1 --- 9.8.4-P2 released ---
3 3516. [security] Removed the check for regex.h in configure in order
4 to disable regex syntax checking, as it exposes
5 BIND to a critical flaw in libregex on some
8 --- 9.8.4-P1 released ---
10 3407. [security] Named could die on specific queries with dns64 enabled.
11 [Addressed in change #3388 for BIND 9.8.5 and 9.9.3.]
13 --- 9.8.4 released ---
15 3383. [security] A certain combination of records in the RBT could
16 cause named to hang while populating the additional
17 section of a response. [RT #31090]
19 3373. [bug] win32: open raw files in binary mode. [RT #30944]
21 3364. [security] Named could die on specially crafted record.
24 --- 9.8.4rc1 released ---
26 3369. [bug] nsupdate terminated unexpectedly in interactive mode
27 if built with readline support. [RT #29550]
29 3368. [bug] <dns/iptable.h> and <dns/zone.h> were not C++ safe.
31 3367. [bug] dns_dnsseckey_create() result was not being checked.
34 3366. [bug] Fixed Read-After-Write dependency violation for IA64
35 atomic operations. [RT #25181]
37 3365. [bug] Removed spurious newlines from log messages in
40 3363. [bug] Need to allow "forward" and "fowarders" options
41 in static-stub zones; this had been overlooked.
44 3362. [bug] Setting some option values to 0 in named.conf
45 could trigger an assertion failure on startup.
48 3360. [bug] 'host -w' could die. [RT #18723]
50 3359. [bug] An improperly-formed TSIG secret could cause a
51 memory leak. [RT #30607]
53 3357. [port] Add support for libxml2-2.8.x [RT #30440]
55 3356. [bug] Cap the TTL of signed RRsets when RRSIGs are
56 approaching their expiry, so they don't remain
57 in caches after expiry. [RT #26429]
59 --- 9.8.4b1 released ---
61 3354. [func] Improve OpenSSL error logging. [RT #29932]
63 3353. [bug] Use a single task for task exclusive operations.
66 3352. [bug] Ensure that learned server attributes timeout of the
67 adb cache. [RT #29856]
69 3351. [bug] isc_mem_put and isc_mem_putanddetach didn't report
70 caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX
71 memory debugging flags are set. [RT #30243]
73 3350. [bug] Memory read overrun in isc___mem_reallocate if
74 ISC_MEM_DEBUGCTX memory debugging flag is set.
77 3348. [bug] Prevent RRSIG data from being cached if a negative
78 record matching the covering type exists at a higher
79 trust level. Such data already can't be retrieved from
80 the cache since change 3218 -- this prevents it
81 being inserted into the cache as well. [RT #26809]
83 3347. [bug] dnssec-settime: Issue a warning when writing a new
84 private key file would cause a change in the
85 permissions of the existing file. [RT #27724]
87 3346. [security] Bad-cache data could be used before it was
88 initialized, causing an assert. [RT #30025]
90 3342. [bug] Change #3314 broke saving of stub zones to disk
91 resulting in excessive cpu usage in some cases.
94 3337. [bug] Change #3294 broke support for the multiple keys
95 in controls. [RT #29694]
97 3335. [func] nslookup: return a nonzero exit code when unable
98 to get an answer. [RT #29492]
100 3333. [bug] Setting resolver-query-timeout too low can cause
101 named to not recover if it loses connectivity.
104 3332. [bug] Re-use cached DS rrsets if possible. [RT #29446]
106 3331. [security] dns_rdataslab_fromrdataset could produce bad
107 rdataslabs. [RT #29644]
109 3330. [func] Fix missing signatures on NOERROR results despite
111 - add optional "recursive-only yes|no" to the
112 response-policy statement
113 - add optional "max-policy-ttl" to the response-policy
114 statement to limit the false data that
115 "recursive-only no" can introduce into
117 - add a RPZ performance test to bin/tests/system/rpz
118 when queryperf is available.
119 - the encoding of PASSTHRU action to "rpz-passthru".
120 (The old encoding is still accepted.)
124 3329. [bug] Handle RRSIG signer-name case consistently: We
125 generate RRSIG records with the signer-name in
126 lower case. We accept them with any case, but if
127 they fail to validate, we try again in lower case.
130 3328. [bug] Fixed inconsistent data checking in dst_parse.c.
133 3317. [func] Add ECDSA support (RFC 6605). [RT #21918]
135 --- 9.8.3 released ---
137 3318. [tuning] Reduce the amount of work performed while holding a
138 bucket lock when finshed with a fetch context.
141 3314. [bug] The masters list could be updated while refesh_callback
142 and stub_callback were using it. [RT #26732]
144 3313. [protocol] Add TLSA record type. [RT #28989]
146 3312. [bug] named-checkconf didn't detect a bad dns64 clients acl.
149 3311. [bug] Abort the zone dump if zone->db is NULL in
150 zone.c:zone_gotwritehandle. [RT #29028]
152 3310. [test] Increase table size for mutex profiling. [RT #28809]
154 3309. [bug] resolver.c:fctx_finddone() was not threadsafe.
157 3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS.
160 3306. [bug] Improve DNS64 reverse zone performance. [RT #28563]
162 3305. [func] Add wire format lookup method to sdb. [RT #28563]
164 3304. [bug] Use hmctx, not mctx when freeing rbtdb->heaps.
167 3302. [bug] dns_dnssec_findmatchingkeys could fail to find
168 keys if the zone name contained character that
169 required special mappings. [RT #28600]
171 3301. [contrib] Update queryperf to build on darwin. Add -R flag
172 for non-recursive queries. [RT #28565]
174 3300. [bug] Named could die if gssapi was enabled in named.conf
175 but was not compiled in. [RT #28338]
177 3299. [bug] Make SDB handle errors from database drivers better.
180 3232. [bug] Zero zone->curmaster before return in
181 dns_zone_setmasterswithkeys(). [RT #26732]
183 3183. [bug] Added RTLD_GLOBAL flag to dlopen call. [RT #26301]
185 3197. [bug] Don't try to log the filename and line number when
186 the config parser can't open a file. [RT #22263]
188 --- 9.8.2 released ---
190 3298. [bug] Named could dereference a NULL pointer in
191 zmgr_start_xfrin_ifquota if the zone was being removed.
194 3297. [bug] Named could die on a malformed master file. [RT #28467]
196 3295. [bug] Adjust isc_time_secondsastimet range check to be more
197 portable. [RT # 26542]
199 3294. [bug] isccc/cc.c:table_fromwire failed to free alist on
202 3291. [port] Fixed a build error on systems without ENOTSUP.
205 3290. [bug] <isc/hmacsha.h> was not being installed. [RT #28169]
207 3288. [bug] dlz_destroy() function wasn't correctly registered
208 by the DLZ dlopen driver. [RT #28056]
210 3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028]
212 3286. [bug] Managed key maintenance timer could fail to start
213 after 'rndc reconfig'. [RT #26786]
215 --- 9.8.2rc2 released ---
217 3285. [bug] val-frdataset was incorrectly disassociated in
218 proveunsecure after calling startfinddlvsep.
221 3284. [bug] Address race conditions with the handling of
222 rbtnode.deadlink. [RT #27738]
224 3283. [bug] Raw zones with with more than 512 records in a RRset
225 failed to load. [RT #27863]
227 3282. [bug] Restrict the TTL of NS RRset to no more than that
228 of the old NS RRset when replacing it.
229 [RT #27792] [RT #27884]
231 3281. [bug] SOA refresh queries could be treated as cancelled
232 despite succeeding over the loopback interface.
235 3280. [bug] Potential double free of a rdataset on out of memory
236 with DNS64. [RT #27762]
238 3278. [bug] Make sure automatic key maintenance is started
239 when "auto-dnssec maintain" is turned on during
240 "rndc reconfig". [RT #26805]
242 3276. [bug] win32: ns_os_openfile failed to return NULL on
243 safe_open failure. [RT #27696]
245 3274. [bug] Log when a zone is not reusable. Only set loadtime
246 on successful loads. [RT #27650]
248 3273. [bug] AAAA responses could be returned in the additional
249 section even when filter-aaaa-on-v4 was in use.
252 3271. [port] darwin: mksymtbl is not always stable, loop several
253 times before giving up. mksymtbl was using non
254 portable perl to covert 64 bit hex strings. [RT #27653]
256 3268. [bug] Convert RRSIG expiry times to 64 timestamps to work
257 out the earliest expiry time. [RT #23311]
259 3267. [bug] Memory allocation failures could be mis-reported as
260 unexpected error. New ISC_R_UNSET result code.
263 3266. [bug] The maximum number of NSEC3 iterations for a
264 DNSKEY RRset was not being properly computed.
267 3262. [bug] Signed responses were handled incorrectly by RPZ.
270 --- 9.8.2rc1 released ---
272 3260. [bug] "rrset-order cyclic" could appear not to rotate
273 for some query patterns. [RT #27170/27185]
275 3259. [bug] named-compilezone: Suppress "dump zone to <file>"
276 message when writing to stdout. [RT #27109]
278 3258. [test] Add "forcing full sign with unreadable keys" test.
281 3257. [bug] Do not generate a error message when calling fsync()
282 in a pipe or socket. [RT #27109]
284 3256. [bug] Disable empty zones for lwresd -C. [RT #27139]
286 3254. [bug] Set isc_socket_ipv6only() on the IPv6 control channels.
289 3253. [bug] Return DNS_R_SYNTAX when the input to a text field is
290 too long. [RT #26956]
292 3251. [bug] Enforce a upper bound (65535 bytes) on the amount of
293 memory dns_sdlz_putrr() can allocate per record to
294 prevent run away memory consumption on ISC_R_NOSPACE.
297 3250. [func] 'configure --enable-developer'; turn on various
298 configure options, normally off by default, that
299 we want developers to build and test with. [RT #27103]
301 3249. [bug] Update log message when saving slave zones files for
302 analysis after load failures. [RT #27087]
304 3248. [bug] Configure options --enable-fixed-rrset and
305 --enable-exportlib were incompatible with each
308 3247. [bug] 'raw' format zones failed to preserve load order
309 breaking 'fixed' sort order. [RT #27087]
311 3243. [port] netbsd,bsdi: the thread defaults were not being
314 3241. [bug] Address race conditions in the resolver code.
317 3240. [bug] DNSKEY state change events could be missed. [RT #26874]
319 3239. [bug] dns_dnssec_findmatchingkeys needs to use a consistent
320 timestamp. [RT #26883]
322 3238. [bug] keyrdata was not being reinitialized in
323 lib/dns/rbtdb.c:iszonesecure. [RT#26913]
325 3237. [bug] dig -6 didn't work with +trace. [RT #26906]
327 --- 9.8.2b1 released ---
329 3234. [bug] 'make depend' produced invalid makefiles. [RT #26830]
331 3231. [bug] named could fail to send a uncompressable zone.
334 3230. [bug] 'dig axfr' failed to properly handle a multi-message
335 axfr with a serial of 0. [RT #26796]
337 3229. [bug] Fix local variable to struct var assignment
338 found by CLANG warning.
340 3228. [tuning] Dynamically grow symbol table to improve zone
341 loading performance. [RT #26523]
343 3227. [bug] Interim fix to make WKS's use of getprotobyname()
344 and getservbyname() self thread safe. [RT #26232]
346 3226. [bug] Address minor resource leakages. [RT #26624]
348 3221. [bug] Fixed a potential coredump on shutdown due to
349 referencing fetch context after it's been freed.
352 3220. [bug] Change #3186 was incomplete; dns_db_rpz_findips()
353 could fail to set the database version correctly,
354 causing an assertion failure. [RT #26180]
356 3218. [security] Cache lookup could return RRSIG data associated with
357 nonexistent records, leading to an assertion
360 3217. [cleanup] Fix build problem with --disable-static. [RT #26476]
362 3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]
364 3213. [doc] Clarify ixfr-from-differences behavior. [RT #25188]
366 3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
367 list prior to adding a reference to it leading a
368 possible assertion failure. [RT #23219]
370 3209. [func] Add "dnssec-lookaside 'no'". [RT #24858]
372 3208. [bug] 'dig -y' handle unknown tsig alorithm better.
375 3207. [contrib] Fixed build error in Berkeley DB DLZ module. [RT #26444]
377 3206. [cleanup] Add ISC information to log at start time. [RT #25484]
379 3204. [bug] When a master server that has been marked as
380 unreachable sends a NOTIFY, mark it reachable
383 3203. [bug] Increase log level to 'info' for validation failures
384 from expired or not-yet-valid RRSIGs. [RT #21796]
386 3200. [doc] Some rndc functions were undocumented or were
387 missing from 'rndc -h' output. [RT #25555]
389 3198. [doc] Clarified that dnssec-settime can alter keyfile
390 permissions. [RT #24866]
392 3196. [bug] nsupdate: return nonzero exit code when target zone
393 doesn't exist. [RT #25783]
395 3195. [cleanup] Silence "file not found" warnings when loading
396 managed-keys zone. [RT #26340]
398 3194. [doc] Updated RFC references in the 'empty-zones-enable'
399 documentation. [RT #25203]
401 3193. [cleanup] Changed MAXZONEKEYS to DNS_MAXZONEKEYS, moved to
402 dnssec.h. [RT #26415]
404 3192. [bug] A query structure could be used after being freed.
407 3191. [bug] Print NULL records using "unknown" format. [RT #26392]
409 3190. [bug] Underflow in error handling in isc_mutexblock_init.
412 3189. [test] Added a summary report after system tests. [RT #25517]
414 3188. [bug] zone.c:zone_refreshkeys() could fail to detach
415 references correctly when errors occurred, causing
416 a hang on shutdown. [RT #26372]
418 3187. [port] win32: support for Visual Studio 2008. [RT #26356]
420 3186. [bug] Version/db mis-match in rpz code. [RT #26180]
422 3179. [port] kfreebsd: build issues. [RT #26273]
424 3175. [bug] Fix how DNSSEC positive wildcard responses from a
425 NSEC3 signed zone are validated. Stop sending a
426 unnecessary NSEC3 record when generating such
427 responses. [RT #26200]
429 3174. [bug] Always compute to revoked key tag from scratch.
432 3173. [port] Correctly validate root DS responses. [RT #25726]
434 3171. [bug] Exclusively lock the task when adding a zone using
435 'rndc addzone'. [RT #25600]
437 3170. [func] RPZ update:
438 - fix precedence among competing rules
439 - improve ARM text including documenting rule precedence
440 - try to rewrite CNAME chains until first hit
441 - new "rpz" logging channel
442 - RDATA for CNAME rules can include wildcards
443 - replace "NO-OP" named.conf policy override with
444 "PASSTHRU" and add "DISABLED" override ("NO-OP"
448 3169. [func] Catch db/version mis-matches when calling dns_db_*().
451 3167. [bug] Negative answers from forwarders were not being
452 correctly tagged making them appear to not be cached.
455 3162. [test] start.pl: modified to allow for "named.args" in
456 ns*/ subdirectory to override stock arguments to
457 named. Largely from RT#26044, but no separate ticket.
459 3161. [bug] zone.c:del_sigs failed to always reset rdata leading
460 assertion failures. [RT #25880]
462 3157. [tuning] Reduce the time spent in "rndc reconfig" by parsing
463 the config file before pausing the server. [RT #21373]
465 3155. [bug] Fixed a build failure when using contrib DLZ
466 drivers (e.g., mysql, postgresql, etc). [RT #25710]
468 3154. [bug] Attempting to print an empty rdataset could trigger
469 an assert. [RT #25452]
471 3152. [cleanup] Some versions of gcc and clang failed due to
472 incorrect use of __builtin_expect. [RT #25183]
474 3151. [bug] Queries for type RRSIG or SIG could be handled
475 incorrectly. [RT #21050]
477 3148. [bug] Processing of normal queries could be stalled when
478 forwarding a UPDATE message. [RT #24711]
480 3146. [test] Fixed gcc4.6.0 errors in ATF. [RT #25598]
482 3145. [test] Capture output of ATF unit tests in "./atf.out" if
483 there were any errors while running them. [RT #25527]
485 3144. [bug] dns_dbiterator_seek() could trigger an assert when
486 used with a nonexistent database node. [RT #25358]
488 3143. [bug] Silence clang compiler warnings. [RT #25174]
490 3139. [test] Added tests from RFC 6234, RFC 2202, and RFC 1321
491 for the hashing algorithms (md5, sha1 - sha512, and
492 their hmac counterparts). [RT #25067]
494 --- 9.8.1 released ---
496 --- 9.8.1rc1 released ---
498 3141. [bug] Silence spurious "zone serial (0) unchanged" messages
499 associated with empty zones. [RT #25079]
501 3138. [bug] Address memory leaks and out-of-order operations when
502 shutting named down. [RT #25210]
504 3136. [func] Add RFC 1918 reverse zones to the list of built-in
505 empty zones switched on by the 'empty-zones-enable'
508 Note: empty-zones-enable must be "yes;" or a empty
509 zone needs to be disabled in named.conf for RFC 1918
510 zones to be activated. This requirement may be
511 removed in future releases.
513 3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.
514 See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307
517 3134. [bug] Improve the accuracy of dnssec-signzone's signing
518 statistics. [RT #16030]
520 --- 9.8.1b3 released ---
522 3133. [bug] Change #3114 was incomplete. [RT #24577]
524 3131. [tuning] Improve scalability by allocating one zone task
525 per 100 zones at startup time, rather than using a
526 fixed-size task table. [RT #24406]
528 3129. [bug] Named could crash on 'rndc reconfig' when
529 allow-new-zones was set to yes and named ACLs
530 were used. [RT #22739]
532 --- 9.8.1b2 released ---
534 3126. [security] Using DNAME record to generate replacements caused
535 RPZ to exit with a assertion failure. [RT #24766]
537 3125. [security] Using wildcard CNAME records as a replacement with
538 RPZ caused named to exit with a assertion failure.
541 3124. [bug] Use an rdataset attribute flag to indicate
542 negative-cache records rather than using rrtype 0;
543 this will prevent problems when that rrtype is
544 used in actual DNS packets. [RT #24777]
546 3123. [security] Change #2912 exposed a latent flaw in
547 dns_rdataset_totext() that could cause named to
548 crash with an assertion failure. [RT #24777]
550 3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664]
552 3121. [security] An authoritative name server sending a negative
553 response containing a very large RRset could
554 trigger an off-by-one error in the ncache code
555 and crash named. [RT #24650]
557 3120. [bug] Named could fail to validate zones listed in a DLV
558 that validated insecure without using DLV and had
559 DS records in the parent zone. [RT #24631]
561 3119. [bug] When rolling to a new DNSSEC key, a private-type
562 record could be created and never marked complete.
565 3118. [bug] nsupdate could dump core on shutdown when using
566 SIG(0) keys. [RT #24604]
568 3117. [cleanup] Remove doc and parser references to the
569 never-implemented 'auto-dnssec create' option.
572 3115. [bug] Named could fail to return requested data when
573 following a CNAME that points into the same zone.
576 3114. [bug] Retain expired RRSIGs in dynamic zones if key is
577 inactive and there is no replacement key. [RT #23136]
579 3113. [doc] Document the relationship between serial-query-rate
582 --- 9.8.1b1 released ---
584 3112. [doc] Add missing descriptions of the update policy name
585 types "ms-self", "ms-subdomain", "krb5-self" and
586 "krb5-subdomain", which allow machines to update
587 their own records, to the BIND 9 ARM.
589 3111. [bug] Improved consistency checks for dnssec-enable and
590 dnssec-validation, added test cases to the
591 checkconf system test. [RT #24398]
593 3110. [bug] dnssec-signzone: Wrong error message could appear
594 when attempting to sign with no KSK. [RT #24369]
596 3107. [bug] dnssec-signzone: Report the correct number of ZSKs
597 when using -x. [RT #20852]
599 3105. [bug] GOST support can be suppressed by "configure
600 --without-gost" [RT #24367]
602 3104. [bug] Better support for cross-compiling. [RT #24367]
604 3103. [bug] Configuring 'dnssec-validation auto' in a view
605 instead of in the options statement could trigger
606 an assertion failure in named-checkconf. [RT #24382]
608 3101. [bug] Zones using automatic key maintenance could fail
609 to check the key repository for updates. [RT #23744]
611 3100. [security] Certain response policy zone configurations could
612 trigger an INSIST when receiving a query of type
615 3099. [test] "dlz" system test now runs but gives R:SKIPPED if
616 not compiled with --with-dlz-filesystem. [RT #24146]
618 3098. [bug] DLZ zones were answering without setting the AA bit.
621 3097. [test] Add a tool to test handling of malformed packets.
624 3096. [bug] Set KRB5_KTNAME before calling log_cred() in
625 dst_gssapi_acceptctx(). [RT #24004]
627 3095. [bug] Handle isolated reserved ports in the port range.
630 3094. [doc] Expand dns64 documentation.
632 3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
634 3092. [bug] Signatures for records at the zone apex could go
635 stale due to an incorrect timer setting. [RT #23769]
637 3091. [bug] Fixed a bug in which zone keys that were published
638 and then subsequently activated could fail to trigger
639 automatic signing. [RT #22911]
641 3090. [func] Make --with-gssapi default [RT #23738]
643 3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
644 and add setup.sh in order to resolve changing
645 named.conf issue. [RT #23687]
647 3087. [bug] DDNS updates using SIG(0) with update-policy match
648 type "external" could cause a crash. [RT #23735]
650 3086. [bug] Running dnssec-settime -f on an old-style key will
651 now force an update to the new key format even if no
652 other change has been specified, using "-P now -A now"
653 as default values. [RT #22474]
655 3083. [bug] NOTIFY messages were not being sent when generating
656 a NSEC3 chain incrementally. [RT #23702]
658 3082. [port] strtok_r is threads only. [RT #23747]
660 3081. [bug] Failure of DNAME substitution did not return
661 YXDOMAIN. [RT #23591]
663 3080. [cleanup] Replaced compile time constant by STDTIME_ON_32BITS.
666 3079. [bug] Handle isc_event_allocate failures in t_tasks.
669 3078. [func] Added a new include file with function typedefs
670 for the DLZ "dlopen" driver. [RT #23629]
672 3077. [bug] zone.c:zone_refreshkeys() incorrectly called
673 dns_zone_attach(), use zone->irefs instead. [RT #23303]
675 3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant
676 timestamp when determining which keys are active.
679 3074. [bug] Make the adb cache read through for zone data and
680 glue learn for zone named is authoritative for.
683 3073. [bug] managed-keys changes were not properly being recorded.
686 3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference.
689 3071. [bug] has_nsec could be used unintialised in
690 update.c:next_active. [RT #20256]
692 3070. [bug] dnssec-signzone potential NULL pointer dereference.
695 3069. [cleanup] Silence warnings messages from clang static analysis.
698 3068. [bug] Named failed to build with a OpenSSL without engine
701 3067. [bug] ixfr-from-differences {master|slave}; failed to
702 select the master/slave zones. [RT #23580]
704 3066. [func] The DLZ "dlopen" driver is now built by default,
705 no longer requiring a configure option. To
706 disable it, use "configure --without-dlopen".
707 (Note: driver not supported on win32.) [RT #23467]
709 3065. [bug] RRSIG could have time stamps too far in the future.
712 3064. [bug] powerpc: add sync instructions to the end of atomic
713 operations. [RT #23469]
715 3063. [contrib] More verbose error reporting from DLZ LDAP. [RT #23402]
717 3059. [test] Added a regression test for change #3023.
719 3058. [bug] Cause named to terminate at startup or rndc reconfig/
720 reload to fail, if a log file specified in the conf
721 file isn't a plain file. [RT #22771]
723 3057. [bug] "rndc secroots" would abort after the first error
724 and so could miss some views. [RT #23488]
726 3054. [bug] Added elliptic curve support check in
727 GOST OpenSSL engine detection. [RT #23485]
729 3053. [bug] Under a sustained high query load with a finite
730 max-cache-size, it was possible for cache memory
731 to be exhausted and not recovered. [RT #23371]
733 3052. [test] Fixed last autosign test report. [RT #23256]
735 3051. [bug] NS records obsure DNAME records at the bottom of the
736 zone if both are present. [RT #23035]
738 3050. [bug] The autosign system test was timing dependent.
739 Wait for the initial autosigning to complete
740 before running the rest of the test. [RT #23035]
742 3049. [bug] Save and restore the gid when creating creating
743 named.pid at startup. [RT #23290]
745 3048. [bug] Fully separate view key mangement. [RT #23419]
747 3047. [bug] DNSKEY NODATA responses not cached fixed in
748 validator.c. Tests added to dnssec system test.
751 3046. [bug] Use RRSIG original TTL to compute validated RRset
752 and RRSIG TTL. [RT #23332]
754 3044. [bug] Hold the socket manager lock while freeing the socket.
757 3043. [test] Merged in the NetBSD ATF test framework (currently
758 version 0.12) for development of future unit tests.
759 Use configure --with-atf to build ATF internally
760 or configure --with-atf=prefix to use an external
763 3042. [bug] dig +trace could fail attempting to use IPv6
764 addresses on systems with only IPv4 connectivity.
767 3041. [bug] dnssec-signzone failed to generate new signatures on
768 ttl changes. [RT #23330]
770 3040. [bug] Named failed to validate insecure zones where a node
771 with a CNAME existed between the trust anchor and the
772 top of the zone. [RT #23338]
774 3038. [bug] Install <dns/rpz.h>. [RT #23342]
776 3037. [doc] Update COPYRIGHT to contain all the individual
777 copyright notices that cover various parts.
779 3036. [bug] Check built-in zone arguments to see if the zone
780 is re-usable or not. [RT #21914]
782 3035. [cleanup] Simplify by using strlcpy. [RT #22521]
784 3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521]
786 3033. [cleanup] Add two INSIST(bucket != DNS_ADB_INVALIDBUCKET).
789 3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
791 3031. [bug] dns_rdataclass_format() handle a zero sized buffer.
794 3030. [bug] dns_rdatatype_format() handle a zero sized buffer.
797 3029. [bug] isc_netaddr_format() handle a zero sized buffer.
800 3028. [bug] isc_sockaddr_format() handle a zero sized buffer.
803 3027. [bug] Add documented REQUIREs to cfg_obj_asnetprefix() to
804 catch NULL pointer dereferences before they happen.
807 3026. [bug] lib/isc/httpd.c: check that we have enough space
808 after calling grow_headerspace() and if not
809 re-call grow_headerspace() until we do. [RT #22521]
811 --- 9.8.0 released ---
813 3025. [bug] Fixed a possible deadlock due to zone resigning.
816 3024. [func] RTT Banding removed due to minor security increase
817 but major impact on resolver latency. [RT #23310]
819 3023. [bug] Named could be left in an inconsistent state when
820 receiving multiple AXFR response messages that were
821 not all TSIG-signed. [RT #23254]
823 3022. [bug] Fixed rpz SERVFAILs after failed zone transfers
826 3021. [bug] Change #3010 was incomplete. [RT #22296]
828 3020. [bug] auto-dnssec failed to correctly update the zone when
829 changing the DNSKEY RRset. [RT #23232]
831 3019. [test] Test: check apex NSEC3 records after adding DNSKEY
832 record via UPDATE. [RT #23229]
834 --- 9.8.0rc1 released ---
836 3018. [bug] Named failed to check for the "none;" acl when deciding
837 if a zone may need to be re-signed. [RT #23120]
839 3017. [doc] dnssec-keyfromlabel -I was not properly documented.
842 3016. [bug] rndc usage missing '-b'. [RT #22937]
844 3015. [port] win32: fix IN6_IS_ADDR_LINKLOCAL and
845 IN6_IS_ADDR_SITELOCAL macros. [RT #22724]
847 3013. [bug] The DNS64 ttl was not always being set as expected.
850 3012. [bug] Remove DNSKEY TTL change pairs before generating
851 signing records for any remaining DNSKEY changes.
854 3011. [func] Allow setting this in named.conf using the new
855 'resolver-query-timeout' option, which specifies a max
856 time in seconds. 0 means 'default' and anything longer
857 than 30 will be silently set to 30. [RT #22852]
859 3010. [bug] Fixed a bug where "rndc reconfig" stopped the timer
860 for refreshing managed-keys. [RT #22296]
862 3009. [bug] clients-per-query code didn't work as expected with
863 particular query patterns. [RT #22972]
865 --- 9.8.0b1 released ---
867 3008. [func] Response policy zones (RPZ) support. [RT #21726]
869 3007. [bug] Named failed to preserve the case of domain names in
870 rdata which is not compressible when writing master
873 3006. [func] Allow dynamically generated TSIG keys to be preserved
874 across restarts of named. Initially this is for
875 TSIG keys generated using GSSAPI. [RT #22639]
877 3005. [port] Solaris: Work around the lack of
878 gsskrb5_register_acceptor_identity() by setting
879 the KRB5_KTNAME environment variable to the
880 contents of tkey-gssapi-keytab. Also fixed
881 test errors on MacOSX. [RT #22853]
883 3004. [func] DNS64 reverse support. [RT #22769]
885 3003. [experimental] Added update-policy match type "external",
886 enabling named to defer the decision of whether to
887 allow a dynamic update to an external daemon.
888 (Contributed by Andrew Tridgell.) [RT #22758]
890 3002. [bug] isc_mutex_init_errcheck() failed to destroy attr.
893 3001. [func] Added a default trust anchor for the root zone, which
894 can be switched on by setting "dnssec-validation auto;"
895 in the named.conf options. [RT #21727]
897 3000. [bug] More TKEY/GSS fixes:
898 - nsupdate can now get the default realm from
899 the user's Kerberos principal
900 - corrected gsstest compilation flags
901 - improved documentation
902 - fixed some NULL dereferences
905 2999. [func] Add GOST support (RFC 5933). [RT #20639]
907 2998. [func] Add isc_task_beginexclusive and isc_task_endexclusive
908 to the task api. [RT #22776]
910 2997. [func] named -V now reports the OpenSSL and libxml2 verions
911 it was compiled against. [RT #22687]
913 2996. [security] Temporarily disable SO_ACCEPTFILTER support.
916 2995. [bug] The Kerberos realm was not being correctly extracted
917 from the signer's identity. [RT #22770]
919 2994. [port] NetBSD: use pthreads by default on NetBSD >= 5.0, and
920 do not use threads on earlier versions. Also kill
921 the unproven-pthreads, mit-pthreads, and ptl2 support.
923 2993. [func] Dynamically grow adb hash tables. [RT #21186]
925 2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
926 for looking at a secure delegation. [RT #22059]
928 2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
929 dynamic zones. [RT #22365]
931 2990. [bug] 'dnssec-settime -S' no longer tests prepublication
932 interval validity when the interval is set to 0.
935 2989. [func] Added support for writable DLZ zones. (Contributed
936 by Andrew Tridgell of the Samba project.) [RT #22629]
938 2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
939 of external DLZ drivers that can be loaded as
940 shared objects at runtime rather than linked with
941 named. Currently this is switched on via a
942 compile-time option, "configure --with-dlz-dlopen".
943 Note: the syntax for configuring DLZ zones
944 is likely to be refined in future releases.
945 (Contributed by Andrew Tridgell of the Samba
946 project.) [RT #22629]
948 2987. [func] Improve ease of configuring TKEY/GSS updates by
949 adding a "tkey-gssapi-keytab" option. If set,
950 updates will be allowed with any key matching
951 a principal in the specified keytab file.
952 "tkey-gssapi-credential" is no longer required
953 and is expected to be deprecated. (Contributed
954 by Andrew Tridgell of the Samba project.)
957 2986. [func] Add new zone type "static-stub". It's like a stub
958 zone, but the nameserver names and/or their IP
959 addresses are statically configured. [RT #21474]
961 2985. [bug] Add a regression test for change #2896. [RT #21324]
963 2984. [bug] Don't run MX checks when the target of the MX record
966 2983. [bug] Include "loadkeys" in rndc help output. [RT #22493]
968 --- 9.8.0a1 released ---
970 2982. [bug] Reference count dst keys. dst_key_attach() can be used
971 increment the reference count.
973 Note: dns_tsigkey_createfromkey() callers should now
974 always call dst_key_free() rather than setting it
975 to NULL on success. [RT #22672]
977 2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991]
979 2980. [bug] named didn't properly handle UPDATES that changed the
980 TTL of the NSEC3PARAM RRset. [RT #22363]
982 2979. [bug] named could deadlock during shutdown if two
983 "rndc stop" commands were issued at the same
986 2978. [port] hpux: look for <devpoll.h> [RT #21919]
988 2977. [bug] 'nsupdate -l' report if the session key is missing.
991 2976. [bug] named could die on exit after negotiating a GSS-TSIG
994 2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
995 wrong lock which could lead to server deadlock.
998 2974. [bug] Some valid UPDATE requests could fail due to a
999 consistency check examining the existing version
1000 of the zone rather than the new version resulting
1001 from the UPDATE. [RT #22413]
1003 2973. [bug] bind.keys.h was being removed by the "make clean"
1004 at the end of configure resulting in build failures
1005 where there is very old version of perl installed.
1006 Move it to "make maintainer-clean". [RT #22230]
1008 2972. [bug] win32: address windows socket errors. [RT #21906]
1010 2971. [bug] Fixed a bug that caused journal files not to be
1011 compacted on Windows systems as a result of
1012 non-POSIX-compliant rename() semantics. [RT #22434]
1014 2970. [security] Adding a NO DATA negative cache entry failed to clear
1015 any matching RRSIG records. A subsequent lookup of
1016 of NO DATA cache entry could trigger a INSIST when the
1017 unexpected RRSIG was also returned with the NO DATA
1020 CVE-2010-3613, VU#706148. [RT #22288]
1022 2969. [security] Fix acl type processing so that allow-query works
1023 in options and view statements. Also add a new
1024 set of tests to verify proper functioning.
1026 CVE-2010-3615, VU#510208. [RT #22418]
1028 2968. [security] Named could fail to prove a data set was insecure
1029 before marking it as insecure. One set of conditions
1030 that can trigger this occurs naturally when rolling
1033 CVE-2010-3614, VU#837744. [RT #22309]
1035 2967. [bug] 'host -D' now turns on debugging messages earlier.
1038 2966. [bug] isc_print_vsnprintf() failed to check if there was
1039 space available in the buffer when adding a left
1040 justified character with a non zero width,
1041 (e.g. "%-1c"). [RT #22270]
1043 2965. [func] Test HMAC functions using test data from RFC 2104 and
1044 RFC 4634. [RT #21702]
1048 2963. [security] The allow-query acl was being applied instead of the
1049 allow-query-cache acl to cache lookups. [RT #22114]
1051 2962. [port] win32: add more dependencies to BINDBuild.dsw.
1054 2961. [bug] Be still more selective about the non-authoritative
1055 answers we apply change 2748 to. [RT #22074]
1057 2960. [func] Check that named accepts non-authoritative answers.
1060 2959. [func] Check that named starts with a missing masterfile.
1063 2958. [bug] named failed to start with a missing master file.
1066 2957. [bug] entropy_get() and entropy_getpseudo() failed to match
1067 the API for RAND_bytes() and RAND_pseudo_bytes()
1068 respectively. [RT #21962]
1070 2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
1072 2955. [func] Provide more detail in the recursing log. [RT #22043]
1074 2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
1075 build_sqldbinstance failure. [RT #21623]
1077 2953. [bug] Silence spurious "expected covering NSEC3, got an
1078 exact match" message when returning a wildcard
1079 no data response. [RT #21744]
1081 2952. [port] win32: named-checkzone and named-checkconf failed
1082 to initialise winsock. [RT #21932]
1084 2951. [bug] named failed to generate a correct signed response
1085 in a optout, delegation only zone with no secure
1086 delegations. [RT #22007]
1088 2950. [bug] named failed to perform a SOA up to date check when
1089 falling back to TCP on UDP timeouts when
1090 ixfr-from-differences was set. [RT #21595]
1092 2949. [bug] dns_view_setnewzones() contained a memory leak if
1093 it was called multiple times. [RT #21942]
1095 2948. [port] MacOS: provide a mechanism to configure the test
1096 interfaces at reboot. See bin/tests/system/README
1101 2946. [doc] Document the default values for the minimum and maximum
1102 zone refresh and retry values in the ARM. [RT #21886]
1104 2945. [doc] Update empty-zones list in ARM. [RT #21772]
1106 2944. [maint] Remove ORCHID prefix from built in empty zones.
1109 2943. [func] Add support to load new keys into managed zones
1110 without signing immediately with "rndc loadkeys".
1111 Add support to link keys with "dnssec-keygen -S"
1112 and "dnssec-settime -S". [RT #21351]
1114 2942. [contrib] zone2sqlite failed to setup the entropy sources.
1117 2941. [bug] sdb and sdlz (dlz's zone database) failed to support
1118 DNAME at the zone apex. [RT #21610]
1120 2940. [port] Remove connection aborted error message on
1121 Windows. [RT #21549]
1123 2939. [func] Check that named successfully skips NSEC3 records
1124 that fail to match the NSEC3PARAM record currently
1127 2938. [bug] When generating signed responses, from a signed zone
1128 that uses NSEC3, named would use a uninitialised
1129 pointer if it needed to skip a NSEC3 record because
1130 it didn't match the selected NSEC3PARAM record for
1133 2937. [bug] Worked around an apparent race condition in over
1134 memory conditions. Without this fix a DNS cache DB or
1135 ADB could incorrectly stay in an over memory state,
1136 effectively refusing further caching, which
1137 subsequently made a BIND 9 caching server unworkable.
1138 This fix prevents this problem from happening by
1139 polling the state of the memory context, rather than
1140 making a copy of the state, which appeared to cause
1141 a race. This is a "workaround" in that it doesn't
1142 solve the possible race per se, but several experiments
1143 proved this change solves the symptom. Also, the
1144 polling overhead hasn't been reported to be an issue.
1145 This bug should only affect a caching server that
1146 specifies a finite max-cache-size. It's also quite
1147 likely that the bug happens only when enabling threads,
1148 but it's not confirmed yet. [RT #21818]
1150 2936. [func] Improved configuration syntax and multiple-view
1151 support for addzone/delzone feature (see change
1152 #2930). Removed "new-zone-file" option, replaced
1153 with "allow-new-zones (yes|no)". The new-zone-file
1154 for each view is now created automatically, with
1155 a filename generated from a hash of the view name.
1156 It is no longer necessary to "include" the
1157 new-zone-file in named.conf; this happens
1158 automatically. Zones that were not added via
1159 "rndc addzone" can no longer be removed with
1160 "rndc delzone". [RT #19447]
1162 2935. [bug] nsupdate: improve 'file not found' error message.
1165 2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
1168 2933. [bug] 'dig +nsid' used stack memory after it went out of
1169 scope. This could potentially result in a unknown,
1170 potentially malformed, EDNS option being sent instead
1171 of the desired NSID option. [RT #21781]
1173 2932. [cleanup] Corrected a numbering error in the "dnssec" test.
1176 2931. [bug] Temporarily and partially disable change 2864
1177 because it would cause infinite attempts of RRSIG
1178 queries. This is an urgent care fix; we'll
1179 revisit the issue and complete the fix later.
1182 2930. [experimental] New "rndc addzone" and "rndc delzone" commads
1183 allow dynamic addition and deletion of zones.
1184 To enable this feature, specify a "new-zone-file"
1185 option at the view or options level in named.conf.
1186 Zone configuration information for the new zones
1187 will be written into that file. To make the new
1188 zones persist after a restart, "include" the file
1189 into named.conf in the appropriate view. (Note:
1190 This feature is not yet documented, and its syntax
1191 is expected to change.) [RT #19447]
1193 2929. [bug] Improved handling of GSS security contexts:
1194 - added LRU expiration for generated TSIGs
1195 - added the ability to use a non-default realm
1196 - added new "realm" keyword in nsupdate
1197 - limited lifetime of generated keys to 1 hour
1198 or the lifetime of the context (whichever is
1202 2928. [bug] Be more selective about the non-authoritative
1203 answer we apply change 2748 to. [RT #21594]
1209 2925. [bug] Named failed to accept uncachable negative responses
1210 from insecure zones. [RT# 21555]
1212 2924. [func] 'rndc secroots' dump a combined summary of the
1213 current managed keys combined with trusted keys.
1216 2923. [bug] 'dig +trace' could drop core after "connection
1217 timeout". [RT #21514]
1219 2922. [contrib] Update zkt to version 1.0.
1221 2921. [bug] The resolver could attempt to destroy a fetch context
1222 too soon. [RT #19878]
1224 2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
1225 to IPv4 clients. New acl 'filter-aaaa' (default any).
1227 2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
1230 2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
1232 2917. [func] Virtual time test framework. [RT #20801]
1234 2916. [func] Add framework to use IPv6 in tests.
1235 fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
1237 2915. [cleanup] Be smarter about which objects we attempt to compile
1238 based on configure options. [RT #21444]
1240 2914. [bug] Make the "autosign" system test more portable.
1243 2913. [func] Add pkcs#11 system tests. [RT #20784]
1245 2912. [func] Windows clients don't like UPDATE responses that clear
1246 the zone section. [RT #20986]
1248 2911. [bug] dnssec-signzone didn't handle out of zone records well.
1251 2910. [func] Sanity check Kerberos credentials. [RT #20986]
1253 2909. [bug] named-checkconf -p could die if "update-policy local;"
1254 was specified in named.conf. [RT #21416]
1256 2908. [bug] It was possible for re-signing to stop after removing
1257 a DNSKEY. [RT #21384]
1259 2907. [bug] The export version of libdns had undefined references.
1262 2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
1264 2905. [port] aix: set use_atomic=yes with native compiler.
1267 2904. [bug] When using DLV, sub-zones of the zones in the DLV,
1268 could be incorrectly marked as insecure instead of
1269 secure leading to negative proofs failing. This was
1270 a unintended outcome from change 2890. [RT# 21392]
1272 2903. [bug] managed-keys-directory missing from namedconf.c.
1275 2902. [func] Add regression test for change 2897. [RT #21040]
1277 2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
1279 2900. [bug] The placeholder negative caching element was not
1280 properly constructed triggering a INSIST in
1281 dns_ncache_towire(). [RT #21346]
1283 2899. [port] win32: Support linking against OpenSSL 1.0.0.
1285 2898. [bug] nslookup leaked memory when -domain=value was
1286 specified. [RT #21301]
1288 2897. [bug] NSEC3 chains could be left behind when transitioning
1289 to insecure. [RT #21040]
1291 2896. [bug] "rndc sign" failed to properly update the zone
1292 when adding a DNSKEY for publication only. [RT #21045]
1294 2895. [func] genrandom: add support for the generation of multiple
1297 2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
1299 2893. [bug] Improve managed keys support. New named.conf option
1300 managed-keys-directory. [RT #20924]
1302 2892. [bug] Handle REVOKED keys better. [RT #20961]
1304 2891. [maint] Update empty-zones list to match
1305 draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
1307 2890. [bug] Handle the introduction of new trusted-keys and
1308 DS, DLV RRsets better. [RT #21097]
1310 2889. [bug] Elements of the grammar where not properly reported.
1313 2888. [bug] Only the first EDNS option was displayed. [RT #21273]
1315 2887. [bug] Report the keytag times in UTC in the .key file,
1316 local time is presented as a comment within the
1317 comment. [RT #21223]
1319 2886. [bug] ctime() is not thread safe. [RT #21223]
1321 2885. [bug] Improve -fno-strict-aliasing support probing in
1322 configure. [RT #21080]
1324 2884. [bug] Insufficient validation in dns_name_getlabelsequence().
1327 2883. [bug] 'dig +short' failed to handle really large datasets.
1330 2882. [bug] Remove memory context from list of active contexts
1331 before clearing 'magic'. [RT #21274]
1333 2881. [bug] Reduce the amount of time the rbtdb write lock
1334 is held when closing a version. [RT #21198]
1336 2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
1337 consistent. [RT #21078]
1339 2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
1342 2878. [func] Incrementally write the master file after performing
1345 2877. [bug] The validator failed to skip obviously mismatching
1348 2876. [bug] Named could return SERVFAIL for negative responses
1349 from unsigned zones. [RT #21131]
1351 2875. [bug] dns_time64_fromtext() could accept non digits.
1354 2874. [bug] Cache lack of EDNS support only after the server
1355 successfully responds to the query using plain DNS.
1358 2873. [bug] Cancelling a dynamic update via the dns/client module
1359 could trigger an assertion failure. [RT #21133]
1361 2872. [bug] Modify dns/client.c:dns_client_createx() to only
1362 require one of IPv4 or IPv6 rather than both.
1365 2871. [bug] Type mismatch in mem_api.c between the definition and
1366 the header file, causing build failure with
1367 --enable-exportlib. [RT #21138]
1369 2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
1371 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
1374 2868. [cleanup] Run "make clean" at the end of configure to ensure
1375 any changes made by configure are integrated.
1376 Use --with-make-clean=no to disable. [RT #20994]
1378 2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
1379 don't like it. [RT #20986]
1381 2866. [bug] Windows does not like the TSIG name being compressed.
1384 2865. [bug] memset to zero event.data. [RT #20986]
1386 2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
1389 2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
1392 2862. [bug] nsupdate didn't default to the parent zone when
1393 updating DS records. [RT #20896]
1395 2861. [doc] dnssec-settime man pages didn't correctly document the
1396 inactivation time. [RT #21039]
1398 2860. [bug] named-checkconf's usage was out of date. [RT #21039]
1400 2859. [bug] When cancelling validation it was possible to leak
1403 2858. [bug] RTT estimates were not being adjusted on ICMP errors.
1406 2857. [bug] named-checkconf did not fail on a bad trusted key.
1409 2856. [bug] The size of a memory allocation was not always properly
1410 recorded. [RT #20927]
1412 2855. [func] nsupdate will now preserve the entered case of domain
1413 names in update requests it sends. [RT #20928]
1415 2854. [func] dig: allow the final soa record in a axfr response to
1416 be suppressed, dig +onesoa. [RT #20929]
1418 2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
1420 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
1422 2851. [doc] nslookup.1, removed <informalexample> from the docbook
1423 source as it produced bad nroff. [RT #21007]
1425 2850. [bug] If isc_heap_insert() failed due to memory shortage
1426 the heap would have corrupted entries. [RT #20951]
1428 2849. [bug] Don't treat errors from the xml2 library as fatal.
1431 2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and
1432 README.rfc5011 into the ARM. [RT #20899]
1434 2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921]
1436 2846. [bug] EOF on unix domain sockets was not being handled
1437 correctly. [RT #20731]
1439 2845. [bug] RFC 5011 client could crash on shutdown. [RT #20903]
1441 2844. [doc] notify-delay default in ARM was wrong. It should have
1442 been five (5) seconds.
1444 2843. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from
1445 creating key files if there is a chance that the new
1446 key ID will collide with an existing one after
1447 either of the keys has been revoked. (To override
1448 this in the case of dnssec-keyfromlabel, use the -y
1449 option. dnssec-keygen will simply create a
1450 different, non-colliding key, so an override is
1451 not necessary.) [RT #20838]
1453 2842. [func] Added "smartsign" and improved "autosign" and
1454 "dnssec" regression tests. [RT #20865]
1456 2841. [bug] Change 2836 was not complete. [RT #20883]
1458 2840. [bug] Temporary fixed pkcs11-destroy usage check.
1461 2839. [bug] A KSK revoked by named could not be deleted.
1466 2837. [port] Prevent Linux spurious warnings about fwrite().
1469 2836. [bug] Keys that were scheduled to become active could
1470 be delayed. [RT #20874]
1472 2835. [bug] Key inactivity dates were inadvertently stored in
1473 the private key file with the outdated tag
1474 "Unpublish" rather than "Inactive". This has been
1475 fixed; however, any existing keys that had Inactive
1476 dates set will now need to have them reset, using
1477 'dnssec-settime -I'. [RT #20868]
1479 2834. [bug] HMAC-SHA* keys that were longer than the algorithm
1480 digest length were used incorrectly, leading to
1481 interoperability problems with other DNS
1482 implementations. This has been corrected.
1483 (Note: If an oversize key is in use, and
1484 compatibility is needed with an older release of
1485 BIND, the new tool "isc-hmac-fixup" can convert
1486 the key secret to a form that will work with all
1487 versions.) [RT #20751]
1489 2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime.
1492 2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
1493 to avoid redefinition in some OSs [RT 20831]
1495 2831. [security] Do not attempt to validate or cache
1496 out-of-bailiwick data returned with a secure
1497 answer; it must be re-fetched from its original
1498 source and validated in that context. [RT #20819]
1500 2830. [bug] Changing the OPTOUT setting could take multiple
1503 2829. [bug] Fixed potential node inconsistency in rbtdb.c.
1506 2828. [security] Cached CNAME or DNAME RR could be returned to clients
1507 without DNSSEC validation. [RT #20737]
1509 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
1511 2826. [bug] NSEC3->NSEC transitions could fail due to a lock not
1512 being released. [RT #20740]
1514 2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
1515 was in the process of being created was not properly
1516 recorded in the zone. [RT #20786]
1518 2824. [bug] "rndc sign" was not being run by the correct task.
1521 2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
1523 2822. [bug] rbtdb.c:loadnode() could return the wrong result.
1526 2821. [doc] Add note that named-checkconf doesn't automatically
1527 read rndc.key and bind.keys [RT #20758]
1529 2820. [func] Handle read access failure of OpenSSL configuration
1530 file more user friendly (PKCS#11 engine patch).
1533 2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
1536 2818. [cleanup] rndc could return an incorrect error code
1537 when a zone was not found. [RT #20767]
1539 2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
1542 2816. [bug] previous_closest_nsec() could fail to return
1543 data for NSEC3 nodes [RT #29730]
1545 2815. [bug] Exclusively lock the task when freezing a zone.
1548 2814. [func] Provide a definitive error message when a master
1549 zone is not loaded. [RT #20757]
1551 2813. [bug] Better handling of unreadable DNSSEC key files.
1554 2812. [bug] Make sure updates can't result in a zone with
1555 NSEC-only keys and NSEC3 records. [RT #20748]
1557 2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
1560 2810. [doc] Clarified the process of transitioning an NSEC3 zone
1561 to insecure. [RT #20746]
1563 2809. [cleanup] Restored accidentally-deleted text in usage output
1564 in dnssec-settime and dnssec-revoke [RT #20739]
1566 2808. [bug] Remove the attempt to install atomic.h from lib/isc.
1567 atomic.h is correctly installed by the architecture
1568 specific subdirectories. [RT #20722]
1570 2807. [bug] Fixed a possible ASSERT when reconfiguring zone
1573 --- 9.7.0rc1 released ---
1575 2806. [bug] "rdnc sign" could delay re-signing the DNSKEY
1576 when it had changed. [RT #20703]
1578 2805. [bug] Fixed namespace problems encountered when building
1579 external programs using non-exported BIND9 libraries
1580 (i.e., built without --enable-exportlib). [RT #20679]
1582 2804. [bug] Send notifies when a zone is signed with "rndc sign"
1583 or as a result of a scheduled key change. [RT #20700]
1585 2803. [port] win32: Install named-journalprint, nsec3hash, arpaname
1586 and genrandom under windows. [RT #20670]
1588 2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670]
1590 2801. [func] Detect and report records that are different according
1591 to DNSSEC but are semantically equal according to plain
1592 DNS. Apply plain DNS comparisons rather than DNSSEC
1593 comparisons when processing UPDATE requests.
1594 dnssec-signzone now removes such semantically duplicate
1595 records prior to signing the RRset.
1597 named-checkzone -r {ignore|warn|fail} (default warn)
1598 named-compilezone -r {ignore|warn|fail} (default warn)
1600 named.conf: check-dup-records {ignore|warn|fail};
1602 2800. [func] Reject zones which have NS records which refer to
1603 CNAMEs, DNAMEs or don't have address record (class IN
1604 only). Reject UPDATEs which would cause the zone
1605 to fail the above checks if committed. [RT #20678]
1607 2799. [cleanup] Changed the "secure-to-insecure" option to
1608 "dnssec-secure-to-insecure", and "dnskey-ksk-only"
1609 to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
1611 2798. [bug] Addressed bugs in managed-keys initialization
1612 and rollover. [RT #20683]
1614 2797. [bug] Don't decrement the dispatch manager's maxbuffers.
1617 2796. [bug] Missing dns_rdataset_disassociate() call in
1618 dns_nsec3_delnsec3sx(). [RT #20681]
1620 2795. [cleanup] Add text to differentiate "update with no effect"
1621 log messages. [RT #18889]
1623 2794. [bug] Install <isc/namespace.h>. [RT #20677]
1625 2793. [func] Add "autosign" and "metadata" tests to the
1626 automatic tests. [RT #19946]
1628 2792. [func] "filter-aaaa-on-v4" can now be set in view
1629 options (if compiled in). [RT #20635]
1631 2791. [bug] The installation of isc-config.sh was broken.
1634 2790. [bug] Handle DS queries to stub zones. [RT #20440]
1636 2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
1638 2788. [bug] dnssec-signzone could sign with keys that were
1639 not requested [RT #20625]
1641 2787. [bug] Spurious log message when zone keys were
1642 dynamically reconfigured. [RT #20659]
1644 2786. [bug] Additional could be promoted to answer. [RT #20663]
1646 --- 9.7.0b3 released ---
1648 2785. [bug] Revoked keys could fail to self-sign [RT #20652]
1650 2784. [bug] TC was not always being set when required glue was
1651 dropped. [RT #20655]
1653 2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
1654 buffer size of 512 or less. [RT #20654]
1656 2782. [port] win32: use getaddrinfo() for hostname lookups.
1659 2781. [bug] Inactive keys could be used for signing. [RT #20649]
1661 2780. [bug] dnssec-keygen -A none didn't properly unset the
1662 activation date in all cases. [RT #20648]
1664 2779. [bug] Dynamic key revocation could fail. [RT #20644]
1666 2778. [bug] dnssec-signzone could fail when a key was revoked
1667 without deleting the unrevoked version. [RT #20638]
1669 2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
1671 2776. [bug] Change #2762 was not correct. [RT #20647]
1673 2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible
1674 in dnssec-keyfromlabel. [RT #20643]
1676 2774. [bug] Existing cache DB wasn't being reused after
1677 reconfiguration. [RT #20629]
1679 2773. [bug] In autosigned zones, the SOA could be signed
1680 with the KSK. [RT #20628]
1682 2772. [security] When validating, track whether pending data was from
1683 the additional section or not and only return it if
1684 validates as secure. [RT #20438]
1686 2771. [bug] dnssec-signzone: DNSKEY records could be
1687 corrupted when importing from key files [RT #20624]
1689 2770. [cleanup] Add log messages to resolver.c to indicate events
1690 causing FORMERR responses. [RT #20526]
1692 2769. [cleanup] Change #2742 was incomplete. [RT #19589]
1694 2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568]
1696 2767. [bug] named could crash on startup if a zone was
1697 configured with auto-dnssec and there was no
1698 key-directory. [RT #20615]
1700 2766. [bug] isc_socket_fdwatchpoke() should only update the
1701 socketmgr state if the socket is not pending on a
1702 read or write. [RT #20603]
1704 2765. [bug] Skip masters for which the TSIG key cannot be found.
1707 2764. [bug] "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
1709 2763. [bug] "rndc sign" didn't create an NSEC chain. [RT #20591]
1711 2762. [bug] DLV validation failed with a local slave DLV zone.
1714 2761. [cleanup] Enable internal symbol table for backtrace only for
1715 systems that are known to work. Currently, BSD
1716 variants, Linux and Solaris are supported. [RT# 20202]
1718 2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
1720 2759. [doc] Add information about .jbk/.jnw files to
1721 the ARM. [RT #20303]
1723 2758. [bug] win32: Added a workaround for a windows 2008 bug
1724 that could cause the UDP client handler to shut
1727 2757. [bug] dig: assertion failure could occur in connect
1728 timeout. [RT #20599]
1730 2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]
1734 2754. [bug] Secure-to-insecure transitions failed when zone
1735 was signed with NSEC3. [RT #20587]
1737 2753. [bug] Removed an unnecessary warning that could appear when
1738 building an NSEC chain. [RT #20589]
1740 2752. [bug] Locking violation. [RT #20587]
1742 2751. [bug] Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
1744 2750. [bug] dig: assertion failure could occur when a server
1745 didn't have an address. [RT #20579]
1747 2749. [bug] ixfr-from-differences generated a non-minimal ixfr
1748 for NSEC3 signed zones. [RT #20452]
1750 2748. [func] Identify bad answers from GTLD servers and treat them
1751 as referrals. [RT #18884]
1753 2747. [bug] Journal roll forwards failed to set the re-signing
1754 time of RRSIGs correctly. [RT #20541]
1756 2746. [port] hpux: address signed/unsigned expansion mismatch of
1757 dns_rbtnode_t.nsec. [RT #20542]
1759 2745. [bug] configure script didn't probe the return type of
1760 gai_strerror(3) correctly. [RT #20573]
1762 2744. [func] Log if a query was over TCP. [RT #19961]
1764 2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
1765 for a insecure delegation.
1767 --- 9.7.0b2 released ---
1769 2742. [cleanup] Clarify some DNSSEC-related log messages in
1770 validator.c. [RT #19589]
1772 2741. [func] Allow the dnssec-keygen progress messages to be
1773 suppressed (dnssec-keygen -q). Automatically
1774 suppress the progress messages when stdin is not
1779 2739. [cleanup] Clean up API for initializing and clearing trust
1780 anchors for a view. [RT #20211]
1782 2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system
1785 2737. [func] UPDATE requests can leak existence information.
1788 2736. [func] Improve the performance of NSEC signed zones with
1789 more than a normal amount of glue below a delegation.
1792 2735. [bug] dnssec-signzone could fail to read keys
1793 that were specified on the command line with
1794 full paths, but weren't in the current
1795 directory. [RT #20421]
1797 2734. [port] cygwin: arpaname did not compile. [RT #20473]
1799 2733. [cleanup] Clean up coding style in pkcs11-* tools. [RT #20355]
1801 2732. [func] Add optional filter-aaaa-on-v4 option, available
1802 if built with './configure --enable-filter-aaaa'.
1803 Filters out AAAA answers to clients connecting
1804 via IPv4. (This is NOT recommended for general
1807 2731. [func] Additional work on change 2709. The key parser
1808 will now ignore unrecognized fields when the
1809 minor version number of the private key format
1810 has been increased. It will reject any key with
1811 the major version number increased. [RT #20310]
1813 2730. [func] Have dnssec-keygen display a progress indication
1814 a la 'openssl genrsa' on standard error. Note
1815 when the first '.' is followed by a long stop
1816 one has the choice between slow generation vs.
1817 poor random quality, i.e., '-r /dev/urandom'.
1820 2729. [func] When constructing a CNAME from a DNAME use the DNAME
1823 2728. [bug] dnssec-keygen, dnssec-keyfromlabel and
1824 dnssec-signzone now warn immediately if asked to
1825 write into a nonexistent directory. [RT #20278]
1827 2727. [func] The 'key-directory' option can now specify a relative
1830 2726. [func] Added support for SHA-2 DNSSEC algorithms,
1831 RSASHA256 and RSASHA512. [RT #20023]
1833 2725. [doc] Added information about the file "managed-keys.bind"
1834 to the ARM. [RT #20235]
1836 2724. [bug] Updates to a existing node in secure zone using NSEC
1837 were failing. [RT #20448]
1839 2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
1840 isc_base64_totext(), didn't always mark regions of
1841 memory as fully consumed after conversion. [RT #20445]
1843 2722. [bug] Ensure that the memory associated with the name of
1844 a node in a rbt tree is not altered during the life
1845 of the node. [RT #20431]
1847 2721. [port] Have dst__entropy_status() prime the random number
1848 generator. [RT #20369]
1850 2720. [bug] RFC 5011 trust anchor updates could trigger an
1851 assert if the DNSKEY record was unsigned. [RT #20406]
1853 2719. [func] Skip trusted/managed keys for unsupported algorithms.
1856 2718. [bug] The space calculations in opensslrsa_todns() were
1857 incorrect. [RT #20394]
1859 2717. [bug] named failed to update the NSEC/NSEC3 record when
1860 the last private type record was removed as a result
1861 of completing the signing the zone with a key.
1864 2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]
1866 --- 9.7.0b1 released ---
1868 2715. [bug] Require OpenSSL support to be explicitly disabled.
1871 2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
1874 2713. [bug] powerpc: atomic operations missing asm("ics") /
1877 2712. [func] New 'auto-dnssec' zone option allows zone signing
1878 to be fully automated in zones configured for
1879 dynamic DNS. 'auto-dnssec allow;' permits a zone
1880 to be signed by creating keys for it in the
1881 key-directory and using 'rndc sign <zone>'.
1882 'auto-dnssec maintain;' allows that too, plus it
1883 also keeps the zone's DNSSEC keys up to date
1884 according to their timing metadata. [RT #19943]
1886 2711. [port] win32: Add the bin/pkcs11 tools into the full
1889 2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only'
1890 zone option cause a zone to be signed with only KSKs
1891 signing the DNSKEY RRset, not ZSKs. This reduces
1892 the size of a DNSKEY answer. [RT #20340]
1894 2709. [func] Added some data fields, currently unused, to the
1895 private key file format, to allow implementation
1896 of explicit key rollover in a future release
1897 without impairing backward or forward compatibility.
1900 2708. [func] Insecure to secure and NSEC3 parameter changes via
1901 update are now fully supported and no longer require
1902 defines to enable. We now no longer overload the
1903 NSEC3PARAM flag field, nor the NSEC OPT bit at the
1904 apex. Secure to insecure changes are controlled by
1905 by the named.conf option 'secure-to-insecure'.
1907 Warning: If you had previously enabled support by
1908 adding defines at compile time to BIND 9.6 you should
1909 ensure that all changes that are in progress have
1910 completed prior to upgrading to BIND 9.7. BIND 9.7
1911 is not backwards compatible.
1913 2707. [func] dnssec-keyfromlabel no longer require engine name
1914 to be specified in the label if there is a default
1915 engine or the -E option has been used. Also, it
1916 now uses default algorithms as dnssec-keygen does
1917 (i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
1920 2706. [bug] Loading a zone with a very large NSEC3 salt could
1921 trigger an assert. [RT #20368]
1925 2704. [bug] Serial of dynamic and stub zones could be inconsistent
1926 with their SOA serial. [RT #19387]
1928 2703. [func] Introduce an OpenSSL "engine" argument with -E
1929 for all binaries which can take benefit of
1930 crypto hardware. [RT #20230]
1932 2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
1934 2701. [doc] Correction to ARM: hmac-md5 is no longer the only
1935 supported TSIG key algorithm. [RT #18046]
1937 2700. [doc] The match-mapped-addresses option is discouraged.
1940 2699. [bug] Missing lock in rbtdb.c. [RT #20037]
1944 2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
1945 S_IFREG are defined after including <isc/stat.h>.
1948 2696. [bug] named failed to successfully process some valid
1949 acl constructs. [RT #20308]
1951 2695. [func] DHCP/DDNS - update fdwatch code for use by
1952 DHCP. Modify the api to isc_sockfdwatch_t (the
1953 callback functon for isc_socket_fdwatchcreate)
1954 to include information about the direction (read
1955 or write) and add isc_socket_fdwatchpoke.
1958 2694. [bug] Reduce default NSEC3 iterations from 100 to 10.
1961 2693. [port] Add some noreturn attributes. [RT #20257]
1963 2692. [port] win32: 32/64 bit cleanups. [RT #20335]
1965 2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3
1966 chain when re-signing a previously-signed zone.
1967 Use -u to modify NSEC3 parameters or switch
1968 between NSEC and NSEC3. [RT #20304]
1970 2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
1973 2689. [bug] Correctly handle snprintf result. [RT #20306]
1975 2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
1976 to decide to fetch the destination address. [RT #20305]
1978 2687. [bug] Fixed dnssec-signzone -S handling of revoked keys.
1979 Also, added warnings when revoking a ZSK, as this is
1980 not defined by protocol (but is legal). [RT #19943]
1982 2686. [bug] dnssec-signzone should clean the old NSEC chain when
1983 signing with NSEC3 and vice versa. [RT #20301]
1985 2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
1987 2684. [cleanup] dig: formalize +ad and +cd as synonyms for
1988 +adflag and +cdflag. [RT #19305]
1990 2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
1991 the NSEC3 parameters used to sign the zone change.
1994 2682. [bug] "configure --enable-symtable=all" failed to
1997 2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
1998 decoded. [RT #20269]
2000 2680. [func] Move contrib/pkcs11-keygen to bin/pkcs11. [RT #20067]
2002 2679. [func] dig -k can now accept TSIG keys in named.conf
2005 2678. [func] Treat DS queries as if "minimal-response yes;"
2006 was set. [RT #20258]
2008 2677. [func] Changes to key metadata behavior:
2009 - Keys without "publish" or "active" dates set will
2010 no longer be used for smart signing. However,
2011 those dates will be set to "now" by default when
2012 a key is created; to generate a key but not use
2013 it yet, use dnssec-keygen -G.
2014 - New "inactive" date (dnssec-keygen/settime -I)
2015 sets the time when a key is no longer used for
2016 signing but is still published.
2017 - The "unpublished" date (-U) is deprecated in
2018 favour of "deleted" (-D).
2021 2676. [bug] --with-export-installdir should have been
2022 --with-export-includedir. [RT #20252]
2024 2675. [bug] dnssec-signzone could crash if the key directory
2025 did not exist. [RT #20232]
2027 --- 9.7.0a3 released ---
2029 2674. [bug] "dnssec-lookaside auto;" crashed if named was built
2030 without openssl. [RT #20231]
2032 2673. [bug] The managed-keys.bind zone file could fail to
2033 load due to a spurious result from sync_keyzone()
2036 2672. [bug] Don't enable searching in 'host' when doing reverse
2037 lookups. [RT #20218]
2039 2671. [bug] Add support for PKCS#11 providers not returning
2040 the public exponent in RSA private keys
2041 (OpenCryptoki for instance) in
2042 dnssec-keyfromlabel. [RT #19294]
2044 2670. [bug] Unexpected connect failures failed to log enough
2045 information to be useful. [RT #20205]
2047 2669. [func] Update PKCS#11 support to support Keyper HSM.
2048 Update PKCS#11 patch to be against openssl-0.9.8i.
2050 2668. [func] Several improvements to dnssec-* tools, including:
2051 - dnssec-keygen and dnssec-settime can now set key
2052 metadata fields 0 (to unset a value, use "none")
2053 - dnssec-revoke sets the revocation date in
2054 addition to the revoke bit
2055 - dnssec-settime can now print individual metadata
2056 fields instead of always printing all of them,
2057 and can print them in unix epoch time format for
2061 2667. [func] Add support for logging stack backtrace on assertion
2062 failure (not available for all platforms). [RT #19780]
2064 2666. [func] Added an 'options' argument to dns_name_fromstring()
2065 (API change from 9.7.0a2). [RT #20196]
2067 2665. [func] Clarify syntax for managed-keys {} statement, add
2068 ARM documentation about RFC 5011 support. [RT #19874]
2070 2664. [bug] create_keydata() and minimal_update() in zone.c
2071 didn't properly check return values for some
2072 functions. [RT #19956]
2074 2663. [func] win32: allow named to run as a service using
2075 "NT AUTHORITY\LocalService" as the account. [RT #19977]
2077 2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
2078 returned a misleading error code when lwresd was
2081 2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
2082 creating lwres context. [RT #20029]
2084 2660. [func] Add a new set of DNS libraries for non-BIND9
2085 applications. See README.libdns. [RT #19369]
2087 2659. [doc] Clarify dnssec-keygen doc: key name must match zone
2088 name for DNSSEC keys. [RT #19938]
2090 2658. [bug] dnssec-settime and dnssec-revoke didn't process
2091 key file paths correctly. [RT #20078]
2093 2657. [cleanup] Lower "journal file <path> does not exist, creating it"
2094 log level to debug 1. [RT #20058]
2096 2656. [func] win32: add a "tools only" check box to the installer
2097 which causes it to only install dig, host, nslookup,
2098 nsupdate and relevant DLLs. [RT #19998]
2100 2655. [doc] Document that key-directory does not affect
2101 bind.keys, rndc.key or session.key. [RT #20155]
2103 2654. [bug] Improve error reporting on duplicated names for
2104 deny-answer-xxx. [RT #20164]
2106 2653. [bug] Treat ENGINE_load_private_key() failures as key
2107 not found rather than out of memory. [RT #18033]
2109 2652. [func] Provide more detail about what record is being
2110 deleted. [RT #20061]
2112 2651. [bug] Dates could print incorrectly in K*.key files on
2113 64-bit systems. [RT #20076]
2115 2650. [bug] Assertion failure in dnssec-signzone when trying
2116 to read keyset-* files. [RT #20075]
2118 2649. [bug] Set the domain for forward only zones. [RT #19944]
2120 2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
2122 2647. [bug] Remove unnecessary SOA updates when a new KSK is
2125 2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2127 2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
2128 which default to 64 bits. [RT #19927]
2130 --- 9.7.0a2 released ---
2132 2644. [bug] Change #2628 caused a regression on some systems;
2133 named was unable to write the PID file and would
2134 fail on startup. [RT #20001]
2136 2643. [bug] Stub zones interacted badly with NSEC3 support.
2139 2642. [bug] nsupdate could dump core on solaris when reading
2140 improperly formatted key files. [RT #20015]
2142 2641. [bug] Fixed an error in parsing update-policy syntax,
2143 added a regression test to check it. [RT #20007]
2145 2640. [security] A specially crafted update packet will cause named
2146 to exit. [RT #20000]
2148 2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
2150 2638. [bug] Install arpaname. [RT #19957]
2152 2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
2155 2636. [func] Simplify zone signing and key maintenance with the
2156 dnssec-* tools. Major changes:
2157 - all dnssec-* tools now take a -K option to
2158 specify a directory in which key files will be
2160 - DNSSEC can now store metadata indicating when
2161 they are scheduled to be published, activated,
2162 revoked or removed; these values can be set by
2163 dnssec-keygen or overwritten by the new
2164 dnssec-settime command
2165 - dnssec-signzone -S (for "smart") option reads key
2166 metadata and uses it to determine automatically
2167 which keys to publish to the zone, use for
2168 signing, revoke, or remove from the zone
2171 2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
2174 2634. [port] win32: Add support for libxml2, enable
2175 statschannel. [RT #19773]
2177 2633. [bug] Handle 15 bit rand() functions. [RT #19783]
2179 2632. [func] util/kit.sh: warn if documentation appears to be out of
2182 2631. [bug] Handle "//", "/./" and "/../" in mkdirpath().
2185 2630. [func] Improved syntax for DDNS autoconfiguration: use
2186 "update-policy local;" to switch on local DDNS in a
2187 zone. (The "ddns-autoconf" option has been removed.)
2190 2629. [port] Check for seteuid()/setegid(), use setresuid()/
2191 setresgid() if not present. [RT #19932]
2193 2628. [port] linux: Allow /var/run/named/named.pid to be opened
2194 at startup with reduced capabilities in operation.
2197 2627. [bug] Named aborted if the same key was included in
2198 trusted-keys more than once. [RT #19918]
2200 2626. [bug] Multiple trusted-keys could trigger an assertion
2201 failure. [RT #19914]
2203 2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
2205 2624. [func] 'named-checkconf -p' will print out the parsed
2206 configuration. [RT #18871]
2208 2623. [bug] Named started searches for DS non-optimally. [RT #19915]
2210 2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
2212 2621. [doc] Made copyright boilerplate consistent. [RT #19833]
2214 2620. [bug] Delay thawing the zone until the reload of it has
2215 completed successfully. [RT #19750]
2217 2619. [func] Add support for RFC 5011, automatic trust anchor
2218 maintenance. The new "managed-keys" statement can
2219 be used in place of "trusted-keys" for zones which
2220 support this protocol. (Note: this syntax is
2221 expected to change prior to 9.7.0 final.) [RT #19248]
2223 2618. [bug] The sdb and sdlz db_interator_seek() methods could
2224 loop infinitely. [RT #19847]
2226 2617. [bug] ifconfig.sh failed to emit an error message when
2227 run from the wrong location. [RT #19375]
2229 2616. [bug] 'host' used the nameservers from resolv.conf even
2230 when a explicit nameserver was specified. [RT #19852]
2232 2615. [bug] "__attribute__((unused))" was in the wrong place
2233 for ia64 gcc builds. [RT #19854]
2235 2614. [port] win32: 'named -v' should automatically be executed
2236 in the foreground. [RT #19844]
2240 --- 9.7.0a1 released ---
2242 2612. [func] Add default values for the arguments to
2243 dnssec-keygen. Without arguments, it will now
2244 generate a 1024-bit RSASHA1 zone-signing key,
2245 or with the -f KSK option, a 2048-bit RSASHA1
2246 key-signing key. [RT #19300]
2248 2611. [func] Add -l option to dnssec-dsfromkey to generate
2249 DLV records instead of DS records. [RT #19300]
2251 2610. [port] sunos: Change #2363 was not complete. [RT #19796]
2253 2609. [func] Simplify the configuration of dynamic zones:
2254 - add ddns-confgen command to generate
2255 configuration text for named.conf
2256 - add zone option "ddns-autoconf yes;", which
2257 causes named to generate a TSIG session key
2258 and allow updates to the zone using that key
2259 - add '-l' (localhost) option to nsupdate, which
2260 causes nsupdate to connect to a locally-running
2261 named process using the session key generated
2265 2608. [func] Perform post signing verification checks in
2266 dnssec-signzone. These can be disabled with -P.
2268 The post sign verification test ensures that for each
2269 algorithm in use there is at least one non revoked
2270 self signed KSK key. That all revoked KSK keys are
2271 self signed. That all records in the zone are signed
2272 by the algorithm. [RT #19653]
2274 2607. [bug] named could incorrectly delete NSEC3 records for
2275 empty nodes when processing a update request.
2278 2606. [bug] "delegation-only" was not being accepted in
2279 delegation-only type zones. [RT #19717]
2281 2605. [bug] Accept DS responses from delegation only zones.
2284 2604. [func] Add support for DNS rebinding attack prevention through
2285 new options, deny-answer-addresses and
2286 deny-answer-aliases. Based on contributed code from
2287 JD Nurmi, Google. [RT #18192]
2289 2603. [port] win32: handle .exe extension of named-checkzone and
2290 named-comilezone argv[0] names under windows.
2293 2602. [port] win32: fix debugging command line build of libisccfg.
2296 2601. [doc] Mention file creation mode mask in the
2299 2600. [doc] ARM: miscellaneous reformatting for different
2300 page widths. [RT #19574]
2302 2599. [bug] Address rapid memory growth when validation fails.
2305 2598. [func] Reserve the -F flag. [RT #19657]
2307 2597. [bug] Handle a validation failure with a insecure delegation
2308 from a NSEC3 signed master/slave zone. [RT #19464]
2310 2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
2311 long, leading to inefficient memory usage or rejecting
2312 newer cache entries in the worst case. [RT #19563]
2314 2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
2316 2594. [func] Have rndc warn if using its default configuration
2317 file when the key file also exists. [RT #19424]
2319 2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
2321 2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
2323 2591. [bug] named could die when processing a update in
2324 removed_orphaned_ds(). [RT #19507]
2326 2590. [func] Report zone/class of "update with no effect".
2329 2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
2332 2588. [bug] SO_REUSEADDR could be set unconditionally after failure
2333 of bind(2) call. This should be rare and mostly
2334 harmless, but may cause interference with other
2335 processes that happen to use the same port. [RT #19642]
2337 2587. [func] Improve logging by reporting serial numbers for
2338 when zone serial has gone backwards or unchanged.
2341 2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
2344 2585. [bug] Uninitialized socket name could be referenced via a
2345 statistics channel, triggering an assertion failure in
2346 XML rendering. [RT #19427]
2348 2584. [bug] alpha: gcc optimization could break atomic operations.
2351 2583. [port] netbsd: provide a control to not add the compile
2352 date to the version string, -DNO_VERSION_DATE.
2354 2582. [bug] Don't emit warning log message when we attempt to
2355 remove non-existent journal. [RT #19516]
2357 2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
2358 Requires MySQL 5.0.19 or later. [RT #19084]
2360 2580. [bug] UpdateRej statistics counter could be incremented twice
2361 for one rejection. [RT #19476]
2363 2579. [bug] DNSSEC lookaside validation failed to handle unknown
2364 algorithms. [RT #19479]
2366 2578. [bug] Changed default sig-signing-type to 65534, because
2367 65535 turns out to be reserved. [RT #19477]
2369 2577. [doc] Clarified some statistics counters. [RT #19454]
2371 2576. [bug] NSEC record were not being correctly signed when
2372 a zone transitions from insecure to secure.
2373 Handle such incorrectly signed zones. [RT #19114]
2375 2575. [func] New functions dns_name_fromstring() and
2376 dns_name_tostring(), to simplify conversion
2377 of a string to a dns_name structure and vice
2380 2574. [doc] Document nsupdate -g and -o. [RT #19351]
2382 2573. [bug] Replacing a non-CNAME record with a CNAME record in a
2383 single transaction in a signed zone failed. [RT #19397]
2385 2572. [func] Simplify DLV configuration, with a new option
2386 "dnssec-lookaside auto;" This is the equivalent
2387 of "dnssec-lookaside . trust-anchor dlv.isc.org;"
2388 plus setting a trusted-key for dlv.isc.org.
2390 Note: The trusted key is hard-coded into named,
2391 but is also stored in (and can be overridden
2392 by) $sysconfdir/bind.keys. As the ISC DLV key
2393 rolls over it can be kept up to date by replacing
2394 the bind.keys file with a key downloaded from
2395 https://www.isc.org/solutions/dlv. [RT #18685]
2397 2571. [func] Add a new tool "arpaname" which translates IP addresses
2398 to the corresponding IN-ADDR.ARPA or IP6.ARPA name.
2401 2570. [func] Log the destination address the query was sent to.
2404 2569. [func] Move journalprint, nsec3hash, and genrandom
2405 commands from bin/tests into bin/tools;
2406 "make install" will put them in $sbindir. [RT #19301]
2408 2568. [bug] Report when the write to indicate a otherwise
2409 successful start fails. [RT #19360]
2411 2567. [bug] dst__privstruct_writefile() could miss write errors.
2412 write_public_key() could miss write errors.
2413 dnssec-dsfromkey could miss write errors.
2416 2566. [cleanup] Clarify logged message when an insecure DNSSEC
2417 response arrives from a zone thought to be secure:
2418 "insecurity proof failed" instead of "not
2419 insecure". [RT #19400]
2421 2565. [func] Add support for HIP record. Includes new functions
2422 dns_rdata_hip_first(), dns_rdata_hip_next()
2423 and dns_rdata_hip_current(). [RT #19384]
2425 2564. [bug] Only take EDNS fallback steps when processing timeouts.
2428 2563. [bug] Dig could leak a socket causing it to wait forever
2429 to exit. [RT #19359]
2431 2562. [doc] ARM: miscellaneous improvements, reorganization,
2432 and some new content.
2434 2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2436 2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
2438 2559. [bug] dnssec-dsfromkey could compute bad DS records when
2439 reading from a K* files. [RT #19357]
2441 2558. [func] Set the ownership of missing directories created
2442 for pid-file if -u has been specified on the command
2445 2557. [cleanup] PCI compliance:
2446 * new libisc log module file
2447 * isc_dir_chroot() now also changes the working
2449 * additional INSISTs
2450 * additional logging when files can't be removed.
2452 2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
2453 error checks in the correct order resulting in the
2454 wrong error code sometimes being returned. [RT #19249]
2456 2555. [func] dig: when emitting a hex dump also display the
2457 corresponding characters. [RT #19258]
2459 2554. [bug] Validation of uppercase queries from NSEC3 zones could
2462 2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
2464 2552. [bug] zero-no-soa-ttl-cache was not being honoured.
2467 2551. [bug] Potential Reference leak on return. [RT #19341]
2469 2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
2472 2549. [port] linux: define NR_OPEN if not currently defined.
2475 2548. [bug] Install iterated_hash.h. [RT #19335]
2477 2547. [bug] openssl_link.c:mem_realloc() could reference an
2478 out-of-range area of the source buffer. New public
2479 function isc_mem_reallocate() was introduced to address
2480 this bug. [RT #19313]
2482 2546. [func] Add --enable-openssl-hash configure flag to use
2483 OpenSSL (in place of internal routine) for hash
2484 functions (MD5, SHA[12] and HMAC). [RT #18815]
2486 2545. [doc] ARM: Legal hostname checking (check-names) is
2487 for SRV RDATA too. [RT #19304]
2489 2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2491 2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2493 2542. [doc] Update the description of dig +adflag. [RT #19290]
2495 2541. [bug] Conditionally update dispatch manager statistics.
2498 2540. [func] Add a nibble mode to $GENERATE. [RT #18872]
2500 2539. [security] Update the interaction between recursion, allow-query,
2501 allow-query-cache and allow-recursion. [RT #19198]
2503 2538. [bug] cache/ADB memory could grow over max-cache-size,
2504 especially with threads and smaller max-cache-size
2507 2537. [func] Added more statistics counters including those on socket
2508 I/O events and query RTT histograms. [RT #18802]
2510 2536. [cleanup] Silence some warnings when -Werror=format-security is
2511 specified. [RT #19083]
2513 2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
2515 2534. [func] Check NAPTR records regular expressions and
2516 replacement strings to ensure they are syntactically
2517 valid and consistant. [RT #18168]
2519 2533. [doc] ARM: document @ (at-sign). [RT #17144]
2521 2532. [bug] dig: check the question section of the response to
2522 see if it matches the asked question. [RT #18495]
2524 2531. [bug] Change #2207 was incomplete. [RT #19098]
2526 2530. [bug] named failed to reject insecure to secure transitions
2527 via UPDATE. [RT #19101]
2529 2529. [cleanup] Upgrade libtool to silence complaints from recent
2530 version of autoconf. [RT #18657]
2532 2528. [cleanup] Silence spurious configure warning about
2533 --datarootdir [RT #19096]
2537 2526. [func] New named option "attach-cache" that allows multiple
2538 views to share a single cache to save memory and
2539 improve lookup efficiency. Based on contributed code
2540 from Barclay Osborn, Google. [RT #18905]
2542 2525. [func] New logging category "query-errors" to provide detailed
2543 internal information about query failures, especially
2544 about server failures. [RT #19027]
2546 2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
2548 2523. [bug] Random type rdata freed by dns_nsec_typepresent().
2551 2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
2553 2521. [bug] Improve epoll cross compilation support. [RT #19047]
2555 2520. [bug] Update xml statistics version number to 2.0 as change
2556 #2388 made the schema incompatible to the previous
2557 version. [RT #19080]
2559 2519. [bug] dig/host with -4 or -6 didn't work if more than two
2560 nameserver addresses of the excluded address family
2561 preceded in resolv.conf. [RT #19081]
2563 2518. [func] Add support for the new CERT types from RFC 4398.
2566 2517. [bug] dig +trace with -4 or -6 failed when it chose a
2567 nameserver address of the excluded address type.
2570 2516. [bug] glue sort for responses was performed even when not
2573 2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
2576 2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
2577 a nameserver of the excluded address family.
2580 2513. [bug] Fix windows cli build. [RT #19062]
2582 2512. [func] Print a summary of the cached records which make up
2583 the negative response. [RT #18885]
2585 2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
2588 2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
2591 2509. [bug] Specifying a fixed query source port was broken.
2596 2507. [func] Log the recursion quota values when killing the
2597 oldest query or refusing to recurse due to quota.
2600 2506. [port] solaris: Check at configure time if
2601 hack_shutup_pthreadonceinit is needed. [RT #19037]
2603 2505. [port] Treat amd64 similarly to x86_64 when determining
2604 atomic operation support. [RT #19031]
2606 2504. [bug] Address race condition in the socket code. [RT #18899]
2608 2503. [port] linux: improve compatibility with Linux Standard
2611 2502. [cleanup] isc_radix: Improve compliance with coding style,
2612 document function in <isc/radix.h>. [RT #18534]
2614 2501. [func] $GENERATE now supports all rdata types. Multi-field
2615 rdata types need to be quoted. See the ARM for
2616 details. [RT #18368]
2618 2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
2619 function. [RT #18582]
2621 2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
2624 --- 9.6.0rc1 released ---
2626 2498. [bug] Removed a bogus function argument used with
2627 ISC_SOCKET_USE_POLLWATCH: it could cause compiler
2628 warning or crash named with the debug 1 level
2629 of logging. [RT #18917]
2631 2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
2634 2496. [bug] Add sanity length checks to NSID option. [RT #18813]
2636 2495. [bug] Tighten RRSIG checks. [RT #18795]
2638 2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
2639 installed. [RT #18826]
2641 2493. [bug] The linux capabilities code was not correctly cleaning
2642 up after itself. [RT #18767]
2644 2492. [func] Rndc status now reports the number of cpus discovered
2645 and the number of worker threads when running
2646 multi-threaded. [RT #18273]
2648 2491. [func] Attempt to re-use a local port if we are already using
2649 the port. [RT #18548]
2651 2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
2652 is cleared when IPV6_V6ONLY is set. [RT #18785]
2654 2489. [port] solaris: Workaround Solaris's kernel bug about
2656 http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
2657 Define ISC_SOCKET_USE_POLLWATCH at build time to enable
2658 this workaround. [RT #18870]
2660 2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
2661 from keyset and .key files. [RT #18694]
2663 2487. [bug] Give TCP connections longer to complete. [RT #18675]
2665 2486. [func] The default locations for named.pid and lwresd.pid
2666 are now /var/run/named/named.pid and
2667 /var/run/lwresd/lwresd.pid respectively.
2669 This allows the owner of the containing directory
2670 to be set, for "named -u" support, and allows there
2671 to be a permanent symbolic link in the path, for
2672 "named -t" support. [RT #18306]
2674 2485. [bug] Change update's the handling of obscured RRSIG
2675 records. Not all orphaned DS records were being
2676 removed. [RT #18828]
2678 2484. [bug] It was possible to trigger a REQUIRE failure when
2679 adding NSEC3 proofs to the response in
2680 query_addwildcardproof(). [RT #18828]
2682 2483. [port] win32: chroot() is not supported. [RT #18805]
2684 2482. [port] libxml2: support versions 2.7.* in addition
2685 to 2.6.*. [RT #18806]
2687 --- 9.6.0b1 released ---
2689 2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
2690 collisions. [RT #18812]
2692 2480. [bug] named could fail to emit all the required NSEC3
2693 records. [RT #18812]
2695 2479. [bug] xfrout:covers was not properly initialized. [RT #18801]
2697 2478. [bug] 'addresses' could be used uninitialized in
2698 configure_forward(). [RT #18800]
2700 2477. [bug] dig: the global option to print the command line is
2701 +cmd not print_cmd. Update the output to reflect
2704 2476. [doc] ARM: improve documentation for max-journal-size and
2705 ixfr-from-differences. [RT #15909] [RT #18541]
2707 2475. [bug] LRU cache cleanup under overmem condition could purge
2708 particular entries more aggressively. [RT #17628]
2710 2474. [bug] ACL structures could be allocated with insufficient
2711 space, causing an array overrun. [RT #18765]
2713 2473. [port] linux: raise the limit on open files to the possible
2714 maximum value before spawning threads; 'files'
2715 specified in named.conf doesn't seem to work with
2716 threads as expected. [RT #18784]
2718 2472. [port] linux: check the number of available cpu's before
2719 calling chroot as it depends on "/proc". [RT #16923]
2721 2471. [bug] named-checkzone was not reporting missing mandatory
2722 glue when sibling checks were disabled. [RT #18768]
2724 2470. [bug] Elements of the isc_radix_node_t could be incorrectly
2725 overwritten. [RT# 18719]
2727 2469. [port] solaris: Work around Solaris's select() limitations.
2730 2468. [bug] Resolver could try unreachable servers multiple times.
2733 2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
2735 2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
2738 2465. [bug] Adb's handling of lame addresses was different
2739 for IPv4 and IPv6. [RT #18738]
2741 2464. [port] linux: check that a capability is present before
2742 trying to set it. [RT #18135]
2744 2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
2745 API and glibc hides parts of the IPv6 Advanced Socket
2746 API as a result. This is stupid as it breaks how the
2747 two halves (Basic and Advanced) of the IPv6 Socket API
2748 were designed to be used but we have to live with it.
2749 Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
2752 2462. [doc] Document -m (enable memory usage debugging)
2753 option for dig. [RT #18757]
2755 2461. [port] sunos: Change #2363 was not complete. [RT #17513]
2757 --- 9.6.0a1 released ---
2759 2460. [bug] Don't call dns_db_getnsec3parameters() on the cache.
2762 2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
2764 2458. [doc] ARM: update and correction for max-cache-size.
2767 2457. [tuning] max-cache-size is reverted to 0, the previous
2768 default. It should be safe because expired cache
2769 entries are also purged. [RT #18684]
2771 2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
2772 address, regardless of family. They now correctly
2773 distinguish IPv4 from IPv6. [RT #18559]
2775 2455. [bug] Stop metadata being transferred via axfr/ixfr.
2778 2454. [func] nsupdate: you can now set a default ttl. [RT #18317]
2780 2453. [bug] Remove NULL pointer dereference in dns_journal_print().
2783 2452. [func] Improve bin/test/journalprint. [RT #18316]
2785 2451. [port] solaris: handle runtime linking better. [RT #18356]
2787 2450. [doc] Fix lwresd docbook problem for manual page.
2792 2448. [func] Add NSEC3 support. [RT #15452]
2794 2447. [cleanup] libbind has been split out as a separate product.
2796 2446. [func] Add a new log message about build options on startup.
2797 A new command-line option '-V' for named is also
2798 provided to show this information. [RT# 18645]
2800 2445. [doc] ARM out-of-date on empty reverse zones (list includes
2801 RFC1918 address, but these are not yet compiled in).
2804 2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
2805 (clear DF) for UDP responses and requests.
2807 2443. [bug] win32: UDP connect() would not generate an event,
2808 and so connected UDP sockets would never clean up.
2809 Fix this by doing an immediate WSAConnect() rather
2810 than an io completion port type for UDP.
2812 2442. [bug] A lock could be destroyed twice. [RT# 18626]
2814 2441. [bug] isc_radix_insert() could copy radix tree nodes
2815 incompletely. [RT #18573]
2817 2440. [bug] named-checkconf used an incorrect test to determine
2818 if an ACL was set to none.
2820 2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
2823 2438. [bug] Timeouts could be logged incorrectly under win32.
2825 2437. [bug] Sockets could be closed too early, leading to
2826 inconsistent states in the socket module. [RT #18298]
2828 2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
2830 2435. [bug] Fixed an ACL memory leak affecting win32.
2832 2434. [bug] Fixed a minor error-reporting bug in
2833 lib/isc/win32/socket.c.
2835 2433. [tuning] Set initial timeout to 800ms.
2837 2432. [bug] More Windows socket handling improvements. Stop
2838 using I/O events and use IO Completion Ports
2839 throughout. Rewrite the receive path logic to make
2840 it easier to support multiple simultaneous
2841 requesters in the future. Add stricter consistency
2842 checking as a compile-time option (define
2843 ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
2845 2431. [bug] Acl processing could leak memory. [RT #18323]
2847 2430. [bug] win32: isc_interval_set() could round down to
2848 zero if the input was less than NS_INTERVAL
2849 nanoseconds. Round up instead. [RT #18549]
2851 2429. [doc] nsupdate should be in section 1 of the man pages.
2854 2428. [bug] dns_iptable_merge() mishandled merges of negative
2857 2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
2858 was set. [RT #18528]
2860 2426. [bug] libbind: inet_net_pton() can sometimes return the
2861 wrong value if excessively large net masks are
2862 supplied. [RT #18512]
2864 2425. [bug] named didn't detect unavailable query source addresses
2865 at load time. [RT #18536]
2867 2424. [port] configure now probes for a working epoll
2868 implementation. Allow the use of kqueue,
2869 epoll and /dev/poll to be selected at compile
2872 2423. [security] Randomize server selection on queries, so as to
2873 make forgery a little more difficult. Instead of
2874 always preferring the server with the lowest RTT,
2875 pick a server with RTT within the same 128
2876 millisecond band. [RT #18441]
2878 2422. [bug] Handle the special return value of a empty node as
2879 if it was a NXRRSET in the validator. [RT #18447]
2881 2421. [func] Add new command line option '-S' for named to specify
2882 the max number of sockets. [RT #18493]
2883 Use caution: this option may not work for some
2884 operating systems without rebuilding named.
2886 2420. [bug] Windows socket handling cleanup. Let the io
2887 completion event send out canceled read/write
2888 done events, which keeps us from writing to memory
2889 we no longer have ownership of. Add debugging
2890 socket_log() function. Rework TCP socket handling
2891 to not leak sockets.
2893 2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
2894 should not be used for isc_sockettype_fdwatch sockets.
2897 2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
2900 2417. [bug] Connecting UDP sockets for outgoing queries could
2901 unexpectedly fail with an 'address already in use'
2904 2416. [func] Log file descriptors that cause exceeding the
2905 internal maximum. [RT #18460]
2907 2415. [bug] 'rndc dumpdb' could trigger various assertion failures
2908 in rbtdb.c. [RT #18455]
2910 2414. [bug] A masterdump context held the database lock too long,
2911 causing various troubles such as dead lock and
2912 recursive lock acquisition. [RT #18311, #18456]
2914 2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
2916 2412. [bug] win32: address a resource leak. [RT #18374]
2918 2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
2919 for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
2920 at compilation time. [RT #18433]
2922 Note: with changes #2469 and #2421 above, there is no
2923 need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
2926 2410. [bug] Correctly delete m_versionInfo. [RT #18432]
2928 2409. [bug] Only log that we disabled EDNS processing if we were
2929 subsequently successful. [RT #18029]
2931 2408. [bug] A duplicate TCP dispatch event could be sent, which
2932 could then trigger an assertion failure in
2933 resquery_response(). [RT #18275]
2935 2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2939 2405. [cleanup] The default value for dnssec-validation was changed to
2940 "yes" in 9.5.0-P1 and all subsequent releases; this
2941 was inadvertently omitted from CHANGES at the time.
2943 2404. [port] hpux: files unlimited support.
2945 2403. [bug] TSIG context leak. [RT #18341]
2947 2402. [port] Support Solaris 2.11 and over. [RT #18362]
2949 2401. [bug] Expect to get E[MN]FILE errno internal_accept()
2950 (from accept() or fcntl() system calls). [RT #18358]
2952 2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
2957 2398. [bug] Improve file descriptor management. New,
2958 temporary, named.conf option reserved-sockets,
2959 default 512. [RT #18344]
2961 2397. [bug] gssapi_functions had too many elements. [RT #18355]
2963 2396. [bug] Don't set SO_REUSEADDR for randomized ports.
2966 2395. [port] Avoid warning and no effect from "files unlimited"
2967 on Linux when running as root. [RT #18335]
2969 2394. [bug] Default configuration options set the limit for
2970 open files to 'unlimited' as described in the
2971 documentation. [RT #18331]
2973 2393. [bug] nested acls containing keys could trigger an
2974 assertion in acl.c. [RT #18166]
2976 2392. [bug] remove 'grep -q' from acl test script, some platforms
2977 don't support it. [RT #18253]
2979 2391. [port] hpux: cover additional recvmsg() error codes.
2982 2390. [bug] dispatch.c could make a false warning on 'odd socket'.
2985 2389. [bug] Move the "working directory writable" check to after
2986 the ns_os_changeuser() call. [RT #18326]
2988 2388. [bug] Avoid using tables for layout purposes in
2989 statistics XSL [RT #18159].
2991 2387. [bug] Silence compiler warnings in lib/isc/radix.c.
2992 [RT #18147] [RT #18258]
2994 2386. [func] Add warning about too small 'open files' limit.
2997 2385. [bug] A condition variable in socket.c could leak in
2998 rare error handling [RT #17968].
3000 2384. [security] Fully randomize UDP query ports to improve
3001 forgery resilience. [RT #17949, #18098]
3003 2383. [bug] named could double queries when they resulted in
3004 SERVFAIL due to overkilling EDNS0 failure detection.
3007 2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
3010 2381. [port] dlz/mysql: support multiple install layouts for
3011 mysql. <prefix>/include/{,mysql/}mysql.h and
3012 <prefix>/lib/{,mysql/}. [RT #18152]
3014 2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
3015 proofs which, in turn, caused validation failures
3016 for insecure zones immediately below a secure zone
3017 the server was authoritative for. [RT #18112]
3019 2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
3020 TLDs and supported RRs with TTLs [RT #17972]
3022 2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
3025 2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
3027 2376. [bug] Change #2144 was not complete.
3031 2374. [bug] "blackhole" ACLs could cause named to segfault due
3032 to some uninitialized memory. [RT #18095]
3034 2373. [bug] Default values of zone ACLs were re-parsed each time a
3035 new zone was configured, causing an overconsumption
3036 of memory. [RT #18092]
3038 2372. [bug] Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
3040 2371. [doc] Add +nsid option to dig man page. [RT #18039]
3042 2370. [bug] "rndc freeze" could trigger an assertion in named
3043 when called on a nonexistent zone. [RT #18050]
3045 2369. [bug] libbind: Array bounds overrun on read in bitncmp().
3048 2368. [port] Linux: use libcap for capability management if
3049 possible. [RT# 18026]
3051 2367. [bug] Improve counting of dns_resstatscounter_retry
3054 2366. [bug] Adb shutdown race. [RT #18021]
3056 2365. [bug] Fix a bug that caused dns_acl_isany() to return
3057 spurious results. [RT #18000]
3059 2364. [bug] named could trigger a assertion when serving a
3060 malformed signed zone. [RT #17828]
3062 2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
3065 2362. [cleanup] Make "rrset-order fixed" a compile-time option.
3066 settable by "./configure --enable-fixed-rrset".
3067 Disabled by default. [RT #17977]
3069 2361. [bug] "recursion" statistics counter could be counted
3070 multiple times for a single query. [RT #17990]
3072 2360. [bug] Fix a condition where we release a database version
3073 (which may acquire a lock) while holding the lock.
3075 2359. [bug] Fix NSID bug. [RT #17942]
3077 2358. [doc] Update host's default query description. [RT #17934]
3079 2357. [port] Don't use OpenSSL's engine support in versions before
3080 OpenSSL 0.9.7f. [RT #17922]
3082 2356. [bug] Built in mutex profiler was not scalable enough.
3085 2355. [func] Extend the number statistics counters available.
3088 2354. [bug] Failed to initialize some rdatasetheader_t elements.
3091 2353. [func] Add support for Name Server ID (RFC 5001).
3092 'dig +nsid' requests NSID from server.
3093 'request-nsid yes;' causes recursive server to send
3094 NSID requests to upstream servers. Server responds
3095 to NSID requests with the string configured by
3096 'server-id' option. [RT #17091]
3098 2352. [bug] Various GSS_API fixups. [RT #17729]
3100 2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
3102 2350. [port] win32: IPv6 support. [RT #17797]
3104 2349. [func] Provide incremental re-signing support for secure
3105 dynamic zones. [RT #1091]
3107 2348. [func] Use the EVP interface to OpenSSL. Add PKCS#11 support.
3108 Documentation is in the new README.pkcs11 file.
3109 New tool, dnssec-keyfromlabel, which takes the
3110 label of a key pair in a HSM and constructs a DNS
3111 key pair for use by named and dnssec-signzone.
3114 2347. [bug] Delete now traverses the RB tree in the canonical
3117 2346. [func] Memory statistics now cover all active memory contexts
3118 in increased detail. [RT #17580]
3120 2345. [bug] named-checkconf failed to detect when forwarders
3121 were set at both the options/view level and in
3122 a root zone. [RT #17671]
3124 2344. [bug] Improve "logging{ file ...; };" documentation.
3127 2343. [bug] (Seemingly) duplicate IPv6 entries could be
3128 created in ADB. [RT #17837]
3130 2342. [func] Use getifaddrs() if available under Linux. [RT #17224]
3132 2341. [bug] libbind: add missing -I../include for off source
3133 tree builds. [RT #17606]
3135 2340. [port] openbsd: interface configuration. [RT #17700]
3137 2339. [port] tru64: support for libbind. [RT #17589]
3139 2338. [bug] check_ds() could be called with a non DS rdataset.
3142 2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
3144 2336. [func] If "named -6" is specified then listen on all IPv6
3145 interfaces if there are not listen-on-v6 clauses in
3146 named.conf. [RT #17581]
3148 2335. [port] sunos: libbind and *printf() support for long long.
3151 2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
3152 bug in fromstruct_txt(). [RT #17609]
3154 2333. [bug] Fix off by one error in isc_time_nowplusinterval().
3157 2332. [contrib] query-loc-0.4.0. [RT #17602]
3159 2331. [bug] Failure to regenerate any signatures was not being
3160 reported nor being past back to the UPDATE client.
3163 2330. [bug] Remove potential race condition when handling
3164 over memory events. [RT #17572]
3166 WARNING: API CHANGE: over memory callback
3167 function now needs to call isc_mem_waterack().
3168 See <isc/mem.h> for details.
3170 2329. [bug] Clearer help text for dig's '-x' and '-i' options.
3172 2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
3173 F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
3174 J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
3177 2327. [bug] It was possible to dereference a NULL pointer in
3178 rbtdb.c. Implement dead node processing in zones as
3179 we do for caches. [RT #17312]
3181 2326. [bug] It was possible to trigger a INSIST in the acache
3184 2325. [port] Linux: use capset() function if available. [RT #17557]
3186 2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
3188 2323. [port] tru64: namespace clash. [RT #17547]
3190 2322. [port] MacOS: work around the limitation of setrlimit()
3191 for RLIMIT_NOFILE. [RT #17526]
3195 2320. [func] Make statistics counters thread-safe for platforms
3196 that support certain atomic operations. [RT #17466]
3198 2319. [bug] Silence Coverity warnings in
3199 lib/dns/rdata/in_1/apl_42.c. [RT #17469]
3201 2318. [port] sunos fixes for libbind. [RT #17514]
3203 2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
3205 2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
3208 2315. [bug] Used incorrect address family for mapped IPv4
3209 addresses in acl.c. [RT #17519]
3211 2314. [bug] Uninitialized memory use on error path in
3212 bin/named/lwdnoop.c. [RT #17476]
3214 2313. [cleanup] Silence Coverity warnings. Handle private stacks.
3215 [RT #17447] [RT #17478]
3217 2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
3220 2311. [bug] IPv6 addresses could match IPv4 ACL entries and
3221 vice versa. [RT #17462]
3223 2310. [bug] dig, host, nslookup: flush stdout before emitting
3224 debug/fatal messages. [RT #17501]
3226 2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
3229 2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
3232 2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
3234 2306. [bug] Remove potential race from lib/dns/resolver.c.
3237 2305. [security] inet_network() buffer overflow. CVE-2008-0122.
3239 2304. [bug] Check returns from all dns_rdata_tostruct() calls.
3242 2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
3245 2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
3247 2301. [bug] Remove resource leak and fix error messages in
3248 bin/tests/system/lwresd/lwtest.c. [RT #17474]
3250 2300. [bug] Fixed failure to close open file in
3251 bin/tests/names/t_names.c. [RT #17473]
3253 2299. [bug] Remove unnecessary NULL check in
3254 bin/nsupdate/nsupdate.c. [RT #17475]
3256 2298. [bug] isc_mutex_lock() failure not caught in
3257 bin/tests/timers/t_timers.c. [RT #17468]
3259 2297. [bug] isc_entropy_createfilesource() failure not caught in
3260 bin/tests/dst/t_dst.c. [RT #17467]
3262 2296. [port] Allow docbook stylesheet location to be specified to
3263 configure. [RT #17457]
3265 2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
3268 2294. [func] Allow the experimental statistics channels to have
3269 multiple connections and ACL.
3270 Note: the stats-server and stats-server-v6 options
3271 available in the previous beta releases are replaced
3272 with the generic statistics-channels statement.
3274 2293. [func] Add ACL regression test. [RT #17375]
3276 2292. [bug] Log if the working directory is not writable.
3279 2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
3280 failure to set PR_SET_DUMPABLE. [RT #17312]
3282 2290. [bug] Let AD in the query signal that the client wants AD
3283 set in the response. [RT #17301]
3285 2289. [func] named-checkzone now reports the out-of-zone CNAME
3288 2288. [port] win32: mark service as running when we have finished
3289 loading. [RT #17441]
3291 2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
3293 2286. [func] Allow a TCP connection to be used as a weak
3294 authentication method for reverse zones.
3295 New update-policy methods tcp-self and 6to4-self.
3298 2285. [func] Test framework for client memory context management.
3301 2284. [bug] Memory leak in UPDATE prerequisite processing.
3304 2283. [bug] TSIG keys were not attaching to the memory
3305 context. TSIG keys should use the rings
3306 memory context rather than the clients memory
3307 context. [RT #17377]
3309 2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
3311 2281. [bug] Attempts to use undefined acls were not being logged.
3314 2280. [func] Allow the experimental http server to be reached
3315 over IPv6 as well as IPv4. [RT #17332]
3317 2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
3318 to protect applications from receiving spurious
3319 SIGPIPE signals when using the resolver.
3321 2278. [bug] win32: handle the case where Windows returns no
3322 search list or DNS suffix. [RT #17354]
3324 2277. [bug] Empty zone names were not correctly being caught at
3325 in the post parse checks. [RT #17357]
3327 2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
3329 2275. [func] Add support to dig to perform IXFR queries over UDP.
3332 2274. [func] Log zone transfer statistics. [RT #17336]
3334 2273. [bug] Adjust log level to WARNING when saving inconsistent
3335 stub/slave master and journal files. [RT# 17279]
3337 2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
3340 2271. [bug] Fix a memory leak in http server code [RT #17100]
3342 2270. [bug] dns_db_closeversion() version->writer could be reset
3343 before it is tested. [RT #17290]
3345 2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
3347 2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
3350 --- 9.5.0b1 released ---
3352 2267. [bug] Radix tree node_num value could be set incorrectly,
3353 causing positive ACL matches to look like negative
3356 2266. [bug] client.c:get_clientmctx() returned the same mctx
3357 once the pool of mctx's was filled. [RT #17218]
3359 2265. [bug] Test that the memory context's basic_table is non NULL
3360 before freeing. [RT #17265]
3362 2264. [bug] Server prefix length was being ignored. [RT #17308]
3364 2263. [bug] "named-checkconf -z" failed to set default value
3365 for "check-integrity". [RT #17306]
3367 2262. [bug] Error status from all but the last view could be
3370 2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
3372 2260. [bug] Reported wrong clients-per-query when increasing the
3377 --- 9.5.0a7 released ---
3379 2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
3382 2257. [bug] win32: Use the full path to vcredist_x86.exe when
3383 calling it. [RT #17222]
3385 2256. [bug] win32: Correctly register the installation location of
3386 bindevt.dll. [RT #17159]
3388 2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
3390 2254. [bug] timer.c:dispatch() failed to lock timer->lock
3391 when reading timer->idle allowing it to see
3392 intermediate values as timer->idle was reset by
3393 isc_timer_touch(). [RT #17243]
3395 2253. [func] "max-cache-size" defaults to 32M.
3396 "max-acache-size" defaults to 16M.
3398 2252. [bug] Fixed errors in sortlist code [RT #17216]
3402 2250. [func] New flag 'memstatistics' to state whether the
3403 memory statistics file should be written or not.
3404 Additionally named's -m option will cause the
3405 statistics file to be written. [RT #17113]
3407 2249. [bug] Only set Authentic Data bit if client requested
3408 DNSSEC, per RFC 3655 [RT #17175]
3410 2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
3412 2247. [doc] Sort doc/misc/options. [RT #17067]
3414 2246. [bug] Make the startup of test servers (ans.pl) more
3417 2245. [bug] Validating lack of DS records at trust anchors wasn't
3418 working. [RT #17151]
3420 2244. [func] Allow the check of nameserver names against the
3421 SOA MNAME field to be disabled by specifying
3422 'notify-to-soa yes;'. [RT #17073]
3424 2243. [func] Configuration files without a newline at the end now
3425 parse without error. [RT #17120]
3427 2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
3428 library could require a source of random data.
3431 2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
3433 2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
3434 a number of INSIST()s into plain fatal() errors
3435 which report the triggering result code.
3436 The 'key' command wasn't disabling GSS-TSIG.
3439 2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
3441 2238. [bug] It was possible to trigger a REQUIRE when a
3442 validation was canceled. [RT #17106]
3444 2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
3446 2236. [bug] dnssec-signzone failed to preserve the case of
3447 of wildcard owner names. [RT #17085]
3449 2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
3451 2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
3453 2233. [func] Add support for O(1) ACL processing, based on
3454 radix tree code originally written by Kevin
3455 Brintnall. [RT #16288]
3457 2232. [bug] dns_adb_findaddrinfo() could fail and return
3458 ISC_R_SUCCESS. [RT #17137]
3460 2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
3463 2230. [bug] We could INSIST reading a corrupted journal.
3466 2229. [bug] Null pointer dereference on query pool creation
3467 failure. [RT #17133]
3469 2228. [contrib] contrib: Change 2188 was incomplete.
3471 2227. [cleanup] Tidied up the FAQ. [RT #17121]
3475 2225. [bug] More support for systems with no IPv4 addresses.
3478 2224. [bug] Defer journal compaction if a xfrin is in progress.
3481 2223. [bug] Make a new journal when compacting. [RT #17119]
3483 2222. [func] named-checkconf now checks server key references.
3486 2221. [bug] Set the event result code to reflect the actual
3487 record turned to caller when a cache update is
3488 rejected due to a more credible answer existing.
3491 2220. [bug] win32: Address a race condition in final shutdown of
3492 the Windows socket code. [RT #17028]
3494 2219. [bug] Apply zone consistency checks to additions, not
3495 removals, when updating. [RT #17049]
3497 2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
3500 2217. [func] Adjust update log levels. [RT #17092]
3502 2216. [cleanup] Fix a number of errors reported by Coverity.
3505 2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
3507 2214. [bug] Deregister OpenSSL lock callback when cleaning
3508 up. Reorder OpenSSL cleanup so that RAND_cleanup()
3509 is called before the locks are destroyed. [RT #17098]
3511 2213. [bug] SIG0 diagnostic failure messages were looking at the
3512 wrong status code. [RT #17101]
3514 2212. [func] 'host -m' now causes memory statistics and active
3515 memory to be printed at exit. [RT 17028]
3517 2211. [func] Update "dynamic update temporarily disabled" message.
3520 2210. [bug] Deleting class specific records via UPDATE could
3523 2209. [port] osx: linking against user supplied static OpenSSL
3524 libraries failed as the system ones were still being
3527 2208. [port] win32: make sure both build methods produce the
3528 same output. [RT #17058]
3530 2207. [port] Some implementations of getaddrinfo() fail to set
3531 ai_canonname correctly. [RT #17061]
3533 --- 9.5.0a6 released ---
3535 2206. [security] "allow-query-cache" and "allow-recursion" now
3536 cross inherit from each other.
3538 If allow-query-cache is not set in named.conf then
3539 allow-recursion is used if set, otherwise allow-query
3540 is used if set, otherwise the default (localnets;
3541 localhost;) is used.
3543 If allow-recursion is not set in named.conf then
3544 allow-query-cache is used if set, otherwise allow-query
3545 is used if set, otherwise the default (localnets;
3546 localhost;) is used.
3550 2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
3552 2204. [bug] "rndc flushanme name unknown-view" caused named
3553 to crash. [RT #16984]
3555 2203. [security] Query id generation was cryptographically weak.
3558 2202. [security] The default acls for allow-query-cache and
3559 allow-recursion were not being applied. [RT #16960]
3561 2201. [bug] The build failed in a separate object directory.
3564 2200. [bug] The search for cached NSEC records was stopping to
3565 early leading to excessive DLV queries. [RT #16930]
3567 2199. [bug] win32: don't call WSAStartup() while loading dlls.
3570 2198. [bug] win32: RegCloseKey() could be called when
3571 RegOpenKeyEx() failed. [RT #16911]
3573 2197. [bug] Add INSIST to catch negative responses which are
3574 not setting the event result code appropriately.
3577 2196. [port] win32: yield processor while waiting for once to
3578 to complete. [RT #16958]
3580 2195. [func] dnssec-keygen now defaults to nametype "ZONE"
3581 when generating DNSKEYs. [RT #16954]
3583 2194. [bug] Close journal before calling 'done' in xfrin.c.
3585 --- 9.5.0a5 released ---
3587 2193. [port] win32: BINDInstall.exe is now linked statically.
3590 2192. [port] win32: use vcredist_x86.exe to install Visual
3591 Studio's redistributable dlls if building with
3592 Visual Stdio 2005 or later.
3594 2191. [func] named-checkzone now allows dumping to stdout (-).
3595 named-checkconf now has -h for help.
3596 named-checkzone now has -h for help.
3597 rndc now has -h for help.
3598 Better handling of '-?' for usage summaries.
3601 2190. [func] Make fallback to plain DNS from EDNS due to timeouts
3602 more visible. New logging category "edns-disabled".
3605 2189. [bug] Handle socket() returning EINTR. [RT #15949]
3607 2188. [contrib] queryperf: autoconf changes to make the search for
3608 libresolv or libbind more robust. [RT #16299]
3610 2187. [bug] query_addds(), query_addwildcardproof() and
3611 query_addnxrrsetnsec() should take a version
3612 argument. [RT #16368]
3614 2186. [port] cygwin: libbind: check for struct sockaddr_storage
3615 independently of IPv6. [RT #16482]
3617 2185. [port] sunos: libbind: check for ssize_t, memmove() and
3618 memchr(). [RT #16463]
3620 2184. [bug] bind9.xsl.h didn't build out of the source tree.
3623 2183. [bug] dnssec-signzone didn't handle offline private keys
3626 2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
3627 could return ISC_R_SUCCESS when they ran out of
3630 2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
3632 2180. [cleanup] Remove bit test from 'compress_test' as they
3633 are no longer needed. [RT #16497]
3635 2179. [func] 'rndc command zone' will now find 'zone' if it is
3636 unique to all the views. [RT #16821]
3638 2178. [bug] 'rndc reload' of a slave or stub zone resulted in
3639 a reference leak. [RT #16867]
3641 2177. [bug] Array bounds overrun on read (rcodetext) at
3642 debug level 10+. [RT #16798]
3644 2176. [contrib] dbus update to handle race condition during
3645 initialization (Bugzilla 235809). [RT #16842]
3647 2175. [bug] win32: windows broadcast condition variable support
3648 was broken. [RT #16592]
3650 2174. [bug] I/O errors should always be fatal when reading
3651 master files. [RT #16825]
3653 2173. [port] win32: When compiling with MSVS 2005 SP1 we also
3654 need to ship Microsoft.VC80.MFCLOC.
3656 --- 9.5.0a4 released ---
3658 2172. [bug] query_addsoa() was being called with a non zone db.
3661 2171. [bug] Handle breaks in DNSSEC trust chains where the parent
3662 servers are not DS aware (DS queries to the parent
3663 return a referral to the child).
3665 2170. [func] Add acache processing to test suite. [RT #16711]
3667 2169. [bug] host, nslookup: when reporting NXDOMAIN report the
3668 given name and not the last name searched for.
3671 2168. [bug] nsupdate: in non-interactive mode treat syntax errors
3672 as fatal errors. [RT #16785]
3674 2167. [bug] When re-using a automatic zone named failed to
3675 attach it to the new view. [RT #16786]
3677 --- 9.5.0a3 released ---
3679 2166. [bug] When running in batch mode, dig could misinterpret
3680 a server address as a name to be looked up, causing
3681 unexpected output. [RT #16743]
3683 2165. [func] Allow the destination address of a query to determine
3684 if we will answer the query or recurse.
3685 allow-query-on, allow-recursion-on and
3686 allow-query-cache-on. [RT #16291]
3688 2164. [bug] The code to determine how named-checkzone /
3689 named-compilezone was called failed under windows.
3692 2163. [bug] If only one of query-source and query-source-v6
3693 specified a port the query pools code broke (change
3696 2162. [func] Allow "rrset-order fixed" to be disabled at compile
3699 2161. [bug] Fix which log messages are emitted for 'rndc flush'.
3702 2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
3703 from getifaddrs(). [RT #16708]
3705 --- 9.5.0a2 released ---
3707 2159. [bug] Array bounds overrun in acache processing. [RT #16710]
3709 2158. [bug] ns_client_isself() failed to initialize key
3710 leading to a REQUIRE failure. [RT #16688]
3712 2157. [func] dns_db_transfernode() created. [RT #16685]
3714 2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
3715 resolver.c:validated() and resolver.c:cache_name().
3716 Fix a memory leak in rbtdb.c:free_noqname().
3717 Make lookup.c:lookup_find() robust against
3718 event leaks. [RT #16685]
3720 2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
3723 2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
3724 matched in acls by omitting the scope. [RT #16599]
3726 2153. [bug] nsupdate could leak memory. [RT #16691]
3728 2152. [cleanup] Use sizeof(buf) instead of fixed number in
3729 dighost.c:get_trusted_key(). [RT #16678]
3731 2151. [bug] Missing newline in usage message for journalprint.
3734 2150. [bug] 'rrset-order cyclic' uniformly distribute the
3735 starting point for the first response for a given
3738 2149. [bug] isc_mem_checkdestroyed() failed to abort on
3739 if there were still active memory contexts.
3742 2148. [func] Add positive logging for rndc commands. [RT #14623]
3744 2147. [bug] libbind: remove potential buffer overflow from
3745 hmac_link.c. [RT #16437]
3747 2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
3748 SO_BSDCOMPAT" message. [RT #16641]
3750 2145. [bug] Check DS/DLV digest lengths for known digests.
3753 2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
3756 2143. [bug] We failed to restart the IPv6 client when the
3757 kernel failed to return the destination the
3758 packet was sent to. [RT #16613]
3760 2142. [bug] Handle master files with a modification time that
3761 matches the epoch. [RT# 16612]
3763 2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
3764 equivalent of LDH checks). [RT #16609]
3766 2140. [bug] libbind: missing unlock on pthread_key_create()
3767 failures. [RT #16654]
3769 2139. [bug] dns_view_find() was being called with wrong type
3770 in adb.c. [RT #16670]
3772 2138. [bug] Lock order reversal in resolver.c. [RT #16653]
3774 2137. [port] Mips little endian and/or mips 64 bit are now
3775 supported for atomic operations. [RT#16648]
3777 2136. [bug] nslookup/host looped if there was no search list
3778 and the host didn't exist. [RT #16657]
3780 2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
3782 2134. [func] Additional statistics support. [RT #16666]
3784 2133. [port] powerpc: Support both IBM and MacOS Power PC
3785 assembler syntaxes. [RT #16647]
3787 2132. [bug] Missing unlock on out of memory in
3788 dns_dispatchmgr_setudp().
3790 2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
3792 2130. [func] Log if CD or DO were set. [RT #16640]
3794 2129. [func] Provide a pool of UDP sockets for queries to be
3795 made over. See use-queryport-pool, queryport-pool-ports
3796 and queryport-pool-updateinterval. [RT #16415]
3798 2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
3800 2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
3802 2126. [security] Serialize validation of type ANY responses. [RT #16555]
3804 2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
3805 was defined. [RT #16574]
3807 2124. [security] It was possible to dereference a freed fetch
3808 context. [RT #16584]
3810 --- 9.5.0a1 released ---
3812 2123. [func] Use Doxygen to generate internal documentation.
3815 2122. [func] Experimental http server and statistics support
3818 2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
3819 second timeout. [RT #16553]
3821 2120. [doc] Fix markup on nsupdate man page. [RT #16556]
3823 2119. [compat] libbind: allow res_init() to succeed enough to
3824 return the default domain even if it was unable
3827 2118. [bug] Handle response with long chains of domain name
3828 compression pointers which point to other compression
3829 pointers. [RT #16427]
3831 2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
3832 which could lead to validation failures. named didn't
3833 handle negative DS responses that were in the process
3834 of being validated. Check CNAME bit before accepting
3835 NODATA proof. To be able to ignore a child NSEC there
3836 must be SOA (and NS) set in the bitmap. [RT #16399]
3838 2116. [bug] 'rndc reload' could cause the cache to continually
3839 be cleaned. [RT #16401]
3841 2115. [bug] 'rndc reconfig' could trigger a INSIST if the
3842 number of masters for a zone was reduced. [RT #16444]
3844 2114. [bug] dig/host/nslookup: searches for names with multiple
3845 labels were failing. [RT #16447]
3847 2113. [bug] nsupdate: if a zone is specified it should be used
3848 for server discover. [RT# 16455]
3850 2112. [security] Warn if weak RSA exponent is used. [RT #16460]
3852 2111. [bug] Fix a number of errors reported by Coverity.
3855 2110. [bug] "minimal-responses yes;" interacted badly with BIND 8
3856 priming queries. [RT #16491]
3858 2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
3860 2108. [func] DHCID support. [RT #16456]
3862 2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
3864 2106. [func] 'rndc status' now reports named's version. [RT #16426]
3866 2105. [func] GSS-TSIG support (RFC 3645).
3868 2104. [port] Fix Solaris SMF error message.
3870 2103. [port] Add /usr/sfw to list of locations for OpenSSL
3873 2102. [port] Silence Solaris 10 warnings.
3875 2101. [bug] OpenSSL version checks were not quite right.
3878 2100. [port] win32: copy libeay32.dll to Build\Debug.
3879 Copy Debug\named-checkzone to Debug\named-compilezone.
3881 2099. [port] win32: more manifest issues.
3883 2098. [bug] Race in rbtdb.c:no_references(), which occasionally
3884 triggered an INSIST failure about the node lock
3885 reference. [RT #16411]
3887 2097. [bug] named could reference a destroyed memory context
3888 after being reloaded / reconfigured. [RT #16428]
3890 2096. [bug] libbind: handle applications that fail to detect
3891 res_init() failures better.
3893 2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
3894 net_cidr_ntop_ipv6(). [RT #16388]
3896 2094. [contrib] Update named-bootconf. [RT# 16404]
3898 2093. [bug] named-checkzone -s was broken.
3900 2092. [bug] win32: dig, host, nslookup. Use registry config
3901 if resolv.conf does not exist or no nameservers
3904 2091. [port] dighost.c: race condition on cleanup. [RT #16417]
3906 2090. [port] win32: Visual C++ 2005 command line manifest support.
3909 2089. [security] Raise the minimum safe OpenSSL versions to
3910 OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
3911 prior to these have known security flaws which
3912 are (potentially) exploitable in named. [RT #16391]
3914 2088. [security] Change the default RSA exponent from 3 to 65537.
3917 2087. [port] libisc failed to compile on OS's w/o a vsnprintf.
3920 2086. [port] libbind: FreeBSD now has get*by*_r() functions.
3923 2085. [doc] win32: added index.html and README to zip. [RT #16201]
3925 2084. [contrib] dbus update for 9.3.3rc2.
3927 2083. [port] win32: Visual C++ 2005 support.
3929 2082. [doc] Document 'cache-file' as a test only option.
3931 2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
3934 2080. [port] libbind: res_init.c did not compile on older versions
3935 of Solaris. [RT #16363]
3937 2079. [bug] The lame cache was not handling multiple types
3938 correctly. [RT #16361]
3940 2078. [bug] dnssec-checkzone output style "default" was badly
3941 named. It is now called "relative". [RT #16326]
3943 2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the
3944 complete signed zone. [RT #16326]
3946 2076. [bug] Several files were missing #include <config.h>
3947 causing build failures on OSF. [RT #16341]
3949 2075. [bug] The spillat timer event hander could leak memory.
3952 2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
3953 dns_request_createraw2() and dns_request_createraw3()
3954 failed to send multiple UDP requests. [RT #16349]
3956 2073. [bug] Incorrect semantics check for update policy "wildcard".
3959 2072. [bug] We were not generating valid HMAC SHA digests.
3962 2071. [port] Test whether gcc accepts -fno-strict-aliasing.
3965 2070. [bug] The remote address was not always displayed when
3966 reporting dispatch failures. [RT #16315]
3968 2069. [bug] Cross compiling was not working. [RT #16330]
3970 2068. [cleanup] Lower incremental tuning message to debug 1.
3973 2067. [bug] 'rndc' could close the socket too early triggering
3974 a INSIST under Windows. [RT #16317]
3976 2066. [security] Handle SIG queries gracefully. [RT #16300]
3978 2065. [bug] libbind: probe for HPUX prototypes for
3979 endprotoent_r() and endservent_r(). [RT 16313]
3981 2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
3983 2063. [bug] Change #1955 introduced a bug which caused the first
3984 'rndc flush' call to not free memory. [RT #16244]
3986 2062. [bug] 'dig +nssearch' was reusing a buffer before it had
3987 been returned by the socket code. [RT #16307]
3989 2061. [bug] Accept expired wildcard message reversed. [RT #16296]
3991 2060. [bug] Enabling DLZ support could leave views partially
3992 configured. [RT #16295]
3994 2059. [bug] Search into cache rbtdb could trigger an INSIST
3995 failure while cleaning up a stale rdataset.
3998 2058. [bug] Adjust how we calculate rtt estimates in the presence
3999 of authoritative servers that drop EDNS and/or CD
4000 requests. Also fallback to EDNS/512 and plain DNS
4001 faster for zones with less than 3 servers. [RT #16187]
4003 2057. [bug] Make setting "ra" dependent on both allow-query-cache
4004 and allow-recursion. [RT #16290]
4006 2056. [bug] dig: ixfr= was not being treated case insensitively
4007 at all times. [RT #15955]
4009 2055. [bug] Missing goto after dropping multicast query.
4012 2054. [port] freebsd: do not explicitly link against -lpthread.
4015 2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
4017 2052. [bug] 'rndc' improve connect failed message to report
4018 the failing address. [RT #15978]
4020 2051. [port] More strtol() fixes. [RT #16249]
4022 2050. [bug] Parsing of NSAP records was not case insensitive.
4025 2049. [bug] Restore SOA before AXFR when falling back from
4026 a attempted IXFR when transferring in a zone.
4027 Allow a initial SOA query before attempting
4028 a AXFR to be requested. [RT #16156]
4030 2048. [bug] It was possible to loop forever when using
4031 avoid-v4-udp-ports / avoid-v6-udp-ports when
4032 the OS always returned the same local port.
4035 2047. [bug] Failed to initialize the interface flags to zero.
4038 2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
4039 cleanup [RT #16247].
4041 2045. [func] Use lock buckets for acache entries to limit memory
4042 consumption. [RT #16183]
4044 2044. [port] Add support for atomic operations for Itanium.
4047 2043. [port] nsupdate/nslookup: Force the flushing of the prompt
4048 for interactive sessions. [RT#16148]
4050 2042. [bug] named-checkconf was incorrectly rejecting the
4051 logging category "config". [RT #16117]
4053 2041. [bug] "configure --with-dlz-bdb=yes" produced a bad
4054 set of libraries to be linked. [RT #16129]
4056 2040. [bug] rbtdb no_references() could trigger an INSIST
4057 failure with --enable-atomic. [RT #16022]
4059 2039. [func] Check that all buffers passed to the socket code
4060 have been retrieved when the socket event is freed.
4063 2038. [bug] dig/nslookup/host was unlinking from wrong list
4064 when handling errors. [RT #16122]
4066 2037. [func] When unlinking the first or last element in a list
4067 check that the list head points to the element to
4068 be unlinked. [RT #15959]
4070 2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
4073 2035. [func] Make falling back to TCP on UDP refresh failure
4074 optional. Default "try-tcp-refresh yes;" for BIND 8
4075 compatibility. [RT #16123]
4077 2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
4079 2033. [bug] We weren't creating multiple client memory contexts
4080 on demand as expected. [RT #16095]
4082 2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
4084 2031. [bug] Emit a error message when "rndc refresh" is called on
4085 a non slave/stub zone. [RT # 16073]
4087 2030. [bug] We were being overly conservative when disabling
4088 openssl engine support. [RT #16030]
4090 2029. [bug] host printed out the server multiple times when
4091 specified on the command line. [RT #15992]
4093 2028. [port] linux: socket.c compatibility for old systems.
4096 2027. [port] libbind: Solaris x86 support. [RT #16020]
4098 2026. [bug] Rate limit the two recursive client exceeded messages.
4101 2025. [func] Update "zone serial unchanged" message. [RT #16026]
4103 2024. [bug] named emitted spurious "zone serial unchanged"
4104 messages on reload. [RT #16027]
4106 2023. [bug] "make install" should create ${localstatedir}/run and
4107 ${sysconfdir} if they do not exist. [RT #16033]
4109 2022. [bug] If dnssec validation is disabled only assert CD if
4110 CD was requested. [RT #16037]
4112 2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037]
4114 2020. [bug] rdataset_setadditional() could leak memory. [RT #16034]
4116 2019. [tuning] Reduce the amount of work performed per quantum
4117 when cleaning the cache. [RT #15986]
4119 2018. [bug] Checking if the HMAC MD5 private file was broken.
4122 2017. [bug] allow-query default was not correct. [RT #15946]
4124 2016. [bug] Return a partial answer if recursion is not
4125 allowed but requested and we had the answer
4126 to the original qname. [RT #15945]
4128 2015. [cleanup] use-additional-cache is now acache-enable for
4129 consistency. Default acache-enable off in BIND 9.4
4130 as it requires memory usage to be configured.
4131 It may be enabled by default in BIND 9.5 once we
4132 have more experience with it.
4134 2014. [func] Statistics about acache now recorded and sent
4137 2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
4138 responses more gracefully. [RT #15941]
4140 2012. [func] Don't insert new acache entries if acache is full.
4143 2011. [func] dnssec-signzone can now update the SOA record of
4144 the signed zone, either as an increment or as the
4145 system time(). [RT #15633]
4147 2010. [placeholder] rt15958
4149 2009. [bug] libbind: Coverity fixes. [RT #15808]
4151 2008. [func] It is now possible to enable/disable DNSSEC
4152 validation from rndc. This is useful for the
4153 mobile hosts where the current connection point
4154 breaks DNSSEC (firewall/proxy). [RT #15592]
4156 rndc validation newstate [view]
4158 2007. [func] It is now possible to explicitly enable DNSSEC
4159 validation. default dnssec-validation no; to
4160 be changed to yes in 9.5.0. [RT #15674]
4162 2006. [security] Allow-query-cache and allow-recursion now default
4163 to the built in acls "localnets" and "localhost".
4165 This is being done to make caching servers less
4166 attractive as reflective amplifying targets for
4167 spoofed traffic. This still leave authoritative
4170 The best fix is for full BCP 38 deployment to
4171 remove spoofed traffic.
4173 2005. [bug] libbind: Retransmission timeouts should be
4174 based on which attempt it is to the nameserver
4175 and not the nameserver itself. [RT #13548]
4177 2004. [bug] dns_tsig_sign() could pass a NULL pointer to
4178 dst_context_destroy() when cleaning up after a
4181 2003. [bug] libbind: The DNS name/address lookup functions could
4182 occasionally follow a random pointer due to
4183 structures not being completely zeroed. [RT #15806]
4185 2002. [bug] libbind: tighten the constraints on when
4186 struct addrinfo._ai_pad exists. [RT #15783]
4188 2001. [func] Check the KSK flag when updating a secure dynamic zone.
4189 New zone option "update-check-ksk yes;". [RT #15817]
4191 2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812]
4193 1999. [func] Implement "rrset-order fixed". [RT #13662]
4195 1998. [bug] Restrict handling of fifos as sockets to just SunOS.
4196 This allows named to connect to entropy gathering
4197 daemons that use fifos instead of sockets. [RT #15840]
4199 1997. [bug] Named was failing to replace negative cache entries
4200 when a positive one for the type was learnt.
4203 1996. [bug] nsupdate: if a zone has been specified it should
4204 appear in the output of 'show'. [RT #15797]
4206 1995. [bug] 'host' was reporting multiple "is an alias" messages.
4209 1994. [port] OpenSSL 0.9.8 support. [RT #15694]
4211 1993. [bug] Log messages, via syslog, were missing the space
4212 after the timestamp if "print-time yes" was specified.
4215 1992. [bug] Not all incoming zone transfer messages included the
4218 1991. [cleanup] The configuration data, once read, should be treated
4219 as read only. Expand the use of const to enforce this
4220 at compile time. [RT #15813]
4222 1990. [bug] libbind: isc's override of broken gettimeofday()
4223 implementations was not always effective.
4226 1989. [bug] win32: don't check the service password when
4227 re-installing. [RT #15882]
4229 1988. [bug] Remove a bus error from the SHA256/SHA512 support.
4232 1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
4234 1986. [func] Report when a zone is removed. [RT #15849]
4236 1985. [protocol] DLV has now been assigned a official type code of
4239 Note: care should be taken to ensure you upgrade
4240 both named and dnssec-signzone at the same time for
4241 zones with DLV records where named is the master
4242 server for the zone. Also any zones that contain
4243 DLV records should be removed when upgrading a slave
4244 zone. You do not however have to upgrade all
4245 servers for a zone with DLV records simultaneously.
4247 1984. [func] dig, nslookup and host now advertise a 4096 byte
4248 EDNS UDP buffer size by default. [RT #15855]
4250 1983. [func] Two new update policies. "selfsub" and "selfwild".
4253 1982. [bug] DNSKEY was being accepted on the parent side of
4254 a delegation. KEY is still accepted there for
4255 RFC 3007 validated updates. [RT #15620]
4257 1981. [bug] win32: condition.c:wait() could fail to reattain
4260 1980. [func] dnssec-signzone: output the SOA record as the
4261 first record in the signed zone. [RT #15758]
4263 1979. [port] linux: allow named to drop core after changing
4264 user ids. [RT #15753]
4266 1978. [port] Handle systems which have a broken recvmsg().
4269 1977. [bug] Silence noisy log message. [RT #15704]
4271 1976. [bug] Handle systems with no IPv4 addresses. [RT #15695]
4273 1975. [bug] libbind: isc_gethexstring() could misparse multi-line
4274 hex strings with comments. [RT #15814]
4276 1974. [doc] List each of the zone types and associated zone
4277 options separately in the ARM.
4279 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
4280 HMACSHA512 support. [RT #13606]
4282 1972. [contrib] DBUS dynamic forwarders integration from
4283 Jason Vas Dias <jvdias@redhat.com>.
4285 1971. [port] linux: make detection of missing IF_NAMESIZE more
4288 1970. [bug] nsupdate: adjust UDP timeout when falling back to
4289 unsigned SOA query. [RT #15775]
4291 1969. [bug] win32: the socket code was freeing the socket
4292 structure too early. [RT #15776]
4294 1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
4296 1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
4298 1966. [bug] Don't set CD when we have fallen back to plain DNS.
4301 1965. [func] Suppress spurious "recursion requested but not
4302 available" warning with 'dig +qr'. [RT #15780].
4304 1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
4306 1963. [port] Tru64 4.0E doesn't support send() and recv().
4309 1962. [bug] Named failed to clear old update-policy when it
4310 was removed. [RT #15491]
4312 1961. [bug] Check the port and address of responses forwarded
4313 to dispatch. [RT #15474]
4315 1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
4318 1959. [func] Control the zeroing of the negative response TTL to
4319 a soa query. Defaults "zero-no-soa-ttl yes;" and
4320 "zero-no-soa-ttl-cache no;". [RT #15460]
4322 1958. [bug] Named failed to update the zone's secure state
4323 until the zone was reloaded. [RT #15412]
4325 1957. [bug] Dig mishandled responses to class ANY queries.
4328 1956. [bug] Improve cross compile support, 'gen' is now built
4329 by native compiler. See README for additional
4330 cross compile support information. [RT #15148]
4332 1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998]
4334 1954. [func] Named now falls back to advertising EDNS with a
4335 512 byte receive buffer if the initial EDNS queries
4338 1953. [func] The maximum EDNS UDP response named will send can
4339 now be set in named.conf (max-udp-size). This is
4340 independent of the advertised receive buffer
4341 (edns-udp-size). [RT #14852]
4343 1952. [port] hpux: tell the linker to build a runtime link
4344 path "-Wl,+b:". [RT #14816].
4346 1951. [security] Drop queries from particular well known ports.
4347 Don't return FORMERR to queries from particular
4348 well known ports. [RT #15636]
4350 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
4351 a TCP socket. This prevents the source address being
4352 set for TCP connections. [RT #15628]
4354 1949. [func] Addition memory leakage checks. [RT #15544]
4356 1948. [bug] If was possible to trigger a REQUIRE failure in
4357 xfrin.c:maybe_free() if named ran out of memory.
4360 1947. [func] It is now possible to configure named to accept
4361 expired RRSIGs. Default "dnssec-accept-expired no;".
4362 Setting "dnssec-accept-expired yes;" leaves named
4363 vulnerable to replay attacks. [RT #14685]
4365 1946. [bug] resume_dslookup() could trigger a REQUIRE failure
4366 when using forwarders. [RT #15549]
4368 1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
4369 To generate a RSAMD5 key you must explicitly request
4372 1944. [cleanup] isc_hash_create() does not need a read/write lock.
4375 1943. [bug] Set the loadtime after rolling forward the journal.
4378 1942. [bug] If the name of a DNSKEY match that of one in
4379 trusted-keys do not attempt to validate the DNSKEY
4380 using the parents DS RRset. [RT #15649]
4382 1941. [bug] ncache_adderesult() should set eresult even if no
4383 rdataset is passed to it. [RT #15642]
4385 1940. [bug] Fixed a number of error conditions reported by
4388 1939. [bug] The resolver could dereference a null pointer after
4389 validation if all the queries have timed out.
4392 1938. [bug] The validator was not correctly handling unsecure
4393 negative responses at or below a SEP. [RT #15528]
4395 1937. [bug] sdlz doesn't handle RRSIG records. [RT #15564]
4397 1936. [bug] The validator could leak memory. [RT #15544]
4399 1935. [bug] 'acache' was DO sensitive. [RT #15430]
4401 1934. [func] Validate pending NS RRsets, in the authority section,
4402 prior to returning them if it can be done without
4403 requiring DNSKEYs to be fetched. [RT #15430]
4405 1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
4407 1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
4409 1931. [bug] Per-client mctx could require a huge amount of memory,
4410 particularly for a busy caching server. [RT #15519]
4412 1930. [port] HPUX: ia64 support. [RT #15473]
4414 1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
4416 1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
4418 1927. [bug] Access to soanode or nsnode in rbtdb violated the
4419 lock order rule and could cause a dead lock.
4422 1926. [bug] The Windows installer did not check for empty
4423 passwords. BINDinstall was being installed in
4424 the wrong place. [RT #15483]
4426 1925. [port] All outer level AC_TRY_RUNs need cross compiling
4427 defaults. [RT #15469]
4429 1924. [port] libbind: hpux ia64 support. [RT #15473]
4431 1923. [bug] ns_client_detach() called too early. [RT #15499]
4433 1922. [bug] check-tool.c:setup_logging() missing call to
4434 dns_log_setcontext().
4436 1921. [bug] Client memory contexts were not using internal
4439 1920. [bug] The cache rbtdb lock array was too small to
4440 have the desired performance characteristics.
4443 1919. [contrib] queryperf: a set of new features: collecting/printing
4444 response delays, printing intermediate results, and
4445 adjusting query rate for the "target" qps.
4447 1918. [bug] Memory leak when checking acls. [RT #15391]
4449 1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
4450 when generating man pages. [RT #15385]
4452 1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383]
4454 1915. [bug] dig +ndots was broken. [RT #15215]
4456 1914. [protocol] DS is required to accept mnemonic algorithms
4457 (RFC 4034). Still emit numeric algorithms for
4458 compatibility with RFC 3658. [RT #15354]
4460 1913. [func] Integrate contributed DLZ code into named. [RT #11382]
4462 1912. [port] aix: atomic locking for powerpc. [RT #15020]
4464 1911. [bug] Update windows socket code. [RT #14965]
4466 1910. [bug] dig's +sigchase code overhauled. [RT #14933]
4468 1909. [bug] The DLV code has been re-worked to make no longer
4469 query order sensitive. [RT #14933]
4471 1908. [func] dig now warns if 'RA' is not set in the answer when
4472 'RD' was set in the query. host/nslookup skip servers
4473 that fail to set 'RA' when 'RD' is set unless a server
4474 is explicitly set. [RT #15005]
4476 1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
4479 1906. [func] dig now has a '-q queryname' and '+showsearch' options.
4482 1905. [bug] Strings returned from cfg_obj_asstring() should be
4483 treated as read-only. The prototype for
4484 cfg_obj_asstring() has been updated to reflect this.
4487 1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
4488 friends. Note: RFC 1918 zones are not yet covered by
4489 this but are likely to be in a future release.
4491 New options: empty-server, empty-contact,
4492 empty-zones-enable and disable-empty-zone.
4494 1903. [func] ISC string copy API.
4496 1902. [func] Attempt to make the amount of work performed in a
4497 iteration self tuning. The covers nodes clean from
4498 the cache per iteration, nodes written to disk when
4499 rewriting a master file and nodes destroyed per
4500 iteration when destroying a zone or a cache.
4503 1901. [cleanup] Don't add DNSKEY records to the additional section.
4505 1900. [bug] ixfr-from-differences failed to ensure that the
4506 serial number increased. [RT #15036]
4508 1899. [func] named-checkconf now validates update-policy entries.
4511 1898. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
4512 ISC_NETADDR_FORMATSIZE to allow for scope details.
4514 1897. [func] x86 and x86_64 now have separate atomic locking
4517 1896. [bug] Recursive clients soft quota support wasn't working
4518 as expected. [RT #15103]
4520 1895. [bug] A escaped character is, potentially, converted to
4521 the output character set too early. [RT #14666]
4523 1894. [doc] Review ARM for BIND 9.4.
4525 1893. [port] Use uintptr_t if available. [RT #14606]
4527 1892. [func] Support for SPF rdata type. [RT #15033]
4529 1891. [port] freebsd: pthread_mutex_init can fail if it runs out
4530 of memory. [RT #14995]
4532 1890. [func] Raise the UDP receive buffer size to 32k if it is
4533 less than 32k. [RT #14953]
4535 1889. [port] sunos: non blocking i/o support. [RT #14951]
4537 1888. [func] Support for IPSECKEY rdata type. [RT #14967]
4539 1887. [bug] The cache could delete expired records too fast for
4540 clients with a virtual time in the past. [RT #14991]
4542 1886. [bug] fctx_create() could return success even though it
4545 1885. [func] dig: report the number of extra bytes still left in
4546 the packet after processing all the records.
4548 1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
4550 1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
4553 1882. [func] Limit the number of recursive clients that can be
4554 waiting for a single query (<qname,qtype,qclass>) to
4555 resolve. New options clients-per-query and
4556 max-clients-per-query.
4558 1881. [func] Add a system test for named-checkconf. [RT #14931]
4560 1880. [func] The lame cache is now done on a <qname,qclass,qtype>
4561 basis as some servers only appear to be lame for
4562 certain query types. [RT #14916]
4564 1879. [func] "USE INTERNAL MALLOC" is now runtime selectable.
4567 1878. [func] Detect duplicates of UDP queries we are recursing on
4568 and drop them. New stats category "duplicate".
4571 1877. [bug] Fix unreasonably low quantum on call to
4572 dns_rbt_destroy2(). Remove unnecessary unhash_node()
4575 1876. [func] Additional memory debugging support to track size
4576 and mctx arguments. [RT #14814]
4578 1875. [bug] process_dhtkey() was using the wrong memory context
4579 to free some memory. [RT #14890]
4581 1874. [port] sunos: portability fixes. [RT #14814]
4583 1873. [port] win32: isc__errno2result() now reports its caller.
4586 1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
4590 1870. [func] Added framework for handling multiple EDNS versions.
4593 1869. [func] dig can now specify the EDNS version when making
4594 a query. [RT #14873]
4596 1868. [func] edns-udp-size can now be overridden on a per
4597 server basis. [RT #14851]
4599 1867. [bug] It was possible to trigger a INSIST in
4600 dlv_validatezonekey(). [RT #14846]
4602 1866. [bug] resolv.conf parse errors were being ignored by
4603 dig/host/nslookup. [RT #14841]
4605 1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
4606 bad addresses. [RT #14841]
4608 1864. [bug] Don't try the alternative transfer source if you
4609 got a answer / transfer with the main source
4610 address. [RT #14802]
4612 1863. [bug] rrset-order "fixed" error messages not complete.
4614 1862. [func] Add additional zone data constancy checks.
4615 named-checkzone has extended checking of NS, MX and
4616 SRV record and the hosts they reference.
4617 named has extended post zone load checks.
4618 New zone options: check-mx and integrity-check.
4621 1861. [bug] dig could trigger a INSIST on certain malformed
4622 responses. [RT #14801]
4624 1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
4625 incorrectly set. [RT #14775]
4627 1859. [func] Add support for CH A record. [RT #14695]
4629 1858. [bug] The flush-zones-on-shutdown option wasn't being
4632 1857. [bug] named could trigger a INSIST() if reconfigured /
4633 reloaded too fast. [RT #14673]
4635 1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
4638 1855. [bug] ixfr-from-differences was failing to detect changes
4639 of ttl due to dns_diff_subtract() was ignoring the ttl
4640 of records. [RT #14616]
4642 1854. [bug] lwres also needs to know the print format for
4643 (long long). [RT #13754]
4645 1853. [bug] Rework how DLV interacts with proveunsecure().
4648 1852. [cleanup] Remove last vestiges of dnssec-signkey and
4649 dnssec-makekeyset (removed from Makefile years ago).
4651 1851. [doc] Doxygen comment markup. [RT #11398]
4653 1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
4655 1849. [doc] All forms of the man pages (docbook, man, html) should
4656 have consistent copyright dates.
4658 1848. [bug] Improve SMF integration. [RT #13238]
4660 1847. [bug] isc_ondestroy_init() is called too late in
4661 dns_rbtdb_create()/dns_rbtdb64_create().
4664 1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
4665 <bortzmeyer@nic.fr>.
4667 1845. [bug] Improve error reporting to distinguish between
4668 accept()/fcntl() and socket()/fcntl() errors.
4671 1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
4672 for each 16 bit piece of the IPv6 address. The text
4673 representation of a IPv6 address has been tightened
4674 to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
4677 1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
4678 when CFLAGS contains "-I /usr/local/include"
4679 resulting in old header files being used.
4681 1842. [port] cmsg_len() could produce incorrect results on
4682 some platform. [RT #13744]
4684 1841. [bug] "dig +nssearch" now makes a recursive query to
4685 find the list of nameservers to query. [RT #13694]
4687 1840. [func] dnssec-signzone can now randomize signature end times
4688 (dnssec-signzone -j jitter). [RT #13609]
4690 1839. [bug] <isc/hash.h> was not being installed.
4692 1838. [cleanup] Don't allow Linux capabilities to be inherited.
4695 1837. [bug] Compile time option ISC_FACILITY was not effective
4696 for 'named -u <user>'. [RT #13714]
4698 1836. [cleanup] Silence compiler warnings in hash_test.c.
4700 1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
4702 1834. [bug] Bad memset in rdata_test.c. [RT #13658]
4704 1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
4706 1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
4709 1831. [doc] Update named-checkzone documentation. [RT#13604]
4711 1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
4713 1829. [bug] win32: "pid-file none;" broken. [RT #13563]
4715 1828. [bug] isc_rwlock_init() failed to properly cleanup if it
4716 encountered a error. [RT #13549]
4718 1827. [bug] host: update usage message for '-a'. [RT #37116]
4720 1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
4721 of memory error. [RT #13537]
4723 1825. [bug] Missing UNLOCK() on out of memory error from in
4724 rbtdb.c:subtractrdataset(). [RT #13519]
4726 1824. [bug] Memory leak on dns_zone_setdbtype() failure.
4729 1823. [bug] Wrong macro used to check for point to point interface.
4732 1822. [bug] check-names test for RT was reversed. [RT #13382]
4736 1820. [bug] Gracefully handle acl loops. [RT #13659]
4738 1819. [bug] The validator needed to check both the algorithm and
4739 digest types of the DS to determine if it could be
4740 used to introduce a secure zone. [RT #13593]
4742 1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
4744 1817. [func] Add support for additional zone file formats for
4745 improving loading performance. The masterfile-format
4746 option in named.conf can be used to specify a
4747 non-default format. A separate command
4748 named-compilezone was provided to generate zone files
4749 in the new format. Additionally, the -I and -O options
4750 for dnssec-signzone specify the input and output
4753 1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
4756 1815. [bug] nsupdate triggered a REQUIRE if the server was set
4757 without also setting the zone and it encountered
4758 a CNAME and was using TSIG. [RT #13086]
4760 1814. [func] UNIX domain controls are now supported.
4762 1813. [func] Restructured the data locking framework using
4763 architecture dependent atomic operations (when
4764 available), improving response performance on
4765 multi-processor machines significantly.
4766 x86, x86_64, alpha, powerpc, and mips are currently
4769 1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
4772 1811. [func] Preserve the case of domain names in rdata during
4773 zone transfers. [RT #13547]
4775 1810. [bug] configure, lib/bind/configure make different default
4776 decisions about whether to do a threaded build.
4779 1809. [bug] "make distclean" failed for libbind if the platform
4782 1808. [bug] zone.c:notify_zone() contained a race condition,
4783 zone->db could change underneath it. [RT #13511]
4785 1807. [bug] When forwarding (forward only) set the active domain
4786 from the forward zone name. [RT #13526]
4788 1806. [bug] The resolver returned the wrong result when a CNAME /
4789 DNAME was encountered when fetching glue from a
4790 secure namespace. [RT #13501]
4792 1805. [bug] Pending status was not being cleared when DLV was
4795 1804. [bug] Ensure that if we are queried for glue that it fits
4796 in the additional section or TC is set to tell the
4797 client to retry using TCP. [RT #10114]
4799 1803. [bug] dnssec-signzone sometimes failed to remove old
4802 1802. [bug] Handle connection resets better. [RT #11280]
4804 1801. [func] Report differences between hints and real NS rrset
4805 and associated address records.
4807 1800. [bug] Changes #1719 allowed a INSIST to be triggered.
4810 1799. [bug] 'rndc flushname' failed to flush negative cache
4811 entries. [RT #13438]
4813 1798. [func] The server syntax has been extended to support a
4814 range of servers. [RT #11132]
4816 1797. [func] named-checkconf now check acls to verify that they
4817 only refer to existing acls. [RT #13101]
4819 1796. [func] "rndc freeze/thaw" now freezes/thaws all zones.
4821 1795. [bug] "rndc dumpdb" was not fully documented. Minor
4822 formating issues with "rndc dumpdb -all". [RT #13396]
4824 1794. [func] Named and named-checkzone can now both check for
4825 non-terminal wildcard records.
4827 1793. [func] Extend adjusting TTL warning messages. [RT #13378]
4829 1792. [func] New zone option "notify-delay". Specify a minimum
4830 delay between sets of NOTIFY messages.
4832 1791. [bug] 'host -t a' still printed out AAAA and MX records.
4835 1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
4836 allow parallel make to succeed.
4838 1789. [bug] Prerequisite test for tkey and dnssec could fail
4839 with "configure --with-libtool".
4841 1788. [bug] libbind9.la/libbind9.so needs to link against
4842 libisccfg.la/libisccfg.so.
4844 1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
4846 1786. [port] AIX: libt_api needs to be taught to look for
4847 T_testlist in the main executable (--with-libtool).
4850 1785. [bug] libbind9.la/libbind9.so needs to link against
4851 libisc.la/libisc.so.
4853 1784. [cleanup] "libtool -allow-undefined" is the default.
4854 Leave hooks in configure to allow it to be set
4855 if needed in the future.
4857 1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the
4860 1782. [port] OSX: --with-libtool + --enable-libbind broke on
4861 __evOptMonoTime. [RT #13219]
4863 1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
4865 1780. [bug] Update libtool to 1.5.10.
4867 1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
4869 1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
4870 IN6ADDR_LOOPBACK_INIT macros.
4872 1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
4873 IN6ADDR_LOOPBACK_INIT macros.
4875 1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
4876 IN6ADDR_LOOPBACK_INIT macros.
4878 1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
4880 1774. [port] Aix: Silence compiler warnings / build failures.
4883 1773. [bug] Fast retry on host / net unreachable. [RT #13153]
4889 1770. [bug] named-checkconf failed to report missing a missing
4890 file clause for rbt{64} master/hint zones. [RT#13009]
4892 1769. [port] win32: change compiler flags /MTd ==> /MDd,
4895 1768. [bug] nsecnoexistnodata() could be called with a non-NSEC
4896 rdataset. [RT #12907]
4898 1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
4899 support for (struct in6_pktinfo) failed. [RT #13077]
4901 1766. [bug] Update the master file timestamp on successful refresh
4902 as well as the journal's timestamp. [RT# 13062]
4904 1765. [bug] configure --with-openssl=auto failed. [RT #12937]
4906 1764. [bug] dns_zone_replacedb failed to emit a error message
4907 if there was no SOA record in the replacement db.
4910 1763. [func] Perform sanity checks on NS records which refer to
4911 'in zone' names. [RT #13002]
4913 1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS
4914 even when it failed. [RT #12995]
4916 1761. [bug] 'rndc dumpdb' didn't report unassociated entries.
4919 1760. [bug] Host / net unreachable was not penalising rtt
4920 estimates. [RT #12970]
4922 1759. [bug] Named failed to startup if the OS supported IPv6
4923 but had no IPv6 interfaces configured. [RT #12942]
4925 1758. [func] Don't send notify messages to self. [RT #12933]
4927 1757. [func] host now can turn on memory debugging flags with '-m'.
4929 1756. [func] named-checkconf now checks the logging configuration.
4932 1755. [func] allow-update is now settable at the options / view
4935 1754. [bug] We weren't always attempting to query the parent
4936 server for the DS records at the zone cut.
4939 1753. [bug] Don't serve a slave zone which has no NS records.
4942 1752. [port] Move isc_app_start() to after ns_os_daemonise()
4943 as some fork() implementations unblock the signals
4944 that are blocked by isc_app_start(). [RT #12810]
4946 1751. [bug] --enable-getifaddrs failed under linux. [RT #12867]
4948 1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
4951 1749. [bug] 'check-names response ignore;' failed to ignore.
4954 1748. [func] dig now returns the byte count for axfr/ixfr.
4956 1747. [bug] BIND 8 compatibility: named/named-checkconf failed
4957 to parse "host-statistics-max" in named.conf.
4959 1746. [func] Make public the function to read a key file,
4960 dst_key_read_public(). [RT #12450]
4962 1745. [bug] Dig/host/nslookup accept replies from link locals
4963 regardless of scope if no scope was specified when
4964 query was sent. [RT #12745]
4966 1744. [bug] If tuple2msgname() failed to convert a tuple to
4967 a name a REQUIRE could be triggered. [RT #12796]
4969 1743. [bug] If isc_taskmgr_create() was not able to create the
4970 requested number of worker threads then destruction
4971 of the manager would trigger an INSIST() failure.
4974 1742. [bug] Deleting all records at a node then adding a
4975 previously existing record, in a single UPDATE
4976 transaction, failed to leave / regenerate the
4977 associated RRSIG records. [RT #12788]
4979 1741. [bug] Deleting all records at a node in a secure zone
4980 using a update-policy grant failed. [RT #12787]
4982 1740. [bug] Replace rbt's hash algorithm as it performed badly
4983 with certain zones. [RT #12729]
4985 NOTE: a hash context now needs to be established
4986 via isc_hash_create() if the application was not
4989 1739. [bug] dns_rbt_deletetree() could incorrectly return
4990 ISC_R_QUOTA. [RT #12695]
4992 1738. [bug] Enable overrun checking by default. [RT #12695]
4994 1737. [bug] named failed if more than 16 masters were specified.
4997 1736. [bug] dst_key_fromnamedfile() could fail to read a
4998 public key. [RT #12687]
5000 1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
5003 1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
5006 1733. [bug] Return non-zero exit status on initial load failure.
5009 1732. [bug] 'rrset-order name "*"' wasn't being applied to ".".
5012 1731. [port] darwin: relax version test in ifconfig.sh.
5015 1730. [port] Determine the length type used by the socket API.
5018 1729. [func] Improve check-names error messages.
5020 1728. [doc] Update check-names documentation.
5022 1727. [bug] named-checkzone: check-names support didn't match
5025 1726. [port] aix5: add support for aix5.
5027 1725. [port] linux: update error message on interaction of threads,
5028 capabilities and setuid support (named -u). [RT #12541]
5030 1724. [bug] Look for DNSKEY records with "dig +sigtrace".
5033 1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
5035 1722. [bug] Don't commit the journal on malformed ixfr streams.
5038 1721. [bug] Error message from the journal processing were not
5039 always identifying the relevant journal. [RT #12519]
5041 1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
5042 negative response. [RT #12506]
5044 1719. [bug] named was not correctly caching a RFC 2308 Type 1
5045 negative response. [RT #12506]
5047 1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
5048 responses when looking for the zone / master server.
5051 1717. [port] solaris: ifconfig.sh did not support Solaris 10.
5052 "ifconfig.sh down" didn't work for Solaris 9.
5054 1716. [doc] named.conf(5) was being installed in the wrong
5055 location. [RT# 12441]
5057 1715. [func] 'dig +trace' now randomly selects the next servers
5058 to try. Report if there is a bad delegation.
5060 1714. [bug] dig/host/nslookup were only trying the first
5061 address when a nameserver was specified by name.
5064 1713. [port] linux: extend capset failure message to say:
5065 please ensure that the capset kernel module is
5066 loaded. see insmod(8)
5068 1712. [bug] Missing FULLCHECK for "trusted-key" in dig.
5070 1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'.
5072 1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY
5073 messages for the specified zone. [RT #9479]
5075 1709. [port] solaris: add SMF support from Sun.
5077 1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
5078 for conformance to the name space convention. Binary
5079 backward compatibility to the old function name is
5080 provided. [RT #12376]
5082 1707. [contrib] sdb/ldap updated to version 1.0-beta.
5084 1706. [bug] 'rndc stop' failed to cause zones to be flushed
5085 sometimes. [RT #12328]
5087 1705. [func] Allow the journal's name to be changed via named.conf.
5089 1704. [port] lwres needed a snprintf() implementation for
5090 platforms without snprintf(). Add missing
5091 "#include <isc/print.h>". [RT #12321]
5093 1703. [bug] named would loop sending NOTIFY messages when it
5094 failed to receive a response. [RT #12322]
5096 1702. [bug] also-notify should not be applied to built in zones.
5099 1701. [doc] A minimal named.conf man page.
5101 1700. [func] nslookup is no longer to be treated as deprecated.
5102 Remove "deprecated" warning message. Add man page.
5104 1699. [bug] dnssec-signzone can generate "not exact" errors
5105 when resigning. [RT #12281]
5107 1698. [doc] Use reserved IPv6 documentation prefix.
5109 1697. [bug] xxx-source{,-v6} was not effective when it
5110 specified one of listening addresses and a
5111 different port than the listening port. [RT #12257]
5113 1696. [bug] dnssec-signzone failed to clean out nodes that
5114 consisted of only NSEC and RRSIG records.
5117 1695. [bug] DS records when forwarding require special handling.
5120 1694. [bug] Report if the builtin views of "_default" / "_bind"
5121 are defined in named.conf. [RT #12023]
5123 1693. [bug] max-journal-size was not effective for master zones
5124 with ixfr-from-differences set. [RT# 12024]
5126 1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
5127 /usr/lib. [RT #11971]
5129 1691. [bug] sdb's attachversion was not complete. [RT #11990]
5131 1690. [bug] Delay detaching view from the client until UPDATE
5132 processing completes when shutting down. [RT #11714]
5134 1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
5135 contained gratuitous semicolons. [RT #11707]
5137 1688. [bug] LDFLAGS was not supported.
5139 1687. [bug] Race condition in dispatch. [RT #10272]
5141 1686. [bug] Named sent a extraneous NOTIFY when it received a
5142 redundant UPDATE request. [RT #11943]
5144 1685. [bug] Change #1679 loop tests weren't quite right.
5146 1684. [func] ixfr-from-differences now takes master and slave in
5147 addition to yes and no at the options and view levels.
5149 1683. [bug] dig +sigchase could leak memory. [RT #11445]
5151 1682. [port] Update configure test for (long long) printf format.
5154 1681. [bug] Only set SO_REUSEADDR when a port is specified in
5155 isc_socket_bind(). [RT #11742]
5157 1680. [func] rndc: the source address can now be specified.
5159 1679. [bug] When there was a single nameserver with multiple
5160 addresses for a zone not all addresses were tried.
5163 1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
5165 1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
5167 1676. [func] New option "allow-query-cache". This lets
5168 allow-query be used to specify the default zone
5169 access level rather than having to have every
5170 zone override the global value. allow-query-cache
5171 can be set at both the options and view levels.
5172 If allow-query-cache is not set allow-query applies.
5174 1675. [bug] named would sometimes add extra NSEC records to
5175 the authority section.
5177 1674. [port] linux: increase buffer size used to scan
5180 1673. [port] linux: issue a error messages if IPv6 interface
5183 1672. [cleanup] Tests which only function in a threaded build
5184 now return R:THREADONLY (rather than R:UNTESTED)
5185 in a non-threaded build.
5187 1671. [contrib] queryperf: add NAPTR to the list of known types.
5189 1670. [func] Log UPDATE requests to slave zones without an acl as
5190 "disabled" at debug level 3. [RT# 11657]
5194 1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
5196 1667. [port] linux: not all versions have IF_NAMESIZE.
5198 1666. [bug] The optional port on hostnames in dual-stack-servers
5201 1665. [func] rndc now allows addresses to be set in the
5204 1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
5206 1663. [func] Look for OpenSSL by default.
5208 1662. [bug] Change #1658 failed to change one use of 'type'
5211 1661. [bug] Restore dns_name_concatenate() call in
5212 adb.c:set_target(). [RT #11582]
5214 1660. [bug] win32: connection_reset_fix() was being called
5215 unconditionally. [RT #11595]
5217 1659. [cleanup] Cleanup some messages that were referring to KEY vs
5218 DNSKEY, NXT vs NSEC and SIG vs RRSIG.
5220 1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
5221 and DH. Tighten which options apply to KEY and
5224 1657. [doc] ARM: document query log output.
5226 1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
5227 DNSKEY and RRSIG. [RT #11542]
5229 1655. [bug] Logging multiple versions w/o a size was broken.
5232 1654. [bug] isc_result_totext() contained array bounds read
5235 1653. [func] Add key type checking to dst_key_fromfilename(),
5236 DST_TYPE_KEY should be used to read TSIG, TKEY and
5239 1652. [bug] TKEY still uses KEY.
5241 1651. [bug] dig: process multiple dash options.
5243 1650. [bug] dig, nslookup: flush standard out after each command.
5245 1649. [bug] Silence "unexpected non-minimal diff" message.
5248 1648. [func] Update dnssec-lookaside named.conf syntax to support
5249 multiple dnssec-lookaside namespaces (not yet
5252 1647. [bug] It was possible trigger a INSIST when chasing a DS
5253 record that required walking back over a empty node.
5256 1646. [bug] win32: logging file versions didn't work with
5257 non-UNC filenames. [RT#11486]
5259 1645. [bug] named could trigger a REQUIRE failure if multiple
5260 masters with keys are specified.
5262 1644. [bug] Update the journal modification time after a
5263 successful refresh query. [RT #11436]
5265 1643. [bug] dns_db_closeversion() could leak memory / node
5266 references. [RT #11163]
5268 1642. [port] Support OpenSSL implementations which don't have
5269 DSA support. [RT #11360]
5271 1641. [bug] Update the check-names description in ARM. [RT #11389]
5273 1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
5274 incorrectly closing the socket. [RT #11291]
5276 1639. [func] Initial dlv system test.
5278 1638. [bug] "ixfr-from-differences" could generate a REQUIRE
5279 failure if the journal open failed. [RT #11347]
5281 1637. [bug] Node reference leak on error in addnoqname().
5283 1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
5284 a error had occurred. The database version no longer
5285 matched the version of the database that was dumped.
5287 1635. [bug] Memory leak on error in query_addds().
5289 1634. [bug] named didn't supply a useful error message when it
5290 detected duplicate views. [RT #11208]
5292 1633. [bug] named should return NOTIMP to update requests to a
5293 slaves without a allow-update-forwarding acl specified.
5296 1632. [bug] nsupdate failed to send prerequisite only UPDATE
5297 messages. [RT #11288]
5299 1631. [bug] dns_journal_compact() could sometimes corrupt the
5300 journal. [RT #11124]
5302 1630. [contrib] queryperf: add support for IPv6 transport.
5304 1629. [func] dig now supports IPv6 scoped addresses with the
5305 extended format in the local-server part. [RT #8753]
5307 1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
5309 1627. [bug] win32: sockets were not being closed when the
5310 last external reference was removed. [RT# 11179]
5312 1626. [bug] --enable-getifaddrs was broken. [RT#11259]
5314 1625. [bug] named failed to load/transfer RFC2535 signed zones
5315 which contained CNAMES. [RT# 11237]
5317 1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
5319 1623. [bug] A serial number of zero was being displayed in the
5320 "sending notifies" log message when also-notify was
5323 1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
5324 available, and suppress wildcard binding if not.
5326 1621. [bug] match-destinations did not work for IPv6 TCP queries.
5329 1620. [func] When loading a zone report if it is signed. [RT #11149]
5331 1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
5334 1618. [bug] Fencepost errors in dns_name_ishostname() and
5335 dns_name_ismailbox() could trigger a INSIST().
5337 1617. [port] win32: VC++ 6.0 support.
5339 1616. [compat] Ensure that named's version is visible in the core
5342 1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
5345 1614. [port] win32: silence resource limit messages. [RT# 11101]
5347 1613. [bug] Builds would fail on machines w/o a if_nametoindex().
5348 Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
5351 1612. [bug] check-names at the option/view level could trigger
5352 an INSIST. [RT# 11116]
5354 1611. [bug] solaris: IPv6 interface scanning failed to cope with
5355 no active IPv6 interfaces.
5357 1610. [bug] On dual stack machines "dig -b" failed to set the
5358 address type to be looked up with "@server".
5361 1609. [func] dig now has support to chase DNSSEC signature chains.
5362 Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
5364 DNSSEC validation code in dig coded by Olivier Courtay
5365 (olivier.courtay@irisa.fr) for the IDsA project
5366 (http://idsa.irisa.fr).
5368 1608. [func] dig and host now accept -4/-6 to select IP transport
5369 to use when making queries.
5371 1607. [bug] dig, host and nslookup were still using random()
5372 to generate query ids. [RT# 11013]
5374 1606. [bug] DLV insecurity proof was failing.
5376 1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
5378 1604. [bug] A xfrout_ctx_create() failure would result in
5379 xfrout_ctx_destroy() being called with a
5380 partially initialized structure.
5382 1603. [bug] nsupdate: set interactive based on isatty().
5385 1602. [bug] Logging to a file failed unless a size was specified.
5388 1601. [bug] Silence spurious warning 'both "recursion no;" and
5389 "allow-recursion" active' warning from view "_bind".
5392 1600. [bug] Duplicate zone pre-load checks were not case
5395 1599. [bug] Fix memory leak on error path when checking named.conf.
5397 1598. [func] Specify that certain parts of the namespace must
5398 be secure (dnssec-must-be-secure).
5400 1597. [func] Allow notify-source and query-source to be specified
5401 on a per server basis similar to transfer-source.
5404 1596. [func] Accept 'notify-source' style syntax for query-source.
5406 1595. [func] New notify type 'master-only'. Enable notify for
5409 1594. [bug] 'rndc dumpdb' could prevent named from answering
5410 queries while the dump was in progress. [RT #10565]
5412 1593. [bug] rndc should return "unknown command" to unknown
5413 commands. [RT# 10642]
5415 1592. [bug] configure_view() could leak a dispatch. [RT# 10675]
5417 1591. [bug] libbind: updated to BIND 8.4.5.
5419 1590. [port] netbsd: update thread support.
5421 1589. [func] DNSSEC lookaside validation.
5423 1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
5425 1587. [bug] dns_message_settsigkey() failed to clear existing key.
5428 1586. [func] "check-names" is now implemented.
5432 1584. [bug] "make test" failed with a read only source tree.
5435 1583. [bug] Records add via UPDATE failed to get the correct trust
5438 1582. [bug] rrset-order failed to work on RRsets with more
5439 than 32 elements. [RT #10381]
5441 1581. [func] Disable DNSSEC support by default. To enable
5442 DNSSEC specify "dnssec-enable yes;" in named.conf.
5444 1580. [bug] Zone destruction on final detach takes a long time.
5447 1579. [bug] Multiple task managers could not be created.
5449 1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
5452 1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
5453 workaround code. [RT #10331]
5455 1576. [bug] Race condition in dns_dispatch_addresponse().
5458 1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
5460 1574. [bug] Don't attempt to open the controls socket(s) when
5461 running tests. [RT #9091]
5463 1573. [port] linux: update to libtool 1.5.2 so that
5464 "make install DESTDIR=/xx" works with
5465 "configure --with-libtool". [RT #9941]
5467 1572. [bug] nsupdate: sign the soa query to find the enclosing
5468 zone if the server is specified. [RT #10148]
5470 1571. [bug] rbt:hash_node() could fail leaving the hash table
5471 in an inconsistent state. [RT #10208]
5473 1570. [bug] nsupdate failed to handle classes other than IN.
5474 New keyword 'class' which sets the default class.
5477 1569. [func] nsupdate new command 'answer' which displays the
5478 complete answer message to the last update.
5480 1568. [bug] nsupdate now reports that the update failed in
5481 interactive mode. [RT# 10236]
5483 1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
5485 1566. [port] Support for the cmsg framework on Solaris and HP/UX.
5486 This also solved the problem that match-destinations
5487 for IPv6 addresses did not work on these systems.
5490 1565. [bug] CD flag should be copied to outgoing queries unless
5491 the query is under a secure entry point in which case
5494 1564. [func] Attempt to provide a fallback entropy source to be
5495 used if named is running chrooted and named is unable
5496 to open entropy source within the chroot area.
5499 1563. [bug] Gracefully fail when unable to obtain neither an IPv4
5500 nor an IPv6 dispatch. [RT #10230]
5502 1562. [bug] isc_socket_create() and isc_socket_accept() could
5503 leak memory under error conditions. [RT #10230]
5505 1561. [bug] It was possible to release the same name twice if
5506 named ran out of memory. [RT #10197]
5508 1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
5509 and EAI_NONAME to the same value.
5511 1559. [port] named should ignore SIGFSZ.
5513 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
5514 child zones for which we don't have a supported
5515 algorithm. Such child zones are treated as unsigned.
5517 1557. [func] Implement missing DNSSEC tests for
5518 * NOQNAME proof with wildcard answers.
5519 * NOWILDARD proof with NXDOMAIN.
5520 Cache and return NOQNAME with wildcard answers.
5522 1556. [bug] nsupdate now treats all names as fully qualified.
5525 1555. [func] 'rrset-order cyclic' no longer has a random starting
5526 point per query. [RT #7572]
5528 1554. [bug] dig, host, nslookup failed when no nameservers
5529 were specified in /etc/resolv.conf. [RT #8232]
5531 1553. [bug] The windows socket code could stop accepting
5532 connections. [RT#10115]
5534 1552. [bug] Accept NOTIFY requests from mapped masters if
5535 matched-mapped is set. [RT #10049]
5537 1551. [port] Open "/dev/null" before calling chroot().
5539 1550. [port] Call tzset(), if available, before calling chroot().
5541 1549. [func] named-checkzone can now write out the zone contents
5542 in a easily parsable format (-D and -o).
5544 1548. [bug] When parsing APL records it was possible to silently
5545 accept out of range ADDRESSFAMILY values. [RT# 9979]
5547 1547. [bug] Named wasted memory recording duplicate lame zone
5550 1546. [bug] We were rejecting valid secure CNAME to negative
5553 1545. [bug] It was possible to leak memory if named was unable to
5554 bind to the specified transfer source and TSIG was
5555 being used. [RT #10120]
5557 1544. [bug] Named would logged a single entry to a file despite it
5558 being over the specified size limit.
5560 1543. [bug] Logging using "versions unlimited" did not work.
5564 1541. [func] NSEC now uses new bitmap format.
5566 1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
5569 1539. [bug] Open UDP sockets for notify-source and transfer-source
5570 that use reserved ports at startup. [RT #9475]
5572 1538. [placeholder] rt9997
5574 1537. [func] New option "querylog". If set specify whether query
5575 logging is to be enabled or disabled at startup.
5577 1536. [bug] Windows socket code failed to log a error description
5578 when returning ISC_R_UNEXPECTED. [RT #9998]
5582 1534. [bug] Race condition when priming cache. [RT# 9940]
5584 1533. [func] Warn if both "recursion no;" and "allow-recursion"
5585 are active. [RT# 4389]
5587 1532. [port] netbsd: the configure test for <sys/sysctl.h>
5588 requires <sys/param.h>.
5590 1531. [port] AIX more libtool fixes.
5592 1530. [bug] It was possible to trigger a INSIST() failure if a
5593 slave master file was removed at just the correct
5596 1529. [bug] "notify explicit;" failed to log that NOTIFY messages
5597 were being sent for the zone. [RT# 9442]
5599 1528. [cleanup] Simplify some dns_name_ functions based on the
5600 deprecation of bitstring labels.
5602 1527. [cleanup] Reduce the number of gettimeofday() calls without
5603 losing necessary timer granularity.
5605 1526. [func] Implemented "additional section caching (or acache)",
5606 an internal cache framework for additional section
5607 content to improve response performance. Several
5608 configuration options were provided to control the
5611 1525. [bug] dns_cache_create() could trigger a REQUIRE
5612 failure in isc_mem_put() during error cleanup.
5615 1524. [port] AIX needs to be able to resolve all symbols when
5616 creating shared libraries (--with-libtool).
5618 1523. [bug] Fix race condition in rbtdb. [RT# 9189]
5620 1522. [bug] dns_db_findnode() relax the requirements on 'name'.
5623 1521. [bug] dns_view_createresolver() failed to check the
5624 result from isc_mem_create(). [RT# 9294]
5626 1520. [protocol] Add SSHFP (SSH Finger Print) type.
5628 1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
5629 length of the new bitmap.
5631 1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
5632 contained a off-by-one error when working out the
5633 number of octets in the bitmap.
5635 1517. [port] Support for IPv6 interface scanning on HP/UX and
5638 1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
5640 1515. [func] Allow transfer source to be set in a server statement.
5643 1514. [bug] named: isc_hash_destroy() was being called too early.
5646 1513. [doc] Add "US" to root-delegation-only exclude list.
5648 1512. [bug] Extend the delegation-only logging to return query
5649 type, class and responding nameserver.
5651 1511. [bug] delegation-only was generating false positives
5652 on negative answers from sub-zones.
5654 1510. [func] New view option "root-delegation-only". Apply
5655 delegation-only check to all TLDs and root.
5656 Note there are some TLDs that are NOT delegation
5657 only (e.g. DE, LV, US and MUSEUM) these can be excluded
5658 from the checks by using exclude.
5660 root-delegation-only exclude {
5661 "DE"; "LV"; "US"; "MUSEUM";
5664 1509. [bug] Hint zones should accept delegation-only. Forward
5665 zone should not accept delegation-only.
5667 1508. [bug] Don't apply delegation-only checks to answers from
5670 1507. [bug] Handle BIND 8 style returns to NS queries to parents
5671 when making delegation-only checks.
5673 1506. [bug] Wrong return type for dns_view_isdelegationonly().
5675 1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
5677 1504. [func] New zone type "delegation-only".
5679 1503. [port] win32: install libeay32.dll outside of system32.
5681 1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
5683 1501. [func] Allow TCP queue length to be specified via
5684 named.conf, tcp-listen-queue.
5686 1500. [bug] host failed to lookup MX records. Also look up
5689 1499. [bug] isc_random need to be seeded better if arc4random()
5692 1498. [port] bsdos: 5.x support.
5696 1496. [port] test for pthread_attr_setstacksize().
5698 1495. [cleanup] Replace hash functions with universal hash.
5700 1494. [security] Turn on RSA BLINDING as a precaution.
5704 1492. [cleanup] Preserve rwlock quota context when upgrading /
5705 downgrading. [RT #5599]
5707 1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
5710 1490. [bug] Accept reading state as well as working state in
5711 ns_client_next(). [RT #6813]
5713 1489. [compat] Treat 'allow-update' on slave zones as a warning.
5716 1488. [bug] Don't override trust levels for glue addresses.
5719 1487. [bug] A REQUIRE() failure could be triggered if a zone was
5720 queued for transfer and the zone was then removed.
5723 1486. [bug] isc_print_snprintf() '%%' consumed one too many format
5724 characters. [RT# 8230]
5726 1485. [bug] gen failed to handle high type values. [RT #6225]
5728 1484. [bug] The number of records reported after a AXFR was wrong.
5731 1483. [bug] dig axfr failed if the message id in the answer failed
5732 to match that in the request. Only the id in the first
5733 message is required to match. [RT #8138]
5735 1482. [bug] named could fail to start if the kernel supports
5736 IPv6 but no interfaces are configured. Similarly
5737 for IPv4. [RT #6229]
5739 1481. [bug] Refresh and stub queries failed to use masters keys
5740 if specified. [RT #7391]
5742 1480. [bug] Provide replay protection for rndc commands. Full
5743 replay protection requires both rndc and named to
5744 be updated. Partial replay protection (limited
5745 exposure after restart) is provided if just named
5748 1479. [bug] cfg_create_tuple() failed to handle out of
5749 memory cleanup. parse_list() would leak memory
5752 1478. [port] ifconfig.sh didn't account for other virtual
5753 interfaces. It now takes a optional argument
5754 to specify the first interface number. [RT #3907]
5756 1477. [bug] memory leak using stub zones and TSIG.
5760 1475. [port] Probe for old sprintf().
5762 1474. [port] Provide strtoul() and memmove() for platforms
5765 1473. [bug] create_map() and create_string() failed to handle out
5766 of memory cleanup. [RT #6813]
5768 1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
5770 1471. [bug] libbind: updated to BIND 8.4.0.
5772 1470. [bug] Incorrect length passed to snprintf. [RT #5966]
5774 1469. [func] Log end of outgoing zone transfer at same level
5775 as the start of transfer is logged. [RT #4441]
5777 1468. [func] Internal zones are no longer counted for
5778 'rndc status'. [RT #4706]
5780 1467. [func] $GENERATES now supports optional class and ttl.
5782 1466. [bug] lwresd configuration errors resulted in memory
5783 and lock leaks. [RT #5228]
5785 1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
5786 failed to check that trailing bits were zero allowing
5787 some invalid base64 strings to be accepted. [RT #5397]
5789 1464. [bug] Preserve "out of zone" data for outgoing zone
5790 transfers. [RT #5192]
5792 1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
5793 NXT bit maps. [RT #5577]
5795 1462. [bug] parse_sizeval() failed to check the token type.
5798 1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
5800 1460. [bug] inet_pton() failed to reject certain malformed
5805 1458. [cleanup] sprintf() -> snprintf().
5807 1457. [port] Provide strlcat() and strlcpy() for platforms without
5810 1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
5812 1455. [bug] <netaddr> missing from server grammar in
5813 doc/misc/options. [RT #5616]
5815 1454. [port] Use getifaddrs() if available for interface scanning.
5816 --disable-getifaddrs to override. Glibc currently
5817 has a getifaddrs() that does not support IPv6.
5818 Use --enable-getifaddrs=glibc to force the use of
5819 this version under linux machines.
5821 1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
5825 1451. [bug] rndc-confgen didn't exit with a error code for all
5826 failures. [RT #5209]
5828 1450. [bug] Fetching expired glue failed under certain
5829 circumstances. [RT #5124]
5831 1449. [bug] query_addbestns() didn't handle running out of memory
5834 1448. [bug] Handle empty wildcards labels.
5836 1447. [bug] We were casting (unsigned int) to and from (void *).
5837 rdataset->private4 is now rdataset->privateuint4
5838 to reflect a type change.
5840 1446. [func] Implemented undocumented alternate transfer sources
5841 from BIND 8. See use-alt-transfer-source,
5842 alt-transfer-source and alt-transfer-source-v6.
5844 SECURITY: use-alt-transfer-source is ENABLED unless
5845 you are using views. This may cause a security risk
5846 resulting in accidental disclosure of wrong zone
5847 content if the master supplying different source
5848 content based on IP address. If you are not certain
5849 ISC recommends setting use-alt-transfer-source no;
5851 1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
5852 been replaced with DNS_ADBFIND_STARTATZONE which
5853 causes the search to start using the closest zone.
5855 1444. [func] dns_view_findzonecut2() allows you to specify if the
5856 cache should be searched for zone cuts.
5858 1443. [func] Masters lists can now be specified and referenced
5859 in zone masters clauses and other masters lists.
5861 1442. [func] New functions for manipulating port lists:
5862 dns_portlist_create(), dns_portlist_add(),
5863 dns_portlist_remove(), dns_portlist_match(),
5864 dns_portlist_attach() and dns_portlist_detach().
5866 1441. [func] It is now possible to tell dig to bind to a specific
5869 1440. [func] It is now possible to tell named to avoid using
5870 certain source ports (avoid-v4-udp-ports,
5871 avoid-v6-udp-ports).
5873 1439. [bug] Named could return NOERROR with certain NOTIFY
5874 failures. Return NOTAUTH if the NOTIFY zone is
5877 1438. [func] Log TSIG (if any) when logging NOTIFY requests.
5879 1437. [bug] Leave space for stdio to work in. [RT #5033]
5881 1436. [func] dns_zonemgr_resumexfrs() can be used to restart
5884 1435. [bug] zmgr_resume_xfrs() was being called read locked
5885 rather than write locked. zmgr_resume_xfrs()
5886 was not being called if the zone was being
5889 1434. [bug] "rndc reconfig" failed to initiate the initial
5890 zone transfer of new slave zones.
5892 1433. [bug] named could trigger a REQUIRE failure if it could
5893 not get a file descriptor when attempting to write
5894 a master file. [RT #4347]
5896 1432. [func] The advertised EDNS UDP buffer size can now be set
5897 via named.conf (edns-udp-size).
5899 1431. [bug] isc_print_snprintf() "%s" with precision could walk off
5900 end of argument. [RT #5191]
5902 1430. [port] linux: IPv6 interface scanning support.
5904 1429. [bug] Prevent the cache getting locked to old servers.
5908 1427. [bug] Race condition in adb with threaded build.
5912 1425. [port] linux/libbind: define __USE_MISC when testing *_r()
5913 function prototypes in netdb.h. [RT #4921]
5915 1424. [bug] EDNS version not being correctly printed.
5917 1423. [contrib] queryperf: added A6 and SRV.
5919 1422. [func] Log name/type/class when denying a query. [RT #4663]
5921 1421. [func] Differentiate updates that don't succeed due to
5922 prerequisites (unsuccessful) vs other reasons
5925 1420. [port] solaris: work around gcc optimizer bug.
5927 1419. [port] openbsd: use /dev/arandom. [RT #4950]
5929 1418. [bug] 'rndc reconfig' did not cause new slaves to load.
5931 1417. [func] ID.SERVER/CHAOS is now a built in zone.
5932 See "server-id" for how to configure.
5934 1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
5937 1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
5940 1414. [func] Support for KSK flag.
5942 1413. [func] Explicitly request the (re-)generation of DS records
5943 from keysets (dnssec-signzone -g).
5945 1412. [func] You can now specify servers to be tried if a nameserver
5946 has IPv6 address and you only support IPv4 or the
5947 reverse. See dual-stack-servers.
5949 1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
5951 1410. [func] Handle records that live in the parent zone, e.g. DS.
5953 1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
5955 1408. [bug] "make distclean" was not complete. [RT #4700]
5957 1407. [bug] lfsr incorrectly implements the shift register.
5960 1406. [bug] dispatch initializes one of the LFSR's with a incorrect
5961 polynomial. [RT #4617]
5963 1405. [func] Use arc4random() if available.
5965 1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
5968 1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
5969 dnssec-signkey now report their version in the
5972 1402. [cleanup] A6 has been moved to experimental and is no longer
5975 1401. [bug] adb wasn't clearing state when the timer expired.
5977 1400. [bug] Block the addition of wildcard NS records by IXFR
5978 or UPDATE. [RT #3502]
5980 1399. [bug] Use serial number arithmetic when testing SIG
5981 timestamps. [RT #4268]
5983 1398. [doc] ARM: notify-also should have been also-notify.
5986 1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
5988 1396. [func] dnssec-signzone: adjust the default signing time by
5989 1 hour to allow for clock skew.
5991 1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
5992 have a working implementation. [RT #4079]
5994 1394. [func] It is now possible to check if a particular element is
5995 in a acl. Remove duplicate entries from the localnets
5998 1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
5999 is not available in the kernel to prevent accidently
6000 listening on IPv4 interfaces.
6002 1392. [bug] named-checkzone: update usage.
6004 1391. [func] Add support for IPv6 scoped addresses in named.
6006 1390. [func] host now supports ixfr.
6008 1389. [bug] named could fail to rotate long log files. [RT #3666]
6010 1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
6011 defining HAVE_IFLIST_SYSCTL. [RT #3770]
6013 1387. [bug] named could crash due to an access to invalid memory
6014 space (which caused an assertion failure) in
6015 incremental cleaning. [RT #3588]
6017 1386. [bug] named-checkzone -z stopped on errors in a zone.
6020 1385. [bug] Setting serial-query-rate to 10 would trigger a
6023 1384. [bug] host was incompatible with BIND 8 in its exit code and
6024 in the output with the -l option. [RT #3536]
6026 1383. [func] Track the serial number in a IXFR response and log if
6027 a mismatch occurs. This is a more specific error than
6028 "not exact". [RT #3445]
6030 1382. [bug] make install failed with --enable-libbind. [RT #3656]
6032 1381. [bug] named failed to correctly process answers that
6033 contained DNAME records where the resulting CNAME
6034 resulted in a negative answer.
6036 1380. [func] 'rndc recursing' dump recursing queries to
6037 'recursing-file = "named.recursing";'.
6039 1379. [func] 'rndc status' now reports tcp and recursion quota
6042 1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
6044 1377. [func] dns_zone_load{new}() now reports if the zone was
6045 loaded, queued for loading to up to date.
6047 1376. [func] New function dns_zone_logc() to log to specified
6050 1375. [func] 'rndc dumpdb' now dumps the adb cache along with the
6053 1374. [func] dns_adb_dump() now logs the lame zones associated
6056 1373. [bug] Recovery from expired glue failed under certain
6059 1372. [bug] named crashes with an assertion failure on exit when
6060 sharing the same port for listening and querying, and
6061 changing listening addresses several times. [RT# 3509]
6063 1371. [bug] notify-source-v6, transfer-source-v6 and
6064 query-source-v6 with explicit addresses and using the
6065 same ports as named was listening on could interfere
6066 with named's ability to answer queries sent to those
6069 1370. [bug] dig '+[no]recurse' was incorrectly documented.
6071 1369. [bug] Adding an NS record as the lexicographically last
6072 record in a secure zone didn't work.
6074 1368. [func] remove support for bitstring labels.
6076 1367. [func] Use response times to select forwarders.
6078 1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
6080 1365. [func] "localhost" and "localnets" acls now include IPv6
6081 addresses / prefixes.
6083 1364. [func] Log file name when unable to open memory statistics
6084 and dump database files. [RT# 3437]
6086 1363. [func] Listen-on-v6 now supports specific addresses.
6088 1362. [bug] remove IFF_RUNNING test when scanning interfaces.
6090 1361. [func] log the reason for rejecting a server when resolving
6093 1360. [bug] --enable-libbind would fail when not built in the
6094 source tree for certain OS's.
6096 1359. [security] Support patches OpenSSL libraries.
6097 http://www.cert.org/advisories/CA-2002-23.html
6099 1358. [bug] It was possible to trigger a INSIST when debugging
6100 large dynamic updates. [RT #3390]
6102 1357. [bug] nsupdate was extremely wasteful of memory.
6104 1356. [tuning] Reduce the number of events / quantum for zone tasks.
6106 1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
6108 1354. [doc] lwres man pages had illegal nroff.
6110 1353. [contrib] sdb/ldap to version 0.9.
6112 1352. [bug] dig, host, nslookup when falling back to TCP use the
6113 current search entry (if any). [RT #3374]
6115 1351. [bug] lwres_getipnodebyname() returned the wrong name
6116 when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
6119 1350. [bug] dns_name_fromtext() failed to handle too many labels
6122 1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
6123 http://www.cert.org/advisories/CA-2002-23.html
6125 1348. [port] win32: Rewrote code to use I/O Completion Ports
6126 in socket.c and eliminating a host of socket
6127 errors. Performance is enhanced.
6133 1345. [port] Use a explicit -Wformat with gcc. Not all versions
6134 include it in -Wall.
6136 1344. [func] Log if the serial number on the master has gone
6138 If you have multiple machines specified in the masters
6139 clause you may want to set 'multi-master yes;' to
6140 suppress this warning.
6142 1343. [func] Log successful notifies received (info). Adjust log
6143 level for failed notifies to notice.
6145 1342. [func] Log remote address with TCP dispatch failures.
6147 1341. [func] Allow a rate limiter to be stalled.
6149 1340. [bug] Delay and spread out the startup refresh load.
6151 1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
6152 lookups. Bit string lookups are no longer attempted.
6158 1336. [func] Nibble lookups under IP6.ARPA are now supported by
6159 dns_byaddr_create(). dns_byaddr_createptrname() is
6160 deprecated, use dns_byaddr_createptrname2() instead.
6162 1335. [bug] When performing a nonexistence proof, the validator
6163 should discard parent NXTs from higher in the DNS.
6165 1334. [bug] When signing/verifying rdatasets, duplicate rdatas
6166 need to be suppressed.
6168 1333. [contrib] queryperf now reports a summary of returned
6169 rcodes (-c), rcodes are printed in mnemonic form (-v).
6171 1332. [func] Report the current serial with periodic commits when
6172 rolling forward the journal.
6174 1331. [func] Generate DNSSEC wildcard proofs.
6176 1330. [bug] When processing events (non-threaded) only allow
6177 the task one chance to use to use its quantum.
6179 1329. [func] named-checkzone will now check if nameservers that
6180 appear to be IP addresses. Available modes "fail",
6181 "warn" (default) and "ignore" the results of the
6184 1328. [bug] The validator could incorrectly verify an invalid
6187 1327. [bug] The validator would incorrectly mark data as insecure
6188 when seeing a bogus signature before a correct
6191 1326. [bug] DNAME/CNAME signatures were not being cached when
6192 validation was not being performed. [RT #3284]
6194 1325. [bug] If the tcpquota was exhausted it was possible to
6195 to trigger a INSIST() failure.
6197 1324. [port] darwin: ifconfig.sh now supports darwin.
6199 1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
6201 1322. [bug] dnssec-signzone usage message was misleading.
6203 1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
6204 would incorrectly duplicate its output and sign it.
6206 1320. [doc] query-source-v6 was missing from options section.
6209 1319. [func] libbind: log attempts to exploit #1318.
6211 1318. [bug] libbind: Remote buffer overrun.
6213 1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
6216 1316. [bug] libbind: gethostans() could get out of sync parsing
6217 the response if there was a very long CNAME chain.
6219 1315. [bug] Options should apply to the internal _bind view.
6221 1314. [port] Handle ECONNRESET from sendmsg() [unix].
6223 1313. [func] Query log now says if the query was signed (S) or
6224 if EDNS was used (E).
6226 1312. [func] Log TSIG key used w/ outgoing zone transfers.
6228 1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
6230 1310. [bug] 'rndc stop' failed to cause zones to be flushed
6231 sometimes. [RT #3157]
6233 1309. [func] Log that a zone transfer was covered by a TSIG.
6235 1308. [func] DS (delegation signer) support.
6237 1307. [bug] nsupdate: allow white space base64 key data.
6239 1306. [bug] Badly encoded LOC record when the size, horizontal
6240 precision or vertical precision was 0.1m.
6242 1305. [bug] Document that internal zones are included in the
6243 rndc status results.
6245 1304. [func] New function: dns_zone_name().
6247 1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
6249 1302. [func] Extended rndc dumpdb to support dumping of zones and
6250 view selection: 'dumpdb [-all|-zones|-cache] [view]'.
6252 1301. [func] New category 'update-security'.
6254 1300. [port] Compaq Trucluster support.
6256 1299. [bug] Set AI_ADDRCONFIG when looking up addresses
6257 via getaddrinfo() (affects dig, host, nslookup, rndc
6260 1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
6261 could be left with a trailing "\" after configure
6264 1297. [port] linux: make handling EINVAL from socket() no longer
6265 conditional on #ifdef LINUX.
6267 1296. [bug] isc_log_closefilelogs() needed to lock the log
6270 1295. [bug] isc_log_setdebuglevel() needed to lock the log
6273 1294. [func] libbind: no longer attempts bit string labels for
6274 IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
6275 for nibble style resolution.
6277 1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
6279 1292. [func] Enable IPv6 support when using ioctl style interface
6280 scanning and OS supports SIOCGLIFADDR using struct
6283 1291. [func] Enable IPv6 support when using sysctl style interface
6286 1290. [func] "dig axfr" now reports the number of messages
6287 as well as the number of records.
6289 1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
6291 1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
6292 reflect written requirements.
6294 1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
6295 a rdataset to a zone db in the rbtdb implementation of
6298 1286. [bug] dns_name_downcase() enforce requirement that
6299 target != NULL or name->buffer != NULL.
6301 1285. [func] lwres: probe the system to see what address families
6302 are currently in use.
6304 1284. [bug] The RTT estimate on unused servers was not aged.
6307 1283. [func] Use "dataready" accept filter if available.
6309 1282. [port] libbind: hpux 11.11 interface scanning.
6311 1281. [func] Log zone when unable to get private keys to update
6312 zone. Log zone when NXT records are missing from
6315 1280. [bug] libbind: escape '(' and ')' when converting to
6318 1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
6320 1278. [func] dig: now supports +[no]cl +[no]ttlid.
6322 1277. [func] You can now create your own customized printing
6323 styles: dns_master_stylecreate() and
6324 dns_master_styledestroy().
6326 1276. [bug] libbind: const pointer conflicts in res_debug.c.
6328 1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
6330 1274. [bug] Memory leak in lwres_gnbarequest_parse().
6332 1273. [port] libbind: solaris: 64 bit binary compatibility.
6334 1272. [contrib] Berkeley DB 4.0 sdb implementation from
6335 Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
6337 1271. [bug] "recursion available: {denied,approved}" was too
6340 1270. [bug] Check that system inet_pton() and inet_ntop() support
6343 1269. [port] Openserver: ifconfig.sh support.
6345 1268. [port] Openserver: the value FD_SETSIZE depends on whether
6346 <sys/param.h> is included or not. Be consistent.
6348 1267. [func] isc_file_openunique() now creates file using mode
6349 0666 rather than 0600.
6351 1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
6352 __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
6353 are not C++ compatible, use *_TYPE versions instead.
6355 1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
6356 C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
6360 1263. [bug] Reference after free error if dns_dispatchmgr_create()
6363 1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
6365 1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
6366 support for compressed TSIG owner names.
6368 1260. [func] libbind: res_update can now update IPv6 servers,
6369 new function res_findzonecut2().
6371 1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
6374 1258. [bug] libbind: res_nametotype() and res_nametoclass() were
6377 1257. [bug] Failure to write pid-file should not be fatal on
6380 1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
6382 1255. [bug] When verifying that an NXT proves nonexistence, check
6383 the rcode of the message and only do the matching NXT
6384 check. That is, for NXDOMAIN responses, check that
6385 the name is in the range between the NXT owner and
6386 next name, and for NOERROR NODATA responses, check
6387 that the type is not present in the NXT bitmap.
6389 1254. [func] preferred-glue option from BIND 8.3.
6391 1253. [bug] The dnssec system test failed to remove the correct
6394 1252. [bug] Dig, host and nslookup were not checking the address
6395 the answer was coming from against the address it was
6398 1251. [port] win32: a make file contained absolute version specific
6401 1250. [func] Nsupdate will report the address the update was
6404 1249. [bug] Missing masters clause was not handled gracefully.
6407 1248. [bug] DESTDIR was not being propagated between makes.
6409 1247. [bug] Don't reset the interface index for link/site local
6410 addresses. [RT #2576]
6412 1246. [func] New functions isc_sockaddr_issitelocal(),
6413 isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
6414 and isc_netaddr_islinklocal().
6416 1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
6419 1244. [bug] Receiving a TCP message from a blackhole address would
6420 prevent further messages being received over that
6423 1243. [bug] It was possible to trigger a REQUIRE() in
6424 dns_message_findtype(). [RT #2659]
6426 1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
6428 1241. [bug] Drop received UDP messages with a zero source port
6429 as these are invariably forged. [RT #2621]
6431 1240. [bug] It was possible to leak zone references by
6432 specifying an incorrect zone to rndc.
6434 1239. [bug] Under certain circumstances named could continue to
6435 use a name after it had been freed triggering
6436 INSIST() failures. [RT #2614]
6438 1238. [bug] It is possible to lockup the server when shutting down
6439 if notifies were being processed. [RT #2591]
6441 1237. [bug] nslookup: "set q=type" failed.
6443 1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
6444 NULL terminated text regions. [RT #2588]
6446 1235. [func] Report 'out of memory' errors from openssl.
6448 1234. [bug] contrib/sdb: 'zonetodb' failed to call
6449 dns_result_register(). DNS_R_SEENINCLUDE should not
6452 1233. [bug] The flags field of a KEY record can be expressed in
6453 hex as well as decimal.
6455 1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
6457 1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
6459 1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
6461 1229. [bug] named would crash if it received a TSIG signed
6462 query as part of an AXFR response. [RT #2570]
6464 1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
6466 1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
6467 if a number was expected and some other token was
6470 1226. [func] Use EDNS for zone refresh queries. [RT #2551]
6472 1225. [func] dns_message_setopt() no longer requires that
6473 dns_message_renderbegin() to have been called.
6475 1224. [bug] 'rrset-order' and 'sortlist' should be additive
6478 1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
6481 1222. [bug] Specifying 'port *' did not always result in a system
6482 selected (non-reserved) port being used. [RT #2537]
6484 1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
6485 compared case insensitively. [RT #2542]
6487 1220. [func] Support for APL rdata type.
6489 1219. [func] Named now reports the TSIG extended error code when
6490 signature verification fails. [RT #1651]
6492 1218. [bug] Named incorrectly returned SERVFAIL rather than
6493 NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
6495 1217. [func] Report locations of previous key definition when a
6496 duplicate is detected.
6498 1216. [bug] Multiple server clauses for the same server were not
6499 reported. [RT #2514]
6501 1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
6503 1214. [bug] Win32: isc_file_renameunique() could leave zero length
6506 1213. [func] Report view associated with client if it is not a
6507 standard view (_default or _bind).
6509 1212. [port] libbind: 64k answer buffers were causing stack space
6510 to be exceeded for certain OS. Use heap space instead.
6512 1211. [bug] dns_name_fromtext() incorrectly handled certain
6513 valid octal bitlabels. [RT #2483]
6515 1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
6516 compatible addresses. [RT #2461]
6518 1209. [bug] Dig, host, nslookup were not checking the message ids
6519 on the responses. [RT #2454]
6521 1208. [bug] dns_master_load*() failed to log a error message if
6522 an error was detected when parsing the ownername of
6523 a record. [RT #2448]
6525 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
6528 1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
6529 trigger a non-EDNS retry.
6531 1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
6532 of the message. [RT #2449]
6534 1204. [bug] libbind: res_nupdate() failed to update the name
6535 server addresses before sending the update.
6537 1203. [func] Report locations of previous acl and zone definitions
6538 when a duplicate is detected.
6540 1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
6542 1201. [bug] Require that if 'callbacks' is passed to
6543 dns_rdata_fromtext(), callbacks->error and
6544 callbacks->warn are initialized.
6546 1200. [bug] Log 'errno' that we are unable to convert to
6547 isc_result_t. [RT #2404]
6549 1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
6552 1198. [bug] OPT printing style was not consistent with the way the
6553 header fields are printed. The DO bit was not reported
6554 if set. Report if any of the MBZ bits are set.
6556 1197. [bug] Attempts to define the same acl multiple times were not
6559 1196. [contrib] update mdnkit to 2.2.3.
6561 1195. [bug] Attempts to redefine builtin acls should be caught.
6564 1194. [bug] Not all duplicate zone definitions were being detected
6565 at the named.conf checking stage. [RT #2431]
6567 1193. [bug] dig +besteffort parsing didn't handle packet
6568 truncation. dns_message_parse() has new flag
6569 DNS_MESSAGE_IGNORETRUNCATION.
6571 1192. [bug] The seconds fields in LOC records were restricted
6572 to three decimal places. More decimal places should
6573 be allowed but warned about.
6575 1191. [bug] A dynamic update removing the last non-apex name in
6576 a secure zone would fail. [RT #2399]
6578 1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
6581 1189. [bug] On some systems, malloc(0) returns NULL, which
6582 could cause the caller to report an out of memory
6585 1188. [bug] Dynamic updates of a signed zone would fail if
6586 some of the zone private keys were unavailable.
6588 1187. [bug] named was incorrectly returning DNSSEC records
6589 in negative responses when the DO bit was not set.
6591 1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
6592 EOL token when reading to end of line.
6594 1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
6595 unless RES_INIT is set when calling res_*init().
6597 1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
6598 when res_*init() is called.
6600 1183. [bug] Handle ENOSR error when writing to the internal
6601 control pipe. [RT #2395]
6603 1182. [bug] The server could throw an assertion failure when
6604 constructing a negative response packet.
6606 1181. [func] Add the "key-directory" configuration statement,
6607 which allows the server to look for online signing
6608 keys in alternate directories.
6610 1180. [func] dnssec-keygen should always generate keys with
6611 protocol 3 (DNSSEC), since it's less confusing
6614 1179. [func] Add SIG(0) support to nsupdate.
6616 1178. [bug] Follow and cache (if appropriate) A6 and other
6617 data chains to completion in the additional section.
6619 1177. [func] Report view when loading zones if it is not a
6620 standard view (_default or _bind). [RT #2270]
6622 1176. [doc] Document that allow-v6-synthesis is only performed
6623 for clients that are supplied recursive service.
6626 1175. [bug] named-checkzone and named-checkconf failed to call
6627 dns_result_register() at startup which could
6628 result in runtime exceptions when printing
6629 "out of memory" errors. [RT #2335]
6631 1174. [bug] Win32: add WSAECONNRESET to the expected errors
6632 from connect(). [RT #2308]
6634 1173. [bug] Potential memory leaks in isc_log_create() and
6635 isc_log_settag(). [RT #2336]
6637 1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
6638 table of RR types in ARM.
6640 1171. [func] Added function isc_region_compare(), updated files in
6641 lib/dns to use this function instead of local one.
6643 1170. [bug] Don't attempt to print the token when a I/O error
6644 occurs when parsing named.conf. [RT #2275]
6646 1169. [func] Identify recursive queries in the query log.
6648 1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
6650 1167. [contrib] nslint-2.1a3 (from author).
6652 1166. [bug] "Not Implemented" should be reported as NOTIMP,
6653 not NOTIMPL. [RT #2281]
6655 1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
6657 1164. [bug] Empty masters clauses in slave / stub zones were not
6658 handled gracefully. [RT #2262]
6660 1163. [func] isc_time_formattimestamp() now includes the year.
6662 1162. [bug] The allow-notify option was not accepted in slave
6665 1161. [bug] named-checkzone looped on unbalanced brackets.
6668 1160. [bug] Generating Diffie-Hellman keys longer than 1024
6669 bits could fail. [RT #2241]
6671 1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
6673 1158. [func] Report the client's address when logging notify
6676 1157. [func] match-clients and match-destinations now accept
6679 1156. [port] The configure test for strsep() incorrectly
6680 succeeded on certain patched versions of
6681 AIX 4.3.3. [RT #2190]
6683 1155. [func] Recover from master files being removed from under
6686 1154. [bug] Don't attempt to obtain the netmask of a interface
6687 if there is no address configured. [RT #2176]
6689 1153. [func] 'rndc {stop|halt} -p' now reports the process id
6690 of the instance of named being shutdown.
6692 1152. [bug] libbind: read buffer overflows.
6694 1151. [bug] nslookup failed to check that the arguments to
6695 the port, timeout, and retry options were
6696 valid integers and in range. [RT #2099]
6698 1150. [bug] named incorrectly accepted TTL values
6699 containing plus or minus signs, such as
6702 1149. [func] New function isc_parse_uint32().
6704 1148. [func] 'rndc-confgen -a' now provides positive feedback.
6706 1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
6707 the OS. listen-on-v6 { any; }; should no longer
6708 result in IPv4 queries be accepted. Similarly
6709 control { inet :: ... }; should no longer result
6710 in IPv4 connections being accepted. This can be
6711 overridden at compile time by defining
6714 1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
6715 supported by the OS by a new function
6716 isc_socket_ipv6only().
6718 1145. [func] "host" no longer reports a NOERROR/NODATA response
6719 by printing nothing. [RT #2065]
6721 1144. [bug] rndc-confgen would crash if both the -a and -t
6722 options were specified. [RT #2159]
6724 1143. [bug] When a trusted-keys statement was present and named
6725 was built without crypto support, it would leak memory.
6727 1142. [bug] dnssec-signzone would fail to delete temporary files
6728 in some failure cases. [RT #2144]
6730 1141. [bug] When named rejected a control message, it would
6731 leak a file descriptor and memory. It would also
6732 fail to respond, causing rndc to hang.
6735 1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
6736 to the -s option. [RT #2138]
6738 1139. [func] It is now possible to flush a given name from the
6739 cache(s) via 'rndc flushname name [view]'. [RT #2051]
6741 1138. [func] It is now possible to flush a given name from the
6742 cache by calling the new function
6743 dns_cache_flushname().
6745 1137. [func] It is now possible to flush a given name from the
6746 ADB by calling the new function dns_adb_flushname().
6748 1136. [bug] CNAME records synthesized from DNAMEs did not
6749 have a TTL of zero as required by RFC2672.
6752 1135. [func] You can now override the default syslog() facility for
6753 named/lwresd at compile time. [RT #1982]
6755 1134. [bug] Multi-threaded servers could deadlock in ferror()
6756 when reloading zone files. [RT #1951, #1998]
6758 1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
6759 platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
6761 1132. [func] Improve UPDATE prerequisite failure diagnostic messages.
6763 1131. [bug] The match-destinations view option did not work with
6764 IPv6 destinations. [RT #2073, #2074]
6766 1130. [bug] Log messages reporting an out-of-range serial number
6767 did not include the out-of-range number but the
6768 following token. [RT #2076]
6770 1129. [bug] Multi-threaded servers could crash under heavy
6771 resolution load due to a race condition. [RT #2018]
6773 1128. [func] sdb drivers can now provide RR data in either text
6774 or wire format, the latter using the new functions
6775 dns_sdb_putrdata() and dns_sdb_putnamedrdata().
6777 1127. [func] rndc: If the server to contact has multiple addresses,
6780 1126. [bug] The server could access a freed event if shut
6781 down while a client start event was pending
6782 delivery. [RT #2061]
6784 1125. [bug] rndc: -k option was missing from usage message.
6787 1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
6788 are now documented. [RT #2052]
6790 1123. [bug] dig +[no]fail did not match description. [RT #2052]
6792 1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
6795 1121. [bug] The server could attempt to access a NULL zone
6796 table if shut down while resolving.
6799 1120. [bug] Errors in options were not fatal. [RT #2002]
6801 1119. [func] Added support in Win32 for NTFS file/directory ACL's
6804 1118. [bug] On multi-threaded servers, a race condition
6805 could cause an assertion failure in resolver.c
6806 during resolver shutdown. [RT #2029]
6808 1117. [port] The configure check for in6addr_loopback incorrectly
6809 succeeded on AIX 4.3 when compiling with -O2
6810 because the test code was optimized away.
6813 1116. [bug] Setting transfers in a server clause, transfers-in,
6814 or transfers-per-ns to a value greater than
6815 2147483647 disabled transfers. [RT #2002]
6817 1115. [func] Set maximum values for cleaning-interval,
6818 heartbeat-interval, interface-interval,
6819 max-transfer-idle-in, max-transfer-idle-out,
6820 max-transfer-time-in, max-transfer-time-out,
6821 statistics-interval of 28 days and
6822 sig-validity-interval of 3660 days. [RT #2002]
6824 1114. [port] Ignore more accept() errors. [RT #2021]
6826 1113. [bug] The allow-update-forwarding option was ignored
6827 when specified in a view. [RT #2014]
6831 1111. [bug] Multi-threaded servers could deadlock processing
6832 recursive queries due to a locking hierarchy
6833 violation in adb.c. [RT #2017]
6835 1110. [bug] dig should only accept valid abbreviations of +options.
6838 1109. [bug] nsupdate accepted illegal ttl values.
6840 1108. [bug] On Win32, rndc was hanging when named was not running
6841 due to failure to select for exceptional conditions
6842 in select(). [RT #1870]
6844 1107. [bug] nsupdate could catch an assertion failure if an
6845 invalid domain name was given as the argument to
6848 1106. [bug] After seeing an out of range TTL, nsupdate would
6849 treat all TTLs as out of range. [RT #2001]
6851 1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
6853 1104. [bug] Invalid arguments to the transfer-format option
6854 could cause an assertion failure. [RT #1995]
6856 1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
6858 1102. [doc] Note that query logging is enabled by directing the
6859 queries category to a channel.
6861 1101. [bug] Array bounds read error in lwres_gai_strerror.
6863 1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
6865 1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
6866 compile time errors.
6868 1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
6870 1097. [func] libbind: RES_PRF_TRUNC for dig.
6872 1096. [func] libbind: "DNSSEC OK" (DO) support.
6874 1095. [func] libbind: resolver option: no-tld-query. disables
6875 trying unqualified as a tld. no_tld_query is also
6876 supported for FreeBSD compatibility.
6878 1094. [func] libbind: add support gcc's format string checking.
6880 1093. [doc] libbind: miscellaneous nroff fixes.
6882 1092. [bug] libbind: get*by*() failed to check if res_init() had
6885 1091. [bug] libbind: misplaced va_end().
6887 1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
6888 the amount of memory consumed resulting in garbage
6889 address being returned. Alignment calculations were
6890 wasting space. We weren't suppressing duplicate
6893 1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
6896 1088. [port] libbind: MPE/iX C.70 (incomplete)
6898 1087. [bug] libbind: struct __res_state too large on 64 bit arch.
6900 1086. [port] libbind: sunos: old sprintf.
6902 1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
6903 exist when compiling in 64 bit mode.
6905 1084. [cleanup] libbind: gai_strerror() rewritten.
6907 1083. [bug] The default control channel listened on the
6908 wildcard address, not the loopback as documented.
6911 1082. [bug] The -g option to named incorrectly caused logging
6912 to be sent to syslog in addition to stderr.
6915 1081. [bug] Multicast queries were incorrectly identified
6916 based on the source address, not the destination
6919 1080. [bug] BIND 8 compatibility: accept bare IP prefixes
6920 as the second element of a two-element top level
6921 sort list statement. [RT #1964]
6923 1079. [bug] BIND 8 compatibility: accept bare elements at top
6924 level of sort list treating them as if they were
6925 a single element list. [RT #1963]
6927 1078. [bug] We failed to correct bad tv_usec values in one case.
6930 1077. [func] Do not accept further recursive clients when
6931 the total number of recursive lookups being
6932 processed exceeds max-recursive-clients, even
6933 if some of the lookups are internally generated.
6936 1076. [bug] A badly defined global key could trigger an assertion
6937 on load/reload if views were used. [RT #1947]
6939 1075. [bug] Out-of-range network prefix lengths were not
6940 reported. [RT #1954]
6942 1074. [bug] Running out of memory in dump_rdataset() could
6943 cause an assertion failure. [RT #1946]
6945 1073. [bug] The ADB cache cleaning should also be space driven.
6948 1072. [bug] The TCP client quota could be exceeded when
6949 recursion occurred. [RT #1937]
6951 1071. [bug] Sockets listening for TCP DNS connections
6952 specified an excessive listen backlog. [RT #1937]
6954 1070. [bug] Copy DNSSEC OK (DO) to response as specified by
6955 draft-ietf-dnsext-dnssec-okbit-03.txt.
6959 1068. [bug] errno could be overwritten by catgets(). [RT #1921]
6961 1067. [func] Allow quotas to be soft, isc_quota_soft().
6963 1066. [bug] Provide a thread safe wrapper for strerror().
6966 1065. [func] Runtime support to select new / old style interface
6967 scanning using ioctls.
6969 1064. [bug] Do not shut down active network interfaces if we
6970 are unable to scan the interface list. [RT #1921]
6972 1063. [bug] libbind: "make install" was failing on IRIX.
6975 1062. [bug] If the control channel listener socket was shut
6976 down before server exit, the listener object could
6977 be freed twice. [RT #1916]
6979 1061. [bug] If periodic cache cleaning happened to start
6980 while cleaning due to reaching the configured
6981 maximum cache size was in progress, the server
6982 could catch an assertion failure. [RT #1912]
6984 1060. [func] Move refresh, stub and notify UDP retry processing
6987 1059. [func] dns_request now support will now retry UDP queries,
6988 dns_request_createvia2() and dns_request_createraw2().
6990 1058. [func] Limited lifetime ticker timers are now available,
6991 isc_timertype_limited.
6993 1057. [bug] Reloading the server after adding a "file" clause
6994 to a zone statement could cause the server to
6995 crash due to a typo in change 1016.
6997 1056. [bug] Rndc could catch an assertion failure on SIGINT due
6998 to an uninitialized variable. [RT #1908]
7000 1055. [func] Version and hostname queries can now be disabled
7001 using "version none;" and "hostname none;",
7004 1054. [bug] On Win32, cfg_categories and cfg_modules need to be
7005 exported from the libisccfg DLL.
7007 1053. [bug] Dig did not increase its timeout when receiving
7008 AXFRs unless the +time option was used. [RT #1904]
7010 1052. [bug] Journals were not being created in binary mode
7011 resulting in "journal format not recognized" error
7012 under Win32. [RT #1889]
7014 1051. [bug] Do not ignore a network interface completely just
7015 because it has a noncontiguous netmask. Instead,
7016 omit it from the localnets ACL and issue a warning.
7019 1050. [bug] Log messages reporting malformed IP addresses in
7020 address lists such as that of the forwarders option
7021 failed to include the correct error code, file
7022 name, and line number. [RT #1890]
7024 1049. [func] "pid-file none;" will disable writing a pid file.
7027 1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
7030 1047. [bug] named was incorrectly refusing all requests signed
7031 with a TSIG key derived from an unsigned TKEY
7032 negotiation with a NOERROR response. [RT #1886]
7034 1046. [bug] The help message for the --with-openssl configure
7035 option was inaccurate. [RT #1880]
7037 1045. [bug] It was possible to skip saving glue for a nameserver
7040 1044. [bug] Specifying allow-transfer, notify-source, or
7041 notify-source-v6 in a stub zone was not treated
7044 1043. [bug] Specifying a transfer-source or transfer-source-v6
7045 option in the zone statement for a master zone was
7046 not treated as an error. [RT #1876]
7048 1042. [bug] The "config" logging category did not work properly.
7051 1041. [bug] Dig/host/nslookup could catch an assertion failure
7052 on SIGINT due to an uninitialized variable. [RT #1867]
7054 1040. [bug] Multiple listen-on-v6 options with different ports
7055 were not accepted. [RT #1875]
7057 1039. [bug] Negative responses with CNAMEs in the answer section
7058 were cached incorrectly. [RT #1862]
7060 1038. [bug] In servers configured with a tkey-domain option,
7061 TKEY queries with an owner name other than the root
7062 could cause an assertion failure. [RT #1866, #1869]
7064 1037. [bug] Negative responses whose authority section contain
7065 SOA or NS records whose owner names are not equal
7066 equal to or parents of the query name should be
7067 rejected. [RT #1862]
7069 1036. [func] Silently drop requests received via multicast as
7070 long as there is no final multicast DNS standard.
7072 1035. [bug] If we respond to multicast queries (which we
7073 currently do not), respond from a unicast address
7074 as specified in RFC 1123. [RT #137]
7076 1034. [bug] Ignore the RD bit on multicast queries as specified
7077 in RFC 1123. [RT #137]
7079 1033. [bug] Always respond to requests with an unsupported opcode
7080 with NOTIMP, even if we don't have a matching view
7081 or cannot determine the class.
7083 1032. [func] hostname.bind/txt/chaos now returns the name of
7084 the machine hosting the nameserver. This is useful
7085 in diagnosing problems with anycast servers.
7087 1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
7090 1030. [bug] On systems with no resolv.conf file, nsupdate
7091 exited with an error rather than defaulting
7092 to using the loopback address. [RT #1836]
7094 1029. [bug] Some named.conf errors did not cause the loading
7095 of the configuration file to return a failure
7096 status even though they were logged. [RT #1847]
7098 1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
7099 in the wrong directory. [RT #1833]
7101 1027. [bug] RRs having the reserved type 0 should be rejected.
7106 1025. [bug] Don't use multicast addresses to resolve iterative
7109 1024. [port] Compilation failed on HP-UX 11.11 due to
7110 incompatible use of the SIOCGLIFCONF macro
7113 1023. [func] Accept hints without TTLs.
7115 1022. [bug] Don't report empty root hints as "extra data".
7118 1021. [bug] On Win32, log message timestamps were one month
7119 later than they should have been, and the server
7120 would exhibit unspecified behavior in December.
7122 1020. [bug] IXFR log messages did not distinguish between
7123 true IXFRs, AXFR-style IXFRs, and mere version
7126 1019. [bug] The value of the lame-ttl option was limited to 18000
7127 seconds, not 1800 seconds as documented. [RT #1803]
7129 1018. [bug] The default log channel was not always initialized
7130 correctly. [RT #1813]
7132 1017. [bug] When specifying TSIG keys to dig and nsupdate using
7133 the -k option, they must be HMAC-MD5 keys. [RT #1810]
7135 1016. [bug] Slave zones with no backup file were re-transferred
7136 on every server reload.
7138 1015. [bug] Log channels that had a "versions" option but no
7139 "size" option failed to create numbered log
7142 1014. [bug] Some queries would cause statistics counters to
7143 increment more than once or not at all. [RT #1321]
7145 1013. [bug] It was possible to cancel a query twice when marking
7146 a server as bogus or by having a blackhole acl.
7149 1012. [bug] The -p option to named did not behave as documented.
7151 1011. [cleanup] Removed isc_dir_current().
7153 1010. [bug] The server could attempt to execute a command channel
7154 command after initiating server shutdown, causing
7155 an assertion failure. [RT #1766]
7157 1009. [port] OpenUNIX 8 support. [RT #1728]
7159 1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
7161 1007. [port] config.guess, config.sub from autoconf-2.52.
7163 1006. [bug] If a KEY RR was found missing during DNSSEC validation,
7164 an assertion failure could subsequently be triggered
7165 in the resolver. [RT #1763]
7167 1005. [bug] Don't copy nonzero RCODEs from request to response.
7170 1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
7172 1003. [func] Add the +retry option to dig.
7174 1002. [bug] When reporting an unknown class name in named.conf,
7175 including the file name and line number. [RT #1759]
7177 1001. [bug] win32 socket code doio_recv was not catching a
7178 WSACONNRESET error when a client was timing out
7179 the request and closing its socket. [RT #1745]
7181 1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
7182 for class "HS". [RT #1759]
7184 999. [func] "rndc retransfer zone [class [view]]" added.
7187 998. [func] named-checkzone now has arguments to specify the
7188 chroot directory (-t) and working directory (-w).
7191 997. [func] Add support for RSA-SHA1 keys (RFC3110).
7193 996. [func] Issue warning if the configuration filename contains
7196 995. [bug] dig, host, nslookup: using a raw IPv6 address as a
7197 target address should be fatal on a IPv4 only system.
7199 994. [func] Treat non-authoritative responses to queries for type
7200 NS as referrals even if the NS records are in the
7201 answer section, because BIND 8 servers incorrectly
7202 send them that way. This is necessary for DNSSEC
7203 validation of the NS records of a secure zone to
7204 succeed when the parent is a BIND 8 server. [RT #1706]
7206 993. [func] dig: -v now reports the version.
7208 992. [doc] dig: ~/.digrc is now documented.
7210 991. [func] Lower UDP refresh timeout messages to level
7213 990. [bug] The rndc-confgen man page was not installed.
7215 989. [bug] Report filename if $INCLUDE fails for file related
7218 988. [bug] 'additional-from-auth no;' did not work reliably
7219 in the case of queries answered from the cache.
7222 987. [bug] "dig -help" didn't show "+[no]stats".
7224 986. [bug] "dig +noall" failed to clear stats and command
7227 985. [func] Consider network interfaces to be up iff they have
7228 a nonzero IP address rather than based on the
7229 IFF_UP flag. [RT #1160]
7231 984. [bug] Multi-threading should be enabled by default on
7232 Solaris 2.7 and newer, but it wasn't.
7234 983. [func] The server now supports generating IXFR difference
7235 sequences for non-dynamic zones by comparing zone
7236 versions, when enabled using the new config
7237 option "ixfr-from-differences". [RT #1727]
7239 982. [func] If "memstatistics-file" is set in options the memory
7240 statistics will be written to it.
7242 981. [func] The dnssec tools can now take multiple '-r randomfile'
7245 980. [bug] Incoming zone transfers restarting after an error
7246 could trigger an assertion failure. [RT #1692]
7248 979. [func] Incremental master file dumping. dns_master_dumpinc(),
7249 dns_master_dumptostreaminc(), dns_dumpctx_attach(),
7250 dns_dumpctx_detach(), dns_dumpctx_cancel(),
7251 dns_dumpctx_db() and dns_dumpctx_version().
7253 978. [bug] dns_db_attachversion() had an invalid REQUIRE()
7256 977. [bug] Improve "not at top of zone" error message.
7258 976. [func] named-checkconf can now test load master zones
7259 (named-checkconf -z). [RT #1468]
7261 975. [bug] "max-cache-size default;" as a view option
7262 caused an assertion failure.
7264 974. [bug] "max-cache-size unlimited;" as a global option
7267 973. [bug] Failed to log the question name when logging:
7268 "bad zone transfer request: non-authoritative zone
7271 972. [bug] The file modification time code in zone.c was using the
7272 wrong epoch. [RT #1667]
7276 970. [func] 'max-journal-size' can now be used to set a target
7279 969. [func] dig now supports the undocumented dig 8 feature
7280 of allowing arbitrary labels, not just dotted
7281 decimal quads, with the -x option. This can be
7282 used to conveniently look up RFC2317 names as in
7283 "dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
7285 968. [bug] On win32, the isc_time_now() function was unnecessarily
7286 calling strtime(). [RT #1671]
7288 967. [bug] On win32, the link for bindevt was not including the
7289 required resource file to enable the event viewer
7290 to interpret the error messages in the event log,
7295 965. [bug] Including data other than root server NS and A
7296 records in the root hint file could cause a rbtdb
7297 node reference leak. [RT #1581, #1618]
7299 964. [func] Warn if data other than root server NS and A records
7300 are found in the root hint file. [RT #1581, #1618]
7302 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
7304 962. [bug] libbind: bad "#undef", don't attempt to install
7305 non-existent nlist.h. [RT #1640]
7307 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
7308 was not defined. [RT #1482]
7310 960. [port] liblwres failed to build on systems with support for
7311 getrrsetbyname() in the OS. [RT #1592]
7313 959. [port] On FreeBSD, determine the number of CPUs by calling
7314 sysctlbyname(). [RT #1584]
7316 958. [port] ssize_t is not available on all platforms. [RT #1607]
7318 957. [bug] sys/select.h inclusion was broken on older platforms.
7321 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
7322 in named/win32/os.c due to code changes in
7323 change #953. win32 .make file for rndc-confgen
7324 updated to add include path for os.h header.
7326 --- 9.2.0rc1 released ---
7328 955. [bug] When using views, the zone's class was not being
7329 inherited from the view's class. [RT #1583]
7331 954. [bug] When requesting AXFRs or IXFRs using dig, host, or
7332 nslookup, the RD bit should not be set as zone
7333 transfers are inherently non-recursive. [RT #1575]
7335 953. [func] The /var/run/named.key file from change #843
7336 has been replaced by /etc/rndc.key. Both
7337 named and rndc will look for this file and use
7338 it to configure a default control channel key
7339 if not already configured using a different
7340 method (rndc.conf / controls). Unlike
7341 named.key, rndc.key is not created automatically;
7342 it must be created by manually running
7345 952. [bug] The server required manual intervention to serve the
7346 affected zones if it died between creating a journal
7347 and committing the first change to it.
7349 951. [bug] CFLAGS was not passed to the linker when
7350 linking some of the test programs under
7351 bin/tests. [RT #1555].
7353 950. [bug] Explicit TTLs did not properly override $TTL
7354 due to a bug in change 834. [RT #1558]
7356 949. [bug] host was unable to print records larger than 512
7359 --- 9.2.0b2 released ---
7361 948. [port] Integrated support for building on Windows NT /
7364 947. [bug] dns_rdata_soa_t had a badly named element "mname" which
7365 was really the RNAME field from RFC1035. To avoid
7366 confusion and silent errors that would occur it the
7367 "origin" and "mname" elements were given their correct
7368 names "mname" and "rname" respectively, the "mname"
7369 element is renamed to "contact".
7371 946. [cleanup] doc/misc/options is now machine-generated from the
7372 configuration parser syntax tables, and therefore
7373 more likely to be correct.
7375 945. [func] Add the new view-specific options
7376 "match-destinations" and "match-recursive-only".
7378 944. [func] Check for expired signatures on load.
7380 943. [bug] The server could crash when receiving a command
7381 via rndc if the configuration file listed only
7382 nonexistent keys in the controls statement. [RT #1530]
7384 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly
7385 defined on some platforms.
7387 941. [bug] The configuration checker crashed if a slave
7388 zone didn't contain a masters statement. [RT #1514]
7390 940. [bug] Double zone locking failure on error path. [RT #1510]
7392 --- 9.2.0b1 released ---
7394 939. [port] Add the --disable-linux-caps option to configure for
7395 systems that manage capabilities outside of named.
7400 937. [bug] A race when shutting down a zone could trigger a
7401 INSIST() failure. [RT #1034]
7403 936. [func] Warn about IPv4 addresses that are not complete
7404 dotted quads. [RT #1084]
7406 935. [bug] inet_pton failed to reject leading zeros.
7408 934. [port] Deal with systems where accept() spuriously returns
7411 933. [bug] configure failed doing libbind on platforms not
7412 supported by BIND 8. [RT #1496]
7414 --- 9.2.0a3 released ---
7416 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
7417 when installing isc-config.sh.
7420 931. [bug] The controls statement only attempted to verify
7421 messages using the first key in the key list.
7424 930. [func] Query performance testing tool added as
7429 928. [bug] nsupdate would send empty update packets if the
7430 send (or empty line) command was run after
7431 another send but before any new updates or
7432 prerequisites were specified. It should simply
7433 ignore this command.
7435 927. [bug] Don't hold the zone lock for the entire dump to disk.
7438 926. [bug] The resolver could deadlock with the ADB when
7439 shutting down (multi-threaded builds only).
7442 925. [cleanup] Remove openssl from the distribution; require that
7443 --with-openssl be specified if DNSSEC is needed.
7445 924. [port] Extend support for pre-RFC2133 IPv6 implementation.
7448 923. [bug] Multiline TSIG secrets (and other multiline strings)
7449 were not accepted in named.conf. [RT #1469]
7451 922. [func] Added two new lwres_getrrsetbyname() result codes,
7452 ERR_NONAME and ERR_NODATA.
7454 921. [bug] lwres returned an incorrect error code if it received
7455 a truncated message.
7457 920. [func] Increase the lwres receive buffer size to 16K.
7462 918. [func] In nsupdate, TSIG errors are no longer treated as
7465 917. [func] New nsupdate command 'key', allowing TSIG keys to
7466 be specified in the nsupdate command stream rather
7467 than the command line.
7469 916. [bug] Specifying type ixfr to dig without specifying
7470 a serial number failed in unexpected ways.
7472 915. [func] The named-checkconf and named-checkzone programs
7473 now have a '-v' option for printing their version.
7476 914. [bug] Global 'server' statements were rejected when
7477 using views, even though they were accepted
7480 913. [bug] Cache cleaning was not sufficiently aggressive.
7483 912. [bug] Attempts to set the 'additional-from-cache' or
7484 'additional-from-auth' option to 'no' in a
7485 server with recursion enabled will now
7486 be ignored and cause a warning message.
7491 910. [port] Some pre-RFC2133 IPv6 implementations do not define
7492 IN6ADDR_ANY_INIT. [RT #1416]
7496 908. [func] New program, rndc-confgen, to simplify setting up rndc.
7498 907. [func] The ability to get entropy from either the
7499 random device, a user-provided file or from
7500 the keyboard was migrated from the DNSSEC tools
7501 to libisc as isc_entropy_usebestsource().
7503 906. [port] Separated the system independent portion of
7504 lib/isc/unix/entropy.c into lib/isc/entropy.c
7505 and added lib/isc/win32/entropy.c.
7507 905. [bug] Configuring a forward "zone" for the root domain
7508 did not work. [RT #1418]
7510 904. [bug] The server would leak memory if attempting to use
7511 an expired TSIG key. [RT #1406]
7513 903. [bug] dig should not crash when receiving a TCP packet
7516 902. [bug] The -d option was ignored if both -t and -g were also
7521 900. [bug] A config.guess update changed the system identification
7522 string of FreeBSD systems; configure and
7523 bin/tests/system/ifconfig.sh now recognize the new
7526 --- 9.2.0a2 released ---
7528 899. [bug] lib/dns/soa.c failed to compile on many platforms
7529 due to inappropriate use of a void value.
7530 [RT #1372, #1373, #1386, #1387, #1395]
7532 898. [bug] "dig" failed to set a nonzero exit status
7533 on UDP query timeout. [RT #1323]
7535 897. [bug] A config.guess update changed the system identification
7536 string of UnixWare systems; configure now recognizes
7539 896. [bug] If a configuration file is set on named's command line
7540 and it has a relative pathname, the current directory
7541 (after any possible jailing resulting from named -t)
7542 will be prepended to it so that reloading works
7543 properly even when a directory option is present.
7545 895. [func] New function, isc_dir_current(), akin to POSIX's
7548 894. [bug] When using the DNSSEC tools, a message intended to warn
7549 when the keyboard was being used because of the lack
7550 of a suitable random device was not being printed.
7552 893. [func] Removed isc_file_test() and added isc_file_exists()
7553 for the basic functionality that was being added
7554 with isc_file_test().
7558 891. [bug] Return an error when a SIG(0) signed response to
7559 an unsigned query is seen. This should actually
7560 do the verification, but it's not currently
7561 possible. [RT #1391]
7563 890. [cleanup] The man pages no longer require the mandoc macros
7564 and should now format cleanly using most versions of
7565 nroff, and HTML versions of the man pages have been
7566 added. Both are generated from DocBook source.
7568 889. [port] Eliminated blank lines before .TH in nroff man
7569 pages since they cause problems with some versions
7570 of nroff. [RT #1390]
7572 888. [bug] Don't die when using TKEY to delete a nonexistent
7573 TSIG key. [RT #1392]
7575 887. [port] Detect broken compilers that can't call static
7576 functions from inline functions. [RT #1212]
7618 866. [func] Close debug only file channels when debug is set to
7621 865. [bug] The new configuration parser did not allow
7622 the optional debug level in a "severity debug"
7623 clause of a logging channel to be omitted.
7624 This is now allowed and treated as "severity
7625 debug 1;" like it does in BIND 8.2.4, not as
7626 "severity debug 0;" like it did in BIND 9.1.
7629 864. [cleanup] Multi-threading is now enabled by default on
7630 OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
7632 863. [bug] If an error occurred while an outgoing zone transfer
7633 was starting up, the server could access a domain
7634 name that had already been freed when logging a
7635 message saying that the transfer was starting.
7638 862. [bug] Use after realloc(), non portable pointer arithmetic in
7641 861. [port] Add support for Mac OS X, by making it equivalent
7642 to Darwin. This was derived from the config.guess
7643 file shipped with Mac OS X. [RT #1355]
7645 860. [func] Drop cross class glue in zone transfers.
7647 859. [bug] Cache cleaning now won't swamp the CPU if there
7648 is a persistent over limit condition.
7650 858. [func] isc_mem_setwater() no longer requires that when the
7651 callback function is non-NULL then its hi_water
7652 argument must be greater than its lo_water argument
7653 (they can now be equal) or that they be non-zero.
7655 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
7656 structs, for our friends in EBCDIC-land.
7658 856. [func] Allow partial rdatasets to be returned in answer and
7659 authority sections to help non-TCP capable clients
7660 recover from truncation. [RT #1301]
7662 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
7664 854. [bug] The config parser didn't properly handle config
7665 options that were specified in units of time other
7666 than seconds. [RT #1372]
7668 853. [bug] configure_view_acl() failed to detach existing acls.
7671 852. [bug] Handle responses from servers which do not know
7674 851. [cleanup] The obsolete support-ixfr option was not properly
7677 --- 9.2.0a1 released ---
7679 850. [bug] dns_rbt_findnode() would not find nodes that were
7680 split on a bitstring label somewhere other than in
7681 the last label of the node. [RT #1351]
7683 849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
7685 848. [func] A minimum max-cache-size of two megabytes is enforced
7686 by the cache cleaner.
7688 847. [func] Added isc_file_test(), which currently only has
7689 some very basic functionality to test for the
7690 existence of a file, whether a pathname is absolute,
7691 or whether a pathname is the fundamental representation
7692 of the current directory. It is intended that this
7693 function can be expanded to test other things a
7694 programmer might want to know about a file.
7696 846. [func] A non-zero 'param' to dst_key_generate() when making an
7697 hmac-md5 key means that good entropy is not required.
7699 845. [bug] The access rights on the public file of a symmetric
7700 key are now restricted as soon as the file is opened,
7701 rather than after it has been written and closed.
7703 844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
7704 just as <lwres/net.h> does.
7706 843. [func] If no controls statement is present in named.conf,
7707 or if any inet phrase of a controls statement is
7708 lacking a keys clause, then a key will be automatically
7709 generated by named and an rndc.conf-style file
7710 named named.key will be written that uses it. rndc
7711 will use this file only if its normal configuration
7712 file, or one provided on the command line, does not
7715 842. [func] 'rndc flush' now takes an optional view.
7717 841. [bug] When sdb modules were not declared threadsafe, their
7718 create and destroy functions were not serialized.
7720 840. [bug] The config file parser could print the wrong file
7721 name if an error was detected after an included file
7722 was parsed. [RT #1353]
7724 839. [func] Dump packets for which there was no view or that the
7725 class could not be determined to category "unmatched".
7727 838. [port] UnixWare 7.x.x is now suported by
7728 bin/tests/system/ifconfig.sh.
7730 837. [cleanup] Multi-threading is now enabled by default only on
7731 OSF1, Solaris 2.7 and newer, and AIX.
7733 836. [func] Upgraded libtool to 1.4.
7735 835. [bug] The dispatcher could enter a busy loop if
7736 it got an I/O error receiving on a UDP socket.
7739 834. [func] Accept (but warn about) master files beginning with
7740 an SOA record without an explicit TTL field and
7741 lacking a $TTL directive, by using the SOA MINTTL
7742 as a default TTL. This is for backwards compatibility
7743 with old versions of BIND 8, which accepted such
7744 files without warning although they are illegal
7745 according to RFC1035.
7747 833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
7748 <dns/soa.h>, and extended them to support
7749 all the integer-valued fields of the SOA RR.
7751 832. [bug] The default location for named.conf in named-checkconf
7752 should depend on --sysconfdir like it does in named.
7757 830. [func] Implement 'rndc status'.
7759 829. [bug] The DNS_R_ZONECUT result code should only be returned
7760 when an ANY query is made with DNS_DBFIND_GLUEOK set.
7761 In all other ANY query cases, returning the delegation
7764 828. [bug] The errno value from recvfrom() could be overwritten
7765 by logging code. [RT #1293]
7767 827. [bug] When an IXFR protocol error occurs, the slave
7768 should retry with AXFR.
7770 826. [bug] Some IXFR protocol errors were not detected.
7772 825. [bug] zone.c:ns_query() detached from the wrong zone
7773 reference. [RT #1264]
7775 824. [bug] Correct line numbers reported by dns_master_load().
7778 823. [func] The output of "dig -h" now goes to stdout so that it
7779 can easily be piped through "more". [RT #1254]
7781 822. [bug] Sending nxrrset prerequisites would crash nsupdate.
7784 821. [bug] The program name used when logging to syslog should
7785 be stripped of leading path components.
7788 820. [bug] Name server address lookups failed to follow
7789 A6 chains into the glue of local authoritative
7792 819. [bug] In certain cases, the resolver's attempts to
7793 restart an address lookup at the root could cause
7794 the fetch to deadlock (with itself) instead of
7795 restarting. [RT #1225]
7797 818. [bug] Certain pathological responses to ANY queries could
7798 cause an assertion failure. [RT #1218]
7800 817. [func] Adjust timeouts for dialup zone queries.
7802 816. [bug] Report potential problems with log file accessibility
7803 at configuration time, since such problems can't
7804 reliably be reported at the time they actually occur.
7806 815. [bug] If a log file was specified with a path separator
7807 character (i.e. "/") in its name and the directory
7808 did not exist, the log file's name was treated as
7809 though it were the directory name. [RT #1189]
7811 814. [bug] Socket objects left over from accept() failures
7812 were incorrectly destroyed, causing corruption
7813 of socket manager data structures.
7815 813. [bug] File descriptors exceeding FD_SETSIZE were handled
7818 812. [bug] dig sometimes printed incomplete IXFR responses
7819 due to an uninitialized variable. [RT #1188]
7821 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
7823 810. [bug] The signer name in SIG records was not properly
7824 down-cased when signing/verifying records. [RT #1186]
7826 809. [bug] Configuring a non-local address as a transfer-source
7827 could cause an assertion failure during load.
7829 808. [func] Add 'rndc flush' to flush the server's cache.
7831 807. [bug] When setting up TCP connections for incoming zone
7832 transfers, the transfer-source port was not
7833 ignored like it should be.
7835 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
7836 the calling stack to the zone maintenance level,
7837 causing zones to not reload when an included file was
7838 touched but the top-level zone file was not.
7840 805. [bug] When using "forward only", missing root hints should
7841 not cause queries to fail. [RT #1143]
7843 804. [bug] Attempting to obtain entropy could fail in some
7844 situations. This would be most common on systems
7845 with user-space threads. [RT #1131]
7847 803. [bug] Treat all SIG queries as if they have the CD bit set,
7848 otherwise no data will be returned [RT #749]
7850 802. [bug] DNSSEC key tags were computed incorrectly in almost
7851 all cases. [RT #1146]
7853 801. [bug] nsupdate should treat lines beginning with ';' as
7854 comments. [RT #1139]
7856 800. [bug] dnssec-signzone produced incorrect statistics for
7857 large zones. [RT #1133]
7859 799. [bug] The ADB didn't find AAAA glue in a zone unless A6
7860 glue was also present.
7862 798. [bug] nsupdate should be able to reject bad input lines
7863 and continue. [RT #1130]
7865 797. [func] Issue a warning if the 'directory' option contains
7866 a relative path. [RT #269]
7868 796. [func] When a size limit is associated with a log file,
7869 only roll it when the size is reached, not every
7870 time the log file is opened. [RT #1096]
7872 795. [func] Add the +multiline option to dig. [RT #1095]
7874 794. [func] Implement the "port" and "default-port" statements
7877 793. [cleanup] The DNSSEC tools could create filenames that were
7878 illegal or contained shell meta-characters. They
7879 now use a different text encoding of names that
7880 doesn't have these problems. [RT #1101]
7882 792. [cleanup] Replace the OMAPI command channel protocol with a
7885 791. [bug] The command channel now works over IPv6.
7887 790. [bug] Wildcards created using dynamic update or IXFR
7888 could fail to match. [RT #1111]
7890 789. [bug] The "localhost" and "localnets" ACLs did not match
7891 when used as the second element of a two-element
7894 788. [func] Add the "match-mapped-addresses" option, which
7895 causes IPv6 v4mapped addresses to be treated as
7896 IPv4 addresses for the purpose of acl matching.
7898 787. [bug] The DNSSEC tools failed to downcase domain
7899 names when mapping them into file names.
7901 786. [bug] When DNSSEC signing/verifying data, owner names were
7902 not properly down-cased.
7904 785. [bug] A race condition in the resolver could cause
7905 an assertion failure. [RT #673, #872, #1048]
7907 784. [bug] nsupdate and other programs would not quit properly
7908 if some signals were blocked by the caller. [RT #1081]
7910 783. [bug] Following CNAMEs could cause an assertion failure
7911 when either using an sdb database or under very
7914 782. [func] Implement the "serial-query-rate" option.
7916 781. [func] Avoid error packet loops by dropping duplicate FORMERR
7917 responses. [RT #1006]
7919 780. [bug] Error handling code dealing with out of memory or
7920 other rare errors could lead to assertion failures
7921 by calling functions on uninitialized names. [RT #1065]
7923 779. [func] Added the "minimal-responses" option.
7925 778. [bug] When starting cache cleaning, cleaning_timer_action()
7926 returned without first pausing the iterator, which
7927 could cause deadlock. [RT #998]
7929 777. [bug] An empty forwarders list in a zone failed to override
7930 global forwarders. [RT #995]
7932 776. [func] Improved error reporting in denied messages. [RT #252]
7936 774. [func] max-cache-size is implemented.
7938 773. [func] Added isc_rwlock_trylock() to attempt to lock without
7941 772. [bug] Owner names could be incorrectly omitted from cache
7942 dumps in the presence of negative caching entries.
7945 771. [cleanup] TSIG errors related to unsynchronized clocks
7946 are logged better. [RT #919]
7948 770. [func] Add the "edns yes_or_no" statement to the server
7951 769. [func] Improved error reporting when parsing rdata. [RT #740]
7953 768. [bug] The server did not emit an SOA when a CNAME
7954 or DNAME chain ended in NXDOMAIN in an
7959 766. [bug] A few cases in query_find() could leak fname.
7960 This would trigger the mpctx->allocated == 0
7961 assertion when the server exited.
7962 [RT #739, #776, #798, #812, #818, #821, #845,
7965 765. [func] ACL names are once again case insensitive, like
7966 in BIND 8. [RT #252]
7968 764. [func] Configuration files now allow "include" directives
7969 in more places, such as inside the "view" statement.
7970 [RT #377, #728, #860]
7972 763. [func] Configuration files no longer have reserved words.
7975 762. [cleanup] The named.conf and rndc.conf file parsers have
7976 been completely rewritten.
7978 761. [bug] _REENTRANT was still defined when building with
7981 760. [contrib] Significant enhancements to the pgsql sdb driver.
7983 759. [bug] The resolver didn't turn off "avoid fetches" mode
7984 when restarting, possibly causing resolution
7985 to fail when it should not. This bug only affected
7986 platforms which support both IPv4 and IPv6. [RT #927]
7988 758. [bug] The "avoid fetches" code did not treat negative
7989 cache entries correctly, causing fetches that would
7990 be useful to be avoided. This bug only affected
7991 platforms which support both IPv4 and IPv6. [RT #927]
7993 757. [func] Log zone transfers.
7995 756. [bug] dns_zone_load() could "return" success when no master
7996 file was configured.
7998 755. [bug] Fix incorrectly formatted log messages in zone.c.
8000 754. [bug] Certain failure conditions sending UDP packets
8001 could cause the server to retry the transmission
8002 indefinitely. [RT #902]
8004 753. [bug] dig, host, and nslookup would fail to contact a
8005 remote server if getaddrinfo() returned an IPv6
8006 address on a system that doesn't support IPv6.
8009 752. [func] Correct bad tv_usec elements returned by
8012 751. [func] Log successful zone loads / transfers. [RT #898]
8014 750. [bug] A query should not match a DNAME whose trust level
8015 is pending. [RT #916]
8017 749. [bug] When a query matched a DNAME in a secure zone, the
8018 server did not return the signature of the DNAME.
8021 748. [doc] List supported RFCs in doc/misc/rfc-compliance.
8024 747. [bug] The code to determine whether an IXFR was possible
8025 did not properly check for a database that could
8026 not have a journal. [RT #865, #908]
8028 746. [bug] The sdb didn't clone rdatasets properly, causing
8029 a crash when the server followed delegations. [RT #905]
8031 745. [func] Report the owner name of records that fail
8032 semantic checks while loading.
8034 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
8035 result of an ANY or SIG query, the resolver failed
8036 to setup the return event's rdatasets, causing an
8037 assertion failure in the query code. [RT #881]
8039 743. [bug] Receiving a large number of certain malformed
8040 answers could cause named to stop responding.
8045 741. [port] Support openssl-engine. [RT #709]
8047 740. [port] Handle openssl library mismatches slightly better.
8049 739. [port] Look for /dev/random in configure, rather than
8050 assuming it will be there for only a predefined
8053 738. [bug] If a non-threadsafe sdb driver supported AXFR and
8054 received an AXFR request, it would deadlock or die
8055 with an assertion failure. [RT #852]
8057 737. [port] stdtime.c failed to compile on certain platforms.
8059 736. [func] New functions isc_task_{begin,end}exclusive().
8061 735. [doc] Add BIND 4 migration notes.
8063 734. [bug] An attempt to re-lock the zone lock could occur if
8064 the server was shutdown during a zone transfer.
8067 733. [bug] Reference counts of dns_acl_t objects need to be
8068 locked but were not. [RT #801, #821]
8070 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
8072 731. [bug] Certain zone errors could cause named-checkzone to
8073 fail ungracefully. [RT #819]
8075 730. [bug] lwres_getaddrinfo() returns the correct result when
8076 it fails to contact a server. [RT #768]
8078 729. [port] pthread_setconcurrency() needs to be called on Solaris.
8080 728. [bug] Fix comment processing on master file directives.
8083 727. [port] Work around OS bug where accept() succeeds but
8084 fails to fill in the peer address of the accepted
8085 connection, by treating it as an error rather than
8086 an assertion failure. [RT #809]
8088 726. [func] Implement the "trace" and "notrace" commands in rndc.
8090 725. [bug] Installing man pages could fail.
8092 724. [func] New libisc functions isc_netaddr_any(),
8095 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
8096 to return DNS_R_SERVFAIL. [RT #783]
8098 722. [func] Allow incremental loads to be canceled.
8100 721. [cleanup] Load manager and dns_master_loadfilequota() are no
8103 720. [bug] Server could enter infinite loop in
8104 dispatch.c:do_cancel(). [RT #733]
8106 719. [bug] Rapid reloads could trigger an assertion failure.
8109 718. [cleanup] "internal" is no longer a reserved word in named.conf.
8112 717. [bug] Certain TKEY processing failure modes could
8113 reference an uninitialized variable, causing the
8114 server to crash. [RT #750]
8116 716. [bug] The first line of a $INCLUDE master file was lost if
8117 an origin was specified. [RT #744]
8119 715. [bug] Resolving some A6 chains could cause an assertion
8120 failure in adb.c. [RT #738]
8122 714. [bug] Preserve interval timers across reloads unless changed.
8125 713. [func] named-checkconf takes '-t directory' similar to named.
8128 712. [bug] Sending a large signed update message caused an
8129 assertion failure. [RT #718]
8131 711. [bug] The libisc and liblwres implementations of
8132 inet_ntop contained an off by one error.
8134 710. [func] The forwarders statement now takes an optional
8137 709. [bug] ANY or SIG queries for data with a TTL of 0
8138 would return SERVFAIL. [RT #620]
8140 708. [bug] When building with --with-openssl, the openssl headers
8141 included with BIND 9 should not be used. [RT #702]
8143 707. [func] The "filename" argument to named-checkzone is no
8144 longer optional, to reduce confusion. [RT #612]
8146 706. [bug] Zones with an explicit "allow-update { none; };"
8147 were considered dynamic and therefore not reloaded
8148 on SIGHUP or "rndc reload".
8150 705. [port] Work out resource limit type for use where rlim_t is
8151 not available. [RT #695]
8153 704. [port] RLIMIT_NOFILE is not available on all platforms.
8156 703. [port] sys/select.h is needed on older platforms. [RT #695]
8158 702. [func] If the address 0.0.0.0 is seen in resolv.conf,
8159 use 127.0.0.1 instead. [RT #693]
8161 701. [func] Root hints are now fully optional. Class IN
8162 views use compiled-in hints by default, as
8163 before. Non-IN views with no root hints now
8164 provide authoritative service but not recursion.
8165 A warning is logged if a view has neither root
8166 hints nor authoritative data for the root. [RT #696]
8168 700. [bug] $GENERATE range check was wrong. [RT #688]
8170 699. [bug] The lexer mishandled empty quoted strings. [RT #694]
8172 698. [bug] Aborting nsupdate with ^C would lead to several
8175 697. [bug] nsupdate was not compatible with the undocumented
8176 BIND 8 behavior of ignoring TTLs in "update delete"
8179 696. [bug] lwresd would die with an assertion failure when passed
8180 a zero-length name. [RT #692]
8182 695. [bug] If the resolver attempted to query a blackholed or
8183 bogus server, the resolution would fail immediately.
8185 694. [bug] $GENERATE did not produce the last entry.
8188 693. [bug] An empty lwres statement in named.conf caused
8189 the server to crash while loading.
8191 692. [bug] Deal with systems that have getaddrinfo() but not
8192 gai_strerror(). [RT #679]
8194 691. [bug] Configuring per-view forwarders caused an assertion
8195 failure. [RT #675, #734]
8197 690. [func] $GENERATE now supports DNAME. [RT #654]
8199 689. [doc] man pages are now installed. [RT #210]
8201 688. [func] "make tags" now works on systems with the
8202 "Exuberant Ctags" etags.
8204 687. [bug] Only say we have IPv6, with sufficient functionality,
8205 if it has actually been tested. [RT #586]
8207 686. [bug] dig and nslookup can now be properly aborted during
8208 blocking operations. [RT #568]
8210 685. [bug] nslookup should use the search list/domain options
8211 from resolv.conf by default. [RT #405, #630]
8213 684. [bug] Memory leak with view forwarders. [RT #656]
8215 683. [bug] File descriptor leak in isc_lex_openfile().
8217 682. [bug] nslookup displayed SOA records incorrectly. [RT #665]
8219 681. [bug] $GENERATE specifying output format was broken. [RT #653]
8221 680. [bug] dns_rdata_fromstruct() mishandled options bigger
8224 679. [bug] $INCLUDE could leak memory and file descriptors on
8227 678. [bug] "transfer-format one-answer;" could trigger an assertion
8230 677. [bug] dnssec-signzone would occasionally use the wrong ttl
8231 for database operations and fail. [RT #643]
8233 676. [bug] Log messages about lame servers to category
8234 'lame-servers' rather than 'resolver', so as not
8235 to be gratuitously incompatible with BIND 8.
8237 675. [bug] TKEY queries could cause the server to leak
8240 674. [func] Allow messages to be TSIG signed / verified using
8241 a offset from the current time.
8243 673. [func] The server can now convert RFC1886-style recursive
8244 lookup requests into RFC2874-style lookups, when
8245 enabled using the new option "allow-v6-synthesis".
8247 672. [bug] The wrong time was in the "time signed" field when
8248 replying with BADTIME error.
8250 671. [bug] The message code was failing to parse a message with
8251 no question section and a TSIG record. [RT #628]
8253 670. [bug] The lwres replacements for getaddrinfo and
8254 getipnodebyname didn't properly check for the
8255 existence of the sockaddr sa_len field.
8257 669. [bug] dnssec-keygen now makes the public key file
8258 non-world-readable for symmetric keys. [RT #403]
8260 668. [func] named-checkzone now reports multiple errors in master
8263 667. [bug] On Linux, running named with the -u option and a
8264 non-world-readable configuration file didn't work.
8267 666. [bug] If a request sent by dig is longer than 512 bytes,
8270 665. [bug] Signed responses were not sent when the size of the
8271 TSIG + question exceeded the maximum message size.
8274 664. [bug] The t_tasks and t_timers module tests are now skipped
8275 when building without threads, since they require
8278 663. [func] Accept a size_spec, not just an integer, in the
8279 (unimplemented and ignored) max-ixfr-log-size option
8280 for compatibility with recent versions of BIND 8.
8283 662. [bug] dns_rdata_fromtext() failed to log certain errors.
8285 661. [bug] Certain UDP IXFR requests caused an assertion failure
8286 (mpctx->allocated == 0). [RT #355, #394, #623]
8288 660. [port] Detect multiple CPUs on HP-UX and IRIX.
8290 659. [performance] Rewrite the name compression code to be much faster.
8292 658. [cleanup] Remove all vestiges of 16 bit global compression.
8294 657. [bug] When a listen-on statement in an lwres block does not
8295 specify a port, use 921, not 53. Also update the
8296 listen-on documentation. [RT #616]
8298 656. [func] Treat an unescaped newline in a quoted string as
8299 an error. This means that TXT records with missing
8300 close quotes should have meaningful errors printed.
8302 655. [bug] Improve error reporting on unexpected eof when loading
8305 654. [bug] Origin was being forgotten in TCP retries in dig.
8308 653. [bug] +defname option in dig was reversed in sense.
8311 652. [bug] zone_saveunique() did not report the new name.
8313 651. [func] The AD bit in responses now has the meaning
8314 specified in <draft-ietf-dnsext-ad-is-secure>.
8316 650. [bug] SIG(0) records were being generated and verified
8317 incorrectly. [RT #606]
8319 649. [bug] It was possible to join to an already running fctx
8320 after it had "cloned" its events, but before it sent
8321 them. In this case, the event of the newly joined
8322 fetch would not contain the answer, and would
8323 trigger the INSIST() in fctx_sendevents(). In
8324 BIND 9.0, this bug did not trigger an INSIST(), but
8325 caused the fetch to fail with a SERVFAIL result.
8326 [RT #588, #597, #605, #607]
8328 648. [port] Add support for pre-RFC2133 IPv6 implementations.
8330 647. [bug] Resolver queries sent after following multiple
8331 referrals had excessively long retransmission
8332 timeouts due to incorrectly counting the referrals
8335 646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
8336 didn't _cleanly_ fix the problem it was trying to fix.
8338 645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
8340 644. [bug] #622 needed more work. [RT #562]
8342 643. [bug] xfrin error messages made more verbose, added class
8343 of the zone. [RT# 599]
8345 642. [bug] Break the exit_check() race in the zone module.
8348 --- 9.1.0b2 released ---
8350 641. [bug] $GENERATE caused a uninitialized link to be used.
8353 640. [bug] Memory leak in error path could cause
8354 "mpctx->allocated == 0" failure. [RT #584]
8356 639. [bug] Reading entropy from the keyboard would sometimes fail.
8359 638. [port] lib/isc/random.c needed to explicitly include time.h
8360 to get a prototype for time() when pthreads was not
8361 being used. [RT #592]
8363 637. [port] Use isc_u?int64_t instead of (unsigned) long long in
8364 lib/isc/print.c. Also allow lib/isc/print.c to
8365 be compiled even if the platform does not need it.
8368 636. [port] Shut up MSVC++ about a possible loss of precision
8369 in the ISC__BUFFER_PUTUINT*() macros. [RT #592]
8371 635. [bug] Reloading a server with a configured blackhole list
8372 would cause an assertion. [RT #590]
8374 634. [bug] A log file will completely stop being written when
8375 it reaches the maximum size in all cases, not just
8376 when versioning is also enabled. [RT #570]
8378 633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
8380 632. [bug] The index array of the journal file was
8381 corrupted as it was written to disk.
8383 631. [port] Build without thread support on systems without
8386 630. [bug] Locking failure in zone code. [RT #582]
8388 629. [bug] 9.1.0b1 dereferenced a null pointer and crashed
8389 when responding to a UDP IXFR request.
8391 628. [bug] If the root hints contained only AAAA addresses,
8392 named would be unable to perform resolution.
8394 627. [bug] The EDNS0 blackhole detection code of change 324
8395 waited for three retransmissions to each server,
8396 which takes much too long when a domain has many
8397 name servers and all of them drop EDNS0 queries.
8398 Now we retry without EDNS0 after three consecutive
8399 timeouts, even if they are all from different
8402 626. [bug] The lightweight resolver daemon no longer crashes
8403 when asked for a SIG rrset. [RT #558]
8405 625. [func] Zones now inherit their class from the enclosing view.
8407 624. [bug] The zone object could get timer events after it had
8408 been destroyed, causing a server crash. [RT #571]
8410 623. [func] Added "named-checkconf" and "named-checkzone" program
8411 for syntax checking named.conf files and zone files,
8414 622. [bug] A canceled request could be destroyed before
8415 dns_request_destroy() was called. [RT #562]
8417 621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable.
8418 This mostly affects Red Hat Linux 7.0, which has
8419 conflicts between libc and the kernel.
8421 620. [bug] dns_master_load*inc() now require 'task' and 'load'
8422 to be non-null. Also 'done' will not be called if
8423 dns_master_load*inc() fails immediately. [RT #565]
8427 618. [bug] Queries to a signed zone could sometimes cause
8428 an assertion failure.
8430 617. [bug] When using dynamic update to add a new RR to an
8431 existing RRset with a different TTL, the journal
8432 entries generated from the update did not include
8433 explicit deletions and re-additions of the existing
8434 RRs to update their TTL to the new value.
8436 616. [func] dnssec-signzone -t output now includes performance
8439 615. [bug] dnssec-signzone did not like child keysets signed
8442 614. [bug] Checks for uninitialized link fields were prone
8443 to false positives, causing assertion failures.
8444 The checks are now disabled by default and may
8445 be re-enabled by defining ISC_LIST_CHECKINIT.
8447 613. [bug] "rndc reload zone" now reloads primary zones.
8448 It previously only updated slave and stub zones,
8449 if an SOA query indicated an out of date serial.
8451 612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that
8452 complains relentlessly about how its treatment
8453 of 'const' has changed as well as how casting
8454 sometimes tightens alignment constraints.
8456 611. [func] allow-notify can be used to permit processing of
8457 notify messages from hosts other than a slave's
8460 610. [func] rndc dumpdb is now supported.
8462 609. [bug] getrrsetbyname() would crash lwresd if the server
8463 found more SIGs than answers. [RT #554]
8465 608. [func] dnssec-signzone now adds a comment to the zone
8466 with the time the file was signed.
8468 607. [bug] nsupdate would fail if it encountered a CNAME or
8469 DNAME in a response to an SOA query. [RT #515]
8471 606. [bug] Compiling with --disable-threads failed due
8472 to isc_thread_self() being incorrectly defined
8473 as an integer rather than a function.
8475 605. [func] New function isc_lex_getlasttokentext().
8477 604. [bug] The named.conf parser could print incorrect line
8478 numbers when long comments were present.
8480 603. [bug] Make dig handle multiple types or classes on the same
8481 query more correctly.
8483 602. [func] Cope automatically with UnixWare's broken
8484 IN6_IS_ADDR_* macros. [RT #539]
8486 601. [func] Return a non-zero exit code if an update fails
8489 600. [bug] Reverse lookups sometimes failed in dig, etc...
8491 599. [func] Added four new functions to the libisc log API to
8492 support i18n messages. isc_log_iwrite(),
8493 isc_log_ivwrite(), isc_log_iwrite1() and
8494 isc_log_ivwrite1() were added.
8496 598. [bug] An update-policy statement would cause the server
8497 to assert while loading. [RT #536]
8499 597. [func] dnssec-signzone is now multi-threaded.
8501 596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
8502 not mutually exclusive.
8504 595. [port] On Linux 2.2, socket() returns EINVAL when it
8505 should return EAFNOSUPPORT. Work around this.
8508 594. [func] sdb drivers are now assumed to not be thread-safe
8509 unless the DNS_SDBFLAG_THREADSAFE flag is supplied.
8511 593. [bug] If a secure zone was missing all its NXTs and
8512 a dynamic update was attempted, the server entered
8515 592. [bug] The sig-validity-interval option now specifies a
8516 number of days, not seconds. This matches the
8517 documentation. [RT #529]
8519 --- 9.1.0b1 released ---
8521 591. [bug] Work around non-reentrancy in openssl by disabling
8522 pre-computation in keys.
8524 590. [doc] There are now man pages for the lwres library in
8527 589. [bug] The server could deadlock if a zone was updated
8528 while being transferred out.
8530 588. [bug] ctx->in_use was not being correctly initialized when
8531 when pushing a file for $INCLUDE. [RT #523]
8533 587. [func] A warning is now printed if the "allow-update"
8534 option allows updates based on the source IP
8535 address, to alert users to the fact that this
8536 is insecure and becoming increasingly so as
8537 servers capable of update forwarding are being
8540 586. [bug] multiple views with the same name were fatal. [RT #516]
8542 585. [func] dns_db_addrdataset() and and dns_rdataslab_merge()
8543 now support 'exact' additions in a similar manner to
8544 dns_db_subtractrdataset() and dns_rdataslab_subtract().
8546 584. [func] You can now say 'notify explicit'; to suppress
8547 notification of the servers listed in NS records
8548 and notify only those servers listed in the
8549 'also-notify' option.
8551 583. [func] "rndc querylog" will now toggle logging of
8552 queries, like "ndc querylog" in BIND 8.
8554 582. [bug] dns_zone_idetach() failed to lock the zone.
8557 581. [bug] log severity was not being correctly processed.
8560 580. [func] Ignore trailing garbage on incoming DNS packets,
8561 for interoperability with broken server
8562 implementations. [RT #491]
8564 579. [bug] nsupdate did not take a filename to read update from.
8567 578. [func] New config option "notify-source", to specify the
8568 source address for notify messages.
8570 577. [func] Log illegal RDATA combinations. e.g. multiple
8571 singleton types, cname and other data.
8573 576. [doc] isc_log_create() description did not match reality.
8575 575. [bug] isc_log_create() was not setting internal state
8576 correctly to reflect the default channels created.
8578 574. [bug] TSIG signed queries sent by the resolver would fail to
8579 have their responses validated and would leak memory.
8581 573. [bug] The journal files of IXFRed slave zones were
8582 inadvertently discarded on server reload, causing
8583 "journal out of sync with zone" errors on subsequent
8586 572. [bug] Quoted strings were not accepted as key names in
8587 address match lists.
8589 571. [bug] It was possible to create an rdataset of singleton
8590 type which had more than one rdata. [RT #154]
8593 570. [bug] rbtdb.c allowed zones containing nodes which had
8594 both a CNAME and "other data". [RT #154]
8596 569. [func] The DNSSEC AD bit will not be set on queries which
8597 have not requested a DNSSEC response.
8599 568. [func] Add sample simple database drivers in contrib/sdb.
8601 567. [bug] Setting the zone transfer timeout to zero caused an
8602 assertion failure. [RT #302]
8604 566. [func] New public function dns_timer_setidle().
8606 565. [func] Log queries more like BIND 8: query logging is now
8607 done to category "queries", level "info". [RT #169]
8609 564. [func] Add sortlist support to lwresd.
8611 563. [func] New public functions dns_rdatatype_format() and
8612 dns_rdataclass_format(), for convenient formatting
8613 of rdata type/class mnemonics in log messages.
8615 562. [cleanup] Moved lib/dns/*conf.c to bin/named where they belong.
8617 561. [func] The 'datasize', 'stacksize', 'coresize' and 'files'
8618 clauses of the options{} statement are now implemented.
8620 560. [bug] dns_name_split did not properly the resulting prefix
8621 when a maximal length bitstring label was split which
8622 was preceded by another bitstring label. [RT #429]
8624 559. [bug] dns_name_split did not properly create the suffix
8625 when splitting within a maximal length bitstring label.
8627 558. [func] New functions, isc_resource_getlimit and
8628 isc_resource_setlimit.
8630 557. [func] Symbolic constants for libisc integral types.
8632 556. [func] The DNSSEC OK bit in the EDNS extended flags
8633 is now implemented. Responses to queries without
8634 this bit set will not contain any DNSSEC records.
8636 555. [bug] A slave server attempting a zone transfer could
8637 crash with an assertion failure on certain
8638 malformed responses from the master. [RT #457]
8640 554. [bug] In some cases, not all of the dnssec tools were
8643 553. [bug] Incoming zone transfers deferred due to quota
8644 were not started when quota was increased but
8645 only when a transfer in progress finished. [RT #456]
8647 552. [bug] We were not correctly detecting the end of all c-style
8650 551. [func] Implemented the 'sortlist' option.
8652 550. [func] Support unknown rdata types and classes.
8654 549. [bug] "make" did not immediately abort the build when a
8655 subdirectory make failed [RT #450].
8657 548. [func] The lexer now ungets tokens more correctly.
8661 546. [func] Option 'lame-ttl' is now implemented.
8663 545. [func] Name limit and counting options removed from dig;
8664 they didn't work properly, and cannot be correctly
8665 implemented without significant changes.
8667 544. [func] Add statistics option, enable statistics-file option,
8668 add RNDC option "dump-statistics" to write out a
8669 query statistics file.
8671 543. [doc] The 'port' option is now documented.
8673 542. [func] Add support for update forwarding as required for
8674 full compliance with RFC2136. It is turned off
8675 by default and can be enabled using the
8676 'allow-update-forwarding' option.
8678 541. [func] Add bogus server support.
8680 540. [func] Add dialup support.
8682 539. [func] Support the blackhole option.
8684 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo().
8688 536. [func] Use transfer-source{-v6} when sending refresh queries.
8689 Transfer-source{-v6} now take a optional port
8690 parameter for setting the UDP source port. The port
8691 parameter is ignored for TCP.
8693 535. [func] Use transfer-source{-v6} when forwarding update
8696 534. [func] Ancestors have been removed from RBT chains. Ancestor
8697 information can be discerned via node parent pointers.
8699 533. [func] Incorporated name hashing into the RBT database to
8700 improve search speed.
8702 532. [func] Implement DNS UPDATE pseudo records using
8703 DNS_RDATA_UPDATE flag.
8705 531. [func] Rdata really should be initialized before being assigned
8706 to (dns_rdata_fromwire(), dns_rdata_fromtext(),
8707 dns_rdata_clone(), dns_rdata_fromregion()),
8710 530. [func] New function dns_rdata_invalidate().
8712 529. [bug] 521 contained a bug which caused zones to always
8715 528. [func] The ISC_LIST_XXXX macros now perform sanity checks
8716 on their arguments. ISC_LIST_XXXXUNSAFE can be use
8717 to skip the checks however use with caution.
8719 527. [func] New function dns_rdata_clone().
8721 526. [bug] nsupdate incorrectly refused to add RRs with a TTL
8724 525. [func] New arguments 'options' for dns_db_subtractrdataset(),
8725 and 'flags' for dns_rdataslab_subtract() allowing you
8726 to request that the RR's must exist prior to deletion.
8727 DNS_R_NOTEXACT is returned if the condition is not met.
8729 524. [func] The 'forward' and 'forwarders' statement in
8730 non-forward zones should work now.
8732 523. [doc] The source to the Administrator Reference Manual is
8733 now an XML file using the DocBook DTD, and is included
8734 in the distribution. The plain text version of the
8735 ARM is temporarily unavailable while we figure out
8736 how to generate readable plain text from the XML.
8738 522. [func] The lightweight resolver daemon can now use
8739 a real configuration file, and its functionality
8740 can be provided by a name server. Also, the -p and -P
8741 options to lwresd have been reversed.
8743 521. [bug] Detect master files which contain $INCLUDE and always
8746 520. [bug] Upgraded libtool to 1.3.5, which makes shared
8747 library builds almost work on AIX (and possibly
8750 519. [bug] dns_name_split() would improperly split some bitstring
8751 labels, zeroing a few of the least significant bits in
8752 the prefix part. When such an improperly created
8753 prefix was returned to the RBT database, the bogus
8754 label was dutifully stored, corrupting the tree.
8757 518. [bug] The resolver did not realize that a DNAME which was
8758 "the answer" to the client's query was "the answer",
8759 and such queries would fail. [RT #399]
8761 517. [bug] The resolver's DNAME code would trigger an assertion
8762 if there was more than one DNAME in the chain.
8765 516. [bug] Cache lookups which had a NULL node pointer, e.g.
8766 those by dns_view_find(), and which would match a
8767 DNAME, would trigger an INSIST(!search.need_cleanup)
8768 assertion. [RT #399]
8770 515. [bug] The ssu table was not being attached / detached
8771 by dns_zone_[sg]etssutable. [RT#397]
8773 514. [func] Retry refresh and notify queries if they timeout.
8776 513. [func] New functionality added to rdnc and server to allow
8777 individual zones to be refreshed or reloaded.
8779 512. [bug] The zone transfer code could throw an exception with
8780 an invalid IXFR stream.
8782 511. [bug] The message code could throw an assertion on an
8783 out of memory failure. [RT #392]
8785 510. [bug] Remove spurious view notify warning. [RT #376]
8787 509. [func] Add support for write of zone files on shutdown.
8789 508. [func] dns_message_parse() can now do a best-effort
8790 attempt, which should allow dig to print more invalid
8793 507. [func] New functions dns_zone_flush(), dns_zt_flushanddetach()
8794 and dns_view_flushanddetach().
8796 506. [func] Do not fail to start on errors in zone files.
8798 505. [bug] nsupdate was printing "unknown result code". [RT #373]
8800 504. [bug] The zone was not being marked as dirty when updated via
8803 503. [bug] dumptime was not being set along with
8804 DNS_ZONEFLG_NEEDDUMP.
8806 502. [func] On a SERVFAIL reply, DiG will now try the next server
8807 in the list, unless the +fail option is specified.
8809 501. [bug] Incorrect port numbers were being displayed by
8812 500. [func] Nearly useless +details option removed from DiG.
8814 499. [func] In DiG, specifying a class with -c or type with -t
8815 changes command-line parsing so that classes and
8816 types are only recognized if following -c or -t.
8817 This allows hosts with the same name as a class or
8818 type to be looked up.
8820 498. [doc] There is now a man page for "dig"
8821 in doc/man/bin/dig.1.
8823 497. [bug] The error messages printed when an IP match list
8824 contained a network address with a nonzero host
8825 part where not sufficiently detailed. [RT #365]
8827 496. [bug] named didn't sanity check numeric parameters. [RT #361]
8829 495. [bug] nsupdate was unable to handle large records. [RT #368]
8831 494. [func] Do not cache NXDOMAIN responses for SOA queries.
8833 493. [func] Return non-cachable (ttl = 0) NXDOMAIN responses
8834 for SOA queries. This makes it easier to locate
8835 the containing zone without polluting intermediate
8838 492. [bug] attempting to reload a zone caused the server fail
8839 to shutdown cleanly. [RT #360]
8841 491. [bug] nsupdate would segfault when sending certain
8842 prerequisites with empty RDATA. [RT #356]
8844 490. [func] When a slave/stub zone has not yet successfully
8845 obtained an SOA containing the zone's configured
8846 retry time, perform the SOA query retries using
8847 exponential backoff. [RT #337]
8849 489. [func] The zone manager now has a "i/o" queue.
8851 488. [bug] Locks weren't properly destroyed in some cases.
8853 487. [port] flockfile() is not defined on all systems.
8855 486. [bug] nslookup: "set all" and "server" commands showed
8856 the incorrect port number if a port other than 53
8857 was specified. [RT #352]
8859 485. [func] When dig had more than one server to query, it would
8860 send all of the messages at the same time. Add
8861 rate limiting of the transmitted messages.
8863 484. [bug] When the server was reloaded after removing addresses
8864 from the named.conf "listen-on" statement, sockets
8865 were still listening on the removed addresses due
8866 to reference count loops. [RT #325]
8868 483. [bug] nslookup: "set all" showed a "search" option but it
8871 482. [bug] nslookup: a plain "server" or "lserver" should be
8872 treated as a lookup.
8874 481. [bug] nslookup:get_next_command() stack size could exceed
8877 480. [bug] strtok() is not thread safe. [RT #349]
8879 479. [func] The test suite can now be run by typing "make check"
8880 or "make test" at the top level.
8882 478. [bug] "make install" failed if the directory specified with
8883 --prefix did not already exist.
8885 477. [bug] The the isc-config.sh script could be installed before
8886 its directory was created. [RT #324]
8888 476. [bug] A zone could expire while a zone transfer was in
8889 progress triggering a INSIST failure. [RT #329]
8891 475. [bug] query_getzonedb() sometimes returned a non-null version
8892 on failure. This caused assertion failures when
8893 generating query responses where names subject to
8894 additional section processing pointed to a zone
8895 to which access had been denied by means of the
8896 allow-query option. [RT #336]
8898 474. [bug] The mnemonic of the CHAOS class is CH according to
8899 RFC1035, but it was printed and read only as CHAOS.
8900 We now accept both forms as input, and print it
8903 473. [bug] nsupdate overran the end of the list of name servers
8904 when no servers could be reached, typically causing
8905 it to print the error message "dns_request_create:
8908 472. [bug] Off-by-one error caused isc_time_add() to sometimes
8909 produce invalid time values.
8911 471. [bug] nsupdate didn't compile on HP/UX 10.20
8913 470. [func] $GENERATE is now supported. See also
8916 469. [bug] "query-source address * port 53;" now works.
8918 468. [bug] dns_master_load*() failed to report file and line
8919 number in certain error conditions.
8921 467. [bug] dns_master_load*() failed to log an error if
8924 466. [bug] dns_master_load*() could return success when it failed.
8926 465. [cleanup] Allow 0 to be set as an omapi_value_t value by
8927 omapi_value_storeint().
8929 464. [cleanup] Build with openssl's RSA code instead of dnssafe.
8931 463. [bug] nsupdate sent malformed SOA queries to the second
8932 and subsequent name servers in resolv.conf if the
8933 query sent to the first one failed.
8935 462. [bug] --disable-ipv6 should work now.
8937 461. [bug] Specifying an unknown key in the "keys" clause of the
8938 "controls" statement caused a NULL pointer dereference.
8941 460. [bug] Much of the DNSSEC code only worked with class IN.
8943 459. [bug] Nslookup processed the "set" command incorrectly.
8945 458. [bug] Nslookup didn't properly check class and type values.
8948 457. [bug] Dig/host/hslookup didn't properly handle connect
8949 timeouts in certain situations, causing an
8950 unnecessary warning message to be printed.
8952 456. [bug] Stub zones were not resetting the refresh and expire
8953 counters, loadtime or clearing the DNS_ZONE_REFRESH
8954 (refresh in progress) flag upon successful update.
8955 This disabled further refreshing of the stub zone,
8956 causing it to eventually expire. [RT #300]
8958 455. [doc] Document IPv4 prefix notation does not require a
8959 dotted decimal quad but may be just dotted decimal.
8961 454. [bug] Enforce dotted decimal and dotted decimal quad where
8962 documented as such in named.conf. [RT #304, RT #311]
8964 453. [bug] Warn if the obsolete option "maintain-ixfr-base"
8965 is specified in named.conf. [RT #306]
8967 452. [bug] Warn if the unimplemented option "statistics-file"
8968 is specified in named.conf. [RT #301]
8970 451. [func] Update forwarding implemented.
8972 450. [func] New function ns_client_sendraw().
8974 449. [bug] isc_bitstring_copy() only works correctly if the
8975 two bitstrings have the same lsb0 value, but this
8976 requirement was not documented, nor was there a
8979 448. [bug] Host output formatting change, to match v8. [RT #255]
8981 447. [bug] Dig didn't properly retry in TCP mode after
8982 a truncated reply. [RT #277]
8984 446. [bug] Confusing notify log message. [RT #298]
8986 445. [bug] Doing a 0 bit isc_bitstring_copy() of an lsb0
8987 bitstring triggered a REQUIRE statement. The REQUIRE
8988 statement was incorrect. [RT #297]
8990 444. [func] "recursion denied" messages are always logged at
8991 debug level 1, now, rather than sometimes at ERROR.
8992 This silences these warnings in the usual case, where
8993 some clients set the RD bit in all queries.
8995 443. [bug] When loading a master file failed because of an
8996 unrecognized RR type name, the error message
8997 did not include the file name and line number.
9000 442. [bug] TSIG signed messages that did not match any view
9001 crashed the server. [RT #290]
9003 441. [bug] Nodes obscured by a DNAME were inaccessible even
9004 when DNS_DBFIND_GLUEOK was set.
9006 440. [func] New function dns_zone_forwardupdate().
9008 439. [func] New function dns_request_createraw().
9010 438. [func] New function dns_message_getrawmessage().
9012 437. [func] Log NOTIFY activity to the notify channel.
9014 436. [bug] If recvmsg() returned EHOSTUNREACH or ENETUNREACH,
9015 which sometimes happens on Linux, named would enter
9016 a busy loop. Also, unexpected socket errors were
9017 not logged at a high enough logging level to be
9018 useful in diagnosing this situation. [RT #275]
9020 435. [bug] dns_zone_dump() overwrote existing zone files
9021 rather than writing to a temporary file and
9022 renaming. This could lead to empty or partial
9023 zone files being left around in certain error
9024 conditions involving the initial transfer of a
9025 slave zone, interfering with subsequent server
9028 434. [func] New function isc_file_isabsolute().
9030 433. [func] isc_base64_decodestring() now accepts newlines
9031 within the base64 data. This makes it possible
9032 to break up the key data in a "trusted-keys"
9033 statement into multiple lines. [RT #284]
9035 432. [func] Added refresh/retry jitter. The actual refresh/
9036 retry time is now a random value between 75% and
9037 100% of the configured value.
9039 431. [func] Log at ISC_LOG_INFO when a zone is successfully
9042 430. [bug] Rewrote the lightweight resolver client management
9043 code to handle shutdown correctly and general
9046 429. [bug] The space reserved for a TSIG record in a response
9047 was 2 bytes too short, leading to message
9048 generation failures.
9050 428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
9051 DNS_R_BADDB for nodes which had neither NXT nor SIG NXT
9052 (e.g. glue). This could cause SERVFAILs when
9053 generating negative responses in a secure zone.
9055 427. [bug] Avoid going into an infinite loop when the validator
9056 gets a negative response to a key query where the
9057 records are signed by the missing key.
9059 426. [bug] Attempting to generate an oversized RSA key could
9060 cause dnssec-keygen to dump core.
9062 425. [bug] Warn about the auth-nxdomain default value change
9063 if there is no auth-nxdomain statement in the
9064 config file. [RT #287]
9066 424. [bug] notify_createmessage() could trigger an assertion
9067 failure when creating the notify message failed,
9068 e.g. due to corrupt zones with multiple SOA records.
9071 423. [bug] When responding to a recursive query, errors that occur
9072 after following a CNAME should cause the query to fail.
9075 422. [func] get rid of isc_random_t, and make isc_random_get()
9076 and isc_random_jitter() use rand() internally
9077 instead of local state. Note that isc_random_*()
9078 functions are only for weak, non-critical "randomness"
9079 such as timing jitter and such.
9081 421. [bug] nslookup would exit when given a blank line as input.
9083 420. [bug] nslookup failed to implement the "exit" command.
9085 419. [bug] The certificate type PKIX was misspelled as SKIX.
9087 418. [bug] At debug levels >= 10, getting an unexpected
9088 socket receive error would crash the server
9089 while trying to log the error message.
9091 417. [func] Add isc_app_block() and isc_app_unblock(), which
9092 allow an application to handle signals while
9095 416. [bug] Slave zones with no master file tried to use a
9096 NULL pointer for a journal file name when they
9097 received an IXFR. [RT #273]
9099 415. [bug] The logging code leaked file descriptors.
9101 414. [bug] Server did not shut down until all incoming zone
9102 transfers were finished.
9104 413. [bug] Notify could attempt to use the zone database after
9105 it had been unloaded. [RT#267]
9107 412. [bug] named -v didn't print the version.
9109 411. [bug] A typo in the HS A code caused an assertion failure.
9111 410. [bug] lwres_gethostbyname() and company set lwres_h_errno
9112 to a random value on success.
9114 409. [bug] If named was shut down early in the startup
9115 process, ns_omapi_shutdown() would attempt to lock
9116 an uninitialized mutex. [RT #262]
9118 408. [bug] stub zones could leak memory and reference counts if
9119 all the masters were unreachable.
9121 407. [bug] isc_rwlock_lock() would needlessly block
9122 readers when it reached the read quota even
9123 if no writers were waiting.
9125 406. [bug] Log messages were occasionally lost or corrupted
9126 due to a race condition in isc_log_doit().
9128 405. [func] Add support for selective forwarding (forward zones)
9130 404. [bug] The request library didn't completely work with IPv6.
9132 403. [bug] "host" did not use the search list.
9134 402. [bug] Treat undefined acls as errors, rather than
9135 warning and then later throwing an assertion.
9138 401. [func] Added simple database API.
9140 400. [bug] SIG(0) signing and verifying was done incorrectly.
9143 399. [bug] When reloading the server with a config file
9144 containing a syntax error, it could catch an
9145 assertion failure trying to perform zone
9146 maintenance on, or sending notifies from,
9147 tentatively created zones whose views were
9148 never fully configured and lacked an address
9149 database and request manager.
9151 398. [bug] "dig" sometimes caught an assertion failure when
9152 using TSIG, depending on the key length.
9154 397. [func] Added utility functions dns_view_gettsig() and
9155 dns_view_getpeertsig().
9157 396. [doc] There is now a man page for "nsupdate"
9158 in doc/man/bin/nsupdate.8.
9160 395. [bug] nslookup printed incorrect RR type mnemonics
9161 for RRs of type >= 21 [RT #237].
9163 394. [bug] Current name was not propagated via $INCLUDE.
9165 393. [func] Initial answer while loading (awl) support.
9166 Entry points: dns_master_loadfileinc(),
9167 dns_master_loadstreaminc(), dns_master_loadbufferinc().
9168 Note: calls to dns_master_load*inc() should be rate
9169 be rate limited so as to not use up all file
9172 392. [func] Add ISC_R_FAMILYNOSUPPORT. Returned when OS does
9173 not support the given address family requested.
9175 391. [clarity] ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH.
9177 390. [func] The function dns_zone_setdbtype() now takes
9178 an argc/argv style vector of words and sets
9179 both the zone database type and its arguments,
9180 making the functions dns_zone_adddbarg()
9181 and dns_zone_cleardbargs() unnecessary.
9183 389. [bug] Attempting to send a request over IPv6 using
9184 dns_request_create() on a system without IPv6
9185 support caused an assertion failure [RT #235].
9187 388. [func] dig and host can now do reverse ipv6 lookups.
9189 387. [func] Add dns_byaddr_createptrname(), which converts
9190 an address into the name used by a PTR query.
9192 386. [bug] Missing strdup() of ACL name caused random
9193 ACL matching failures [RT #228].
9195 385. [cleanup] Removed functions dns_zone_equal(), dns_zone_print(),
9198 384. [bug] nsupdate was incorrectly limiting TTLs to 65535 instead
9201 383. [func] When writing a master file, print the SOA and NS
9202 records (and their SIGs) before other records.
9204 382. [bug] named -u failed on many Linux systems where the
9205 libc provided kernel headers do not match
9208 381. [bug] Check for IPV6_RECVPKTINFO and use it instead of
9209 IPV6_PKTINFO if found. [RT #229]
9211 380. [bug] nsupdate didn't work with IPv6.
9213 379. [func] New library function isc_sockaddr_anyofpf().
9215 378. [func] named and lwresd will log the command line arguments
9216 they were started with in the "starting ..." message.
9218 377. [bug] When additional data lookups were refused due to
9219 "allow-query", the databases were still being
9220 attached causing reference leaks.
9222 376. [bug] The server should always use good entropy when
9223 performing cryptographic functions needing entropy.
9225 375. [bug] Per-zone "allow-query" did not properly override the
9226 view/global one for CNAME targets and additional
9229 374. [bug] SOA in authoritative negative responses had wrong TTL.
9231 373. [func] nslookup is now installed by "make install".
9233 372. [bug] Deal with Microsoft DNS servers appending two bytes of
9234 garbage to zone transfer requests.
9236 371. [bug] At high debug levels, doing an outgoing zone transfer
9237 of a very large RRset could cause an assertion failure
9240 370. [bug] The error messages for roll-forward failures were
9243 369. [func] Support new named.conf options, view and zone
9246 max-retry-time, min-retry-time,
9247 max-refresh-time, min-refresh-time.
9249 368. [func] Restructure the internal ".bind" view so that more
9250 zones can be added to it.
9252 367. [bug] Allow proper selection of server on nslookup command
9255 366. [func] Allow use of '-' batch file in dig for stdin.
9257 365. [bug] nsupdate -k leaked memory.
9259 364. [func] Added additional-from-{cache,auth}
9263 362. [bug] rndc no longer aborts if the configuration file is
9264 missing an options statement. [RT #209]
9266 361. [func] When the RBT find or chain functions set the name and
9267 origin for a node that stores the root label
9268 the name is now set to an empty name, instead of ".",
9269 to simplify later use of the name and origin by
9270 dns_name_concatenate(), dns_name_totext() or
9273 360. [func] dns_name_totext() and dns_name_format() now allow
9274 an empty name to be passed, which is formatted as "@".
9276 359. [bug] dnssec-signzone occasionally signed glue records.
9278 358. [cleanup] Rename the intermediate files used by the dnssec
9281 357. [bug] The zone file parser crashed if the argument
9282 to $INCLUDE was a quoted string.
9284 356. [cleanup] isc_task_send no longer requires event->sender to
9287 355. [func] Added isc_dir_createunique(), similar to mkdtemp().
9289 354. [doc] Man pages for the dnssec tools are now included in
9290 the distribution, in doc/man/dnssec.
9292 353. [bug] double increment in lwres/gethost.c:copytobuf().
9295 352. [bug] Race condition in dns_client_t startup could cause
9296 an assertion failure.
9298 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG
9299 signed query could crash the server.
9301 350. [bug] Also-notify lists specified in the global options
9302 block were not correctly reference counted, causing
9305 349. [bug] Processing a query with the CD bit set now works
9308 348. [func] New boolean named.conf options 'additional-from-auth'
9309 and 'additional-from-cache' now supported in view and
9310 global options statement.
9312 347. [bug] Don't crash if an argument is left off options in dig.
9316 345. [bug] Large-scale changes/cleanups to dig:
9317 * Significantly improve structure handling
9318 * Don't pre-load entire batch files
9319 * Add name/rr counting/limiting
9320 * Fix SIGINT handling
9321 * Shorten timeouts to match v8's behavior
9323 344. [bug] When shutting down, lwresd sometimes tried
9324 to shut down its client tasks twice,
9325 triggering an assertion.
9327 343. [bug] Although zone maintenance SOA queries and
9328 notify requests were signed with TSIG keys
9329 when configured for the server in case,
9330 the TSIG was not verified on the response.
9332 342. [bug] The wrong name was being passed to
9333 dns_name_dup() when generating a TSIG
9336 341. [func] Support 'key' clause in named.conf zone masters
9337 statement to allow authentication via TSIG keys:
9340 10.0.0.1 port 5353 key "foo";
9344 340. [bug] The top-level COPYRIGHT file was missing from
9347 339. [bug] DNSSEC validation of the response to an ANY
9348 query at a name with a CNAME RR in a secure
9349 zone triggered an assertion failure.
9351 338. [bug] lwresd logged to syslog as named, not lwresd.
9353 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type
9354 on the command line.
9356 336. [bug] "dig -f" used 64 k of memory for each line in
9357 the file. It now uses much less, though still
9358 proportionally to the file size.
9360 335. [bug] named would occasionally attempt recursion when
9361 it was disallowed or undesired.
9363 334. [func] Added hmac-md5 to libisc.
9365 333. [bug] The resolver incorrectly accepted referrals to
9366 domains that were not parents of the query name,
9367 causing assertion failures.
9369 332. [func] New function dns_name_reset().
9371 331. [bug] Only log "recursion denied" if RD is set. [RT #178]
9373 330. [bug] Many debugging messages were partially formatted
9374 even when debugging was turned off, causing a
9375 significant decrease in query performance.
9377 329. [func] omapi_auth_register() now takes a size_t argument for
9378 the length of a key's secret data. Previously
9379 OMAPI only stored secrets up to the first NUL byte.
9381 328. [func] Added isc_base64_decodestring().
9383 327. [bug] rndc.conf parser wasn't correctly recognizing an IP
9384 address where a host specification was required.
9386 326. [func] 'keys' in an 'inet' control statement is now
9387 required and must have at least one item in it.
9388 A "not supported" warning is now issued if a 'unix'
9389 control channel is defined.
9391 325. [bug] isc_lex_gettoken was processing octal strings when
9392 ISC_LEXOPT_CNUMBER was not set.
9394 324. [func] In the resolver, turn EDNS0 off if there is no
9395 response after a number of retransmissions.
9396 This is to allow queries some chance of succeeding
9397 even if all the authoritative servers of a zone
9398 silently discard EDNS0 requests instead of
9399 sending an error response like they ought to.
9401 323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
9402 Because of this, servers authoritative for a parent
9403 and grandchild zone but not authoritative for the
9404 intervening child zone did not correctly issue
9405 referrals to the servers of the child zone.
9407 322. [bug] Queries for KEY RRs are now sent to the parent
9408 server before the authoritative one, making
9409 DNSSEC insecurity proofs work in many cases
9410 where they previously didn't.
9412 321. [bug] When synthesizing a CNAME RR for a DNAME
9413 response, query_addcname() failed to initialize
9414 the type and class of the CNAME dns_rdata_t,
9415 causing random failures.
9417 320. [func] Multiple rndc changes: parses an rndc.conf file,
9418 uses authentication to talk to named, command
9419 line syntax changed. This will all be described
9422 319. [func] The named.conf "controls" statement is now used
9423 to configure the OMAPI command channel.
9425 318. [func] dns_c_ndcctx_destroy() could never return anything
9426 except ISC_R_SUCCESS; made it have void return instead.
9428 317. [func] Use callbacks from libomapi to determine if a
9429 new connection is valid, and if a key requested
9430 to be used with that connection is valid.
9432 316. [bug] Generate a warning if we detect an unexpected <eof>
9433 but treat as <eol><eof>.
9435 315. [bug] Handle non-empty blanks lines. [RT #163]
9437 314. [func] The named.conf controls statement can now have
9438 more than one key specified for the inet clause.
9440 313. [bug] When parsing resolv.conf, don't terminate on an
9441 error. Instead, parse as much as possible, but
9442 still return an error if one was found.
9444 312. [bug] Increase the number of allowed elements in the
9445 resolv.conf search path from 6 to 8. If there
9446 are more than this, ignore the remainder rather
9447 than returning a failure in lwres_conf_parse.
9449 311. [bug] lwres_conf_parse failed when the first line of
9450 resolv.conf was empty or a comment.
9452 310. [func] Changes to named.conf "controls" statement (inet
9455 - support "keys" clause
9459 allow { any; } keys { "foo"; }
9462 - allow "port xxx" to be left out of statement,
9463 in which case it defaults to omapi's default port
9466 309. [bug] When sending a referral, the server did not look
9467 for name server addresses as glue in the zone
9468 holding the NS RRset in the case where this zone
9469 was not the same as the one where it looked for
9470 name server addresses as authoritative data.
9472 308. [bug] Treat a SOA record not at top of zone as an error
9473 when loading a zone. [RT #154]
9475 307. [bug] When canceling a query, the resolver didn't check for
9476 isc_socket_sendto() calls that did not yet have their
9477 completion events posted, so it could (rarely) end up
9478 destroying the query context and then want to use
9479 it again when the send event posted, triggering an
9480 assertion as it tried to cancel an already-canceled
9483 306. [bug] Reading HMAC-MD5 private key files didn't work.
9485 305. [bug] When reloading the server with a config file
9486 containing a syntax error, it could catch an
9487 assertion failure trying to perform zone
9488 maintenance on tentatively created zones whose
9489 views were never fully configured and lacked
9490 an address database.
9492 304. [bug] If more than LWRES_CONFMAXNAMESERVERS servers
9493 are listed in resolv.conf, silently ignore them
9494 instead of returning failure.
9496 303. [bug] Add additional sanity checks to differentiate a AXFR
9497 response vs a IXFR response. [RT #157]
9499 302. [bug] In dig, host, and nslookup, MXNAME should be large
9500 enough to hold any legal domain name in presentation
9501 format + terminating NULL.
9503 301. [bug] Uninitialized pointer in host:printmessage(). [RT #159]
9505 300. [bug] Using both <isc/net.h> and <lwres/net.h> didn't work
9506 on platforms lacking IPv6 because each included their
9507 own ipv6 header file for the missing definitions. Now
9508 each library's ipv6.h defines the wrapper symbol of
9509 the other (ISC_IPV6_H and LWRES_IPV6_H).
9511 299. [cleanup] Get the user and group information before changing the
9512 root directory, so the administrator does not need to
9513 keep a copy of the user and group databases in the
9514 chroot'ed environment. Suggested by Hakan Olsson.
9516 298. [bug] A mutex deadlock occurred during shutdown of the
9517 interface manager under certain conditions.
9518 Digital Unix systems were the most affected.
9520 297. [bug] Specifying a key name that wasn't fully qualified
9521 in certain parts of the config file could cause
9522 an assertion failure.
9524 296. [bug] "make install" from a separate build directory
9525 failed unless configure had been run in the source
9528 295. [bug] When invoked with type==CNAME and a message
9529 not constructed by dns_message_parse(),
9530 dns_message_findname() failed to find anything
9531 due to checking for attribute bits that are set
9532 only in dns_message_parse(). This caused an
9533 infinite loop when constructing the response to
9534 an ANY query at a CNAME in a secure zone.
9536 294. [bug] If we run out of space in while processing glue
9537 when reading a master file and commit "current name"
9538 reverts to "name_current" instead of staying as
9541 293. [port] Add support for FreeBSD 4.0 system tests.
9543 292. [bug] Due to problems with the way some operating systems
9544 handle simultaneous listening on IPv4 and IPv6
9545 addresses, the server no longer listens on IPv6
9546 addresses by default. To revert to the previous
9547 behavior, specify "listen-on-v6 { any; };" in
9550 291. [func] Caching servers no longer send outgoing queries
9551 over TCP just because the incoming recursive query
9554 290. [cleanup] +twiddle option to dig (for testing only) removed.
9556 289. [cleanup] dig is now installed in $bindir instead of $sbindir.
9557 host is now installed in $bindir. (Be sure to remove
9558 any $sbindir/dig from a previous release.)
9560 288. [func] rndc is now installed by "make install" into $sbindir.
9562 287. [bug] rndc now works again as "rndc 127.1 reload" (for
9563 only that task). Parsing its configuration file and
9564 using digital signatures for authentication has been
9565 disabled until named supports the "controls" statement,
9568 286. [bug] On Solaris 2, when named inherited a signal state
9569 where SIGHUP had the SIG_IGN action, SIGHUP would
9570 be ignored rather than causing the server to reload
9573 285. [bug] A change made to the dst API for beta4 inadvertently
9574 broke OMAPI's creation of a dst key from an incoming
9575 message, causing an assertion to be triggered. Fixed.
9577 284. [func] The DNSSEC key generation and signing tools now
9578 generate randomness from keyboard input on systems
9579 that lack /dev/random.
9581 283. [cleanup] The 'lwresd' program is now a link to 'named'.
9583 282. [bug] The lexer now returns ISC_R_RANGE if parsed integer is
9584 too big for an unsigned long.
9586 281. [bug] Fixed list of recognized config file category names.
9588 280. [func] Add isc-config.sh, which can be used to more
9589 easily build applications that link with
9592 279. [bug] Private omapi function symbols shared between
9593 two or more files in libomapi.a were not namespace
9594 protected using the ISC convention of starting with
9595 the library name and two underscores ("omapi__"...)
9597 278. [bug] bin/named/logconf.c:category_fromconf() didn't take
9598 note of when isc_log_categorybyname() wasn't able
9599 to find the category name and would then apply the
9600 channel list of the unknown category to all categories.
9602 277. [bug] isc_log_categorybyname() and isc_log_modulebyname()
9603 would fail to find the first member of any category
9604 or module array apart from the internal defaults.
9605 Thus, for example, the "notify" category was improperly
9606 configured by named.
9608 276. [bug] dig now supports maximum sized TCP messages.
9610 275. [bug] The definition of lwres_gai_strerror() was missing
9613 274. [bug] TSIG AXFR verify failed when talking to a BIND 8
9616 273. [func] The default for the 'transfer-format' option is
9617 now 'many-answers'. This will break zone transfers
9618 to BIND 4.9.5 and older unless there is an explicit
9619 'one-answer' configuration.
9621 272. [bug] The sending of large TCP responses was canceled
9622 in mid-transmission due to a race condition
9623 caused by the failure to set the client object's
9624 "newstate" variable correctly when transitioning
9625 to the "working" state.
9627 271. [func] Attempt to probe the number of cpus in named
9628 if unspecified rather than defaulting to 1.
9630 270. [func] Allow maximum sized TCP answers.
9632 269. [bug] Failed DNSSEC validations could cause an assertion
9633 failure by causing clone_results() to be called with
9634 with hevent->node == NULL.
9636 268. [doc] A plain text version of the Administrator
9637 Reference Manual is now included in the distribution,
9638 as doc/arm/Bv9ARM.txt.
9640 267. [func] Nsupdate is now provided in the distribution.
9642 266. [bug] zone.c:save_nsrrset() node was not initialized.
9644 265. [bug] dns_request_create() now works for TCP.
9646 264. [func] Dispatch can not take TCP sockets in connecting
9647 state. Set DNS_DISPATCHATTR_CONNECTED when calling
9648 dns_dispatch_createtcp() for connected TCP sockets
9649 or call dns_dispatch_starttcp() when the socket is
9652 263. [func] New logging channel type 'stderr'
9659 262. [bug] 'master' was not initialized in zone.c:stub_callback().
9661 261. [func] Add dns_zone_markdirty().
9663 260. [bug] Running named as a non-root user failed on Linux
9664 kernels new enough to support retaining capabilities
9667 259. [func] New random-device and random-seed-file statements
9668 for global options block of named.conf. Both accept
9669 a single string argument.
9671 258. [bug] Fixed printing of lwres_addr_t.address field.
9673 257. [bug] The server detached the last zone manager reference
9674 too early, while it could still be in use by queries.
9675 This manifested itself as assertion failures during the
9676 shutdown process for busy name servers. [RT #133]
9678 256. [func] isc_ratelimiter_t now has attach/detach semantics, and
9679 isc_ratelimiter_shutdown guarantees that the rate
9680 limiter is detached from its task.
9682 255. [func] New function dns_zonemgr_attach().
9684 254. [bug] Suppress "query denied" messages on additional data
9687 --- 9.0.0b4 released ---
9689 253. [func] resolv.conf parser now recognizes ';' and '#' as
9690 comments (anywhere in line, not just as the beginning).
9692 252. [bug] resolv.conf parser mishandled masks on sortlists.
9693 It also aborted when an unrecognized keyword was seen,
9694 now it silently ignores the entire line.
9696 251. [bug] lwresd caught an assertion failure on startup.
9698 250. [bug] fixed handling of size+unit when value would be too
9699 large for internal representation.
9701 249. [cleanup] max-cache-size config option now takes a size-spec
9702 like 'datasize', except 'default' is not allowed.
9704 248. [bug] global lame-ttl option was not being printed when
9705 config structures were written out.
9707 247. [cleanup] Rename cache-size config option to max-cache-size.
9709 246. [func] Rename global option cachesize to cache-size and
9710 add corresponding option to view statement.
9712 245. [bug] If an uncompressed name will take more than 255
9713 bytes and the buffer is sufficiently long,
9714 dns_name_fromwire should return DNS_R_FORMERR,
9715 not ISC_R_NOSPACE. This bug caused cause the
9716 server to catch an assertion failure when it
9717 received a query for a name longer than 255
9720 244. [bug] empty named.conf file and empty options statement are
9721 now parsed properly.
9723 243. [func] new cachesize option for named.conf
9725 242. [cleanup] fixed incorrect warning about auth-nxdomain usage.
9727 241. [cleanup] nscount and soacount have been removed from the
9728 dns_master_*() argument lists.
9730 240. [func] databases now come in three flavours: zone, cache
9733 239. [func] If ISC_MEM_DEBUG is enabled, the variable
9734 isc_mem_debugging controls whether messages
9737 238. [cleanup] A few more compilation warnings have been quieted:
9738 + missing sigwait prototype on BSD/OS 4.0/4.0.1.
9739 + PTHREAD_ONCE_INIT unbraced initializer warnings on
9741 + IN6ADDR_ANY_INIT unbraced initializer warnings on
9742 BSD/OS 4.*, Linux and Solaris 2.8.
9744 237. [bug] If connect() returned ENOBUFS when the resolver was
9745 initiating a TCP query, the socket didn't get
9746 destroyed, and the server did not shut down cleanly.
9748 236. [func] Added new listen-on-v6 config file statement.
9750 235. [func] Consider it a config file error if a listen-on
9751 statement has an IPv6 address in it, or a
9752 listen-on-v6 statement has an IPv4 address in it.
9754 234. [bug] Allow a trusted-key's first field (domain-name) be
9755 either a quoted or an unquoted string, instead of
9756 requiring a quoted string.
9758 233. [cleanup] Convert all config structure integer values to unsigned
9759 integer (isc_uint32_t) to match grammar.
9761 232. [bug] Allow slave zones to not have a file.
9763 231. [func] Support new 'port' clause in config file options
9764 section. Causes 'listen-on', 'masters' and
9765 'also-notify' statements to use its value instead of
9768 230. [func] Replace the dst sign/verify API with a cleaner one.
9770 229. [func] Support config file sig-validity-interval statement
9771 in options, views and zone statements (master
9774 228. [cleanup] Logging messages in config module stripped of
9777 227. [cleanup] The enumerated identifiers dns_rdataclass_*,
9778 dns_rcode_*, dns_opcode_*, and dns_trust_* are
9779 also now cast to their appropriate types, as with
9780 dns_rdatatype_* in item number 225 below.
9782 226. [func] dns_name_totext() now always prints the root name as
9783 '.', even when omit_final_dot is true.
9785 225. [cleanup] The enumerated dns_rdatatype_* identifiers are now
9786 cast to dns_rdatatype_t via macros of their same name
9787 so that they are of the proper integral type wherever
9788 a dns_rdatatype_t is needed.
9790 224. [cleanup] The entire project builds cleanly with gcc's
9791 -Wcast-qual and -Wwrite-strings warnings enabled,
9792 which is now the default when using gcc. (Warnings
9793 from confparser.c, because of yacc's code, are
9794 unfortunately to be expected.)
9796 223. [func] Several functions were re-prototyped to qualify one
9797 or more of their arguments with "const". Similarly,
9798 several functions that return pointers now have
9799 those pointers qualified with const.
9801 222. [bug] The global 'also-notify' option was ignored.
9803 221. [bug] An uninitialized variable was sometimes passed to
9804 dns_rdata_freestruct() when loading a zone, causing
9805 an assertion failure.
9807 220. [cleanup] Set the default outgoing port in the view, and
9808 set it in sockaddrs returned from the ADB.
9809 [31-May-2000 explorer]
9811 219. [bug] Signed truncated messages more correctly follow
9812 the respective specs.
9814 218. [func] When an rdataset is signed, its ttl is normalized
9815 based on the signature validity period.
9817 217. [func] Also-notify and trusted-keys can now be used in
9818 the 'view' statement.
9820 216. [func] The 'max-cache-ttl' and 'max-ncache-ttl' options
9823 215. [bug] Failures at certain points in request processing
9824 could cause the assertion INSIST(client->lockview
9825 == NULL) to be triggered.
9827 214. [func] New public function isc_netaddr_format(), for
9828 formatting network addresses in log messages.
9830 213. [bug] Don't leak memory when reloading the zone if
9831 an update-policy clause was present in the old zone.
9833 212. [func] Added dns_message_get/settsigkey, to make TSIG
9834 key management reasonable.
9836 211. [func] The 'key' and 'server' statements can now occur
9837 inside 'view' statements.
9839 210. [bug] The 'allow-transfer' option was ignored for slave
9840 zones, and the 'transfers-per-ns' option was
9841 was ignored for all zones.
9843 209. [cleanup] Upgraded openssl files to new version 0.9.5a
9845 208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value
9848 207. [func] The dnssec tools properly use the logging subsystem.
9850 206. [cleanup] dst now stores the key name as a dns_name_t, not
9853 205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692
9854 ("prototyped function redeclared without prototype")
9855 and 1552 ("variable ... set but not used") when
9856 compiling in the lib/dns/sec/{dnssafe,openssl}
9857 directories, which contain code imported from outside
9860 204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
9861 to quiet the warnings that "The linked output may not
9862 run on a PA 1.x system."
9864 203. [func] notify and zone soa queries are now tsig signed when
9867 202. [func] isc_lex_getsourceline() changed from returning int
9868 to returning unsigned long, the type of its underlying
9871 201. [cleanup] Removed the test/sdig program, it has been
9872 replaced by bin/dig/dig.
9874 --- 9.0.0b3 released ---
9876 200. [bug] Failures in sending query responses to clients
9877 (e.g., running out of network buffers) were
9880 199. [bug] isc_heap_delete() sometimes violated the heap
9881 invariant, causing timer events not to be posted
9884 198. [func] Dispatch managers hold memory pools which
9885 any managed dispatcher may use. This allows
9886 us to avoid dipping into the memory context for
9887 most allocations. [19-May-2000 explorer]
9889 197. [bug] When an incoming AXFR or IXFR completes, the
9890 zone's internal state is refreshed from the
9891 SOA data. [19-May-2000 explorer]
9893 196. [func] Dispatchers can be shared easily between views
9894 and/or interfaces. [19-May-2000 explorer]
9896 195. [bug] Including the NXT record of the root domain
9897 in a negative response caused an assertion
9900 194. [doc] The PDF version of the Administrator's Reference
9901 Manual is no longer included in the ISC BIND9
9904 193. [func] changed dst_key_free() prototype.
9906 192. [bug] Zone configuration validation is now done at end
9907 of config file parsing, and before loading
9910 191. [func] Patched to compile on UnixWare 7.x. This platform
9911 is not directly supported by the ISC.
9913 190. [cleanup] The DNSSEC tools have been moved to a separate
9914 directory dnssec/ and given the following new,
9915 more descriptive names:
9922 Their command line arguments have also been changed to
9923 be more consistent. dnssec-keygen now prints the
9924 name of the generated key files (sans extension)
9925 on standard output to simplify its use in automated
9928 189. [func] isc_time_secondsastimet(), a new function, will ensure
9929 that the number of seconds in an isc_time_t does not
9930 exceed the range of a time_t, or return ISC_R_RANGE.
9931 Similarly, isc_time_now(), isc_time_nowplusinterval(),
9932 isc_time_add() and isc_time_subtract() now check the
9933 range for overflow/underflow. In the case of
9934 isc_time_subtract, this changed a calling requirement
9935 (ie, something that could generate an assertion)
9936 into merely a condition that returns an error result.
9937 isc_time_add() and isc_time_subtract() were void-
9938 valued before but now return isc_result_t.
9940 188. [func] Log a warning message when an incoming zone transfer
9941 contains out-of-zone data.
9943 187. [func] isc_ratelimiter_enqueue() has an additional argument
9946 186. [func] dns_request_getresponse() has an additional argument
9949 185. [bug] Fixed up handling of ISC_MEMCLUSTER_LEGACY. Several
9950 public functions did not have an isc__ prefix, and
9951 referred to functions that had previously been
9954 184. [cleanup] Variables/functions which began with two leading
9955 underscores were made to conform to the ANSI/ISO
9956 standard, which says that such names are reserved.
9958 183. [func] ISC_LOG_PRINTTAG option for log channels. Useful
9959 for logging the program name or other identifier.
9961 182. [cleanup] New command-line parameters for dnssec tools
9963 181. [func] Added dst_key_buildfilename and dst_key_parsefilename
9965 180. [func] New isc_result_t ISC_R_RANGE. Supersedes DNS_R_RANGE.
9967 179. [func] options named.conf statement *must* now come
9968 before any zone or view statements.
9970 178. [func] Post-load of named.conf check verifies a slave zone
9971 has non-empty list of masters defined.
9973 177. [func] New per-zone boolean:
9975 enable-zone yes | no ;
9977 intended to let a zone be disabled without having
9978 to comment out the entire zone statement.
9980 176. [func] New global and per-view option:
9982 max-cache-ttl number
9984 175. [func] New global and per-view option:
9986 additional-data internal | minimal | maximal;
9988 174. [func] New public function isc_sockaddr_format(), for
9989 formatting socket addresses in log messages.
9991 173. [func] Keep a queue of zones waiting for zone transfer
9992 quota so that a new transfer can be dispatched
9993 immediately whenever quota becomes available.
9995 172. [bug] $TTL directive was sometimes missing from dumped
9996 master files because totext_ctx_init() failed to
9997 initialize ctx->current_ttl_valid.
9999 171. [cleanup] On NetBSD systems, the mit-pthreads or
10000 unproven-pthreads library is now always used
10001 unless --with-ptl2 is explicitly specified on
10002 the configure command line. The
10003 --with-mit-pthreads option is no longer needed
10004 and has been removed.
10006 170. [cleanup] Remove inter server consistency checks from zone,
10007 these should return as a separate module in 9.1.
10008 dns_zone_checkservers(), dns_zone_checkparents(),
10009 dns_zone_checkchildren(), dns_zone_checkglue().
10011 Remove dns_zone_setadb(), dns_zone_setresolver(),
10012 dns_zone_setrequestmgr() these should now be found
10015 169. [func] ratelimiter can now process N events per interval.
10017 168. [bug] include statements in named.conf caused syntax errors
10018 due to not consuming the semicolon ending the include
10019 statement before switching input streams.
10021 167. [bug] Make lack of masters for a slave zone a soft error.
10023 166. [bug] Keygen was overwriting existing keys if key_id
10024 conflicted, now it will retry, and non-null keys
10025 with key_id == 0 are not generated anymore. Key
10026 was not able to generate NOAUTHCONF DSA key,
10027 increased RSA key size to 2048 bits.
10029 165. [cleanup] Silence "end-of-loop condition not reached" warnings
10030 from Solaris compiler.
10032 164. [func] Added functions isc_stdio_open(), isc_stdio_close(),
10033 isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(),
10034 isc_stdio_flush(), isc_stdio_sync(), isc_file_remove()
10035 to encapsulate nonportable usage of errno and sync.
10037 163. [func] Added result codes ISC_R_FILENOTFOUND and
10040 162. [bug] Ensure proper range for arguments to ctype.h functions.
10042 161. [cleanup] error in yyparse prototype that only HPUX caught.
10044 160. [cleanup] getnet*() are not going to be implemented at this
10047 159. [func] Redefinition of config file elements is now an
10048 error (instead of a warning).
10050 158. [bug] Log channel and category list copy routines
10051 weren't assigning properly to output parameter.
10053 157. [port] Fix missing prototype for getopt().
10055 156. [func] Support new 'database' statement in zone.
10057 database "quoted-string";
10059 155. [bug] ns_notify_start() was not detaching the found zone.
10061 154. [func] The signer now logs libdns warnings to stderr even when
10062 not verbose, and in a nicer format.
10064 153. [func] dns_rdata_tostruct() 'mctx' is now optional. If 'mctx'
10065 is NULL then you need to preserve the 'rdata' until
10066 you have finished using the structure as there may be
10067 references to the associated memory. If 'mctx' is
10068 non-NULL it is guaranteed that there are no references
10069 to memory associated with 'rdata'.
10071 dns_rdata_freestruct() must be called if 'mctx' was
10072 non-NULL and may safely be called if 'mctx' was NULL.
10074 152. [bug] keygen dumped core if domain name argument was omitted
10077 151. [func] Support 'disabled' statement in zone config (causes
10078 zone to be parsed and then ignored). Currently must
10079 come after the 'type' clause.
10081 150. [func] Support optional ports in masters and also-notify
10084 masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
10086 149. [cleanup] Removed unused argument 'olist' from
10087 dns_c_view_unsetordering().
10089 148. [cleanup] Stop issuing some warnings about some configuration
10090 file statements that were not implemented, but now are.
10092 147. [bug] Changed yacc union size to be smaller for yaccs that
10093 put yacc-stack on the real stack.
10095 146. [cleanup] More general redundant header file cleanup. Rather
10096 than continuing to itemize every header which changed,
10097 this changelog entry just notes that if a header file
10098 did not need another header file that it was including
10099 in order to provide its advertised functionality, the
10100 inclusion of the other header file was removed. See
10101 util/check-includes for how this was tested.
10103 145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
10104 ISC_LANG_ENDDECLS to header files that had function
10105 prototypes, and removed it from those that did not.
10107 144. [cleanup] libdns header files too numerous to name were made
10108 to conform to the same style for multiple inclusion
10111 143. [func] Added function dns_rdatatype_isknown().
10113 142. [cleanup] <isc/stdtime.h> does not need <time.h> or
10116 141. [bug] Corrupt requests with multiple questions could
10117 cause an assertion failure.
10119 140. [cleanup] <isc/time.h> does not need <time.h> or <isc/result.h>.
10121 139. [cleanup] <isc/net.h> now includes <isc/types.h> instead of
10122 <isc/int.h> and <isc/result.h>.
10124 138. [cleanup] isc_strtouq moved from str.[ch] to string.[ch] and
10125 renamed isc_string_touint64. isc_strsep moved from
10126 strsep.c to string.c and renamed isc_string_separate.
10128 137. [cleanup] <isc/commandline.h>, <isc/mem.h>, <isc/print.h>
10129 <isc/serial.h>, <isc/string.h> and <isc/offset.h>
10130 made to conform to the same style for multiple
10131 inclusion protection.
10133 136. [cleanup] <isc/commandline.h>, <isc/interfaceiter.h>,
10134 <isc/net.h> and Win32's <isc/thread.h> needed
10135 ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS.
10137 135. [cleanup] Win32's <isc/condition.h> did not need <isc/result.h>
10138 or <isc/boolean.h>, now uses <isc/types.h> in place
10139 of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
10140 and ISC_LANG_ENDDECLS.
10142 134. [cleanup] <isc/dir.h> does not need <limits.h>.
10144 133. [cleanup] <isc/ipv6.h> needs <isc/platform.h>.
10146 132. [cleanup] <isc/app.h> does not need <isc/task.h>, but does
10147 need <isc/eventclass.h>.
10149 131. [cleanup] <isc/mutex.h> and <isc/util.h> need <isc/result.h>
10150 for ISC_R_* codes used in macros.
10152 130. [cleanup] <isc/condition.h> does not need <pthread.h> or
10153 <isc/boolean.h>, and now includes <isc/types.h>
10154 instead of <isc/time.h>.
10156 129. [bug] The 'default_debug' log channel was not set up when
10157 'category default' was present in the config file
10159 128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
10160 ISC_LANG_ENDDECLS at end of header.
10162 127. [cleanup] The contracts for the comparison routines
10163 dns_name_fullcompare(), dns_name_compare(),
10164 dns_name_rdatacompare(), and dns_rdata_compare() now
10165 specify that the order value returned is < 0, 0, or > 0
10166 instead of -1, 0, or 1.
10168 126. [cleanup] <isc/quota.h> and <isc/taskpool.h> need <isc/lang.h>.
10170 125. [cleanup] <isc/eventclass.h>, <isc/ipv6.h>, <isc/magic.h>,
10171 <isc/mutex.h>, <isc/once.h>, <isc/region.h>, and
10172 <isc/resultclass.h> do not need <isc/lang.h>.
10174 124. [func] signer now imports parent's zone key signature
10175 and creates null keys/sets zone status bit for
10176 children when necessary
10178 123. [cleanup] <isc/event.h> does not need <stddef.h>.
10180 122. [cleanup] <isc/task.h> does not need <isc/mem.h> or
10183 121. [cleanup] <isc/symtab.h> does not need <isc/mem.h> or
10184 <isc/result.h>. Multiple inclusion protection
10185 symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H.
10186 isc_symtab_t moved to <isc/types.h>.
10188 120. [cleanup] <isc/socket.h> does not need <isc/boolean.h>,
10189 <isc/bufferlist.h>, <isc/task.h>, <isc/mem.h> or
10192 119. [cleanup] structure definitions for generic rdata structures do
10193 not have _generic_ in their names.
10195 118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
10196 YACC crust (yyparse, etc) [2000-apr-27 explorer]
10198 117. [cleanup] libdns.a changes:
10199 dns_zone_clearnotify() and dns_zone_addnotify()
10200 are replaced by dns_zone_setnotifyalso().
10201 dns_zone_clearmasters() and dns_zone_addmaster()
10202 are replaced by dns_zone_setmasters().
10204 116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
10207 115. [port] Shut up the -Wmissing-declarations warning about
10208 <stdio.h>'s __sputaux on BSD/OS pre-4.1.
10210 114. [cleanup] <isc/sockaddr.h> does not need <isc/buffer.h> or
10213 113. [func] Utility programs dig and host added.
10215 112. [cleanup] <isc/serial.h> does not need <isc/boolean.h>.
10217 111. [cleanup] <isc/rwlock.h> does not need <isc/result.h> or
10220 110. [cleanup] <isc/result.h> does not need <isc/boolean.h> or
10223 109. [bug] "make depend" did nothing for
10224 bin/tests/{db,mem,sockaddr,tasks,timers}/.
10226 108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
10227 <dns/types.h> to <dns/bit.h> and renamed to
10228 DNS_BIT_SET/DNS_BIT_GET/DNS_BIT_CLEAR.
10230 107. [func] Add keysigner and keysettool.
10232 106. [func] Allow dnssec verifications to ignore the validity
10233 period. Used by several of the dnssec tools.
10235 105. [doc] doc/dev/coding.html expanded with other
10236 implicit conventions the developers have used.
10238 104. [bug] Made compress_add and compress_find static to
10239 lib/dns/compress.c.
10241 103. [func] libisc buffer API changes for <isc/buffer.h>:
10243 isc_buffer_base(b) (pointer)
10244 isc_buffer_current(b) (pointer)
10245 isc_buffer_active(b) (pointer)
10246 isc_buffer_used(b) (pointer)
10247 isc_buffer_length(b) (int)
10248 isc_buffer_usedlength(b) (int)
10249 isc_buffer_consumedlength(b) (int)
10250 isc_buffer_remaininglength(b) (int)
10251 isc_buffer_activelength(b) (int)
10252 isc_buffer_availablelength(b) (int)
10254 ISC_BUFFER_USEDCOUNT(b)
10255 ISC_BUFFER_AVAILABLECOUNT(b)
10258 isc_buffer_used(b, r) ->
10259 isc_buffer_usedregion(b, r)
10260 isc_buffer_available(b, r) ->
10261 isc_buffer_available_region(b, r)
10262 isc_buffer_consumed(b, r) ->
10263 isc_buffer_consumedregion(b, r)
10264 isc_buffer_active(b, r) ->
10265 isc_buffer_activeregion(b, r)
10266 isc_buffer_remaining(b, r) ->
10267 isc_buffer_remainingregion(b, r)
10269 Buffer types were removed, so the ISC_BUFFERTYPE_*
10270 macros are no more, and the type argument to
10271 isc_buffer_init and isc_buffer_allocate were removed.
10272 isc_buffer_putstr is now void (instead of isc_result_t)
10273 and requires that the caller ensure that there
10274 is enough available buffer space for the string.
10276 102. [port] Correctly detect inet_aton, inet_pton and inet_ptop
10279 101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
10281 100. [cleanup] <isc/random.h> does not need <isc/int.h> or
10282 <isc/mutex.h>. isc_random_t moved to <isc/types.h>.
10284 99. [cleanup] Rate limiter now has separate shutdown() and
10285 destroy() functions, and it guarantees that all
10286 queued events are delivered even in the shutdown case.
10288 98. [cleanup] <isc/print.h> does not need <stdarg.h> or <stddef.h>
10289 unless ISC_PLATFORM_NEEDVSNPRINTF is defined.
10291 97. [cleanup] <isc/ondestroy.h> does not need <stddef.h> or
10294 96. [cleanup] <isc/mutex.h> does not need <isc/result.h>.
10296 95. [cleanup] <isc/mutexblock.h> does not need <isc/result.h>.
10298 94. [cleanup] Some installed header files did not compile as C++.
10300 93. [cleanup] <isc/msgcat.h> does not need <isc/result.h>.
10302 92. [cleanup] <isc/mem.h> does not need <stddef.h>, <isc/boolean.h>,
10305 91. [cleanup] <isc/log.h> does not need <sys/types.h> or
10308 90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
10309 from <named/listenlist.h>.
10311 89. [cleanup] <isc/lex.h> does not need <stddef.h>.
10313 88. [cleanup] <isc/interfaceiter.h> does not need <isc/result.h> or
10314 <isc/mem.h>. isc_interface_t and isc_interfaceiter_t
10315 moved to <isc/types.h>.
10317 87. [cleanup] <isc/heap.h> does not need <isc/boolean.h>,
10318 <isc/mem.h> or <isc/result.h>.
10320 86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
10323 85. [cleanup] <isc/bufferlist.h> does not need <isc/buffer.h>,
10324 <isc/list.h>, <isc/mem.h>, <isc/region.h> or
10327 84. [func] allow-query ACL checks now apply to all data
10328 added to a response.
10330 83. [func] If the server is authoritative for both a
10331 delegating zone and its (nonsecure) delegatee, and
10332 a query is made for a KEY RR at the top of the
10333 delegatee, then the server will look for a KEY
10334 in the delegator if it is not found in the delegatee.
10336 82. [cleanup] <isc/buffer.h> does not need <isc/list.h>.
10338 81. [cleanup] <isc/int.h> and <isc/boolean.h> do not need
10341 80. [cleanup] <isc/print.h> does not need <stdio.h> or <stdlib.h>.
10343 79. [cleanup] <dns/callbacks.h> does not need <stdio.h>.
10345 78. [cleanup] lwres_conftest renamed to lwresconf_test for
10346 consistency with other *_test programs.
10348 77. [cleanup] typedef of isc_time_t and isc_interval_t moved from
10349 <isc/time.h> to <isc/types.h>.
10351 76. [cleanup] Rewrote keygen.
10353 75. [func] Don't load a zone if its database file is older
10354 than the last time the zone was loaded.
10356 74. [cleanup] Removed mktemplate.o and ufile.o from libisc.a,
10357 subsumed by file.o.
10359 73. [func] New "file" API in libisc, including new function
10360 isc_file_getmodtime, isc_mktemplate renamed to
10361 isc_file_mktemplate and isc_ufile renamed to
10362 isc_file_openunique. By no means an exhaustive API,
10363 it is just what's needed for now.
10365 72. [func] DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS
10366 added for dns_rbt_findnode, the former to disable the
10367 setting of the chain to the predecessor, and the
10368 latter to make clear when no options are set.
10370 71. [cleanup] Made explicit the implicit REQUIREs of
10371 isc_time_seconds, isc_time_nanoseconds, and
10374 70. [func] isc_time_set() added.
10376 69. [bug] The zone object's master and also-notify lists grew
10377 longer with each server reload.
10379 68. [func] Partial support for SIG(0) on incoming messages.
10381 67. [performance] Allow use of alternate (compile-time supplied)
10382 OpenSSL libraries/headers.
10384 66. [func] Data in authoritative zones should have a trust level
10387 65. [cleanup] Removed obsolete typedef of dns_zone_callbackarg_t
10388 from <dns/types.h>.
10390 64. [func] The RBT, DB, and zone table APIs now allow the
10391 caller find the most-enclosing superdomain of
10394 63. [func] Generate NOTIFY messages.
10396 62. [func] Add UDP refresh support.
10398 61. [cleanup] Use single quotes consistently in log messages.
10400 60. [func] Catch and disallow singleton types on message
10403 59. [bug] Cause net/host unreachable to be a hard error
10404 when sending and receiving.
10406 58. [bug] bin/named/query.c could sometimes trigger the
10407 (client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
10408 == 0 assertion in query_newname().
10410 57. [func] Added dns_nxt_typepresent()
10412 56. [bug] SIG records were not properly returned in cached
10415 55. [bug] Responses containing multiple names in the authority
10416 section were not negatively cached.
10418 54. [bug] If a fetch with sigrdataset==NULL joined one with
10419 sigrdataset!=NULL or vice versa, the resolver
10420 could catch an assertion or lose signature data,
10423 53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
10426 52. [bug] rndc: taskmgr and socketmgr were not initialized
10429 51. [cleanup] dns/compress.h and dns/zt.h did not need to include
10430 dns/rbt.h; it was needed only by compress.c and zt.c.
10432 50. [func] RBT deletion no longer requires a valid chain to work,
10433 and dns_rbt_deletenode was added.
10435 49. [func] Each cache now has its own mctx.
10437 48. [func] isc_task_create() no longer takes an mctx.
10438 isc_task_mem() has been eliminated.
10440 47. [func] A number of modules now use memory context reference
10443 46. [func] Memory contexts are now reference counted.
10444 Added isc_mem_inuse() and isc_mem_preallocate().
10445 Renamed isc_mem_destroy_check() to
10446 isc_mem_setdestroycheck().
10448 45. [bug] The trusted-key statement incorrectly loaded keys.
10450 44. [bug] Don't include authority data if it would force us
10451 to unset the AD bit in the message.
10453 43. [bug] DNSSEC verification of cached rdatasets was failing.
10455 42. [cleanup] Simplified logging of messages with embedded domain
10456 names by introducing a new convenience function
10459 41. [func] Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later
10460 to allow 'named' to run as a non-root user while
10461 retaining the ability to bind() to privileged
10464 40. [func] Introduced new logging category "dnssec" and
10465 logging module "dns/validator".
10467 39. [cleanup] Moved the typedefs for isc_region_t, isc_textregion_t,
10468 and isc_lex_t to <isc/types.h>.
10470 38. [bug] TSIG signed incoming zone transfers work now.
10472 37. [bug] If the first RR in an incoming zone transfer was
10473 not an SOA, the server died with an assertion failure
10474 instead of just reporting an error.
10476 36. [cleanup] Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS
10478 35. [performance] Log messages which are of a level too high to be
10479 logged by any channel in the logging configuration
10480 will not cause the log mutex to be locked.
10482 34. [bug] Recursion was allowed even with 'recursion no'.
10484 33. [func] The RBT now maintains a parent pointer at each node.
10486 32. [cleanup] bin/lwresd/client.c needs <string.h> for memset()
10489 31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
10491 30. [func] config file grammar change to support optional
10492 class type for a view.
10494 29. [func] support new config file view options:
10496 auth-nxdomain recursion query-source
10497 query-source-v6 transfer-source
10498 transfer-source-v6 max-transfer-time-out
10499 max-transfer-idle-out transfer-format
10500 request-ixfr provide-ixfr cleaning-interval
10501 fetch-glue notify rfc2308-type1 lame-ttl
10502 max-ncache-ttl min-roots
10504 28. [func] support lame-ttl, min-roots and serial-queries
10505 config global options.
10507 27. [bug] Only include <netinet6/in6.h> on BSD/OS 4.[01]*.
10508 Including it on other platforms (eg, NetBSD) can
10509 cause a forced #error from the C preprocessor.
10511 26. [func] new match-clients statement in config file view.
10513 25. [bug] make install failed to install <isc/log.h> and
10516 24. [cleanup] Eliminate some unnecessary #includes of header
10517 files from header files.
10519 23. [cleanup] Provide more context in log messages about client
10520 requests, using a new function ns_client_log().
10522 22. [bug] SIGs weren't returned in the answer section when
10523 the query resulted in a fetch.
10525 21. [port] Look at STD_CINCLUDES after CINCLUDES during
10526 compilation, so additional system include directories
10527 can be searched but header files in the bind9 source
10528 tree with conflicting names take precedence. This
10529 avoids issues with installed versions of dnssafe and
10532 20. [func] Configuration file post-load validation of zones
10533 failed if there were no zones.
10535 19. [bug] dns_zone_notifyreceive() failed to unlock the zone
10536 lock in certain error cases.
10538 18. [bug] Use AC_TRY_LINK rather than AC_TRY_COMPILE in
10539 configure.in to check for presence of in6addr_any.
10541 17. [func] Do configuration file post-load validation of zones.
10543 16. [bug] put quotes around key names on config file
10544 output to avoid possible keyword clashes.
10546 15. [func] Add dns_name_dupwithoffsets(). This function is
10547 improves comparison performance for duped names.
10549 14. [bug] free_rbtdb() could have 'put' unallocated memory in
10550 an unlikely error path.
10552 13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore
10555 12. [bug] Fixed possible uninitialized variable error.
10557 11. [bug] axfr_rrstream_first() didn't check the result code of
10558 db_rr_iterator_first(), possibly causing an assertion
10559 to be triggered later.
10561 10. [bug] A bug in the code which makes EDNS0 OPT records in
10562 bin/named/client.c and lib/dns/resolver.c could
10563 trigger an assertion.
10565 9. [cleanup] replaced bit-setting code in confctx.c and replaced
10566 repeated code with macro calls.
10568 8. [bug] Shutdown of incoming zone transfer accessed
10571 7. [cleanup] removed 'listen-on' from view statement.
10573 6. [bug] quote RR names when generating config file to
10574 prevent possible clash with config file keywords
10577 5. [func] syntax change to named.conf file: new ssu grant/deny
10578 statements must now be enclosed by an 'update-policy'
10581 4. [port] bin/named/unix/os.c didn't compile on systems with
10582 linux 2.3 kernel includes due to conflicts between
10583 C library includes and the kernel includes. We now
10584 get only what we need from <linux/capability.h>, and
10585 avoid pulling in other linux kernel .h files.
10587 3. [bug] TKEYs go in the answer section of responses, not
10588 the additional section.
10590 2. [bug] Generating cryptographic randomness failed on
10591 systems without /dev/random.
10593 1. [bug] The installdirs rule in
10594 lib/isc/unix/include/isc/Makefile.in had a typo which
10595 prevented the isc directory from being created if it
10598 --- 9.0.0b2 released ---
10600 # This tells Emacs to use hard tabs in this file.
10602 # indent-tabs-mode: t