domain even if it was unable
2897 2118. [bug] Handle response with long chains of domain name
2898 compression pointers which point to other compression
2899 pointers. [RT #16427]
2901 2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
2902 which could lead to validation failures. named didn't
2903 handle negative DS responses that were in the process
2904 of being validated. Check CNAME bit before accepting
2905 NODATA proof. To be able to ignore a child NSEC there
2906 must be SOA (and NS) set in the bitmap. [RT #16399]
2908 2116. [bug] 'rndc reload' could cause the cache to continually
2909 be cleaned. [RT #16401]
2911 2115. [bug] 'rndc reconfig' could trigger a INSIST if the
2912 number of masters for a zone was reduced. [RT #16444]
2914 2114. [bug] dig/host/nslookup: searches for names with multiple
2915 labels were failing. [RT #16447]
2917 2113. [bug] nsupdate: if a zone is specified it should be used
2918 for server discover. [RT# 16455]
2920 2112. [security] Warn if weak RSA exponent is used. [RT #16460]
2922 2111. [bug] Fix a number of errors reported by Coverity.
2925 2110. [bug] "minimal-responses yes;" interacted badly with BIND 8
2926 priming queries. [RT #16491]
2928 2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
2930 2108. [func] DHCID support. [RT #16456]
2932 2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
2934 2106. [func] 'rndc status' now reports named's version. [RT #16426]
2936 2105. [func] GSS-TSIG support (RFC 3645).
2938 2104. [port] Fix Solaris SMF error message.
2940 2103. [port] Add /usr/sfw to list of locations for OpenSSL
2943 2102. [port] Silence Solaris 10 warnings.
2945 2101. [bug] OpenSSL version checks were not quite right.
2948 2100. [port] win32: copy libeay32.dll to Build\Debug.
2949 Copy Debug\named-checkzone to Debug\named-compilezone.
2951 2099. [port] win32: more manifest issues.
2953 2098. [bug] Race in rbtdb.c:no_references(), which occasionally
2954 triggered an INSIST failure about the node lock
2955 reference. [RT #16411]
2957 2097. [bug] named could reference a destroyed memory context
2958 after being reloaded / reconfigured. [RT #16428]
2960 2096. [bug] libbind: handle applications that fail to detect
2961 res_init() failures better.
2963 2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
2964 net_cidr_ntop_ipv6(). [RT #16388]
2966 2094. [contrib] Update named-bootconf. [RT# 16404]
2968 2093. [bug] named-checkzone -s was broken.
2970 2092. [bug] win32: dig, host, nslookup. Use registry config
2971 if resolv.conf does not exist or no nameservers
2974 2091. [port] dighost.c: race condition on cleanup. [RT #16417]
2976 2090. [port] win32: Visual C++ 2005 command line manifest support.
2979 2089. [security] Raise the minimum safe OpenSSL versions to
2980 OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
2981 prior to these have known security flaws which
2982 are (potentially) exploitable in named. [RT #16391]
2984 2088. [security] Change the default RSA exponent from 3 to 65537.
2987 2087. [port] libisc failed to compile on OS's w/o a vsnprintf.
2990 2086. [port] libbind: FreeBSD now has get*by*_r() functions.
2993 2085. [doc] win32: added index.html and README to zip. [RT #16201]
2995 2084. [contrib] dbus update for 9.3.3rc2.
2997 2083. [port] win32: Visual C++ 2005 support.
2999 2082. [doc] Document 'cache-file' as a test only option.
3001 2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
3004 2080. [port] libbind: res_init.c did not compile on older versions
3005 of Solaris. [RT #16363]
3007 2079. [bug] The lame cache was not handling multiple types
3008 correctly. [RT #16361]
3010 2078. [bug] dnssec-checkzone output style "default" was badly
3011 named. It is now called "relative". [RT #16326]
3013 2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the
3014 complete signed zone. [RT #16326]
3016 2076. [bug] Several files were missing #include <config.h>
3017 causing build failures on OSF. [RT #16341]
3019 2075. [bug] The spillat timer event hander could leak memory.
3022 2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
3023 dns_request_createraw2() and dns_request_createraw3()
3024 failed to send multiple UDP requests. [RT #16349]
3026 2073. [bug] Incorrect semantics check for update policy "wildcard".
3029 2072. [bug] We were not generating valid HMAC SHA digests.
3032 2071. [port] Test whether gcc accepts -fno-strict-aliasing.
3035 2070. [bug] The remote address was not always displayed when
3036 reporting dispatch failures. [RT #16315]
3038 2069. [bug] Cross compiling was not working. [RT #16330]
3040 2068. [cleanup] Lower incremental tuning message to debug 1.
3043 2067. [bug] 'rndc' could close the socket too early triggering
3044 a INSIST under Windows. [RT #16317]
3046 2066. [security] Handle SIG queries gracefully. [RT #16300]
3048 2065. [bug] libbind: probe for HPUX prototypes for
3049 endprotoent_r() and endservent_r(). [RT 16313]
3051 2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
3053 2063. [bug] Change #1955 introduced a bug which caused the first
3054 'rndc flush' call to not free memory. [RT #16244]
3056 2062. [bug] 'dig +nssearch' was reusing a buffer before it had
3057 been returned by the socket code. [RT #16307]
3059 2061. [bug] Accept expired wildcard message reversed. [RT #16296]
3061 2060. [bug] Enabling DLZ support could leave views partially
3062 configured. [RT #16295]
3064 2059. [bug] Search into cache rbtdb could trigger an INSIST
3065 failure while cleaning up a stale rdataset.
3068 2058. [bug] Adjust how we calculate rtt estimates in the presence
3069 of authoritative servers that drop EDNS and/or CD
3070 requests. Also fallback to EDNS/512 and plain DNS
3071 faster for zones with less than 3 servers. [RT #16187]
3073 2057. [bug] Make setting "ra" dependent on both allow-query-cache
3074 and allow-recursion. [RT #16290]
3076 2056. [bug] dig: ixfr= was not being treated case insensitively
3077 at all times. [RT #15955]
3079 2055. [bug] Missing goto after dropping multicast query.
3082 2054. [port] freebsd: do not explicitly link against -lpthread.
3085 2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
3087 2052. [bug] 'rndc' improve connect failed message to report
3088 the failing address. [RT #15978]
3090 2051. [port] More strtol() fixes. [RT #16249]
3092 2050. [bug] Parsing of NSAP records was not case insensitive.
3095 2049. [bug] Restore SOA before AXFR when falling back from
3096 a attempted IXFR when transferring in a zone.
3097 Allow a initial SOA query before attempting
3098 a AXFR to be requested. [RT #16156]
3100 2048. [bug] It was possible to loop forever when using
3101 avoid-v4-udp-ports / avoid-v6-udp-ports when
3102 the OS always returned the same local port.
3105 2047. [bug] Failed to initialize the interface flags to zero.
3108 2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
3109 cleanup [RT #16247].
3111 2045. [func] Use lock buckets for acache entries to limit memory
3112 consumption. [RT #16183]
3114 2044. [port] Add support for atomic operations for Itanium.
3117 2043. [port] nsupdate/nslookup: Force the flushing of the prompt
3118 for interactive sessions. [RT#16148]
3120 2042. [bug] named-checkconf was incorrectly rejecting the
3121 logging category "config". [RT #16117]
3123 2041. [bug] "configure --with-dlz-bdb=yes" produced a bad
3124 set of libraries to be linked. [RT #16129]
3126 2040. [bug] rbtdb no_references() could trigger an INSIST
3127 failure with --enable-atomic. [RT #16022]
3129 2039. [func] Check that all buffers passed to the socket code
3130 have been retrieved when the socket event is freed.
3133 2038. [bug] dig/nslookup/host was unlinking from wrong list
3134 when handling errors. [RT #16122]
3136 2037. [func] When unlinking the first or last element in a list
3137 check that the list head points to the element to
3138 be unlinked. [RT #15959]
3140 2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
3143 2035. [func] Make falling back to TCP on UDP refresh failure
3144 optional. Default "try-tcp-refresh yes;" for BIND 8
3145 compatibility. [RT #16123]
3147 2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
3149 2033. [bug] We weren't creating multiple client memory contexts
3150 on demand as expected. [RT #16095]
3152 2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
3154 2031. [bug] Emit a error message when "rndc refresh" is called on
3155 a non slave/stub zone. [RT # 16073]
3157 2030. [bug] We were being overly conservative when disabling
3158 openssl engine support. [RT #16030]
3160 2029. [bug] host printed out the server multiple times when
3161 specified on the command line. [RT #15992]
3163 2028. [port] linux: socket.c compatibility for old systems.
3166 2027. [port] libbind: Solaris x86 support. [RT #16020]
3168 2026. [bug] Rate limit the two recursive client exceeded messages.
3171 2025. [func] Update "zone serial unchanged" message. [RT #16026]
3173 2024. [bug] named emitted spurious "zone serial unchanged"
3174 messages on reload. [RT #16027]
3176 2023. [bug] "make install" should create ${localstatedir}/run and
3177 ${sysconfdir} if they do not exist. [RT #16033]
3179 2022. [bug] If dnssec validation is disabled only assert CD if
3180 CD was requested. [RT #16037]
3182 2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037]
3184 2020. [bug] rdataset_setadditional() could leak memory. [RT #16034]
3186 2019. [tuning] Reduce the amount of work performed per quantum
3187 when cleaning the cache. [RT #15986]
3189 2018. [bug] Checking if the HMAC MD5 private file was broken.
3192 2017. [bug] allow-query default was not correct. [RT #15946]
3194 2016. [bug] Return a partial answer if recursion is not
3195 allowed but requested and we had the answer
3196 to the original qname. [RT #15945]
3198 2015. [cleanup] use-additional-cache is now acache-enable for
3199 consistency. Default acache-enable off in BIND 9.4
3200 as it requires memory usage to be configured.
3201 It may be enabled by default in BIND 9.5 once we
3202 have more experience with it.
3204 2014. [func] Statistics about acache now recorded and sent
3207 2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
3208 responses more gracefully. [RT #15941]
3210 2012. [func] Don't insert new acache entries if acache is full.
3213 2011. [func] dnssec-signzone can now update the SOA record of
3214 the signed zone, either as an increment or as the
3215 system time(). [RT #15633]
3217 2010. [placeholder] rt15958
3219 2009. [bug] libbind: Coverity fixes. [RT #15808]
3221 2008. [func] It is now possible to enable/disable DNSSEC
3222 validation from rndc. This is useful for the
3223 mobile hosts where the current connection point
3224 breaks DNSSEC (firewall/proxy). [RT #15592]
3226 rndc validation newstate [view]
3228 2007. [func] It is now possible to explicitly enable DNSSEC
3229 validation. default dnssec-validation no; to
3230 be changed to yes in 9.5.0. [RT #15674]
3232 2006. [security] Allow-query-cache and allow-recursion now default
3233 to the built in acls "localnets" and "localhost".
3235 This is being done to make caching servers less
3236 attractive as reflective amplifying targets for
3237 spoofed traffic. This still leave authoritative
3240 The best fix is for full BCP 38 deployment to
3241 remove spoofed traffic.
3243 2005. [bug] libbind: Retransmission timeouts should be
3244 based on which attempt it is to the nameserver
3245 and not the nameserver itself. [RT #13548]
3247 2004. [bug] dns_tsig_sign() could pass a NULL pointer to
3248 dst_context_destroy() when cleaning up after a
3251 2003. [bug] libbind: The DNS name/address lookup functions could
3252 occasionally follow a random pointer due to
3253 structures not being completely zeroed. [RT #15806]
3255 2002. [bug] libbind: tighten the constraints on when
3256 struct addrinfo._ai_pad exists. [RT #15783]
3258 2001. [func] Check the KSK flag when updating a secure dynamic zone.
3259 New zone option "update-check-ksk yes;". [RT #15817]
3261 2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812]
3263 1999. [func] Implement "rrset-order fixed". [RT #13662]
3265 1998. [bug] Restrict handling of fifos as sockets to just SunOS.
3266 This allows named to connect to entropy gathering
3267 daemons that use fifos instead of sockets. [RT #15840]
3269 1997. [bug] Named was failing to replace negative cache entries
3270 when a positive one for the type was learnt.
3273 1996. [bug] nsupdate: if a zone has been specified it should
3274 appear in the output of 'show'. [RT #15797]
3276 1995. [bug] 'host' was reporting multiple "is an alias" messages.
3279 1994. [port] OpenSSL 0.9.8 support. [RT #15694]
3281 1993. [bug] Log messages, via syslog, were missing the space
3282 after the timestamp if "print-time yes" was specified.
3285 1992. [bug] Not all incoming zone transfer messages included the
3288 1991. [cleanup] The configuration data, once read, should be treated
3289 as read only. Expand the use of const to enforce this
3290 at compile time. [RT #15813]
3292 1990. [bug] libbind: isc's override of broken gettimeofday()
3293 implementations was not always effective.
3296 1989. [bug] win32: don't check the service password when
3297 re-installing. [RT #15882]
3299 1988. [bug] Remove a bus error from the SHA256/SHA512 support.
3302 1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
3304 1986. [func] Report when a zone is removed. [RT #15849]
3306 1985. [protocol] DLV has now been assigned a official type code of
3309 Note: care should be taken to ensure you upgrade
3310 both named and dnssec-signzone at the same time for
3311 zones with DLV records where named is the master
3312 server for the zone. Also any zones that contain
3313 DLV records should be removed when upgrading a slave
3314 zone. You do not however have to upgrade all
3315 servers for a zone with DLV records simultaneously.
3317 1984. [func] dig, nslookup and host now advertise a 4096 byte
3318 EDNS UDP buffer size by default. [RT #15855]
3320 1983. [func] Two new update policies. "selfsub" and "selfwild".
3323 1982. [bug] DNSKEY was being accepted on the parent side of
3324 a delegation. KEY is still accepted there for
3325 RFC 3007 validated updates. [RT #15620]
3327 1981. [bug] win32: condition.c:wait() could fail to reattain
3330 1980. [func] dnssec-signzone: output the SOA record as the
3331 first record in the signed zone. [RT #15758]
3333 1979. [port] linux: allow named to drop core after changing
3334 user ids. [RT #15753]
3336 1978. [port] Handle systems which have a broken recvmsg().
3339 1977. [bug] Silence noisy log message. [RT #15704]
3341 1976. [bug] Handle systems with no IPv4 addresses. [RT #15695]
3343 1975. [bug] libbind: isc_gethexstring() could misparse multi-line
3344 hex strings with comments. [RT #15814]
3346 1974. [doc] List each of the zone types and associated zone
3347 options separately in the ARM.
3349 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
3350 HMACSHA512 support. [RT #13606]
3352 1972. [contrib] DBUS dynamic forwarders integration from
3353 Jason Vas Dias <jvdias@redhat.com>.
3355 1971. [port] linux: make detection of missing IF_NAMESIZE more
3358 1970. [bug] nsupdate: adjust UDP timeout when falling back to
3359 unsigned SOA query. [RT #15775]
3361 1969. [bug] win32: the socket code was freeing the socket
3362 structure too early. [RT #15776]
3364 1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
3366 1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
3368 1966. [bug] Don't set CD when we have fallen back to plain DNS.
3371 1965. [func] Suppress spurious "recursion requested but not
3372 available" warning with 'dig +qr'. [RT #15780].
3374 1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
3376 1963. [port] Tru64 4.0E doesn't support send() and recv().
3379 1962. [bug] Named failed to clear old update-policy when it
3380 was removed. [RT #15491]
3382 1961. [bug] Check the port and address of responses forwarded
3383 to dispatch. [RT #15474]
3385 1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
3388 1959. [func] Control the zeroing of the negative response TTL to
3389 a soa query. Defaults "zero-no-soa-ttl yes;" and
3390 "zero-no-soa-ttl-cache no;". [RT #15460]
3392 1958. [bug] Named failed to update the zone's secure state
3393 until the zone was reloaded. [RT #15412]
3395 1957. [bug] Dig mishandled responses to class ANY queries.
3398 1956. [bug] Improve cross compile support, 'gen' is now built
3399 by native compiler. See README for additional
3400 cross compile support information. [RT #15148]
3402 1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998]
3404 1954. [func] Named now falls back to advertising EDNS with a
3405 512 byte receive buffer if the initial EDNS queries
3408 1953. [func] The maximum EDNS UDP response named will send can
3409 now be set in named.conf (max-udp-size). This is
3410 independent of the advertised receive buffer
3411 (edns-udp-size). [RT #14852]
3413 1952. [port] hpux: tell the linker to build a runtime link
3414 path "-Wl,+b:". [RT #14816].
3416 1951. [security] Drop queries from particular well known ports.
3417 Don't return FORMERR to queries from particular
3418 well known ports. [RT #15636]
3420 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
3421 a TCP socket. This prevents the source address being
3422 set for TCP connections. [RT #15628]
3424 1949. [func] Addition memory leakage checks. [RT #15544]
3426 1948. [bug] If was possible to trigger a REQUIRE failure in
3427 xfrin.c:maybe_free() if named ran out of memory.
3430 1947. [func] It is now possible to configure named to accept
3431 expired RRSIGs. Default "dnssec-accept-expired no;".
3432 Setting "dnssec-accept-expired yes;" leaves named
3433 vulnerable to replay attacks. [RT #14685]
3435 1946. [bug] resume_dslookup() could trigger a REQUIRE failure
3436 when using forwarders. [RT #15549]
3438 1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
3439 To generate a RSAMD5 key you must explicitly request
3442 1944. [cleanup] isc_hash_create() does not need a read/write lock.
3445 1943. [bug] Set the loadtime after rolling forward the journal.
3448 1942. [bug] If the name of a DNSKEY match that of one in
3449 trusted-keys do not attempt to validate the DNSKEY
3450 using the parents DS RRset. [RT #15649]
3452 1941. [bug] ncache_adderesult() should set eresult even if no
3453 rdataset is passed to it. [RT #15642]
3455 1940. [bug] Fixed a number of error conditions reported by
3458 1939. [bug] The resolver could dereference a null pointer after
3459 validation if all the queries have timed out.
3462 1938. [bug] The validator was not correctly handling unsecure
3463 negative responses at or below a SEP. [RT #15528]
3465 1937. [bug] sdlz doesn't handle RRSIG records. [RT #15564]
3467 1936. [bug] The validator could leak memory. [RT #15544]
3469 1935. [bug] 'acache' was DO sensitive. [RT #15430]
3471 1934. [func] Validate pending NS RRsets, in the authority section,
3472 prior to returning them if it can be done without
3473 requiring DNSKEYs to be fetched. [RT #15430]
3475 1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
3477 1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
3479 1931. [bug] Per-client mctx could require a huge amount of memory,
3480 particularly for a busy caching server. [RT #15519]
3482 1930. [port] HPUX: ia64 support. [RT #15473]
3484 1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
3486 1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
3488 1927. [bug] Access to soanode or nsnode in rbtdb violated the
3489 lock order rule and could cause a dead lock.
3492 1926. [bug] The Windows installer did not check for empty
3493 passwords. BINDinstall was being installed in
3494 the wrong place. [RT #15483]
3496 1925. [port] All outer level AC_TRY_RUNs need cross compiling
3497 defaults. [RT #15469]
3499 1924. [port] libbind: hpux ia64 support. [RT #15473]
3501 1923. [bug] ns_client_detach() called too early. [RT #15499]
3503 1922. [bug] check-tool.c:setup_logging() missing call to
3504 dns_log_setcontext().
3506 1921. [bug] Client memory contexts were not using internal
3509 1920. [bug] The cache rbtdb lock array was too small to
3510 have the desired performance characteristics.
3513 1919. [contrib] queryperf: a set of new features: collecting/printing
3514 response delays, printing intermediate results, and
3515 adjusting query rate for the "target" qps.
3517 1918. [bug] Memory leak when checking acls. [RT #15391]
3519 1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
3520 when generating man pages. [RT #15385]
3522 1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383]
3524 1915. [bug] dig +ndots was broken. [RT #15215]
3526 1914. [protocol] DS is required to accept mnemonic algorithms
3527 (RFC 4034). Still emit numeric algorithms for
3528 compatibility with RFC 3658. [RT #15354]
3530 1913. [func] Integrate contributed DLZ code into named. [RT #11382]
3532 1912. [port] aix: atomic locking for powerpc. [RT #15020]
3534 1911. [bug] Update windows socket code. [RT #14965]
3536 1910. [bug] dig's +sigchase code overhauled. [RT #14933]
3538 1909. [bug] The DLV code has been re-worked to make no longer
3539 query order sensitive. [RT #14933]
3541 1908. [func] dig now warns if 'RA' is not set in the answer when
3542 'RD' was set in the query. host/nslookup skip servers
3543 that fail to set 'RA' when 'RD' is set unless a server
3544 is explicitly set. [RT #15005]
3546 1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
3549 1906. [func] dig now has a '-q queryname' and '+showsearch' options.
3552 1905. [bug] Strings returned from cfg_obj_asstring() should be
3553 treated as read-only. The prototype for
3554 cfg_obj_asstring() has been updated to reflect this.
3557 1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
3558 friends. Note: RFC 1918 zones are not yet covered by
3559 this but are likely to be in a future release.
3561 New options: empty-server, empty-contact,
3562 empty-zones-enable and disable-empty-zone.
3564 1903. [func] ISC string copy API.
3566 1902. [func] Attempt to make the amount of work performed in a
3567 iteration self tuning. The covers nodes clean from
3568 the cache per iteration, nodes written to disk when
3569 rewriting a master file and nodes destroyed per
3570 iteration when destroying a zone or a cache.
3573 1901. [cleanup] Don't add DNSKEY records to the additional section.
3575 1900. [bug] ixfr-from-differences failed to ensure that the
3576 serial number increased. [RT #15036]
3578 1899. [func] named-checkconf now validates update-policy entries.
3581 1898. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
3582 ISC_NETADDR_FORMATSIZE to allow for scope details.
3584 1897. [func] x86 and x86_64 now have separate atomic locking
3587 1896. [bug] Recursive clients soft quota support wasn't working
3588 as expected. [RT #15103]
3590 1895. [bug] A escaped character is, potentially, converted to
3591 the output character set too early. [RT #14666]
3593 1894. [doc] Review ARM for BIND 9.4.
3595 1893. [port] Use uintptr_t if available. [RT #14606]
3597 1892. [func] Support for SPF rdata type. [RT #15033]
3599 1891. [port] freebsd: pthread_mutex_init can fail if it runs out
3600 of memory. [RT #14995]
3602 1890. [func] Raise the UDP receive buffer size to 32k if it is
3603 less than 32k. [RT #14953]
3605 1889. [port] sunos: non blocking i/o support. [RT #14951]
3607 1888. [func] Support for IPSECKEY rdata type. [RT #14967]
3609 1887. [bug] The cache could delete expired records too fast for
3610 clients with a virtual time in the past. [RT #14991]
3612 1886. [bug] fctx_create() could return success even though it
3615 1885. [func] dig: report the number of extra bytes still left in
3616 the packet after processing all the records.
3618 1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
3620 1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
3623 1882. [func] Limit the number of recursive clients that can be
3624 waiting for a single query (<qname,qtype,qclass>) to
3625 resolve. New options clients-per-query and
3626 max-clients-per-query.
3628 1881. [func] Add a system test for named-checkconf. [RT #14931]
3630 1880. [func] The lame cache is now done on a <qname,qclass,qtype>
3631 basis as some servers only appear to be lame for
3632 certain query types. [RT #14916]
3634 1879. [func] "USE INTERNAL MALLOC" is now runtime selectable.
3637 1878. [func] Detect duplicates of UDP queries we are recursing on
3638 and drop them. New stats category "duplicate".
3641 1877. [bug] Fix unreasonably low quantum on call to
3642 dns_rbt_destroy2(). Remove unnecessary unhash_node()
3645 1876. [func] Additional memory debugging support to track size
3646 and mctx arguments. [RT #14814]
3648 1875. [bug] process_dhtkey() was using the wrong memory context
3649 to free some memory. [RT #14890]
3651 1874. [port] sunos: portability fixes. [RT #14814]
3653 1873. [port] win32: isc__errno2result() now reports its caller.
3656 1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
3660 1870. [func] Added framework for handling multiple EDNS versions.
3663 1869. [func] dig can now specify the EDNS version when making
3664 a query. [RT #14873]
3666 1868. [func] edns-udp-size can now be overridden on a per
3667 server basis. [RT #14851]
3669 1867. [bug] It was possible to trigger a INSIST in
3670 dlv_validatezonekey(). [RT #14846]
3672 1866. [bug] resolv.conf parse errors were being ignored by
3673 dig/host/nslookup. [RT #14841]
3675 1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
3676 bad addresses. [RT #14841]
3678 1864. [bug] Don't try the alternative transfer source if you
3679 got a answer / transfer with the main source
3680 address. [RT #14802]
3682 1863. [bug] rrset-order "fixed" error messages not complete.
3684 1862. [func] Add additional zone data constancy checks.
3685 named-checkzone has extended checking of NS, MX and
3686 SRV record and the hosts they reference.
3687 named has extended post zone load checks.
3688 New zone options: check-mx and integrity-check.
3691 1861. [bug] dig could trigger a INSIST on certain malformed
3692 responses. [RT #14801]
3694 1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
3695 incorrectly set. [RT #14775]
3697 1859. [func] Add support for CH A record. [RT #14695]
3699 1858. [bug] The flush-zones-on-shutdown option wasn't being
3702 1857. [bug] named could trigger a INSIST() if reconfigured /
3703 reloaded too fast. [RT #14673]
3705 1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
3708 1855. [bug] ixfr-from-differences was failing to detect changes
3709 of ttl due to dns_diff_subtract() was ignoring the ttl
3710 of records. [RT #14616]
3712 1854. [bug] lwres also needs to know the print format for
3713 (long long). [RT #13754]
3715 1853. [bug] Rework how DLV interacts with proveunsecure().
3718 1852. [cleanup] Remove last vestiges of dnssec-signkey and
3719 dnssec-makekeyset (removed from Makefile years ago).
3721 1851. [doc] Doxygen comment markup. [RT #11398]
3723 1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
3725 1849. [doc] All forms of the man pages (docbook, man, html) should
3726 have consistent copyright dates.
3728 1848. [bug] Improve SMF integration. [RT #13238]
3730 1847. [bug] isc_ondestroy_init() is called too late in
3731 dns_rbtdb_create()/dns_rbtdb64_create().
3734 1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
3735 <bortzmeyer@nic.fr>.
3737 1845. [bug] Improve error reporting to distinguish between
3738 accept()/fcntl() and socket()/fcntl() errors.
3741 1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
3742 for each 16 bit piece of the IPv6 address. The text
3743 representation of a IPv6 address has been tightened
3744 to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
3747 1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
3748 when CFLAGS contains "-I /usr/local/include"
3749 resulting in old header files being used.
3751 1842. [port] cmsg_len() could produce incorrect results on
3752 some platform. [RT #13744]
3754 1841. [bug] "dig +nssearch" now makes a recursive query to
3755 find the list of nameservers to query. [RT #13694]
3757 1840. [func] dnssec-signzone can now randomize signature end times
3758 (dnssec-signzone -j jitter). [RT #13609]
3760 1839. [bug] <isc/hash.h> was not being installed.
3762 1838. [cleanup] Don't allow Linux capabilities to be inherited.
3765 1837. [bug] Compile time option ISC_FACILITY was not effective
3766 for 'named -u <user>'. [RT #13714]
3768 1836. [cleanup] Silence compiler warnings in hash_test.c.
3770 1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
3772 1834. [bug] Bad memset in rdata_test.c. [RT #13658]
3774 1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
3776 1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
3779 1831. [doc] Update named-checkzone documentation. [RT#13604]
3781 1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
3783 1829. [bug] win32: "pid-file none;" broken. [RT #13563]
3785 1828. [bug] isc_rwlock_init() failed to properly cleanup if it
3786 encountered a error. [RT #13549]
3788 1827. [bug] host: update usage message for '-a'. [RT #37116]
3790 1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
3791 of memory error. [RT #13537]
3793 1825. [bug] Missing UNLOCK() on out of memory error from in
3794 rbtdb.c:subtractrdataset(). [RT #13519]
3796 1824. [bug] Memory leak on dns_zone_setdbtype() failure.
3799 1823. [bug] Wrong macro used to check for point to point interface.
3802 1822. [bug] check-names test for RT was reversed. [RT #13382]
3806 1820. [bug] Gracefully handle acl loops. [RT #13659]
3808 1819. [bug] The validator needed to check both the algorithm and
3809 digest types of the DS to determine if it could be
3810 used to introduce a secure zone. [RT #13593]
3812 1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
3814 1817. [func] Add support for additional zone file formats for
3815 improving loading performance. The masterfile-format
3816 option in named.conf can be used to specify a
3817 non-default format. A separate command
3818 named-compilezone was provided to generate zone files
3819 in the new format. Additionally, the -I and -O options
3820 for dnssec-signzone specify the input and output
3823 1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
3826 1815. [bug] nsupdate triggered a REQUIRE if the server was set
3827 without also setting the zone and it encountered
3828 a CNAME and was using TSIG. [RT #13086]
3830 1814. [func] UNIX domain controls are now supported.
3832 1813. [func] Restructured the data locking framework using
3833 architecture dependent atomic operations (when
3834 available), improving response performance on
3835 multi-processor machines significantly.
3836 x86, x86_64, alpha, powerpc, and mips are currently
3839 1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
3842 1811. [func] Preserve the case of domain names in rdata during
3843 zone transfers. [RT #13547]
3845 1810. [bug] configure, lib/bind/configure make different default
3846 decisions about whether to do a threaded build.
3849 1809. [bug] "make distclean" failed for libbind if the platform
3852 1808. [bug] zone.c:notify_zone() contained a race condition,
3853 zone->db could change underneath it. [RT #13511]
3855 1807. [bug] When forwarding (forward only) set the active domain
3856 from the forward zone name. [RT #13526]
3858 1806. [bug] The resolver returned the wrong result when a CNAME /
3859 DNAME was encountered when fetching glue from a
3860 secure namespace. [RT #13501]
3862 1805. [bug] Pending status was not being cleared when DLV was
3865 1804. [bug] Ensure that if we are queried for glue that it fits
3866 in the additional section or TC is set to tell the
3867 client to retry using TCP. [RT #10114]
3869 1803. [bug] dnssec-signzone sometimes failed to remove old
3872 1802. [bug] Handle connection resets better. [RT #11280]
3874 1801. [func] Report differences between hints and real NS rrset
3875 and associated address records.
3877 1800. [bug] Changes #1719 allowed a INSIST to be triggered.
3880 1799. [bug] 'rndc flushname' failed to flush negative cache
3881 entries. [RT #13438]
3883 1798. [func] The server syntax has been extended to support a
3884 range of servers. [RT #11132]
3886 1797. [func] named-checkconf now check acls to verify that they
3887 only refer to existing acls. [RT #13101]
3889 1796. [func] "rndc freeze/thaw" now freezes/thaws all zones.
3891 1795. [bug] "rndc dumpdb" was not fully documented. Minor
3892 formating issues with "rndc dumpdb -all". [RT #13396]
3894 1794. [func] Named and named-checkzone can now both check for
3895 non-terminal wildcard records.
3897 1793. [func] Extend adjusting TTL warning messages. [RT #13378]
3899 1792. [func] New zone option "notify-delay". Specify a minimum
3900 delay between sets of NOTIFY messages.
3902 1791. [bug] 'host -t a' still printed out AAAA and MX records.
3905 1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
3906 allow parallel make to succeed.
3908 1789. [bug] Prerequisite test for tkey and dnssec could fail
3909 with "configure --with-libtool".
3911 1788. [bug] libbind9.la/libbind9.so needs to link against
3912 libisccfg.la/libisccfg.so.
3914 1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
3916 1786. [port] AIX: libt_api needs to be taught to look for
3917 T_testlist in the main executable (--with-libtool).
3920 1785. [bug] libbind9.la/libbind9.so needs to link against
3921 libisc.la/libisc.so.
3923 1784. [cleanup] "libtool -allow-undefined" is the default.
3924 Leave hooks in configure to allow it to be set
3925 if needed in the future.
3927 1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the
3930 1782. [port] OSX: --with-libtool + --enable-libbind broke on
3931 __evOptMonoTime. [RT #13219]
3933 1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
3935 1780. [bug] Update libtool to 1.5.10.
3937 1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
3939 1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
3940 IN6ADDR_LOOPBACK_INIT macros.
3942 1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
3943 IN6ADDR_LOOPBACK_INIT macros.
3945 1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
3946 IN6ADDR_LOOPBACK_INIT macros.
3948 1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
3950 1774. [port] Aix: Silence compiler warnings / build failures.
3953 1773. [bug] Fast retry on host / net unreachable. [RT #13153]
3959 1770. [bug] named-checkconf failed to report missing a missing
3960 file clause for rbt{64} master/hint zones. [RT#13009]
3962 1769. [port] win32: change compiler flags /MTd ==> /MDd,
3965 1768. [bug] nsecnoexistnodata() could be called with a non-NSEC
3966 rdataset. [RT #12907]
3968 1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
3969 support for (struct in6_pktinfo) failed. [RT #13077]
3971 1766. [bug] Update the master file timestamp on successful refresh
3972 as well as the journal's timestamp. [RT# 13062]
3974 1765. [bug] configure --with-openssl=auto failed. [RT #12937]
3976 1764. [bug] dns_zone_replacedb failed to emit a error message
3977 if there was no SOA record in the replacement db.
3980 1763. [func] Perform sanity checks on NS records which refer to
3981 'in zone' names. [RT #13002]
3983 1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS
3984 even when it failed. [RT #12995]
3986 1761. [bug] 'rndc dumpdb' didn't report unassociated entries.
3989 1760. [bug] Host / net unreachable was not penalising rtt
3990 estimates. [RT #12970]
3992 1759. [bug] Named failed to startup if the OS supported IPv6
3993 but had no IPv6 interfaces configured. [RT #12942]
3995 1758. [func] Don't send notify messages to self. [RT #12933]
3997 1757. [func] host now can turn on memory debugging flags with '-m'.
3999 1756. [func] named-checkconf now checks the logging configuration.
4002 1755. [func] allow-update is now settable at the options / view
4005 1754. [bug] We weren't always attempting to query the parent
4006 server for the DS records at the zone cut.
4009 1753. [bug] Don't serve a slave zone which has no NS records.
4012 1752. [port] Move isc_app_start() to after ns_os_daemonise()
4013 as some fork() implementations unblock the signals
4014 that are blocked by isc_app_start(). [RT #12810]
4016 1751. [bug] --enable-getifaddrs failed under linux. [RT #12867]
4018 1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
4021 1749. [bug] 'check-names response ignore;' failed to ignore.
4024 1748. [func] dig now returns the byte count for axfr/ixfr.
4026 1747. [bug] BIND 8 compatibility: named/named-checkconf failed
4027 to parse "host-statistics-max" in named.conf.
4029 1746. [func] Make public the function to read a key file,
4030 dst_key_read_public(). [RT #12450]
4032 1745. [bug] Dig/host/nslookup accept replies from link locals
4033 regardless of scope if no scope was specified when
4034 query was sent. [RT #12745]
4036 1744. [bug] If tuple2msgname() failed to convert a tuple to
4037 a name a REQUIRE could be triggered. [RT #12796]
4039 1743. [bug] If isc_taskmgr_create() was not able to create the
4040 requested number of worker threads then destruction
4041 of the manager would trigger an INSIST() failure.
4044 1742. [bug] Deleting all records at a node then adding a
4045 previously existing record, in a single UPDATE
4046 transaction, failed to leave / regenerate the
4047 associated RRSIG records. [RT #12788]
4049 1741. [bug] Deleting all records at a node in a secure zone
4050 using a update-policy grant failed. [RT #12787]
4052 1740. [bug] Replace rbt's hash algorithm as it performed badly
4053 with certain zones. [RT #12729]
4055 NOTE: a hash context now needs to be established
4056 via isc_hash_create() if the application was not
4059 1739. [bug] dns_rbt_deletetree() could incorrectly return
4060 ISC_R_QUOTA. [RT #12695]
4062 1738. [bug] Enable overrun checking by default. [RT #12695]
4064 1737. [bug] named failed if more than 16 masters were specified.
4067 1736. [bug] dst_key_fromnamedfile() could fail to read a
4068 public key. [RT #12687]
4070 1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
4073 1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
4076 1733. [bug] Return non-zero exit status on initial load failure.
4079 1732. [bug] 'rrset-order name "*"' wasn't being applied to ".".
4082 1731. [port] darwin: relax version test in ifconfig.sh.
4085 1730. [port] Determine the length type used by the socket API.
4088 1729. [func] Improve check-names error messages.
4090 1728. [doc] Update check-names documentation.
4092 1727. [bug] named-checkzone: check-names support didn't match
4095 1726. [port] aix5: add support for aix5.
4097 1725. [port] linux: update error message on interaction of threads,
4098 capabilities and setuid support (named -u). [RT #12541]
4100 1724. [bug] Look for DNSKEY records with "dig +sigtrace".
4103 1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
4105 1722. [bug] Don't commit the journal on malformed ixfr streams.
4108 1721. [bug] Error message from the journal processing were not
4109 always identifying the relevant journal. [RT #12519]
4111 1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
4112 negative response. [RT #12506]
4114 1719. [bug] named was not correctly caching a RFC 2308 Type 1
4115 negative response. [RT #12506]
4117 1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
4118 responses when looking for the zone / master server.
4121 1717. [port] solaris: ifconfig.sh did not support Solaris 10.
4122 "ifconfig.sh down" didn't work for Solaris 9.
4124 1716. [doc] named.conf(5) was being installed in the wrong
4125 location. [RT# 12441]
4127 1715. [func] 'dig +trace' now randomly selects the next servers
4128 to try. Report if there is a bad delegation.
4130 1714. [bug] dig/host/nslookup were only trying the first
4131 address when a nameserver was specified by name.
4134 1713. [port] linux: extend capset failure message to say:
4135 please ensure that the capset kernel module is
4136 loaded. see insmod(8)
4138 1712. [bug] Missing FULLCHECK for "trusted-key" in dig.
4140 1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'.
4142 1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY
4143 messages for the specified zone. [RT #9479]
4145 1709. [port] solaris: add SMF support from Sun.
4147 1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
4148 for conformance to the name space convention. Binary
4149 backward compatibility to the old function name is
4150 provided. [RT #12376]
4152 1707. [contrib] sdb/ldap updated to version 1.0-beta.
4154 1706. [bug] 'rndc stop' failed to cause zones to be flushed
4155 sometimes. [RT #12328]
4157 1705. [func] Allow the journal's name to be changed via named.conf.
4159 1704. [port] lwres needed a snprintf() implementation for
4160 platforms without snprintf(). Add missing
4161 "#include <isc/print.h>". [RT #12321]
4163 1703. [bug] named would loop sending NOTIFY messages when it
4164 failed to receive a response. [RT #12322]
4166 1702. [bug] also-notify should not be applied to built in zones.
4169 1701. [doc] A minimal named.conf man page.
4171 1700. [func] nslookup is no longer to be treated as deprecated.
4172 Remove "deprecated" warning message. Add man page.
4174 1699. [bug] dnssec-signzone can generate "not exact" errors
4175 when resigning. [RT #12281]
4177 1698. [doc] Use reserved IPv6 documentation prefix.
4179 1697. [bug] xxx-source{,-v6} was not effective when it
4180 specified one of listening addresses and a
4181 different port than the listening port. [RT #12257]
4183 1696. [bug] dnssec-signzone failed to clean out nodes that
4184 consisted of only NSEC and RRSIG records.
4187 1695. [bug] DS records when forwarding require special handling.
4190 1694. [bug] Report if the builtin views of "_default" / "_bind"
4191 are defined in named.conf. [RT #12023]
4193 1693. [bug] max-journal-size was not effective for master zones
4194 with ixfr-from-differences set. [RT# 12024]
4196 1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
4197 /usr/lib. [RT #11971]
4199 1691. [bug] sdb's attachversion was not complete. [RT #11990]
4201 1690. [bug] Delay detaching view from the client until UPDATE
4202 processing completes when shutting down. [RT #11714]
4204 1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
4205 contained gratuitous semicolons. [RT #11707]
4207 1688. [bug] LDFLAGS was not supported.
4209 1687. [bug] Race condition in dispatch. [RT #10272]
4211 1686. [bug] Named sent a extraneous NOTIFY when it received a
4212 redundant UPDATE request. [RT #11943]
4214 1685. [bug] Change #1679 loop tests weren't quite right.
4216 1684. [func] ixfr-from-differences now takes master and slave in
4217 addition to yes and no at the options and view levels.
4219 1683. [bug] dig +sigchase could leak memory. [RT #11445]
4221 1682. [port] Update configure test for (long long) printf format.
4224 1681. [bug] Only set SO_REUSEADDR when a port is specified in
4225 isc_socket_bind(). [RT #11742]
4227 1680. [func] rndc: the source address can now be specified.
4229 1679. [bug] When there was a single nameserver with multiple
4230 addresses for a zone not all addresses were tried.
4233 1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
4235 1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
4237 1676. [func] New option "allow-query-cache". This lets
4238 allow-query be used to specify the default zone
4239 access level rather than having to have every
4240 zone override the global value. allow-query-cache
4241 can be set at both the options and view levels.
4242 If allow-query-cache is not set allow-query applies.
4244 1675. [bug] named would sometimes add extra NSEC records to
4245 the authority section.
4247 1674. [port] linux: increase buffer size used to scan
4250 1673. [port] linux: issue a error messages if IPv6 interface
4253 1672. [cleanup] Tests which only function in a threaded build
4254 now return R:THREADONLY (rather than R:UNTESTED)
4255 in a non-threaded build.
4257 1671. [contrib] queryperf: add NAPTR to the list of known types.
4259 1670. [func] Log UPDATE requests to slave zones without an acl as
4260 "disabled" at debug level 3. [RT# 11657]
4264 1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
4266 1667. [port] linux: not all versions have IF_NAMESIZE.
4268 1666. [bug] The optional port on hostnames in dual-stack-servers
4271 1665. [func] rndc now allows addresses to be set in the
4274 1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
4276 1663. [func] Look for OpenSSL by default.
4278 1662. [bug] Change #1658 failed to change one use of 'type'
4281 1661. [bug] Restore dns_name_concatenate() call in
4282 adb.c:set_target(). [RT #11582]
4284 1660. [bug] win32: connection_reset_fix() was being called
4285 unconditionally. [RT #11595]
4287 1659. [cleanup] Cleanup some messages that were referring to KEY vs
4288 DNSKEY, NXT vs NSEC and SIG vs RRSIG.
4290 1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
4291 and DH. Tighten which options apply to KEY and
4294 1657. [doc] ARM: document query log output.
4296 1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
4297 DNSKEY and RRSIG. [RT #11542]
4299 1655. [bug] Logging multiple versions w/o a size was broken.
4302 1654. [bug] isc_result_totext() contained array bounds read
4305 1653. [func] Add key type checking to dst_key_fromfilename(),
4306 DST_TYPE_KEY should be used to read TSIG, TKEY and
4309 1652. [bug] TKEY still uses KEY.
4311 1651. [bug] dig: process multiple dash options.
4313 1650. [bug] dig, nslookup: flush standard out after each command.
4315 1649. [bug] Silence "unexpected non-minimal diff" message.
4318 1648. [func] Update dnssec-lookaside named.conf syntax to support
4319 multiple dnssec-lookaside namespaces (not yet
4322 1647. [bug] It was possible trigger a INSIST when chasing a DS
4323 record that required walking back over a empty node.
4326 1646. [bug] win32: logging file versions didn't work with
4327 non-UNC filenames. [RT#11486]
4329 1645. [bug] named could trigger a REQUIRE failure if multiple
4330 masters with keys are specified.
4332 1644. [bug] Update the journal modification time after a
4333 successful refresh query. [RT #11436]
4335 1643. [bug] dns_db_closeversion() could leak memory / node
4336 references. [RT #11163]
4338 1642. [port] Support OpenSSL implementations which don't have
4339 DSA support. [RT #11360]
4341 1641. [bug] Update the check-names description in ARM. [RT #11389]
4343 1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
4344 incorrectly closing the socket. [RT #11291]
4346 1639. [func] Initial dlv system test.
4348 1638. [bug] "ixfr-from-differences" could generate a REQUIRE
4349 failure if the journal open failed. [RT #11347]
4351 1637. [bug] Node reference leak on error in addnoqname().
4353 1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
4354 a error had occurred. The database version no longer
4355 matched the version of the database that was dumped.
4357 1635. [bug] Memory leak on error in query_addds().
4359 1634. [bug] named didn't supply a useful error message when it
4360 detected duplicate views. [RT #11208]
4362 1633. [bug] named should return NOTIMP to update requests to a
4363 slaves without a allow-update-forwarding acl specified.
4366 1632. [bug] nsupdate failed to send prerequisite only UPDATE
4367 messages. [RT #11288]
4369 1631. [bug] dns_journal_compact() could sometimes corrupt the
4370 journal. [RT #11124]
4372 1630. [contrib] queryperf: add support for IPv6 transport.
4374 1629. [func] dig now supports IPv6 scoped addresses with the
4375 extended format in the local-server part. [RT #8753]
4377 1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
4379 1627. [bug] win32: sockets were not being closed when the
4380 last external reference was removed. [RT# 11179]
4382 1626. [bug] --enable-getifaddrs was broken. [RT#11259]
4384 1625. [bug] named failed to load/transfer RFC2535 signed zones
4385 which contained CNAMES. [RT# 11237]
4387 1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
4389 1623. [bug] A serial number of zero was being displayed in the
4390 "sending notifies" log message when also-notify was
4393 1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
4394 available, and suppress wildcard binding if not.
4396 1621. [bug] match-destinations did not work for IPv6 TCP queries.
4399 1620. [func] When loading a zone report if it is signed. [RT #11149]
4401 1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
4404 1618. [bug] Fencepost errors in dns_name_ishostname() and
4405 dns_name_ismailbox() could trigger a INSIST().
4407 1617. [port] win32: VC++ 6.0 support.
4409 1616. [compat] Ensure that named's version is visible in the core
4412 1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
4415 1614. [port] win32: silence resource limit messages. [RT# 11101]
4417 1613. [bug] Builds would fail on machines w/o a if_nametoindex().
4418 Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
4421 1612. [bug] check-names at the option/view level could trigger
4422 an INSIST. [RT# 11116]
4424 1611. [bug] solaris: IPv6 interface scanning failed to cope with
4425 no active IPv6 interfaces.
4427 1610. [bug] On dual stack machines "dig -b" failed to set the
4428 address type to be looked up with "@server".
4431 1609. [func] dig now has support to chase DNSSEC signature chains.
4432 Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
4434 DNSSEC validation code in dig coded by Olivier Courtay
4435 (olivier.courtay@irisa.fr) for the IDsA project
4436 (http://idsa.irisa.fr).
4438 1608. [func] dig and host now accept -4/-6 to select IP transport
4439 to use when making queries.
4441 1607. [bug] dig, host and nslookup were still using random()
4442 to generate query ids. [RT# 11013]
4444 1606. [bug] DLV insecurity proof was failing.
4446 1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
4448 1604. [bug] A xfrout_ctx_create() failure would result in
4449 xfrout_ctx_destroy() being called with a
4450 partially initialized structure.
4452 1603. [bug] nsupdate: set interactive based on isatty().
4455 1602. [bug] Logging to a file failed unless a size was specified.
4458 1601. [bug] Silence spurious warning 'both "recursion no;" and
4459 "allow-recursion" active' warning from view "_bind".
4462 1600. [bug] Duplicate zone pre-load checks were not case
4465 1599. [bug] Fix memory leak on error path when checking named.conf.
4467 1598. [func] Specify that certain parts of the namespace must
4468 be secure (dnssec-must-be-secure).
4470 1597. [func] Allow notify-source and query-source to be specified
4471 on a per server basis similar to transfer-source.
4474 1596. [func] Accept 'notify-source' style syntax for query-source.
4476 1595. [func] New notify type 'master-only'. Enable notify for
4479 1594. [bug] 'rndc dumpdb' could prevent named from answering
4480 queries while the dump was in progress. [RT #10565]
4482 1593. [bug] rndc should return "unknown command" to unknown
4483 commands. [RT# 10642]
4485 1592. [bug] configure_view() could leak a dispatch. [RT# 10675]
4487 1591. [bug] libbind: updated to BIND 8.4.5.
4489 1590. [port] netbsd: update thread support.
4491 1589. [func] DNSSEC lookaside validation.
4493 1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
4495 1587. [bug] dns_message_settsigkey() failed to clear existing key.
4498 1586. [func] "check-names" is now implemented.
4502 1584. [bug] "make test" failed with a read only source tree.
4505 1583. [bug] Records add via UPDATE failed to get the correct trust
4508 1582. [bug] rrset-order failed to work on RRsets with more
4509 than 32 elements. [RT #10381]
4511 1581. [func] Disable DNSSEC support by default. To enable
4512 DNSSEC specify "dnssec-enable yes;" in named.conf.
4514 1580. [bug] Zone destruction on final detach takes a long time.
4517 1579. [bug] Multiple task managers could not be created.
4519 1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
4522 1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
4523 workaround code. [RT #10331]
4525 1576. [bug] Race condition in dns_dispatch_addresponse().
4528 1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
4530 1574. [bug] Don't attempt to open the controls socket(s) when
4531 running tests. [RT #9091]
4533 1573. [port] linux: update to libtool 1.5.2 so that
4534 "make install DESTDIR=/xx" works with
4535 "configure --with-libtool". [RT #9941]
4537 1572. [bug] nsupdate: sign the soa query to find the enclosing
4538 zone if the server is specified. [RT #10148]
4540 1571. [bug] rbt:hash_node() could fail leaving the hash table
4541 in an inconsistent state. [RT #10208]
4543 1570. [bug] nsupdate failed to handle classes other than IN.
4544 New keyword 'class' which sets the default class.
4547 1569. [func] nsupdate new command 'answer' which displays the
4548 complete answer message to the last update.
4550 1568. [bug] nsupdate now reports that the update failed in
4551 interactive mode. [RT# 10236]
4553 1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
4555 1566. [port] Support for the cmsg framework on Solaris and HP/UX.
4556 This also solved the problem that match-destinations
4557 for IPv6 addresses did not work on these systems.
4560 1565. [bug] CD flag should be copied to outgoing queries unless
4561 the query is under a secure entry point in which case
4564 1564. [func] Attempt to provide a fallback entropy source to be
4565 used if named is running chrooted and named is unable
4566 to open entropy source within the chroot area.
4569 1563. [bug] Gracefully fail when unable to obtain neither an IPv4
4570 nor an IPv6 dispatch. [RT #10230]
4572 1562. [bug] isc_socket_create() and isc_socket_accept() could
4573 leak memory under error conditions. [RT #10230]
4575 1561. [bug] It was possible to release the same name twice if
4576 named ran out of memory. [RT #10197]
4578 1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
4579 and EAI_NONAME to the same value.
4581 1559. [port] named should ignore SIGFSZ.
4583 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
4584 child zones for which we don't have a supported
4585 algorithm. Such child zones are treated as unsigned.
4587 1557. [func] Implement missing DNSSEC tests for
4588 * NOQNAME proof with wildcard answers.
4589 * NOWILDARD proof with NXDOMAIN.
4590 Cache and return NOQNAME with wildcard answers.
4592 1556. [bug] nsupdate now treats all names as fully qualified.
4595 1555. [func] 'rrset-order cyclic' no longer has a random starting
4596 point per query. [RT #7572]
4598 1554. [bug] dig, host, nslookup failed when no nameservers
4599 were specified in /etc/resolv.conf. [RT #8232]
4601 1553. [bug] The windows socket code could stop accepting
4602 connections. [RT#10115]
4604 1552. [bug] Accept NOTIFY requests from mapped masters if
4605 matched-mapped is set. [RT #10049]
4607 1551. [port] Open "/dev/null" before calling chroot().
4609 1550. [port] Call tzset(), if available, before calling chroot().
4611 1549. [func] named-checkzone can now write out the zone contents
4612 in a easily parsable format (-D and -o).
4614 1548. [bug] When parsing APL records it was possible to silently
4615 accept out of range ADDRESSFAMILY values. [RT# 9979]
4617 1547. [bug] Named wasted memory recording duplicate lame zone
4620 1546. [bug] We were rejecting valid secure CNAME to negative
4623 1545. [bug] It was possible to leak memory if named was unable to
4624 bind to the specified transfer source and TSIG was
4625 being used. [RT #10120]
4627 1544. [bug] Named would logged a single entry to a file despite it
4628 being over the specified size limit.
4630 1543. [bug] Logging using "versions unlimited" did not work.
4634 1541. [func] NSEC now uses new bitmap format.
4636 1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
4639 1539. [bug] Open UDP sockets for notify-source and transfer-source
4640 that use reserved ports at startup. [RT #9475]
4642 1538. [placeholder] rt9997
4644 1537. [func] New option "querylog". If set specify whether query
4645 logging is to be enabled or disabled at startup.
4647 1536. [bug] Windows socket code failed to log a error description
4648 when returning ISC_R_UNEXPECTED. [RT #9998]
4652 1534. [bug] Race condition when priming cache. [RT# 9940]
4654 1533. [func] Warn if both "recursion no;" and "allow-recursion"
4655 are active. [RT# 4389]
4657 1532. [port] netbsd: the configure test for <sys/sysctl.h>
4658 requires <sys/param.h>.
4660 1531. [port] AIX more libtool fixes.
4662 1530. [bug] It was possible to trigger a INSIST() failure if a
4663 slave master file was removed at just the correct
4666 1529. [bug] "notify explicit;" failed to log that NOTIFY messages
4667 were being sent for the zone. [RT# 9442]
4669 1528. [cleanup] Simplify some dns_name_ functions based on the
4670 deprecation of bitstring labels.
4672 1527. [cleanup] Reduce the number of gettimeofday() calls without
4673 losing necessary timer granularity.
4675 1526. [func] Implemented "additional section caching (or acache)",
4676 an internal cache framework for additional section
4677 content to improve response performance. Several
4678 configuration options were provided to control the
4681 1525. [bug] dns_cache_create() could trigger a REQUIRE
4682 failure in isc_mem_put() during error cleanup.
4685 1524. [port] AIX needs to be able to resolve all symbols when
4686 creating shared libraries (--with-libtool).
4688 1523. [bug] Fix race condition in rbtdb. [RT# 9189]
4690 1522. [bug] dns_db_findnode() relax the requirements on 'name'.
4693 1521. [bug] dns_view_createresolver() failed to check the
4694 result from isc_mem_create(). [RT# 9294]
4696 1520. [protocol] Add SSHFP (SSH Finger Print) type.
4698 1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
4699 length of the new bitmap.
4701 1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
4702 contained a off-by-one error when working out the
4703 number of octets in the bitmap.
4705 1517. [port] Support for IPv6 interface scanning on HP/UX and
4708 1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
4710 1515. [func] Allow transfer source to be set in a server statement.
4713 1514. [bug] named: isc_hash_destroy() was being called too early.
4716 1513. [doc] Add "US" to root-delegation-only exclude list.
4718 1512. [bug] Extend the delegation-only logging to return query
4719 type, class and responding nameserver.
4721 1511. [bug] delegation-only was generating false positives
4722 on negative answers from sub-zones.
4724 1510. [func] New view option "root-delegation-only". Apply
4725 delegation-only check to all TLDs and root.
4726 Note there are some TLDs that are NOT delegation
4727 only (e.g. DE, LV, US and MUSEUM) these can be excluded
4728 from the checks by using exclude.
4730 root-delegation-only exclude {
4731 "DE"; "LV"; "US"; "MUSEUM";
4734 1509. [bug] Hint zones should accept delegation-only. Forward
4735 zone should not accept delegation-only.
4737 1508. [bug] Don't apply delegation-only checks to answers from
4740 1507. [bug] Handle BIND 8 style returns to NS queries to parents
4741 when making delegation-only checks.
4743 1506. [bug] Wrong return type for dns_view_isdelegationonly().
4745 1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
4747 1504. [func] New zone type "delegation-only".
4749 1503. [port] win32: install libeay32.dll outside of system32.
4751 1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
4753 1501. [func] Allow TCP queue length to be specified via
4754 named.conf, tcp-listen-queue.
4756 1500. [bug] host failed to lookup MX records. Also look up
4759 1499. [bug] isc_random need to be seeded better if arc4random()
4762 1498. [port] bsdos: 5.x support.
4766 1496. [port] test for pthread_attr_setstacksize().
4768 1495. [cleanup] Replace hash functions with universal hash.
4770 1494. [security] Turn on RSA BLINDING as a precaution.
4774 1492. [cleanup] Preserve rwlock quota context when upgrading /
4775 downgrading. [RT #5599]
4777 1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
4780 1490. [bug] Accept reading state as well as working state in
4781 ns_client_next(). [RT #6813]
4783 1489. [compat] Treat 'allow-update' on slave zones as a warning.
4786 1488. [bug] Don't override trust levels for glue addresses.
4789 1487. [bug] A REQUIRE() failure could be triggered if a zone was
4790 queued for transfer and the zone was then removed.
4793 1486. [bug] isc_print_snprintf() '%%' consumed one too many format
4794 characters. [RT# 8230]
4796 1485. [bug] gen failed to handle high type values. [RT #6225]
4798 1484. [bug] The number of records reported after a AXFR was wrong.
4801 1483. [bug] dig axfr failed if the message id in the answer failed
4802 to match that in the request. Only the id in the first
4803 message is required to match. [RT #8138]
4805 1482. [bug] named could fail to start if the kernel supports
4806 IPv6 but no interfaces are configured. Similarly
4807 for IPv4. [RT #6229]
4809 1481. [bug] Refresh and stub queries failed to use masters keys
4810 if specified. [RT #7391]
4812 1480. [bug] Provide replay protection for rndc commands. Full
4813 replay protection requires both rndc and named to
4814 be updated. Partial replay protection (limited
4815 exposure after restart) is provided if just named
4818 1479. [bug] cfg_create_tuple() failed to handle out of
4819 memory cleanup. parse_list() would leak memory
4822 1478. [port] ifconfig.sh didn't account for other virtual
4823 interfaces. It now takes a optional argument
4824 to specify the first interface number. [RT #3907]
4826 1477. [bug] memory leak using stub zones and TSIG.
4830 1475. [port] Probe for old sprintf().
4832 1474. [port] Provide strtoul() and memmove() for platforms
4835 1473. [bug] create_map() and create_string() failed to handle out
4836 of memory cleanup. [RT #6813]
4838 1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
4840 1471. [bug] libbind: updated to BIND 8.4.0.
4842 1470. [bug] Incorrect length passed to snprintf. [RT #5966]
4844 1469. [func] Log end of outgoing zone transfer at same level
4845 as the start of transfer is logged. [RT #4441]
4847 1468. [func] Internal zones are no longer counted for
4848 'rndc status'. [RT #4706]
4850 1467. [func] $GENERATES now supports optional class and ttl.
4852 1466. [bug] lwresd configuration errors resulted in memory
4853 and lock leaks. [RT #5228]
4855 1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
4856 failed to check that trailing bits were zero allowing
4857 some invalid base64 strings to be accepted. [RT #5397]
4859 1464. [bug] Preserve "out of zone" data for outgoing zone
4860 transfers. [RT #5192]
4862 1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
4863 NXT bit maps. [RT #5577]
4865 1462. [bug] parse_sizeval() failed to check the token type.
4868 1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
4870 1460. [bug] inet_pton() failed to reject certain malformed
4875 1458. [cleanup] sprintf() -> snprintf().
4877 1457. [port] Provide strlcat() and strlcpy() for platforms without
4880 1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
4882 1455. [bug] <netaddr> missing from server grammar in
4883 doc/misc/options. [RT #5616]
4885 1454. [port] Use getifaddrs() if available for interface scanning.
4886 --disable-getifaddrs to override. Glibc currently
4887 has a getifaddrs() that does not support IPv6.
4888 Use --enable-getifaddrs=glibc to force the use of
4889 this version under linux machines.
4891 1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
4895 1451. [bug] rndc-confgen didn't exit with a error code for all
4896 failures. [RT #5209]
4898 1450. [bug] Fetching expired glue failed under certain
4899 circumstances. [RT #5124]
4901 1449. [bug] query_addbestns() didn't handle running out of memory
4904 1448. [bug] Handle empty wildcards labels.
4906 1447. [bug] We were casting (unsigned int) to and from (void *).
4907 rdataset->private4 is now rdataset->privateuint4
4908 to reflect a type change.
4910 1446. [func] Implemented undocumented alternate transfer sources
4911 from BIND 8. See use-alt-transfer-source,
4912 alt-transfer-source and alt-transfer-source-v6.
4914 SECURITY: use-alt-transfer-source is ENABLED unless
4915 you are using views. This may cause a security risk
4916 resulting in accidental disclosure of wrong zone
4917 content if the master supplying different source
4918 content based on IP address. If you are not certain
4919 ISC recommends setting use-alt-transfer-source no;
4921 1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
4922 been replaced with DNS_ADBFIND_STARTATZONE which
4923 causes the search to start using the closest zone.
4925 1444. [func] dns_view_findzonecut2() allows you to specify if the
4926 cache should be searched for zone cuts.
4928 1443. [func] Masters lists can now be specified and referenced
4929 in zone masters clauses and other masters lists.
4931 1442. [func] New functions for manipulating port lists:
4932 dns_portlist_create(), dns_portlist_add(),
4933 dns_portlist_remove(), dns_portlist_match(),
4934 dns_portlist_attach() and dns_portlist_detach().
4936 1441. [func] It is now possible to tell dig to bind to a specific
4939 1440. [func] It is now possible to tell named to avoid using
4940 certain source ports (avoid-v4-udp-ports,
4941 avoid-v6-udp-ports).
4943 1439. [bug] Named could return NOERROR with certain NOTIFY
4944 failures. Return NOTAUTH if the NOTIFY zone is
4947 1438. [func] Log TSIG (if any) when logging NOTIFY requests.
4949 1437. [bug] Leave space for stdio to work in. [RT #5033]
4951 1436. [func] dns_zonemgr_resumexfrs() can be used to restart
4954 1435. [bug] zmgr_resume_xfrs() was being called read locked
4955 rather than write locked. zmgr_resume_xfrs()
4956 was not being called if the zone was being
4959 1434. [bug] "rndc reconfig" failed to initiate the initial
4960 zone transfer of new slave zones.
4962 1433. [bug] named could trigger a REQUIRE failure if it could
4963 not get a file descriptor when attempting to write
4964 a master file. [RT #4347]
4966 1432. [func] The advertised EDNS UDP buffer size can now be set
4967 via named.conf (edns-udp-size).
4969 1431. [bug] isc_print_snprintf() "%s" with precision could walk off
4970 end of argument. [RT #5191]
4972 1430. [port] linux: IPv6 interface scanning support.
4974 1429. [bug] Prevent the cache getting locked to old servers.
4978 1427. [bug] Race condition in adb with threaded build.
4982 1425. [port] linux/libbind: define __USE_MISC when testing *_r()
4983 function prototypes in netdb.h. [RT #4921]
4985 1424. [bug] EDNS version not being correctly printed.
4987 1423. [contrib] queryperf: added A6 and SRV.
4989 1422. [func] Log name/type/class when denying a query. [RT #4663]
4991 1421. [func] Differentiate updates that don't succeed due to
4992 prerequisites (unsuccessful) vs other reasons
4995 1420. [port] solaris: work around gcc optimizer bug.
4997 1419. [port] openbsd: use /dev/arandom. [RT #4950]
4999 1418. [bug] 'rndc reconfig' did not cause new slaves to load.
5001 1417. [func] ID.SERVER/CHAOS is now a built in zone.
5002 See "server-id" for how to configure.
5004 1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
5007 1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
5010 1414. [func] Support for KSK flag.
5012 1413. [func] Explicitly request the (re-)generation of DS records
5013 from keysets (dnssec-signzone -g).
5015 1412. [func] You can now specify servers to be tried if a nameserver
5016 has IPv6 address and you only support IPv4 or the
5017 reverse. See dual-stack-servers.
5019 1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
5021 1410. [func] Handle records that live in the parent zone, e.g. DS.
5023 1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
5025 1408. [bug] "make distclean" was not complete. [RT #4700]
5027 1407. [bug] lfsr incorrectly implements the shift register.
5030 1406. [bug] dispatch initializes one of the LFSR's with a incorrect
5031 polynomial. [RT #4617]
5033 1405. [func] Use arc4random() if available.
5035 1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
5038 1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
5039 dnssec-signkey now report their version in the
5042 1402. [cleanup] A6 has been moved to experimental and is no longer
5045 1401. [bug] adb wasn't clearing state when the timer expired.
5047 1400. [bug] Block the addition of wildcard NS records by IXFR
5048 or UPDATE. [RT #3502]
5050 1399. [bug] Use serial number arithmetic when testing SIG
5051 timestamps. [RT #4268]
5053 1398. [doc] ARM: notify-also should have been also-notify.
5056 1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
5058 1396. [func] dnssec-signzone: adjust the default signing time by
5059 1 hour to allow for clock skew.
5061 1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
5062 have a working implementation. [RT #4079]
5064 1394. [func] It is now possible to check if a particular element is
5065 in a acl. Remove duplicate entries from the localnets
5068 1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
5069 is not available in the kernel to prevent accidently
5070 listening on IPv4 interfaces.
5072 1392. [bug] named-checkzone: update usage.
5074 1391. [func] Add support for IPv6 scoped addresses in named.
5076 1390. [func] host now supports ixfr.
5078 1389. [bug] named could fail to rotate long log files. [RT #3666]
5080 1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
5081 defining HAVE_IFLIST_SYSCTL. [RT #3770]
5083 1387. [bug] named could crash due to an access to invalid memory
5084 space (which caused an assertion failure) in
5085 incremental cleaning. [RT #3588]
5087 1386. [bug] named-checkzone -z stopped on errors in a zone.
5090 1385. [bug] Setting serial-query-rate to 10 would trigger a
5093 1384. [bug] host was incompatible with BIND 8 in its exit code and
5094 in the output with the -l option. [RT #3536]
5096 1383. [func] Track the serial number in a IXFR response and log if
5097 a mismatch occurs. This is a more specific error than
5098 "not exact". [RT #3445]
5100 1382. [bug] make install failed with --enable-libbind. [RT #3656]
5102 1381. [bug] named failed to correctly process answers that
5103 contained DNAME records where the resulting CNAME
5104 resulted in a negative answer.
5106 1380. [func] 'rndc recursing' dump recursing queries to
5107 'recursing-file = "named.recursing";'.
5109 1379. [func] 'rndc status' now reports tcp and recursion quota
5112 1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
5114 1377. [func] dns_zone_load{new}() now reports if the zone was
5115 loaded, queued for loading to up to date.
5117 1376. [func] New function dns_zone_logc() to log to specified
5120 1375. [func] 'rndc dumpdb' now dumps the adb cache along with the
5123 1374. [func] dns_adb_dump() now logs the lame zones associated
5126 1373. [bug] Recovery from expired glue failed under certain
5129 1372. [bug] named crashes with an assertion failure on exit when
5130 sharing the same port for listening and querying, and
5131 changing listening addresses several times. [RT# 3509]
5133 1371. [bug] notify-source-v6, transfer-source-v6 and
5134 query-source-v6 with explicit addresses and using the
5135 same ports as named was listening on could interfere
5136 with named's ability to answer queries sent to those
5139 1370. [bug] dig '+[no]recurse' was incorrectly documented.
5141 1369. [bug] Adding an NS record as the lexicographically last
5142 record in a secure zone didn't work.
5144 1368. [func] remove support for bitstring labels.
5146 1367. [func] Use response times to select forwarders.
5148 1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
5150 1365. [func] "localhost" and "localnets" acls now include IPv6
5151 addresses / prefixes.
5153 1364. [func] Log file name when unable to open memory statistics
5154 and dump database files. [RT# 3437]
5156 1363. [func] Listen-on-v6 now supports specific addresses.
5158 1362. [bug] remove IFF_RUNNING test when scanning interfaces.
5160 1361. [func] log the reason for rejecting a server when resolving
5163 1360. [bug] --enable-libbind would fail when not built in the
5164 source tree for certain OS's.
5166 1359. [security] Support patches OpenSSL libraries.
5167 http://www.cert.org/advisories/CA-2002-23.html
5169 1358. [bug] It was possible to trigger a INSIST when debugging
5170 large dynamic updates. [RT #3390]
5172 1357. [bug] nsupdate was extremely wasteful of memory.
5174 1356. [tuning] Reduce the number of events / quantum for zone tasks.
5176 1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
5178 1354. [doc] lwres man pages had illegal nroff.
5180 1353. [contrib] sdb/ldap to version 0.9.
5182 1352. [bug] dig, host, nslookup when falling back to TCP use the
5183 current search entry (if any). [RT #3374]
5185 1351. [bug] lwres_getipnodebyname() returned the wrong name
5186 when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
5189 1350. [bug] dns_name_fromtext() failed to handle too many labels
5192 1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
5193 http://www.cert.org/advisories/CA-2002-23.html
5195 1348. [port] win32: Rewrote code to use I/O Completion Ports
5196 in socket.c and eliminating a host of socket
5197 errors. Performance is enhanced.
5203 1345. [port] Use a explicit -Wformat with gcc. Not all versions
5204 include it in -Wall.
5206 1344. [func] Log if the serial number on the master has gone
5208 If you have multiple machines specified in the masters
5209 clause you may want to set 'multi-master yes;' to
5210 suppress this warning.
5212 1343. [func] Log successful notifies received (info). Adjust log
5213 level for failed notifies to notice.
5215 1342. [func] Log remote address with TCP dispatch failures.
5217 1341. [func] Allow a rate limiter to be stalled.
5219 1340. [bug] Delay and spread out the startup refresh load.
5221 1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
5222 lookups. Bit string lookups are no longer attempted.
5228 1336. [func] Nibble lookups under IP6.ARPA are now supported by
5229 dns_byaddr_create(). dns_byaddr_createptrname() is
5230 deprecated, use dns_byaddr_createptrname2() instead.
5232 1335. [bug] When performing a nonexistence proof, the validator
5233 should discard parent NXTs from higher in the DNS.
5235 1334. [bug] When signing/verifying rdatasets, duplicate rdatas
5236 need to be suppressed.
5238 1333. [contrib] queryperf now reports a summary of returned
5239 rcodes (-c), rcodes are printed in mnemonic form (-v).
5241 1332. [func] Report the current serial with periodic commits when
5242 rolling forward the journal.
5244 1331. [func] Generate DNSSEC wildcard proofs.
5246 1330. [bug] When processing events (non-threaded) only allow
5247 the task one chance to use to use its quantum.
5249 1329. [func] named-checkzone will now check if nameservers that
5250 appear to be IP addresses. Available modes "fail",
5251 "warn" (default) and "ignore" the results of the
5254 1328. [bug] The validator could incorrectly verify an invalid
5257 1327. [bug] The validator would incorrectly mark data as insecure
5258 when seeing a bogus signature before a correct
5261 1326. [bug] DNAME/CNAME signatures were not being cached when
5262 validation was not being performed. [RT #3284]
5264 1325. [bug] If the tcpquota was exhausted it was possible to
5265 to trigger a INSIST() failure.
5267 1324. [port] darwin: ifconfig.sh now supports darwin.
5269 1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
5271 1322. [bug] dnssec-signzone usage message was misleading.
5273 1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
5274 would incorrectly duplicate its output and sign it.
5276 1320. [doc] query-source-v6 was missing from options section.
5279 1319. [func] libbind: log attempts to exploit #1318.
5281 1318. [bug] libbind: Remote buffer overrun.
5283 1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
5286 1316. [bug] libbind: gethostans() could get out of sync parsing
5287 the response if there was a very long CNAME chain.
5289 1315. [bug] Options should apply to the internal _bind view.
5291 1314. [port] Handle ECONNRESET from sendmsg() [unix].
5293 1313. [func] Query log now says if the query was signed (S) or
5294 if EDNS was used (E).
5296 1312. [func] Log TSIG key used w/ outgoing zone transfers.
5298 1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
5300 1310. [bug] 'rndc stop' failed to cause zones to be flushed
5301 sometimes. [RT #3157]
5303 1309. [func] Log that a zone transfer was covered by a TSIG.
5305 1308. [func] DS (delegation signer) support.
5307 1307. [bug] nsupdate: allow white space base64 key data.
5309 1306. [bug] Badly encoded LOC record when the size, horizontal
5310 precision or vertical precision was 0.1m.
5312 1305. [bug] Document that internal zones are included in the
5313 rndc status results.
5315 1304. [func] New function: dns_zone_name().
5317 1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
5319 1302. [func] Extended rndc dumpdb to support dumping of zones and
5320 view selection: 'dumpdb [-all|-zones|-cache] [view]'.
5322 1301. [func] New category 'update-security'.
5324 1300. [port] Compaq Trucluster support.
5326 1299. [bug] Set AI_ADDRCONFIG when looking up addresses
5327 via getaddrinfo() (affects dig, host, nslookup, rndc
5330 1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
5331 could be left with a trailing "\" after configure
5334 1297. [port] linux: make handling EINVAL from socket() no longer
5335 conditional on #ifdef LINUX.
5337 1296. [bug] isc_log_closefilelogs() needed to lock the log
5340 1295. [bug] isc_log_setdebuglevel() needed to lock the log
5343 1294. [func] libbind: no longer attempts bit string labels for
5344 IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
5345 for nibble style resolution.
5347 1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
5349 1292. [func] Enable IPv6 support when using ioctl style interface
5350 scanning and OS supports SIOCGLIFADDR using struct
5353 1291. [func] Enable IPv6 support when using sysctl style interface
5356 1290. [func] "dig axfr" now reports the number of messages
5357 as well as the number of records.
5359 1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
5361 1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
5362 reflect written requirements.
5364 1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
5365 a rdataset to a zone db in the rbtdb implementation of
5368 1286. [bug] dns_name_downcase() enforce requirement that
5369 target != NULL or name->buffer != NULL.
5371 1285. [func] lwres: probe the system to see what address families
5372 are currently in use.
5374 1284. [bug] The RTT estimate on unused servers was not aged.
5377 1283. [func] Use "dataready" accept filter if available.
5379 1282. [port] libbind: hpux 11.11 interface scanning.
5381 1281. [func] Log zone when unable to get private keys to update
5382 zone. Log zone when NXT records are missing from
5385 1280. [bug] libbind: escape '(' and ')' when converting to
5388 1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
5390 1278. [func] dig: now supports +[no]cl +[no]ttlid.
5392 1277. [func] You can now create your own customized printing
5393 styles: dns_master_stylecreate() and
5394 dns_master_styledestroy().
5396 1276. [bug] libbind: const pointer conflicts in res_debug.c.
5398 1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
5400 1274. [bug] Memory leak in lwres_gnbarequest_parse().
5402 1273. [port] libbind: solaris: 64 bit binary compatibility.
5404 1272. [contrib] Berkeley DB 4.0 sdb implementation from
5405 Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
5407 1271. [bug] "recursion available: {denied,approved}" was too
5410 1270. [bug] Check that system inet_pton() and inet_ntop() support
5413 1269. [port] Openserver: ifconfig.sh support.
5415 1268. [port] Openserver: the value FD_SETSIZE depends on whether
5416 <sys/param.h> is included or not. Be consistent.
5418 1267. [func] isc_file_openunique() now creates file using mode
5419 0666 rather than 0600.
5421 1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
5422 __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
5423 are not C++ compatible, use *_TYPE versions instead.
5425 1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
5426 C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
5430 1263. [bug] Reference after free error if dns_dispatchmgr_create()
5433 1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
5435 1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
5436 support for compressed TSIG owner names.
5438 1260. [func] libbind: res_update can now update IPv6 servers,
5439 new function res_findzonecut2().
5441 1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
5444 1258. [bug] libbind: res_nametotype() and res_nametoclass() were
5447 1257. [bug] Failure to write pid-file should not be fatal on
5450 1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
5452 1255. [bug] When verifying that an NXT proves nonexistence, check
5453 the rcode of the message and only do the matching NXT
5454 check. That is, for NXDOMAIN responses, check that
5455 the name is in the range between the NXT owner and
5456 next name, and for NOERROR NODATA responses, check
5457 that the type is not present in the NXT bitmap.
5459 1254. [func] preferred-glue option from BIND 8.3.
5461 1253. [bug] The dnssec system test failed to remove the correct
5464 1252. [bug] Dig, host and nslookup were not checking the address
5465 the answer was coming from against the address it was
5468 1251. [port] win32: a make file contained absolute version specific
5471 1250. [func] Nsupdate will report the address the update was
5474 1249. [bug] Missing masters clause was not handled gracefully.
5477 1248. [bug] DESTDIR was not being propagated between makes.
5479 1247. [bug] Don't reset the interface index for link/site local
5480 addresses. [RT #2576]
5482 1246. [func] New functions isc_sockaddr_issitelocal(),
5483 isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
5484 and isc_netaddr_islinklocal().
5486 1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
5489 1244. [bug] Receiving a TCP message from a blackhole address would
5490 prevent further messages being received over that
5493 1243. [bug] It was possible to trigger a REQUIRE() in
5494 dns_message_findtype(). [RT #2659]
5496 1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
5498 1241. [bug] Drop received UDP messages with a zero source port
5499 as these are invariably forged. [RT #2621]
5501 1240. [bug] It was possible to leak zone references by
5502 specifying an incorrect zone to rndc.
5504 1239. [bug] Under certain circumstances named could continue to
5505 use a name after it had been freed triggering
5506 INSIST() failures. [RT #2614]
5508 1238. [bug] It is possible to lockup the server when shutting down
5509 if notifies were being processed. [RT #2591]
5511 1237. [bug] nslookup: "set q=type" failed.
5513 1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
5514 NULL terminated text regions. [RT #2588]
5516 1235. [func] Report 'out of memory' errors from openssl.
5518 1234. [bug] contrib/sdb: 'zonetodb' failed to call
5519 dns_result_register(). DNS_R_SEENINCLUDE should not
5522 1233. [bug] The flags field of a KEY record can be expressed in
5523 hex as well as decimal.
5525 1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
5527 1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
5529 1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
5531 1229. [bug] named would crash if it received a TSIG signed
5532 query as part of an AXFR response. [RT #2570]
5534 1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
5536 1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
5537 if a number was expected and some other token was
5540 1226. [func] Use EDNS for zone refresh queries. [RT #2551]
5542 1225. [func] dns_message_setopt() no longer requires that
5543 dns_message_renderbegin() to have been called.
5545 1224. [bug] 'rrset-order' and 'sortlist' should be additive
5548 1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
5551 1222. [bug] Specifying 'port *' did not always result in a system
5552 selected (non-reserved) port being used. [RT #2537]
5554 1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
5555 compared case insensitively. [RT #2542]
5557 1220. [func] Support for APL rdata type.
5559 1219. [func] Named now reports the TSIG extended error code when
5560 signature verification fails. [RT #1651]
5562 1218. [bug] Named incorrectly returned SERVFAIL rather than
5563 NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
5565 1217. [func] Report locations of previous key definition when a
5566 duplicate is detected.
5568 1216. [bug] Multiple server clauses for the same server were not
5569 reported. [RT #2514]
5571 1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
5573 1214. [bug] Win32: isc_file_renameunique() could leave zero length
5576 1213. [func] Report view associated with client if it is not a
5577 standard view (_default or _bind).
5579 1212. [port] libbind: 64k answer buffers were causing stack space
5580 to be exceeded for certain OS. Use heap space instead.
5582 1211. [bug] dns_name_fromtext() incorrectly handled certain
5583 valid octal bitlabels. [RT #2483]
5585 1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
5586 compatible addresses. [RT #2461]
5588 1209. [bug] Dig, host, nslookup were not checking the message ids
5589 on the responses. [RT #2454]
5591 1208. [bug] dns_master_load*() failed to log a error message if
5592 an error was detected when parsing the ownername of
5593 a record. [RT #2448]
5595 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
5598 1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
5599 trigger a non-EDNS retry.
5601 1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
5602 of the message. [RT #2449]
5604 1204. [bug] libbind: res_nupdate() failed to update the name
5605 server addresses before sending the update.
5607 1203. [func] Report locations of previous acl and zone definitions
5608 when a duplicate is detected.
5610 1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
5612 1201. [bug] Require that if 'callbacks' is passed to
5613 dns_rdata_fromtext(), callbacks->error and
5614 callbacks->warn are initialized.
5616 1200. [bug] Log 'errno' that we are unable to convert to
5617 isc_result_t. [RT #2404]
5619 1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
5622 1198. [bug] OPT printing style was not consistent with the way the
5623 header fields are printed. The DO bit was not reported
5624 if set. Report if any of the MBZ bits are set.
5626 1197. [bug] Attempts to define the same acl multiple times were not
5629 1196. [contrib] update mdnkit to 2.2.3.
5631 1195. [bug] Attempts to redefine builtin acls should be caught.
5634 1194. [bug] Not all duplicate zone definitions were being detected
5635 at the named.conf checking stage. [RT #2431]
5637 1193. [bug] dig +besteffort parsing didn't handle packet
5638 truncation. dns_message_parse() has new flag
5639 DNS_MESSAGE_IGNORETRUNCATION.
5641 1192. [bug] The seconds fields in LOC records were restricted
5642 to three decimal places. More decimal places should
5643 be allowed but warned about.
5645 1191. [bug] A dynamic update removing the last non-apex name in
5646 a secure zone would fail. [RT #2399]
5648 1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
5651 1189. [bug] On some systems, malloc(0) returns NULL, which
5652 could cause the caller to report an out of memory
5655 1188. [bug] Dynamic updates of a signed zone would fail if
5656 some of the zone private keys were unavailable.
5658 1187. [bug] named was incorrectly returning DNSSEC records
5659 in negative responses when the DO bit was not set.
5661 1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
5662 EOL token when reading to end of line.
5664 1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
5665 unless RES_INIT is set when calling res_*init().
5667 1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
5668 when res_*init() is called.
5670 1183. [bug] Handle ENOSR error when writing to the internal
5671 control pipe. [RT #2395]
5673 1182. [bug] The server could throw an assertion failure when
5674 constructing a negative response packet.
5676 1181. [func] Add the "key-directory" configuration statement,
5677 which allows the server to look for online signing
5678 keys in alternate directories.
5680 1180. [func] dnssec-keygen should always generate keys with
5681 protocol 3 (DNSSEC), since it's less confusing
5684 1179. [func] Add SIG(0) support to nsupdate.
5686 1178. [bug] Follow and cache (if appropriate) A6 and other
5687 data chains to completion in the additional section.
5689 1177. [func] Report view when loading zones if it is not a
5690 standard view (_default or _bind). [RT #2270]
5692 1176. [doc] Document that allow-v6-synthesis is only performed
5693 for clients that are supplied recursive service.
5696 1175. [bug] named-checkzone and named-checkconf failed to call
5697 dns_result_register() at startup which could
5698 result in runtime exceptions when printing
5699 "out of memory" errors. [RT #2335]
5701 1174. [bug] Win32: add WSAECONNRESET to the expected errors
5702 from connect(). [RT #2308]
5704 1173. [bug] Potential memory leaks in isc_log_create() and
5705 isc_log_settag(). [RT #2336]
5707 1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
5708 table of RR types in ARM.
5710 1171. [func] Added function isc_region_compare(), updated files in
5711 lib/dns to use this function instead of local one.
5713 1170. [bug] Don't attempt to print the token when a I/O error
5714 occurs when parsing named.conf. [RT #2275]
5716 1169. [func] Identify recursive queries in the query log.
5718 1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
5720 1167. [contrib] nslint-2.1a3 (from author).
5722 1166. [bug] "Not Implemented" should be reported as NOTIMP,
5723 not NOTIMPL. [RT #2281]
5725 1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
5727 1164. [bug] Empty masters clauses in slave / stub zones were not
5728 handled gracefully. [RT #2262]
5730 1163. [func] isc_time_formattimestamp() now includes the year.
5732 1162. [bug] The allow-notify option was not accepted in slave
5735 1161. [bug] named-checkzone looped on unbalanced brackets.
5738 1160. [bug] Generating Diffie-Hellman keys longer than 1024
5739 bits could fail. [RT #2241]
5741 1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
5743 1158. [func] Report the client's address when logging notify
5746 1157. [func] match-clients and match-destinations now accept
5749 1156. [port] The configure test for strsep() incorrectly
5750 succeeded on certain patched versions of
5751 AIX 4.3.3. [RT #2190]
5753 1155. [func] Recover from master files being removed from under
5756 1154. [bug] Don't attempt to obtain the netmask of a interface
5757 if there is no address configured. [RT #2176]
5759 1153. [func] 'rndc {stop|halt} -p' now reports the process id
5760 of the instance of named being shutdown.
5762 1152. [bug] libbind: read buffer overflows.
5764 1151. [bug] nslookup failed to check that the arguments to
5765 the port, timeout, and retry options were
5766 valid integers and in range. [RT #2099]
5768 1150. [bug] named incorrectly accepted TTL values
5769 containing plus or minus signs, such as
5772 1149. [func] New function isc_parse_uint32().
5774 1148. [func] 'rndc-confgen -a' now provides positive feedback.
5776 1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
5777 the OS. listen-on-v6 { any; }; should no longer
5778 result in IPv4 queries be accepted. Similarly
5779 control { inet :: ... }; should no longer result
5780 in IPv4 connections being accepted. This can be
5781 overridden at compile time by defining
5784 1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
5785 supported by the OS by a new function
5786 isc_socket_ipv6only().
5788 1145. [func] "host" no longer reports a NOERROR/NODATA response
5789 by printing nothing. [RT #2065]
5791 1144. [bug] rndc-confgen would crash if both the -a and -t
5792 options were specified. [RT #2159]
5794 1143. [bug] When a trusted-keys statement was present and named
5795 was built without crypto support, it would leak memory.
5797 1142. [bug] dnssec-signzone would fail to delete temporary files
5798 in some failure cases. [RT #2144]
5800 1141. [bug] When named rejected a control message, it would
5801 leak a file descriptor and memory. It would also
5802 fail to respond, causing rndc to hang.
5805 1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
5806 to the -s option. [RT #2138]
5808 1139. [func] It is now possible to flush a given name from the
5809 cache(s) via 'rndc flushname name [view]'. [RT #2051]
5811 1138. [func] It is now possible to flush a given name from the
5812 cache by calling the new function
5813 dns_cache_flushname().
5815 1137. [func] It is now possible to flush a given name from the
5816 ADB by calling the new function dns_adb_flushname().
5818 1136. [bug] CNAME records synthesized from DNAMEs did not
5819 have a TTL of zero as required by RFC2672.
5822 1135. [func] You can now override the default syslog() facility for
5823 named/lwresd at compile time. [RT #1982]
5825 1134. [bug] Multi-threaded servers could deadlock in ferror()
5826 when reloading zone files. [RT #1951, #1998]
5828 1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
5829 platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
5831 1132. [func] Improve UPDATE prerequisite failure diagnostic messages.
5833 1131. [bug] The match-destinations view option did not work with
5834 IPv6 destinations. [RT #2073, #2074]
5836 1130. [bug] Log messages reporting an out-of-range serial number
5837 did not include the out-of-range number but the
5838 following token. [RT #2076]
5840 1129. [bug] Multi-threaded servers could crash under heavy
5841 resolution load due to a race condition. [RT #2018]
5843 1128. [func] sdb drivers can now provide RR data in either text
5844 or wire format, the latter using the new functions
5845 dns_sdb_putrdata() and dns_sdb_putnamedrdata().
5847 1127. [func] rndc: If the server to contact has multiple addresses,
5850 1126. [bug] The server could access a freed event if shut
5851 down while a client start event was pending
5852 delivery. [RT #2061]
5854 1125. [bug] rndc: -k option was missing from usage message.
5857 1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
5858 are now documented. [RT #2052]
5860 1123. [bug] dig +[no]fail did not match description. [RT #2052]
5862 1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
5865 1121. [bug] The server could attempt to access a NULL zone
5866 table if shut down while resolving.
5869 1120. [bug] Errors in options were not fatal. [RT #2002]
5871 1119. [func] Added support in Win32 for NTFS file/directory ACL's
5874 1118. [bug] On multi-threaded servers, a race condition
5875 could cause an assertion failure in resolver.c
5876 during resolver shutdown. [RT #2029]
5878 1117. [port] The configure check for in6addr_loopback incorrectly
5879 succeeded on AIX 4.3 when compiling with -O2
5880 because the test code was optimized away.
5883 1116. [bug] Setting transfers in a server clause, transfers-in,
5884 or transfers-per-ns to a value greater than
5885 2147483647 disabled transfers. [RT #2002]
5887 1115. [func] Set maximum values for cleaning-interval,
5888 heartbeat-interval, interface-interval,
5889 max-transfer-idle-in, max-transfer-idle-out,
5890 max-transfer-time-in, max-transfer-time-out,
5891 statistics-interval of 28 days and
5892 sig-validity-interval of 3660 days. [RT #2002]
5894 1114. [port] Ignore more accept() errors. [RT #2021]
5896 1113. [bug] The allow-update-forwarding option was ignored
5897 when specified in a view. [RT #2014]
5901 1111. [bug] Multi-threaded servers could deadlock processing
5902 recursive queries due to a locking hierarchy
5903 violation in adb.c. [RT #2017]
5905 1110. [bug] dig should only accept valid abbreviations of +options.
5908 1109. [bug] nsupdate accepted illegal ttl values.
5910 1108. [bug] On Win32, rndc was hanging when named was not running
5911 due to failure to select for exceptional conditions
5912 in select(). [RT #1870]
5914 1107. [bug] nsupdate could catch an assertion failure if an
5915 invalid domain name was given as the argument to
5918 1106. [bug] After seeing an out of range TTL, nsupdate would
5919 treat all TTLs as out of range. [RT #2001]
5921 1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
5923 1104. [bug] Invalid arguments to the transfer-format option
5924 could cause an assertion failure. [RT #1995]
5926 1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
5928 1102. [doc] Note that query logging is enabled by directing the
5929 queries category to a channel.
5931 1101. [bug] Array bounds read error in lwres_gai_strerror.
5933 1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
5935 1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
5936 compile time errors.
5938 1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
5940 1097. [func] libbind: RES_PRF_TRUNC for dig.
5942 1096. [func] libbind: "DNSSEC OK" (DO) support.
5944 1095. [func] libbind: resolver option: no-tld-query. disables
5945 trying unqualified as a tld. no_tld_query is also
5946 supported for FreeBSD compatibility.
5948 1094. [func] libbind: add support gcc's format string checking.
5950 1093. [doc] libbind: miscellaneous nroff fixes.
5952 1092. [bug] libbind: get*by*() failed to check if res_init() had
5955 1091. [bug] libbind: misplaced va_end().
5957 1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
5958 the amount of memory consumed resulting in garbage
5959 address being returned. Alignment calculations were
5960 wasting space. We weren't suppressing duplicate
5963 1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
5966 1088. [port] libbind: MPE/iX C.70 (incomplete)
5968 1087. [bug] libbind: struct __res_state too large on 64 bit arch.
5970 1086. [port] libbind: sunos: old sprintf.
5972 1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
5973 exist when compiling in 64 bit mode.
5975 1084. [cleanup] libbind: gai_strerror() rewritten.
5977 1083. [bug] The default control channel listened on the
5978 wildcard address, not the loopback as documented.
5981 1082. [bug] The -g option to named incorrectly caused logging
5982 to be sent to syslog in addition to stderr.
5985 1081. [bug] Multicast queries were incorrectly identified
5986 based on the source address, not the destination
5989 1080. [bug] BIND 8 compatibility: accept bare IP prefixes
5990 as the second element of a two-element top level
5991 sort list statement. [RT #1964]
5993 1079. [bug] BIND 8 compatibility: accept bare elements at top
5994 level of sort list treating them as if they were
5995 a single element list. [RT #1963]
5997 1078. [bug] We failed to correct bad tv_usec values in one case.
6000 1077. [func] Do not accept further recursive clients when
6001 the total number of recursive lookups being
6002 processed exceeds max-recursive-clients, even
6003 if some of the lookups are internally generated.
6006 1076. [bug] A badly defined global key could trigger an assertion
6007 on load/reload if views were used. [RT #1947]
6009 1075. [bug] Out-of-range network prefix lengths were not
6010 reported. [RT #1954]
6012 1074. [bug] Running out of memory in dump_rdataset() could
6013 cause an assertion failure. [RT #1946]
6015 1073. [bug] The ADB cache cleaning should also be space driven.
6018 1072. [bug] The TCP client quota could be exceeded when
6019 recursion occurred. [RT #1937]
6021 1071. [bug] Sockets listening for TCP DNS connections
6022 specified an excessive listen backlog. [RT #1937]
6024 1070. [bug] Copy DNSSEC OK (DO) to response as specified by
6025 draft-ietf-dnsext-dnssec-okbit-03.txt.
6029 1068. [bug] errno could be overwritten by catgets(). [RT #1921]
6031 1067. [func] Allow quotas to be soft, isc_quota_soft().
6033 1066. [bug] Provide a thread safe wrapper for strerror().
6036 1065. [func] Runtime support to select new / old style interface
6037 scanning using ioctls.
6039 1064. [bug] Do not shut down active network interfaces if we
6040 are unable to scan the interface list. [RT #1921]
6042 1063. [bug] libbind: "make install" was failing on IRIX.
6045 1062. [bug] If the control channel listener socket was shut
6046 down before server exit, the listener object could
6047 be freed twice. [RT #1916]
6049 1061. [bug] If periodic cache cleaning happened to start
6050 while cleaning due to reaching the configured
6051 maximum cache size was in progress, the server
6052 could catch an assertion failure. [RT #1912]
6054 1060. [func] Move refresh, stub and notify UDP retry processing
6057 1059. [func] dns_request now support will now retry UDP queries,
6058 dns_request_createvia2() and dns_request_createraw2().
6060 1058. [func] Limited lifetime ticker timers are now available,
6061 isc_timertype_limited.
6063 1057. [bug] Reloading the server after adding a "file" clause
6064 to a zone statement could cause the server to
6065 crash due to a typo in change 1016.
6067 1056. [bug] Rndc could catch an assertion failure on SIGINT due
6068 to an uninitialized variable. [RT #1908]
6070 1055. [func] Version and hostname queries can now be disabled
6071 using "version none;" and "hostname none;",
6074 1054. [bug] On Win32, cfg_categories and cfg_modules need to be
6075 exported from the libisccfg DLL.
6077 1053. [bug] Dig did not increase its timeout when receiving
6078 AXFRs unless the +time option was used. [RT #1904]
6080 1052. [bug] Journals were not being created in binary mode
6081 resulting in "journal format not recognized" error
6082 under Win32. [RT #1889]
6084 1051. [bug] Do not ignore a network interface completely just
6085 because it has a noncontiguous netmask. Instead,
6086 omit it from the localnets ACL and issue a warning.
6089 1050. [bug] Log messages reporting malformed IP addresses in
6090 address lists such as that of the forwarders option
6091 failed to include the correct error code, file
6092 name, and line number. [RT #1890]
6094 1049. [func] "pid-file none;" will disable writing a pid file.
6097 1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
6100 1047. [bug] named was incorrectly refusing all requests signed
6101 with a TSIG key derived from an unsigned TKEY
6102 negotiation with a NOERROR response. [RT #1886]
6104 1046. [bug] The help message for the --with-openssl configure
6105 option was inaccurate. [RT #1880]
6107 1045. [bug] It was possible to skip saving glue for a nameserver
6110 1044. [bug] Specifying allow-transfer, notify-source, or
6111 notify-source-v6 in a stub zone was not treated
6114 1043. [bug] Specifying a transfer-source or transfer-source-v6
6115 option in the zone statement for a master zone was
6116 not treated as an error. [RT #1876]
6118 1042. [bug] The "config" logging category did not work properly.
6121 1041. [bug] Dig/host/nslookup could catch an assertion failure
6122 on SIGINT due to an uninitialized variable. [RT #1867]
6124 1040. [bug] Multiple listen-on-v6 options with different ports
6125 were not accepted. [RT #1875]
6127 1039. [bug] Negative responses with CNAMEs in the answer section
6128 were cached incorrectly. [RT #1862]
6130 1038. [bug] In servers configured with a tkey-domain option,
6131 TKEY queries with an owner name other than the root
6132 could cause an assertion failure. [RT #1866, #1869]
6134 1037. [bug] Negative responses whose authority section contain
6135 SOA or NS records whose owner names are not equal
6136 equal to or parents of the query name should be
6137 rejected. [RT #1862]
6139 1036. [func] Silently drop requests received via multicast as
6140 long as there is no final multicast DNS standard.
6142 1035. [bug] If we respond to multicast queries (which we
6143 currently do not), respond from a unicast address
6144 as specified in RFC 1123. [RT #137]
6146 1034. [bug] Ignore the RD bit on multicast queries as specified
6147 in RFC 1123. [RT #137]
6149 1033. [bug] Always respond to requests with an unsupported opcode
6150 with NOTIMP, even if we don't have a matching view
6151 or cannot determine the class.
6153 1032. [func] hostname.bind/txt/chaos now returns the name of
6154 the machine hosting the nameserver. This is useful
6155 in diagnosing problems with anycast servers.
6157 1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
6160 1030. [bug] On systems with no resolv.conf file, nsupdate
6161 exited with an error rather than defaulting
6162 to using the loopback address. [RT #1836]
6164 1029. [bug] Some named.conf errors did not cause the loading
6165 of the configuration file to return a failure
6166 status even though they were logged. [RT #1847]
6168 1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
6169 in the wrong directory. [RT #1833]
6171 1027. [bug] RRs having the reserved type 0 should be rejected.
6176 1025. [bug] Don't use multicast addresses to resolve iterative
6179 1024. [port] Compilation failed on HP-UX 11.11 due to
6180 incompatible use of the SIOCGLIFCONF macro
6183 1023. [func] Accept hints without TTLs.
6185 1022. [bug] Don't report empty root hints as "extra data".
6188 1021. [bug] On Win32, log message timestamps were one month
6189 later than they should have been, and the server
6190 would exhibit unspecified behavior in December.
6192 1020. [bug] IXFR log messages did not distinguish between
6193 true IXFRs, AXFR-style IXFRs, and mere version
6196 1019. [bug] The value of the lame-ttl option was limited to 18000
6197 seconds, not 1800 seconds as documented. [RT #1803]
6199 1018. [bug] The default log channel was not always initialized
6200 correctly. [RT #1813]
6202 1017. [bug] When specifying TSIG keys to dig and nsupdate using
6203 the -k option, they must be HMAC-MD5 keys. [RT #1810]
6205 1016. [bug] Slave zones with no backup file were re-transferred
6206 on every server reload.
6208 1015. [bug] Log channels that had a "versions" option but no
6209 "size" option failed to create numbered log
6212 1014. [bug] Some queries would cause statistics counters to
6213 increment more than once or not at all. [RT #1321]
6215 1013. [bug] It was possible to cancel a query twice when marking
6216 a server as bogus or by having a blackhole acl.
6219 1012. [bug] The -p option to named did not behave as documented.
6221 1011. [cleanup] Removed isc_dir_current().
6223 1010. [bug] The server could attempt to execute a command channel
6224 command after initiating server shutdown, causing
6225 an assertion failure. [RT #1766]
6227 1009. [port] OpenUNIX 8 support. [RT #1728]
6229 1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
6231 1007. [port] config.guess, config.sub from autoconf-2.52.
6233 1006. [bug] If a KEY RR was found missing during DNSSEC validation,
6234 an assertion failure could subsequently be triggered
6235 in the resolver. [RT #1763]
6237 1005. [bug] Don't copy nonzero RCODEs from request to response.
6240 1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
6242 1003. [func] Add the +retry option to dig.
6244 1002. [bug] When reporting an unknown class name in named.conf,
6245 including the file name and line number. [RT #1759]
6247 1001. [bug] win32 socket code doio_recv was not catching a
6248 WSACONNRESET error when a client was timing out
6249 the request and closing its socket. [RT #1745]
6251 1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
6252 for class "HS". [RT #1759]
6254 999. [func] "rndc retransfer zone [class [view]]" added.
6257 998. [func] named-checkzone now has arguments to specify the
6258 chroot directory (-t) and working directory (-w).
6261 997. [func] Add support for RSA-SHA1 keys (RFC3110).
6263 996. [func] Issue warning if the configuration filename contains
6266 995. [bug] dig, host, nslookup: using a raw IPv6 address as a
6267 target address should be fatal on a IPv4 only system.
6269 994. [func] Treat non-authoritative responses to queries for type
6270 NS as referrals even if the NS records are in the
6271 answer section, because BIND 8 servers incorrectly
6272 send them that way. This is necessary for DNSSEC
6273 validation of the NS records of a secure zone to
6274 succeed when the parent is a BIND 8 server. [RT #1706]
6276 993. [func] dig: -v now reports the version.
6278 992. [doc] dig: ~/.digrc is now documented.
6280 991. [func] Lower UDP refresh timeout messages to level
6283 990. [bug] The rndc-confgen man page was not installed.
6285 989. [bug] Report filename if $INCLUDE fails for file related
6288 988. [bug] 'additional-from-auth no;' did not work reliably
6289 in the case of queries answered from the cache.
6292 987. [bug] "dig -help" didn't show "+[no]stats".
6294 986. [bug] "dig +noall" failed to clear stats and command
6297 985. [func] Consider network interfaces to be up iff they have
6298 a nonzero IP address rather than based on the
6299 IFF_UP flag. [RT #1160]
6301 984. [bug] Multi-threading should be enabled by default on
6302 Solaris 2.7 and newer, but it wasn't.
6304 983. [func] The server now supports generating IXFR difference
6305 sequences for non-dynamic zones by comparing zone
6306 versions, when enabled using the new config
6307 option "ixfr-from-differences". [RT #1727]
6309 982. [func] If "memstatistics-file" is set in options the memory
6310 statistics will be written to it.
6312 981. [func] The dnssec tools can now take multiple '-r randomfile'
6315 980. [bug] Incoming zone transfers restarting after an error
6316 could trigger an assertion failure. [RT #1692]
6318 979. [func] Incremental master file dumping. dns_master_dumpinc(),
6319 dns_master_dumptostreaminc(), dns_dumpctx_attach(),
6320 dns_dumpctx_detach(), dns_dumpctx_cancel(),
6321 dns_dumpctx_db() and dns_dumpctx_version().
6323 978. [bug] dns_db_attachversion() had an invalid REQUIRE()
6326 977. [bug] Improve "not at top of zone" error message.
6328 976. [func] named-checkconf can now test load master zones
6329 (named-checkconf -z). [RT #1468]
6331 975. [bug] "max-cache-size default;" as a view option
6332 caused an assertion failure.
6334 974. [bug] "max-cache-size unlimited;" as a global option
6337 973. [bug] Failed to log the question name when logging:
6338 "bad zone transfer request: non-authoritative zone
6341 972. [bug] The file modification time code in zone.c was using the
6342 wrong epoch. [RT #1667]
6346 970. [func] 'max-journal-size' can now be used to set a target
6349 969. [func] dig now supports the undocumented dig 8 feature
6350 of allowing arbitrary labels, not just dotted
6351 decimal quads, with the -x option. This can be
6352 used to conveniently look up RFC2317 names as in
6353 "dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
6355 968. [bug] On win32, the isc_time_now() function was unnecessarily
6356 calling strtime(). [RT #1671]
6358 967. [bug] On win32, the link for bindevt was not including the
6359 required resource file to enable the event viewer
6360 to interpret the error messages in the event log,
6365 965. [bug] Including data other than root server NS and A
6366 records in the root hint file could cause a rbtdb
6367 node reference leak. [RT #1581, #1618]
6369 964. [func] Warn if data other than root server NS and A records
6370 are found in the root hint file. [RT #1581, #1618]
6372 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
6374 962. [bug] libbind: bad "#undef", don't attempt to install
6375 non-existent nlist.h. [RT #1640]
6377 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
6378 was not defined. [RT #1482]
6380 960. [port] liblwres failed to build on systems with support for
6381 getrrsetbyname() in the OS. [RT #1592]
6383 959. [port] On FreeBSD, determine the number of CPUs by calling
6384 sysctlbyname(). [RT #1584]
6386 958. [port] ssize_t is not available on all platforms. [RT #1607]
6388 957. [bug] sys/select.h inclusion was broken on older platforms.
6391 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
6392 in named/win32/os.c due to code changes in
6393 change #953. win32 .make file for rndc-confgen
6394 updated to add include path for os.h header.
6396 --- 9.2.0rc1 released ---
6398 955. [bug] When using views, the zone's class was not being
6399 inherited from the view's class. [RT #1583]
6401 954. [bug] When requesting AXFRs or IXFRs using dig, host, or
6402 nslookup, the RD bit should not be set as zone
6403 transfers are inherently non-recursive. [RT #1575]
6405 953. [func] The /var/run/named.key file from change #843
6406 has been replaced by /etc/rndc.key. Both
6407 named and rndc will look for this file and use
6408 it to configure a default control channel key
6409 if not already configured using a different
6410 method (rndc.conf / controls). Unlike
6411 named.key, rndc.key is not created automatically;
6412 it must be created by manually running
6415 952. [bug] The server required manual intervention to serve the
6416 affected zones if it died between creating a journal
6417 and committing the first change to it.
6419 951. [bug] CFLAGS was not passed to the linker when
6420 linking some of the test programs under
6421 bin/tests. [RT #1555].
6423 950. [bug] Explicit TTLs did not properly override $TTL
6424 due to a bug in change 834. [RT #1558]
6426 949. [bug] host was unable to print records larger than 512
6429 --- 9.2.0b2 released ---
6431 948. [port] Integrated support for building on Windows NT /
6434 947. [bug] dns_rdata_soa_t had a badly named element "mname" which
6435 was really the RNAME field from RFC1035. To avoid
6436 confusion and silent errors that would occur it the
6437 "origin" and "mname" elements were given their correct
6438 names "mname" and "rname" respectively, the "mname"
6439 element is renamed to "contact".
6441 946. [cleanup] doc/misc/options is now machine-generated from the
6442 configuration parser syntax tables, and therefore
6443 more likely to be correct.
6445 945. [func] Add the new view-specific options
6446 "match-destinations" and "match-recursive-only".
6448 944. [func] Check for expired signatures on load.
6450 943. [bug] The server could crash when receiving a command
6451 via rndc if the configuration file listed only
6452 nonexistent keys in the controls statement. [RT #1530]
6454 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly
6455 defined on some platforms.
6457 941. [bug] The configuration checker crashed if a slave
6458 zone didn't contain a masters statement. [RT #1514]
6460 940. [bug] Double zone locking failure on error path. [RT #1510]
6462 --- 9.2.0b1 released ---
6464 939. [port] Add the --disable-linux-caps option to configure for
6465 systems that manage capabilities outside of named.
6470 937. [bug] A race when shutting down a zone could trigger a
6471 INSIST() failure. [RT #1034]
6473 936. [func] Warn about IPv4 addresses that are not complete
6474 dotted quads. [RT #1084]
6476 935. [bug] inet_pton failed to reject leading zeros.
6478 934. [port] Deal with systems where accept() spuriously returns
6481 933. [bug] configure failed doing libbind on platforms not
6482 supported by BIND 8. [RT #1496]
6484 --- 9.2.0a3 released ---
6486 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
6487 when installing isc-config.sh.
6490 931. [bug] The controls statement only attempted to verify
6491 messages using the first key in the key list.
6494 930. [func] Query performance testing tool added as
6499 928. [bug] nsupdate would send empty update packets if the
6500 send (or empty line) command was run after
6501 another send but before any new updates or
6502 prerequisites were specified. It should simply
6503 ignore this command.
6505 927. [bug] Don't hold the zone lock for the entire dump to disk.
6508 926. [bug] The resolver could deadlock with the ADB when
6509 shutting down (multi-threaded builds only).
6512 925. [cleanup] Remove openssl from the distribution; require that
6513 --with-openssl be specified if DNSSEC is needed.
6515 924. [port] Extend support for pre-RFC2133 IPv6 implementation.
6518 923. [bug] Multiline TSIG secrets (and other multiline strings)
6519 were not accepted in named.conf. [RT #1469]
6521 922. [func] Added two new lwres_getrrsetbyname() result codes,
6522 ERR_NONAME and ERR_NODATA.
6524 921. [bug] lwres returned an incorrect error code if it received
6525 a truncated message.
6527 920. [func] Increase the lwres receive buffer size to 16K.
6532 918. [func] In nsupdate, TSIG errors are no longer treated as
6535 917. [func] New nsupdate command 'key', allowing TSIG keys to
6536 be specified in the nsupdate command stream rather
6537 than the command line.
6539 916. [bug] Specifying type ixfr to dig without specifying
6540 a serial number failed in unexpected ways.
6542 915. [func] The named-checkconf and named-checkzone programs
6543 now have a '-v' option for printing their version.
6546 914. [bug] Global 'server' statements were rejected when
6547 using views, even though they were accepted
6550 913. [bug] Cache cleaning was not sufficiently aggressive.
6553 912. [bug] Attempts to set the 'additional-from-cache' or
6554 'additional-from-auth' option to 'no' in a
6555 server with recursion enabled will now
6556 be ignored and cause a warning message.
6561 910. [port] Some pre-RFC2133 IPv6 implementations do not define
6562 IN6ADDR_ANY_INIT. [RT #1416]
6566 908. [func] New program, rndc-confgen, to simplify setting up rndc.
6568 907. [func] The ability to get entropy from either the
6569 random device, a user-provided file or from
6570 the keyboard was migrated from the DNSSEC tools
6571 to libisc as isc_entropy_usebestsource().
6573 906. [port] Separated the system independent portion of
6574 lib/isc/unix/entropy.c into lib/isc/entropy.c
6575 and added lib/isc/win32/entropy.c.
6577 905. [bug] Configuring a forward "zone" for the root domain
6578 did not work. [RT #1418]
6580 904. [bug] The server would leak memory if attempting to use
6581 an expired TSIG key. [RT #1406]
6583 903. [bug] dig should not crash when receiving a TCP packet
6586 902. [bug] The -d option was ignored if both -t and -g were also
6591 900. [bug] A config.guess update changed the system identification
6592 string of FreeBSD systems; configure and
6593 bin/tests/system/ifconfig.sh now recognize the new
6596 --- 9.2.0a2 released ---
6598 899. [bug] lib/dns/soa.c failed to compile on many platforms
6599 due to inappropriate use of a void value.
6600 [RT #1372, #1373, #1386, #1387, #1395]
6602 898. [bug] "dig" failed to set a nonzero exit status
6603 on UDP query timeout. [RT #1323]
6605 897. [bug] A config.guess update changed the system identification
6606 string of UnixWare systems; configure now recognizes
6609 896. [bug] If a configuration file is set on named's command line
6610 and it has a relative pathname, the current directory
6611 (after any possible jailing resulting from named -t)
6612 will be prepended to it so that reloading works
6613 properly even when a directory option is present.
6615 895. [func] New function, isc_dir_current(), akin to POSIX's
6618 894. [bug] When using the DNSSEC tools, a message intended to warn
6619 when the keyboard was being used because of the lack
6620 of a suitable random device was not being printed.
6622 893. [func] Removed isc_file_test() and added isc_file_exists()
6623 for the basic functionality that was being added
6624 with isc_file_test().
6628 891. [bug] Return an error when a SIG(0) signed response to
6629 an unsigned query is seen. This should actually
6630 do the verification, but it's not currently
6631 possible. [RT #1391]
6633 890. [cleanup] The man pages no longer require the mandoc macros
6634 and should now format cleanly using most versions of
6635 nroff, and HTML versions of the man pages have been
6636 added. Both are generated from DocBook source.
6638 889. [port] Eliminated blank lines before .TH in nroff man
6639 pages since they cause problems with some versions
6640 of nroff. [RT #1390]
6642 888. [bug] Don't die when using TKEY to delete a nonexistent
6643 TSIG key. [RT #1392]
6645 887. [port] Detect broken compilers that can't call static
6646 functions from inline functions. [RT #1212]
6688 866. [func] Close debug only file channels when debug is set to
6691 865. [bug] The new configuration parser did not allow
6692 the optional debug level in a "severity debug"
6693 clause of a logging channel to be omitted.
6694 This is now allowed and treated as "severity
6695 debug 1;" like it does in BIND 8.2.4, not as
6696 "severity debug 0;" like it did in BIND 9.1.
6699 864. [cleanup] Multi-threading is now enabled by default on
6700 OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
6702 863. [bug] If an error occurred while an outgoing zone transfer
6703 was starting up, the server could access a domain
6704 name that had already been freed when logging a
6705 message saying that the transfer was starting.
6708 862. [bug] Use after realloc(), non portable pointer arithmetic in
6711 861. [port] Add support for Mac OS X, by making it equivalent
6712 to Darwin. This was derived from the config.guess
6713 file shipped with Mac OS X. [RT #1355]
6715 860. [func] Drop cross class glue in zone transfers.
6717 859. [bug] Cache cleaning now won't swamp the CPU if there
6718 is a persistent over limit condition.
6720 858. [func] isc_mem_setwater() no longer requires that when the
6721 callback function is non-NULL then its hi_water
6722 argument must be greater than its lo_water argument
6723 (they can now be equal) or that they be non-zero.
6725 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
6726 structs, for our friends in EBCDIC-land.
6728 856. [func] Allow partial rdatasets to be returned in answer and
6729 authority sections to help non-TCP capable clients
6730 recover from truncation. [RT #1301]
6732 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
6734 854. [bug] The config parser didn't properly handle config
6735 options that were specified in units of time other
6736 than seconds. [RT #1372]
6738 853. [bug] configure_view_acl() failed to detach existing acls.
6741 852. [bug] Handle responses from servers which do not know
6744 851. [cleanup] The obsolete support-ixfr option was not properly
6747 --- 9.2.0a1 released ---
6749 850. [bug] dns_rbt_findnode() would not find nodes that were
6750 split on a bitstring label somewhere other than in
6751 the last label of the node. [RT #1351]
6753 849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
6755 848. [func] A minimum max-cache-size of two megabytes is enforced
6756 by the cache cleaner.
6758 847. [func] Added isc_file_test(), which currently only has
6759 some very basic functionality to test for the
6760 existence of a file, whether a pathname is absolute,
6761 or whether a pathname is the fundamental representation
6762 of the current directory. It is intended that this
6763 function can be expanded to test other things a
6764 programmer might want to know about a file.
6766 846. [func] A non-zero 'param' to dst_key_generate() when making an
6767 hmac-md5 key means that good entropy is not required.
6769 845. [bug] The access rights on the public file of a symmetric
6770 key are now restricted as soon as the file is opened,
6771 rather than after it has been written and closed.
6773 844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
6774 just as <lwres/net.h> does.
6776 843. [func] If no controls statement is present in named.conf,
6777 or if any inet phrase of a controls statement is
6778 lacking a keys clause, then a key will be automatically
6779 generated by named and an rndc.conf-style file
6780 named named.key will be written that uses it. rndc
6781 will use this file only if its normal configuration
6782 file, or one provided on the command line, does not
6785 842. [func] 'rndc flush' now takes an optional view.
6787 841. [bug] When sdb modules were not declared threadsafe, their
6788 create and destroy functions were not serialized.
6790 840. [bug] The config file parser could print the wrong file
6791 name if an error was detected after an included file
6792 was parsed. [RT #1353]
6794 839. [func] Dump packets for which there was no view or that the
6795 class could not be determined to category "unmatched".
6797 838. [port] UnixWare 7.x.x is now suported by
6798 bin/tests/system/ifconfig.sh.
6800 837. [cleanup] Multi-threading is now enabled by default only on
6801 OSF1, Solaris 2.7 and newer, and AIX.
6803 836. [func] Upgraded libtool to 1.4.
6805 835. [bug] The dispatcher could enter a busy loop if
6806 it got an I/O error receiving on a UDP socket.
6809 834. [func] Accept (but warn about) master files beginning with
6810 an SOA record without an explicit TTL field and
6811 lacking a $TTL directive, by using the SOA MINTTL
6812 as a default TTL. This is for backwards compatibility
6813 with old versions of BIND 8, which accepted such
6814 files without warning although they are illegal
6815 according to RFC1035.
6817 833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
6818 <dns/soa.h>, and extended them to support
6819 all the integer-valued fields of the SOA RR.
6821 832. [bug] The default location for named.conf in named-checkconf
6822 should depend on --sysconfdir like it does in named.
6827 830. [func] Implement 'rndc status'.
6829 829. [bug] The DNS_R_ZONECUT result code should only be returned
6830 when an ANY query is made with DNS_DBFIND_GLUEOK set.
6831 In all other ANY query cases, returning the delegation
6834 828. [bug] The errno value from recvfrom() could be overwritten
6835 by logging code. [RT #1293]
6837 827. [bug] When an IXFR protocol error occurs, the slave
6838 should retry with AXFR.
6840 826. [bug] Some IXFR protocol errors were not detected.
6842 825. [bug] zone.c:ns_query() detached from the wrong zone
6843 reference. [RT #1264]
6845 824. [bug] Correct line numbers reported by dns_master_load().
6848 823. [func] The output of "dig -h" now goes to stdout so that it
6849 can easily be piped through "more". [RT #1254]
6851 822. [bug] Sending nxrrset prerequisites would crash nsupdate.
6854 821. [bug] The program name used when logging to syslog should
6855 be stripped of leading path components.
6858 820. [bug] Name server address lookups failed to follow
6859 A6 chains into the glue of local authoritative
6862 819. [bug] In certain cases, the resolver's attempts to
6863 restart an address lookup at the root could cause
6864 the fetch to deadlock (with itself) instead of
6865 restarting. [RT #1225]
6867 818. [bug] Certain pathological responses to ANY queries could
6868 cause an assertion failure. [RT #1218]
6870 817. [func] Adjust timeouts for dialup zone queries.
6872 816. [bug] Report potential problems with log file accessibility
6873 at configuration time, since such problems can't
6874 reliably be reported at the time they actually occur.
6876 815. [bug] If a log file was specified with a path separator
6877 character (i.e. "/") in its name and the directory
6878 did not exist, the log file's name was treated as
6879 though it were the directory name. [RT #1189]
6881 814. [bug] Socket objects left over from accept() failures
6882 were incorrectly destroyed, causing corruption
6883 of socket manager data structures.
6885 813. [bug] File descriptors exceeding FD_SETSIZE were handled
6888 812. [bug] dig sometimes printed incomplete IXFR responses
6889 due to an uninitialized variable. [RT #1188]
6891 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
6893 810. [bug] The signer name in SIG records was not properly
6894 down-cased when signing/verifying records. [RT #1186]
6896 809. [bug] Configuring a non-local address as a transfer-source
6897 could cause an assertion failure during load.
6899 808. [func] Add 'rndc flush' to flush the server's cache.
6901 807. [bug] When setting up TCP connections for incoming zone
6902 transfers, the transfer-source port was not
6903 ignored like it should be.
6905 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
6906 the calling stack to the zone maintenance level,
6907 causing zones to not reload when an included file was
6908 touched but the top-level zone file was not.
6910 805. [bug] When using "forward only", missing root hints should
6911 not cause queries to fail. [RT #1143]
6913 804. [bug] Attempting to obtain entropy could fail in some
6914 situations. This would be most common on systems
6915 with user-space threads. [RT #1131]
6917 803. [bug] Treat all SIG queries as if they have the CD bit set,
6918 otherwise no data will be returned [RT #749]
6920 802. [bug] DNSSEC key tags were computed incorrectly in almost
6921 all cases. [RT #1146]
6923 801. [bug] nsupdate should treat lines beginning with ';' as
6924 comments. [RT #1139]
6926 800. [bug] dnssec-signzone produced incorrect statistics for
6927 large zones. [RT #1133]
6929 799. [bug] The ADB didn't find AAAA glue in a zone unless A6
6930 glue was also present.
6932 798. [bug] nsupdate should be able to reject bad input lines
6933 and continue. [RT #1130]
6935 797. [func] Issue a warning if the 'directory' option contains
6936 a relative path. [RT #269]
6938 796. [func] When a size limit is associated with a log file,
6939 only roll it when the size is reached, not every
6940 time the log file is opened. [RT #1096]
6942 795. [func] Add the +multiline option to dig. [RT #1095]
6944 794. [func] Implement the "port" and "default-port" statements
6947 793. [cleanup] The DNSSEC tools could create filenames that were
6948 illegal or contained shell meta-characters. They
6949 now use a different text encoding of names that
6950 doesn't have these problems. [RT #1101]
6952 792. [cleanup] Replace the OMAPI command channel protocol with a
6955 791. [bug] The command channel now works over IPv6.
6957 790. [bug] Wildcards created using dynamic update or IXFR
6958 could fail to match. [RT #1111]
6960 789. [bug] The "localhost" and "localnets" ACLs did not match
6961 when used as the second element of a two-element
6964 788. [func] Add the "match-mapped-addresses" option, which
6965 causes IPv6 v4mapped addresses to be treated as
6966 IPv4 addresses for the purpose of acl matching.
6968 787. [bug] The DNSSEC tools failed to downcase domain
6969 names when mapping them into file names.
6971 786. [bug] When DNSSEC signing/verifying data, owner names were
6972 not properly down-cased.
6974 785. [bug] A race condition in the resolver could cause
6975 an assertion failure. [RT #673, #872, #1048]
6977 784. [bug] nsupdate and other programs would not quit properly
6978 if some signals were blocked by the caller. [RT #1081]
6980 783. [bug] Following CNAMEs could cause an assertion failure
6981 when either using an sdb database or under very
6984 782. [func] Implement the "serial-query-rate" option.
6986 781. [func] Avoid error packet loops by dropping duplicate FORMERR
6987 responses. [RT #1006]
6989 780. [bug] Error handling code dealing with out of memory or
6990 other rare errors could lead to assertion failures
6991 by calling functions on uninitialized names. [RT #1065]
6993 779. [func] Added the "minimal-responses" option.
6995 778. [bug] When starting cache cleaning, cleaning_timer_action()
6996 returned without first pausing the iterator, which
6997 could cause deadlock. [RT #998]
6999 777. [bug] An empty forwarders list in a zone failed to override
7000 global forwarders. [RT #995]
7002 776. [func] Improved error reporting in denied messages. [RT #252]
7006 774. [func] max-cache-size is implemented.
7008 773. [func] Added isc_rwlock_trylock() to attempt to lock without
7011 772. [bug] Owner names could be incorrectly omitted from cache
7012 dumps in the presence of negative caching entries.
7015 771. [cleanup] TSIG errors related to unsynchronized clocks
7016 are logged better. [RT #919]
7018 770. [func] Add the "edns yes_or_no" statement to the server
7021 769. [func] Improved error reporting when parsing rdata. [RT #740]
7023 768. [bug] The server did not emit an SOA when a CNAME
7024 or DNAME chain ended in NXDOMAIN in an
7029 766. [bug] A few cases in query_find() could leak fname.
7030 This would trigger the mpctx->allocated == 0
7031 assertion when the server exited.
7032 [RT #739, #776, #798, #812, #818, #821, #845,
7035 765. [func] ACL names are once again case insensitive, like
7036 in BIND 8. [RT #252]
7038 764. [func] Configuration files now allow "include" directives
7039 in more places, such as inside the "view" statement.
7040 [RT #377, #728, #860]
7042 763. [func] Configuration files no longer have reserved words.
7045 762. [cleanup] The named.conf and rndc.conf file parsers have
7046 been completely rewritten.
7048 761. [bug] _REENTRANT was still defined when building with
7051 760. [contrib] Significant enhancements to the pgsql sdb driver.
7053 759. [bug] The resolver didn't turn off "avoid fetches" mode
7054 when restarting, possibly causing resolution
7055 to fail when it should not. This bug only affected
7056 platforms which support both IPv4 and IPv6. [RT #927]
7058 758. [bug] The "avoid fetches" code did not treat negative
7059 cache entries correctly, causing fetches that would
7060 be useful to be avoided. This bug only affected
7061 platforms which support both IPv4 and IPv6. [RT #927]
7063 757. [func] Log zone transfers.
7065 756. [bug] dns_zone_load() could "return" success when no master
7066 file was configured.
7068 755. [bug] Fix incorrectly formatted log messages in zone.c.
7070 754. [bug] Certain failure conditions sending UDP packets
7071 could cause the server to retry the transmission
7072 indefinitely. [RT #902]
7074 753. [bug] dig, host, and nslookup would fail to contact a
7075 remote server if getaddrinfo() returned an IPv6
7076 address on a system that doesn't support IPv6.
7079 752. [func] Correct bad tv_usec elements returned by
7082 751. [func] Log successful zone loads / transfers. [RT #898]
7084 750. [bug] A query should not match a DNAME whose trust level
7085 is pending. [RT #916]
7087 749. [bug] When a query matched a DNAME in a secure zone, the
7088 server did not return the signature of the DNAME.
7091 748. [doc] List supported RFCs in doc/misc/rfc-compliance.
7094 747. [bug] The code to determine whether an IXFR was possible
7095 did not properly check for a database that could
7096 not have a journal. [RT #865, #908]
7098 746. [bug] The sdb didn't clone rdatasets properly, causing
7099 a crash when the server followed delegations. [RT #905]
7101 745. [func] Report the owner name of records that fail
7102 semantic checks while loading.
7104 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
7105 result of an ANY or SIG query, the resolver failed
7106 to setup the return event's rdatasets, causing an
7107 assertion failure in the query code. [RT #881]
7109 743. [bug] Receiving a large number of certain malformed
7110 answers could cause named to stop responding.
7115 741. [port] Support openssl-engine. [RT #709]
7117 740. [port] Handle openssl library mismatches slightly better.
7119 739. [port] Look for /dev/random in configure, rather than
7120 assuming it will be there for only a predefined
7123 738. [bug] If a non-threadsafe sdb driver supported AXFR and
7124 received an AXFR request, it would deadlock or die
7125 with an assertion failure. [RT #852]
7127 737. [port] stdtime.c failed to compile on certain platforms.
7129 736. [func] New functions isc_task_{begin,end}exclusive().
7131 735. [doc] Add BIND 4 migration notes.
7133 734. [bug] An attempt to re-lock the zone lock could occur if
7134 the server was shutdown during a zone transfer.
7137 733. [bug] Reference counts of dns_acl_t objects need to be
7138 locked but were not. [RT #801, #821]
7140 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
7142 731. [bug] Certain zone errors could cause named-checkzone to
7143 fail ungracefully. [RT #819]
7145 730. [bug] lwres_getaddrinfo() returns the correct result when
7146 it fails to contact a server. [RT #768]
7148 729. [port] pthread_setconcurrency() needs to be called on Solaris.
7150 728. [bug] Fix comment processing on master file directives.
7153 727. [port] Work around OS bug where accept() succeeds but
7154 fails to fill in the peer address of the accepted
7155 connection, by treating it as an error rather than
7156 an assertion failure. [RT #809]
7158 726. [func] Implement the "trace" and "notrace" commands in rndc.
7160 725. [bug] Installing man pages could fail.
7162 724. [func] New libisc functions isc_netaddr_any(),
7165 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
7166 to return DNS_R_SERVFAIL. [RT #783]
7168 722. [func] Allow incremental loads to be canceled.
7170 721. [cleanup] Load manager and dns_master_loadfilequota() are no
7173 720. [bug] Server could enter infinite loop in
7174 dispatch.c:do_cancel(). [RT #733]
7176 719. [bug] Rapid reloads could trigger an assertion failure.
7179 718. [cleanup] "internal" is no longer a reserved word in named.conf.
7182 717. [bug] Certain TKEY processing failure modes could
7183 reference an uninitialized variable, causing the
7184 server to crash. [RT #750]
7186 716. [bug] The first line of a $INCLUDE master file was lost if
7187 an origin was specified. [RT #744]
7189 715. [bug] Resolving some A6 chains could cause an assertion
7190 failure in adb.c. [RT #738]
7192 714. [bug] Preserve interval timers across reloads unless changed.
7195 713. [func] named-checkconf takes '-t directory' similar to named.
7198 712. [bug] Sending a large signed update message caused an
7199 assertion failure. [RT #718]
7201 711. [bug] The libisc and liblwres implementations of
7202 inet_ntop contained an off by one error.
7204 710. [func] The forwarders statement now takes an optional
7207 709. [bug] ANY or SIG queries for data with a TTL of 0
7208 would return SERVFAIL. [RT #620]
7210 708. [bug] When building with --with-openssl, the openssl headers
7211 included with BIND 9 should not be used. [RT #702]
7213 707. [func] The "filename" argument to named-checkzone is no
7214 longer optional, to reduce confusion. [RT #612]
7216 706. [bug] Zones with an explicit "allow-update { none; };"
7217 were considered dynamic and therefore not reloaded
7218 on SIGHUP or "rndc reload".
7220 705. [port] Work out resource limit type for use where rlim_t is
7221 not available. [RT #695]
7223 704. [port] RLIMIT_NOFILE is not available on all platforms.
7226 703. [port] sys/select.h is needed on older platforms. [RT #695]
7228 702. [func] If the address 0.0.0.0 is seen in resolv.conf,
7229 use 127.0.0.1 instead. [RT #693]
7231 701. [func] Root hints are now fully optional. Class IN
7232 views use compiled-in hints by default, as
7233 before. Non-IN views with no root hints now
7234 provide authoritative service but not recursion.
7235 A warning is logged if a view has neither root
7236 hints nor authoritative data for the root. [RT #696]
7238 700. [bug] $GENERATE range check was wrong. [RT #688]
7240 699. [bug] The lexer mishandled empty quoted strings. [RT #694]
7242 698. [bug] Aborting nsupdate with ^C would lead to several
7245 697. [bug] nsupdate was not compatible with the undocumented
7246 BIND 8 behavior of ignoring TTLs in "update delete"
7249 696. [bug] lwresd would die with an assertion failure when passed
7250 a zero-length name. [RT #692]
7252 695. [bug] If the resolver attempted to query a blackholed or
7253 bogus server, the resolution would fail immediately.
7255 694. [bug] $GENERATE did not produce the last entry.
7258 693. [bug] An empty lwres statement in named.conf caused
7259 the server to crash while loading.
7261 692. [bug] Deal with systems that have getaddrinfo() but not
7262 gai_strerror(). [RT #679]
7264 691. [bug] Configuring per-view forwarders caused an assertion
7265 failure. [RT #675, #734]
7267 690. [func] $GENERATE now supports DNAME. [RT #654]
7269 689. [doc] man pages are now installed. [RT #210]
7271 688. [func] "make tags" now works on systems with the
7272 "Exuberant Ctags" etags.
7274 687. [bug] Only say we have IPv6, with sufficient functionality,
7275 if it has actually been tested. [RT #586]
7277 686. [bug] dig and nslookup can now be properly aborted during
7278 blocking operations. [RT #568]
7280 685. [bug] nslookup should use the search list/domain options
7281 from resolv.conf by default. [RT #405, #630]
7283 684. [bug] Memory leak with view forwarders. [RT #656]
7285 683. [bug] File descriptor leak in isc_lex_openfile().
7287 682. [bug] nslookup displayed SOA records incorrectly. [RT #665]
7289 681. [bug] $GENERATE specifying output format was broken. [RT #653]
7291 680. [bug] dns_rdata_fromstruct() mishandled options bigger
7294 679. [bug] $INCLUDE could leak memory and file descriptors on
7297 678. [bug] "transfer-format one-answer;" could trigger an assertion
7300 677. [bug] dnssec-signzone would occasionally use the wrong ttl
7301 for database operations and fail. [RT #643]
7303 676. [bug] Log messages about lame servers to category
7304 'lame-servers' rather than 'resolver', so as not
7305 to be gratuitously incompatible with BIND 8.
7307 675. [bug] TKEY queries could cause the server to leak
7310 674. [func] Allow messages to be TSIG signed / verified using
7311 a offset from the current time.
7313 673. [func] The server can now convert RFC1886-style recursive
7314 lookup requests into RFC2874-style lookups, when
7315 enabled using the new option "allow-v6-synthesis".
7317 672. [bug] The wrong time was in the "time signed" field when
7318 replying with BADTIME error.
7320 671. [bug] The message code was failing to parse a message with
7321 no question section and a TSIG record. [RT #628]
7323 670. [bug] The lwres replacements for getaddrinfo and
7324 getipnodebyname didn't properly check for the
7325 existence of the sockaddr sa_len field.
7327 669. [bug] dnssec-keygen now makes the public key file
7328 non-world-readable for symmetric keys. [RT #403]
7330 668. [func] named-checkzone now reports multiple errors in master
7333 667. [bug] On Linux, running named with the -u option and a
7334 non-world-readable configuration file didn't work.
7337 666. [bug] If a request sent by dig is longer than 512 bytes,
7340 665. [bug] Signed responses were not sent when the size of the
7341 TSIG + question exceeded the maximum message size.
7344 664. [bug] The t_tasks and t_timers module tests are now skipped
7345 when building without threads, since they require
7348 663. [func] Accept a size_spec, not just an integer, in the
7349 (unimplemented and ignored) max-ixfr-log-size option
7350 for compatibility with recent versions of BIND 8.
7353 662. [bug] dns_rdata_fromtext() failed to log certain errors.
7355 661. [bug] Certain UDP IXFR requests caused an assertion failure
7356 (mpctx->allocated == 0). [RT #355, #394, #623]
7358 660. [port] Detect multiple CPUs on HP-UX and IRIX.
7360 659. [performance] Rewrite the name compression code to be much faster.
7362 658. [cleanup] Remove all vestiges of 16 bit global compression.
7364 657. [bug] When a listen-on statement in an lwres block does not
7365 specify a port, use 921, not 53. Also update the
7366 listen-on documentation. [RT #616]
7368 656. [func] Treat an unescaped newline in a quoted string as
7369 an error. This means that TXT records with missing
7370 close quotes should have meaningful errors printed.
7372 655. [bug] Improve error reporting on unexpected eof when loading
7375 654. [bug] Origin was being forgotten in TCP retries in dig.
7378 653. [bug] +defname option in dig was reversed in sense.
7381 652. [bug] zone_saveunique() did not report the new name.
7383 651. [func] The AD bit in responses now has the meaning
7384 specified in <draft-ietf-dnsext-ad-is-secure>.
7386 650. [bug] SIG(0) records were being generated and verified
7387 incorrectly. [RT #606]
7389 649. [bug] It was possible to join to an already running fctx
7390 after it had "cloned" its events, but before it sent
7391 them. In this case, the event of the newly joined
7392 fetch would not contain the answer, and would
7393 trigger the INSIST() in fctx_sendevents(). In
7394 BIND 9.0, this bug did not trigger an INSIST(), but
7395 caused the fetch to fail with a SERVFAIL result.
7396 [RT #588, #597, #605, #607]
7398 648. [port] Add support for pre-RFC2133 IPv6 implementations.
7400 647. [bug] Resolver queries sent after following multiple
7401 referrals had excessively long retransmission
7402 timeouts due to incorrectly counting the referrals
7405 646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
7406 didn't _cleanly_ fix the problem it was trying to fix.
7408 645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
7410 644. [bug] #622 needed more work. [RT #562]
7412 643. [bug] xfrin error messages made more verbose, added class
7413 of the zone. [RT# 599]
7415 642. [bug] Break the exit_check() race in the zone module.
7418 --- 9.1.0b2 released ---
7420 641. [bug] $GENERATE caused a uninitialized link to be used.
7423 640. [bug] Memory leak in error path could cause
7424 "mpctx->allocated == 0" failure. [RT #584]
7426 639. [bug] Reading entropy from the keyboard would sometimes fail.
7429 638. [port] lib/isc/random.c needed to explicitly include time.h
7430 to get a prototype for time() when pthreads was not
7431 being used. [RT #592]
7433 637. [port] Use isc_u?int64_t instead of (unsigned) long long in
7434 lib/isc/print.c. Also allow lib/isc/print.c to
7435 be compiled even if the platform does not need it.
7438 636. [port] Shut up MSVC++ about a possible loss of precision
7439 in the ISC__BUFFER_PUTUINT*() macros. [RT #592]
7441 635. [bug] Reloading a server with a configured blackhole list
7442 would cause an assertion. [RT #590]
7444 634. [bug] A log file will completely stop being written when
7445 it reaches the maximum size in all cases, not just
7446 when versioning is also enabled. [RT #570]
7448 633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
7450 632. [bug] The index array of the journal file was
7451 corrupted as it was written to disk.
7453 631. [port] Build without thread support on systems without
7456 630. [bug] Locking failure in zone code. [RT #582]
7458 629. [bug] 9.1.0b1 dereferenced a null pointer and crashed
7459 when responding to a UDP IXFR request.
7461 628. [bug] If the root hints contained only AAAA addresses,
7462 named would be unable to perform resolution.
7464 627. [bug] The EDNS0 blackhole detection code of change 324
7465 waited for three retransmissions to each server,
7466 which takes much too long when a domain has many
7467 name servers and all of them drop EDNS0 queries.
7468 Now we retry without EDNS0 after three consecutive
7469 timeouts, even if they are all from different
7472 626. [bug] The lightweight resolver daemon no longer crashes
7473 when asked for a SIG rrset. [RT #558]
7475 625. [func] Zones now inherit their class from the enclosing view.
7477 624. [bug] The zone object could get timer events after it had
7478 been destroyed, causing a server crash. [RT #571]
7480 623. [func] Added "named-checkconf" and "named-checkzone" program
7481 for syntax checking named.conf files and zone files,
7484 622. [bug] A canceled request could be destroyed before
7485 dns_request_destroy() was called. [RT #562]
7487 621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable.
7488 This mostly affects Red Hat Linux 7.0, which has
7489 conflicts between libc and the kernel.
7491 620. [bug] dns_master_load*inc() now require 'task' and 'load'
7492 to be non-null. Also 'done' will not be called if
7493 dns_master_load*inc() fails immediately. [RT #565]
7497 618. [bug] Queries to a signed zone could sometimes cause
7498 an assertion failure.
7500 617. [bug] When using dynamic update to add a new RR to an
7501 existing RRset with a different TTL, the journal
7502 entries generated from the update did not include
7503 explicit deletions and re-additions of the existing
7504 RRs to update their TTL to the new value.
7506 616. [func] dnssec-signzone -t output now includes performance
7509 615. [bug] dnssec-signzone did not like child keysets signed
7512 614. [bug] Checks for uninitialized link fields were prone
7513 to false positives, causing assertion failures.
7514 The checks are now disabled by default and may
7515 be re-enabled by defining ISC_LIST_CHECKINIT.
7517 613. [bug] "rndc reload zone" now reloads primary zones.
7518 It previously only updated slave and stub zones,
7519 if an SOA query indicated an out of date serial.
7521 612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that
7522 complains relentlessly about how its treatment
7523 of 'const' has changed as well as how casting
7524 sometimes tightens alignment constraints.
7526 611. [func] allow-notify can be used to permit processing of
7527 notify messages from hosts other than a slave's
7530 610. [func] rndc dumpdb is now supported.
7532 609. [bug] getrrsetbyname() would crash lwresd if the server
7533 found more SIGs than answers. [RT #554]
7535 608. [func] dnssec-signzone now adds a comment to the zone
7536 with the time the file was signed.
7538 607. [bug] nsupdate would fail if it encountered a CNAME or
7539 DNAME in a response to an SOA query. [RT #515]
7541 606. [bug] Compiling with --disable-threads failed due
7542 to isc_thread_self() being incorrectly defined
7543 as an integer rather than a function.
7545 605. [func] New function isc_lex_getlasttokentext().
7547 604. [bug] The named.conf parser could print incorrect line
7548 numbers when long comments were present.
7550 603. [bug] Make dig handle multiple types or classes on the same
7551 query more correctly.
7553 602. [func] Cope automatically with UnixWare's broken
7554 IN6_IS_ADDR_* macros. [RT #539]
7556 601. [func] Return a non-zero exit code if an update fails
7559 600. [bug] Reverse lookups sometimes failed in dig, etc...
7561 599. [func] Added four new functions to the libisc log API to
7562 support i18n messages. isc_log_iwrite(),
7563 isc_log_ivwrite(), isc_log_iwrite1() and
7564 isc_log_ivwrite1() were added.
7566 598. [bug] An update-policy statement would cause the server
7567 to assert while loading. [RT #536]
7569 597. [func] dnssec-signzone is now multi-threaded.
7571 596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
7572 not mutually exclusive.
7574 595. [port] On Linux 2.2, socket() returns EINVAL when it
7575 should return EAFNOSUPPORT. Work around this.
7578 594. [func] sdb drivers are now assumed to not be thread-safe
7579 unless the DNS_SDBFLAG_THREADSAFE flag is supplied.
7581 593. [bug] If a secure zone was missing all its NXTs and
7582 a dynamic update was attempted, the server entered
7585 592. [bug] The sig-validity-interval option now specifies a
7586 number of days, not seconds. This matches the
7587 documentation. [RT #529]
7589 --- 9.1.0b1 released ---
7591 591. [bug] Work around non-reentrancy in openssl by disabling
7592 pre-computation in keys.
7594 590. [doc] There are now man pages for the lwres library in
7597 589. [bug] The server could deadlock if a zone was updated
7598 while being transferred out.
7600 588. [bug] ctx->in_use was not being correctly initialized when
7601 when pushing a file for $INCLUDE. [RT #523]
7603 587. [func] A warning is now printed if the "allow-update"
7604 option allows updates based on the source IP
7605 address, to alert users to the fact that this
7606 is insecure and becoming increasingly so as
7607 servers capable of update forwarding are being
7610 586. [bug] multiple views with the same name were fatal. [RT #516]
7612 585. [func] dns_db_addrdataset() and and dns_rdataslab_merge()
7613 now support 'exact' additions in a similar manner to
7614 dns_db_subtractrdataset() and dns_rdataslab_subtract().
7616 584. [func] You can now say 'notify explicit'; to suppress
7617 notification of the servers listed in NS records
7618 and notify only those servers listed in the
7619 'also-notify' option.
7621 583. [func] "rndc querylog" will now toggle logging of
7622 queries, like "ndc querylog" in BIND 8.
7624 582. [bug] dns_zone_idetach() failed to lock the zone.
7627 581. [bug] log severity was not being correctly processed.
7630 580. [func] Ignore trailing garbage on incoming DNS packets,
7631 for interoperability with broken server
7632 implementations. [RT #491]
7634 579. [bug] nsupdate did not take a filename to read update from.
7637 578. [func] New config option "notify-source", to specify the
7638 source address for notify messages.
7640 577. [func] Log illegal RDATA combinations. e.g. multiple
7641 singleton types, cname and other data.
7643 576. [doc] isc_log_create() description did not match reality.
7645 575. [bug] isc_log_create() was not setting internal state
7646 correctly to reflect the default channels created.
7648 574. [bug] TSIG signed queries sent by the resolver would fail to
7649 have their responses validated and would leak memory.
7651 573. [bug] The journal files of IXFRed slave zones were
7652 inadvertently discarded on server reload, causing
7653 "journal out of sync with zone" errors on subsequent
7656 572. [bug] Quoted strings were not accepted as key names in
7657 address match lists.
7659 571. [bug] It was possible to create an rdataset of singleton
7660 type which had more than one rdata. [RT #154]
7663 570. [bug] rbtdb.c allowed zones containing nodes which had
7664 both a CNAME and "other data". [RT #154]
7666 569. [func] The DNSSEC AD bit will not be set on queries which
7667 have not requested a DNSSEC response.
7669 568. [func] Add sample simple database drivers in contrib/sdb.
7671 567. [bug] Setting the zone transfer timeout to zero caused an
7672 assertion failure. [RT #302]
7674 566. [func] New public function dns_timer_setidle().
7676 565. [func] Log queries more like BIND 8: query logging is now
7677 done to category "queries", level "info". [RT #169]
7679 564. [func] Add sortlist support to lwresd.
7681 563. [func] New public functions dns_rdatatype_format() and
7682 dns_rdataclass_format(), for convenient formatting
7683 of rdata type/class mnemonics in log messages.
7685 562. [cleanup] Moved lib/dns/*conf.c to bin/named where they belong.
7687 561. [func] The 'datasize', 'stacksize', 'coresize' and 'files'
7688 clauses of the options{} statement are now implemented.
7690 560. [bug] dns_name_split did not properly the resulting prefix
7691 when a maximal length bitstring label was split which
7692 was preceded by another bitstring label. [RT #429]
7694 559. [bug] dns_name_split did not properly create the suffix
7695 when splitting within a maximal length bitstring label.
7697 558. [func] New functions, isc_resource_getlimit and
7698 isc_resource_setlimit.
7700 557. [func] Symbolic constants for libisc integral types.
7702 556. [func] The DNSSEC OK bit in the EDNS extended flags
7703 is now implemented. Responses to queries without
7704 this bit set will not contain any DNSSEC records.
7706 555. [bug] A slave server attempting a zone transfer could
7707 crash with an assertion failure on certain
7708 malformed responses from the master. [RT #457]
7710 554. [bug] In some cases, not all of the dnssec tools were
7713 553. [bug] Incoming zone transfers deferred due to quota
7714 were not started when quota was increased but
7715 only when a transfer in progress finished. [RT #456]
7717 552. [bug] We were not correctly detecting the end of all c-style
7720 551. [func] Implemented the 'sortlist' option.
7722 550. [func] Support unknown rdata types and classes.
7724 549. [bug] "make" did not immediately abort the build when a
7725 subdirectory make failed [RT #450].
7727 548. [func] The lexer now ungets tokens more correctly.
7731 546. [func] Option 'lame-ttl' is now implemented.
7733 545. [func] Name limit and counting options removed from dig;
7734 they didn't work properly, and cannot be correctly
7735 implemented without significant changes.
7737 544. [func] Add statistics option, enable statistics-file option,
7738 add RNDC option "dump-statistics" to write out a
7739 query statistics file.
7741 543. [doc] The 'port' option is now documented.
7743 542. [func] Add support for update forwarding as required for
7744 full compliance with RFC2136. It is turned off
7745 by default and can be enabled using the
7746 'allow-update-forwarding' option.
7748 541. [func] Add bogus server support.
7750 540. [func] Add dialup support.
7752 539. [func] Support the blackhole option.
7754 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo().
7758 536. [func] Use transfer-source{-v6} when sending refresh queries.
7759 Transfer-source{-v6} now take a optional port
7760 parameter for setting the UDP source port. The port
7761 parameter is ignored for TCP.
7763 535. [func] Use transfer-source{-v6} when forwarding update
7766 534. [func] Ancestors have been removed from RBT chains. Ancestor
7767 information can be discerned via node parent pointers.
7769 533. [func] Incorporated name hashing into the RBT database to
7770 improve search speed.
7772 532. [func] Implement DNS UPDATE pseudo records using
7773 DNS_RDATA_UPDATE flag.
7775 531. [func] Rdata really should be initialized before being assigned
7776 to (dns_rdata_fromwire(), dns_rdata_fromtext(),
7777 dns_rdata_clone(), dns_rdata_fromregion()),
7780 530. [func] New function dns_rdata_invalidate().
7782 529. [bug] 521 contained a bug which caused zones to always
7785 528. [func] The ISC_LIST_XXXX macros now perform sanity checks
7786 on their arguments. ISC_LIST_XXXXUNSAFE can be use
7787 to skip the checks however use with caution.
7789 527. [func] New function dns_rdata_clone().
7791 526. [bug] nsupdate incorrectly refused to add RRs with a TTL
7794 525. [func] New arguments 'options' for dns_db_subtractrdataset(),
7795 and 'flags' for dns_rdataslab_subtract() allowing you
7796 to request that the RR's must exist prior to deletion.
7797 DNS_R_NOTEXACT is returned if the condition is not met.
7799 524. [func] The 'forward' and 'forwarders' statement in
7800 non-forward zones should work now.
7802 523. [doc] The source to the Administrator Reference Manual is
7803 now an XML file using the DocBook DTD, and is included
7804 in the distribution. The plain text version of the
7805 ARM is temporarily unavailable while we figure out
7806 how to generate readable plain text from the XML.
7808 522. [func] The lightweight resolver daemon can now use
7809 a real configuration file, and its functionality
7810 can be provided by a name server. Also, the -p and -P
7811 options to lwresd have been reversed.
7813 521. [bug] Detect master files which contain $INCLUDE and always
7816 520. [bug] Upgraded libtool to 1.3.5, which makes shared
7817 library builds almost work on AIX (and possibly
7820 519. [bug] dns_name_split() would improperly split some bitstring
7821 labels, zeroing a few of the least significant bits in
7822 the prefix part. When such an improperly created
7823 prefix was returned to the RBT database, the bogus
7824 label was dutifully stored, corrupting the tree.
7827 518. [bug] The resolver did not realize that a DNAME which was
7828 "the answer" to the client's query was "the answer",
7829 and such queries would fail. [RT #399]
7831 517. [bug] The resolver's DNAME code would trigger an assertion
7832 if there was more than one DNAME in the chain.
7835 516. [bug] Cache lookups which had a NULL node pointer, e.g.
7836 those by dns_view_find(), and which would match a
7837 DNAME, would trigger an INSIST(!search.need_cleanup)
7838 assertion. [RT #399]
7840 515. [bug] The ssu table was not being attached / detached
7841 by dns_zone_[sg]etssutable. [RT#397]
7843 514. [func] Retry refresh and notify queries if they timeout.
7846 513. [func] New functionality added to rdnc and server to allow
7847 individual zones to be refreshed or reloaded.
7849 512. [bug] The zone transfer code could throw an exception with
7850 an invalid IXFR stream.
7852 511. [bug] The message code could throw an assertion on an
7853 out of memory failure. [RT #392]
7855 510. [bug] Remove spurious view notify warning. [RT #376]
7857 509. [func] Add support for write of zone files on shutdown.
7859 508. [func] dns_message_parse() can now do a best-effort
7860 attempt, which should allow dig to print more invalid
7863 507. [func] New functions dns_zone_flush(), dns_zt_flushanddetach()
7864 and dns_view_flushanddetach().
7866 506. [func] Do not fail to start on errors in zone files.
7868 505. [bug] nsupdate was printing "unknown result code". [RT #373]
7870 504. [bug] The zone was not being marked as dirty when updated via
7873 503. [bug] dumptime was not being set along with
7874 DNS_ZONEFLG_NEEDDUMP.
7876 502. [func] On a SERVFAIL reply, DiG will now try the next server
7877 in the list, unless the +fail option is specified.
7879 501. [bug] Incorrect port numbers were being displayed by
7882 500. [func] Nearly useless +details option removed from DiG.
7884 499. [func] In DiG, specifying a class with -c or type with -t
7885 changes command-line parsing so that classes and
7886 types are only recognized if following -c or -t.
7887 This allows hosts with the same name as a class or
7888 type to be looked up.
7890 498. [doc] There is now a man page for "dig"
7891 in doc/man/bin/dig.1.
7893 497. [bug] The error messages printed when an IP match list
7894 contained a network address with a nonzero host
7895 part where not sufficiently detailed. [RT #365]
7897 496. [bug] named didn't sanity check numeric parameters. [RT #361]
7899 495. [bug] nsupdate was unable to handle large records. [RT #368]
7901 494. [func] Do not cache NXDOMAIN responses for SOA queries.
7903 493. [func] Return non-cachable (ttl = 0) NXDOMAIN responses
7904 for SOA queries. This makes it easier to locate
7905 the containing zone without polluting intermediate
7908 492. [bug] attempting to reload a zone caused the server fail
7909 to shutdown cleanly. [RT #360]
7911 491. [bug] nsupdate would segfault when sending certain
7912 prerequisites with empty RDATA. [RT #356]
7914 490. [func] When a slave/stub zone has not yet successfully
7915 obtained an SOA containing the zone's configured
7916 retry time, perform the SOA query retries using
7917 exponential backoff. [RT #337]
7919 489. [func] The zone manager now has a "i/o" queue.
7921 488. [bug] Locks weren't properly destroyed in some cases.
7923 487. [port] flockfile() is not defined on all systems.
7925 486. [bug] nslookup: "set all" and "server" commands showed
7926 the incorrect port number if a port other than 53
7927 was specified. [RT #352]
7929 485. [func] When dig had more than one server to query, it would
7930 send all of the messages at the same time. Add
7931 rate limiting of the transmitted messages.
7933 484. [bug] When the server was reloaded after removing addresses
7934 from the named.conf "listen-on" statement, sockets
7935 were still listening on the removed addresses due
7936 to reference count loops. [RT #325]
7938 483. [bug] nslookup: "set all" showed a "search" option but it
7941 482. [bug] nslookup: a plain "server" or "lserver" should be
7942 treated as a lookup.
7944 481. [bug] nslookup:get_next_command() stack size could exceed
7947 480. [bug] strtok() is not thread safe. [RT #349]
7949 479. [func] The test suite can now be run by typing "make check"
7950 or "make test" at the top level.
7952 478. [bug] "make install" failed if the directory specified with
7953 --prefix did not already exist.
7955 477. [bug] The the isc-config.sh script could be installed before
7956 its directory was created. [RT #324]
7958 476. [bug] A zone could expire while a zone transfer was in
7959 progress triggering a INSIST failure. [RT #329]
7961 475. [bug] query_getzonedb() sometimes returned a non-null version
7962 on failure. This caused assertion failures when
7963 generating query responses where names subject to
7964 additional section processing pointed to a zone
7965 to which access had been denied by means of the
7966 allow-query option. [RT #336]
7968 474. [bug] The mnemonic of the CHAOS class is CH according to
7969 RFC1035, but it was printed and read only as CHAOS.
7970 We now accept both forms as input, and print it
7973 473. [bug] nsupdate overran the end of the list of name servers
7974 when no servers could be reached, typically causing
7975 it to print the error message "dns_request_create:
7978 472. [bug] Off-by-one error caused isc_time_add() to sometimes
7979 produce invalid time values.
7981 471. [bug] nsupdate didn't compile on HP/UX 10.20
7983 470. [func] $GENERATE is now supported. See also
7986 469. [bug] "query-source address * port 53;" now works.
7988 468. [bug] dns_master_load*() failed to report file and line
7989 number in certain error conditions.
7991 467. [bug] dns_master_load*() failed to log an error if
7994 466. [bug] dns_master_load*() could return success when it failed.
7996 465. [cleanup] Allow 0 to be set as an omapi_value_t value by
7997 omapi_value_storeint().
7999 464. [cleanup] Build with openssl's RSA code instead of dnssafe.
8001 463. [bug] nsupdate sent malformed SOA queries to the second
8002 and subsequent name servers in resolv.conf if the
8003 query sent to the first one failed.
8005 462. [bug] --disable-ipv6 should work now.
8007 461. [bug] Specifying an unknown key in the "keys" clause of the
8008 "controls" statement caused a NULL pointer dereference.
8011 460. [bug] Much of the DNSSEC code only worked with class IN.
8013 459. [bug] Nslookup processed the "set" command incorrectly.
8015 458. [bug] Nslookup didn't properly check class and type values.
8018 457. [bug] Dig/host/hslookup didn't properly handle connect
8019 timeouts in certain situations, causing an
8020 unnecessary warning message to be printed.
8022 456. [bug] Stub zones were not resetting the refresh and expire
8023 counters, loadtime or clearing the DNS_ZONE_REFRESH
8024 (refresh in progress) flag upon successful update.
8025 This disabled further refreshing of the stub zone,
8026 causing it to eventually expire. [RT #300]
8028 455. [doc] Document IPv4 prefix notation does not require a
8029 dotted decimal quad but may be just dotted decimal.
8031 454. [bug] Enforce dotted decimal and dotted decimal quad where
8032 documented as such in named.conf. [RT #304, RT #311]
8034 453. [bug] Warn if the obsolete option "maintain-ixfr-base"
8035 is specified in named.conf. [RT #306]
8037 452. [bug] Warn if the unimplemented option "statistics-file"
8038 is specified in named.conf. [RT #301]
8040 451. [func] Update forwarding implemented.
8042 450. [func] New function ns_client_sendraw().
8044 449. [bug] isc_bitstring_copy() only works correctly if the
8045 two bitstrings have the same lsb0 value, but this
8046 requirement was not documented, nor was there a
8049 448. [bug] Host output formatting change, to match v8. [RT #255]
8051 447. [bug] Dig didn't properly retry in TCP mode after
8052 a truncated reply. [RT #277]
8054 446. [bug] Confusing notify log message. [RT #298]
8056 445. [bug] Doing a 0 bit isc_bitstring_copy() of an lsb0
8057 bitstring triggered a REQUIRE statement. The REQUIRE
8058 statement was incorrect. [RT #297]
8060 444. [func] "recursion denied" messages are always logged at
8061 debug level 1, now, rather than sometimes at ERROR.
8062 This silences these warnings in the usual case, where
8063 some clients set the RD bit in all queries.
8065 443. [bug] When loading a master file failed because of an
8066 unrecognized RR type name, the error message
8067 did not include the file name and line number.
8070 442. [bug] TSIG signed messages that did not match any view
8071 crashed the server. [RT #290]
8073 441. [bug] Nodes obscured by a DNAME were inaccessible even
8074 when DNS_DBFIND_GLUEOK was set.
8076 440. [func] New function dns_zone_forwardupdate().
8078 439. [func] New function dns_request_createraw().
8080 438. [func] New function dns_message_getrawmessage().
8082 437. [func] Log NOTIFY activity to the notify channel.
8084 436. [bug] If recvmsg() returned EHOSTUNREACH or ENETUNREACH,
8085 which sometimes happens on Linux, named would enter
8086 a busy loop. Also, unexpected socket errors were
8087 not logged at a high enough logging level to be
8088 useful in diagnosing this situation. [RT #275]
8090 435. [bug] dns_zone_dump() overwrote existing zone files
8091 rather than writing to a temporary file and
8092 renaming. This could lead to empty or partial
8093 zone files being left around in certain error
8094 conditions involving the initial transfer of a
8095 slave zone, interfering with subsequent server
8098 434. [func] New function isc_file_isabsolute().
8100 433. [func] isc_base64_decodestring() now accepts newlines
8101 within the base64 data. This makes it possible
8102 to break up the key data in a "trusted-keys"
8103 statement into multiple lines. [RT #284]
8105 432. [func] Added refresh/retry jitter. The actual refresh/
8106 retry time is now a random value between 75% and
8107 100% of the configured value.
8109 431. [func] Log at ISC_LOG_INFO when a zone is successfully
8112 430. [bug] Rewrote the lightweight resolver client management
8113 code to handle shutdown correctly and general
8116 429. [bug] The space reserved for a TSIG record in a response
8117 was 2 bytes too short, leading to message
8118 generation failures.
8120 428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
8121 DNS_R_BADDB for nodes which had neither NXT nor SIG NXT
8122 (e.g. glue). This could cause SERVFAILs when
8123 generating negative responses in a secure zone.
8125 427. [bug] Avoid going into an infinite loop when the validator
8126 gets a negative response to a key query where the
8127 records are signed by the missing key.
8129 426. [bug] Attempting to generate an oversized RSA key could
8130 cause dnssec-keygen to dump core.
8132 425. [bug] Warn about the auth-nxdomain default value change
8133 if there is no auth-nxdomain statement in the
8134 config file. [RT #287]
8136 424. [bug] notify_createmessage() could trigger an assertion
8137 failure when creating the notify message failed,
8138 e.g. due to corrupt zones with multiple SOA records.
8141 423. [bug] When responding to a recursive query, errors that occur
8142 after following a CNAME should cause the query to fail.
8145 422. [func] get rid of isc_random_t, and make isc_random_get()
8146 and isc_random_jitter() use rand() internally
8147 instead of local state. Note that isc_random_*()
8148 functions are only for weak, non-critical "randomness"
8149 such as timing jitter and such.
8151 421. [bug] nslookup would exit when given a blank line as input.
8153 420. [bug] nslookup failed to implement the "exit" command.
8155 419. [bug] The certificate type PKIX was misspelled as SKIX.
8157 418. [bug] At debug levels >= 10, getting an unexpected
8158 socket receive error would crash the server
8159 while trying to log the error message.
8161 417. [func] Add isc_app_block() and isc_app_unblock(), which
8162 allow an application to handle signals while
8165 416. [bug] Slave zones with no master file tried to use a
8166 NULL pointer for a journal file name when they
8167 received an IXFR. [RT #273]
8169 415. [bug] The logging code leaked file descriptors.
8171 414. [bug] Server did not shut down until all incoming zone
8172 transfers were finished.
8174 413. [bug] Notify could attempt to use the zone database after
8175 it had been unloaded. [RT#267]
8177 412. [bug] named -v didn't print the version.
8179 411. [bug] A typo in the HS A code caused an assertion failure.
8181 410. [bug] lwres_gethostbyname() and company set lwres_h_errno
8182 to a random value on success.
8184 409. [bug] If named was shut down early in the startup
8185 process, ns_omapi_shutdown() would attempt to lock
8186 an uninitialized mutex. [RT #262]
8188 408. [bug] stub zones could leak memory and reference counts if
8189 all the masters were unreachable.
8191 407. [bug] isc_rwlock_lock() would needlessly block
8192 readers when it reached the read quota even
8193 if no writers were waiting.
8195 406. [bug] Log messages were occasionally lost or corrupted
8196 due to a race condition in isc_log_doit().
8198 405. [func] Add support for selective forwarding (forward zones)
8200 404. [bug] The request library didn't completely work with IPv6.
8202 403. [bug] "host" did not use the search list.
8204 402. [bug] Treat undefined acls as errors, rather than
8205 warning and then later throwing an assertion.
8208 401. [func] Added simple database API.
8210 400. [bug] SIG(0) signing and verifying was done incorrectly.
8213 399. [bug] When reloading the server with a config file
8214 containing a syntax error, it could catch an
8215 assertion failure trying to perform zone
8216 maintenance on, or sending notifies from,
8217 tentatively created zones whose views were
8218 never fully configured and lacked an address
8219 database and request manager.
8221 398. [bug] "dig" sometimes caught an assertion failure when
8222 using TSIG, depending on the key length.
8224 397. [func] Added utility functions dns_view_gettsig() and
8225 dns_view_getpeertsig().
8227 396. [doc] There is now a man page for "nsupdate"
8228 in doc/man/bin/nsupdate.8.
8230 395. [bug] nslookup printed incorrect RR type mnemonics
8231 for RRs of type >= 21 [RT #237].
8233 394. [bug] Current name was not propagated via $INCLUDE.
8235 393. [func] Initial answer while loading (awl) support.
8236 Entry points: dns_master_loadfileinc(),
8237 dns_master_loadstreaminc(), dns_master_loadbufferinc().
8238 Note: calls to dns_master_load*inc() should be rate
8239 be rate limited so as to not use up all file
8242 392. [func] Add ISC_R_FAMILYNOSUPPORT. Returned when OS does
8243 not support the given address family requested.
8245 391. [clarity] ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH.
8247 390. [func] The function dns_zone_setdbtype() now takes
8248 an argc/argv style vector of words and sets
8249 both the zone database type and its arguments,
8250 making the functions dns_zone_adddbarg()
8251 and dns_zone_cleardbargs() unnecessary.
8253 389. [bug] Attempting to send a request over IPv6 using
8254 dns_request_create() on a system without IPv6
8255 support caused an assertion failure [RT #235].
8257 388. [func] dig and host can now do reverse ipv6 lookups.
8259 387. [func] Add dns_byaddr_createptrname(), which converts
8260 an address into the name used by a PTR query.
8262 386. [bug] Missing strdup() of ACL name caused random
8263 ACL matching failures [RT #228].
8265 385. [cleanup] Removed functions dns_zone_equal(), dns_zone_print(),
8268 384. [bug] nsupdate was incorrectly limiting TTLs to 65535 instead
8271 383. [func] When writing a master file, print the SOA and NS
8272 records (and their SIGs) before other records.
8274 382. [bug] named -u failed on many Linux systems where the
8275 libc provided kernel headers do not match
8278 381. [bug] Check for IPV6_RECVPKTINFO and use it instead of
8279 IPV6_PKTINFO if found. [RT #229]
8281 380. [bug] nsupdate didn't work with IPv6.
8283 379. [func] New library function isc_sockaddr_anyofpf().
8285 378. [func] named and lwresd will log the command line arguments
8286 they were started with in the "starting ..." message.
8288 377. [bug] When additional data lookups were refused due to
8289 "allow-query", the databases were still being
8290 attached causing reference leaks.
8292 376. [bug] The server should always use good entropy when
8293 performing cryptographic functions needing entropy.
8295 375. [bug] Per-zone "allow-query" did not properly override the
8296 view/global one for CNAME targets and additional
8299 374. [bug] SOA in authoritative negative responses had wrong TTL.
8301 373. [func] nslookup is now installed by "make install".
8303 372. [bug] Deal with Microsoft DNS servers appending two bytes of
8304 garbage to zone transfer requests.
8306 371. [bug] At high debug levels, doing an outgoing zone transfer
8307 of a very large RRset could cause an assertion failure
8310 370. [bug] The error messages for roll-forward failures were
8313 369. [func] Support new named.conf options, view and zone
8316 max-retry-time, min-retry-time,
8317 max-refresh-time, min-refresh-time.
8319 368. [func] Restructure the internal ".bind" view so that more
8320 zones can be added to it.
8322 367. [bug] Allow proper selection of server on nslookup command
8325 366. [func] Allow use of '-' batch file in dig for stdin.
8327 365. [bug] nsupdate -k leaked memory.
8329 364. [func] Added additional-from-{cache,auth}
8333 362. [bug] rndc no longer aborts if the configuration file is
8334 missing an options statement. [RT #209]
8336 361. [func] When the RBT find or chain functions set the name and
8337 origin for a node that stores the root label
8338 the name is now set to an empty name, instead of ".",
8339 to simplify later use of the name and origin by
8340 dns_name_concatenate(), dns_name_totext() or
8343 360. [func] dns_name_totext() and dns_name_format() now allow
8344 an empty name to be passed, which is formatted as "@".
8346 359. [bug] dnssec-signzone occasionally signed glue records.
8348 358. [cleanup] Rename the intermediate files used by the dnssec
8351 357. [bug] The zone file parser crashed if the argument
8352 to $INCLUDE was a quoted string.
8354 356. [cleanup] isc_task_send no longer requires event->sender to
8357 355. [func] Added isc_dir_createunique(), similar to mkdtemp().
8359 354. [doc] Man pages for the dnssec tools are now included in
8360 the distribution, in doc/man/dnssec.
8362 353. [bug] double increment in lwres/gethost.c:copytobuf().
8365 352. [bug] Race condition in dns_client_t startup could cause
8366 an assertion failure.
8368 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG
8369 signed query could crash the server.
8371 350. [bug] Also-notify lists specified in the global options
8372 block were not correctly reference counted, causing
8375 349. [bug] Processing a query with the CD bit set now works
8378 348. [func] New boolean named.conf options 'additional-from-auth'
8379 and 'additional-from-cache' now supported in view and
8380 global options statement.
8382 347. [bug] Don't crash if an argument is left off options in dig.
8386 345. [bug] Large-scale changes/cleanups to dig:
8387 * Significantly improve structure handling
8388 * Don't pre-load entire batch files
8389 * Add name/rr counting/limiting
8390 * Fix SIGINT handling
8391 * Shorten timeouts to match v8's behavior
8393 344. [bug] When shutting down, lwresd sometimes tried
8394 to shut down its client tasks twice,
8395 triggering an assertion.
8397 343. [bug] Although zone maintenance SOA queries and
8398 notify requests were signed with TSIG keys
8399 when configured for the server in case,
8400 the TSIG was not verified on the response.
8402 342. [bug] The wrong name was being passed to
8403 dns_name_dup() when generating a TSIG
8406 341. [func] Support 'key' clause in named.conf zone masters
8407 statement to allow authentication via TSIG keys:
8410 10.0.0.1 port 5353 key "foo";
8414 340. [bug] The top-level COPYRIGHT file was missing from
8417 339. [bug] DNSSEC validation of the response to an ANY
8418 query at a name with a CNAME RR in a secure
8419 zone triggered an assertion failure.
8421 338. [bug] lwresd logged to syslog as named, not lwresd.
8423 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type
8424 on the command line.
8426 336. [bug] "dig -f" used 64 k of memory for each line in
8427 the file. It now uses much less, though still
8428 proportionally to the file size.
8430 335. [bug] named would occasionally attempt recursion when
8431 it was disallowed or undesired.
8433 334. [func] Added hmac-md5 to libisc.
8435 333. [bug] The resolver incorrectly accepted referrals to
8436 domains that were not parents of the query name,
8437 causing assertion failures.
8439 332. [func] New function dns_name_reset().
8441 331. [bug] Only log "recursion denied" if RD is set. [RT #178]
8443 330. [bug] Many debugging messages were partially formatted
8444 even when debugging was turned off, causing a
8445 significant decrease in query performance.
8447 329. [func] omapi_auth_register() now takes a size_t argument for
8448 the length of a key's secret data. Previously
8449 OMAPI only stored secrets up to the first NUL byte.
8451 328. [func] Added isc_base64_decodestring().
8453 327. [bug] rndc.conf parser wasn't correctly recognizing an IP
8454 address where a host specification was required.
8456 326. [func] 'keys' in an 'inet' control statement is now
8457 required and must have at least one item in it.
8458 A "not supported" warning is now issued if a 'unix'
8459 control channel is defined.
8461 325. [bug] isc_lex_gettoken was processing octal strings when
8462 ISC_LEXOPT_CNUMBER was not set.
8464 324. [func] In the resolver, turn EDNS0 off if there is no
8465 response after a number of retransmissions.
8466 This is to allow queries some chance of succeeding
8467 even if all the authoritative servers of a zone
8468 silently discard EDNS0 requests instead of
8469 sending an error response like they ought to.
8471 323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
8472 Because of this, servers authoritative for a parent
8473 and grandchild zone but not authoritative for the
8474 intervening child zone did not correctly issue
8475 referrals to the servers of the child zone.
8477 322. [bug] Queries for KEY RRs are now sent to the parent
8478 server before the authoritative one, making
8479 DNSSEC insecurity proofs work in many cases
8480 where they previously didn't.
8482 321. [bug] When synthesizing a CNAME RR for a DNAME
8483 response, query_addcname() failed to initialize
8484 the type and class of the CNAME dns_rdata_t,
8485 causing random failures.
8487 320. [func] Multiple rndc changes: parses an rndc.conf file,
8488 uses authentication to talk to named, command
8489 line syntax changed. This will all be described
8492 319. [func] The named.conf "controls" statement is now used
8493 to configure the OMAPI command channel.
8495 318. [func] dns_c_ndcctx_destroy() could never return anything
8496 except ISC_R_SUCCESS; made it have void return instead.
8498 317. [func] Use callbacks from libomapi to determine if a
8499 new connection is valid, and if a key requested
8500 to be used with that connection is valid.
8502 316. [bug] Generate a warning if we detect an unexpected <eof>
8503 but treat as <eol><eof>.
8505 315. [bug] Handle non-empty blanks lines. [RT #163]
8507 314. [func] The named.conf controls statement can now have
8508 more than one key specified for the inet clause.
8510 313. [bug] When parsing resolv.conf, don't terminate on an
8511 error. Instead, parse as much as possible, but
8512 still return an error if one was found.
8514 312. [bug] Increase the number of allowed elements in the
8515 resolv.conf search path from 6 to 8. If there
8516 are more than this, ignore the remainder rather
8517 than returning a failure in lwres_conf_parse.
8519 311. [bug] lwres_conf_parse failed when the first line of
8520 resolv.conf was empty or a comment.
8522 310. [func] Changes to named.conf "controls" statement (inet
8525 - support "keys" clause
8529 allow { any; } keys { "foo"; }
8532 - allow "port xxx" to be left out of statement,
8533 in which case it defaults to omapi's default port
8536 309. [bug] When sending a referral, the server did not look
8537 for name server addresses as glue in the zone
8538 holding the NS RRset in the case where this zone
8539 was not the same as the one where it looked for
8540 name server addresses as authoritative data.
8542 308. [bug] Treat a SOA record not at top of zone as an error
8543 when loading a zone. [RT #154]
8545 307. [bug] When canceling a query, the resolver didn't check for
8546 isc_socket_sendto() calls that did not yet have their
8547 completion events posted, so it could (rarely) end up
8548 destroying the query context and then want to use
8549 it again when the send event posted, triggering an
8550 assertion as it tried to cancel an already-canceled
8553 306. [bug] Reading HMAC-MD5 private key files didn't work.
8555 305. [bug] When reloading the server with a config file
8556 containing a syntax error, it could catch an
8557 assertion failure trying to perform zone
8558 maintenance on tentatively created zones whose
8559 views were never fully configured and lacked
8560 an address database.
8562 304. [bug] If more than LWRES_CONFMAXNAMESERVERS servers
8563 are listed in resolv.conf, silently ignore them
8564 instead of returning failure.
8566 303. [bug] Add additional sanity checks to differentiate a AXFR
8567 response vs a IXFR response. [RT #157]
8569 302. [bug] In dig, host, and nslookup, MXNAME should be large
8570 enough to hold any legal domain name in presentation
8571 format + terminating NULL.
8573 301. [bug] Uninitialized pointer in host:printmessage(). [RT #159]
8575 300. [bug] Using both <isc/net.h> and <lwres/net.h> didn't work
8576 on platforms lacking IPv6 because each included their
8577 own ipv6 header file for the missing definitions. Now
8578 each library's ipv6.h defines the wrapper symbol of
8579 the other (ISC_IPV6_H and LWRES_IPV6_H).
8581 299. [cleanup] Get the user and group information before changing the
8582 root directory, so the administrator does not need to
8583 keep a copy of the user and group databases in the
8584 chroot'ed environment. Suggested by Hakan Olsson.
8586 298. [bug] A mutex deadlock occurred during shutdown of the
8587 interface manager under certain conditions.
8588 Digital Unix systems were the most affected.
8590 297. [bug] Specifying a key name that wasn't fully qualified
8591 in certain parts of the config file could cause
8592 an assertion failure.
8594 296. [bug] "make install" from a separate build directory
8595 failed unless configure had been run in the source
8598 295. [bug] When invoked with type==CNAME and a message
8599 not constructed by dns_message_parse(),
8600 dns_message_findname() failed to find anything
8601 due to checking for attribute bits that are set
8602 only in dns_message_parse(). This caused an
8603 infinite loop when constructing the response to
8604 an ANY query at a CNAME in a secure zone.
8606 294. [bug] If we run out of space in while processing glue
8607 when reading a master file and commit "current name"
8608 reverts to "name_current" instead of staying as
8611 293. [port] Add support for FreeBSD 4.0 system tests.
8613 292. [bug] Due to problems with the way some operating systems
8614 handle simultaneous listening on IPv4 and IPv6
8615 addresses, the server no longer listens on IPv6
8616 addresses by default. To revert to the previous
8617 behavior, specify "listen-on-v6 { any; };" in
8620 291. [func] Caching servers no longer send outgoing queries
8621 over TCP just because the incoming recursive query
8624 290. [cleanup] +twiddle option to dig (for testing only) removed.
8626 289. [cleanup] dig is now installed in $bindir instead of $sbindir.
8627 host is now installed in $bindir. (Be sure to remove
8628 any $sbindir/dig from a previous release.)
8630 288. [func] rndc is now installed by "make install" into $sbindir.
8632 287. [bug] rndc now works again as "rndc 127.1 reload" (for
8633 only that task). Parsing its configuration file and
8634 using digital signatures for authentication has been
8635 disabled until named supports the "controls" statement,
8638 286. [bug] On Solaris 2, when named inherited a signal state
8639 where SIGHUP had the SIG_IGN action, SIGHUP would
8640 be ignored rather than causing the server to reload
8643 285. [bug] A change made to the dst API for beta4 inadvertently
8644 broke OMAPI's creation of a dst key from an incoming
8645 message, causing an assertion to be triggered. Fixed.
8647 284. [func] The DNSSEC key generation and signing tools now
8648 generate randomness from keyboard input on systems
8649 that lack /dev/random.
8651 283. [cleanup] The 'lwresd' program is now a link to 'named'.
8653 282. [bug] The lexer now returns ISC_R_RANGE if parsed integer is
8654 too big for an unsigned long.
8656 281. [bug] Fixed list of recognized config file category names.
8658 280. [func] Add isc-config.sh, which can be used to more
8659 easily build applications that link with
8662 279. [bug] Private omapi function symbols shared between
8663 two or more files in libomapi.a were not namespace
8664 protected using the ISC convention of starting with
8665 the library name and two underscores ("omapi__"...)
8667 278. [bug] bin/named/logconf.c:category_fromconf() didn't take
8668 note of when isc_log_categorybyname() wasn't able
8669 to find the category name and would then apply the
8670 channel list of the unknown category to all categories.
8672 277. [bug] isc_log_categorybyname() and isc_log_modulebyname()
8673 would fail to find the first member of any category
8674 or module array apart from the internal defaults.
8675 Thus, for example, the "notify" category was improperly
8676 configured by named.
8678 276. [bug] dig now supports maximum sized TCP messages.
8680 275. [bug] The definition of lwres_gai_strerror() was missing
8683 274. [bug] TSIG AXFR verify failed when talking to a BIND 8
8686 273. [func] The default for the 'transfer-format' option is
8687 now 'many-answers'. This will break zone transfers
8688 to BIND 4.9.5 and older unless there is an explicit
8689 'one-answer' configuration.
8691 272. [bug] The sending of large TCP responses was canceled
8692 in mid-transmission due to a race condition
8693 caused by the failure to set the client object's
8694 "newstate" variable correctly when transitioning
8695 to the "working" state.
8697 271. [func] Attempt to probe the number of cpus in named
8698 if unspecified rather than defaulting to 1.
8700 270. [func] Allow maximum sized TCP answers.
8702 269. [bug] Failed DNSSEC validations could cause an assertion
8703 failure by causing clone_results() to be called with
8704 with hevent->node == NULL.
8706 268. [doc] A plain text version of the Administrator
8707 Reference Manual is now included in the distribution,
8708 as doc/arm/Bv9ARM.txt.
8710 267. [func] Nsupdate is now provided in the distribution.
8712 266. [bug] zone.c:save_nsrrset() node was not initialized.
8714 265. [bug] dns_request_create() now works for TCP.
8716 264. [func] Dispatch can not take TCP sockets in connecting
8717 state. Set DNS_DISPATCHATTR_CONNECTED when calling
8718 dns_dispatch_createtcp() for connected TCP sockets
8719 or call dns_dispatch_starttcp() when the socket is
8722 263. [func] New logging channel type 'stderr'
8729 262. [bug] 'master' was not initialized in zone.c:stub_callback().
8731 261. [func] Add dns_zone_markdirty().
8733 260. [bug] Running named as a non-root user failed on Linux
8734 kernels new enough to support retaining capabilities
8737 259. [func] New random-device and random-seed-file statements
8738 for global options block of named.conf. Both accept
8739 a single string argument.
8741 258. [bug] Fixed printing of lwres_addr_t.address field.
8743 257. [bug] The server detached the last zone manager reference
8744 too early, while it could still be in use by queries.
8745 This manifested itself as assertion failures during the
8746 shutdown process for busy name servers. [RT #133]
8748 256. [func] isc_ratelimiter_t now has attach/detach semantics, and
8749 isc_ratelimiter_shutdown guarantees that the rate
8750 limiter is detached from its task.
8752 255. [func] New function dns_zonemgr_attach().
8754 254. [bug] Suppress "query denied" messages on additional data
8757 --- 9.0.0b4 released ---
8759 253. [func] resolv.conf parser now recognizes ';' and '#' as
8760 comments (anywhere in line, not just as the beginning).
8762 252. [bug] resolv.conf parser mishandled masks on sortlists.
8763 It also aborted when an unrecognized keyword was seen,
8764 now it silently ignores the entire line.
8766 251. [bug] lwresd caught an assertion failure on startup.
8768 250. [bug] fixed handling of size+unit when value would be too
8769 large for internal representation.
8771 249. [cleanup] max-cache-size config option now takes a size-spec
8772 like 'datasize', except 'default' is not allowed.
8774 248. [bug] global lame-ttl option was not being printed when
8775 config structures were written out.
8777 247. [cleanup] Rename cache-size config option to max-cache-size.
8779 246. [func] Rename global option cachesize to cache-size and
8780 add corresponding option to view statement.
8782 245. [bug] If an uncompressed name will take more than 255
8783 bytes and the buffer is sufficiently long,
8784 dns_name_fromwire should return DNS_R_FORMERR,
8785 not ISC_R_NOSPACE. This bug caused cause the
8786 server to catch an assertion failure when it
8787 received a query for a name longer than 255
8790 244. [bug] empty named.conf file and empty options statement are
8791 now parsed properly.
8793 243. [func] new cachesize option for named.conf
8795 242. [cleanup] fixed incorrect warning about auth-nxdomain usage.
8797 241. [cleanup] nscount and soacount have been removed from the
8798 dns_master_*() argument lists.
8800 240. [func] databases now come in three flavours: zone, cache
8803 239. [func] If ISC_MEM_DEBUG is enabled, the variable
8804 isc_mem_debugging controls whether messages
8807 238. [cleanup] A few more compilation warnings have been quieted:
8808 + missing sigwait prototype on BSD/OS 4.0/4.0.1.
8809 + PTHREAD_ONCE_INIT unbraced initializer warnings on
8811 + IN6ADDR_ANY_INIT unbraced initializer warnings on
8812 BSD/OS 4.*, Linux and Solaris 2.8.
8814 237. [bug] If connect() returned ENOBUFS when the resolver was
8815 initiating a TCP query, the socket didn't get
8816 destroyed, and the server did not shut down cleanly.
8818 236. [func] Added new listen-on-v6 config file statement.
8820 235. [func] Consider it a config file error if a listen-on
8821 statement has an IPv6 address in it, or a
8822 listen-on-v6 statement has an IPv4 address in it.
8824 234. [bug] Allow a trusted-key's first field (domain-name) be
8825 either a quoted or an unquoted string, instead of
8826 requiring a quoted string.
8828 233. [cleanup] Convert all config structure integer values to unsigned
8829 integer (isc_uint32_t) to match grammar.
8831 232. [bug] Allow slave zones to not have a file.
8833 231. [func] Support new 'port' clause in config file options
8834 section. Causes 'listen-on', 'masters' and
8835 'also-notify' statements to use its value instead of
8838 230. [func] Replace the dst sign/verify API with a cleaner one.
8840 229. [func] Support config file sig-validity-interval statement
8841 in options, views and zone statements (master
8844 228. [cleanup] Logging messages in config module stripped of
8847 227. [cleanup] The enumerated identifiers dns_rdataclass_*,
8848 dns_rcode_*, dns_opcode_*, and dns_trust_* are
8849 also now cast to their appropriate types, as with
8850 dns_rdatatype_* in item number 225 below.
8852 226. [func] dns_name_totext() now always prints the root name as
8853 '.', even when omit_final_dot is true.
8855 225. [cleanup] The enumerated dns_rdatatype_* identifiers are now
8856 cast to dns_rdatatype_t via macros of their same name
8857 so that they are of the proper integral type wherever
8858 a dns_rdatatype_t is needed.
8860 224. [cleanup] The entire project builds cleanly with gcc's
8861 -Wcast-qual and -Wwrite-strings warnings enabled,
8862 which is now the default when using gcc. (Warnings
8863 from confparser.c, because of yacc's code, are
8864 unfortunately to be expected.)
8866 223. [func] Several functions were re-prototyped to qualify one
8867 or more of their arguments with "const". Similarly,
8868 several functions that return pointers now have
8869 those pointers qualified with const.
8871 222. [bug] The global 'also-notify' option was ignored.
8873 221. [bug] An uninitialized variable was sometimes passed to
8874 dns_rdata_freestruct() when loading a zone, causing
8875 an assertion failure.
8877 220. [cleanup] Set the default outgoing port in the view, and
8878 set it in sockaddrs returned from the ADB.
8879 [31-May-2000 explorer]
8881 219. [bug] Signed truncated messages more correctly follow
8882 the respective specs.
8884 218. [func] When an rdataset is signed, its ttl is normalized
8885 based on the signature validity period.
8887 217. [func] Also-notify and trusted-keys can now be used in
8888 the 'view' statement.
8890 216. [func] The 'max-cache-ttl' and 'max-ncache-ttl' options
8893 215. [bug] Failures at certain points in request processing
8894 could cause the assertion INSIST(client->lockview
8895 == NULL) to be triggered.
8897 214. [func] New public function isc_netaddr_format(), for
8898 formatting network addresses in log messages.
8900 213. [bug] Don't leak memory when reloading the zone if
8901 an update-policy clause was present in the old zone.
8903 212. [func] Added dns_message_get/settsigkey, to make TSIG
8904 key management reasonable.
8906 211. [func] The 'key' and 'server' statements can now occur
8907 inside 'view' statements.
8909 210. [bug] The 'allow-transfer' option was ignored for slave
8910 zones, and the 'transfers-per-ns' option was
8911 was ignored for all zones.
8913 209. [cleanup] Upgraded openssl files to new version 0.9.5a
8915 208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value
8918 207. [func] The dnssec tools properly use the logging subsystem.
8920 206. [cleanup] dst now stores the key name as a dns_name_t, not
8923 205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692
8924 ("prototyped function redeclared without prototype")
8925 and 1552 ("variable ... set but not used") when
8926 compiling in the lib/dns/sec/{dnssafe,openssl}
8927 directories, which contain code imported from outside
8930 204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
8931 to quiet the warnings that "The linked output may not
8932 run on a PA 1.x system."
8934 203. [func] notify and zone soa queries are now tsig signed when
8937 202. [func] isc_lex_getsourceline() changed from returning int
8938 to returning unsigned long, the type of its underlying
8941 201. [cleanup] Removed the test/sdig program, it has been
8942 replaced by bin/dig/dig.
8944 --- 9.0.0b3 released ---
8946 200. [bug] Failures in sending query responses to clients
8947 (e.g., running out of network buffers) were
8950 199. [bug] isc_heap_delete() sometimes violated the heap
8951 invariant, causing timer events not to be posted
8954 198. [func] Dispatch managers hold memory pools which
8955 any managed dispatcher may use. This allows
8956 us to avoid dipping into the memory context for
8957 most allocations. [19-May-2000 explorer]
8959 197. [bug] When an incoming AXFR or IXFR completes, the
8960 zone's internal state is refreshed from the
8961 SOA data. [19-May-2000 explorer]
8963 196. [func] Dispatchers can be shared easily between views
8964 and/or interfaces. [19-May-2000 explorer]
8966 195. [bug] Including the NXT record of the root domain
8967 in a negative response caused an assertion
8970 194. [doc] The PDF version of the Administrator's Reference
8971 Manual is no longer included in the ISC BIND9
8974 193. [func] changed dst_key_free() prototype.
8976 192. [bug] Zone configuration validation is now done at end
8977 of config file parsing, and before loading
8980 191. [func] Patched to compile on UnixWare 7.x. This platform
8981 is not directly supported by the ISC.
8983 190. [cleanup] The DNSSEC tools have been moved to a separate
8984 directory dnssec/ and given the following new,
8985 more descriptive names:
8992 Their command line arguments have also been changed to
8993 be more consistent. dnssec-keygen now prints the
8994 name of the generated key files (sans extension)
8995 on standard output to simplify its use in automated
8998 189. [func] isc_time_secondsastimet(), a new function, will ensure
8999 that the number of seconds in an isc_time_t does not
9000 exceed the range of a time_t, or return ISC_R_RANGE.
9001 Similarly, isc_time_now(), isc_time_nowplusinterval(),
9002 isc_time_add() and isc_time_subtract() now check the
9003 range for overflow/underflow. In the case of
9004 isc_time_subtract, this changed a calling requirement
9005 (ie, something that could generate an assertion)
9006 into merely a condition that returns an error result.
9007 isc_time_add() and isc_time_subtract() were void-
9008 valued before but now return isc_result_t.
9010 188. [func] Log a warning message when an incoming zone transfer
9011 contains out-of-zone data.
9013 187. [func] isc_ratelimiter_enqueue() has an additional argument
9016 186. [func] dns_request_getresponse() has an additional argument
9019 185. [bug] Fixed up handling of ISC_MEMCLUSTER_LEGACY. Several
9020 public functions did not have an isc__ prefix, and
9021 referred to functions that had previously been
9024 184. [cleanup] Variables/functions which began with two leading
9025 underscores were made to conform to the ANSI/ISO
9026 standard, which says that such names are reserved.
9028 183. [func] ISC_LOG_PRINTTAG option for log channels. Useful
9029 for logging the program name or other identifier.
9031 182. [cleanup] New command-line parameters for dnssec tools
9033 181. [func] Added dst_key_buildfilename and dst_key_parsefilename
9035 180. [func] New isc_result_t ISC_R_RANGE. Supersedes DNS_R_RANGE.
9037 179. [func] options named.conf statement *must* now come
9038 before any zone or view statements.
9040 178. [func] Post-load of named.conf check verifies a slave zone
9041 has non-empty list of masters defined.
9043 177. [func] New per-zone boolean:
9045 enable-zone yes | no ;
9047 intended to let a zone be disabled without having
9048 to comment out the entire zone statement.
9050 176. [func] New global and per-view option:
9052 max-cache-ttl number
9054 175. [func] New global and per-view option:
9056 additional-data internal | minimal | maximal;
9058 174. [func] New public function isc_sockaddr_format(), for
9059 formatting socket addresses in log messages.
9061 173. [func] Keep a queue of zones waiting for zone transfer
9062 quota so that a new transfer can be dispatched
9063 immediately whenever quota becomes available.
9065 172. [bug] $TTL directive was sometimes missing from dumped
9066 master files because totext_ctx_init() failed to
9067 initialize ctx->current_ttl_valid.
9069 171. [cleanup] On NetBSD systems, the mit-pthreads or
9070 unproven-pthreads library is now always used
9071 unless --with-ptl2 is explicitly specified on
9072 the configure command line. The
9073 --with-mit-pthreads option is no longer needed
9074 and has been removed.
9076 170. [cleanup] Remove inter server consistency checks from zone,
9077 these should return as a separate module in 9.1.
9078 dns_zone_checkservers(), dns_zone_checkparents(),
9079 dns_zone_checkchildren(), dns_zone_checkglue().
9081 Remove dns_zone_setadb(), dns_zone_setresolver(),
9082 dns_zone_setrequestmgr() these should now be found
9085 169. [func] ratelimiter can now process N events per interval.
9087 168. [bug] include statements in named.conf caused syntax errors
9088 due to not consuming the semicolon ending the include
9089 statement before switching input streams.
9091 167. [bug] Make lack of masters for a slave zone a soft error.
9093 166. [bug] Keygen was overwriting existing keys if key_id
9094 conflicted, now it will retry, and non-null keys
9095 with key_id == 0 are not generated anymore. Key
9096 was not able to generate NOAUTHCONF DSA key,
9097 increased RSA key size to 2048 bits.
9099 165. [cleanup] Silence "end-of-loop condition not reached" warnings
9100 from Solaris compiler.
9102 164. [func] Added functions isc_stdio_open(), isc_stdio_close(),
9103 isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(),
9104 isc_stdio_flush(), isc_stdio_sync(), isc_file_remove()
9105 to encapsulate nonportable usage of errno and sync.
9107 163. [func] Added result codes ISC_R_FILENOTFOUND and
9110 162. [bug] Ensure proper range for arguments to ctype.h functions.
9112 161. [cleanup] error in yyparse prototype that only HPUX caught.
9114 160. [cleanup] getnet*() are not going to be implemented at this
9117 159. [func] Redefinition of config file elements is now an
9118 error (instead of a warning).
9120 158. [bug] Log channel and category list copy routines
9121 weren't assigning properly to output parameter.
9123 157. [port] Fix missing prototype for getopt().
9125 156. [func] Support new 'database' statement in zone.
9127 database "quoted-string";
9129 155. [bug] ns_notify_start() was not detaching the found zone.
9131 154. [func] The signer now logs libdns warnings to stderr even when
9132 not verbose, and in a nicer format.
9134 153. [func] dns_rdata_tostruct() 'mctx' is now optional. If 'mctx'
9135 is NULL then you need to preserve the 'rdata' until
9136 you have finished using the structure as there may be
9137 references to the associated memory. If 'mctx' is
9138 non-NULL it is guaranteed that there are no references
9139 to memory associated with 'rdata'.
9141 dns_rdata_freestruct() must be called if 'mctx' was
9142 non-NULL and may safely be called if 'mctx' was NULL.
9144 152. [bug] keygen dumped core if domain name argument was omitted
9147 151. [func] Support 'disabled' statement in zone config (causes
9148 zone to be parsed and then ignored). Currently must
9149 come after the 'type' clause.
9151 150. [func] Support optional ports in masters and also-notify
9154 masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
9156 149. [cleanup] Removed unused argument 'olist' from
9157 dns_c_view_unsetordering().
9159 148. [cleanup] Stop issuing some warnings about some configuration
9160 file statements that were not implemented, but now are.
9162 147. [bug] Changed yacc union size to be smaller for yaccs that
9163 put yacc-stack on the real stack.
9165 146. [cleanup] More general redundant header file cleanup. Rather
9166 than continuing to itemize every header which changed,
9167 this changelog entry just notes that if a header file
9168 did not need another header file that it was including
9169 in order to provide its advertised functionality, the
9170 inclusion of the other header file was removed. See
9171 util/check-includes for how this was tested.
9173 145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
9174 ISC_LANG_ENDDECLS to header files that had function
9175 prototypes, and removed it from those that did not.
9177 144. [cleanup] libdns header files too numerous to name were made
9178 to conform to the same style for multiple inclusion
9181 143. [func] Added function dns_rdatatype_isknown().
9183 142. [cleanup] <isc/stdtime.h> does not need <time.h> or
9186 141. [bug] Corrupt requests with multiple questions could
9187 cause an assertion failure.
9189 140. [cleanup] <isc/time.h> does not need <time.h> or <isc/result.h>.
9191 139. [cleanup] <isc/net.h> now includes <isc/types.h> instead of
9192 <isc/int.h> and <isc/result.h>.
9194 138. [cleanup] isc_strtouq moved from str.[ch] to string.[ch] and
9195 renamed isc_string_touint64. isc_strsep moved from
9196 strsep.c to string.c and renamed isc_string_separate.
9198 137. [cleanup] <isc/commandline.h>, <isc/mem.h>, <isc/print.h>
9199 <isc/serial.h>, <isc/string.h> and <isc/offset.h>
9200 made to conform to the same style for multiple
9201 inclusion protection.
9203 136. [cleanup] <isc/commandline.h>, <isc/interfaceiter.h>,
9204 <isc/net.h> and Win32's <isc/thread.h> needed
9205 ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS.
9207 135. [cleanup] Win32's <isc/condition.h> did not need <isc/result.h>
9208 or <isc/boolean.h>, now uses <isc/types.h> in place
9209 of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
9210 and ISC_LANG_ENDDECLS.
9212 134. [cleanup] <isc/dir.h> does not need <limits.h>.
9214 133. [cleanup] <isc/ipv6.h> needs <isc/platform.h>.
9216 132. [cleanup] <isc/app.h> does not need <isc/task.h>, but does
9217 need <isc/eventclass.h>.
9219 131. [cleanup] <isc/mutex.h> and <isc/util.h> need <isc/result.h>
9220 for ISC_R_* codes used in macros.
9222 130. [cleanup] <isc/condition.h> does not need <pthread.h> or
9223 <isc/boolean.h>, and now includes <isc/types.h>
9224 instead of <isc/time.h>.
9226 129. [bug] The 'default_debug' log channel was not set up when
9227 'category default' was present in the config file
9229 128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
9230 ISC_LANG_ENDDECLS at end of header.
9232 127. [cleanup] The contracts for the comparison routines
9233 dns_name_fullcompare(), dns_name_compare(),
9234 dns_name_rdatacompare(), and dns_rdata_compare() now
9235 specify that the order value returned is < 0, 0, or > 0
9236 instead of -1, 0, or 1.
9238 126. [cleanup] <isc/quota.h> and <isc/taskpool.h> need <isc/lang.h>.
9240 125. [cleanup] <isc/eventclass.h>, <isc/ipv6.h>, <isc/magic.h>,
9241 <isc/mutex.h>, <isc/once.h>, <isc/region.h>, and
9242 <isc/resultclass.h> do not need <isc/lang.h>.
9244 124. [func] signer now imports parent's zone key signature
9245 and creates null keys/sets zone status bit for
9246 children when necessary
9248 123. [cleanup] <isc/event.h> does not need <stddef.h>.
9250 122. [cleanup] <isc/task.h> does not need <isc/mem.h> or
9253 121. [cleanup] <isc/symtab.h> does not need <isc/mem.h> or
9254 <isc/result.h>. Multiple inclusion protection
9255 symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H.
9256 isc_symtab_t moved to <isc/types.h>.
9258 120. [cleanup] <isc/socket.h> does not need <isc/boolean.h>,
9259 <isc/bufferlist.h>, <isc/task.h>, <isc/mem.h> or
9262 119. [cleanup] structure definitions for generic rdata structures do
9263 not have _generic_ in their names.
9265 118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
9266 YACC crust (yyparse, etc) [2000-apr-27 explorer]
9268 117. [cleanup] libdns.a changes:
9269 dns_zone_clearnotify() and dns_zone_addnotify()
9270 are replaced by dns_zone_setnotifyalso().
9271 dns_zone_clearmasters() and dns_zone_addmaster()
9272 are replaced by dns_zone_setmasters().
9274 116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
9277 115. [port] Shut up the -Wmissing-declarations warning about
9278 <stdio.h>'s __sputaux on BSD/OS pre-4.1.
9280 114. [cleanup] <isc/sockaddr.h> does not need <isc/buffer.h> or
9283 113. [func] Utility programs dig and host added.
9285 112. [cleanup] <isc/serial.h> does not need <isc/boolean.h>.
9287 111. [cleanup] <isc/rwlock.h> does not need <isc/result.h> or
9290 110. [cleanup] <isc/result.h> does not need <isc/boolean.h> or
9293 109. [bug] "make depend" did nothing for
9294 bin/tests/{db,mem,sockaddr,tasks,timers}/.
9296 108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
9297 <dns/types.h> to <dns/bit.h> and renamed to
9298 DNS_BIT_SET/DNS_BIT_GET/DNS_BIT_CLEAR.
9300 107. [func] Add keysigner and keysettool.
9302 106. [func] Allow dnssec verifications to ignore the validity
9303 period. Used by several of the dnssec tools.
9305 105. [doc] doc/dev/coding.html expanded with other
9306 implicit conventions the developers have used.
9308 104. [bug] Made compress_add and compress_find static to
9311 103. [func] libisc buffer API changes for <isc/buffer.h>:
9313 isc_buffer_base(b) (pointer)
9314 isc_buffer_current(b) (pointer)
9315 isc_buffer_active(b) (pointer)
9316 isc_buffer_used(b) (pointer)
9317 isc_buffer_length(b) (int)
9318 isc_buffer_usedlength(b) (int)
9319 isc_buffer_consumedlength(b) (int)
9320 isc_buffer_remaininglength(b) (int)
9321 isc_buffer_activelength(b) (int)
9322 isc_buffer_availablelength(b) (int)
9324 ISC_BUFFER_USEDCOUNT(b)
9325 ISC_BUFFER_AVAILABLECOUNT(b)
9328 isc_buffer_used(b, r) ->
9329 isc_buffer_usedregion(b, r)
9330 isc_buffer_available(b, r) ->
9331 isc_buffer_available_region(b, r)
9332 isc_buffer_consumed(b, r) ->
9333 isc_buffer_consumedregion(b, r)
9334 isc_buffer_active(b, r) ->
9335 isc_buffer_activeregion(b, r)
9336 isc_buffer_remaining(b, r) ->
9337 isc_buffer_remainingregion(b, r)
9339 Buffer types were removed, so the ISC_BUFFERTYPE_*
9340 macros are no more, and the type argument to
9341 isc_buffer_init and isc_buffer_allocate were removed.
9342 isc_buffer_putstr is now void (instead of isc_result_t)
9343 and requires that the caller ensure that there
9344 is enough available buffer space for the string.
9346 102. [port] Correctly detect inet_aton, inet_pton and inet_ptop
9349 101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
9351 100. [cleanup] <isc/random.h> does not need <isc/int.h> or
9352 <isc/mutex.h>. isc_random_t moved to <isc/types.h>.
9354 99. [cleanup] Rate limiter now has separate shutdown() and
9355 destroy() functions, and it guarantees that all
9356 queued events are delivered even in the shutdown case.
9358 98. [cleanup] <isc/print.h> does not need <stdarg.h> or <stddef.h>
9359 unless ISC_PLATFORM_NEEDVSNPRINTF is defined.
9361 97. [cleanup] <isc/ondestroy.h> does not need <stddef.h> or
9364 96. [cleanup] <isc/mutex.h> does not need <isc/result.h>.
9366 95. [cleanup] <isc/mutexblock.h> does not need <isc/result.h>.
9368 94. [cleanup] Some installed header files did not compile as C++.
9370 93. [cleanup] <isc/msgcat.h> does not need <isc/result.h>.
9372 92. [cleanup] <isc/mem.h> does not need <stddef.h>, <isc/boolean.h>,
9375 91. [cleanup] <isc/log.h> does not need <sys/types.h> or
9378 90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
9379 from <named/listenlist.h>.
9381 89. [cleanup] <isc/lex.h> does not need <stddef.h>.
9383 88. [cleanup] <isc/interfaceiter.h> does not need <isc/result.h> or
9384 <isc/mem.h>. isc_interface_t and isc_interfaceiter_t
9385 moved to <isc/types.h>.
9387 87. [cleanup] <isc/heap.h> does not need <isc/boolean.h>,
9388 <isc/mem.h> or <isc/result.h>.
9390 86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
9393 85. [cleanup] <isc/bufferlist.h> does not need <isc/buffer.h>,
9394 <isc/list.h>, <isc/mem.h>, <isc/region.h> or
9397 84. [func] allow-query ACL checks now apply to all data
9398 added to a response.
9400 83. [func] If the server is authoritative for both a
9401 delegating zone and its (nonsecure) delegatee, and
9402 a query is made for a KEY RR at the top of the
9403 delegatee, then the server will look for a KEY
9404 in the delegator if it is not found in the delegatee.
9406 82. [cleanup] <isc/buffer.h> does not need <isc/list.h>.
9408 81. [cleanup] <isc/int.h> and <isc/boolean.h> do not need
9411 80. [cleanup] <isc/print.h> does not need <stdio.h> or <stdlib.h>.
9413 79. [cleanup] <dns/callbacks.h> does not need <stdio.h>.
9415 78. [cleanup] lwres_conftest renamed to lwresconf_test for
9416 consistency with other *_test programs.
9418 77. [cleanup] typedef of isc_time_t and isc_interval_t moved from
9419 <isc/time.h> to <isc/types.h>.
9421 76. [cleanup] Rewrote keygen.
9423 75. [func] Don't load a zone if its database file is older
9424 than the last time the zone was loaded.
9426 74. [cleanup] Removed mktemplate.o and ufile.o from libisc.a,
9429 73. [func] New "file" API in libisc, including new function
9430 isc_file_getmodtime, isc_mktemplate renamed to
9431 isc_file_mktemplate and isc_ufile renamed to
9432 isc_file_openunique. By no means an exhaustive API,
9433 it is just what's needed for now.
9435 72. [func] DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS
9436 added for dns_rbt_findnode, the former to disable the
9437 setting of the chain to the predecessor, and the
9438 latter to make clear when no options are set.
9440 71. [cleanup] Made explicit the implicit REQUIREs of
9441 isc_time_seconds, isc_time_nanoseconds, and
9444 70. [func] isc_time_set() added.
9446 69. [bug] The zone object's master and also-notify lists grew
9447 longer with each server reload.
9449 68. [func] Partial support for SIG(0) on incoming messages.
9451 67. [performance] Allow use of alternate (compile-time supplied)
9452 OpenSSL libraries/headers.
9454 66. [func] Data in authoritative zones should have a trust level
9457 65. [cleanup] Removed obsolete typedef of dns_zone_callbackarg_t
9460 64. [func] The RBT, DB, and zone table APIs now allow the
9461 caller find the most-enclosing superdomain of
9464 63. [func] Generate NOTIFY messages.
9466 62. [func] Add UDP refresh support.
9468 61. [cleanup] Use single quotes consistently in log messages.
9470 60. [func] Catch and disallow singleton types on message
9473 59. [bug] Cause net/host unreachable to be a hard error
9474 when sending and receiving.
9476 58. [bug] bin/named/query.c could sometimes trigger the
9477 (client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
9478 == 0 assertion in query_newname().
9480 57. [func] Added dns_nxt_typepresent()
9482 56. [bug] SIG records were not properly returned in cached
9485 55. [bug] Responses containing multiple names in the authority
9486 section were not negatively cached.
9488 54. [bug] If a fetch with sigrdataset==NULL joined one with
9489 sigrdataset!=NULL or vice versa, the resolver
9490 could catch an assertion or lose signature data,
9493 53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
9496 52. [bug] rndc: taskmgr and socketmgr were not initialized
9499 51. [cleanup] dns/compress.h and dns/zt.h did not need to include
9500 dns/rbt.h; it was needed only by compress.c and zt.c.
9502 50. [func] RBT deletion no longer requires a valid chain to work,
9503 and dns_rbt_deletenode was added.
9505 49. [func] Each cache now has its own mctx.
9507 48. [func] isc_task_create() no longer takes an mctx.
9508 isc_task_mem() has been eliminated.
9510 47. [func] A number of modules now use memory context reference
9513 46. [func] Memory contexts are now reference counted.
9514 Added isc_mem_inuse() and isc_mem_preallocate().
9515 Renamed isc_mem_destroy_check() to
9516 isc_mem_setdestroycheck().
9518 45. [bug] The trusted-key statement incorrectly loaded keys.
9520 44. [bug] Don't include authority data if it would force us
9521 to unset the AD bit in the message.
9523 43. [bug] DNSSEC verification of cached rdatasets was failing.
9525 42. [cleanup] Simplified logging of messages with embedded domain
9526 names by introducing a new convenience function
9529 41. [func] Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later
9530 to allow 'named' to run as a non-root user while
9531 retaining the ability to bind() to privileged
9534 40. [func] Introduced new logging category "dnssec" and
9535 logging module "dns/validator".
9537 39. [cleanup] Moved the typedefs for isc_region_t, isc_textregion_t,
9538 and isc_lex_t to <isc/types.h>.
9540 38. [bug] TSIG signed incoming zone transfers work now.
9542 37. [bug] If the first RR in an incoming zone transfer was
9543 not an SOA, the server died with an assertion failure
9544 instead of just reporting an error.
9546 36. [cleanup] Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS
9548 35. [performance] Log messages which are of a level too high to be
9549 logged by any channel in the logging configuration
9550 will not cause the log mutex to be locked.
9552 34. [bug] Recursion was allowed even with 'recursion no'.
9554 33. [func] The RBT now maintains a parent pointer at each node.
9556 32. [cleanup] bin/lwresd/client.c needs <string.h> for memset()
9559 31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
9561 30. [func] config file grammar change to support optional
9562 class type for a view.
9564 29. [func] support new config file view options:
9566 auth-nxdomain recursion query-source
9567 query-source-v6 transfer-source
9568 transfer-source-v6 max-transfer-time-out
9569 max-transfer-idle-out transfer-format
9570 request-ixfr provide-ixfr cleaning-interval
9571 fetch-glue notify rfc2308-type1 lame-ttl
9572 max-ncache-ttl min-roots
9574 28. [func] support lame-ttl, min-roots and serial-queries
9575 config global options.
9577 27. [bug] Only include <netinet6/in6.h> on BSD/OS 4.[01]*.
9578 Including it on other platforms (eg, NetBSD) can
9579 cause a forced #error from the C preprocessor.
9581 26. [func] new match-clients statement in config file view.
9583 25. [bug] make install failed to install <isc/log.h> and
9586 24. [cleanup] Eliminate some unnecessary #includes of header
9587 files from header files.
9589 23. [cleanup] Provide more context in log messages about client
9590 requests, using a new function ns_client_log().
9592 22. [bug] SIGs weren't returned in the answer section when
9593 the query resulted in a fetch.
9595 21. [port] Look at STD_CINCLUDES after CINCLUDES during
9596 compilation, so additional system include directories
9597 can be searched but header files in the bind9 source
9598 tree with conflicting names take precedence. This
9599 avoids issues with installed versions of dnssafe and
9602 20. [func] Configuration file post-load validation of zones
9603 failed if there were no zones.
9605 19. [bug] dns_zone_notifyreceive() failed to unlock the zone
9606 lock in certain error cases.
9608 18. [bug] Use AC_TRY_LINK rather than AC_TRY_COMPILE in
9609 configure.in to check for presence of in6addr_any.
9611 17. [func] Do configuration file post-load validation of zones.
9613 16. [bug] put quotes around key names on config file
9614 output to avoid possible keyword clashes.
9616 15. [func] Add dns_name_dupwithoffsets(). This function is
9617 improves comparison performance for duped names.
9619 14. [bug] free_rbtdb() could have 'put' unallocated memory in
9620 an unlikely error path.
9622 13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore
9625 12. [bug] Fixed possible uninitialized variable error.
9627 11. [bug] axfr_rrstream_first() didn't check the result code of
9628 db_rr_iterator_first(), possibly causing an assertion
9629 to be triggered later.
9631 10. [bug] A bug in the code which makes EDNS0 OPT records in
9632 bin/named/client.c and lib/dns/resolver.c could
9633 trigger an assertion.
9635 9. [cleanup] replaced bit-setting code in confctx.c and replaced
9636 repeated code with macro calls.
9638 8. [bug] Shutdown of incoming zone transfer accessed
9641 7. [cleanup] removed 'listen-on' from view statement.
9643 6. [bug] quote RR names when generating config file to
9644 prevent possible clash with config file keywords
9647 5. [func] syntax change to named.conf file: new ssu grant/deny
9648 statements must now be enclosed by an 'update-policy'
9651 4. [port] bin/named/unix/os.c didn't compile on systems with
9652 linux 2.3 kernel includes due to conflicts between
9653 C library includes and the kernel includes. We now
9654 get only what we need from <linux/capability.h>, and
9655 avoid pulling in other linux kernel .h files.
9657 3. [bug] TKEYs go in the answer section of responses, not
9658 the additional section.
9660 2. [bug] Generating cryptographic randomness failed on
9661 systems without /dev/random.
9663 1. [bug] The installdirs rule in
9664 lib/isc/unix/include/isc/Makefile.in had a typo which
9665 prevented the isc directory from being created if it
9668 --- 9.0.0b2 released ---
9670 # This tells Emacs to use hard tabs in this file.
9672 # indent-tabs-mode: t
git.samba.org / tridge / bind9.git / blob