1 --- 9.8.3-P4 released ---
3 3383. [security] A certain combination of records in the RBT could
4 cause named to hang while populating the additional
5 section of a response. [RT #31090]
7 --- 9.8.3-P3 released ---
9 3364. [security] Named could die on specially crafted record.
12 --- 9.8.3-P2 released ---
14 3346. [security] Bad-cache data could be used before it was
15 initialized, causing an assert. [RT #30025]
17 3342. [bug] Change #3314 broke saving of stub zones to disk
18 resulting in excessive cpu usage in some cases.
21 --- 9.8.3-P1 released ---
23 3331. [security] dns_rdataslab_fromrdataset could produce bad
24 rdataslabs. [RT #29644]
26 --- 9.8.3 released ---
28 3318. [tuning] Reduce the amount of work performed while holding a
29 bucket lock when finshed with a fetch context.
32 3314. [bug] The masters list could be updated while refesh_callback
33 and stub_callback were using it. [RT #26732]
35 3313. [protocol] Add TLSA record type. [RT #28989]
37 3312. [bug] named-checkconf didn't detect a bad dns64 clients acl.
40 3311. [bug] Abort the zone dump if zone->db is NULL in
41 zone.c:zone_gotwritehandle. [RT #29028]
43 3310. [test] Increase table size for mutex profiling. [RT #28809]
45 3309. [bug] resolver.c:fctx_finddone() was not threadsafe.
48 3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS.
51 3306. [bug] Improve DNS64 reverse zone performance. [RT #28563]
53 3305. [func] Add wire format lookup method to sdb. [RT #28563]
55 3304. [bug] Use hmctx, not mctx when freeing rbtdb->heaps.
58 3302. [bug] dns_dnssec_findmatchingkeys could fail to find
59 keys if the zone name contained character that
60 required special mappings. [RT #28600]
62 3301. [contrib] Update queryperf to build on darwin. Add -R flag
63 for non-recursive queries. [RT #28565]
65 3300. [bug] Named could die if gssapi was enabled in named.conf
66 but was not compiled in. [RT #28338]
68 3299. [bug] Make SDB handle errors from database drivers better.
71 3232. [bug] Zero zone->curmaster before return in
72 dns_zone_setmasterswithkeys(). [RT #26732]
74 3183. [bug] Added RTLD_GLOBAL flag to dlopen call. [RT #26301]
76 3197. [bug] Don't try to log the filename and line number when
77 the config parser can't open a file. [RT #22263]
79 --- 9.8.2 released ---
81 3298. [bug] Named could dereference a NULL pointer in
82 zmgr_start_xfrin_ifquota if the zone was being removed.
85 3297. [bug] Named could die on a malformed master file. [RT #28467]
87 3295. [bug] Adjust isc_time_secondsastimet range check to be more
88 portable. [RT # 26542]
90 3294. [bug] isccc/cc.c:table_fromwire failed to free alist on
93 3291. [port] Fixed a build error on systems without ENOTSUP.
96 3290. [bug] <isc/hmacsha.h> was not being installed. [RT #28169]
98 3288. [bug] dlz_destroy() function wasn't correctly registered
99 by the DLZ dlopen driver. [RT #28056]
101 3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028]
103 3286. [bug] Managed key maintenance timer could fail to start
104 after 'rndc reconfig'. [RT #26786]
106 --- 9.8.2rc2 released ---
108 3285. [bug] val-frdataset was incorrectly disassociated in
109 proveunsecure after calling startfinddlvsep.
112 3284. [bug] Address race conditions with the handling of
113 rbtnode.deadlink. [RT #27738]
115 3283. [bug] Raw zones with with more than 512 records in a RRset
116 failed to load. [RT #27863]
118 3282. [bug] Restrict the TTL of NS RRset to no more than that
119 of the old NS RRset when replacing it.
120 [RT #27792] [RT #27884]
122 3281. [bug] SOA refresh queries could be treated as cancelled
123 despite succeeding over the loopback interface.
126 3280. [bug] Potential double free of a rdataset on out of memory
127 with DNS64. [RT #27762]
129 3278. [bug] Make sure automatic key maintenance is started
130 when "auto-dnssec maintain" is turned on during
131 "rndc reconfig". [RT #26805]
133 3276. [bug] win32: ns_os_openfile failed to return NULL on
134 safe_open failure. [RT #27696]
136 3274. [bug] Log when a zone is not reusable. Only set loadtime
137 on successful loads. [RT #27650]
139 3273. [bug] AAAA responses could be returned in the additional
140 section even when filter-aaaa-on-v4 was in use.
143 3271. [port] darwin: mksymtbl is not always stable, loop several
144 times before giving up. mksymtbl was using non
145 portable perl to covert 64 bit hex strings. [RT #27653]
147 3268. [bug] Convert RRSIG expiry times to 64 timestamps to work
148 out the earliest expiry time. [RT #23311]
150 3267. [bug] Memory allocation failures could be mis-reported as
151 unexpected error. New ISC_R_UNSET result code.
154 3266. [bug] The maximum number of NSEC3 iterations for a
155 DNSKEY RRset was not being properly computed.
158 3262. [bug] Signed responses were handled incorrectly by RPZ.
161 --- 9.8.2rc1 released ---
163 3260. [bug] "rrset-order cyclic" could appear not to rotate
164 for some query patterns. [RT #27170/27185]
166 3259. [bug] named-compilezone: Suppress "dump zone to <file>"
167 message when writing to stdout. [RT #27109]
169 3258. [test] Add "forcing full sign with unreadable keys" test.
172 3257. [bug] Do not generate a error message when calling fsync()
173 in a pipe or socket. [RT #27109]
175 3256. [bug] Disable empty zones for lwresd -C. [RT #27139]
177 3254. [bug] Set isc_socket_ipv6only() on the IPv6 control channels.
180 3253. [bug] Return DNS_R_SYNTAX when the input to a text field is
181 too long. [RT #26956]
183 3251. [bug] Enforce a upper bound (65535 bytes) on the amount of
184 memory dns_sdlz_putrr() can allocate per record to
185 prevent run away memory consumption on ISC_R_NOSPACE.
188 3250. [func] 'configure --enable-developer'; turn on various
189 configure options, normally off by default, that
190 we want developers to build and test with. [RT #27103]
192 3249. [bug] Update log message when saving slave zones files for
193 analysis after load failures. [RT #27087]
195 3248. [bug] Configure options --enable-fixed-rrset and
196 --enable-exportlib were incompatible with each
199 3247. [bug] 'raw' format zones failed to preserve load order
200 breaking 'fixed' sort order. [RT #27087]
202 3243. [port] netbsd,bsdi: the thread defaults were not being
205 3241. [bug] Address race conditions in the resolver code.
208 3240. [bug] DNSKEY state change events could be missed. [RT #26874]
210 3239. [bug] dns_dnssec_findmatchingkeys needs to use a consistent
211 timestamp. [RT #26883]
213 3238. [bug] keyrdata was not being reinitialized in
214 lib/dns/rbtdb.c:iszonesecure. [RT#26913]
216 3237. [bug] dig -6 didn't work with +trace. [RT #26906]
218 --- 9.8.2b1 released ---
220 3234. [bug] 'make depend' produced invalid makefiles. [RT #26830]
222 3231. [bug] named could fail to send a uncompressable zone.
225 3230. [bug] 'dig axfr' failed to properly handle a multi-message
226 axfr with a serial of 0. [RT #26796]
228 3229. [bug] Fix local variable to struct var assignment
229 found by CLANG warning.
231 3228. [tuning] Dynamically grow symbol table to improve zone
232 loading performance. [RT #26523]
234 3227. [bug] Interim fix to make WKS's use of getprotobyname()
235 and getservbyname() self thread safe. [RT #26232]
237 3226. [bug] Address minor resource leakages. [RT #26624]
239 3221. [bug] Fixed a potential coredump on shutdown due to
240 referencing fetch context after it's been freed.
243 3220. [bug] Change #3186 was incomplete; dns_db_rpz_findips()
244 could fail to set the database version correctly,
245 causing an assertion failure. [RT #26180]
247 3218. [security] Cache lookup could return RRSIG data associated with
248 nonexistent records, leading to an assertion
251 3217. [cleanup] Fix build problem with --disable-static. [RT #26476]
253 3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]
255 3213. [doc] Clarify ixfr-from-differences behavior. [RT #25188]
257 3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
258 list prior to adding a reference to it leading a
259 possible assertion failure. [RT #23219]
261 3209. [func] Add "dnssec-lookaside 'no'". [RT #24858]
263 3208. [bug] 'dig -y' handle unknown tsig alorithm better.
266 3207. [contrib] Fixed build error in Berkeley DB DLZ module. [RT #26444]
268 3206. [cleanup] Add ISC information to log at start time. [RT #25484]
270 3204. [bug] When a master server that has been marked as
271 unreachable sends a NOTIFY, mark it reachable
274 3203. [bug] Increase log level to 'info' for validation failures
275 from expired or not-yet-valid RRSIGs. [RT #21796]
277 3200. [doc] Some rndc functions were undocumented or were
278 missing from 'rndc -h' output. [RT #25555]
280 3198. [doc] Clarified that dnssec-settime can alter keyfile
281 permissions. [RT #24866]
283 3196. [bug] nsupdate: return nonzero exit code when target zone
284 doesn't exist. [RT #25783]
286 3195. [cleanup] Silence "file not found" warnings when loading
287 managed-keys zone. [RT #26340]
289 3194. [doc] Updated RFC references in the 'empty-zones-enable'
290 documentation. [RT #25203]
292 3193. [cleanup] Changed MAXZONEKEYS to DNS_MAXZONEKEYS, moved to
293 dnssec.h. [RT #26415]
295 3192. [bug] A query structure could be used after being freed.
298 3191. [bug] Print NULL records using "unknown" format. [RT #26392]
300 3190. [bug] Underflow in error handling in isc_mutexblock_init.
303 3189. [test] Added a summary report after system tests. [RT #25517]
305 3188. [bug] zone.c:zone_refreshkeys() could fail to detach
306 references correctly when errors occurred, causing
307 a hang on shutdown. [RT #26372]
309 3187. [port] win32: support for Visual Studio 2008. [RT #26356]
311 3186. [bug] Version/db mis-match in rpz code. [RT #26180]
313 3179. [port] kfreebsd: build issues. [RT #26273]
315 3175. [bug] Fix how DNSSEC positive wildcard responses from a
316 NSEC3 signed zone are validated. Stop sending a
317 unnecessary NSEC3 record when generating such
318 responses. [RT #26200]
320 3174. [bug] Always compute to revoked key tag from scratch.
323 3173. [port] Correctly validate root DS responses. [RT #25726]
325 3171. [bug] Exclusively lock the task when adding a zone using
326 'rndc addzone'. [RT #25600]
328 3170. [func] RPZ update:
329 - fix precedence among competing rules
330 - improve ARM text including documenting rule precedence
331 - try to rewrite CNAME chains until first hit
332 - new "rpz" logging channel
333 - RDATA for CNAME rules can include wildcards
334 - replace "NO-OP" named.conf policy override with
335 "PASSTHRU" and add "DISABLED" override ("NO-OP"
339 3169. [func] Catch db/version mis-matches when calling dns_db_*().
342 3167. [bug] Negative answers from forwarders were not being
343 correctly tagged making them appear to not be cached.
346 3162. [test] start.pl: modified to allow for "named.args" in
347 ns*/ subdirectory to override stock arguments to
348 named. Largely from RT#26044, but no separate ticket.
350 3161. [bug] zone.c:del_sigs failed to always reset rdata leading
351 assertion failures. [RT #25880]
353 3157. [tuning] Reduce the time spent in "rndc reconfig" by parsing
354 the config file before pausing the server. [RT #21373]
356 3155. [bug] Fixed a build failure when using contrib DLZ
357 drivers (e.g., mysql, postgresql, etc). [RT #25710]
359 3154. [bug] Attempting to print an empty rdataset could trigger
360 an assert. [RT #25452]
362 3152. [cleanup] Some versions of gcc and clang failed due to
363 incorrect use of __builtin_expect. [RT #25183]
365 3151. [bug] Queries for type RRSIG or SIG could be handled
366 incorrectly. [RT #21050]
368 3148. [bug] Processing of normal queries could be stalled when
369 forwarding a UPDATE message. [RT #24711]
371 3146. [test] Fixed gcc4.6.0 errors in ATF. [RT #25598]
373 3145. [test] Capture output of ATF unit tests in "./atf.out" if
374 there were any errors while running them. [RT #25527]
376 3144. [bug] dns_dbiterator_seek() could trigger an assert when
377 used with a nonexistent database node. [RT #25358]
379 3143. [bug] Silence clang compiler warnings. [RT #25174]
381 3139. [test] Added tests from RFC 6234, RFC 2202, and RFC 1321
382 for the hashing algorithms (md5, sha1 - sha512, and
383 their hmac counterparts). [RT #25067]
385 --- 9.8.1 released ---
387 --- 9.8.1rc1 released ---
389 3141. [bug] Silence spurious "zone serial (0) unchanged" messages
390 associated with empty zones. [RT #25079]
392 3138. [bug] Address memory leaks and out-of-order operations when
393 shutting named down. [RT #25210]
395 3136. [func] Add RFC 1918 reverse zones to the list of built-in
396 empty zones switched on by the 'empty-zones-enable'
399 Note: empty-zones-enable must be "yes;" or a empty
400 zone needs to be disabled in named.conf for RFC 1918
401 zones to be activated. This requirement may be
402 removed in future releases.
404 3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.
405 See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307
408 3134. [bug] Improve the accuracy of dnssec-signzone's signing
409 statistics. [RT #16030]
411 --- 9.8.1b3 released ---
413 3133. [bug] Change #3114 was incomplete. [RT #24577]
415 3131. [tuning] Improve scalability by allocating one zone task
416 per 100 zones at startup time, rather than using a
417 fixed-size task table. [RT #24406]
419 3129. [bug] Named could crash on 'rndc reconfig' when
420 allow-new-zones was set to yes and named ACLs
421 were used. [RT #22739]
423 --- 9.8.1b2 released ---
425 3126. [security] Using DNAME record to generate replacements caused
426 RPZ to exit with a assertion failure. [RT #24766]
428 3125. [security] Using wildcard CNAME records as a replacement with
429 RPZ caused named to exit with a assertion failure.
432 3124. [bug] Use an rdataset attribute flag to indicate
433 negative-cache records rather than using rrtype 0;
434 this will prevent problems when that rrtype is
435 used in actual DNS packets. [RT #24777]
437 3123. [security] Change #2912 exposed a latent flaw in
438 dns_rdataset_totext() that could cause named to
439 crash with an assertion failure. [RT #24777]
441 3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664]
443 3121. [security] An authoritative name server sending a negative
444 response containing a very large RRset could
445 trigger an off-by-one error in the ncache code
446 and crash named. [RT #24650]
448 3120. [bug] Named could fail to validate zones listed in a DLV
449 that validated insecure without using DLV and had
450 DS records in the parent zone. [RT #24631]
452 3119. [bug] When rolling to a new DNSSEC key, a private-type
453 record could be created and never marked complete.
456 3118. [bug] nsupdate could dump core on shutdown when using
457 SIG(0) keys. [RT #24604]
459 3117. [cleanup] Remove doc and parser references to the
460 never-implemented 'auto-dnssec create' option.
463 3115. [bug] Named could fail to return requested data when
464 following a CNAME that points into the same zone.
467 3114. [bug] Retain expired RRSIGs in dynamic zones if key is
468 inactive and there is no replacement key. [RT #23136]
470 3113. [doc] Document the relationship between serial-query-rate
473 --- 9.8.1b1 released ---
475 3112. [doc] Add missing descriptions of the update policy name
476 types "ms-self", "ms-subdomain", "krb5-self" and
477 "krb5-subdomain", which allow machines to update
478 their own records, to the BIND 9 ARM.
480 3111. [bug] Improved consistency checks for dnssec-enable and
481 dnssec-validation, added test cases to the
482 checkconf system test. [RT #24398]
484 3110. [bug] dnssec-signzone: Wrong error message could appear
485 when attempting to sign with no KSK. [RT #24369]
487 3107. [bug] dnssec-signzone: Report the correct number of ZSKs
488 when using -x. [RT #20852]
490 3105. [bug] GOST support can be suppressed by "configure
491 --without-gost" [RT #24367]
493 3104. [bug] Better support for cross-compiling. [RT #24367]
495 3103. [bug] Configuring 'dnssec-validation auto' in a view
496 instead of in the options statement could trigger
497 an assertion failure in named-checkconf. [RT #24382]
499 3101. [bug] Zones using automatic key maintenance could fail
500 to check the key repository for updates. [RT #23744]
502 3100. [security] Certain response policy zone configurations could
503 trigger an INSIST when receiving a query of type
506 3099. [test] "dlz" system test now runs but gives R:SKIPPED if
507 not compiled with --with-dlz-filesystem. [RT #24146]
509 3098. [bug] DLZ zones were answering without setting the AA bit.
512 3097. [test] Add a tool to test handling of malformed packets.
515 3096. [bug] Set KRB5_KTNAME before calling log_cred() in
516 dst_gssapi_acceptctx(). [RT #24004]
518 3095. [bug] Handle isolated reserved ports in the port range.
521 3094. [doc] Expand dns64 documentation.
523 3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
525 3092. [bug] Signatures for records at the zone apex could go
526 stale due to an incorrect timer setting. [RT #23769]
528 3091. [bug] Fixed a bug in which zone keys that were published
529 and then subsequently activated could fail to trigger
530 automatic signing. [RT #22911]
532 3090. [func] Make --with-gssapi default [RT #23738]
534 3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
535 and add setup.sh in order to resolve changing
536 named.conf issue. [RT #23687]
538 3087. [bug] DDNS updates using SIG(0) with update-policy match
539 type "external" could cause a crash. [RT #23735]
541 3086. [bug] Running dnssec-settime -f on an old-style key will
542 now force an update to the new key format even if no
543 other change has been specified, using "-P now -A now"
544 as default values. [RT #22474]
546 3083. [bug] NOTIFY messages were not being sent when generating
547 a NSEC3 chain incrementally. [RT #23702]
549 3082. [port] strtok_r is threads only. [RT #23747]
551 3081. [bug] Failure of DNAME substitution did not return
552 YXDOMAIN. [RT #23591]
554 3080. [cleanup] Replaced compile time constant by STDTIME_ON_32BITS.
557 3079. [bug] Handle isc_event_allocate failures in t_tasks.
560 3078. [func] Added a new include file with function typedefs
561 for the DLZ "dlopen" driver. [RT #23629]
563 3077. [bug] zone.c:zone_refreshkeys() incorrectly called
564 dns_zone_attach(), use zone->irefs instead. [RT #23303]
566 3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant
567 timestamp when determining which keys are active.
570 3074. [bug] Make the adb cache read through for zone data and
571 glue learn for zone named is authoritative for.
574 3073. [bug] managed-keys changes were not properly being recorded.
577 3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference.
580 3071. [bug] has_nsec could be used unintialised in
581 update.c:next_active. [RT #20256]
583 3070. [bug] dnssec-signzone potential NULL pointer dereference.
586 3069. [cleanup] Silence warnings messages from clang static analysis.
589 3068. [bug] Named failed to build with a OpenSSL without engine
592 3067. [bug] ixfr-from-differences {master|slave}; failed to
593 select the master/slave zones. [RT #23580]
595 3066. [func] The DLZ "dlopen" driver is now built by default,
596 no longer requiring a configure option. To
597 disable it, use "configure --without-dlopen".
598 (Note: driver not supported on win32.) [RT #23467]
600 3065. [bug] RRSIG could have time stamps too far in the future.
603 3064. [bug] powerpc: add sync instructions to the end of atomic
604 operations. [RT #23469]
606 3063. [contrib] More verbose error reporting from DLZ LDAP. [RT #23402]
608 3059. [test] Added a regression test for change #3023.
610 3058. [bug] Cause named to terminate at startup or rndc reconfig/
611 reload to fail, if a log file specified in the conf
612 file isn't a plain file. [RT #22771]
614 3057. [bug] "rndc secroots" would abort after the first error
615 and so could miss some views. [RT #23488]
617 3054. [bug] Added elliptic curve support check in
618 GOST OpenSSL engine detection. [RT #23485]
620 3053. [bug] Under a sustained high query load with a finite
621 max-cache-size, it was possible for cache memory
622 to be exhausted and not recovered. [RT #23371]
624 3052. [test] Fixed last autosign test report. [RT #23256]
626 3051. [bug] NS records obsure DNAME records at the bottom of the
627 zone if both are present. [RT #23035]
629 3050. [bug] The autosign system test was timing dependent.
630 Wait for the initial autosigning to complete
631 before running the rest of the test. [RT #23035]
633 3049. [bug] Save and restore the gid when creating creating
634 named.pid at startup. [RT #23290]
636 3048. [bug] Fully separate view key mangement. [RT #23419]
638 3047. [bug] DNSKEY NODATA responses not cached fixed in
639 validator.c. Tests added to dnssec system test.
642 3046. [bug] Use RRSIG original TTL to compute validated RRset
643 and RRSIG TTL. [RT #23332]
645 3044. [bug] Hold the socket manager lock while freeing the socket.
648 3043. [test] Merged in the NetBSD ATF test framework (currently
649 version 0.12) for development of future unit tests.
650 Use configure --with-atf to build ATF internally
651 or configure --with-atf=prefix to use an external
654 3042. [bug] dig +trace could fail attempting to use IPv6
655 addresses on systems with only IPv4 connectivity.
658 3041. [bug] dnssec-signzone failed to generate new signatures on
659 ttl changes. [RT #23330]
661 3040. [bug] Named failed to validate insecure zones where a node
662 with a CNAME existed between the trust anchor and the
663 top of the zone. [RT #23338]
665 3038. [bug] Install <dns/rpz.h>. [RT #23342]
667 3037. [doc] Update COPYRIGHT to contain all the individual
668 copyright notices that cover various parts.
670 3036. [bug] Check built-in zone arguments to see if the zone
671 is re-usable or not. [RT #21914]
673 3035. [cleanup] Simplify by using strlcpy. [RT #22521]
675 3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521]
677 3033. [cleanup] Add two INSIST(bucket != DNS_ADB_INVALIDBUCKET).
680 3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
682 3031. [bug] dns_rdataclass_format() handle a zero sized buffer.
685 3030. [bug] dns_rdatatype_format() handle a zero sized buffer.
688 3029. [bug] isc_netaddr_format() handle a zero sized buffer.
691 3028. [bug] isc_sockaddr_format() handle a zero sized buffer.
694 3027. [bug] Add documented REQUIREs to cfg_obj_asnetprefix() to
695 catch NULL pointer dereferences before they happen.
698 3026. [bug] lib/isc/httpd.c: check that we have enough space
699 after calling grow_headerspace() and if not
700 re-call grow_headerspace() until we do. [RT #22521]
702 --- 9.8.0 released ---
704 3025. [bug] Fixed a possible deadlock due to zone resigning.
707 3024. [func] RTT Banding removed due to minor security increase
708 but major impact on resolver latency. [RT #23310]
710 3023. [bug] Named could be left in an inconsistent state when
711 receiving multiple AXFR response messages that were
712 not all TSIG-signed. [RT #23254]
714 3022. [bug] Fixed rpz SERVFAILs after failed zone transfers
717 3021. [bug] Change #3010 was incomplete. [RT #22296]
719 3020. [bug] auto-dnssec failed to correctly update the zone when
720 changing the DNSKEY RRset. [RT #23232]
722 3019. [test] Test: check apex NSEC3 records after adding DNSKEY
723 record via UPDATE. [RT #23229]
725 --- 9.8.0rc1 released ---
727 3018. [bug] Named failed to check for the "none;" acl when deciding
728 if a zone may need to be re-signed. [RT #23120]
730 3017. [doc] dnssec-keyfromlabel -I was not properly documented.
733 3016. [bug] rndc usage missing '-b'. [RT #22937]
735 3015. [port] win32: fix IN6_IS_ADDR_LINKLOCAL and
736 IN6_IS_ADDR_SITELOCAL macros. [RT #22724]
738 3013. [bug] The DNS64 ttl was not always being set as expected.
741 3012. [bug] Remove DNSKEY TTL change pairs before generating
742 signing records for any remaining DNSKEY changes.
745 3011. [func] Allow setting this in named.conf using the new
746 'resolver-query-timeout' option, which specifies a max
747 time in seconds. 0 means 'default' and anything longer
748 than 30 will be silently set to 30. [RT #22852]
750 3010. [bug] Fixed a bug where "rndc reconfig" stopped the timer
751 for refreshing managed-keys. [RT #22296]
753 3009. [bug] clients-per-query code didn't work as expected with
754 particular query patterns. [RT #22972]
756 --- 9.8.0b1 released ---
758 3008. [func] Response policy zones (RPZ) support. [RT #21726]
760 3007. [bug] Named failed to preserve the case of domain names in
761 rdata which is not compressible when writing master
764 3006. [func] Allow dynamically generated TSIG keys to be preserved
765 across restarts of named. Initially this is for
766 TSIG keys generated using GSSAPI. [RT #22639]
768 3005. [port] Solaris: Work around the lack of
769 gsskrb5_register_acceptor_identity() by setting
770 the KRB5_KTNAME environment variable to the
771 contents of tkey-gssapi-keytab. Also fixed
772 test errors on MacOSX. [RT #22853]
774 3004. [func] DNS64 reverse support. [RT #22769]
776 3003. [experimental] Added update-policy match type "external",
777 enabling named to defer the decision of whether to
778 allow a dynamic update to an external daemon.
779 (Contributed by Andrew Tridgell.) [RT #22758]
781 3002. [bug] isc_mutex_init_errcheck() failed to destroy attr.
784 3001. [func] Added a default trust anchor for the root zone, which
785 can be switched on by setting "dnssec-validation auto;"
786 in the named.conf options. [RT #21727]
788 3000. [bug] More TKEY/GSS fixes:
789 - nsupdate can now get the default realm from
790 the user's Kerberos principal
791 - corrected gsstest compilation flags
792 - improved documentation
793 - fixed some NULL dereferences
796 2999. [func] Add GOST support (RFC 5933). [RT #20639]
798 2998. [func] Add isc_task_beginexclusive and isc_task_endexclusive
799 to the task api. [RT #22776]
801 2997. [func] named -V now reports the OpenSSL and libxml2 verions
802 it was compiled against. [RT #22687]
804 2996. [security] Temporarily disable SO_ACCEPTFILTER support.
807 2995. [bug] The Kerberos realm was not being correctly extracted
808 from the signer's identity. [RT #22770]
810 2994. [port] NetBSD: use pthreads by default on NetBSD >= 5.0, and
811 do not use threads on earlier versions. Also kill
812 the unproven-pthreads, mit-pthreads, and ptl2 support.
814 2993. [func] Dynamically grow adb hash tables. [RT #21186]
816 2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
817 for looking at a secure delegation. [RT #22059]
819 2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
820 dynamic zones. [RT #22365]
822 2990. [bug] 'dnssec-settime -S' no longer tests prepublication
823 interval validity when the interval is set to 0.
826 2989. [func] Added support for writable DLZ zones. (Contributed
827 by Andrew Tridgell of the Samba project.) [RT #22629]
829 2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
830 of external DLZ drivers that can be loaded as
831 shared objects at runtime rather than linked with
832 named. Currently this is switched on via a
833 compile-time option, "configure --with-dlz-dlopen".
834 Note: the syntax for configuring DLZ zones
835 is likely to be refined in future releases.
836 (Contributed by Andrew Tridgell of the Samba
837 project.) [RT #22629]
839 2987. [func] Improve ease of configuring TKEY/GSS updates by
840 adding a "tkey-gssapi-keytab" option. If set,
841 updates will be allowed with any key matching
842 a principal in the specified keytab file.
843 "tkey-gssapi-credential" is no longer required
844 and is expected to be deprecated. (Contributed
845 by Andrew Tridgell of the Samba project.)
848 2986. [func] Add new zone type "static-stub". It's like a stub
849 zone, but the nameserver names and/or their IP
850 addresses are statically configured. [RT #21474]
852 2985. [bug] Add a regression test for change #2896. [RT #21324]
854 2984. [bug] Don't run MX checks when the target of the MX record
857 2983. [bug] Include "loadkeys" in rndc help output. [RT #22493]
859 --- 9.8.0a1 released ---
861 2982. [bug] Reference count dst keys. dst_key_attach() can be used
862 increment the reference count.
864 Note: dns_tsigkey_createfromkey() callers should now
865 always call dst_key_free() rather than setting it
866 to NULL on success. [RT #22672]
868 2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991]
870 2980. [bug] named didn't properly handle UPDATES that changed the
871 TTL of the NSEC3PARAM RRset. [RT #22363]
873 2979. [bug] named could deadlock during shutdown if two
874 "rndc stop" commands were issued at the same
877 2978. [port] hpux: look for <devpoll.h> [RT #21919]
879 2977. [bug] 'nsupdate -l' report if the session key is missing.
882 2976. [bug] named could die on exit after negotiating a GSS-TSIG
885 2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
886 wrong lock which could lead to server deadlock.
889 2974. [bug] Some valid UPDATE requests could fail due to a
890 consistency check examining the existing version
891 of the zone rather than the new version resulting
892 from the UPDATE. [RT #22413]
894 2973. [bug] bind.keys.h was being removed by the "make clean"
895 at the end of configure resulting in build failures
896 where there is very old version of perl installed.
897 Move it to "make maintainer-clean". [RT #22230]
899 2972. [bug] win32: address windows socket errors. [RT #21906]
901 2971. [bug] Fixed a bug that caused journal files not to be
902 compacted on Windows systems as a result of
903 non-POSIX-compliant rename() semantics. [RT #22434]
905 2970. [security] Adding a NO DATA negative cache entry failed to clear
906 any matching RRSIG records. A subsequent lookup of
907 of NO DATA cache entry could trigger a INSIST when the
908 unexpected RRSIG was also returned with the NO DATA
911 CVE-2010-3613, VU#706148. [RT #22288]
913 2969. [security] Fix acl type processing so that allow-query works
914 in options and view statements. Also add a new
915 set of tests to verify proper functioning.
917 CVE-2010-3615, VU#510208. [RT #22418]
919 2968. [security] Named could fail to prove a data set was insecure
920 before marking it as insecure. One set of conditions
921 that can trigger this occurs naturally when rolling
924 CVE-2010-3614, VU#837744. [RT #22309]
926 2967. [bug] 'host -D' now turns on debugging messages earlier.
929 2966. [bug] isc_print_vsnprintf() failed to check if there was
930 space available in the buffer when adding a left
931 justified character with a non zero width,
932 (e.g. "%-1c"). [RT #22270]
934 2965. [func] Test HMAC functions using test data from RFC 2104 and
935 RFC 4634. [RT #21702]
939 2963. [security] The allow-query acl was being applied instead of the
940 allow-query-cache acl to cache lookups. [RT #22114]
942 2962. [port] win32: add more dependencies to BINDBuild.dsw.
945 2961. [bug] Be still more selective about the non-authoritative
946 answers we apply change 2748 to. [RT #22074]
948 2960. [func] Check that named accepts non-authoritative answers.
951 2959. [func] Check that named starts with a missing masterfile.
954 2958. [bug] named failed to start with a missing master file.
957 2957. [bug] entropy_get() and entropy_getpseudo() failed to match
958 the API for RAND_bytes() and RAND_pseudo_bytes()
959 respectively. [RT #21962]
961 2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
963 2955. [func] Provide more detail in the recursing log. [RT #22043]
965 2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
966 build_sqldbinstance failure. [RT #21623]
968 2953. [bug] Silence spurious "expected covering NSEC3, got an
969 exact match" message when returning a wildcard
970 no data response. [RT #21744]
972 2952. [port] win32: named-checkzone and named-checkconf failed
973 to initialise winsock. [RT #21932]
975 2951. [bug] named failed to generate a correct signed response
976 in a optout, delegation only zone with no secure
977 delegations. [RT #22007]
979 2950. [bug] named failed to perform a SOA up to date check when
980 falling back to TCP on UDP timeouts when
981 ixfr-from-differences was set. [RT #21595]
983 2949. [bug] dns_view_setnewzones() contained a memory leak if
984 it was called multiple times. [RT #21942]
986 2948. [port] MacOS: provide a mechanism to configure the test
987 interfaces at reboot. See bin/tests/system/README
992 2946. [doc] Document the default values for the minimum and maximum
993 zone refresh and retry values in the ARM. [RT #21886]
995 2945. [doc] Update empty-zones list in ARM. [RT #21772]
997 2944. [maint] Remove ORCHID prefix from built in empty zones.
1000 2943. [func] Add support to load new keys into managed zones
1001 without signing immediately with "rndc loadkeys".
1002 Add support to link keys with "dnssec-keygen -S"
1003 and "dnssec-settime -S". [RT #21351]
1005 2942. [contrib] zone2sqlite failed to setup the entropy sources.
1008 2941. [bug] sdb and sdlz (dlz's zone database) failed to support
1009 DNAME at the zone apex. [RT #21610]
1011 2940. [port] Remove connection aborted error message on
1012 Windows. [RT #21549]
1014 2939. [func] Check that named successfully skips NSEC3 records
1015 that fail to match the NSEC3PARAM record currently
1018 2938. [bug] When generating signed responses, from a signed zone
1019 that uses NSEC3, named would use a uninitialised
1020 pointer if it needed to skip a NSEC3 record because
1021 it didn't match the selected NSEC3PARAM record for
1024 2937. [bug] Worked around an apparent race condition in over
1025 memory conditions. Without this fix a DNS cache DB or
1026 ADB could incorrectly stay in an over memory state,
1027 effectively refusing further caching, which
1028 subsequently made a BIND 9 caching server unworkable.
1029 This fix prevents this problem from happening by
1030 polling the state of the memory context, rather than
1031 making a copy of the state, which appeared to cause
1032 a race. This is a "workaround" in that it doesn't
1033 solve the possible race per se, but several experiments
1034 proved this change solves the symptom. Also, the
1035 polling overhead hasn't been reported to be an issue.
1036 This bug should only affect a caching server that
1037 specifies a finite max-cache-size. It's also quite
1038 likely that the bug happens only when enabling threads,
1039 but it's not confirmed yet. [RT #21818]
1041 2936. [func] Improved configuration syntax and multiple-view
1042 support for addzone/delzone feature (see change
1043 #2930). Removed "new-zone-file" option, replaced
1044 with "allow-new-zones (yes|no)". The new-zone-file
1045 for each view is now created automatically, with
1046 a filename generated from a hash of the view name.
1047 It is no longer necessary to "include" the
1048 new-zone-file in named.conf; this happens
1049 automatically. Zones that were not added via
1050 "rndc addzone" can no longer be removed with
1051 "rndc delzone". [RT #19447]
1053 2935. [bug] nsupdate: improve 'file not found' error message.
1056 2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
1059 2933. [bug] 'dig +nsid' used stack memory after it went out of
1060 scope. This could potentially result in a unknown,
1061 potentially malformed, EDNS option being sent instead
1062 of the desired NSID option. [RT #21781]
1064 2932. [cleanup] Corrected a numbering error in the "dnssec" test.
1067 2931. [bug] Temporarily and partially disable change 2864
1068 because it would cause infinite attempts of RRSIG
1069 queries. This is an urgent care fix; we'll
1070 revisit the issue and complete the fix later.
1073 2930. [experimental] New "rndc addzone" and "rndc delzone" commads
1074 allow dynamic addition and deletion of zones.
1075 To enable this feature, specify a "new-zone-file"
1076 option at the view or options level in named.conf.
1077 Zone configuration information for the new zones
1078 will be written into that file. To make the new
1079 zones persist after a restart, "include" the file
1080 into named.conf in the appropriate view. (Note:
1081 This feature is not yet documented, and its syntax
1082 is expected to change.) [RT #19447]
1084 2929. [bug] Improved handling of GSS security contexts:
1085 - added LRU expiration for generated TSIGs
1086 - added the ability to use a non-default realm
1087 - added new "realm" keyword in nsupdate
1088 - limited lifetime of generated keys to 1 hour
1089 or the lifetime of the context (whichever is
1093 2928. [bug] Be more selective about the non-authoritative
1094 answer we apply change 2748 to. [RT #21594]
1100 2925. [bug] Named failed to accept uncachable negative responses
1101 from insecure zones. [RT# 21555]
1103 2924. [func] 'rndc secroots' dump a combined summary of the
1104 current managed keys combined with trusted keys.
1107 2923. [bug] 'dig +trace' could drop core after "connection
1108 timeout". [RT #21514]
1110 2922. [contrib] Update zkt to version 1.0.
1112 2921. [bug] The resolver could attempt to destroy a fetch context
1113 too soon. [RT #19878]
1115 2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
1116 to IPv4 clients. New acl 'filter-aaaa' (default any).
1118 2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
1121 2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
1123 2917. [func] Virtual time test framework. [RT #20801]
1125 2916. [func] Add framework to use IPv6 in tests.
1126 fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
1128 2915. [cleanup] Be smarter about which objects we attempt to compile
1129 based on configure options. [RT #21444]
1131 2914. [bug] Make the "autosign" system test more portable.
1134 2913. [func] Add pkcs#11 system tests. [RT #20784]
1136 2912. [func] Windows clients don't like UPDATE responses that clear
1137 the zone section. [RT #20986]
1139 2911. [bug] dnssec-signzone didn't handle out of zone records well.
1142 2910. [func] Sanity check Kerberos credentials. [RT #20986]
1144 2909. [bug] named-checkconf -p could die if "update-policy local;"
1145 was specified in named.conf. [RT #21416]
1147 2908. [bug] It was possible for re-signing to stop after removing
1148 a DNSKEY. [RT #21384]
1150 2907. [bug] The export version of libdns had undefined references.
1153 2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
1155 2905. [port] aix: set use_atomic=yes with native compiler.
1158 2904. [bug] When using DLV, sub-zones of the zones in the DLV,
1159 could be incorrectly marked as insecure instead of
1160 secure leading to negative proofs failing. This was
1161 a unintended outcome from change 2890. [RT# 21392]
1163 2903. [bug] managed-keys-directory missing from namedconf.c.
1166 2902. [func] Add regression test for change 2897. [RT #21040]
1168 2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
1170 2900. [bug] The placeholder negative caching element was not
1171 properly constructed triggering a INSIST in
1172 dns_ncache_towire(). [RT #21346]
1174 2899. [port] win32: Support linking against OpenSSL 1.0.0.
1176 2898. [bug] nslookup leaked memory when -domain=value was
1177 specified. [RT #21301]
1179 2897. [bug] NSEC3 chains could be left behind when transitioning
1180 to insecure. [RT #21040]
1182 2896. [bug] "rndc sign" failed to properly update the zone
1183 when adding a DNSKEY for publication only. [RT #21045]
1185 2895. [func] genrandom: add support for the generation of multiple
1188 2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
1190 2893. [bug] Improve managed keys support. New named.conf option
1191 managed-keys-directory. [RT #20924]
1193 2892. [bug] Handle REVOKED keys better. [RT #20961]
1195 2891. [maint] Update empty-zones list to match
1196 draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
1198 2890. [bug] Handle the introduction of new trusted-keys and
1199 DS, DLV RRsets better. [RT #21097]
1201 2889. [bug] Elements of the grammar where not properly reported.
1204 2888. [bug] Only the first EDNS option was displayed. [RT #21273]
1206 2887. [bug] Report the keytag times in UTC in the .key file,
1207 local time is presented as a comment within the
1208 comment. [RT #21223]
1210 2886. [bug] ctime() is not thread safe. [RT #21223]
1212 2885. [bug] Improve -fno-strict-aliasing support probing in
1213 configure. [RT #21080]
1215 2884. [bug] Insufficient validation in dns_name_getlabelsequence().
1218 2883. [bug] 'dig +short' failed to handle really large datasets.
1221 2882. [bug] Remove memory context from list of active contexts
1222 before clearing 'magic'. [RT #21274]
1224 2881. [bug] Reduce the amount of time the rbtdb write lock
1225 is held when closing a version. [RT #21198]
1227 2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
1228 consistent. [RT #21078]
1230 2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
1233 2878. [func] Incrementally write the master file after performing
1236 2877. [bug] The validator failed to skip obviously mismatching
1239 2876. [bug] Named could return SERVFAIL for negative responses
1240 from unsigned zones. [RT #21131]
1242 2875. [bug] dns_time64_fromtext() could accept non digits.
1245 2874. [bug] Cache lack of EDNS support only after the server
1246 successfully responds to the query using plain DNS.
1249 2873. [bug] Cancelling a dynamic update via the dns/client module
1250 could trigger an assertion failure. [RT #21133]
1252 2872. [bug] Modify dns/client.c:dns_client_createx() to only
1253 require one of IPv4 or IPv6 rather than both.
1256 2871. [bug] Type mismatch in mem_api.c between the definition and
1257 the header file, causing build failure with
1258 --enable-exportlib. [RT #21138]
1260 2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
1262 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
1265 2868. [cleanup] Run "make clean" at the end of configure to ensure
1266 any changes made by configure are integrated.
1267 Use --with-make-clean=no to disable. [RT #20994]
1269 2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
1270 don't like it. [RT #20986]
1272 2866. [bug] Windows does not like the TSIG name being compressed.
1275 2865. [bug] memset to zero event.data. [RT #20986]
1277 2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
1280 2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
1283 2862. [bug] nsupdate didn't default to the parent zone when
1284 updating DS records. [RT #20896]
1286 2861. [doc] dnssec-settime man pages didn't correctly document the
1287 inactivation time. [RT #21039]
1289 2860. [bug] named-checkconf's usage was out of date. [RT #21039]
1291 2859. [bug] When cancelling validation it was possible to leak
1294 2858. [bug] RTT estimates were not being adjusted on ICMP errors.
1297 2857. [bug] named-checkconf did not fail on a bad trusted key.
1300 2856. [bug] The size of a memory allocation was not always properly
1301 recorded. [RT #20927]
1303 2855. [func] nsupdate will now preserve the entered case of domain
1304 names in update requests it sends. [RT #20928]
1306 2854. [func] dig: allow the final soa record in a axfr response to
1307 be suppressed, dig +onesoa. [RT #20929]
1309 2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
1311 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
1313 2851. [doc] nslookup.1, removed <informalexample> from the docbook
1314 source as it produced bad nroff. [RT #21007]
1316 2850. [bug] If isc_heap_insert() failed due to memory shortage
1317 the heap would have corrupted entries. [RT #20951]
1319 2849. [bug] Don't treat errors from the xml2 library as fatal.
1322 2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and
1323 README.rfc5011 into the ARM. [RT #20899]
1325 2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921]
1327 2846. [bug] EOF on unix domain sockets was not being handled
1328 correctly. [RT #20731]
1330 2845. [bug] RFC 5011 client could crash on shutdown. [RT #20903]
1332 2844. [doc] notify-delay default in ARM was wrong. It should have
1333 been five (5) seconds.
1335 2843. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from
1336 creating key files if there is a chance that the new
1337 key ID will collide with an existing one after
1338 either of the keys has been revoked. (To override
1339 this in the case of dnssec-keyfromlabel, use the -y
1340 option. dnssec-keygen will simply create a
1341 different, non-colliding key, so an override is
1342 not necessary.) [RT #20838]
1344 2842. [func] Added "smartsign" and improved "autosign" and
1345 "dnssec" regression tests. [RT #20865]
1347 2841. [bug] Change 2836 was not complete. [RT #20883]
1349 2840. [bug] Temporary fixed pkcs11-destroy usage check.
1352 2839. [bug] A KSK revoked by named could not be deleted.
1357 2837. [port] Prevent Linux spurious warnings about fwrite().
1360 2836. [bug] Keys that were scheduled to become active could
1361 be delayed. [RT #20874]
1363 2835. [bug] Key inactivity dates were inadvertently stored in
1364 the private key file with the outdated tag
1365 "Unpublish" rather than "Inactive". This has been
1366 fixed; however, any existing keys that had Inactive
1367 dates set will now need to have them reset, using
1368 'dnssec-settime -I'. [RT #20868]
1370 2834. [bug] HMAC-SHA* keys that were longer than the algorithm
1371 digest length were used incorrectly, leading to
1372 interoperability problems with other DNS
1373 implementations. This has been corrected.
1374 (Note: If an oversize key is in use, and
1375 compatibility is needed with an older release of
1376 BIND, the new tool "isc-hmac-fixup" can convert
1377 the key secret to a form that will work with all
1378 versions.) [RT #20751]
1380 2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime.
1383 2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
1384 to avoid redefinition in some OSs [RT 20831]
1386 2831. [security] Do not attempt to validate or cache
1387 out-of-bailiwick data returned with a secure
1388 answer; it must be re-fetched from its original
1389 source and validated in that context. [RT #20819]
1391 2830. [bug] Changing the OPTOUT setting could take multiple
1394 2829. [bug] Fixed potential node inconsistency in rbtdb.c.
1397 2828. [security] Cached CNAME or DNAME RR could be returned to clients
1398 without DNSSEC validation. [RT #20737]
1400 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
1402 2826. [bug] NSEC3->NSEC transitions could fail due to a lock not
1403 being released. [RT #20740]
1405 2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
1406 was in the process of being created was not properly
1407 recorded in the zone. [RT #20786]
1409 2824. [bug] "rndc sign" was not being run by the correct task.
1412 2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
1414 2822. [bug] rbtdb.c:loadnode() could return the wrong result.
1417 2821. [doc] Add note that named-checkconf doesn't automatically
1418 read rndc.key and bind.keys [RT #20758]
1420 2820. [func] Handle read access failure of OpenSSL configuration
1421 file more user friendly (PKCS#11 engine patch).
1424 2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
1427 2818. [cleanup] rndc could return an incorrect error code
1428 when a zone was not found. [RT #20767]
1430 2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
1433 2816. [bug] previous_closest_nsec() could fail to return
1434 data for NSEC3 nodes [RT #29730]
1436 2815. [bug] Exclusively lock the task when freezing a zone.
1439 2814. [func] Provide a definitive error message when a master
1440 zone is not loaded. [RT #20757]
1442 2813. [bug] Better handling of unreadable DNSSEC key files.
1445 2812. [bug] Make sure updates can't result in a zone with
1446 NSEC-only keys and NSEC3 records. [RT #20748]
1448 2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
1451 2810. [doc] Clarified the process of transitioning an NSEC3 zone
1452 to insecure. [RT #20746]
1454 2809. [cleanup] Restored accidentally-deleted text in usage output
1455 in dnssec-settime and dnssec-revoke [RT #20739]
1457 2808. [bug] Remove the attempt to install atomic.h from lib/isc.
1458 atomic.h is correctly installed by the architecture
1459 specific subdirectories. [RT #20722]
1461 2807. [bug] Fixed a possible ASSERT when reconfiguring zone
1464 --- 9.7.0rc1 released ---
1466 2806. [bug] "rdnc sign" could delay re-signing the DNSKEY
1467 when it had changed. [RT #20703]
1469 2805. [bug] Fixed namespace problems encountered when building
1470 external programs using non-exported BIND9 libraries
1471 (i.e., built without --enable-exportlib). [RT #20679]
1473 2804. [bug] Send notifies when a zone is signed with "rndc sign"
1474 or as a result of a scheduled key change. [RT #20700]
1476 2803. [port] win32: Install named-journalprint, nsec3hash, arpaname
1477 and genrandom under windows. [RT #20670]
1479 2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670]
1481 2801. [func] Detect and report records that are different according
1482 to DNSSEC but are semantically equal according to plain
1483 DNS. Apply plain DNS comparisons rather than DNSSEC
1484 comparisons when processing UPDATE requests.
1485 dnssec-signzone now removes such semantically duplicate
1486 records prior to signing the RRset.
1488 named-checkzone -r {ignore|warn|fail} (default warn)
1489 named-compilezone -r {ignore|warn|fail} (default warn)
1491 named.conf: check-dup-records {ignore|warn|fail};
1493 2800. [func] Reject zones which have NS records which refer to
1494 CNAMEs, DNAMEs or don't have address record (class IN
1495 only). Reject UPDATEs which would cause the zone
1496 to fail the above checks if committed. [RT #20678]
1498 2799. [cleanup] Changed the "secure-to-insecure" option to
1499 "dnssec-secure-to-insecure", and "dnskey-ksk-only"
1500 to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
1502 2798. [bug] Addressed bugs in managed-keys initialization
1503 and rollover. [RT #20683]
1505 2797. [bug] Don't decrement the dispatch manager's maxbuffers.
1508 2796. [bug] Missing dns_rdataset_disassociate() call in
1509 dns_nsec3_delnsec3sx(). [RT #20681]
1511 2795. [cleanup] Add text to differentiate "update with no effect"
1512 log messages. [RT #18889]
1514 2794. [bug] Install <isc/namespace.h>. [RT #20677]
1516 2793. [func] Add "autosign" and "metadata" tests to the
1517 automatic tests. [RT #19946]
1519 2792. [func] "filter-aaaa-on-v4" can now be set in view
1520 options (if compiled in). [RT #20635]
1522 2791. [bug] The installation of isc-config.sh was broken.
1525 2790. [bug] Handle DS queries to stub zones. [RT #20440]
1527 2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
1529 2788. [bug] dnssec-signzone could sign with keys that were
1530 not requested [RT #20625]
1532 2787. [bug] Spurious log message when zone keys were
1533 dynamically reconfigured. [RT #20659]
1535 2786. [bug] Additional could be promoted to answer. [RT #20663]
1537 --- 9.7.0b3 released ---
1539 2785. [bug] Revoked keys could fail to self-sign [RT #20652]
1541 2784. [bug] TC was not always being set when required glue was
1542 dropped. [RT #20655]
1544 2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
1545 buffer size of 512 or less. [RT #20654]
1547 2782. [port] win32: use getaddrinfo() for hostname lookups.
1550 2781. [bug] Inactive keys could be used for signing. [RT #20649]
1552 2780. [bug] dnssec-keygen -A none didn't properly unset the
1553 activation date in all cases. [RT #20648]
1555 2779. [bug] Dynamic key revocation could fail. [RT #20644]
1557 2778. [bug] dnssec-signzone could fail when a key was revoked
1558 without deleting the unrevoked version. [RT #20638]
1560 2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
1562 2776. [bug] Change #2762 was not correct. [RT #20647]
1564 2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible
1565 in dnssec-keyfromlabel. [RT #20643]
1567 2774. [bug] Existing cache DB wasn't being reused after
1568 reconfiguration. [RT #20629]
1570 2773. [bug] In autosigned zones, the SOA could be signed
1571 with the KSK. [RT #20628]
1573 2772. [security] When validating, track whether pending data was from
1574 the additional section or not and only return it if
1575 validates as secure. [RT #20438]
1577 2771. [bug] dnssec-signzone: DNSKEY records could be
1578 corrupted when importing from key files [RT #20624]
1580 2770. [cleanup] Add log messages to resolver.c to indicate events
1581 causing FORMERR responses. [RT #20526]
1583 2769. [cleanup] Change #2742 was incomplete. [RT #19589]
1585 2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568]
1587 2767. [bug] named could crash on startup if a zone was
1588 configured with auto-dnssec and there was no
1589 key-directory. [RT #20615]
1591 2766. [bug] isc_socket_fdwatchpoke() should only update the
1592 socketmgr state if the socket is not pending on a
1593 read or write. [RT #20603]
1595 2765. [bug] Skip masters for which the TSIG key cannot be found.
1598 2764. [bug] "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
1600 2763. [bug] "rndc sign" didn't create an NSEC chain. [RT #20591]
1602 2762. [bug] DLV validation failed with a local slave DLV zone.
1605 2761. [cleanup] Enable internal symbol table for backtrace only for
1606 systems that are known to work. Currently, BSD
1607 variants, Linux and Solaris are supported. [RT# 20202]
1609 2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
1611 2759. [doc] Add information about .jbk/.jnw files to
1612 the ARM. [RT #20303]
1614 2758. [bug] win32: Added a workaround for a windows 2008 bug
1615 that could cause the UDP client handler to shut
1618 2757. [bug] dig: assertion failure could occur in connect
1619 timeout. [RT #20599]
1621 2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]
1625 2754. [bug] Secure-to-insecure transitions failed when zone
1626 was signed with NSEC3. [RT #20587]
1628 2753. [bug] Removed an unnecessary warning that could appear when
1629 building an NSEC chain. [RT #20589]
1631 2752. [bug] Locking violation. [RT #20587]
1633 2751. [bug] Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
1635 2750. [bug] dig: assertion failure could occur when a server
1636 didn't have an address. [RT #20579]
1638 2749. [bug] ixfr-from-differences generated a non-minimal ixfr
1639 for NSEC3 signed zones. [RT #20452]
1641 2748. [func] Identify bad answers from GTLD servers and treat them
1642 as referrals. [RT #18884]
1644 2747. [bug] Journal roll forwards failed to set the re-signing
1645 time of RRSIGs correctly. [RT #20541]
1647 2746. [port] hpux: address signed/unsigned expansion mismatch of
1648 dns_rbtnode_t.nsec. [RT #20542]
1650 2745. [bug] configure script didn't probe the return type of
1651 gai_strerror(3) correctly. [RT #20573]
1653 2744. [func] Log if a query was over TCP. [RT #19961]
1655 2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
1656 for a insecure delegation.
1658 --- 9.7.0b2 released ---
1660 2742. [cleanup] Clarify some DNSSEC-related log messages in
1661 validator.c. [RT #19589]
1663 2741. [func] Allow the dnssec-keygen progress messages to be
1664 suppressed (dnssec-keygen -q). Automatically
1665 suppress the progress messages when stdin is not
1670 2739. [cleanup] Clean up API for initializing and clearing trust
1671 anchors for a view. [RT #20211]
1673 2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system
1676 2737. [func] UPDATE requests can leak existence information.
1679 2736. [func] Improve the performance of NSEC signed zones with
1680 more than a normal amount of glue below a delegation.
1683 2735. [bug] dnssec-signzone could fail to read keys
1684 that were specified on the command line with
1685 full paths, but weren't in the current
1686 directory. [RT #20421]
1688 2734. [port] cygwin: arpaname did not compile. [RT #20473]
1690 2733. [cleanup] Clean up coding style in pkcs11-* tools. [RT #20355]
1692 2732. [func] Add optional filter-aaaa-on-v4 option, available
1693 if built with './configure --enable-filter-aaaa'.
1694 Filters out AAAA answers to clients connecting
1695 via IPv4. (This is NOT recommended for general
1698 2731. [func] Additional work on change 2709. The key parser
1699 will now ignore unrecognized fields when the
1700 minor version number of the private key format
1701 has been increased. It will reject any key with
1702 the major version number increased. [RT #20310]
1704 2730. [func] Have dnssec-keygen display a progress indication
1705 a la 'openssl genrsa' on standard error. Note
1706 when the first '.' is followed by a long stop
1707 one has the choice between slow generation vs.
1708 poor random quality, i.e., '-r /dev/urandom'.
1711 2729. [func] When constructing a CNAME from a DNAME use the DNAME
1714 2728. [bug] dnssec-keygen, dnssec-keyfromlabel and
1715 dnssec-signzone now warn immediately if asked to
1716 write into a nonexistent directory. [RT #20278]
1718 2727. [func] The 'key-directory' option can now specify a relative
1721 2726. [func] Added support for SHA-2 DNSSEC algorithms,
1722 RSASHA256 and RSASHA512. [RT #20023]
1724 2725. [doc] Added information about the file "managed-keys.bind"
1725 to the ARM. [RT #20235]
1727 2724. [bug] Updates to a existing node in secure zone using NSEC
1728 were failing. [RT #20448]
1730 2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
1731 isc_base64_totext(), didn't always mark regions of
1732 memory as fully consumed after conversion. [RT #20445]
1734 2722. [bug] Ensure that the memory associated with the name of
1735 a node in a rbt tree is not altered during the life
1736 of the node. [RT #20431]
1738 2721. [port] Have dst__entropy_status() prime the random number
1739 generator. [RT #20369]
1741 2720. [bug] RFC 5011 trust anchor updates could trigger an
1742 assert if the DNSKEY record was unsigned. [RT #20406]
1744 2719. [func] Skip trusted/managed keys for unsupported algorithms.
1747 2718. [bug] The space calculations in opensslrsa_todns() were
1748 incorrect. [RT #20394]
1750 2717. [bug] named failed to update the NSEC/NSEC3 record when
1751 the last private type record was removed as a result
1752 of completing the signing the zone with a key.
1755 2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]
1757 --- 9.7.0b1 released ---
1759 2715. [bug] Require OpenSSL support to be explicitly disabled.
1762 2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
1765 2713. [bug] powerpc: atomic operations missing asm("ics") /
1768 2712. [func] New 'auto-dnssec' zone option allows zone signing
1769 to be fully automated in zones configured for
1770 dynamic DNS. 'auto-dnssec allow;' permits a zone
1771 to be signed by creating keys for it in the
1772 key-directory and using 'rndc sign <zone>'.
1773 'auto-dnssec maintain;' allows that too, plus it
1774 also keeps the zone's DNSSEC keys up to date
1775 according to their timing metadata. [RT #19943]
1777 2711. [port] win32: Add the bin/pkcs11 tools into the full
1780 2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only'
1781 zone option cause a zone to be signed with only KSKs
1782 signing the DNSKEY RRset, not ZSKs. This reduces
1783 the size of a DNSKEY answer. [RT #20340]
1785 2709. [func] Added some data fields, currently unused, to the
1786 private key file format, to allow implementation
1787 of explicit key rollover in a future release
1788 without impairing backward or forward compatibility.
1791 2708. [func] Insecure to secure and NSEC3 parameter changes via
1792 update are now fully supported and no longer require
1793 defines to enable. We now no longer overload the
1794 NSEC3PARAM flag field, nor the NSEC OPT bit at the
1795 apex. Secure to insecure changes are controlled by
1796 by the named.conf option 'secure-to-insecure'.
1798 Warning: If you had previously enabled support by
1799 adding defines at compile time to BIND 9.6 you should
1800 ensure that all changes that are in progress have
1801 completed prior to upgrading to BIND 9.7. BIND 9.7
1802 is not backwards compatible.
1804 2707. [func] dnssec-keyfromlabel no longer require engine name
1805 to be specified in the label if there is a default
1806 engine or the -E option has been used. Also, it
1807 now uses default algorithms as dnssec-keygen does
1808 (i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
1811 2706. [bug] Loading a zone with a very large NSEC3 salt could
1812 trigger an assert. [RT #20368]
1816 2704. [bug] Serial of dynamic and stub zones could be inconsistent
1817 with their SOA serial. [RT #19387]
1819 2703. [func] Introduce an OpenSSL "engine" argument with -E
1820 for all binaries which can take benefit of
1821 crypto hardware. [RT #20230]
1823 2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
1825 2701. [doc] Correction to ARM: hmac-md5 is no longer the only
1826 supported TSIG key algorithm. [RT #18046]
1828 2700. [doc] The match-mapped-addresses option is discouraged.
1831 2699. [bug] Missing lock in rbtdb.c. [RT #20037]
1835 2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
1836 S_IFREG are defined after including <isc/stat.h>.
1839 2696. [bug] named failed to successfully process some valid
1840 acl constructs. [RT #20308]
1842 2695. [func] DHCP/DDNS - update fdwatch code for use by
1843 DHCP. Modify the api to isc_sockfdwatch_t (the
1844 callback functon for isc_socket_fdwatchcreate)
1845 to include information about the direction (read
1846 or write) and add isc_socket_fdwatchpoke.
1849 2694. [bug] Reduce default NSEC3 iterations from 100 to 10.
1852 2693. [port] Add some noreturn attributes. [RT #20257]
1854 2692. [port] win32: 32/64 bit cleanups. [RT #20335]
1856 2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3
1857 chain when re-signing a previously-signed zone.
1858 Use -u to modify NSEC3 parameters or switch
1859 between NSEC and NSEC3. [RT #20304]
1861 2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
1864 2689. [bug] Correctly handle snprintf result. [RT #20306]
1866 2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
1867 to decide to fetch the destination address. [RT #20305]
1869 2687. [bug] Fixed dnssec-signzone -S handling of revoked keys.
1870 Also, added warnings when revoking a ZSK, as this is
1871 not defined by protocol (but is legal). [RT #19943]
1873 2686. [bug] dnssec-signzone should clean the old NSEC chain when
1874 signing with NSEC3 and vice versa. [RT #20301]
1876 2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
1878 2684. [cleanup] dig: formalize +ad and +cd as synonyms for
1879 +adflag and +cdflag. [RT #19305]
1881 2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
1882 the NSEC3 parameters used to sign the zone change.
1885 2682. [bug] "configure --enable-symtable=all" failed to
1888 2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
1889 decoded. [RT #20269]
1891 2680. [func] Move contrib/pkcs11-keygen to bin/pkcs11. [RT #20067]
1893 2679. [func] dig -k can now accept TSIG keys in named.conf
1896 2678. [func] Treat DS queries as if "minimal-response yes;"
1897 was set. [RT #20258]
1899 2677. [func] Changes to key metadata behavior:
1900 - Keys without "publish" or "active" dates set will
1901 no longer be used for smart signing. However,
1902 those dates will be set to "now" by default when
1903 a key is created; to generate a key but not use
1904 it yet, use dnssec-keygen -G.
1905 - New "inactive" date (dnssec-keygen/settime -I)
1906 sets the time when a key is no longer used for
1907 signing but is still published.
1908 - The "unpublished" date (-U) is deprecated in
1909 favour of "deleted" (-D).
1912 2676. [bug] --with-export-installdir should have been
1913 --with-export-includedir. [RT #20252]
1915 2675. [bug] dnssec-signzone could crash if the key directory
1916 did not exist. [RT #20232]
1918 --- 9.7.0a3 released ---
1920 2674. [bug] "dnssec-lookaside auto;" crashed if named was built
1921 without openssl. [RT #20231]
1923 2673. [bug] The managed-keys.bind zone file could fail to
1924 load due to a spurious result from sync_keyzone()
1927 2672. [bug] Don't enable searching in 'host' when doing reverse
1928 lookups. [RT #20218]
1930 2671. [bug] Add support for PKCS#11 providers not returning
1931 the public exponent in RSA private keys
1932 (OpenCryptoki for instance) in
1933 dnssec-keyfromlabel. [RT #19294]
1935 2670. [bug] Unexpected connect failures failed to log enough
1936 information to be useful. [RT #20205]
1938 2669. [func] Update PKCS#11 support to support Keyper HSM.
1939 Update PKCS#11 patch to be against openssl-0.9.8i.
1941 2668. [func] Several improvements to dnssec-* tools, including:
1942 - dnssec-keygen and dnssec-settime can now set key
1943 metadata fields 0 (to unset a value, use "none")
1944 - dnssec-revoke sets the revocation date in
1945 addition to the revoke bit
1946 - dnssec-settime can now print individual metadata
1947 fields instead of always printing all of them,
1948 and can print them in unix epoch time format for
1952 2667. [func] Add support for logging stack backtrace on assertion
1953 failure (not available for all platforms). [RT #19780]
1955 2666. [func] Added an 'options' argument to dns_name_fromstring()
1956 (API change from 9.7.0a2). [RT #20196]
1958 2665. [func] Clarify syntax for managed-keys {} statement, add
1959 ARM documentation about RFC 5011 support. [RT #19874]
1961 2664. [bug] create_keydata() and minimal_update() in zone.c
1962 didn't properly check return values for some
1963 functions. [RT #19956]
1965 2663. [func] win32: allow named to run as a service using
1966 "NT AUTHORITY\LocalService" as the account. [RT #19977]
1968 2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
1969 returned a misleading error code when lwresd was
1972 2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
1973 creating lwres context. [RT #20029]
1975 2660. [func] Add a new set of DNS libraries for non-BIND9
1976 applications. See README.libdns. [RT #19369]
1978 2659. [doc] Clarify dnssec-keygen doc: key name must match zone
1979 name for DNSSEC keys. [RT #19938]
1981 2658. [bug] dnssec-settime and dnssec-revoke didn't process
1982 key file paths correctly. [RT #20078]
1984 2657. [cleanup] Lower "journal file <path> does not exist, creating it"
1985 log level to debug 1. [RT #20058]
1987 2656. [func] win32: add a "tools only" check box to the installer
1988 which causes it to only install dig, host, nslookup,
1989 nsupdate and relevant DLLs. [RT #19998]
1991 2655. [doc] Document that key-directory does not affect
1992 bind.keys, rndc.key or session.key. [RT #20155]
1994 2654. [bug] Improve error reporting on duplicated names for
1995 deny-answer-xxx. [RT #20164]
1997 2653. [bug] Treat ENGINE_load_private_key() failures as key
1998 not found rather than out of memory. [RT #18033]
2000 2652. [func] Provide more detail about what record is being
2001 deleted. [RT #20061]
2003 2651. [bug] Dates could print incorrectly in K*.key files on
2004 64-bit systems. [RT #20076]
2006 2650. [bug] Assertion failure in dnssec-signzone when trying
2007 to read keyset-* files. [RT #20075]
2009 2649. [bug] Set the domain for forward only zones. [RT #19944]
2011 2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
2013 2647. [bug] Remove unnecessary SOA updates when a new KSK is
2016 2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2018 2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
2019 which default to 64 bits. [RT #19927]
2021 --- 9.7.0a2 released ---
2023 2644. [bug] Change #2628 caused a regression on some systems;
2024 named was unable to write the PID file and would
2025 fail on startup. [RT #20001]
2027 2643. [bug] Stub zones interacted badly with NSEC3 support.
2030 2642. [bug] nsupdate could dump core on solaris when reading
2031 improperly formatted key files. [RT #20015]
2033 2641. [bug] Fixed an error in parsing update-policy syntax,
2034 added a regression test to check it. [RT #20007]
2036 2640. [security] A specially crafted update packet will cause named
2037 to exit. [RT #20000]
2039 2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
2041 2638. [bug] Install arpaname. [RT #19957]
2043 2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
2046 2636. [func] Simplify zone signing and key maintenance with the
2047 dnssec-* tools. Major changes:
2048 - all dnssec-* tools now take a -K option to
2049 specify a directory in which key files will be
2051 - DNSSEC can now store metadata indicating when
2052 they are scheduled to be published, activated,
2053 revoked or removed; these values can be set by
2054 dnssec-keygen or overwritten by the new
2055 dnssec-settime command
2056 - dnssec-signzone -S (for "smart") option reads key
2057 metadata and uses it to determine automatically
2058 which keys to publish to the zone, use for
2059 signing, revoke, or remove from the zone
2062 2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
2065 2634. [port] win32: Add support for libxml2, enable
2066 statschannel. [RT #19773]
2068 2633. [bug] Handle 15 bit rand() functions. [RT #19783]
2070 2632. [func] util/kit.sh: warn if documentation appears to be out of
2073 2631. [bug] Handle "//", "/./" and "/../" in mkdirpath().
2076 2630. [func] Improved syntax for DDNS autoconfiguration: use
2077 "update-policy local;" to switch on local DDNS in a
2078 zone. (The "ddns-autoconf" option has been removed.)
2081 2629. [port] Check for seteuid()/setegid(), use setresuid()/
2082 setresgid() if not present. [RT #19932]
2084 2628. [port] linux: Allow /var/run/named/named.pid to be opened
2085 at startup with reduced capabilities in operation.
2088 2627. [bug] Named aborted if the same key was included in
2089 trusted-keys more than once. [RT #19918]
2091 2626. [bug] Multiple trusted-keys could trigger an assertion
2092 failure. [RT #19914]
2094 2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
2096 2624. [func] 'named-checkconf -p' will print out the parsed
2097 configuration. [RT #18871]
2099 2623. [bug] Named started searches for DS non-optimally. [RT #19915]
2101 2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
2103 2621. [doc] Made copyright boilerplate consistent. [RT #19833]
2105 2620. [bug] Delay thawing the zone until the reload of it has
2106 completed successfully. [RT #19750]
2108 2619. [func] Add support for RFC 5011, automatic trust anchor
2109 maintenance. The new "managed-keys" statement can
2110 be used in place of "trusted-keys" for zones which
2111 support this protocol. (Note: this syntax is
2112 expected to change prior to 9.7.0 final.) [RT #19248]
2114 2618. [bug] The sdb and sdlz db_interator_seek() methods could
2115 loop infinitely. [RT #19847]
2117 2617. [bug] ifconfig.sh failed to emit an error message when
2118 run from the wrong location. [RT #19375]
2120 2616. [bug] 'host' used the nameservers from resolv.conf even
2121 when a explicit nameserver was specified. [RT #19852]
2123 2615. [bug] "__attribute__((unused))" was in the wrong place
2124 for ia64 gcc builds. [RT #19854]
2126 2614. [port] win32: 'named -v' should automatically be executed
2127 in the foreground. [RT #19844]
2131 --- 9.7.0a1 released ---
2133 2612. [func] Add default values for the arguments to
2134 dnssec-keygen. Without arguments, it will now
2135 generate a 1024-bit RSASHA1 zone-signing key,
2136 or with the -f KSK option, a 2048-bit RSASHA1
2137 key-signing key. [RT #19300]
2139 2611. [func] Add -l option to dnssec-dsfromkey to generate
2140 DLV records instead of DS records. [RT #19300]
2142 2610. [port] sunos: Change #2363 was not complete. [RT #19796]
2144 2609. [func] Simplify the configuration of dynamic zones:
2145 - add ddns-confgen command to generate
2146 configuration text for named.conf
2147 - add zone option "ddns-autoconf yes;", which
2148 causes named to generate a TSIG session key
2149 and allow updates to the zone using that key
2150 - add '-l' (localhost) option to nsupdate, which
2151 causes nsupdate to connect to a locally-running
2152 named process using the session key generated
2156 2608. [func] Perform post signing verification checks in
2157 dnssec-signzone. These can be disabled with -P.
2159 The post sign verification test ensures that for each
2160 algorithm in use there is at least one non revoked
2161 self signed KSK key. That all revoked KSK keys are
2162 self signed. That all records in the zone are signed
2163 by the algorithm. [RT #19653]
2165 2607. [bug] named could incorrectly delete NSEC3 records for
2166 empty nodes when processing a update request.
2169 2606. [bug] "delegation-only" was not being accepted in
2170 delegation-only type zones. [RT #19717]
2172 2605. [bug] Accept DS responses from delegation only zones.
2175 2604. [func] Add support for DNS rebinding attack prevention through
2176 new options, deny-answer-addresses and
2177 deny-answer-aliases. Based on contributed code from
2178 JD Nurmi, Google. [RT #18192]
2180 2603. [port] win32: handle .exe extension of named-checkzone and
2181 named-comilezone argv[0] names under windows.
2184 2602. [port] win32: fix debugging command line build of libisccfg.
2187 2601. [doc] Mention file creation mode mask in the
2190 2600. [doc] ARM: miscellaneous reformatting for different
2191 page widths. [RT #19574]
2193 2599. [bug] Address rapid memory growth when validation fails.
2196 2598. [func] Reserve the -F flag. [RT #19657]
2198 2597. [bug] Handle a validation failure with a insecure delegation
2199 from a NSEC3 signed master/slave zone. [RT #19464]
2201 2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
2202 long, leading to inefficient memory usage or rejecting
2203 newer cache entries in the worst case. [RT #19563]
2205 2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
2207 2594. [func] Have rndc warn if using its default configuration
2208 file when the key file also exists. [RT #19424]
2210 2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
2212 2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
2214 2591. [bug] named could die when processing a update in
2215 removed_orphaned_ds(). [RT #19507]
2217 2590. [func] Report zone/class of "update with no effect".
2220 2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
2223 2588. [bug] SO_REUSEADDR could be set unconditionally after failure
2224 of bind(2) call. This should be rare and mostly
2225 harmless, but may cause interference with other
2226 processes that happen to use the same port. [RT #19642]
2228 2587. [func] Improve logging by reporting serial numbers for
2229 when zone serial has gone backwards or unchanged.
2232 2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
2235 2585. [bug] Uninitialized socket name could be referenced via a
2236 statistics channel, triggering an assertion failure in
2237 XML rendering. [RT #19427]
2239 2584. [bug] alpha: gcc optimization could break atomic operations.
2242 2583. [port] netbsd: provide a control to not add the compile
2243 date to the version string, -DNO_VERSION_DATE.
2245 2582. [bug] Don't emit warning log message when we attempt to
2246 remove non-existent journal. [RT #19516]
2248 2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
2249 Requires MySQL 5.0.19 or later. [RT #19084]
2251 2580. [bug] UpdateRej statistics counter could be incremented twice
2252 for one rejection. [RT #19476]
2254 2579. [bug] DNSSEC lookaside validation failed to handle unknown
2255 algorithms. [RT #19479]
2257 2578. [bug] Changed default sig-signing-type to 65534, because
2258 65535 turns out to be reserved. [RT #19477]
2260 2577. [doc] Clarified some statistics counters. [RT #19454]
2262 2576. [bug] NSEC record were not being correctly signed when
2263 a zone transitions from insecure to secure.
2264 Handle such incorrectly signed zones. [RT #19114]
2266 2575. [func] New functions dns_name_fromstring() and
2267 dns_name_tostring(), to simplify conversion
2268 of a string to a dns_name structure and vice
2271 2574. [doc] Document nsupdate -g and -o. [RT #19351]
2273 2573. [bug] Replacing a non-CNAME record with a CNAME record in a
2274 single transaction in a signed zone failed. [RT #19397]
2276 2572. [func] Simplify DLV configuration, with a new option
2277 "dnssec-lookaside auto;" This is the equivalent
2278 of "dnssec-lookaside . trust-anchor dlv.isc.org;"
2279 plus setting a trusted-key for dlv.isc.org.
2281 Note: The trusted key is hard-coded into named,
2282 but is also stored in (and can be overridden
2283 by) $sysconfdir/bind.keys. As the ISC DLV key
2284 rolls over it can be kept up to date by replacing
2285 the bind.keys file with a key downloaded from
2286 https://www.isc.org/solutions/dlv. [RT #18685]
2288 2571. [func] Add a new tool "arpaname" which translates IP addresses
2289 to the corresponding IN-ADDR.ARPA or IP6.ARPA name.
2292 2570. [func] Log the destination address the query was sent to.
2295 2569. [func] Move journalprint, nsec3hash, and genrandom
2296 commands from bin/tests into bin/tools;
2297 "make install" will put them in $sbindir. [RT #19301]
2299 2568. [bug] Report when the write to indicate a otherwise
2300 successful start fails. [RT #19360]
2302 2567. [bug] dst__privstruct_writefile() could miss write errors.
2303 write_public_key() could miss write errors.
2304 dnssec-dsfromkey could miss write errors.
2307 2566. [cleanup] Clarify logged message when an insecure DNSSEC
2308 response arrives from a zone thought to be secure:
2309 "insecurity proof failed" instead of "not
2310 insecure". [RT #19400]
2312 2565. [func] Add support for HIP record. Includes new functions
2313 dns_rdata_hip_first(), dns_rdata_hip_next()
2314 and dns_rdata_hip_current(). [RT #19384]
2316 2564. [bug] Only take EDNS fallback steps when processing timeouts.
2319 2563. [bug] Dig could leak a socket causing it to wait forever
2320 to exit. [RT #19359]
2322 2562. [doc] ARM: miscellaneous improvements, reorganization,
2323 and some new content.
2325 2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2327 2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
2329 2559. [bug] dnssec-dsfromkey could compute bad DS records when
2330 reading from a K* files. [RT #19357]
2332 2558. [func] Set the ownership of missing directories created
2333 for pid-file if -u has been specified on the command
2336 2557. [cleanup] PCI compliance:
2337 * new libisc log module file
2338 * isc_dir_chroot() now also changes the working
2340 * additional INSISTs
2341 * additional logging when files can't be removed.
2343 2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
2344 error checks in the correct order resulting in the
2345 wrong error code sometimes being returned. [RT #19249]
2347 2555. [func] dig: when emitting a hex dump also display the
2348 corresponding characters. [RT #19258]
2350 2554. [bug] Validation of uppercase queries from NSEC3 zones could
2353 2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
2355 2552. [bug] zero-no-soa-ttl-cache was not being honoured.
2358 2551. [bug] Potential Reference leak on return. [RT #19341]
2360 2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
2363 2549. [port] linux: define NR_OPEN if not currently defined.
2366 2548. [bug] Install iterated_hash.h. [RT #19335]
2368 2547. [bug] openssl_link.c:mem_realloc() could reference an
2369 out-of-range area of the source buffer. New public
2370 function isc_mem_reallocate() was introduced to address
2371 this bug. [RT #19313]
2373 2546. [func] Add --enable-openssl-hash configure flag to use
2374 OpenSSL (in place of internal routine) for hash
2375 functions (MD5, SHA[12] and HMAC). [RT #18815]
2377 2545. [doc] ARM: Legal hostname checking (check-names) is
2378 for SRV RDATA too. [RT #19304]
2380 2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2382 2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2384 2542. [doc] Update the description of dig +adflag. [RT #19290]
2386 2541. [bug] Conditionally update dispatch manager statistics.
2389 2540. [func] Add a nibble mode to $GENERATE. [RT #18872]
2391 2539. [security] Update the interaction between recursion, allow-query,
2392 allow-query-cache and allow-recursion. [RT #19198]
2394 2538. [bug] cache/ADB memory could grow over max-cache-size,
2395 especially with threads and smaller max-cache-size
2398 2537. [func] Added more statistics counters including those on socket
2399 I/O events and query RTT histograms. [RT #18802]
2401 2536. [cleanup] Silence some warnings when -Werror=format-security is
2402 specified. [RT #19083]
2404 2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
2406 2534. [func] Check NAPTR records regular expressions and
2407 replacement strings to ensure they are syntactically
2408 valid and consistant. [RT #18168]
2410 2533. [doc] ARM: document @ (at-sign). [RT #17144]
2412 2532. [bug] dig: check the question section of the response to
2413 see if it matches the asked question. [RT #18495]
2415 2531. [bug] Change #2207 was incomplete. [RT #19098]
2417 2530. [bug] named failed to reject insecure to secure transitions
2418 via UPDATE. [RT #19101]
2420 2529. [cleanup] Upgrade libtool to silence complaints from recent
2421 version of autoconf. [RT #18657]
2423 2528. [cleanup] Silence spurious configure warning about
2424 --datarootdir [RT #19096]
2428 2526. [func] New named option "attach-cache" that allows multiple
2429 views to share a single cache to save memory and
2430 improve lookup efficiency. Based on contributed code
2431 from Barclay Osborn, Google. [RT #18905]
2433 2525. [func] New logging category "query-errors" to provide detailed
2434 internal information about query failures, especially
2435 about server failures. [RT #19027]
2437 2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
2439 2523. [bug] Random type rdata freed by dns_nsec_typepresent().
2442 2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
2444 2521. [bug] Improve epoll cross compilation support. [RT #19047]
2446 2520. [bug] Update xml statistics version number to 2.0 as change
2447 #2388 made the schema incompatible to the previous
2448 version. [RT #19080]
2450 2519. [bug] dig/host with -4 or -6 didn't work if more than two
2451 nameserver addresses of the excluded address family
2452 preceded in resolv.conf. [RT #19081]
2454 2518. [func] Add support for the new CERT types from RFC 4398.
2457 2517. [bug] dig +trace with -4 or -6 failed when it chose a
2458 nameserver address of the excluded address type.
2461 2516. [bug] glue sort for responses was performed even when not
2464 2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
2467 2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
2468 a nameserver of the excluded address family.
2471 2513. [bug] Fix windows cli build. [RT #19062]
2473 2512. [func] Print a summary of the cached records which make up
2474 the negative response. [RT #18885]
2476 2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
2479 2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
2482 2509. [bug] Specifying a fixed query source port was broken.
2487 2507. [func] Log the recursion quota values when killing the
2488 oldest query or refusing to recurse due to quota.
2491 2506. [port] solaris: Check at configure time if
2492 hack_shutup_pthreadonceinit is needed. [RT #19037]
2494 2505. [port] Treat amd64 similarly to x86_64 when determining
2495 atomic operation support. [RT #19031]
2497 2504. [bug] Address race condition in the socket code. [RT #18899]
2499 2503. [port] linux: improve compatibility with Linux Standard
2502 2502. [cleanup] isc_radix: Improve compliance with coding style,
2503 document function in <isc/radix.h>. [RT #18534]
2505 2501. [func] $GENERATE now supports all rdata types. Multi-field
2506 rdata types need to be quoted. See the ARM for
2507 details. [RT #18368]
2509 2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
2510 function. [RT #18582]
2512 2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
2515 --- 9.6.0rc1 released ---
2517 2498. [bug] Removed a bogus function argument used with
2518 ISC_SOCKET_USE_POLLWATCH: it could cause compiler
2519 warning or crash named with the debug 1 level
2520 of logging. [RT #18917]
2522 2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
2525 2496. [bug] Add sanity length checks to NSID option. [RT #18813]
2527 2495. [bug] Tighten RRSIG checks. [RT #18795]
2529 2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
2530 installed. [RT #18826]
2532 2493. [bug] The linux capabilities code was not correctly cleaning
2533 up after itself. [RT #18767]
2535 2492. [func] Rndc status now reports the number of cpus discovered
2536 and the number of worker threads when running
2537 multi-threaded. [RT #18273]
2539 2491. [func] Attempt to re-use a local port if we are already using
2540 the port. [RT #18548]
2542 2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
2543 is cleared when IPV6_V6ONLY is set. [RT #18785]
2545 2489. [port] solaris: Workaround Solaris's kernel bug about
2547 http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
2548 Define ISC_SOCKET_USE_POLLWATCH at build time to enable
2549 this workaround. [RT #18870]
2551 2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
2552 from keyset and .key files. [RT #18694]
2554 2487. [bug] Give TCP connections longer to complete. [RT #18675]
2556 2486. [func] The default locations for named.pid and lwresd.pid
2557 are now /var/run/named/named.pid and
2558 /var/run/lwresd/lwresd.pid respectively.
2560 This allows the owner of the containing directory
2561 to be set, for "named -u" support, and allows there
2562 to be a permanent symbolic link in the path, for
2563 "named -t" support. [RT #18306]
2565 2485. [bug] Change update's the handling of obscured RRSIG
2566 records. Not all orphaned DS records were being
2567 removed. [RT #18828]
2569 2484. [bug] It was possible to trigger a REQUIRE failure when
2570 adding NSEC3 proofs to the response in
2571 query_addwildcardproof(). [RT #18828]
2573 2483. [port] win32: chroot() is not supported. [RT #18805]
2575 2482. [port] libxml2: support versions 2.7.* in addition
2576 to 2.6.*. [RT #18806]
2578 --- 9.6.0b1 released ---
2580 2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
2581 collisions. [RT #18812]
2583 2480. [bug] named could fail to emit all the required NSEC3
2584 records. [RT #18812]
2586 2479. [bug] xfrout:covers was not properly initialized. [RT #18801]
2588 2478. [bug] 'addresses' could be used uninitialized in
2589 configure_forward(). [RT #18800]
2591 2477. [bug] dig: the global option to print the command line is
2592 +cmd not print_cmd. Update the output to reflect
2595 2476. [doc] ARM: improve documentation for max-journal-size and
2596 ixfr-from-differences. [RT #15909] [RT #18541]
2598 2475. [bug] LRU cache cleanup under overmem condition could purge
2599 particular entries more aggressively. [RT #17628]
2601 2474. [bug] ACL structures could be allocated with insufficient
2602 space, causing an array overrun. [RT #18765]
2604 2473. [port] linux: raise the limit on open files to the possible
2605 maximum value before spawning threads; 'files'
2606 specified in named.conf doesn't seem to work with
2607 threads as expected. [RT #18784]
2609 2472. [port] linux: check the number of available cpu's before
2610 calling chroot as it depends on "/proc". [RT #16923]
2612 2471. [bug] named-checkzone was not reporting missing mandatory
2613 glue when sibling checks were disabled. [RT #18768]
2615 2470. [bug] Elements of the isc_radix_node_t could be incorrectly
2616 overwritten. [RT# 18719]
2618 2469. [port] solaris: Work around Solaris's select() limitations.
2621 2468. [bug] Resolver could try unreachable servers multiple times.
2624 2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
2626 2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
2629 2465. [bug] Adb's handling of lame addresses was different
2630 for IPv4 and IPv6. [RT #18738]
2632 2464. [port] linux: check that a capability is present before
2633 trying to set it. [RT #18135]
2635 2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
2636 API and glibc hides parts of the IPv6 Advanced Socket
2637 API as a result. This is stupid as it breaks how the
2638 two halves (Basic and Advanced) of the IPv6 Socket API
2639 were designed to be used but we have to live with it.
2640 Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
2643 2462. [doc] Document -m (enable memory usage debugging)
2644 option for dig. [RT #18757]
2646 2461. [port] sunos: Change #2363 was not complete. [RT #17513]
2648 --- 9.6.0a1 released ---
2650 2460. [bug] Don't call dns_db_getnsec3parameters() on the cache.
2653 2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
2655 2458. [doc] ARM: update and correction for max-cache-size.
2658 2457. [tuning] max-cache-size is reverted to 0, the previous
2659 default. It should be safe because expired cache
2660 entries are also purged. [RT #18684]
2662 2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
2663 address, regardless of family. They now correctly
2664 distinguish IPv4 from IPv6. [RT #18559]
2666 2455. [bug] Stop metadata being transferred via axfr/ixfr.
2669 2454. [func] nsupdate: you can now set a default ttl. [RT #18317]
2671 2453. [bug] Remove NULL pointer dereference in dns_journal_print().
2674 2452. [func] Improve bin/test/journalprint. [RT #18316]
2676 2451. [port] solaris: handle runtime linking better. [RT #18356]
2678 2450. [doc] Fix lwresd docbook problem for manual page.
2683 2448. [func] Add NSEC3 support. [RT #15452]
2685 2447. [cleanup] libbind has been split out as a separate product.
2687 2446. [func] Add a new log message about build options on startup.
2688 A new command-line option '-V' for named is also
2689 provided to show this information. [RT# 18645]
2691 2445. [doc] ARM out-of-date on empty reverse zones (list includes
2692 RFC1918 address, but these are not yet compiled in).
2695 2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
2696 (clear DF) for UDP responses and requests.
2698 2443. [bug] win32: UDP connect() would not generate an event,
2699 and so connected UDP sockets would never clean up.
2700 Fix this by doing an immediate WSAConnect() rather
2701 than an io completion port type for UDP.
2703 2442. [bug] A lock could be destroyed twice. [RT# 18626]
2705 2441. [bug] isc_radix_insert() could copy radix tree nodes
2706 incompletely. [RT #18573]
2708 2440. [bug] named-checkconf used an incorrect test to determine
2709 if an ACL was set to none.
2711 2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
2714 2438. [bug] Timeouts could be logged incorrectly under win32.
2716 2437. [bug] Sockets could be closed too early, leading to
2717 inconsistent states in the socket module. [RT #18298]
2719 2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
2721 2435. [bug] Fixed an ACL memory leak affecting win32.
2723 2434. [bug] Fixed a minor error-reporting bug in
2724 lib/isc/win32/socket.c.
2726 2433. [tuning] Set initial timeout to 800ms.
2728 2432. [bug] More Windows socket handling improvements. Stop
2729 using I/O events and use IO Completion Ports
2730 throughout. Rewrite the receive path logic to make
2731 it easier to support multiple simultaneous
2732 requesters in the future. Add stricter consistency
2733 checking as a compile-time option (define
2734 ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
2736 2431. [bug] Acl processing could leak memory. [RT #18323]
2738 2430. [bug] win32: isc_interval_set() could round down to
2739 zero if the input was less than NS_INTERVAL
2740 nanoseconds. Round up instead. [RT #18549]
2742 2429. [doc] nsupdate should be in section 1 of the man pages.
2745 2428. [bug] dns_iptable_merge() mishandled merges of negative
2748 2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
2749 was set. [RT #18528]
2751 2426. [bug] libbind: inet_net_pton() can sometimes return the
2752 wrong value if excessively large net masks are
2753 supplied. [RT #18512]
2755 2425. [bug] named didn't detect unavailable query source addresses
2756 at load time. [RT #18536]
2758 2424. [port] configure now probes for a working epoll
2759 implementation. Allow the use of kqueue,
2760 epoll and /dev/poll to be selected at compile
2763 2423. [security] Randomize server selection on queries, so as to
2764 make forgery a little more difficult. Instead of
2765 always preferring the server with the lowest RTT,
2766 pick a server with RTT within the same 128
2767 millisecond band. [RT #18441]
2769 2422. [bug] Handle the special return value of a empty node as
2770 if it was a NXRRSET in the validator. [RT #18447]
2772 2421. [func] Add new command line option '-S' for named to specify
2773 the max number of sockets. [RT #18493]
2774 Use caution: this option may not work for some
2775 operating systems without rebuilding named.
2777 2420. [bug] Windows socket handling cleanup. Let the io
2778 completion event send out canceled read/write
2779 done events, which keeps us from writing to memory
2780 we no longer have ownership of. Add debugging
2781 socket_log() function. Rework TCP socket handling
2782 to not leak sockets.
2784 2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
2785 should not be used for isc_sockettype_fdwatch sockets.
2788 2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
2791 2417. [bug] Connecting UDP sockets for outgoing queries could
2792 unexpectedly fail with an 'address already in use'
2795 2416. [func] Log file descriptors that cause exceeding the
2796 internal maximum. [RT #18460]
2798 2415. [bug] 'rndc dumpdb' could trigger various assertion failures
2799 in rbtdb.c. [RT #18455]
2801 2414. [bug] A masterdump context held the database lock too long,
2802 causing various troubles such as dead lock and
2803 recursive lock acquisition. [RT #18311, #18456]
2805 2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
2807 2412. [bug] win32: address a resource leak. [RT #18374]
2809 2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
2810 for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
2811 at compilation time. [RT #18433]
2813 Note: with changes #2469 and #2421 above, there is no
2814 need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
2817 2410. [bug] Correctly delete m_versionInfo. [RT #18432]
2819 2409. [bug] Only log that we disabled EDNS processing if we were
2820 subsequently successful. [RT #18029]
2822 2408. [bug] A duplicate TCP dispatch event could be sent, which
2823 could then trigger an assertion failure in
2824 resquery_response(). [RT #18275]
2826 2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2830 2405. [cleanup] The default value for dnssec-validation was changed to
2831 "yes" in 9.5.0-P1 and all subsequent releases; this
2832 was inadvertently omitted from CHANGES at the time.
2834 2404. [port] hpux: files unlimited support.
2836 2403. [bug] TSIG context leak. [RT #18341]
2838 2402. [port] Support Solaris 2.11 and over. [RT #18362]
2840 2401. [bug] Expect to get E[MN]FILE errno internal_accept()
2841 (from accept() or fcntl() system calls). [RT #18358]
2843 2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
2848 2398. [bug] Improve file descriptor management. New,
2849 temporary, named.conf option reserved-sockets,
2850 default 512. [RT #18344]
2852 2397. [bug] gssapi_functions had too many elements. [RT #18355]
2854 2396. [bug] Don't set SO_REUSEADDR for randomized ports.
2857 2395. [port] Avoid warning and no effect from "files unlimited"
2858 on Linux when running as root. [RT #18335]
2860 2394. [bug] Default configuration options set the limit for
2861 open files to 'unlimited' as described in the
2862 documentation. [RT #18331]
2864 2393. [bug] nested acls containing keys could trigger an
2865 assertion in acl.c. [RT #18166]
2867 2392. [bug] remove 'grep -q' from acl test script, some platforms
2868 don't support it. [RT #18253]
2870 2391. [port] hpux: cover additional recvmsg() error codes.
2873 2390. [bug] dispatch.c could make a false warning on 'odd socket'.
2876 2389. [bug] Move the "working directory writable" check to after
2877 the ns_os_changeuser() call. [RT #18326]
2879 2388. [bug] Avoid using tables for layout purposes in
2880 statistics XSL [RT #18159].
2882 2387. [bug] Silence compiler warnings in lib/isc/radix.c.
2883 [RT #18147] [RT #18258]
2885 2386. [func] Add warning about too small 'open files' limit.
2888 2385. [bug] A condition variable in socket.c could leak in
2889 rare error handling [RT #17968].
2891 2384. [security] Fully randomize UDP query ports to improve
2892 forgery resilience. [RT #17949, #18098]
2894 2383. [bug] named could double queries when they resulted in
2895 SERVFAIL due to overkilling EDNS0 failure detection.
2898 2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
2901 2381. [port] dlz/mysql: support multiple install layouts for
2902 mysql. <prefix>/include/{,mysql/}mysql.h and
2903 <prefix>/lib/{,mysql/}. [RT #18152]
2905 2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
2906 proofs which, in turn, caused validation failures
2907 for insecure zones immediately below a secure zone
2908 the server was authoritative for. [RT #18112]
2910 2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
2911 TLDs and supported RRs with TTLs [RT #17972]
2913 2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
2916 2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
2918 2376. [bug] Change #2144 was not complete.
2922 2374. [bug] "blackhole" ACLs could cause named to segfault due
2923 to some uninitialized memory. [RT #18095]
2925 2373. [bug] Default values of zone ACLs were re-parsed each time a
2926 new zone was configured, causing an overconsumption
2927 of memory. [RT #18092]
2929 2372. [bug] Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
2931 2371. [doc] Add +nsid option to dig man page. [RT #18039]
2933 2370. [bug] "rndc freeze" could trigger an assertion in named
2934 when called on a nonexistent zone. [RT #18050]
2936 2369. [bug] libbind: Array bounds overrun on read in bitncmp().
2939 2368. [port] Linux: use libcap for capability management if
2940 possible. [RT# 18026]
2942 2367. [bug] Improve counting of dns_resstatscounter_retry
2945 2366. [bug] Adb shutdown race. [RT #18021]
2947 2365. [bug] Fix a bug that caused dns_acl_isany() to return
2948 spurious results. [RT #18000]
2950 2364. [bug] named could trigger a assertion when serving a
2951 malformed signed zone. [RT #17828]
2953 2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
2956 2362. [cleanup] Make "rrset-order fixed" a compile-time option.
2957 settable by "./configure --enable-fixed-rrset".
2958 Disabled by default. [RT #17977]
2960 2361. [bug] "recursion" statistics counter could be counted
2961 multiple times for a single query. [RT #17990]
2963 2360. [bug] Fix a condition where we release a database version
2964 (which may acquire a lock) while holding the lock.
2966 2359. [bug] Fix NSID bug. [RT #17942]
2968 2358. [doc] Update host's default query description. [RT #17934]
2970 2357. [port] Don't use OpenSSL's engine support in versions before
2971 OpenSSL 0.9.7f. [RT #17922]
2973 2356. [bug] Built in mutex profiler was not scalable enough.
2976 2355. [func] Extend the number statistics counters available.
2979 2354. [bug] Failed to initialize some rdatasetheader_t elements.
2982 2353. [func] Add support for Name Server ID (RFC 5001).
2983 'dig +nsid' requests NSID from server.
2984 'request-nsid yes;' causes recursive server to send
2985 NSID requests to upstream servers. Server responds
2986 to NSID requests with the string configured by
2987 'server-id' option. [RT #17091]
2989 2352. [bug] Various GSS_API fixups. [RT #17729]
2991 2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
2993 2350. [port] win32: IPv6 support. [RT #17797]
2995 2349. [func] Provide incremental re-signing support for secure
2996 dynamic zones. [RT #1091]
2998 2348. [func] Use the EVP interface to OpenSSL. Add PKCS#11 support.
2999 Documentation is in the new README.pkcs11 file.
3000 New tool, dnssec-keyfromlabel, which takes the
3001 label of a key pair in a HSM and constructs a DNS
3002 key pair for use by named and dnssec-signzone.
3005 2347. [bug] Delete now traverses the RB tree in the canonical
3008 2346. [func] Memory statistics now cover all active memory contexts
3009 in increased detail. [RT #17580]
3011 2345. [bug] named-checkconf failed to detect when forwarders
3012 were set at both the options/view level and in
3013 a root zone. [RT #17671]
3015 2344. [bug] Improve "logging{ file ...; };" documentation.
3018 2343. [bug] (Seemingly) duplicate IPv6 entries could be
3019 created in ADB. [RT #17837]
3021 2342. [func] Use getifaddrs() if available under Linux. [RT #17224]
3023 2341. [bug] libbind: add missing -I../include for off source
3024 tree builds. [RT #17606]
3026 2340. [port] openbsd: interface configuration. [RT #17700]
3028 2339. [port] tru64: support for libbind. [RT #17589]
3030 2338. [bug] check_ds() could be called with a non DS rdataset.
3033 2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
3035 2336. [func] If "named -6" is specified then listen on all IPv6
3036 interfaces if there are not listen-on-v6 clauses in
3037 named.conf. [RT #17581]
3039 2335. [port] sunos: libbind and *printf() support for long long.
3042 2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
3043 bug in fromstruct_txt(). [RT #17609]
3045 2333. [bug] Fix off by one error in isc_time_nowplusinterval().
3048 2332. [contrib] query-loc-0.4.0. [RT #17602]
3050 2331. [bug] Failure to regenerate any signatures was not being
3051 reported nor being past back to the UPDATE client.
3054 2330. [bug] Remove potential race condition when handling
3055 over memory events. [RT #17572]
3057 WARNING: API CHANGE: over memory callback
3058 function now needs to call isc_mem_waterack().
3059 See <isc/mem.h> for details.
3061 2329. [bug] Clearer help text for dig's '-x' and '-i' options.
3063 2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
3064 F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
3065 J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
3068 2327. [bug] It was possible to dereference a NULL pointer in
3069 rbtdb.c. Implement dead node processing in zones as
3070 we do for caches. [RT #17312]
3072 2326. [bug] It was possible to trigger a INSIST in the acache
3075 2325. [port] Linux: use capset() function if available. [RT #17557]
3077 2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
3079 2323. [port] tru64: namespace clash. [RT #17547]
3081 2322. [port] MacOS: work around the limitation of setrlimit()
3082 for RLIMIT_NOFILE. [RT #17526]
3086 2320. [func] Make statistics counters thread-safe for platforms
3087 that support certain atomic operations. [RT #17466]
3089 2319. [bug] Silence Coverity warnings in
3090 lib/dns/rdata/in_1/apl_42.c. [RT #17469]
3092 2318. [port] sunos fixes for libbind. [RT #17514]
3094 2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
3096 2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
3099 2315. [bug] Used incorrect address family for mapped IPv4
3100 addresses in acl.c. [RT #17519]
3102 2314. [bug] Uninitialized memory use on error path in
3103 bin/named/lwdnoop.c. [RT #17476]
3105 2313. [cleanup] Silence Coverity warnings. Handle private stacks.
3106 [RT #17447] [RT #17478]
3108 2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
3111 2311. [bug] IPv6 addresses could match IPv4 ACL entries and
3112 vice versa. [RT #17462]
3114 2310. [bug] dig, host, nslookup: flush stdout before emitting
3115 debug/fatal messages. [RT #17501]
3117 2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
3120 2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
3123 2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
3125 2306. [bug] Remove potential race from lib/dns/resolver.c.
3128 2305. [security] inet_network() buffer overflow. CVE-2008-0122.
3130 2304. [bug] Check returns from all dns_rdata_tostruct() calls.
3133 2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
3136 2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
3138 2301. [bug] Remove resource leak and fix error messages in
3139 bin/tests/system/lwresd/lwtest.c. [RT #17474]
3141 2300. [bug] Fixed failure to close open file in
3142 bin/tests/names/t_names.c. [RT #17473]
3144 2299. [bug] Remove unnecessary NULL check in
3145 bin/nsupdate/nsupdate.c. [RT #17475]
3147 2298. [bug] isc_mutex_lock() failure not caught in
3148 bin/tests/timers/t_timers.c. [RT #17468]
3150 2297. [bug] isc_entropy_createfilesource() failure not caught in
3151 bin/tests/dst/t_dst.c. [RT #17467]
3153 2296. [port] Allow docbook stylesheet location to be specified to
3154 configure. [RT #17457]
3156 2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
3159 2294. [func] Allow the experimental statistics channels to have
3160 multiple connections and ACL.
3161 Note: the stats-server and stats-server-v6 options
3162 available in the previous beta releases are replaced
3163 with the generic statistics-channels statement.
3165 2293. [func] Add ACL regression test. [RT #17375]
3167 2292. [bug] Log if the working directory is not writable.
3170 2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
3171 failure to set PR_SET_DUMPABLE. [RT #17312]
3173 2290. [bug] Let AD in the query signal that the client wants AD
3174 set in the response. [RT #17301]
3176 2289. [func] named-checkzone now reports the out-of-zone CNAME
3179 2288. [port] win32: mark service as running when we have finished
3180 loading. [RT #17441]
3182 2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
3184 2286. [func] Allow a TCP connection to be used as a weak
3185 authentication method for reverse zones.
3186 New update-policy methods tcp-self and 6to4-self.
3189 2285. [func] Test framework for client memory context management.
3192 2284. [bug] Memory leak in UPDATE prerequisite processing.
3195 2283. [bug] TSIG keys were not attaching to the memory
3196 context. TSIG keys should use the rings
3197 memory context rather than the clients memory
3198 context. [RT #17377]
3200 2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
3202 2281. [bug] Attempts to use undefined acls were not being logged.
3205 2280. [func] Allow the experimental http server to be reached
3206 over IPv6 as well as IPv4. [RT #17332]
3208 2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
3209 to protect applications from receiving spurious
3210 SIGPIPE signals when using the resolver.
3212 2278. [bug] win32: handle the case where Windows returns no
3213 search list or DNS suffix. [RT #17354]
3215 2277. [bug] Empty zone names were not correctly being caught at
3216 in the post parse checks. [RT #17357]
3218 2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
3220 2275. [func] Add support to dig to perform IXFR queries over UDP.
3223 2274. [func] Log zone transfer statistics. [RT #17336]
3225 2273. [bug] Adjust log level to WARNING when saving inconsistent
3226 stub/slave master and journal files. [RT# 17279]
3228 2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
3231 2271. [bug] Fix a memory leak in http server code [RT #17100]
3233 2270. [bug] dns_db_closeversion() version->writer could be reset
3234 before it is tested. [RT #17290]
3236 2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
3238 2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
3241 --- 9.5.0b1 released ---
3243 2267. [bug] Radix tree node_num value could be set incorrectly,
3244 causing positive ACL matches to look like negative
3247 2266. [bug] client.c:get_clientmctx() returned the same mctx
3248 once the pool of mctx's was filled. [RT #17218]
3250 2265. [bug] Test that the memory context's basic_table is non NULL
3251 before freeing. [RT #17265]
3253 2264. [bug] Server prefix length was being ignored. [RT #17308]
3255 2263. [bug] "named-checkconf -z" failed to set default value
3256 for "check-integrity". [RT #17306]
3258 2262. [bug] Error status from all but the last view could be
3261 2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
3263 2260. [bug] Reported wrong clients-per-query when increasing the
3268 --- 9.5.0a7 released ---
3270 2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
3273 2257. [bug] win32: Use the full path to vcredist_x86.exe when
3274 calling it. [RT #17222]
3276 2256. [bug] win32: Correctly register the installation location of
3277 bindevt.dll. [RT #17159]
3279 2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
3281 2254. [bug] timer.c:dispatch() failed to lock timer->lock
3282 when reading timer->idle allowing it to see
3283 intermediate values as timer->idle was reset by
3284 isc_timer_touch(). [RT #17243]
3286 2253. [func] "max-cache-size" defaults to 32M.
3287 "max-acache-size" defaults to 16M.
3289 2252. [bug] Fixed errors in sortlist code [RT #17216]
3293 2250. [func] New flag 'memstatistics' to state whether the
3294 memory statistics file should be written or not.
3295 Additionally named's -m option will cause the
3296 statistics file to be written. [RT #17113]
3298 2249. [bug] Only set Authentic Data bit if client requested
3299 DNSSEC, per RFC 3655 [RT #17175]
3301 2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
3303 2247. [doc] Sort doc/misc/options. [RT #17067]
3305 2246. [bug] Make the startup of test servers (ans.pl) more
3308 2245. [bug] Validating lack of DS records at trust anchors wasn't
3309 working. [RT #17151]
3311 2244. [func] Allow the check of nameserver names against the
3312 SOA MNAME field to be disabled by specifying
3313 'notify-to-soa yes;'. [RT #17073]
3315 2243. [func] Configuration files without a newline at the end now
3316 parse without error. [RT #17120]
3318 2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
3319 library could require a source of random data.
3322 2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
3324 2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
3325 a number of INSIST()s into plain fatal() errors
3326 which report the triggering result code.
3327 The 'key' command wasn't disabling GSS-TSIG.
3330 2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
3332 2238. [bug] It was possible to trigger a REQUIRE when a
3333 validation was canceled. [RT #17106]
3335 2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
3337 2236. [bug] dnssec-signzone failed to preserve the case of
3338 of wildcard owner names. [RT #17085]
3340 2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
3342 2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
3344 2233. [func] Add support for O(1) ACL processing, based on
3345 radix tree code originally written by Kevin
3346 Brintnall. [RT #16288]
3348 2232. [bug] dns_adb_findaddrinfo() could fail and return
3349 ISC_R_SUCCESS. [RT #17137]
3351 2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
3354 2230. [bug] We could INSIST reading a corrupted journal.
3357 2229. [bug] Null pointer dereference on query pool creation
3358 failure. [RT #17133]
3360 2228. [contrib] contrib: Change 2188 was incomplete.
3362 2227. [cleanup] Tidied up the FAQ. [RT #17121]
3366 2225. [bug] More support for systems with no IPv4 addresses.
3369 2224. [bug] Defer journal compaction if a xfrin is in progress.
3372 2223. [bug] Make a new journal when compacting. [RT #17119]
3374 2222. [func] named-checkconf now checks server key references.
3377 2221. [bug] Set the event result code to reflect the actual
3378 record turned to caller when a cache update is
3379 rejected due to a more credible answer existing.
3382 2220. [bug] win32: Address a race condition in final shutdown of
3383 the Windows socket code. [RT #17028]
3385 2219. [bug] Apply zone consistency checks to additions, not
3386 removals, when updating. [RT #17049]
3388 2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
3391 2217. [func] Adjust update log levels. [RT #17092]
3393 2216. [cleanup] Fix a number of errors reported by Coverity.
3396 2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
3398 2214. [bug] Deregister OpenSSL lock callback when cleaning
3399 up. Reorder OpenSSL cleanup so that RAND_cleanup()
3400 is called before the locks are destroyed. [RT #17098]
3402 2213. [bug] SIG0 diagnostic failure messages were looking at the
3403 wrong status code. [RT #17101]
3405 2212. [func] 'host -m' now causes memory statistics and active
3406 memory to be printed at exit. [RT 17028]
3408 2211. [func] Update "dynamic update temporarily disabled" message.
3411 2210. [bug] Deleting class specific records via UPDATE could
3414 2209. [port] osx: linking against user supplied static OpenSSL
3415 libraries failed as the system ones were still being
3418 2208. [port] win32: make sure both build methods produce the
3419 same output. [RT #17058]
3421 2207. [port] Some implementations of getaddrinfo() fail to set
3422 ai_canonname correctly. [RT #17061]
3424 --- 9.5.0a6 released ---
3426 2206. [security] "allow-query-cache" and "allow-recursion" now
3427 cross inherit from each other.
3429 If allow-query-cache is not set in named.conf then
3430 allow-recursion is used if set, otherwise allow-query
3431 is used if set, otherwise the default (localnets;
3432 localhost;) is used.
3434 If allow-recursion is not set in named.conf then
3435 allow-query-cache is used if set, otherwise allow-query
3436 is used if set, otherwise the default (localnets;
3437 localhost;) is used.
3441 2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
3443 2204. [bug] "rndc flushanme name unknown-view" caused named
3444 to crash. [RT #16984]
3446 2203. [security] Query id generation was cryptographically weak.
3449 2202. [security] The default acls for allow-query-cache and
3450 allow-recursion were not being applied. [RT #16960]
3452 2201. [bug] The build failed in a separate object directory.
3455 2200. [bug] The search for cached NSEC records was stopping to
3456 early leading to excessive DLV queries. [RT #16930]
3458 2199. [bug] win32: don't call WSAStartup() while loading dlls.
3461 2198. [bug] win32: RegCloseKey() could be called when
3462 RegOpenKeyEx() failed. [RT #16911]
3464 2197. [bug] Add INSIST to catch negative responses which are
3465 not setting the event result code appropriately.
3468 2196. [port] win32: yield processor while waiting for once to
3469 to complete. [RT #16958]
3471 2195. [func] dnssec-keygen now defaults to nametype "ZONE"
3472 when generating DNSKEYs. [RT #16954]
3474 2194. [bug] Close journal before calling 'done' in xfrin.c.
3476 --- 9.5.0a5 released ---
3478 2193. [port] win32: BINDInstall.exe is now linked statically.
3481 2192. [port] win32: use vcredist_x86.exe to install Visual
3482 Studio's redistributable dlls if building with
3483 Visual Stdio 2005 or later.
3485 2191. [func] named-checkzone now allows dumping to stdout (-).
3486 named-checkconf now has -h for help.
3487 named-checkzone now has -h for help.
3488 rndc now has -h for help.
3489 Better handling of '-?' for usage summaries.
3492 2190. [func] Make fallback to plain DNS from EDNS due to timeouts
3493 more visible. New logging category "edns-disabled".
3496 2189. [bug] Handle socket() returning EINTR. [RT #15949]
3498 2188. [contrib] queryperf: autoconf changes to make the search for
3499 libresolv or libbind more robust. [RT #16299]
3501 2187. [bug] query_addds(), query_addwildcardproof() and
3502 query_addnxrrsetnsec() should take a version
3503 argument. [RT #16368]
3505 2186. [port] cygwin: libbind: check for struct sockaddr_storage
3506 independently of IPv6. [RT #16482]
3508 2185. [port] sunos: libbind: check for ssize_t, memmove() and
3509 memchr(). [RT #16463]
3511 2184. [bug] bind9.xsl.h didn't build out of the source tree.
3514 2183. [bug] dnssec-signzone didn't handle offline private keys
3517 2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
3518 could return ISC_R_SUCCESS when they ran out of
3521 2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
3523 2180. [cleanup] Remove bit test from 'compress_test' as they
3524 are no longer needed. [RT #16497]
3526 2179. [func] 'rndc command zone' will now find 'zone' if it is
3527 unique to all the views. [RT #16821]
3529 2178. [bug] 'rndc reload' of a slave or stub zone resulted in
3530 a reference leak. [RT #16867]
3532 2177. [bug] Array bounds overrun on read (rcodetext) at
3533 debug level 10+. [RT #16798]
3535 2176. [contrib] dbus update to handle race condition during
3536 initialization (Bugzilla 235809). [RT #16842]
3538 2175. [bug] win32: windows broadcast condition variable support
3539 was broken. [RT #16592]
3541 2174. [bug] I/O errors should always be fatal when reading
3542 master files. [RT #16825]
3544 2173. [port] win32: When compiling with MSVS 2005 SP1 we also
3545 need to ship Microsoft.VC80.MFCLOC.
3547 --- 9.5.0a4 released ---
3549 2172. [bug] query_addsoa() was being called with a non zone db.
3552 2171. [bug] Handle breaks in DNSSEC trust chains where the parent
3553 servers are not DS aware (DS queries to the parent
3554 return a referral to the child).
3556 2170. [func] Add acache processing to test suite. [RT #16711]
3558 2169. [bug] host, nslookup: when reporting NXDOMAIN report the
3559 given name and not the last name searched for.
3562 2168. [bug] nsupdate: in non-interactive mode treat syntax errors
3563 as fatal errors. [RT #16785]
3565 2167. [bug] When re-using a automatic zone named failed to
3566 attach it to the new view. [RT #16786]
3568 --- 9.5.0a3 released ---
3570 2166. [bug] When running in batch mode, dig could misinterpret
3571 a server address as a name to be looked up, causing
3572 unexpected output. [RT #16743]
3574 2165. [func] Allow the destination address of a query to determine
3575 if we will answer the query or recurse.
3576 allow-query-on, allow-recursion-on and
3577 allow-query-cache-on. [RT #16291]
3579 2164. [bug] The code to determine how named-checkzone /
3580 named-compilezone was called failed under windows.
3583 2163. [bug] If only one of query-source and query-source-v6
3584 specified a port the query pools code broke (change
3587 2162. [func] Allow "rrset-order fixed" to be disabled at compile
3590 2161. [bug] Fix which log messages are emitted for 'rndc flush'.
3593 2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
3594 from getifaddrs(). [RT #16708]
3596 --- 9.5.0a2 released ---
3598 2159. [bug] Array bounds overrun in acache processing. [RT #16710]
3600 2158. [bug] ns_client_isself() failed to initialize key
3601 leading to a REQUIRE failure. [RT #16688]
3603 2157. [func] dns_db_transfernode() created. [RT #16685]
3605 2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
3606 resolver.c:validated() and resolver.c:cache_name().
3607 Fix a memory leak in rbtdb.c:free_noqname().
3608 Make lookup.c:lookup_find() robust against
3609 event leaks. [RT #16685]
3611 2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
3614 2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
3615 matched in acls by omitting the scope. [RT #16599]
3617 2153. [bug] nsupdate could leak memory. [RT #16691]
3619 2152. [cleanup] Use sizeof(buf) instead of fixed number in
3620 dighost.c:get_trusted_key(). [RT #16678]
3622 2151. [bug] Missing newline in usage message for journalprint.
3625 2150. [bug] 'rrset-order cyclic' uniformly distribute the
3626 starting point for the first response for a given
3629 2149. [bug] isc_mem_checkdestroyed() failed to abort on
3630 if there were still active memory contexts.
3633 2148. [func] Add positive logging for rndc commands. [RT #14623]
3635 2147. [bug] libbind: remove potential buffer overflow from
3636 hmac_link.c. [RT #16437]
3638 2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
3639 SO_BSDCOMPAT" message. [RT #16641]
3641 2145. [bug] Check DS/DLV digest lengths for known digests.
3644 2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
3647 2143. [bug] We failed to restart the IPv6 client when the
3648 kernel failed to return the destination the
3649 packet was sent to. [RT #16613]
3651 2142. [bug] Handle master files with a modification time that
3652 matches the epoch. [RT# 16612]
3654 2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
3655 equivalent of LDH checks). [RT #16609]
3657 2140. [bug] libbind: missing unlock on pthread_key_create()
3658 failures. [RT #16654]
3660 2139. [bug] dns_view_find() was being called with wrong type
3661 in adb.c. [RT #16670]
3663 2138. [bug] Lock order reversal in resolver.c. [RT #16653]
3665 2137. [port] Mips little endian and/or mips 64 bit are now
3666 supported for atomic operations. [RT#16648]
3668 2136. [bug] nslookup/host looped if there was no search list
3669 and the host didn't exist. [RT #16657]
3671 2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
3673 2134. [func] Additional statistics support. [RT #16666]
3675 2133. [port] powerpc: Support both IBM and MacOS Power PC
3676 assembler syntaxes. [RT #16647]
3678 2132. [bug] Missing unlock on out of memory in
3679 dns_dispatchmgr_setudp().
3681 2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
3683 2130. [func] Log if CD or DO were set. [RT #16640]
3685 2129. [func] Provide a pool of UDP sockets for queries to be
3686 made over. See use-queryport-pool, queryport-pool-ports
3687 and queryport-pool-updateinterval. [RT #16415]
3689 2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
3691 2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
3693 2126. [security] Serialize validation of type ANY responses. [RT #16555]
3695 2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
3696 was defined. [RT #16574]
3698 2124. [security] It was possible to dereference a freed fetch
3699 context. [RT #16584]
3701 --- 9.5.0a1 released ---
3703 2123. [func] Use Doxygen to generate internal documentation.
3706 2122. [func] Experimental http server and statistics support
3709 2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
3710 second timeout. [RT #16553]
3712 2120. [doc] Fix markup on nsupdate man page. [RT #16556]
3714 2119. [compat] libbind: allow res_init() to succeed enough to
3715 return the default domain even if it was unable
3718 2118. [bug] Handle response with long chains of domain name
3719 compression pointers which point to other compression
3720 pointers. [RT #16427]
3722 2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
3723 which could lead to validation failures. named didn't
3724 handle negative DS responses that were in the process
3725 of being validated. Check CNAME bit before accepting
3726 NODATA proof. To be able to ignore a child NSEC there
3727 must be SOA (and NS) set in the bitmap. [RT #16399]
3729 2116. [bug] 'rndc reload' could cause the cache to continually
3730 be cleaned. [RT #16401]
3732 2115. [bug] 'rndc reconfig' could trigger a INSIST if the
3733 number of masters for a zone was reduced. [RT #16444]
3735 2114. [bug] dig/host/nslookup: searches for names with multiple
3736 labels were failing. [RT #16447]
3738 2113. [bug] nsupdate: if a zone is specified it should be used
3739 for server discover. [RT# 16455]
3741 2112. [security] Warn if weak RSA exponent is used. [RT #16460]
3743 2111. [bug] Fix a number of errors reported by Coverity.
3746 2110. [bug] "minimal-responses yes;" interacted badly with BIND 8
3747 priming queries. [RT #16491]
3749 2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
3751 2108. [func] DHCID support. [RT #16456]
3753 2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
3755 2106. [func] 'rndc status' now reports named's version. [RT #16426]
3757 2105. [func] GSS-TSIG support (RFC 3645).
3759 2104. [port] Fix Solaris SMF error message.
3761 2103. [port] Add /usr/sfw to list of locations for OpenSSL
3764 2102. [port] Silence Solaris 10 warnings.
3766 2101. [bug] OpenSSL version checks were not quite right.
3769 2100. [port] win32: copy libeay32.dll to Build\Debug.
3770 Copy Debug\named-checkzone to Debug\named-compilezone.
3772 2099. [port] win32: more manifest issues.
3774 2098. [bug] Race in rbtdb.c:no_references(), which occasionally
3775 triggered an INSIST failure about the node lock
3776 reference. [RT #16411]
3778 2097. [bug] named could reference a destroyed memory context
3779 after being reloaded / reconfigured. [RT #16428]
3781 2096. [bug] libbind: handle applications that fail to detect
3782 res_init() failures better.
3784 2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
3785 net_cidr_ntop_ipv6(). [RT #16388]
3787 2094. [contrib] Update named-bootconf. [RT# 16404]
3789 2093. [bug] named-checkzone -s was broken.
3791 2092. [bug] win32: dig, host, nslookup. Use registry config
3792 if resolv.conf does not exist or no nameservers
3795 2091. [port] dighost.c: race condition on cleanup. [RT #16417]
3797 2090. [port] win32: Visual C++ 2005 command line manifest support.
3800 2089. [security] Raise the minimum safe OpenSSL versions to
3801 OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
3802 prior to these have known security flaws which
3803 are (potentially) exploitable in named. [RT #16391]
3805 2088. [security] Change the default RSA exponent from 3 to 65537.
3808 2087. [port] libisc failed to compile on OS's w/o a vsnprintf.
3811 2086. [port] libbind: FreeBSD now has get*by*_r() functions.
3814 2085. [doc] win32: added index.html and README to zip. [RT #16201]
3816 2084. [contrib] dbus update for 9.3.3rc2.
3818 2083. [port] win32: Visual C++ 2005 support.
3820 2082. [doc] Document 'cache-file' as a test only option.
3822 2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
3825 2080. [port] libbind: res_init.c did not compile on older versions
3826 of Solaris. [RT #16363]
3828 2079. [bug] The lame cache was not handling multiple types
3829 correctly. [RT #16361]
3831 2078. [bug] dnssec-checkzone output style "default" was badly
3832 named. It is now called "relative". [RT #16326]
3834 2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the
3835 complete signed zone. [RT #16326]
3837 2076. [bug] Several files were missing #include <config.h>
3838 causing build failures on OSF. [RT #16341]
3840 2075. [bug] The spillat timer event hander could leak memory.
3843 2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
3844 dns_request_createraw2() and dns_request_createraw3()
3845 failed to send multiple UDP requests. [RT #16349]
3847 2073. [bug] Incorrect semantics check for update policy "wildcard".
3850 2072. [bug] We were not generating valid HMAC SHA digests.
3853 2071. [port] Test whether gcc accepts -fno-strict-aliasing.
3856 2070. [bug] The remote address was not always displayed when
3857 reporting dispatch failures. [RT #16315]
3859 2069. [bug] Cross compiling was not working. [RT #16330]
3861 2068. [cleanup] Lower incremental tuning message to debug 1.
3864 2067. [bug] 'rndc' could close the socket too early triggering
3865 a INSIST under Windows. [RT #16317]
3867 2066. [security] Handle SIG queries gracefully. [RT #16300]
3869 2065. [bug] libbind: probe for HPUX prototypes for
3870 endprotoent_r() and endservent_r(). [RT 16313]
3872 2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
3874 2063. [bug] Change #1955 introduced a bug which caused the first
3875 'rndc flush' call to not free memory. [RT #16244]
3877 2062. [bug] 'dig +nssearch' was reusing a buffer before it had
3878 been returned by the socket code. [RT #16307]
3880 2061. [bug] Accept expired wildcard message reversed. [RT #16296]
3882 2060. [bug] Enabling DLZ support could leave views partially
3883 configured. [RT #16295]
3885 2059. [bug] Search into cache rbtdb could trigger an INSIST
3886 failure while cleaning up a stale rdataset.
3889 2058. [bug] Adjust how we calculate rtt estimates in the presence
3890 of authoritative servers that drop EDNS and/or CD
3891 requests. Also fallback to EDNS/512 and plain DNS
3892 faster for zones with less than 3 servers. [RT #16187]
3894 2057. [bug] Make setting "ra" dependent on both allow-query-cache
3895 and allow-recursion. [RT #16290]
3897 2056. [bug] dig: ixfr= was not being treated case insensitively
3898 at all times. [RT #15955]
3900 2055. [bug] Missing goto after dropping multicast query.
3903 2054. [port] freebsd: do not explicitly link against -lpthread.
3906 2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
3908 2052. [bug] 'rndc' improve connect failed message to report
3909 the failing address. [RT #15978]
3911 2051. [port] More strtol() fixes. [RT #16249]
3913 2050. [bug] Parsing of NSAP records was not case insensitive.
3916 2049. [bug] Restore SOA before AXFR when falling back from
3917 a attempted IXFR when transferring in a zone.
3918 Allow a initial SOA query before attempting
3919 a AXFR to be requested. [RT #16156]
3921 2048. [bug] It was possible to loop forever when using
3922 avoid-v4-udp-ports / avoid-v6-udp-ports when
3923 the OS always returned the same local port.
3926 2047. [bug] Failed to initialize the interface flags to zero.
3929 2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
3930 cleanup [RT #16247].
3932 2045. [func] Use lock buckets for acache entries to limit memory
3933 consumption. [RT #16183]
3935 2044. [port] Add support for atomic operations for Itanium.
3938 2043. [port] nsupdate/nslookup: Force the flushing of the prompt
3939 for interactive sessions. [RT#16148]
3941 2042. [bug] named-checkconf was incorrectly rejecting the
3942 logging category "config". [RT #16117]
3944 2041. [bug] "configure --with-dlz-bdb=yes" produced a bad
3945 set of libraries to be linked. [RT #16129]
3947 2040. [bug] rbtdb no_references() could trigger an INSIST
3948 failure with --enable-atomic. [RT #16022]
3950 2039. [func] Check that all buffers passed to the socket code
3951 have been retrieved when the socket event is freed.
3954 2038. [bug] dig/nslookup/host was unlinking from wrong list
3955 when handling errors. [RT #16122]
3957 2037. [func] When unlinking the first or last element in a list
3958 check that the list head points to the element to
3959 be unlinked. [RT #15959]
3961 2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
3964 2035. [func] Make falling back to TCP on UDP refresh failure
3965 optional. Default "try-tcp-refresh yes;" for BIND 8
3966 compatibility. [RT #16123]
3968 2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
3970 2033. [bug] We weren't creating multiple client memory contexts
3971 on demand as expected. [RT #16095]
3973 2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
3975 2031. [bug] Emit a error message when "rndc refresh" is called on
3976 a non slave/stub zone. [RT # 16073]
3978 2030. [bug] We were being overly conservative when disabling
3979 openssl engine support. [RT #16030]
3981 2029. [bug] host printed out the server multiple times when
3982 specified on the command line. [RT #15992]
3984 2028. [port] linux: socket.c compatibility for old systems.
3987 2027. [port] libbind: Solaris x86 support. [RT #16020]
3989 2026. [bug] Rate limit the two recursive client exceeded messages.
3992 2025. [func] Update "zone serial unchanged" message. [RT #16026]
3994 2024. [bug] named emitted spurious "zone serial unchanged"
3995 messages on reload. [RT #16027]
3997 2023. [bug] "make install" should create ${localstatedir}/run and
3998 ${sysconfdir} if they do not exist. [RT #16033]
4000 2022. [bug] If dnssec validation is disabled only assert CD if
4001 CD was requested. [RT #16037]
4003 2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037]
4005 2020. [bug] rdataset_setadditional() could leak memory. [RT #16034]
4007 2019. [tuning] Reduce the amount of work performed per quantum
4008 when cleaning the cache. [RT #15986]
4010 2018. [bug] Checking if the HMAC MD5 private file was broken.
4013 2017. [bug] allow-query default was not correct. [RT #15946]
4015 2016. [bug] Return a partial answer if recursion is not
4016 allowed but requested and we had the answer
4017 to the original qname. [RT #15945]
4019 2015. [cleanup] use-additional-cache is now acache-enable for
4020 consistency. Default acache-enable off in BIND 9.4
4021 as it requires memory usage to be configured.
4022 It may be enabled by default in BIND 9.5 once we
4023 have more experience with it.
4025 2014. [func] Statistics about acache now recorded and sent
4028 2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
4029 responses more gracefully. [RT #15941]
4031 2012. [func] Don't insert new acache entries if acache is full.
4034 2011. [func] dnssec-signzone can now update the SOA record of
4035 the signed zone, either as an increment or as the
4036 system time(). [RT #15633]
4038 2010. [placeholder] rt15958
4040 2009. [bug] libbind: Coverity fixes. [RT #15808]
4042 2008. [func] It is now possible to enable/disable DNSSEC
4043 validation from rndc. This is useful for the
4044 mobile hosts where the current connection point
4045 breaks DNSSEC (firewall/proxy). [RT #15592]
4047 rndc validation newstate [view]
4049 2007. [func] It is now possible to explicitly enable DNSSEC
4050 validation. default dnssec-validation no; to
4051 be changed to yes in 9.5.0. [RT #15674]
4053 2006. [security] Allow-query-cache and allow-recursion now default
4054 to the built in acls "localnets" and "localhost".
4056 This is being done to make caching servers less
4057 attractive as reflective amplifying targets for
4058 spoofed traffic. This still leave authoritative
4061 The best fix is for full BCP 38 deployment to
4062 remove spoofed traffic.
4064 2005. [bug] libbind: Retransmission timeouts should be
4065 based on which attempt it is to the nameserver
4066 and not the nameserver itself. [RT #13548]
4068 2004. [bug] dns_tsig_sign() could pass a NULL pointer to
4069 dst_context_destroy() when cleaning up after a
4072 2003. [bug] libbind: The DNS name/address lookup functions could
4073 occasionally follow a random pointer due to
4074 structures not being completely zeroed. [RT #15806]
4076 2002. [bug] libbind: tighten the constraints on when
4077 struct addrinfo._ai_pad exists. [RT #15783]
4079 2001. [func] Check the KSK flag when updating a secure dynamic zone.
4080 New zone option "update-check-ksk yes;". [RT #15817]
4082 2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812]
4084 1999. [func] Implement "rrset-order fixed". [RT #13662]
4086 1998. [bug] Restrict handling of fifos as sockets to just SunOS.
4087 This allows named to connect to entropy gathering
4088 daemons that use fifos instead of sockets. [RT #15840]
4090 1997. [bug] Named was failing to replace negative cache entries
4091 when a positive one for the type was learnt.
4094 1996. [bug] nsupdate: if a zone has been specified it should
4095 appear in the output of 'show'. [RT #15797]
4097 1995. [bug] 'host' was reporting multiple "is an alias" messages.
4100 1994. [port] OpenSSL 0.9.8 support. [RT #15694]
4102 1993. [bug] Log messages, via syslog, were missing the space
4103 after the timestamp if "print-time yes" was specified.
4106 1992. [bug] Not all incoming zone transfer messages included the
4109 1991. [cleanup] The configuration data, once read, should be treated
4110 as read only. Expand the use of const to enforce this
4111 at compile time. [RT #15813]
4113 1990. [bug] libbind: isc's override of broken gettimeofday()
4114 implementations was not always effective.
4117 1989. [bug] win32: don't check the service password when
4118 re-installing. [RT #15882]
4120 1988. [bug] Remove a bus error from the SHA256/SHA512 support.
4123 1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
4125 1986. [func] Report when a zone is removed. [RT #15849]
4127 1985. [protocol] DLV has now been assigned a official type code of
4130 Note: care should be taken to ensure you upgrade
4131 both named and dnssec-signzone at the same time for
4132 zones with DLV records where named is the master
4133 server for the zone. Also any zones that contain
4134 DLV records should be removed when upgrading a slave
4135 zone. You do not however have to upgrade all
4136 servers for a zone with DLV records simultaneously.
4138 1984. [func] dig, nslookup and host now advertise a 4096 byte
4139 EDNS UDP buffer size by default. [RT #15855]
4141 1983. [func] Two new update policies. "selfsub" and "selfwild".
4144 1982. [bug] DNSKEY was being accepted on the parent side of
4145 a delegation. KEY is still accepted there for
4146 RFC 3007 validated updates. [RT #15620]
4148 1981. [bug] win32: condition.c:wait() could fail to reattain
4151 1980. [func] dnssec-signzone: output the SOA record as the
4152 first record in the signed zone. [RT #15758]
4154 1979. [port] linux: allow named to drop core after changing
4155 user ids. [RT #15753]
4157 1978. [port] Handle systems which have a broken recvmsg().
4160 1977. [bug] Silence noisy log message. [RT #15704]
4162 1976. [bug] Handle systems with no IPv4 addresses. [RT #15695]
4164 1975. [bug] libbind: isc_gethexstring() could misparse multi-line
4165 hex strings with comments. [RT #15814]
4167 1974. [doc] List each of the zone types and associated zone
4168 options separately in the ARM.
4170 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
4171 HMACSHA512 support. [RT #13606]
4173 1972. [contrib] DBUS dynamic forwarders integration from
4174 Jason Vas Dias <jvdias@redhat.com>.
4176 1971. [port] linux: make detection of missing IF_NAMESIZE more
4179 1970. [bug] nsupdate: adjust UDP timeout when falling back to
4180 unsigned SOA query. [RT #15775]
4182 1969. [bug] win32: the socket code was freeing the socket
4183 structure too early. [RT #15776]
4185 1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
4187 1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
4189 1966. [bug] Don't set CD when we have fallen back to plain DNS.
4192 1965. [func] Suppress spurious "recursion requested but not
4193 available" warning with 'dig +qr'. [RT #15780].
4195 1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
4197 1963. [port] Tru64 4.0E doesn't support send() and recv().
4200 1962. [bug] Named failed to clear old update-policy when it
4201 was removed. [RT #15491]
4203 1961. [bug] Check the port and address of responses forwarded
4204 to dispatch. [RT #15474]
4206 1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
4209 1959. [func] Control the zeroing of the negative response TTL to
4210 a soa query. Defaults "zero-no-soa-ttl yes;" and
4211 "zero-no-soa-ttl-cache no;". [RT #15460]
4213 1958. [bug] Named failed to update the zone's secure state
4214 until the zone was reloaded. [RT #15412]
4216 1957. [bug] Dig mishandled responses to class ANY queries.
4219 1956. [bug] Improve cross compile support, 'gen' is now built
4220 by native compiler. See README for additional
4221 cross compile support information. [RT #15148]
4223 1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998]
4225 1954. [func] Named now falls back to advertising EDNS with a
4226 512 byte receive buffer if the initial EDNS queries
4229 1953. [func] The maximum EDNS UDP response named will send can
4230 now be set in named.conf (max-udp-size). This is
4231 independent of the advertised receive buffer
4232 (edns-udp-size). [RT #14852]
4234 1952. [port] hpux: tell the linker to build a runtime link
4235 path "-Wl,+b:". [RT #14816].
4237 1951. [security] Drop queries from particular well known ports.
4238 Don't return FORMERR to queries from particular
4239 well known ports. [RT #15636]
4241 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
4242 a TCP socket. This prevents the source address being
4243 set for TCP connections. [RT #15628]
4245 1949. [func] Addition memory leakage checks. [RT #15544]
4247 1948. [bug] If was possible to trigger a REQUIRE failure in
4248 xfrin.c:maybe_free() if named ran out of memory.
4251 1947. [func] It is now possible to configure named to accept
4252 expired RRSIGs. Default "dnssec-accept-expired no;".
4253 Setting "dnssec-accept-expired yes;" leaves named
4254 vulnerable to replay attacks. [RT #14685]
4256 1946. [bug] resume_dslookup() could trigger a REQUIRE failure
4257 when using forwarders. [RT #15549]
4259 1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
4260 To generate a RSAMD5 key you must explicitly request
4263 1944. [cleanup] isc_hash_create() does not need a read/write lock.
4266 1943. [bug] Set the loadtime after rolling forward the journal.
4269 1942. [bug] If the name of a DNSKEY match that of one in
4270 trusted-keys do not attempt to validate the DNSKEY
4271 using the parents DS RRset. [RT #15649]
4273 1941. [bug] ncache_adderesult() should set eresult even if no
4274 rdataset is passed to it. [RT #15642]
4276 1940. [bug] Fixed a number of error conditions reported by
4279 1939. [bug] The resolver could dereference a null pointer after
4280 validation if all the queries have timed out.
4283 1938. [bug] The validator was not correctly handling unsecure
4284 negative responses at or below a SEP. [RT #15528]
4286 1937. [bug] sdlz doesn't handle RRSIG records. [RT #15564]
4288 1936. [bug] The validator could leak memory. [RT #15544]
4290 1935. [bug] 'acache' was DO sensitive. [RT #15430]
4292 1934. [func] Validate pending NS RRsets, in the authority section,
4293 prior to returning them if it can be done without
4294 requiring DNSKEYs to be fetched. [RT #15430]
4296 1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
4298 1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
4300 1931. [bug] Per-client mctx could require a huge amount of memory,
4301 particularly for a busy caching server. [RT #15519]
4303 1930. [port] HPUX: ia64 support. [RT #15473]
4305 1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
4307 1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
4309 1927. [bug] Access to soanode or nsnode in rbtdb violated the
4310 lock order rule and could cause a dead lock.
4313 1926. [bug] The Windows installer did not check for empty
4314 passwords. BINDinstall was being installed in
4315 the wrong place. [RT #15483]
4317 1925. [port] All outer level AC_TRY_RUNs need cross compiling
4318 defaults. [RT #15469]
4320 1924. [port] libbind: hpux ia64 support. [RT #15473]
4322 1923. [bug] ns_client_detach() called too early. [RT #15499]
4324 1922. [bug] check-tool.c:setup_logging() missing call to
4325 dns_log_setcontext().
4327 1921. [bug] Client memory contexts were not using internal
4330 1920. [bug] The cache rbtdb lock array was too small to
4331 have the desired performance characteristics.
4334 1919. [contrib] queryperf: a set of new features: collecting/printing
4335 response delays, printing intermediate results, and
4336 adjusting query rate for the "target" qps.
4338 1918. [bug] Memory leak when checking acls. [RT #15391]
4340 1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
4341 when generating man pages. [RT #15385]
4343 1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383]
4345 1915. [bug] dig +ndots was broken. [RT #15215]
4347 1914. [protocol] DS is required to accept mnemonic algorithms
4348 (RFC 4034). Still emit numeric algorithms for
4349 compatibility with RFC 3658. [RT #15354]
4351 1913. [func] Integrate contributed DLZ code into named. [RT #11382]
4353 1912. [port] aix: atomic locking for powerpc. [RT #15020]
4355 1911. [bug] Update windows socket code. [RT #14965]
4357 1910. [bug] dig's +sigchase code overhauled. [RT #14933]
4359 1909. [bug] The DLV code has been re-worked to make no longer
4360 query order sensitive. [RT #14933]
4362 1908. [func] dig now warns if 'RA' is not set in the answer when
4363 'RD' was set in the query. host/nslookup skip servers
4364 that fail to set 'RA' when 'RD' is set unless a server
4365 is explicitly set. [RT #15005]
4367 1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
4370 1906. [func] dig now has a '-q queryname' and '+showsearch' options.
4373 1905. [bug] Strings returned from cfg_obj_asstring() should be
4374 treated as read-only. The prototype for
4375 cfg_obj_asstring() has been updated to reflect this.
4378 1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
4379 friends. Note: RFC 1918 zones are not yet covered by
4380 this but are likely to be in a future release.
4382 New options: empty-server, empty-contact,
4383 empty-zones-enable and disable-empty-zone.
4385 1903. [func] ISC string copy API.
4387 1902. [func] Attempt to make the amount of work performed in a
4388 iteration self tuning. The covers nodes clean from
4389 the cache per iteration, nodes written to disk when
4390 rewriting a master file and nodes destroyed per
4391 iteration when destroying a zone or a cache.
4394 1901. [cleanup] Don't add DNSKEY records to the additional section.
4396 1900. [bug] ixfr-from-differences failed to ensure that the
4397 serial number increased. [RT #15036]
4399 1899. [func] named-checkconf now validates update-policy entries.
4402 1898. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
4403 ISC_NETADDR_FORMATSIZE to allow for scope details.
4405 1897. [func] x86 and x86_64 now have separate atomic locking
4408 1896. [bug] Recursive clients soft quota support wasn't working
4409 as expected. [RT #15103]
4411 1895. [bug] A escaped character is, potentially, converted to
4412 the output character set too early. [RT #14666]
4414 1894. [doc] Review ARM for BIND 9.4.
4416 1893. [port] Use uintptr_t if available. [RT #14606]
4418 1892. [func] Support for SPF rdata type. [RT #15033]
4420 1891. [port] freebsd: pthread_mutex_init can fail if it runs out
4421 of memory. [RT #14995]
4423 1890. [func] Raise the UDP receive buffer size to 32k if it is
4424 less than 32k. [RT #14953]
4426 1889. [port] sunos: non blocking i/o support. [RT #14951]
4428 1888. [func] Support for IPSECKEY rdata type. [RT #14967]
4430 1887. [bug] The cache could delete expired records too fast for
4431 clients with a virtual time in the past. [RT #14991]
4433 1886. [bug] fctx_create() could return success even though it
4436 1885. [func] dig: report the number of extra bytes still left in
4437 the packet after processing all the records.
4439 1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
4441 1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
4444 1882. [func] Limit the number of recursive clients that can be
4445 waiting for a single query (<qname,qtype,qclass>) to
4446 resolve. New options clients-per-query and
4447 max-clients-per-query.
4449 1881. [func] Add a system test for named-checkconf. [RT #14931]
4451 1880. [func] The lame cache is now done on a <qname,qclass,qtype>
4452 basis as some servers only appear to be lame for
4453 certain query types. [RT #14916]
4455 1879. [func] "USE INTERNAL MALLOC" is now runtime selectable.
4458 1878. [func] Detect duplicates of UDP queries we are recursing on
4459 and drop them. New stats category "duplicate".
4462 1877. [bug] Fix unreasonably low quantum on call to
4463 dns_rbt_destroy2(). Remove unnecessary unhash_node()
4466 1876. [func] Additional memory debugging support to track size
4467 and mctx arguments. [RT #14814]
4469 1875. [bug] process_dhtkey() was using the wrong memory context
4470 to free some memory. [RT #14890]
4472 1874. [port] sunos: portability fixes. [RT #14814]
4474 1873. [port] win32: isc__errno2result() now reports its caller.
4477 1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
4481 1870. [func] Added framework for handling multiple EDNS versions.
4484 1869. [func] dig can now specify the EDNS version when making
4485 a query. [RT #14873]
4487 1868. [func] edns-udp-size can now be overridden on a per
4488 server basis. [RT #14851]
4490 1867. [bug] It was possible to trigger a INSIST in
4491 dlv_validatezonekey(). [RT #14846]
4493 1866. [bug] resolv.conf parse errors were being ignored by
4494 dig/host/nslookup. [RT #14841]
4496 1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
4497 bad addresses. [RT #14841]
4499 1864. [bug] Don't try the alternative transfer source if you
4500 got a answer / transfer with the main source
4501 address. [RT #14802]
4503 1863. [bug] rrset-order "fixed" error messages not complete.
4505 1862. [func] Add additional zone data constancy checks.
4506 named-checkzone has extended checking of NS, MX and
4507 SRV record and the hosts they reference.
4508 named has extended post zone load checks.
4509 New zone options: check-mx and integrity-check.
4512 1861. [bug] dig could trigger a INSIST on certain malformed
4513 responses. [RT #14801]
4515 1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
4516 incorrectly set. [RT #14775]
4518 1859. [func] Add support for CH A record. [RT #14695]
4520 1858. [bug] The flush-zones-on-shutdown option wasn't being
4523 1857. [bug] named could trigger a INSIST() if reconfigured /
4524 reloaded too fast. [RT #14673]
4526 1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
4529 1855. [bug] ixfr-from-differences was failing to detect changes
4530 of ttl due to dns_diff_subtract() was ignoring the ttl
4531 of records. [RT #14616]
4533 1854. [bug] lwres also needs to know the print format for
4534 (long long). [RT #13754]
4536 1853. [bug] Rework how DLV interacts with proveunsecure().
4539 1852. [cleanup] Remove last vestiges of dnssec-signkey and
4540 dnssec-makekeyset (removed from Makefile years ago).
4542 1851. [doc] Doxygen comment markup. [RT #11398]
4544 1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
4546 1849. [doc] All forms of the man pages (docbook, man, html) should
4547 have consistent copyright dates.
4549 1848. [bug] Improve SMF integration. [RT #13238]
4551 1847. [bug] isc_ondestroy_init() is called too late in
4552 dns_rbtdb_create()/dns_rbtdb64_create().
4555 1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
4556 <bortzmeyer@nic.fr>.
4558 1845. [bug] Improve error reporting to distinguish between
4559 accept()/fcntl() and socket()/fcntl() errors.
4562 1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
4563 for each 16 bit piece of the IPv6 address. The text
4564 representation of a IPv6 address has been tightened
4565 to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
4568 1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
4569 when CFLAGS contains "-I /usr/local/include"
4570 resulting in old header files being used.
4572 1842. [port] cmsg_len() could produce incorrect results on
4573 some platform. [RT #13744]
4575 1841. [bug] "dig +nssearch" now makes a recursive query to
4576 find the list of nameservers to query. [RT #13694]
4578 1840. [func] dnssec-signzone can now randomize signature end times
4579 (dnssec-signzone -j jitter). [RT #13609]
4581 1839. [bug] <isc/hash.h> was not being installed.
4583 1838. [cleanup] Don't allow Linux capabilities to be inherited.
4586 1837. [bug] Compile time option ISC_FACILITY was not effective
4587 for 'named -u <user>'. [RT #13714]
4589 1836. [cleanup] Silence compiler warnings in hash_test.c.
4591 1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
4593 1834. [bug] Bad memset in rdata_test.c. [RT #13658]
4595 1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
4597 1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
4600 1831. [doc] Update named-checkzone documentation. [RT#13604]
4602 1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
4604 1829. [bug] win32: "pid-file none;" broken. [RT #13563]
4606 1828. [bug] isc_rwlock_init() failed to properly cleanup if it
4607 encountered a error. [RT #13549]
4609 1827. [bug] host: update usage message for '-a'. [RT #37116]
4611 1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
4612 of memory error. [RT #13537]
4614 1825. [bug] Missing UNLOCK() on out of memory error from in
4615 rbtdb.c:subtractrdataset(). [RT #13519]
4617 1824. [bug] Memory leak on dns_zone_setdbtype() failure.
4620 1823. [bug] Wrong macro used to check for point to point interface.
4623 1822. [bug] check-names test for RT was reversed. [RT #13382]
4627 1820. [bug] Gracefully handle acl loops. [RT #13659]
4629 1819. [bug] The validator needed to check both the algorithm and
4630 digest types of the DS to determine if it could be
4631 used to introduce a secure zone. [RT #13593]
4633 1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
4635 1817. [func] Add support for additional zone file formats for
4636 improving loading performance. The masterfile-format
4637 option in named.conf can be used to specify a
4638 non-default format. A separate command
4639 named-compilezone was provided to generate zone files
4640 in the new format. Additionally, the -I and -O options
4641 for dnssec-signzone specify the input and output
4644 1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
4647 1815. [bug] nsupdate triggered a REQUIRE if the server was set
4648 without also setting the zone and it encountered
4649 a CNAME and was using TSIG. [RT #13086]
4651 1814. [func] UNIX domain controls are now supported.
4653 1813. [func] Restructured the data locking framework using
4654 architecture dependent atomic operations (when
4655 available), improving response performance on
4656 multi-processor machines significantly.
4657 x86, x86_64, alpha, powerpc, and mips are currently
4660 1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
4663 1811. [func] Preserve the case of domain names in rdata during
4664 zone transfers. [RT #13547]
4666 1810. [bug] configure, lib/bind/configure make different default
4667 decisions about whether to do a threaded build.
4670 1809. [bug] "make distclean" failed for libbind if the platform
4673 1808. [bug] zone.c:notify_zone() contained a race condition,
4674 zone->db could change underneath it. [RT #13511]
4676 1807. [bug] When forwarding (forward only) set the active domain
4677 from the forward zone name. [RT #13526]
4679 1806. [bug] The resolver returned the wrong result when a CNAME /
4680 DNAME was encountered when fetching glue from a
4681 secure namespace. [RT #13501]
4683 1805. [bug] Pending status was not being cleared when DLV was
4686 1804. [bug] Ensure that if we are queried for glue that it fits
4687 in the additional section or TC is set to tell the
4688 client to retry using TCP. [RT #10114]
4690 1803. [bug] dnssec-signzone sometimes failed to remove old
4693 1802. [bug] Handle connection resets better. [RT #11280]
4695 1801. [func] Report differences between hints and real NS rrset
4696 and associated address records.
4698 1800. [bug] Changes #1719 allowed a INSIST to be triggered.
4701 1799. [bug] 'rndc flushname' failed to flush negative cache
4702 entries. [RT #13438]
4704 1798. [func] The server syntax has been extended to support a
4705 range of servers. [RT #11132]
4707 1797. [func] named-checkconf now check acls to verify that they
4708 only refer to existing acls. [RT #13101]
4710 1796. [func] "rndc freeze/thaw" now freezes/thaws all zones.
4712 1795. [bug] "rndc dumpdb" was not fully documented. Minor
4713 formating issues with "rndc dumpdb -all". [RT #13396]
4715 1794. [func] Named and named-checkzone can now both check for
4716 non-terminal wildcard records.
4718 1793. [func] Extend adjusting TTL warning messages. [RT #13378]
4720 1792. [func] New zone option "notify-delay". Specify a minimum
4721 delay between sets of NOTIFY messages.
4723 1791. [bug] 'host -t a' still printed out AAAA and MX records.
4726 1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
4727 allow parallel make to succeed.
4729 1789. [bug] Prerequisite test for tkey and dnssec could fail
4730 with "configure --with-libtool".
4732 1788. [bug] libbind9.la/libbind9.so needs to link against
4733 libisccfg.la/libisccfg.so.
4735 1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
4737 1786. [port] AIX: libt_api needs to be taught to look for
4738 T_testlist in the main executable (--with-libtool).
4741 1785. [bug] libbind9.la/libbind9.so needs to link against
4742 libisc.la/libisc.so.
4744 1784. [cleanup] "libtool -allow-undefined" is the default.
4745 Leave hooks in configure to allow it to be set
4746 if needed in the future.
4748 1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the
4751 1782. [port] OSX: --with-libtool + --enable-libbind broke on
4752 __evOptMonoTime. [RT #13219]
4754 1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
4756 1780. [bug] Update libtool to 1.5.10.
4758 1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
4760 1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
4761 IN6ADDR_LOOPBACK_INIT macros.
4763 1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
4764 IN6ADDR_LOOPBACK_INIT macros.
4766 1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
4767 IN6ADDR_LOOPBACK_INIT macros.
4769 1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
4771 1774. [port] Aix: Silence compiler warnings / build failures.
4774 1773. [bug] Fast retry on host / net unreachable. [RT #13153]
4780 1770. [bug] named-checkconf failed to report missing a missing
4781 file clause for rbt{64} master/hint zones. [RT#13009]
4783 1769. [port] win32: change compiler flags /MTd ==> /MDd,
4786 1768. [bug] nsecnoexistnodata() could be called with a non-NSEC
4787 rdataset. [RT #12907]
4789 1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
4790 support for (struct in6_pktinfo) failed. [RT #13077]
4792 1766. [bug] Update the master file timestamp on successful refresh
4793 as well as the journal's timestamp. [RT# 13062]
4795 1765. [bug] configure --with-openssl=auto failed. [RT #12937]
4797 1764. [bug] dns_zone_replacedb failed to emit a error message
4798 if there was no SOA record in the replacement db.
4801 1763. [func] Perform sanity checks on NS records which refer to
4802 'in zone' names. [RT #13002]
4804 1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS
4805 even when it failed. [RT #12995]
4807 1761. [bug] 'rndc dumpdb' didn't report unassociated entries.
4810 1760. [bug] Host / net unreachable was not penalising rtt
4811 estimates. [RT #12970]
4813 1759. [bug] Named failed to startup if the OS supported IPv6
4814 but had no IPv6 interfaces configured. [RT #12942]
4816 1758. [func] Don't send notify messages to self. [RT #12933]
4818 1757. [func] host now can turn on memory debugging flags with '-m'.
4820 1756. [func] named-checkconf now checks the logging configuration.
4823 1755. [func] allow-update is now settable at the options / view
4826 1754. [bug] We weren't always attempting to query the parent
4827 server for the DS records at the zone cut.
4830 1753. [bug] Don't serve a slave zone which has no NS records.
4833 1752. [port] Move isc_app_start() to after ns_os_daemonise()
4834 as some fork() implementations unblock the signals
4835 that are blocked by isc_app_start(). [RT #12810]
4837 1751. [bug] --enable-getifaddrs failed under linux. [RT #12867]
4839 1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
4842 1749. [bug] 'check-names response ignore;' failed to ignore.
4845 1748. [func] dig now returns the byte count for axfr/ixfr.
4847 1747. [bug] BIND 8 compatibility: named/named-checkconf failed
4848 to parse "host-statistics-max" in named.conf.
4850 1746. [func] Make public the function to read a key file,
4851 dst_key_read_public(). [RT #12450]
4853 1745. [bug] Dig/host/nslookup accept replies from link locals
4854 regardless of scope if no scope was specified when
4855 query was sent. [RT #12745]
4857 1744. [bug] If tuple2msgname() failed to convert a tuple to
4858 a name a REQUIRE could be triggered. [RT #12796]
4860 1743. [bug] If isc_taskmgr_create() was not able to create the
4861 requested number of worker threads then destruction
4862 of the manager would trigger an INSIST() failure.
4865 1742. [bug] Deleting all records at a node then adding a
4866 previously existing record, in a single UPDATE
4867 transaction, failed to leave / regenerate the
4868 associated RRSIG records. [RT #12788]
4870 1741. [bug] Deleting all records at a node in a secure zone
4871 using a update-policy grant failed. [RT #12787]
4873 1740. [bug] Replace rbt's hash algorithm as it performed badly
4874 with certain zones. [RT #12729]
4876 NOTE: a hash context now needs to be established
4877 via isc_hash_create() if the application was not
4880 1739. [bug] dns_rbt_deletetree() could incorrectly return
4881 ISC_R_QUOTA. [RT #12695]
4883 1738. [bug] Enable overrun checking by default. [RT #12695]
4885 1737. [bug] named failed if more than 16 masters were specified.
4888 1736. [bug] dst_key_fromnamedfile() could fail to read a
4889 public key. [RT #12687]
4891 1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
4894 1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
4897 1733. [bug] Return non-zero exit status on initial load failure.
4900 1732. [bug] 'rrset-order name "*"' wasn't being applied to ".".
4903 1731. [port] darwin: relax version test in ifconfig.sh.
4906 1730. [port] Determine the length type used by the socket API.
4909 1729. [func] Improve check-names error messages.
4911 1728. [doc] Update check-names documentation.
4913 1727. [bug] named-checkzone: check-names support didn't match
4916 1726. [port] aix5: add support for aix5.
4918 1725. [port] linux: update error message on interaction of threads,
4919 capabilities and setuid support (named -u). [RT #12541]
4921 1724. [bug] Look for DNSKEY records with "dig +sigtrace".
4924 1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
4926 1722. [bug] Don't commit the journal on malformed ixfr streams.
4929 1721. [bug] Error message from the journal processing were not
4930 always identifying the relevant journal. [RT #12519]
4932 1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
4933 negative response. [RT #12506]
4935 1719. [bug] named was not correctly caching a RFC 2308 Type 1
4936 negative response. [RT #12506]
4938 1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
4939 responses when looking for the zone / master server.
4942 1717. [port] solaris: ifconfig.sh did not support Solaris 10.
4943 "ifconfig.sh down" didn't work for Solaris 9.
4945 1716. [doc] named.conf(5) was being installed in the wrong
4946 location. [RT# 12441]
4948 1715. [func] 'dig +trace' now randomly selects the next servers
4949 to try. Report if there is a bad delegation.
4951 1714. [bug] dig/host/nslookup were only trying the first
4952 address when a nameserver was specified by name.
4955 1713. [port] linux: extend capset failure message to say:
4956 please ensure that the capset kernel module is
4957 loaded. see insmod(8)
4959 1712. [bug] Missing FULLCHECK for "trusted-key" in dig.
4961 1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'.
4963 1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY
4964 messages for the specified zone. [RT #9479]
4966 1709. [port] solaris: add SMF support from Sun.
4968 1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
4969 for conformance to the name space convention. Binary
4970 backward compatibility to the old function name is
4971 provided. [RT #12376]
4973 1707. [contrib] sdb/ldap updated to version 1.0-beta.
4975 1706. [bug] 'rndc stop' failed to cause zones to be flushed
4976 sometimes. [RT #12328]
4978 1705. [func] Allow the journal's name to be changed via named.conf.
4980 1704. [port] lwres needed a snprintf() implementation for
4981 platforms without snprintf(). Add missing
4982 "#include <isc/print.h>". [RT #12321]
4984 1703. [bug] named would loop sending NOTIFY messages when it
4985 failed to receive a response. [RT #12322]
4987 1702. [bug] also-notify should not be applied to built in zones.
4990 1701. [doc] A minimal named.conf man page.
4992 1700. [func] nslookup is no longer to be treated as deprecated.
4993 Remove "deprecated" warning message. Add man page.
4995 1699. [bug] dnssec-signzone can generate "not exact" errors
4996 when resigning. [RT #12281]
4998 1698. [doc] Use reserved IPv6 documentation prefix.
5000 1697. [bug] xxx-source{,-v6} was not effective when it
5001 specified one of listening addresses and a
5002 different port than the listening port. [RT #12257]
5004 1696. [bug] dnssec-signzone failed to clean out nodes that
5005 consisted of only NSEC and RRSIG records.
5008 1695. [bug] DS records when forwarding require special handling.
5011 1694. [bug] Report if the builtin views of "_default" / "_bind"
5012 are defined in named.conf. [RT #12023]
5014 1693. [bug] max-journal-size was not effective for master zones
5015 with ixfr-from-differences set. [RT# 12024]
5017 1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
5018 /usr/lib. [RT #11971]
5020 1691. [bug] sdb's attachversion was not complete. [RT #11990]
5022 1690. [bug] Delay detaching view from the client until UPDATE
5023 processing completes when shutting down. [RT #11714]
5025 1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
5026 contained gratuitous semicolons. [RT #11707]
5028 1688. [bug] LDFLAGS was not supported.
5030 1687. [bug] Race condition in dispatch. [RT #10272]
5032 1686. [bug] Named sent a extraneous NOTIFY when it received a
5033 redundant UPDATE request. [RT #11943]
5035 1685. [bug] Change #1679 loop tests weren't quite right.
5037 1684. [func] ixfr-from-differences now takes master and slave in
5038 addition to yes and no at the options and view levels.
5040 1683. [bug] dig +sigchase could leak memory. [RT #11445]
5042 1682. [port] Update configure test for (long long) printf format.
5045 1681. [bug] Only set SO_REUSEADDR when a port is specified in
5046 isc_socket_bind(). [RT #11742]
5048 1680. [func] rndc: the source address can now be specified.
5050 1679. [bug] When there was a single nameserver with multiple
5051 addresses for a zone not all addresses were tried.
5054 1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
5056 1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
5058 1676. [func] New option "allow-query-cache". This lets
5059 allow-query be used to specify the default zone
5060 access level rather than having to have every
5061 zone override the global value. allow-query-cache
5062 can be set at both the options and view levels.
5063 If allow-query-cache is not set allow-query applies.
5065 1675. [bug] named would sometimes add extra NSEC records to
5066 the authority section.
5068 1674. [port] linux: increase buffer size used to scan
5071 1673. [port] linux: issue a error messages if IPv6 interface
5074 1672. [cleanup] Tests which only function in a threaded build
5075 now return R:THREADONLY (rather than R:UNTESTED)
5076 in a non-threaded build.
5078 1671. [contrib] queryperf: add NAPTR to the list of known types.
5080 1670. [func] Log UPDATE requests to slave zones without an acl as
5081 "disabled" at debug level 3. [RT# 11657]
5085 1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
5087 1667. [port] linux: not all versions have IF_NAMESIZE.
5089 1666. [bug] The optional port on hostnames in dual-stack-servers
5092 1665. [func] rndc now allows addresses to be set in the
5095 1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
5097 1663. [func] Look for OpenSSL by default.
5099 1662. [bug] Change #1658 failed to change one use of 'type'
5102 1661. [bug] Restore dns_name_concatenate() call in
5103 adb.c:set_target(). [RT #11582]
5105 1660. [bug] win32: connection_reset_fix() was being called
5106 unconditionally. [RT #11595]
5108 1659. [cleanup] Cleanup some messages that were referring to KEY vs
5109 DNSKEY, NXT vs NSEC and SIG vs RRSIG.
5111 1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
5112 and DH. Tighten which options apply to KEY and
5115 1657. [doc] ARM: document query log output.
5117 1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
5118 DNSKEY and RRSIG. [RT #11542]
5120 1655. [bug] Logging multiple versions w/o a size was broken.
5123 1654. [bug] isc_result_totext() contained array bounds read
5126 1653. [func] Add key type checking to dst_key_fromfilename(),
5127 DST_TYPE_KEY should be used to read TSIG, TKEY and
5130 1652. [bug] TKEY still uses KEY.
5132 1651. [bug] dig: process multiple dash options.
5134 1650. [bug] dig, nslookup: flush standard out after each command.
5136 1649. [bug] Silence "unexpected non-minimal diff" message.
5139 1648. [func] Update dnssec-lookaside named.conf syntax to support
5140 multiple dnssec-lookaside namespaces (not yet
5143 1647. [bug] It was possible trigger a INSIST when chasing a DS
5144 record that required walking back over a empty node.
5147 1646. [bug] win32: logging file versions didn't work with
5148 non-UNC filenames. [RT#11486]
5150 1645. [bug] named could trigger a REQUIRE failure if multiple
5151 masters with keys are specified.
5153 1644. [bug] Update the journal modification time after a
5154 successful refresh query. [RT #11436]
5156 1643. [bug] dns_db_closeversion() could leak memory / node
5157 references. [RT #11163]
5159 1642. [port] Support OpenSSL implementations which don't have
5160 DSA support. [RT #11360]
5162 1641. [bug] Update the check-names description in ARM. [RT #11389]
5164 1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
5165 incorrectly closing the socket. [RT #11291]
5167 1639. [func] Initial dlv system test.
5169 1638. [bug] "ixfr-from-differences" could generate a REQUIRE
5170 failure if the journal open failed. [RT #11347]
5172 1637. [bug] Node reference leak on error in addnoqname().
5174 1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
5175 a error had occurred. The database version no longer
5176 matched the version of the database that was dumped.
5178 1635. [bug] Memory leak on error in query_addds().
5180 1634. [bug] named didn't supply a useful error message when it
5181 detected duplicate views. [RT #11208]
5183 1633. [bug] named should return NOTIMP to update requests to a
5184 slaves without a allow-update-forwarding acl specified.
5187 1632. [bug] nsupdate failed to send prerequisite only UPDATE
5188 messages. [RT #11288]
5190 1631. [bug] dns_journal_compact() could sometimes corrupt the
5191 journal. [RT #11124]
5193 1630. [contrib] queryperf: add support for IPv6 transport.
5195 1629. [func] dig now supports IPv6 scoped addresses with the
5196 extended format in the local-server part. [RT #8753]
5198 1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
5200 1627. [bug] win32: sockets were not being closed when the
5201 last external reference was removed. [RT# 11179]
5203 1626. [bug] --enable-getifaddrs was broken. [RT#11259]
5205 1625. [bug] named failed to load/transfer RFC2535 signed zones
5206 which contained CNAMES. [RT# 11237]
5208 1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
5210 1623. [bug] A serial number of zero was being displayed in the
5211 "sending notifies" log message when also-notify was
5214 1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
5215 available, and suppress wildcard binding if not.
5217 1621. [bug] match-destinations did not work for IPv6 TCP queries.
5220 1620. [func] When loading a zone report if it is signed. [RT #11149]
5222 1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
5225 1618. [bug] Fencepost errors in dns_name_ishostname() and
5226 dns_name_ismailbox() could trigger a INSIST().
5228 1617. [port] win32: VC++ 6.0 support.
5230 1616. [compat] Ensure that named's version is visible in the core
5233 1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
5236 1614. [port] win32: silence resource limit messages. [RT# 11101]
5238 1613. [bug] Builds would fail on machines w/o a if_nametoindex().
5239 Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
5242 1612. [bug] check-names at the option/view level could trigger
5243 an INSIST. [RT# 11116]
5245 1611. [bug] solaris: IPv6 interface scanning failed to cope with
5246 no active IPv6 interfaces.
5248 1610. [bug] On dual stack machines "dig -b" failed to set the
5249 address type to be looked up with "@server".
5252 1609. [func] dig now has support to chase DNSSEC signature chains.
5253 Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
5255 DNSSEC validation code in dig coded by Olivier Courtay
5256 (olivier.courtay@irisa.fr) for the IDsA project
5257 (http://idsa.irisa.fr).
5259 1608. [func] dig and host now accept -4/-6 to select IP transport
5260 to use when making queries.
5262 1607. [bug] dig, host and nslookup were still using random()
5263 to generate query ids. [RT# 11013]
5265 1606. [bug] DLV insecurity proof was failing.
5267 1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
5269 1604. [bug] A xfrout_ctx_create() failure would result in
5270 xfrout_ctx_destroy() being called with a
5271 partially initialized structure.
5273 1603. [bug] nsupdate: set interactive based on isatty().
5276 1602. [bug] Logging to a file failed unless a size was specified.
5279 1601. [bug] Silence spurious warning 'both "recursion no;" and
5280 "allow-recursion" active' warning from view "_bind".
5283 1600. [bug] Duplicate zone pre-load checks were not case
5286 1599. [bug] Fix memory leak on error path when checking named.conf.
5288 1598. [func] Specify that certain parts of the namespace must
5289 be secure (dnssec-must-be-secure).
5291 1597. [func] Allow notify-source and query-source to be specified
5292 on a per server basis similar to transfer-source.
5295 1596. [func] Accept 'notify-source' style syntax for query-source.
5297 1595. [func] New notify type 'master-only'. Enable notify for
5300 1594. [bug] 'rndc dumpdb' could prevent named from answering
5301 queries while the dump was in progress. [RT #10565]
5303 1593. [bug] rndc should return "unknown command" to unknown
5304 commands. [RT# 10642]
5306 1592. [bug] configure_view() could leak a dispatch. [RT# 10675]
5308 1591. [bug] libbind: updated to BIND 8.4.5.
5310 1590. [port] netbsd: update thread support.
5312 1589. [func] DNSSEC lookaside validation.
5314 1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
5316 1587. [bug] dns_message_settsigkey() failed to clear existing key.
5319 1586. [func] "check-names" is now implemented.
5323 1584. [bug] "make test" failed with a read only source tree.
5326 1583. [bug] Records add via UPDATE failed to get the correct trust
5329 1582. [bug] rrset-order failed to work on RRsets with more
5330 than 32 elements. [RT #10381]
5332 1581. [func] Disable DNSSEC support by default. To enable
5333 DNSSEC specify "dnssec-enable yes;" in named.conf.
5335 1580. [bug] Zone destruction on final detach takes a long time.
5338 1579. [bug] Multiple task managers could not be created.
5340 1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
5343 1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
5344 workaround code. [RT #10331]
5346 1576. [bug] Race condition in dns_dispatch_addresponse().
5349 1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
5351 1574. [bug] Don't attempt to open the controls socket(s) when
5352 running tests. [RT #9091]
5354 1573. [port] linux: update to libtool 1.5.2 so that
5355 "make install DESTDIR=/xx" works with
5356 "configure --with-libtool". [RT #9941]
5358 1572. [bug] nsupdate: sign the soa query to find the enclosing
5359 zone if the server is specified. [RT #10148]
5361 1571. [bug] rbt:hash_node() could fail leaving the hash table
5362 in an inconsistent state. [RT #10208]
5364 1570. [bug] nsupdate failed to handle classes other than IN.
5365 New keyword 'class' which sets the default class.
5368 1569. [func] nsupdate new command 'answer' which displays the
5369 complete answer message to the last update.
5371 1568. [bug] nsupdate now reports that the update failed in
5372 interactive mode. [RT# 10236]
5374 1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
5376 1566. [port] Support for the cmsg framework on Solaris and HP/UX.
5377 This also solved the problem that match-destinations
5378 for IPv6 addresses did not work on these systems.
5381 1565. [bug] CD flag should be copied to outgoing queries unless
5382 the query is under a secure entry point in which case
5385 1564. [func] Attempt to provide a fallback entropy source to be
5386 used if named is running chrooted and named is unable
5387 to open entropy source within the chroot area.
5390 1563. [bug] Gracefully fail when unable to obtain neither an IPv4
5391 nor an IPv6 dispatch. [RT #10230]
5393 1562. [bug] isc_socket_create() and isc_socket_accept() could
5394 leak memory under error conditions. [RT #10230]
5396 1561. [bug] It was possible to release the same name twice if
5397 named ran out of memory. [RT #10197]
5399 1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
5400 and EAI_NONAME to the same value.
5402 1559. [port] named should ignore SIGFSZ.
5404 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
5405 child zones for which we don't have a supported
5406 algorithm. Such child zones are treated as unsigned.
5408 1557. [func] Implement missing DNSSEC tests for
5409 * NOQNAME proof with wildcard answers.
5410 * NOWILDARD proof with NXDOMAIN.
5411 Cache and return NOQNAME with wildcard answers.
5413 1556. [bug] nsupdate now treats all names as fully qualified.
5416 1555. [func] 'rrset-order cyclic' no longer has a random starting
5417 point per query. [RT #7572]
5419 1554. [bug] dig, host, nslookup failed when no nameservers
5420 were specified in /etc/resolv.conf. [RT #8232]
5422 1553. [bug] The windows socket code could stop accepting
5423 connections. [RT#10115]
5425 1552. [bug] Accept NOTIFY requests from mapped masters if
5426 matched-mapped is set. [RT #10049]
5428 1551. [port] Open "/dev/null" before calling chroot().
5430 1550. [port] Call tzset(), if available, before calling chroot().
5432 1549. [func] named-checkzone can now write out the zone contents
5433 in a easily parsable format (-D and -o).
5435 1548. [bug] When parsing APL records it was possible to silently
5436 accept out of range ADDRESSFAMILY values. [RT# 9979]
5438 1547. [bug] Named wasted memory recording duplicate lame zone
5441 1546. [bug] We were rejecting valid secure CNAME to negative
5444 1545. [bug] It was possible to leak memory if named was unable to
5445 bind to the specified transfer source and TSIG was
5446 being used. [RT #10120]
5448 1544. [bug] Named would logged a single entry to a file despite it
5449 being over the specified size limit.
5451 1543. [bug] Logging using "versions unlimited" did not work.
5455 1541. [func] NSEC now uses new bitmap format.
5457 1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
5460 1539. [bug] Open UDP sockets for notify-source and transfer-source
5461 that use reserved ports at startup. [RT #9475]
5463 1538. [placeholder] rt9997
5465 1537. [func] New option "querylog". If set specify whether query
5466 logging is to be enabled or disabled at startup.
5468 1536. [bug] Windows socket code failed to log a error description
5469 when returning ISC_R_UNEXPECTED. [RT #9998]
5473 1534. [bug] Race condition when priming cache. [RT# 9940]
5475 1533. [func] Warn if both "recursion no;" and "allow-recursion"
5476 are active. [RT# 4389]
5478 1532. [port] netbsd: the configure test for <sys/sysctl.h>
5479 requires <sys/param.h>.
5481 1531. [port] AIX more libtool fixes.
5483 1530. [bug] It was possible to trigger a INSIST() failure if a
5484 slave master file was removed at just the correct
5487 1529. [bug] "notify explicit;" failed to log that NOTIFY messages
5488 were being sent for the zone. [RT# 9442]
5490 1528. [cleanup] Simplify some dns_name_ functions based on the
5491 deprecation of bitstring labels.
5493 1527. [cleanup] Reduce the number of gettimeofday() calls without
5494 losing necessary timer granularity.
5496 1526. [func] Implemented "additional section caching (or acache)",
5497 an internal cache framework for additional section
5498 content to improve response performance. Several
5499 configuration options were provided to control the
5502 1525. [bug] dns_cache_create() could trigger a REQUIRE
5503 failure in isc_mem_put() during error cleanup.
5506 1524. [port] AIX needs to be able to resolve all symbols when
5507 creating shared libraries (--with-libtool).
5509 1523. [bug] Fix race condition in rbtdb. [RT# 9189]
5511 1522. [bug] dns_db_findnode() relax the requirements on 'name'.
5514 1521. [bug] dns_view_createresolver() failed to check the
5515 result from isc_mem_create(). [RT# 9294]
5517 1520. [protocol] Add SSHFP (SSH Finger Print) type.
5519 1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
5520 length of the new bitmap.
5522 1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
5523 contained a off-by-one error when working out the
5524 number of octets in the bitmap.
5526 1517. [port] Support for IPv6 interface scanning on HP/UX and
5529 1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
5531 1515. [func] Allow transfer source to be set in a server statement.
5534 1514. [bug] named: isc_hash_destroy() was being called too early.
5537 1513. [doc] Add "US" to root-delegation-only exclude list.
5539 1512. [bug] Extend the delegation-only logging to return query
5540 type, class and responding nameserver.
5542 1511. [bug] delegation-only was generating false positives
5543 on negative answers from sub-zones.
5545 1510. [func] New view option "root-delegation-only". Apply
5546 delegation-only check to all TLDs and root.
5547 Note there are some TLDs that are NOT delegation
5548 only (e.g. DE, LV, US and MUSEUM) these can be excluded
5549 from the checks by using exclude.
5551 root-delegation-only exclude {
5552 "DE"; "LV"; "US"; "MUSEUM";
5555 1509. [bug] Hint zones should accept delegation-only. Forward
5556 zone should not accept delegation-only.
5558 1508. [bug] Don't apply delegation-only checks to answers from
5561 1507. [bug] Handle BIND 8 style returns to NS queries to parents
5562 when making delegation-only checks.
5564 1506. [bug] Wrong return type for dns_view_isdelegationonly().
5566 1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
5568 1504. [func] New zone type "delegation-only".
5570 1503. [port] win32: install libeay32.dll outside of system32.
5572 1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
5574 1501. [func] Allow TCP queue length to be specified via
5575 named.conf, tcp-listen-queue.
5577 1500. [bug] host failed to lookup MX records. Also look up
5580 1499. [bug] isc_random need to be seeded better if arc4random()
5583 1498. [port] bsdos: 5.x support.
5587 1496. [port] test for pthread_attr_setstacksize().
5589 1495. [cleanup] Replace hash functions with universal hash.
5591 1494. [security] Turn on RSA BLINDING as a precaution.
5595 1492. [cleanup] Preserve rwlock quota context when upgrading /
5596 downgrading. [RT #5599]
5598 1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
5601 1490. [bug] Accept reading state as well as working state in
5602 ns_client_next(). [RT #6813]
5604 1489. [compat] Treat 'allow-update' on slave zones as a warning.
5607 1488. [bug] Don't override trust levels for glue addresses.
5610 1487. [bug] A REQUIRE() failure could be triggered if a zone was
5611 queued for transfer and the zone was then removed.
5614 1486. [bug] isc_print_snprintf() '%%' consumed one too many format
5615 characters. [RT# 8230]
5617 1485. [bug] gen failed to handle high type values. [RT #6225]
5619 1484. [bug] The number of records reported after a AXFR was wrong.
5622 1483. [bug] dig axfr failed if the message id in the answer failed
5623 to match that in the request. Only the id in the first
5624 message is required to match. [RT #8138]
5626 1482. [bug] named could fail to start if the kernel supports
5627 IPv6 but no interfaces are configured. Similarly
5628 for IPv4. [RT #6229]
5630 1481. [bug] Refresh and stub queries failed to use masters keys
5631 if specified. [RT #7391]
5633 1480. [bug] Provide replay protection for rndc commands. Full
5634 replay protection requires both rndc and named to
5635 be updated. Partial replay protection (limited
5636 exposure after restart) is provided if just named
5639 1479. [bug] cfg_create_tuple() failed to handle out of
5640 memory cleanup. parse_list() would leak memory
5643 1478. [port] ifconfig.sh didn't account for other virtual
5644 interfaces. It now takes a optional argument
5645 to specify the first interface number. [RT #3907]
5647 1477. [bug] memory leak using stub zones and TSIG.
5651 1475. [port] Probe for old sprintf().
5653 1474. [port] Provide strtoul() and memmove() for platforms
5656 1473. [bug] create_map() and create_string() failed to handle out
5657 of memory cleanup. [RT #6813]
5659 1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
5661 1471. [bug] libbind: updated to BIND 8.4.0.
5663 1470. [bug] Incorrect length passed to snprintf. [RT #5966]
5665 1469. [func] Log end of outgoing zone transfer at same level
5666 as the start of transfer is logged. [RT #4441]
5668 1468. [func] Internal zones are no longer counted for
5669 'rndc status'. [RT #4706]
5671 1467. [func] $GENERATES now supports optional class and ttl.
5673 1466. [bug] lwresd configuration errors resulted in memory
5674 and lock leaks. [RT #5228]
5676 1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
5677 failed to check that trailing bits were zero allowing
5678 some invalid base64 strings to be accepted. [RT #5397]
5680 1464. [bug] Preserve "out of zone" data for outgoing zone
5681 transfers. [RT #5192]
5683 1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
5684 NXT bit maps. [RT #5577]
5686 1462. [bug] parse_sizeval() failed to check the token type.
5689 1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
5691 1460. [bug] inet_pton() failed to reject certain malformed
5696 1458. [cleanup] sprintf() -> snprintf().
5698 1457. [port] Provide strlcat() and strlcpy() for platforms without
5701 1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
5703 1455. [bug] <netaddr> missing from server grammar in
5704 doc/misc/options. [RT #5616]
5706 1454. [port] Use getifaddrs() if available for interface scanning.
5707 --disable-getifaddrs to override. Glibc currently
5708 has a getifaddrs() that does not support IPv6.
5709 Use --enable-getifaddrs=glibc to force the use of
5710 this version under linux machines.
5712 1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
5716 1451. [bug] rndc-confgen didn't exit with a error code for all
5717 failures. [RT #5209]
5719 1450. [bug] Fetching expired glue failed under certain
5720 circumstances. [RT #5124]
5722 1449. [bug] query_addbestns() didn't handle running out of memory
5725 1448. [bug] Handle empty wildcards labels.
5727 1447. [bug] We were casting (unsigned int) to and from (void *).
5728 rdataset->private4 is now rdataset->privateuint4
5729 to reflect a type change.
5731 1446. [func] Implemented undocumented alternate transfer sources
5732 from BIND 8. See use-alt-transfer-source,
5733 alt-transfer-source and alt-transfer-source-v6.
5735 SECURITY: use-alt-transfer-source is ENABLED unless
5736 you are using views. This may cause a security risk
5737 resulting in accidental disclosure of wrong zone
5738 content if the master supplying different source
5739 content based on IP address. If you are not certain
5740 ISC recommends setting use-alt-transfer-source no;
5742 1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
5743 been replaced with DNS_ADBFIND_STARTATZONE which
5744 causes the search to start using the closest zone.
5746 1444. [func] dns_view_findzonecut2() allows you to specify if the
5747 cache should be searched for zone cuts.
5749 1443. [func] Masters lists can now be specified and referenced
5750 in zone masters clauses and other masters lists.
5752 1442. [func] New functions for manipulating port lists:
5753 dns_portlist_create(), dns_portlist_add(),
5754 dns_portlist_remove(), dns_portlist_match(),
5755 dns_portlist_attach() and dns_portlist_detach().
5757 1441. [func] It is now possible to tell dig to bind to a specific
5760 1440. [func] It is now possible to tell named to avoid using
5761 certain source ports (avoid-v4-udp-ports,
5762 avoid-v6-udp-ports).
5764 1439. [bug] Named could return NOERROR with certain NOTIFY
5765 failures. Return NOTAUTH if the NOTIFY zone is
5768 1438. [func] Log TSIG (if any) when logging NOTIFY requests.
5770 1437. [bug] Leave space for stdio to work in. [RT #5033]
5772 1436. [func] dns_zonemgr_resumexfrs() can be used to restart
5775 1435. [bug] zmgr_resume_xfrs() was being called read locked
5776 rather than write locked. zmgr_resume_xfrs()
5777 was not being called if the zone was being
5780 1434. [bug] "rndc reconfig" failed to initiate the initial
5781 zone transfer of new slave zones.
5783 1433. [bug] named could trigger a REQUIRE failure if it could
5784 not get a file descriptor when attempting to write
5785 a master file. [RT #4347]
5787 1432. [func] The advertised EDNS UDP buffer size can now be set
5788 via named.conf (edns-udp-size).
5790 1431. [bug] isc_print_snprintf() "%s" with precision could walk off
5791 end of argument. [RT #5191]
5793 1430. [port] linux: IPv6 interface scanning support.
5795 1429. [bug] Prevent the cache getting locked to old servers.
5799 1427. [bug] Race condition in adb with threaded build.
5803 1425. [port] linux/libbind: define __USE_MISC when testing *_r()
5804 function prototypes in netdb.h. [RT #4921]
5806 1424. [bug] EDNS version not being correctly printed.
5808 1423. [contrib] queryperf: added A6 and SRV.
5810 1422. [func] Log name/type/class when denying a query. [RT #4663]
5812 1421. [func] Differentiate updates that don't succeed due to
5813 prerequisites (unsuccessful) vs other reasons
5816 1420. [port] solaris: work around gcc optimizer bug.
5818 1419. [port] openbsd: use /dev/arandom. [RT #4950]
5820 1418. [bug] 'rndc reconfig' did not cause new slaves to load.
5822 1417. [func] ID.SERVER/CHAOS is now a built in zone.
5823 See "server-id" for how to configure.
5825 1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
5828 1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
5831 1414. [func] Support for KSK flag.
5833 1413. [func] Explicitly request the (re-)generation of DS records
5834 from keysets (dnssec-signzone -g).
5836 1412. [func] You can now specify servers to be tried if a nameserver
5837 has IPv6 address and you only support IPv4 or the
5838 reverse. See dual-stack-servers.
5840 1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
5842 1410. [func] Handle records that live in the parent zone, e.g. DS.
5844 1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
5846 1408. [bug] "make distclean" was not complete. [RT #4700]
5848 1407. [bug] lfsr incorrectly implements the shift register.
5851 1406. [bug] dispatch initializes one of the LFSR's with a incorrect
5852 polynomial. [RT #4617]
5854 1405. [func] Use arc4random() if available.
5856 1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
5859 1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
5860 dnssec-signkey now report their version in the
5863 1402. [cleanup] A6 has been moved to experimental and is no longer
5866 1401. [bug] adb wasn't clearing state when the timer expired.
5868 1400. [bug] Block the addition of wildcard NS records by IXFR
5869 or UPDATE. [RT #3502]
5871 1399. [bug] Use serial number arithmetic when testing SIG
5872 timestamps. [RT #4268]
5874 1398. [doc] ARM: notify-also should have been also-notify.
5877 1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
5879 1396. [func] dnssec-signzone: adjust the default signing time by
5880 1 hour to allow for clock skew.
5882 1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
5883 have a working implementation. [RT #4079]
5885 1394. [func] It is now possible to check if a particular element is
5886 in a acl. Remove duplicate entries from the localnets
5889 1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
5890 is not available in the kernel to prevent accidently
5891 listening on IPv4 interfaces.
5893 1392. [bug] named-checkzone: update usage.
5895 1391. [func] Add support for IPv6 scoped addresses in named.
5897 1390. [func] host now supports ixfr.
5899 1389. [bug] named could fail to rotate long log files. [RT #3666]
5901 1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
5902 defining HAVE_IFLIST_SYSCTL. [RT #3770]
5904 1387. [bug] named could crash due to an access to invalid memory
5905 space (which caused an assertion failure) in
5906 incremental cleaning. [RT #3588]
5908 1386. [bug] named-checkzone -z stopped on errors in a zone.
5911 1385. [bug] Setting serial-query-rate to 10 would trigger a
5914 1384. [bug] host was incompatible with BIND 8 in its exit code and
5915 in the output with the -l option. [RT #3536]
5917 1383. [func] Track the serial number in a IXFR response and log if
5918 a mismatch occurs. This is a more specific error than
5919 "not exact". [RT #3445]
5921 1382. [bug] make install failed with --enable-libbind. [RT #3656]
5923 1381. [bug] named failed to correctly process answers that
5924 contained DNAME records where the resulting CNAME
5925 resulted in a negative answer.
5927 1380. [func] 'rndc recursing' dump recursing queries to
5928 'recursing-file = "named.recursing";'.
5930 1379. [func] 'rndc status' now reports tcp and recursion quota
5933 1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
5935 1377. [func] dns_zone_load{new}() now reports if the zone was
5936 loaded, queued for loading to up to date.
5938 1376. [func] New function dns_zone_logc() to log to specified
5941 1375. [func] 'rndc dumpdb' now dumps the adb cache along with the
5944 1374. [func] dns_adb_dump() now logs the lame zones associated
5947 1373. [bug] Recovery from expired glue failed under certain
5950 1372. [bug] named crashes with an assertion failure on exit when
5951 sharing the same port for listening and querying, and
5952 changing listening addresses several times. [RT# 3509]
5954 1371. [bug] notify-source-v6, transfer-source-v6 and
5955 query-source-v6 with explicit addresses and using the
5956 same ports as named was listening on could interfere
5957 with named's ability to answer queries sent to those
5960 1370. [bug] dig '+[no]recurse' was incorrectly documented.
5962 1369. [bug] Adding an NS record as the lexicographically last
5963 record in a secure zone didn't work.
5965 1368. [func] remove support for bitstring labels.
5967 1367. [func] Use response times to select forwarders.
5969 1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
5971 1365. [func] "localhost" and "localnets" acls now include IPv6
5972 addresses / prefixes.
5974 1364. [func] Log file name when unable to open memory statistics
5975 and dump database files. [RT# 3437]
5977 1363. [func] Listen-on-v6 now supports specific addresses.
5979 1362. [bug] remove IFF_RUNNING test when scanning interfaces.
5981 1361. [func] log the reason for rejecting a server when resolving
5984 1360. [bug] --enable-libbind would fail when not built in the
5985 source tree for certain OS's.
5987 1359. [security] Support patches OpenSSL libraries.
5988 http://www.cert.org/advisories/CA-2002-23.html
5990 1358. [bug] It was possible to trigger a INSIST when debugging
5991 large dynamic updates. [RT #3390]
5993 1357. [bug] nsupdate was extremely wasteful of memory.
5995 1356. [tuning] Reduce the number of events / quantum for zone tasks.
5997 1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
5999 1354. [doc] lwres man pages had illegal nroff.
6001 1353. [contrib] sdb/ldap to version 0.9.
6003 1352. [bug] dig, host, nslookup when falling back to TCP use the
6004 current search entry (if any). [RT #3374]
6006 1351. [bug] lwres_getipnodebyname() returned the wrong name
6007 when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
6010 1350. [bug] dns_name_fromtext() failed to handle too many labels
6013 1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
6014 http://www.cert.org/advisories/CA-2002-23.html
6016 1348. [port] win32: Rewrote code to use I/O Completion Ports
6017 in socket.c and eliminating a host of socket
6018 errors. Performance is enhanced.
6024 1345. [port] Use a explicit -Wformat with gcc. Not all versions
6025 include it in -Wall.
6027 1344. [func] Log if the serial number on the master has gone
6029 If you have multiple machines specified in the masters
6030 clause you may want to set 'multi-master yes;' to
6031 suppress this warning.
6033 1343. [func] Log successful notifies received (info). Adjust log
6034 level for failed notifies to notice.
6036 1342. [func] Log remote address with TCP dispatch failures.
6038 1341. [func] Allow a rate limiter to be stalled.
6040 1340. [bug] Delay and spread out the startup refresh load.
6042 1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
6043 lookups. Bit string lookups are no longer attempted.
6049 1336. [func] Nibble lookups under IP6.ARPA are now supported by
6050 dns_byaddr_create(). dns_byaddr_createptrname() is
6051 deprecated, use dns_byaddr_createptrname2() instead.
6053 1335. [bug] When performing a nonexistence proof, the validator
6054 should discard parent NXTs from higher in the DNS.
6056 1334. [bug] When signing/verifying rdatasets, duplicate rdatas
6057 need to be suppressed.
6059 1333. [contrib] queryperf now reports a summary of returned
6060 rcodes (-c), rcodes are printed in mnemonic form (-v).
6062 1332. [func] Report the current serial with periodic commits when
6063 rolling forward the journal.
6065 1331. [func] Generate DNSSEC wildcard proofs.
6067 1330. [bug] When processing events (non-threaded) only allow
6068 the task one chance to use to use its quantum.
6070 1329. [func] named-checkzone will now check if nameservers that
6071 appear to be IP addresses. Available modes "fail",
6072 "warn" (default) and "ignore" the results of the
6075 1328. [bug] The validator could incorrectly verify an invalid
6078 1327. [bug] The validator would incorrectly mark data as insecure
6079 when seeing a bogus signature before a correct
6082 1326. [bug] DNAME/CNAME signatures were not being cached when
6083 validation was not being performed. [RT #3284]
6085 1325. [bug] If the tcpquota was exhausted it was possible to
6086 to trigger a INSIST() failure.
6088 1324. [port] darwin: ifconfig.sh now supports darwin.
6090 1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
6092 1322. [bug] dnssec-signzone usage message was misleading.
6094 1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
6095 would incorrectly duplicate its output and sign it.
6097 1320. [doc] query-source-v6 was missing from options section.
6100 1319. [func] libbind: log attempts to exploit #1318.
6102 1318. [bug] libbind: Remote buffer overrun.
6104 1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
6107 1316. [bug] libbind: gethostans() could get out of sync parsing
6108 the response if there was a very long CNAME chain.
6110 1315. [bug] Options should apply to the internal _bind view.
6112 1314. [port] Handle ECONNRESET from sendmsg() [unix].
6114 1313. [func] Query log now says if the query was signed (S) or
6115 if EDNS was used (E).
6117 1312. [func] Log TSIG key used w/ outgoing zone transfers.
6119 1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
6121 1310. [bug] 'rndc stop' failed to cause zones to be flushed
6122 sometimes. [RT #3157]
6124 1309. [func] Log that a zone transfer was covered by a TSIG.
6126 1308. [func] DS (delegation signer) support.
6128 1307. [bug] nsupdate: allow white space base64 key data.
6130 1306. [bug] Badly encoded LOC record when the size, horizontal
6131 precision or vertical precision was 0.1m.
6133 1305. [bug] Document that internal zones are included in the
6134 rndc status results.
6136 1304. [func] New function: dns_zone_name().
6138 1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
6140 1302. [func] Extended rndc dumpdb to support dumping of zones and
6141 view selection: 'dumpdb [-all|-zones|-cache] [view]'.
6143 1301. [func] New category 'update-security'.
6145 1300. [port] Compaq Trucluster support.
6147 1299. [bug] Set AI_ADDRCONFIG when looking up addresses
6148 via getaddrinfo() (affects dig, host, nslookup, rndc
6151 1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
6152 could be left with a trailing "\" after configure
6155 1297. [port] linux: make handling EINVAL from socket() no longer
6156 conditional on #ifdef LINUX.
6158 1296. [bug] isc_log_closefilelogs() needed to lock the log
6161 1295. [bug] isc_log_setdebuglevel() needed to lock the log
6164 1294. [func] libbind: no longer attempts bit string labels for
6165 IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
6166 for nibble style resolution.
6168 1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
6170 1292. [func] Enable IPv6 support when using ioctl style interface
6171 scanning and OS supports SIOCGLIFADDR using struct
6174 1291. [func] Enable IPv6 support when using sysctl style interface
6177 1290. [func] "dig axfr" now reports the number of messages
6178 as well as the number of records.
6180 1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
6182 1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
6183 reflect written requirements.
6185 1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
6186 a rdataset to a zone db in the rbtdb implementation of
6189 1286. [bug] dns_name_downcase() enforce requirement that
6190 target != NULL or name->buffer != NULL.
6192 1285. [func] lwres: probe the system to see what address families
6193 are currently in use.
6195 1284. [bug] The RTT estimate on unused servers was not aged.
6198 1283. [func] Use "dataready" accept filter if available.
6200 1282. [port] libbind: hpux 11.11 interface scanning.
6202 1281. [func] Log zone when unable to get private keys to update
6203 zone. Log zone when NXT records are missing from
6206 1280. [bug] libbind: escape '(' and ')' when converting to
6209 1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
6211 1278. [func] dig: now supports +[no]cl +[no]ttlid.
6213 1277. [func] You can now create your own customized printing
6214 styles: dns_master_stylecreate() and
6215 dns_master_styledestroy().
6217 1276. [bug] libbind: const pointer conflicts in res_debug.c.
6219 1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
6221 1274. [bug] Memory leak in lwres_gnbarequest_parse().
6223 1273. [port] libbind: solaris: 64 bit binary compatibility.
6225 1272. [contrib] Berkeley DB 4.0 sdb implementation from
6226 Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
6228 1271. [bug] "recursion available: {denied,approved}" was too
6231 1270. [bug] Check that system inet_pton() and inet_ntop() support
6234 1269. [port] Openserver: ifconfig.sh support.
6236 1268. [port] Openserver: the value FD_SETSIZE depends on whether
6237 <sys/param.h> is included or not. Be consistent.
6239 1267. [func] isc_file_openunique() now creates file using mode
6240 0666 rather than 0600.
6242 1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
6243 __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
6244 are not C++ compatible, use *_TYPE versions instead.
6246 1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
6247 C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
6251 1263. [bug] Reference after free error if dns_dispatchmgr_create()
6254 1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
6256 1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
6257 support for compressed TSIG owner names.
6259 1260. [func] libbind: res_update can now update IPv6 servers,
6260 new function res_findzonecut2().
6262 1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
6265 1258. [bug] libbind: res_nametotype() and res_nametoclass() were
6268 1257. [bug] Failure to write pid-file should not be fatal on
6271 1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
6273 1255. [bug] When verifying that an NXT proves nonexistence, check
6274 the rcode of the message and only do the matching NXT
6275 check. That is, for NXDOMAIN responses, check that
6276 the name is in the range between the NXT owner and
6277 next name, and for NOERROR NODATA responses, check
6278 that the type is not present in the NXT bitmap.
6280 1254. [func] preferred-glue option from BIND 8.3.
6282 1253. [bug] The dnssec system test failed to remove the correct
6285 1252. [bug] Dig, host and nslookup were not checking the address
6286 the answer was coming from against the address it was
6289 1251. [port] win32: a make file contained absolute version specific
6292 1250. [func] Nsupdate will report the address the update was
6295 1249. [bug] Missing masters clause was not handled gracefully.
6298 1248. [bug] DESTDIR was not being propagated between makes.
6300 1247. [bug] Don't reset the interface index for link/site local
6301 addresses. [RT #2576]
6303 1246. [func] New functions isc_sockaddr_issitelocal(),
6304 isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
6305 and isc_netaddr_islinklocal().
6307 1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
6310 1244. [bug] Receiving a TCP message from a blackhole address would
6311 prevent further messages being received over that
6314 1243. [bug] It was possible to trigger a REQUIRE() in
6315 dns_message_findtype(). [RT #2659]
6317 1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
6319 1241. [bug] Drop received UDP messages with a zero source port
6320 as these are invariably forged. [RT #2621]
6322 1240. [bug] It was possible to leak zone references by
6323 specifying an incorrect zone to rndc.
6325 1239. [bug] Under certain circumstances named could continue to
6326 use a name after it had been freed triggering
6327 INSIST() failures. [RT #2614]
6329 1238. [bug] It is possible to lockup the server when shutting down
6330 if notifies were being processed. [RT #2591]
6332 1237. [bug] nslookup: "set q=type" failed.
6334 1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
6335 NULL terminated text regions. [RT #2588]
6337 1235. [func] Report 'out of memory' errors from openssl.
6339 1234. [bug] contrib/sdb: 'zonetodb' failed to call
6340 dns_result_register(). DNS_R_SEENINCLUDE should not
6343 1233. [bug] The flags field of a KEY record can be expressed in
6344 hex as well as decimal.
6346 1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
6348 1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
6350 1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
6352 1229. [bug] named would crash if it received a TSIG signed
6353 query as part of an AXFR response. [RT #2570]
6355 1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
6357 1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
6358 if a number was expected and some other token was
6361 1226. [func] Use EDNS for zone refresh queries. [RT #2551]
6363 1225. [func] dns_message_setopt() no longer requires that
6364 dns_message_renderbegin() to have been called.
6366 1224. [bug] 'rrset-order' and 'sortlist' should be additive
6369 1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
6372 1222. [bug] Specifying 'port *' did not always result in a system
6373 selected (non-reserved) port being used. [RT #2537]
6375 1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
6376 compared case insensitively. [RT #2542]
6378 1220. [func] Support for APL rdata type.
6380 1219. [func] Named now reports the TSIG extended error code when
6381 signature verification fails. [RT #1651]
6383 1218. [bug] Named incorrectly returned SERVFAIL rather than
6384 NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
6386 1217. [func] Report locations of previous key definition when a
6387 duplicate is detected.
6389 1216. [bug] Multiple server clauses for the same server were not
6390 reported. [RT #2514]
6392 1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
6394 1214. [bug] Win32: isc_file_renameunique() could leave zero length
6397 1213. [func] Report view associated with client if it is not a
6398 standard view (_default or _bind).
6400 1212. [port] libbind: 64k answer buffers were causing stack space
6401 to be exceeded for certain OS. Use heap space instead.
6403 1211. [bug] dns_name_fromtext() incorrectly handled certain
6404 valid octal bitlabels. [RT #2483]
6406 1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
6407 compatible addresses. [RT #2461]
6409 1209. [bug] Dig, host, nslookup were not checking the message ids
6410 on the responses. [RT #2454]
6412 1208. [bug] dns_master_load*() failed to log a error message if
6413 an error was detected when parsing the ownername of
6414 a record. [RT #2448]
6416 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
6419 1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
6420 trigger a non-EDNS retry.
6422 1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
6423 of the message. [RT #2449]
6425 1204. [bug] libbind: res_nupdate() failed to update the name
6426 server addresses before sending the update.
6428 1203. [func] Report locations of previous acl and zone definitions
6429 when a duplicate is detected.
6431 1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
6433 1201. [bug] Require that if 'callbacks' is passed to
6434 dns_rdata_fromtext(), callbacks->error and
6435 callbacks->warn are initialized.
6437 1200. [bug] Log 'errno' that we are unable to convert to
6438 isc_result_t. [RT #2404]
6440 1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
6443 1198. [bug] OPT printing style was not consistent with the way the
6444 header fields are printed. The DO bit was not reported
6445 if set. Report if any of the MBZ bits are set.
6447 1197. [bug] Attempts to define the same acl multiple times were not
6450 1196. [contrib] update mdnkit to 2.2.3.
6452 1195. [bug] Attempts to redefine builtin acls should be caught.
6455 1194. [bug] Not all duplicate zone definitions were being detected
6456 at the named.conf checking stage. [RT #2431]
6458 1193. [bug] dig +besteffort parsing didn't handle packet
6459 truncation. dns_message_parse() has new flag
6460 DNS_MESSAGE_IGNORETRUNCATION.
6462 1192. [bug] The seconds fields in LOC records were restricted
6463 to three decimal places. More decimal places should
6464 be allowed but warned about.
6466 1191. [bug] A dynamic update removing the last non-apex name in
6467 a secure zone would fail. [RT #2399]
6469 1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
6472 1189. [bug] On some systems, malloc(0) returns NULL, which
6473 could cause the caller to report an out of memory
6476 1188. [bug] Dynamic updates of a signed zone would fail if
6477 some of the zone private keys were unavailable.
6479 1187. [bug] named was incorrectly returning DNSSEC records
6480 in negative responses when the DO bit was not set.
6482 1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
6483 EOL token when reading to end of line.
6485 1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
6486 unless RES_INIT is set when calling res_*init().
6488 1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
6489 when res_*init() is called.
6491 1183. [bug] Handle ENOSR error when writing to the internal
6492 control pipe. [RT #2395]
6494 1182. [bug] The server could throw an assertion failure when
6495 constructing a negative response packet.
6497 1181. [func] Add the "key-directory" configuration statement,
6498 which allows the server to look for online signing
6499 keys in alternate directories.
6501 1180. [func] dnssec-keygen should always generate keys with
6502 protocol 3 (DNSSEC), since it's less confusing
6505 1179. [func] Add SIG(0) support to nsupdate.
6507 1178. [bug] Follow and cache (if appropriate) A6 and other
6508 data chains to completion in the additional section.
6510 1177. [func] Report view when loading zones if it is not a
6511 standard view (_default or _bind). [RT #2270]
6513 1176. [doc] Document that allow-v6-synthesis is only performed
6514 for clients that are supplied recursive service.
6517 1175. [bug] named-checkzone and named-checkconf failed to call
6518 dns_result_register() at startup which could
6519 result in runtime exceptions when printing
6520 "out of memory" errors. [RT #2335]
6522 1174. [bug] Win32: add WSAECONNRESET to the expected errors
6523 from connect(). [RT #2308]
6525 1173. [bug] Potential memory leaks in isc_log_create() and
6526 isc_log_settag(). [RT #2336]
6528 1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
6529 table of RR types in ARM.
6531 1171. [func] Added function isc_region_compare(), updated files in
6532 lib/dns to use this function instead of local one.
6534 1170. [bug] Don't attempt to print the token when a I/O error
6535 occurs when parsing named.conf. [RT #2275]
6537 1169. [func] Identify recursive queries in the query log.
6539 1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
6541 1167. [contrib] nslint-2.1a3 (from author).
6543 1166. [bug] "Not Implemented" should be reported as NOTIMP,
6544 not NOTIMPL. [RT #2281]
6546 1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
6548 1164. [bug] Empty masters clauses in slave / stub zones were not
6549 handled gracefully. [RT #2262]
6551 1163. [func] isc_time_formattimestamp() now includes the year.
6553 1162. [bug] The allow-notify option was not accepted in slave
6556 1161. [bug] named-checkzone looped on unbalanced brackets.
6559 1160. [bug] Generating Diffie-Hellman keys longer than 1024
6560 bits could fail. [RT #2241]
6562 1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
6564 1158. [func] Report the client's address when logging notify
6567 1157. [func] match-clients and match-destinations now accept
6570 1156. [port] The configure test for strsep() incorrectly
6571 succeeded on certain patched versions of
6572 AIX 4.3.3. [RT #2190]
6574 1155. [func] Recover from master files being removed from under
6577 1154. [bug] Don't attempt to obtain the netmask of a interface
6578 if there is no address configured. [RT #2176]
6580 1153. [func] 'rndc {stop|halt} -p' now reports the process id
6581 of the instance of named being shutdown.
6583 1152. [bug] libbind: read buffer overflows.
6585 1151. [bug] nslookup failed to check that the arguments to
6586 the port, timeout, and retry options were
6587 valid integers and in range. [RT #2099]
6589 1150. [bug] named incorrectly accepted TTL values
6590 containing plus or minus signs, such as
6593 1149. [func] New function isc_parse_uint32().
6595 1148. [func] 'rndc-confgen -a' now provides positive feedback.
6597 1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
6598 the OS. listen-on-v6 { any; }; should no longer
6599 result in IPv4 queries be accepted. Similarly
6600 control { inet :: ... }; should no longer result
6601 in IPv4 connections being accepted. This can be
6602 overridden at compile time by defining
6605 1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
6606 supported by the OS by a new function
6607 isc_socket_ipv6only().
6609 1145. [func] "host" no longer reports a NOERROR/NODATA response
6610 by printing nothing. [RT #2065]
6612 1144. [bug] rndc-confgen would crash if both the -a and -t
6613 options were specified. [RT #2159]
6615 1143. [bug] When a trusted-keys statement was present and named
6616 was built without crypto support, it would leak memory.
6618 1142. [bug] dnssec-signzone would fail to delete temporary files
6619 in some failure cases. [RT #2144]
6621 1141. [bug] When named rejected a control message, it would
6622 leak a file descriptor and memory. It would also
6623 fail to respond, causing rndc to hang.
6626 1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
6627 to the -s option. [RT #2138]
6629 1139. [func] It is now possible to flush a given name from the
6630 cache(s) via 'rndc flushname name [view]'. [RT #2051]
6632 1138. [func] It is now possible to flush a given name from the
6633 cache by calling the new function
6634 dns_cache_flushname().
6636 1137. [func] It is now possible to flush a given name from the
6637 ADB by calling the new function dns_adb_flushname().
6639 1136. [bug] CNAME records synthesized from DNAMEs did not
6640 have a TTL of zero as required by RFC2672.
6643 1135. [func] You can now override the default syslog() facility for
6644 named/lwresd at compile time. [RT #1982]
6646 1134. [bug] Multi-threaded servers could deadlock in ferror()
6647 when reloading zone files. [RT #1951, #1998]
6649 1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
6650 platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
6652 1132. [func] Improve UPDATE prerequisite failure diagnostic messages.
6654 1131. [bug] The match-destinations view option did not work with
6655 IPv6 destinations. [RT #2073, #2074]
6657 1130. [bug] Log messages reporting an out-of-range serial number
6658 did not include the out-of-range number but the
6659 following token. [RT #2076]
6661 1129. [bug] Multi-threaded servers could crash under heavy
6662 resolution load due to a race condition. [RT #2018]
6664 1128. [func] sdb drivers can now provide RR data in either text
6665 or wire format, the latter using the new functions
6666 dns_sdb_putrdata() and dns_sdb_putnamedrdata().
6668 1127. [func] rndc: If the server to contact has multiple addresses,
6671 1126. [bug] The server could access a freed event if shut
6672 down while a client start event was pending
6673 delivery. [RT #2061]
6675 1125. [bug] rndc: -k option was missing from usage message.
6678 1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
6679 are now documented. [RT #2052]
6681 1123. [bug] dig +[no]fail did not match description. [RT #2052]
6683 1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
6686 1121. [bug] The server could attempt to access a NULL zone
6687 table if shut down while resolving.
6690 1120. [bug] Errors in options were not fatal. [RT #2002]
6692 1119. [func] Added support in Win32 for NTFS file/directory ACL's
6695 1118. [bug] On multi-threaded servers, a race condition
6696 could cause an assertion failure in resolver.c
6697 during resolver shutdown. [RT #2029]
6699 1117. [port] The configure check for in6addr_loopback incorrectly
6700 succeeded on AIX 4.3 when compiling with -O2
6701 because the test code was optimized away.
6704 1116. [bug] Setting transfers in a server clause, transfers-in,
6705 or transfers-per-ns to a value greater than
6706 2147483647 disabled transfers. [RT #2002]
6708 1115. [func] Set maximum values for cleaning-interval,
6709 heartbeat-interval, interface-interval,
6710 max-transfer-idle-in, max-transfer-idle-out,
6711 max-transfer-time-in, max-transfer-time-out,
6712 statistics-interval of 28 days and
6713 sig-validity-interval of 3660 days. [RT #2002]
6715 1114. [port] Ignore more accept() errors. [RT #2021]
6717 1113. [bug] The allow-update-forwarding option was ignored
6718 when specified in a view. [RT #2014]
6722 1111. [bug] Multi-threaded servers could deadlock processing
6723 recursive queries due to a locking hierarchy
6724 violation in adb.c. [RT #2017]
6726 1110. [bug] dig should only accept valid abbreviations of +options.
6729 1109. [bug] nsupdate accepted illegal ttl values.
6731 1108. [bug] On Win32, rndc was hanging when named was not running
6732 due to failure to select for exceptional conditions
6733 in select(). [RT #1870]
6735 1107. [bug] nsupdate could catch an assertion failure if an
6736 invalid domain name was given as the argument to
6739 1106. [bug] After seeing an out of range TTL, nsupdate would
6740 treat all TTLs as out of range. [RT #2001]
6742 1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
6744 1104. [bug] Invalid arguments to the transfer-format option
6745 could cause an assertion failure. [RT #1995]
6747 1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
6749 1102. [doc] Note that query logging is enabled by directing the
6750 queries category to a channel.
6752 1101. [bug] Array bounds read error in lwres_gai_strerror.
6754 1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
6756 1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
6757 compile time errors.
6759 1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
6761 1097. [func] libbind: RES_PRF_TRUNC for dig.
6763 1096. [func] libbind: "DNSSEC OK" (DO) support.
6765 1095. [func] libbind: resolver option: no-tld-query. disables
6766 trying unqualified as a tld. no_tld_query is also
6767 supported for FreeBSD compatibility.
6769 1094. [func] libbind: add support gcc's format string checking.
6771 1093. [doc] libbind: miscellaneous nroff fixes.
6773 1092. [bug] libbind: get*by*() failed to check if res_init() had
6776 1091. [bug] libbind: misplaced va_end().
6778 1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
6779 the amount of memory consumed resulting in garbage
6780 address being returned. Alignment calculations were
6781 wasting space. We weren't suppressing duplicate
6784 1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
6787 1088. [port] libbind: MPE/iX C.70 (incomplete)
6789 1087. [bug] libbind: struct __res_state too large on 64 bit arch.
6791 1086. [port] libbind: sunos: old sprintf.
6793 1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
6794 exist when compiling in 64 bit mode.
6796 1084. [cleanup] libbind: gai_strerror() rewritten.
6798 1083. [bug] The default control channel listened on the
6799 wildcard address, not the loopback as documented.
6802 1082. [bug] The -g option to named incorrectly caused logging
6803 to be sent to syslog in addition to stderr.
6806 1081. [bug] Multicast queries were incorrectly identified
6807 based on the source address, not the destination
6810 1080. [bug] BIND 8 compatibility: accept bare IP prefixes
6811 as the second element of a two-element top level
6812 sort list statement. [RT #1964]
6814 1079. [bug] BIND 8 compatibility: accept bare elements at top
6815 level of sort list treating them as if they were
6816 a single element list. [RT #1963]
6818 1078. [bug] We failed to correct bad tv_usec values in one case.
6821 1077. [func] Do not accept further recursive clients when
6822 the total number of recursive lookups being
6823 processed exceeds max-recursive-clients, even
6824 if some of the lookups are internally generated.
6827 1076. [bug] A badly defined global key could trigger an assertion
6828 on load/reload if views were used. [RT #1947]
6830 1075. [bug] Out-of-range network prefix lengths were not
6831 reported. [RT #1954]
6833 1074. [bug] Running out of memory in dump_rdataset() could
6834 cause an assertion failure. [RT #1946]
6836 1073. [bug] The ADB cache cleaning should also be space driven.
6839 1072. [bug] The TCP client quota could be exceeded when
6840 recursion occurred. [RT #1937]
6842 1071. [bug] Sockets listening for TCP DNS connections
6843 specified an excessive listen backlog. [RT #1937]
6845 1070. [bug] Copy DNSSEC OK (DO) to response as specified by
6846 draft-ietf-dnsext-dnssec-okbit-03.txt.
6850 1068. [bug] errno could be overwritten by catgets(). [RT #1921]
6852 1067. [func] Allow quotas to be soft, isc_quota_soft().
6854 1066. [bug] Provide a thread safe wrapper for strerror().
6857 1065. [func] Runtime support to select new / old style interface
6858 scanning using ioctls.
6860 1064. [bug] Do not shut down active network interfaces if we
6861 are unable to scan the interface list. [RT #1921]
6863 1063. [bug] libbind: "make install" was failing on IRIX.
6866 1062. [bug] If the control channel listener socket was shut
6867 down before server exit, the listener object could
6868 be freed twice. [RT #1916]
6870 1061. [bug] If periodic cache cleaning happened to start
6871 while cleaning due to reaching the configured
6872 maximum cache size was in progress, the server
6873 could catch an assertion failure. [RT #1912]
6875 1060. [func] Move refresh, stub and notify UDP retry processing
6878 1059. [func] dns_request now support will now retry UDP queries,
6879 dns_request_createvia2() and dns_request_createraw2().
6881 1058. [func] Limited lifetime ticker timers are now available,
6882 isc_timertype_limited.
6884 1057. [bug] Reloading the server after adding a "file" clause
6885 to a zone statement could cause the server to
6886 crash due to a typo in change 1016.
6888 1056. [bug] Rndc could catch an assertion failure on SIGINT due
6889 to an uninitialized variable. [RT #1908]
6891 1055. [func] Version and hostname queries can now be disabled
6892 using "version none;" and "hostname none;",
6895 1054. [bug] On Win32, cfg_categories and cfg_modules need to be
6896 exported from the libisccfg DLL.
6898 1053. [bug] Dig did not increase its timeout when receiving
6899 AXFRs unless the +time option was used. [RT #1904]
6901 1052. [bug] Journals were not being created in binary mode
6902 resulting in "journal format not recognized" error
6903 under Win32. [RT #1889]
6905 1051. [bug] Do not ignore a network interface completely just
6906 because it has a noncontiguous netmask. Instead,
6907 omit it from the localnets ACL and issue a warning.
6910 1050. [bug] Log messages reporting malformed IP addresses in
6911 address lists such as that of the forwarders option
6912 failed to include the correct error code, file
6913 name, and line number. [RT #1890]
6915 1049. [func] "pid-file none;" will disable writing a pid file.
6918 1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
6921 1047. [bug] named was incorrectly refusing all requests signed
6922 with a TSIG key derived from an unsigned TKEY
6923 negotiation with a NOERROR response. [RT #1886]
6925 1046. [bug] The help message for the --with-openssl configure
6926 option was inaccurate. [RT #1880]
6928 1045. [bug] It was possible to skip saving glue for a nameserver
6931 1044. [bug] Specifying allow-transfer, notify-source, or
6932 notify-source-v6 in a stub zone was not treated
6935 1043. [bug] Specifying a transfer-source or transfer-source-v6
6936 option in the zone statement for a master zone was
6937 not treated as an error. [RT #1876]
6939 1042. [bug] The "config" logging category did not work properly.
6942 1041. [bug] Dig/host/nslookup could catch an assertion failure
6943 on SIGINT due to an uninitialized variable. [RT #1867]
6945 1040. [bug] Multiple listen-on-v6 options with different ports
6946 were not accepted. [RT #1875]
6948 1039. [bug] Negative responses with CNAMEs in the answer section
6949 were cached incorrectly. [RT #1862]
6951 1038. [bug] In servers configured with a tkey-domain option,
6952 TKEY queries with an owner name other than the root
6953 could cause an assertion failure. [RT #1866, #1869]
6955 1037. [bug] Negative responses whose authority section contain
6956 SOA or NS records whose owner names are not equal
6957 equal to or parents of the query name should be
6958 rejected. [RT #1862]
6960 1036. [func] Silently drop requests received via multicast as
6961 long as there is no final multicast DNS standard.
6963 1035. [bug] If we respond to multicast queries (which we
6964 currently do not), respond from a unicast address
6965 as specified in RFC 1123. [RT #137]
6967 1034. [bug] Ignore the RD bit on multicast queries as specified
6968 in RFC 1123. [RT #137]
6970 1033. [bug] Always respond to requests with an unsupported opcode
6971 with NOTIMP, even if we don't have a matching view
6972 or cannot determine the class.
6974 1032. [func] hostname.bind/txt/chaos now returns the name of
6975 the machine hosting the nameserver. This is useful
6976 in diagnosing problems with anycast servers.
6978 1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
6981 1030. [bug] On systems with no resolv.conf file, nsupdate
6982 exited with an error rather than defaulting
6983 to using the loopback address. [RT #1836]
6985 1029. [bug] Some named.conf errors did not cause the loading
6986 of the configuration file to return a failure
6987 status even though they were logged. [RT #1847]
6989 1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
6990 in the wrong directory. [RT #1833]
6992 1027. [bug] RRs having the reserved type 0 should be rejected.
6997 1025. [bug] Don't use multicast addresses to resolve iterative
7000 1024. [port] Compilation failed on HP-UX 11.11 due to
7001 incompatible use of the SIOCGLIFCONF macro
7004 1023. [func] Accept hints without TTLs.
7006 1022. [bug] Don't report empty root hints as "extra data".
7009 1021. [bug] On Win32, log message timestamps were one month
7010 later than they should have been, and the server
7011 would exhibit unspecified behavior in December.
7013 1020. [bug] IXFR log messages did not distinguish between
7014 true IXFRs, AXFR-style IXFRs, and mere version
7017 1019. [bug] The value of the lame-ttl option was limited to 18000
7018 seconds, not 1800 seconds as documented. [RT #1803]
7020 1018. [bug] The default log channel was not always initialized
7021 correctly. [RT #1813]
7023 1017. [bug] When specifying TSIG keys to dig and nsupdate using
7024 the -k option, they must be HMAC-MD5 keys. [RT #1810]
7026 1016. [bug] Slave zones with no backup file were re-transferred
7027 on every server reload.
7029 1015. [bug] Log channels that had a "versions" option but no
7030 "size" option failed to create numbered log
7033 1014. [bug] Some queries would cause statistics counters to
7034 increment more than once or not at all. [RT #1321]
7036 1013. [bug] It was possible to cancel a query twice when marking
7037 a server as bogus or by having a blackhole acl.
7040 1012. [bug] The -p option to named did not behave as documented.
7042 1011. [cleanup] Removed isc_dir_current().
7044 1010. [bug] The server could attempt to execute a command channel
7045 command after initiating server shutdown, causing
7046 an assertion failure. [RT #1766]
7048 1009. [port] OpenUNIX 8 support. [RT #1728]
7050 1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
7052 1007. [port] config.guess, config.sub from autoconf-2.52.
7054 1006. [bug] If a KEY RR was found missing during DNSSEC validation,
7055 an assertion failure could subsequently be triggered
7056 in the resolver. [RT #1763]
7058 1005. [bug] Don't copy nonzero RCODEs from request to response.
7061 1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
7063 1003. [func] Add the +retry option to dig.
7065 1002. [bug] When reporting an unknown class name in named.conf,
7066 including the file name and line number. [RT #1759]
7068 1001. [bug] win32 socket code doio_recv was not catching a
7069 WSACONNRESET error when a client was timing out
7070 the request and closing its socket. [RT #1745]
7072 1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
7073 for class "HS". [RT #1759]
7075 999. [func] "rndc retransfer zone [class [view]]" added.
7078 998. [func] named-checkzone now has arguments to specify the
7079 chroot directory (-t) and working directory (-w).
7082 997. [func] Add support for RSA-SHA1 keys (RFC3110).
7084 996. [func] Issue warning if the configuration filename contains
7087 995. [bug] dig, host, nslookup: using a raw IPv6 address as a
7088 target address should be fatal on a IPv4 only system.
7090 994. [func] Treat non-authoritative responses to queries for type
7091 NS as referrals even if the NS records are in the
7092 answer section, because BIND 8 servers incorrectly
7093 send them that way. This is necessary for DNSSEC
7094 validation of the NS records of a secure zone to
7095 succeed when the parent is a BIND 8 server. [RT #1706]
7097 993. [func] dig: -v now reports the version.
7099 992. [doc] dig: ~/.digrc is now documented.
7101 991. [func] Lower UDP refresh timeout messages to level
7104 990. [bug] The rndc-confgen man page was not installed.
7106 989. [bug] Report filename if $INCLUDE fails for file related
7109 988. [bug] 'additional-from-auth no;' did not work reliably
7110 in the case of queries answered from the cache.
7113 987. [bug] "dig -help" didn't show "+[no]stats".
7115 986. [bug] "dig +noall" failed to clear stats and command
7118 985. [func] Consider network interfaces to be up iff they have
7119 a nonzero IP address rather than based on the
7120 IFF_UP flag. [RT #1160]
7122 984. [bug] Multi-threading should be enabled by default on
7123 Solaris 2.7 and newer, but it wasn't.
7125 983. [func] The server now supports generating IXFR difference
7126 sequences for non-dynamic zones by comparing zone
7127 versions, when enabled using the new config
7128 option "ixfr-from-differences". [RT #1727]
7130 982. [func] If "memstatistics-file" is set in options the memory
7131 statistics will be written to it.
7133 981. [func] The dnssec tools can now take multiple '-r randomfile'
7136 980. [bug] Incoming zone transfers restarting after an error
7137 could trigger an assertion failure. [RT #1692]
7139 979. [func] Incremental master file dumping. dns_master_dumpinc(),
7140 dns_master_dumptostreaminc(), dns_dumpctx_attach(),
7141 dns_dumpctx_detach(), dns_dumpctx_cancel(),
7142 dns_dumpctx_db() and dns_dumpctx_version().
7144 978. [bug] dns_db_attachversion() had an invalid REQUIRE()
7147 977. [bug] Improve "not at top of zone" error message.
7149 976. [func] named-checkconf can now test load master zones
7150 (named-checkconf -z). [RT #1468]
7152 975. [bug] "max-cache-size default;" as a view option
7153 caused an assertion failure.
7155 974. [bug] "max-cache-size unlimited;" as a global option
7158 973. [bug] Failed to log the question name when logging:
7159 "bad zone transfer request: non-authoritative zone
7162 972. [bug] The file modification time code in zone.c was using the
7163 wrong epoch. [RT #1667]
7167 970. [func] 'max-journal-size' can now be used to set a target
7170 969. [func] dig now supports the undocumented dig 8 feature
7171 of allowing arbitrary labels, not just dotted
7172 decimal quads, with the -x option. This can be
7173 used to conveniently look up RFC2317 names as in
7174 "dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
7176 968. [bug] On win32, the isc_time_now() function was unnecessarily
7177 calling strtime(). [RT #1671]
7179 967. [bug] On win32, the link for bindevt was not including the
7180 required resource file to enable the event viewer
7181 to interpret the error messages in the event log,
7186 965. [bug] Including data other than root server NS and A
7187 records in the root hint file could cause a rbtdb
7188 node reference leak. [RT #1581, #1618]
7190 964. [func] Warn if data other than root server NS and A records
7191 are found in the root hint file. [RT #1581, #1618]
7193 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
7195 962. [bug] libbind: bad "#undef", don't attempt to install
7196 non-existent nlist.h. [RT #1640]
7198 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
7199 was not defined. [RT #1482]
7201 960. [port] liblwres failed to build on systems with support for
7202 getrrsetbyname() in the OS. [RT #1592]
7204 959. [port] On FreeBSD, determine the number of CPUs by calling
7205 sysctlbyname(). [RT #1584]
7207 958. [port] ssize_t is not available on all platforms. [RT #1607]
7209 957. [bug] sys/select.h inclusion was broken on older platforms.
7212 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
7213 in named/win32/os.c due to code changes in
7214 change #953. win32 .make file for rndc-confgen
7215 updated to add include path for os.h header.
7217 --- 9.2.0rc1 released ---
7219 955. [bug] When using views, the zone's class was not being
7220 inherited from the view's class. [RT #1583]
7222 954. [bug] When requesting AXFRs or IXFRs using dig, host, or
7223 nslookup, the RD bit should not be set as zone
7224 transfers are inherently non-recursive. [RT #1575]
7226 953. [func] The /var/run/named.key file from change #843
7227 has been replaced by /etc/rndc.key. Both
7228 named and rndc will look for this file and use
7229 it to configure a default control channel key
7230 if not already configured using a different
7231 method (rndc.conf / controls). Unlike
7232 named.key, rndc.key is not created automatically;
7233 it must be created by manually running
7236 952. [bug] The server required manual intervention to serve the
7237 affected zones if it died between creating a journal
7238 and committing the first change to it.
7240 951. [bug] CFLAGS was not passed to the linker when
7241 linking some of the test programs under
7242 bin/tests. [RT #1555].
7244 950. [bug] Explicit TTLs did not properly override $TTL
7245 due to a bug in change 834. [RT #1558]
7247 949. [bug] host was unable to print records larger than 512
7250 --- 9.2.0b2 released ---
7252 948. [port] Integrated support for building on Windows NT /
7255 947. [bug] dns_rdata_soa_t had a badly named element "mname" which
7256 was really the RNAME field from RFC1035. To avoid
7257 confusion and silent errors that would occur it the
7258 "origin" and "mname" elements were given their correct
7259 names "mname" and "rname" respectively, the "mname"
7260 element is renamed to "contact".
7262 946. [cleanup] doc/misc/options is now machine-generated from the
7263 configuration parser syntax tables, and therefore
7264 more likely to be correct.
7266 945. [func] Add the new view-specific options
7267 "match-destinations" and "match-recursive-only".
7269 944. [func] Check for expired signatures on load.
7271 943. [bug] The server could crash when receiving a command
7272 via rndc if the configuration file listed only
7273 nonexistent keys in the controls statement. [RT #1530]
7275 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly
7276 defined on some platforms.
7278 941. [bug] The configuration checker crashed if a slave
7279 zone didn't contain a masters statement. [RT #1514]
7281 940. [bug] Double zone locking failure on error path. [RT #1510]
7283 --- 9.2.0b1 released ---
7285 939. [port] Add the --disable-linux-caps option to configure for
7286 systems that manage capabilities outside of named.
7291 937. [bug] A race when shutting down a zone could trigger a
7292 INSIST() failure. [RT #1034]
7294 936. [func] Warn about IPv4 addresses that are not complete
7295 dotted quads. [RT #1084]
7297 935. [bug] inet_pton failed to reject leading zeros.
7299 934. [port] Deal with systems where accept() spuriously returns
7302 933. [bug] configure failed doing libbind on platforms not
7303 supported by BIND 8. [RT #1496]
7305 --- 9.2.0a3 released ---
7307 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
7308 when installing isc-config.sh.
7311 931. [bug] The controls statement only attempted to verify
7312 messages using the first key in the key list.
7315 930. [func] Query performance testing tool added as
7320 928. [bug] nsupdate would send empty update packets if the
7321 send (or empty line) command was run after
7322 another send but before any new updates or
7323 prerequisites were specified. It should simply
7324 ignore this command.
7326 927. [bug] Don't hold the zone lock for the entire dump to disk.
7329 926. [bug] The resolver could deadlock with the ADB when
7330 shutting down (multi-threaded builds only).
7333 925. [cleanup] Remove openssl from the distribution; require that
7334 --with-openssl be specified if DNSSEC is needed.
7336 924. [port] Extend support for pre-RFC2133 IPv6 implementation.
7339 923. [bug] Multiline TSIG secrets (and other multiline strings)
7340 were not accepted in named.conf. [RT #1469]
7342 922. [func] Added two new lwres_getrrsetbyname() result codes,
7343 ERR_NONAME and ERR_NODATA.
7345 921. [bug] lwres returned an incorrect error code if it received
7346 a truncated message.
7348 920. [func] Increase the lwres receive buffer size to 16K.
7353 918. [func] In nsupdate, TSIG errors are no longer treated as
7356 917. [func] New nsupdate command 'key', allowing TSIG keys to
7357 be specified in the nsupdate command stream rather
7358 than the command line.
7360 916. [bug] Specifying type ixfr to dig without specifying
7361 a serial number failed in unexpected ways.
7363 915. [func] The named-checkconf and named-checkzone programs
7364 now have a '-v' option for printing their version.
7367 914. [bug] Global 'server' statements were rejected when
7368 using views, even though they were accepted
7371 913. [bug] Cache cleaning was not sufficiently aggressive.
7374 912. [bug] Attempts to set the 'additional-from-cache' or
7375 'additional-from-auth' option to 'no' in a
7376 server with recursion enabled will now
7377 be ignored and cause a warning message.
7382 910. [port] Some pre-RFC2133 IPv6 implementations do not define
7383 IN6ADDR_ANY_INIT. [RT #1416]
7387 908. [func] New program, rndc-confgen, to simplify setting up rndc.
7389 907. [func] The ability to get entropy from either the
7390 random device, a user-provided file or from
7391 the keyboard was migrated from the DNSSEC tools
7392 to libisc as isc_entropy_usebestsource().
7394 906. [port] Separated the system independent portion of
7395 lib/isc/unix/entropy.c into lib/isc/entropy.c
7396 and added lib/isc/win32/entropy.c.
7398 905. [bug] Configuring a forward "zone" for the root domain
7399 did not work. [RT #1418]
7401 904. [bug] The server would leak memory if attempting to use
7402 an expired TSIG key. [RT #1406]
7404 903. [bug] dig should not crash when receiving a TCP packet
7407 902. [bug] The -d option was ignored if both -t and -g were also
7412 900. [bug] A config.guess update changed the system identification
7413 string of FreeBSD systems; configure and
7414 bin/tests/system/ifconfig.sh now recognize the new
7417 --- 9.2.0a2 released ---
7419 899. [bug] lib/dns/soa.c failed to compile on many platforms
7420 due to inappropriate use of a void value.
7421 [RT #1372, #1373, #1386, #1387, #1395]
7423 898. [bug] "dig" failed to set a nonzero exit status
7424 on UDP query timeout. [RT #1323]
7426 897. [bug] A config.guess update changed the system identification
7427 string of UnixWare systems; configure now recognizes
7430 896. [bug] If a configuration file is set on named's command line
7431 and it has a relative pathname, the current directory
7432 (after any possible jailing resulting from named -t)
7433 will be prepended to it so that reloading works
7434 properly even when a directory option is present.
7436 895. [func] New function, isc_dir_current(), akin to POSIX's
7439 894. [bug] When using the DNSSEC tools, a message intended to warn
7440 when the keyboard was being used because of the lack
7441 of a suitable random device was not being printed.
7443 893. [func] Removed isc_file_test() and added isc_file_exists()
7444 for the basic functionality that was being added
7445 with isc_file_test().
7449 891. [bug] Return an error when a SIG(0) signed response to
7450 an unsigned query is seen. This should actually
7451 do the verification, but it's not currently
7452 possible. [RT #1391]
7454 890. [cleanup] The man pages no longer require the mandoc macros
7455 and should now format cleanly using most versions of
7456 nroff, and HTML versions of the man pages have been
7457 added. Both are generated from DocBook source.
7459 889. [port] Eliminated blank lines before .TH in nroff man
7460 pages since they cause problems with some versions
7461 of nroff. [RT #1390]
7463 888. [bug] Don't die when using TKEY to delete a nonexistent
7464 TSIG key. [RT #1392]
7466 887. [port] Detect broken compilers that can't call static
7467 functions from inline functions. [RT #1212]
7509 866. [func] Close debug only file channels when debug is set to
7512 865. [bug] The new configuration parser did not allow
7513 the optional debug level in a "severity debug"
7514 clause of a logging channel to be omitted.
7515 This is now allowed and treated as "severity
7516 debug 1;" like it does in BIND 8.2.4, not as
7517 "severity debug 0;" like it did in BIND 9.1.
7520 864. [cleanup] Multi-threading is now enabled by default on
7521 OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
7523 863. [bug] If an error occurred while an outgoing zone transfer
7524 was starting up, the server could access a domain
7525 name that had already been freed when logging a
7526 message saying that the transfer was starting.
7529 862. [bug] Use after realloc(), non portable pointer arithmetic in
7532 861. [port] Add support for Mac OS X, by making it equivalent
7533 to Darwin. This was derived from the config.guess
7534 file shipped with Mac OS X. [RT #1355]
7536 860. [func] Drop cross class glue in zone transfers.
7538 859. [bug] Cache cleaning now won't swamp the CPU if there
7539 is a persistent over limit condition.
7541 858. [func] isc_mem_setwater() no longer requires that when the
7542 callback function is non-NULL then its hi_water
7543 argument must be greater than its lo_water argument
7544 (they can now be equal) or that they be non-zero.
7546 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
7547 structs, for our friends in EBCDIC-land.
7549 856. [func] Allow partial rdatasets to be returned in answer and
7550 authority sections to help non-TCP capable clients
7551 recover from truncation. [RT #1301]
7553 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
7555 854. [bug] The config parser didn't properly handle config
7556 options that were specified in units of time other
7557 than seconds. [RT #1372]
7559 853. [bug] configure_view_acl() failed to detach existing acls.
7562 852. [bug] Handle responses from servers which do not know
7565 851. [cleanup] The obsolete support-ixfr option was not properly
7568 --- 9.2.0a1 released ---
7570 850. [bug] dns_rbt_findnode() would not find nodes that were
7571 split on a bitstring label somewhere other than in
7572 the last label of the node. [RT #1351]
7574 849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
7576 848. [func] A minimum max-cache-size of two megabytes is enforced
7577 by the cache cleaner.
7579 847. [func] Added isc_file_test(), which currently only has
7580 some very basic functionality to test for the
7581 existence of a file, whether a pathname is absolute,
7582 or whether a pathname is the fundamental representation
7583 of the current directory. It is intended that this
7584 function can be expanded to test other things a
7585 programmer might want to know about a file.
7587 846. [func] A non-zero 'param' to dst_key_generate() when making an
7588 hmac-md5 key means that good entropy is not required.
7590 845. [bug] The access rights on the public file of a symmetric
7591 key are now restricted as soon as the file is opened,
7592 rather than after it has been written and closed.
7594 844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
7595 just as <lwres/net.h> does.
7597 843. [func] If no controls statement is present in named.conf,
7598 or if any inet phrase of a controls statement is
7599 lacking a keys clause, then a key will be automatically
7600 generated by named and an rndc.conf-style file
7601 named named.key will be written that uses it. rndc
7602 will use this file only if its normal configuration
7603 file, or one provided on the command line, does not
7606 842. [func] 'rndc flush' now takes an optional view.
7608 841. [bug] When sdb modules were not declared threadsafe, their
7609 create and destroy functions were not serialized.
7611 840. [bug] The config file parser could print the wrong file
7612 name if an error was detected after an included file
7613 was parsed. [RT #1353]
7615 839. [func] Dump packets for which there was no view or that the
7616 class could not be determined to category "unmatched".
7618 838. [port] UnixWare 7.x.x is now suported by
7619 bin/tests/system/ifconfig.sh.
7621 837. [cleanup] Multi-threading is now enabled by default only on
7622 OSF1, Solaris 2.7 and newer, and AIX.
7624 836. [func] Upgraded libtool to 1.4.
7626 835. [bug] The dispatcher could enter a busy loop if
7627 it got an I/O error receiving on a UDP socket.
7630 834. [func] Accept (but warn about) master files beginning with
7631 an SOA record without an explicit TTL field and
7632 lacking a $TTL directive, by using the SOA MINTTL
7633 as a default TTL. This is for backwards compatibility
7634 with old versions of BIND 8, which accepted such
7635 files without warning although they are illegal
7636 according to RFC1035.
7638 833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
7639 <dns/soa.h>, and extended them to support
7640 all the integer-valued fields of the SOA RR.
7642 832. [bug] The default location for named.conf in named-checkconf
7643 should depend on --sysconfdir like it does in named.
7648 830. [func] Implement 'rndc status'.
7650 829. [bug] The DNS_R_ZONECUT result code should only be returned
7651 when an ANY query is made with DNS_DBFIND_GLUEOK set.
7652 In all other ANY query cases, returning the delegation
7655 828. [bug] The errno value from recvfrom() could be overwritten
7656 by logging code. [RT #1293]
7658 827. [bug] When an IXFR protocol error occurs, the slave
7659 should retry with AXFR.
7661 826. [bug] Some IXFR protocol errors were not detected.
7663 825. [bug] zone.c:ns_query() detached from the wrong zone
7664 reference. [RT #1264]
7666 824. [bug] Correct line numbers reported by dns_master_load().
7669 823. [func] The output of "dig -h" now goes to stdout so that it
7670 can easily be piped through "more". [RT #1254]
7672 822. [bug] Sending nxrrset prerequisites would crash nsupdate.
7675 821. [bug] The program name used when logging to syslog should
7676 be stripped of leading path components.
7679 820. [bug] Name server address lookups failed to follow
7680 A6 chains into the glue of local authoritative
7683 819. [bug] In certain cases, the resolver's attempts to
7684 restart an address lookup at the root could cause
7685 the fetch to deadlock (with itself) instead of
7686 restarting. [RT #1225]
7688 818. [bug] Certain pathological responses to ANY queries could
7689 cause an assertion failure. [RT #1218]
7691 817. [func] Adjust timeouts for dialup zone queries.
7693 816. [bug] Report potential problems with log file accessibility
7694 at configuration time, since such problems can't
7695 reliably be reported at the time they actually occur.
7697 815. [bug] If a log file was specified with a path separator
7698 character (i.e. "/") in its name and the directory
7699 did not exist, the log file's name was treated as
7700 though it were the directory name. [RT #1189]
7702 814. [bug] Socket objects left over from accept() failures
7703 were incorrectly destroyed, causing corruption
7704 of socket manager data structures.
7706 813. [bug] File descriptors exceeding FD_SETSIZE were handled
7709 812. [bug] dig sometimes printed incomplete IXFR responses
7710 due to an uninitialized variable. [RT #1188]
7712 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
7714 810. [bug] The signer name in SIG records was not properly
7715 down-cased when signing/verifying records. [RT #1186]
7717 809. [bug] Configuring a non-local address as a transfer-source
7718 could cause an assertion failure during load.
7720 808. [func] Add 'rndc flush' to flush the server's cache.
7722 807. [bug] When setting up TCP connections for incoming zone
7723 transfers, the transfer-source port was not
7724 ignored like it should be.
7726 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
7727 the calling stack to the zone maintenance level,
7728 causing zones to not reload when an included file was
7729 touched but the top-level zone file was not.
7731 805. [bug] When using "forward only", missing root hints should
7732 not cause queries to fail. [RT #1143]
7734 804. [bug] Attempting to obtain entropy could fail in some
7735 situations. This would be most common on systems
7736 with user-space threads. [RT #1131]
7738 803. [bug] Treat all SIG queries as if they have the CD bit set,
7739 otherwise no data will be returned [RT #749]
7741 802. [bug] DNSSEC key tags were computed incorrectly in almost
7742 all cases. [RT #1146]
7744 801. [bug] nsupdate should treat lines beginning with ';' as
7745 comments. [RT #1139]
7747 800. [bug] dnssec-signzone produced incorrect statistics for
7748 large zones. [RT #1133]
7750 799. [bug] The ADB didn't find AAAA glue in a zone unless A6
7751 glue was also present.
7753 798. [bug] nsupdate should be able to reject bad input lines
7754 and continue. [RT #1130]
7756 797. [func] Issue a warning if the 'directory' option contains
7757 a relative path. [RT #269]
7759 796. [func] When a size limit is associated with a log file,
7760 only roll it when the size is reached, not every
7761 time the log file is opened. [RT #1096]
7763 795. [func] Add the +multiline option to dig. [RT #1095]
7765 794. [func] Implement the "port" and "default-port" statements
7768 793. [cleanup] The DNSSEC tools could create filenames that were
7769 illegal or contained shell meta-characters. They
7770 now use a different text encoding of names that
7771 doesn't have these problems. [RT #1101]
7773 792. [cleanup] Replace the OMAPI command channel protocol with a
7776 791. [bug] The command channel now works over IPv6.
7778 790. [bug] Wildcards created using dynamic update or IXFR
7779 could fail to match. [RT #1111]
7781 789. [bug] The "localhost" and "localnets" ACLs did not match
7782 when used as the second element of a two-element
7785 788. [func] Add the "match-mapped-addresses" option, which
7786 causes IPv6 v4mapped addresses to be treated as
7787 IPv4 addresses for the purpose of acl matching.
7789 787. [bug] The DNSSEC tools failed to downcase domain
7790 names when mapping them into file names.
7792 786. [bug] When DNSSEC signing/verifying data, owner names were
7793 not properly down-cased.
7795 785. [bug] A race condition in the resolver could cause
7796 an assertion failure. [RT #673, #872, #1048]
7798 784. [bug] nsupdate and other programs would not quit properly
7799 if some signals were blocked by the caller. [RT #1081]
7801 783. [bug] Following CNAMEs could cause an assertion failure
7802 when either using an sdb database or under very
7805 782. [func] Implement the "serial-query-rate" option.
7807 781. [func] Avoid error packet loops by dropping duplicate FORMERR
7808 responses. [RT #1006]
7810 780. [bug] Error handling code dealing with out of memory or
7811 other rare errors could lead to assertion failures
7812 by calling functions on uninitialized names. [RT #1065]
7814 779. [func] Added the "minimal-responses" option.
7816 778. [bug] When starting cache cleaning, cleaning_timer_action()
7817 returned without first pausing the iterator, which
7818 could cause deadlock. [RT #998]
7820 777. [bug] An empty forwarders list in a zone failed to override
7821 global forwarders. [RT #995]
7823 776. [func] Improved error reporting in denied messages. [RT #252]
7827 774. [func] max-cache-size is implemented.
7829 773. [func] Added isc_rwlock_trylock() to attempt to lock without
7832 772. [bug] Owner names could be incorrectly omitted from cache
7833 dumps in the presence of negative caching entries.
7836 771. [cleanup] TSIG errors related to unsynchronized clocks
7837 are logged better. [RT #919]
7839 770. [func] Add the "edns yes_or_no" statement to the server
7842 769. [func] Improved error reporting when parsing rdata. [RT #740]
7844 768. [bug] The server did not emit an SOA when a CNAME
7845 or DNAME chain ended in NXDOMAIN in an
7850 766. [bug] A few cases in query_find() could leak fname.
7851 This would trigger the mpctx->allocated == 0
7852 assertion when the server exited.
7853 [RT #739, #776, #798, #812, #818, #821, #845,
7856 765. [func] ACL names are once again case insensitive, like
7857 in BIND 8. [RT #252]
7859 764. [func] Configuration files now allow "include" directives
7860 in more places, such as inside the "view" statement.
7861 [RT #377, #728, #860]
7863 763. [func] Configuration files no longer have reserved words.
7866 762. [cleanup] The named.conf and rndc.conf file parsers have
7867 been completely rewritten.
7869 761. [bug] _REENTRANT was still defined when building with
7872 760. [contrib] Significant enhancements to the pgsql sdb driver.
7874 759. [bug] The resolver didn't turn off "avoid fetches" mode
7875 when restarting, possibly causing resolution
7876 to fail when it should not. This bug only affected
7877 platforms which support both IPv4 and IPv6. [RT #927]
7879 758. [bug] The "avoid fetches" code did not treat negative
7880 cache entries correctly, causing fetches that would
7881 be useful to be avoided. This bug only affected
7882 platforms which support both IPv4 and IPv6. [RT #927]
7884 757. [func] Log zone transfers.
7886 756. [bug] dns_zone_load() could "return" success when no master
7887 file was configured.
7889 755. [bug] Fix incorrectly formatted log messages in zone.c.
7891 754. [bug] Certain failure conditions sending UDP packets
7892 could cause the server to retry the transmission
7893 indefinitely. [RT #902]
7895 753. [bug] dig, host, and nslookup would fail to contact a
7896 remote server if getaddrinfo() returned an IPv6
7897 address on a system that doesn't support IPv6.
7900 752. [func] Correct bad tv_usec elements returned by
7903 751. [func] Log successful zone loads / transfers. [RT #898]
7905 750. [bug] A query should not match a DNAME whose trust level
7906 is pending. [RT #916]
7908 749. [bug] When a query matched a DNAME in a secure zone, the
7909 server did not return the signature of the DNAME.
7912 748. [doc] List supported RFCs in doc/misc/rfc-compliance.
7915 747. [bug] The code to determine whether an IXFR was possible
7916 did not properly check for a database that could
7917 not have a journal. [RT #865, #908]
7919 746. [bug] The sdb didn't clone rdatasets properly, causing
7920 a crash when the server followed delegations. [RT #905]
7922 745. [func] Report the owner name of records that fail
7923 semantic checks while loading.
7925 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
7926 result of an ANY or SIG query, the resolver failed
7927 to setup the return event's rdatasets, causing an
7928 assertion failure in the query code. [RT #881]
7930 743. [bug] Receiving a large number of certain malformed
7931 answers could cause named to stop responding.
7936 741. [port] Support openssl-engine. [RT #709]
7938 740. [port] Handle openssl library mismatches slightly better.
7940 739. [port] Look for /dev/random in configure, rather than
7941 assuming it will be there for only a predefined
7944 738. [bug] If a non-threadsafe sdb driver supported AXFR and
7945 received an AXFR request, it would deadlock or die
7946 with an assertion failure. [RT #852]
7948 737. [port] stdtime.c failed to compile on certain platforms.
7950 736. [func] New functions isc_task_{begin,end}exclusive().
7952 735. [doc] Add BIND 4 migration notes.
7954 734. [bug] An attempt to re-lock the zone lock could occur if
7955 the server was shutdown during a zone transfer.
7958 733. [bug] Reference counts of dns_acl_t objects need to be
7959 locked but were not. [RT #801, #821]
7961 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
7963 731. [bug] Certain zone errors could cause named-checkzone to
7964 fail ungracefully. [RT #819]
7966 730. [bug] lwres_getaddrinfo() returns the correct result when
7967 it fails to contact a server. [RT #768]
7969 729. [port] pthread_setconcurrency() needs to be called on Solaris.
7971 728. [bug] Fix comment processing on master file directives.
7974 727. [port] Work around OS bug where accept() succeeds but
7975 fails to fill in the peer address of the accepted
7976 connection, by treating it as an error rather than
7977 an assertion failure. [RT #809]
7979 726. [func] Implement the "trace" and "notrace" commands in rndc.
7981 725. [bug] Installing man pages could fail.
7983 724. [func] New libisc functions isc_netaddr_any(),
7986 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
7987 to return DNS_R_SERVFAIL. [RT #783]
7989 722. [func] Allow incremental loads to be canceled.
7991 721. [cleanup] Load manager and dns_master_loadfilequota() are no
7994 720. [bug] Server could enter infinite loop in
7995 dispatch.c:do_cancel(). [RT #733]
7997 719. [bug] Rapid reloads could trigger an assertion failure.
8000 718. [cleanup] "internal" is no longer a reserved word in named.conf.
8003 717. [bug] Certain TKEY processing failure modes could
8004 reference an uninitialized variable, causing the
8005 server to crash. [RT #750]
8007 716. [bug] The first line of a $INCLUDE master file was lost if
8008 an origin was specified. [RT #744]
8010 715. [bug] Resolving some A6 chains could cause an assertion
8011 failure in adb.c. [RT #738]
8013 714. [bug] Preserve interval timers across reloads unless changed.
8016 713. [func] named-checkconf takes '-t directory' similar to named.
8019 712. [bug] Sending a large signed update message caused an
8020 assertion failure. [RT #718]
8022 711. [bug] The libisc and liblwres implementations of
8023 inet_ntop contained an off by one error.
8025 710. [func] The forwarders statement now takes an optional
8028 709. [bug] ANY or SIG queries for data with a TTL of 0
8029 would return SERVFAIL. [RT #620]
8031 708. [bug] When building with --with-openssl, the openssl headers
8032 included with BIND 9 should not be used. [RT #702]
8034 707. [func] The "filename" argument to named-checkzone is no
8035 longer optional, to reduce confusion. [RT #612]
8037 706. [bug] Zones with an explicit "allow-update { none; };"
8038 were considered dynamic and therefore not reloaded
8039 on SIGHUP or "rndc reload".
8041 705. [port] Work out resource limit type for use where rlim_t is
8042 not available. [RT #695]
8044 704. [port] RLIMIT_NOFILE is not available on all platforms.
8047 703. [port] sys/select.h is needed on older platforms. [RT #695]
8049 702. [func] If the address 0.0.0.0 is seen in resolv.conf,
8050 use 127.0.0.1 instead. [RT #693]
8052 701. [func] Root hints are now fully optional. Class IN
8053 views use compiled-in hints by default, as
8054 before. Non-IN views with no root hints now
8055 provide authoritative service but not recursion.
8056 A warning is logged if a view has neither root
8057 hints nor authoritative data for the root. [RT #696]
8059 700. [bug] $GENERATE range check was wrong. [RT #688]
8061 699. [bug] The lexer mishandled empty quoted strings. [RT #694]
8063 698. [bug] Aborting nsupdate with ^C would lead to several
8066 697. [bug] nsupdate was not compatible with the undocumented
8067 BIND 8 behavior of ignoring TTLs in "update delete"
8070 696. [bug] lwresd would die with an assertion failure when passed
8071 a zero-length name. [RT #692]
8073 695. [bug] If the resolver attempted to query a blackholed or
8074 bogus server, the resolution would fail immediately.
8076 694. [bug] $GENERATE did not produce the last entry.
8079 693. [bug] An empty lwres statement in named.conf caused
8080 the server to crash while loading.
8082 692. [bug] Deal with systems that have getaddrinfo() but not
8083 gai_strerror(). [RT #679]
8085 691. [bug] Configuring per-view forwarders caused an assertion
8086 failure. [RT #675, #734]
8088 690. [func] $GENERATE now supports DNAME. [RT #654]
8090 689. [doc] man pages are now installed. [RT #210]
8092 688. [func] "make tags" now works on systems with the
8093 "Exuberant Ctags" etags.
8095 687. [bug] Only say we have IPv6, with sufficient functionality,
8096 if it has actually been tested. [RT #586]
8098 686. [bug] dig and nslookup can now be properly aborted during
8099 blocking operations. [RT #568]
8101 685. [bug] nslookup should use the search list/domain options
8102 from resolv.conf by default. [RT #405, #630]
8104 684. [bug] Memory leak with view forwarders. [RT #656]
8106 683. [bug] File descriptor leak in isc_lex_openfile().
8108 682. [bug] nslookup displayed SOA records incorrectly. [RT #665]
8110 681. [bug] $GENERATE specifying output format was broken. [RT #653]
8112 680. [bug] dns_rdata_fromstruct() mishandled options bigger
8115 679. [bug] $INCLUDE could leak memory and file descriptors on
8118 678. [bug] "transfer-format one-answer;" could trigger an assertion
8121 677. [bug] dnssec-signzone would occasionally use the wrong ttl
8122 for database operations and fail. [RT #643]
8124 676. [bug] Log messages about lame servers to category
8125 'lame-servers' rather than 'resolver', so as not
8126 to be gratuitously incompatible with BIND 8.
8128 675. [bug] TKEY queries could cause the server to leak
8131 674. [func] Allow messages to be TSIG signed / verified using
8132 a offset from the current time.
8134 673. [func] The server can now convert RFC1886-style recursive
8135 lookup requests into RFC2874-style lookups, when
8136 enabled using the new option "allow-v6-synthesis".
8138 672. [bug] The wrong time was in the "time signed" field when
8139 replying with BADTIME error.
8141 671. [bug] The message code was failing to parse a message with
8142 no question section and a TSIG record. [RT #628]
8144 670. [bug] The lwres replacements for getaddrinfo and
8145 getipnodebyname didn't properly check for the
8146 existence of the sockaddr sa_len field.
8148 669. [bug] dnssec-keygen now makes the public key file
8149 non-world-readable for symmetric keys. [RT #403]
8151 668. [func] named-checkzone now reports multiple errors in master
8154 667. [bug] On Linux, running named with the -u option and a
8155 non-world-readable configuration file didn't work.
8158 666. [bug] If a request sent by dig is longer than 512 bytes,
8161 665. [bug] Signed responses were not sent when the size of the
8162 TSIG + question exceeded the maximum message size.
8165 664. [bug] The t_tasks and t_timers module tests are now skipped
8166 when building without threads, since they require
8169 663. [func] Accept a size_spec, not just an integer, in the
8170 (unimplemented and ignored) max-ixfr-log-size option
8171 for compatibility with recent versions of BIND 8.
8174 662. [bug] dns_rdata_fromtext() failed to log certain errors.
8176 661. [bug] Certain UDP IXFR requests caused an assertion failure
8177 (mpctx->allocated == 0). [RT #355, #394, #623]
8179 660. [port] Detect multiple CPUs on HP-UX and IRIX.
8181 659. [performance] Rewrite the name compression code to be much faster.
8183 658. [cleanup] Remove all vestiges of 16 bit global compression.
8185 657. [bug] When a listen-on statement in an lwres block does not
8186 specify a port, use 921, not 53. Also update the
8187 listen-on documentation. [RT #616]
8189 656. [func] Treat an unescaped newline in a quoted string as
8190 an error. This means that TXT records with missing
8191 close quotes should have meaningful errors printed.
8193 655. [bug] Improve error reporting on unexpected eof when loading
8196 654. [bug] Origin was being forgotten in TCP retries in dig.
8199 653. [bug] +defname option in dig was reversed in sense.
8202 652. [bug] zone_saveunique() did not report the new name.
8204 651. [func] The AD bit in responses now has the meaning
8205 specified in <draft-ietf-dnsext-ad-is-secure>.
8207 650. [bug] SIG(0) records were being generated and verified
8208 incorrectly. [RT #606]
8210 649. [bug] It was possible to join to an already running fctx
8211 after it had "cloned" its events, but before it sent
8212 them. In this case, the event of the newly joined
8213 fetch would not contain the answer, and would
8214 trigger the INSIST() in fctx_sendevents(). In
8215 BIND 9.0, this bug did not trigger an INSIST(), but
8216 caused the fetch to fail with a SERVFAIL result.
8217 [RT #588, #597, #605, #607]
8219 648. [port] Add support for pre-RFC2133 IPv6 implementations.
8221 647. [bug] Resolver queries sent after following multiple
8222 referrals had excessively long retransmission
8223 timeouts due to incorrectly counting the referrals
8226 646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
8227 didn't _cleanly_ fix the problem it was trying to fix.
8229 645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
8231 644. [bug] #622 needed more work. [RT #562]
8233 643. [bug] xfrin error messages made more verbose, added class
8234 of the zone. [RT# 599]
8236 642. [bug] Break the exit_check() race in the zone module.
8239 --- 9.1.0b2 released ---
8241 641. [bug] $GENERATE caused a uninitialized link to be used.
8244 640. [bug] Memory leak in error path could cause
8245 "mpctx->allocated == 0" failure. [RT #584]
8247 639. [bug] Reading entropy from the keyboard would sometimes fail.
8250 638. [port] lib/isc/random.c needed to explicitly include time.h
8251 to get a prototype for time() when pthreads was not
8252 being used. [RT #592]
8254 637. [port] Use isc_u?int64_t instead of (unsigned) long long in
8255 lib/isc/print.c. Also allow lib/isc/print.c to
8256 be compiled even if the platform does not need it.
8259 636. [port] Shut up MSVC++ about a possible loss of precision
8260 in the ISC__BUFFER_PUTUINT*() macros. [RT #592]
8262 635. [bug] Reloading a server with a configured blackhole list
8263 would cause an assertion. [RT #590]
8265 634. [bug] A log file will completely stop being written when
8266 it reaches the maximum size in all cases, not just
8267 when versioning is also enabled. [RT #570]
8269 633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
8271 632. [bug] The index array of the journal file was
8272 corrupted as it was written to disk.
8274 631. [port] Build without thread support on systems without
8277 630. [bug] Locking failure in zone code. [RT #582]
8279 629. [bug] 9.1.0b1 dereferenced a null pointer and crashed
8280 when responding to a UDP IXFR request.
8282 628. [bug] If the root hints contained only AAAA addresses,
8283 named would be unable to perform resolution.
8285 627. [bug] The EDNS0 blackhole detection code of change 324
8286 waited for three retransmissions to each server,
8287 which takes much too long when a domain has many
8288 name servers and all of them drop EDNS0 queries.
8289 Now we retry without EDNS0 after three consecutive
8290 timeouts, even if they are all from different
8293 626. [bug] The lightweight resolver daemon no longer crashes
8294 when asked for a SIG rrset. [RT #558]
8296 625. [func] Zones now inherit their class from the enclosing view.
8298 624. [bug] The zone object could get timer events after it had
8299 been destroyed, causing a server crash. [RT #571]
8301 623. [func] Added "named-checkconf" and "named-checkzone" program
8302 for syntax checking named.conf files and zone files,
8305 622. [bug] A canceled request could be destroyed before
8306 dns_request_destroy() was called. [RT #562]
8308 621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable.
8309 This mostly affects Red Hat Linux 7.0, which has
8310 conflicts between libc and the kernel.
8312 620. [bug] dns_master_load*inc() now require 'task' and 'load'
8313 to be non-null. Also 'done' will not be called if
8314 dns_master_load*inc() fails immediately. [RT #565]
8318 618. [bug] Queries to a signed zone could sometimes cause
8319 an assertion failure.
8321 617. [bug] When using dynamic update to add a new RR to an
8322 existing RRset with a different TTL, the journal
8323 entries generated from the update did not include
8324 explicit deletions and re-additions of the existing
8325 RRs to update their TTL to the new value.
8327 616. [func] dnssec-signzone -t output now includes performance
8330 615. [bug] dnssec-signzone did not like child keysets signed
8333 614. [bug] Checks for uninitialized link fields were prone
8334 to false positives, causing assertion failures.
8335 The checks are now disabled by default and may
8336 be re-enabled by defining ISC_LIST_CHECKINIT.
8338 613. [bug] "rndc reload zone" now reloads primary zones.
8339 It previously only updated slave and stub zones,
8340 if an SOA query indicated an out of date serial.
8342 612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that
8343 complains relentlessly about how its treatment
8344 of 'const' has changed as well as how casting
8345 sometimes tightens alignment constraints.
8347 611. [func] allow-notify can be used to permit processing of
8348 notify messages from hosts other than a slave's
8351 610. [func] rndc dumpdb is now supported.
8353 609. [bug] getrrsetbyname() would crash lwresd if the server
8354 found more SIGs than answers. [RT #554]
8356 608. [func] dnssec-signzone now adds a comment to the zone
8357 with the time the file was signed.
8359 607. [bug] nsupdate would fail if it encountered a CNAME or
8360 DNAME in a response to an SOA query. [RT #515]
8362 606. [bug] Compiling with --disable-threads failed due
8363 to isc_thread_self() being incorrectly defined
8364 as an integer rather than a function.
8366 605. [func] New function isc_lex_getlasttokentext().
8368 604. [bug] The named.conf parser could print incorrect line
8369 numbers when long comments were present.
8371 603. [bug] Make dig handle multiple types or classes on the same
8372 query more correctly.
8374 602. [func] Cope automatically with UnixWare's broken
8375 IN6_IS_ADDR_* macros. [RT #539]
8377 601. [func] Return a non-zero exit code if an update fails
8380 600. [bug] Reverse lookups sometimes failed in dig, etc...
8382 599. [func] Added four new functions to the libisc log API to
8383 support i18n messages. isc_log_iwrite(),
8384 isc_log_ivwrite(), isc_log_iwrite1() and
8385 isc_log_ivwrite1() were added.
8387 598. [bug] An update-policy statement would cause the server
8388 to assert while loading. [RT #536]
8390 597. [func] dnssec-signzone is now multi-threaded.
8392 596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
8393 not mutually exclusive.
8395 595. [port] On Linux 2.2, socket() returns EINVAL when it
8396 should return EAFNOSUPPORT. Work around this.
8399 594. [func] sdb drivers are now assumed to not be thread-safe
8400 unless the DNS_SDBFLAG_THREADSAFE flag is supplied.
8402 593. [bug] If a secure zone was missing all its NXTs and
8403 a dynamic update was attempted, the server entered
8406 592. [bug] The sig-validity-interval option now specifies a
8407 number of days, not seconds. This matches the
8408 documentation. [RT #529]
8410 --- 9.1.0b1 released ---
8412 591. [bug] Work around non-reentrancy in openssl by disabling
8413 pre-computation in keys.
8415 590. [doc] There are now man pages for the lwres library in
8418 589. [bug] The server could deadlock if a zone was updated
8419 while being transferred out.
8421 588. [bug] ctx->in_use was not being correctly initialized when
8422 when pushing a file for $INCLUDE. [RT #523]
8424 587. [func] A warning is now printed if the "allow-update"
8425 option allows updates based on the source IP
8426 address, to alert users to the fact that this
8427 is insecure and becoming increasingly so as
8428 servers capable of update forwarding are being
8431 586. [bug] multiple views with the same name were fatal. [RT #516]
8433 585. [func] dns_db_addrdataset() and and dns_rdataslab_merge()
8434 now support 'exact' additions in a similar manner to
8435 dns_db_subtractrdataset() and dns_rdataslab_subtract().
8437 584. [func] You can now say 'notify explicit'; to suppress
8438 notification of the servers listed in NS records
8439 and notify only those servers listed in the
8440 'also-notify' option.
8442 583. [func] "rndc querylog" will now toggle logging of
8443 queries, like "ndc querylog" in BIND 8.
8445 582. [bug] dns_zone_idetach() failed to lock the zone.
8448 581. [bug] log severity was not being correctly processed.
8451 580. [func] Ignore trailing garbage on incoming DNS packets,
8452 for interoperability with broken server
8453 implementations. [RT #491]
8455 579. [bug] nsupdate did not take a filename to read update from.
8458 578. [func] New config option "notify-source", to specify the
8459 source address for notify messages.
8461 577. [func] Log illegal RDATA combinations. e.g. multiple
8462 singleton types, cname and other data.
8464 576. [doc] isc_log_create() description did not match reality.
8466 575. [bug] isc_log_create() was not setting internal state
8467 correctly to reflect the default channels created.
8469 574. [bug] TSIG signed queries sent by the resolver would fail to
8470 have their responses validated and would leak memory.
8472 573. [bug] The journal files of IXFRed slave zones were
8473 inadvertently discarded on server reload, causing
8474 "journal out of sync with zone" errors on subsequent
8477 572. [bug] Quoted strings were not accepted as key names in
8478 address match lists.
8480 571. [bug] It was possible to create an rdataset of singleton
8481 type which had more than one rdata. [RT #154]
8484 570. [bug] rbtdb.c allowed zones containing nodes which had
8485 both a CNAME and "other data". [RT #154]
8487 569. [func] The DNSSEC AD bit will not be set on queries which
8488 have not requested a DNSSEC response.
8490 568. [func] Add sample simple database drivers in contrib/sdb.
8492 567. [bug] Setting the zone transfer timeout to zero caused an
8493 assertion failure. [RT #302]
8495 566. [func] New public function dns_timer_setidle().
8497 565. [func] Log queries more like BIND 8: query logging is now
8498 done to category "queries", level "info". [RT #169]
8500 564. [func] Add sortlist support to lwresd.
8502 563. [func] New public functions dns_rdatatype_format() and
8503 dns_rdataclass_format(), for convenient formatting
8504 of rdata type/class mnemonics in log messages.
8506 562. [cleanup] Moved lib/dns/*conf.c to bin/named where they belong.
8508 561. [func] The 'datasize', 'stacksize', 'coresize' and 'files'
8509 clauses of the options{} statement are now implemented.
8511 560. [bug] dns_name_split did not properly the resulting prefix
8512 when a maximal length bitstring label was split which
8513 was preceded by another bitstring label. [RT #429]
8515 559. [bug] dns_name_split did not properly create the suffix
8516 when splitting within a maximal length bitstring label.
8518 558. [func] New functions, isc_resource_getlimit and
8519 isc_resource_setlimit.
8521 557. [func] Symbolic constants for libisc integral types.
8523 556. [func] The DNSSEC OK bit in the EDNS extended flags
8524 is now implemented. Responses to queries without
8525 this bit set will not contain any DNSSEC records.
8527 555. [bug] A slave server attempting a zone transfer could
8528 crash with an assertion failure on certain
8529 malformed responses from the master. [RT #457]
8531 554. [bug] In some cases, not all of the dnssec tools were
8534 553. [bug] Incoming zone transfers deferred due to quota
8535 were not started when quota was increased but
8536 only when a transfer in progress finished. [RT #456]
8538 552. [bug] We were not correctly detecting the end of all c-style
8541 551. [func] Implemented the 'sortlist' option.
8543 550. [func] Support unknown rdata types and classes.
8545 549. [bug] "make" did not immediately abort the build when a
8546 subdirectory make failed [RT #450].
8548 548. [func] The lexer now ungets tokens more correctly.
8552 546. [func] Option 'lame-ttl' is now implemented.
8554 545. [func] Name limit and counting options removed from dig;
8555 they didn't work properly, and cannot be correctly
8556 implemented without significant changes.
8558 544. [func] Add statistics option, enable statistics-file option,
8559 add RNDC option "dump-statistics" to write out a
8560 query statistics file.
8562 543. [doc] The 'port' option is now documented.
8564 542. [func] Add support for update forwarding as required for
8565 full compliance with RFC2136. It is turned off
8566 by default and can be enabled using the
8567 'allow-update-forwarding' option.
8569 541. [func] Add bogus server support.
8571 540. [func] Add dialup support.
8573 539. [func] Support the blackhole option.
8575 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo().
8579 536. [func] Use transfer-source{-v6} when sending refresh queries.
8580 Transfer-source{-v6} now take a optional port
8581 parameter for setting the UDP source port. The port
8582 parameter is ignored for TCP.
8584 535. [func] Use transfer-source{-v6} when forwarding update
8587 534. [func] Ancestors have been removed from RBT chains. Ancestor
8588 information can be discerned via node parent pointers.
8590 533. [func] Incorporated name hashing into the RBT database to
8591 improve search speed.
8593 532. [func] Implement DNS UPDATE pseudo records using
8594 DNS_RDATA_UPDATE flag.
8596 531. [func] Rdata really should be initialized before being assigned
8597 to (dns_rdata_fromwire(), dns_rdata_fromtext(),
8598 dns_rdata_clone(), dns_rdata_fromregion()),
8601 530. [func] New function dns_rdata_invalidate().
8603 529. [bug] 521 contained a bug which caused zones to always
8606 528. [func] The ISC_LIST_XXXX macros now perform sanity checks
8607 on their arguments. ISC_LIST_XXXXUNSAFE can be use
8608 to skip the checks however use with caution.
8610 527. [func] New function dns_rdata_clone().
8612 526. [bug] nsupdate incorrectly refused to add RRs with a TTL
8615 525. [func] New arguments 'options' for dns_db_subtractrdataset(),
8616 and 'flags' for dns_rdataslab_subtract() allowing you
8617 to request that the RR's must exist prior to deletion.
8618 DNS_R_NOTEXACT is returned if the condition is not met.
8620 524. [func] The 'forward' and 'forwarders' statement in
8621 non-forward zones should work now.
8623 523. [doc] The source to the Administrator Reference Manual is
8624 now an XML file using the DocBook DTD, and is included
8625 in the distribution. The plain text version of the
8626 ARM is temporarily unavailable while we figure out
8627 how to generate readable plain text from the XML.
8629 522. [func] The lightweight resolver daemon can now use
8630 a real configuration file, and its functionality
8631 can be provided by a name server. Also, the -p and -P
8632 options to lwresd have been reversed.
8634 521. [bug] Detect master files which contain $INCLUDE and always
8637 520. [bug] Upgraded libtool to 1.3.5, which makes shared
8638 library builds almost work on AIX (and possibly
8641 519. [bug] dns_name_split() would improperly split some bitstring
8642 labels, zeroing a few of the least significant bits in
8643 the prefix part. When such an improperly created
8644 prefix was returned to the RBT database, the bogus
8645 label was dutifully stored, corrupting the tree.
8648 518. [bug] The resolver did not realize that a DNAME which was
8649 "the answer" to the client's query was "the answer",
8650 and such queries would fail. [RT #399]
8652 517. [bug] The resolver's DNAME code would trigger an assertion
8653 if there was more than one DNAME in the chain.
8656 516. [bug] Cache lookups which had a NULL node pointer, e.g.
8657 those by dns_view_find(), and which would match a
8658 DNAME, would trigger an INSIST(!search.need_cleanup)
8659 assertion. [RT #399]
8661 515. [bug] The ssu table was not being attached / detached
8662 by dns_zone_[sg]etssutable. [RT#397]
8664 514. [func] Retry refresh and notify queries if they timeout.
8667 513. [func] New functionality added to rdnc and server to allow
8668 individual zones to be refreshed or reloaded.
8670 512. [bug] The zone transfer code could throw an exception with
8671 an invalid IXFR stream.
8673 511. [bug] The message code could throw an assertion on an
8674 out of memory failure. [RT #392]
8676 510. [bug] Remove spurious view notify warning. [RT #376]
8678 509. [func] Add support for write of zone files on shutdown.
8680 508. [func] dns_message_parse() can now do a best-effort
8681 attempt, which should allow dig to print more invalid
8684 507. [func] New functions dns_zone_flush(), dns_zt_flushanddetach()
8685 and dns_view_flushanddetach().
8687 506. [func] Do not fail to start on errors in zone files.
8689 505. [bug] nsupdate was printing "unknown result code". [RT #373]
8691 504. [bug] The zone was not being marked as dirty when updated via
8694 503. [bug] dumptime was not being set along with
8695 DNS_ZONEFLG_NEEDDUMP.
8697 502. [func] On a SERVFAIL reply, DiG will now try the next server
8698 in the list, unless the +fail option is specified.
8700 501. [bug] Incorrect port numbers were being displayed by
8703 500. [func] Nearly useless +details option removed from DiG.
8705 499. [func] In DiG, specifying a class with -c or type with -t
8706 changes command-line parsing so that classes and
8707 types are only recognized if following -c or -t.
8708 This allows hosts with the same name as a class or
8709 type to be looked up.
8711 498. [doc] There is now a man page for "dig"
8712 in doc/man/bin/dig.1.
8714 497. [bug] The error messages printed when an IP match list
8715 contained a network address with a nonzero host
8716 part where not sufficiently detailed. [RT #365]
8718 496. [bug] named didn't sanity check numeric parameters. [RT #361]
8720 495. [bug] nsupdate was unable to handle large records. [RT #368]
8722 494. [func] Do not cache NXDOMAIN responses for SOA queries.
8724 493. [func] Return non-cachable (ttl = 0) NXDOMAIN responses
8725 for SOA queries. This makes it easier to locate
8726 the containing zone without polluting intermediate
8729 492. [bug] attempting to reload a zone caused the server fail
8730 to shutdown cleanly. [RT #360]
8732 491. [bug] nsupdate would segfault when sending certain
8733 prerequisites with empty RDATA. [RT #356]
8735 490. [func] When a slave/stub zone has not yet successfully
8736 obtained an SOA containing the zone's configured
8737 retry time, perform the SOA query retries using
8738 exponential backoff. [RT #337]
8740 489. [func] The zone manager now has a "i/o" queue.
8742 488. [bug] Locks weren't properly destroyed in some cases.
8744 487. [port] flockfile() is not defined on all systems.
8746 486. [bug] nslookup: "set all" and "server" commands showed
8747 the incorrect port number if a port other than 53
8748 was specified. [RT #352]
8750 485. [func] When dig had more than one server to query, it would
8751 send all of the messages at the same time. Add
8752 rate limiting of the transmitted messages.
8754 484. [bug] When the server was reloaded after removing addresses
8755 from the named.conf "listen-on" statement, sockets
8756 were still listening on the removed addresses due
8757 to reference count loops. [RT #325]
8759 483. [bug] nslookup: "set all" showed a "search" option but it
8762 482. [bug] nslookup: a plain "server" or "lserver" should be
8763 treated as a lookup.
8765 481. [bug] nslookup:get_next_command() stack size could exceed
8768 480. [bug] strtok() is not thread safe. [RT #349]
8770 479. [func] The test suite can now be run by typing "make check"
8771 or "make test" at the top level.
8773 478. [bug] "make install" failed if the directory specified with
8774 --prefix did not already exist.
8776 477. [bug] The the isc-config.sh script could be installed before
8777 its directory was created. [RT #324]
8779 476. [bug] A zone could expire while a zone transfer was in
8780 progress triggering a INSIST failure. [RT #329]
8782 475. [bug] query_getzonedb() sometimes returned a non-null version
8783 on failure. This caused assertion failures when
8784 generating query responses where names subject to
8785 additional section processing pointed to a zone
8786 to which access had been denied by means of the
8787 allow-query option. [RT #336]
8789 474. [bug] The mnemonic of the CHAOS class is CH according to
8790 RFC1035, but it was printed and read only as CHAOS.
8791 We now accept both forms as input, and print it
8794 473. [bug] nsupdate overran the end of the list of name servers
8795 when no servers could be reached, typically causing
8796 it to print the error message "dns_request_create:
8799 472. [bug] Off-by-one error caused isc_time_add() to sometimes
8800 produce invalid time values.
8802 471. [bug] nsupdate didn't compile on HP/UX 10.20
8804 470. [func] $GENERATE is now supported. See also
8807 469. [bug] "query-source address * port 53;" now works.
8809 468. [bug] dns_master_load*() failed to report file and line
8810 number in certain error conditions.
8812 467. [bug] dns_master_load*() failed to log an error if
8815 466. [bug] dns_master_load*() could return success when it failed.
8817 465. [cleanup] Allow 0 to be set as an omapi_value_t value by
8818 omapi_value_storeint().
8820 464. [cleanup] Build with openssl's RSA code instead of dnssafe.
8822 463. [bug] nsupdate sent malformed SOA queries to the second
8823 and subsequent name servers in resolv.conf if the
8824 query sent to the first one failed.
8826 462. [bug] --disable-ipv6 should work now.
8828 461. [bug] Specifying an unknown key in the "keys" clause of the
8829 "controls" statement caused a NULL pointer dereference.
8832 460. [bug] Much of the DNSSEC code only worked with class IN.
8834 459. [bug] Nslookup processed the "set" command incorrectly.
8836 458. [bug] Nslookup didn't properly check class and type values.
8839 457. [bug] Dig/host/hslookup didn't properly handle connect
8840 timeouts in certain situations, causing an
8841 unnecessary warning message to be printed.
8843 456. [bug] Stub zones were not resetting the refresh and expire
8844 counters, loadtime or clearing the DNS_ZONE_REFRESH
8845 (refresh in progress) flag upon successful update.
8846 This disabled further refreshing of the stub zone,
8847 causing it to eventually expire. [RT #300]
8849 455. [doc] Document IPv4 prefix notation does not require a
8850 dotted decimal quad but may be just dotted decimal.
8852 454. [bug] Enforce dotted decimal and dotted decimal quad where
8853 documented as such in named.conf. [RT #304, RT #311]
8855 453. [bug] Warn if the obsolete option "maintain-ixfr-base"
8856 is specified in named.conf. [RT #306]
8858 452. [bug] Warn if the unimplemented option "statistics-file"
8859 is specified in named.conf. [RT #301]
8861 451. [func] Update forwarding implemented.
8863 450. [func] New function ns_client_sendraw().
8865 449. [bug] isc_bitstring_copy() only works correctly if the
8866 two bitstrings have the same lsb0 value, but this
8867 requirement was not documented, nor was there a
8870 448. [bug] Host output formatting change, to match v8. [RT #255]
8872 447. [bug] Dig didn't properly retry in TCP mode after
8873 a truncated reply. [RT #277]
8875 446. [bug] Confusing notify log message. [RT #298]
8877 445. [bug] Doing a 0 bit isc_bitstring_copy() of an lsb0
8878 bitstring triggered a REQUIRE statement. The REQUIRE
8879 statement was incorrect. [RT #297]
8881 444. [func] "recursion denied" messages are always logged at
8882 debug level 1, now, rather than sometimes at ERROR.
8883 This silences these warnings in the usual case, where
8884 some clients set the RD bit in all queries.
8886 443. [bug] When loading a master file failed because of an
8887 unrecognized RR type name, the error message
8888 did not include the file name and line number.
8891 442. [bug] TSIG signed messages that did not match any view
8892 crashed the server. [RT #290]
8894 441. [bug] Nodes obscured by a DNAME were inaccessible even
8895 when DNS_DBFIND_GLUEOK was set.
8897 440. [func] New function dns_zone_forwardupdate().
8899 439. [func] New function dns_request_createraw().
8901 438. [func] New function dns_message_getrawmessage().
8903 437. [func] Log NOTIFY activity to the notify channel.
8905 436. [bug] If recvmsg() returned EHOSTUNREACH or ENETUNREACH,
8906 which sometimes happens on Linux, named would enter
8907 a busy loop. Also, unexpected socket errors were
8908 not logged at a high enough logging level to be
8909 useful in diagnosing this situation. [RT #275]
8911 435. [bug] dns_zone_dump() overwrote existing zone files
8912 rather than writing to a temporary file and
8913 renaming. This could lead to empty or partial
8914 zone files being left around in certain error
8915 conditions involving the initial transfer of a
8916 slave zone, interfering with subsequent server
8919 434. [func] New function isc_file_isabsolute().
8921 433. [func] isc_base64_decodestring() now accepts newlines
8922 within the base64 data. This makes it possible
8923 to break up the key data in a "trusted-keys"
8924 statement into multiple lines. [RT #284]
8926 432. [func] Added refresh/retry jitter. The actual refresh/
8927 retry time is now a random value between 75% and
8928 100% of the configured value.
8930 431. [func] Log at ISC_LOG_INFO when a zone is successfully
8933 430. [bug] Rewrote the lightweight resolver client management
8934 code to handle shutdown correctly and general
8937 429. [bug] The space reserved for a TSIG record in a response
8938 was 2 bytes too short, leading to message
8939 generation failures.
8941 428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
8942 DNS_R_BADDB for nodes which had neither NXT nor SIG NXT
8943 (e.g. glue). This could cause SERVFAILs when
8944 generating negative responses in a secure zone.
8946 427. [bug] Avoid going into an infinite loop when the validator
8947 gets a negative response to a key query where the
8948 records are signed by the missing key.
8950 426. [bug] Attempting to generate an oversized RSA key could
8951 cause dnssec-keygen to dump core.
8953 425. [bug] Warn about the auth-nxdomain default value change
8954 if there is no auth-nxdomain statement in the
8955 config file. [RT #287]
8957 424. [bug] notify_createmessage() could trigger an assertion
8958 failure when creating the notify message failed,
8959 e.g. due to corrupt zones with multiple SOA records.
8962 423. [bug] When responding to a recursive query, errors that occur
8963 after following a CNAME should cause the query to fail.
8966 422. [func] get rid of isc_random_t, and make isc_random_get()
8967 and isc_random_jitter() use rand() internally
8968 instead of local state. Note that isc_random_*()
8969 functions are only for weak, non-critical "randomness"
8970 such as timing jitter and such.
8972 421. [bug] nslookup would exit when given a blank line as input.
8974 420. [bug] nslookup failed to implement the "exit" command.
8976 419. [bug] The certificate type PKIX was misspelled as SKIX.
8978 418. [bug] At debug levels >= 10, getting an unexpected
8979 socket receive error would crash the server
8980 while trying to log the error message.
8982 417. [func] Add isc_app_block() and isc_app_unblock(), which
8983 allow an application to handle signals while
8986 416. [bug] Slave zones with no master file tried to use a
8987 NULL pointer for a journal file name when they
8988 received an IXFR. [RT #273]
8990 415. [bug] The logging code leaked file descriptors.
8992 414. [bug] Server did not shut down until all incoming zone
8993 transfers were finished.
8995 413. [bug] Notify could attempt to use the zone database after
8996 it had been unloaded. [RT#267]
8998 412. [bug] named -v didn't print the version.
9000 411. [bug] A typo in the HS A code caused an assertion failure.
9002 410. [bug] lwres_gethostbyname() and company set lwres_h_errno
9003 to a random value on success.
9005 409. [bug] If named was shut down early in the startup
9006 process, ns_omapi_shutdown() would attempt to lock
9007 an uninitialized mutex. [RT #262]
9009 408. [bug] stub zones could leak memory and reference counts if
9010 all the masters were unreachable.
9012 407. [bug] isc_rwlock_lock() would needlessly block
9013 readers when it reached the read quota even
9014 if no writers were waiting.
9016 406. [bug] Log messages were occasionally lost or corrupted
9017 due to a race condition in isc_log_doit().
9019 405. [func] Add support for selective forwarding (forward zones)
9021 404. [bug] The request library didn't completely work with IPv6.
9023 403. [bug] "host" did not use the search list.
9025 402. [bug] Treat undefined acls as errors, rather than
9026 warning and then later throwing an assertion.
9029 401. [func] Added simple database API.
9031 400. [bug] SIG(0) signing and verifying was done incorrectly.
9034 399. [bug] When reloading the server with a config file
9035 containing a syntax error, it could catch an
9036 assertion failure trying to perform zone
9037 maintenance on, or sending notifies from,
9038 tentatively created zones whose views were
9039 never fully configured and lacked an address
9040 database and request manager.
9042 398. [bug] "dig" sometimes caught an assertion failure when
9043 using TSIG, depending on the key length.
9045 397. [func] Added utility functions dns_view_gettsig() and
9046 dns_view_getpeertsig().
9048 396. [doc] There is now a man page for "nsupdate"
9049 in doc/man/bin/nsupdate.8.
9051 395. [bug] nslookup printed incorrect RR type mnemonics
9052 for RRs of type >= 21 [RT #237].
9054 394. [bug] Current name was not propagated via $INCLUDE.
9056 393. [func] Initial answer while loading (awl) support.
9057 Entry points: dns_master_loadfileinc(),
9058 dns_master_loadstreaminc(), dns_master_loadbufferinc().
9059 Note: calls to dns_master_load*inc() should be rate
9060 be rate limited so as to not use up all file
9063 392. [func] Add ISC_R_FAMILYNOSUPPORT. Returned when OS does
9064 not support the given address family requested.
9066 391. [clarity] ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH.
9068 390. [func] The function dns_zone_setdbtype() now takes
9069 an argc/argv style vector of words and sets
9070 both the zone database type and its arguments,
9071 making the functions dns_zone_adddbarg()
9072 and dns_zone_cleardbargs() unnecessary.
9074 389. [bug] Attempting to send a request over IPv6 using
9075 dns_request_create() on a system without IPv6
9076 support caused an assertion failure [RT #235].
9078 388. [func] dig and host can now do reverse ipv6 lookups.
9080 387. [func] Add dns_byaddr_createptrname(), which converts
9081 an address into the name used by a PTR query.
9083 386. [bug] Missing strdup() of ACL name caused random
9084 ACL matching failures [RT #228].
9086 385. [cleanup] Removed functions dns_zone_equal(), dns_zone_print(),
9089 384. [bug] nsupdate was incorrectly limiting TTLs to 65535 instead
9092 383. [func] When writing a master file, print the SOA and NS
9093 records (and their SIGs) before other records.
9095 382. [bug] named -u failed on many Linux systems where the
9096 libc provided kernel headers do not match
9099 381. [bug] Check for IPV6_RECVPKTINFO and use it instead of
9100 IPV6_PKTINFO if found. [RT #229]
9102 380. [bug] nsupdate didn't work with IPv6.
9104 379. [func] New library function isc_sockaddr_anyofpf().
9106 378. [func] named and lwresd will log the command line arguments
9107 they were started with in the "starting ..." message.
9109 377. [bug] When additional data lookups were refused due to
9110 "allow-query", the databases were still being
9111 attached causing reference leaks.
9113 376. [bug] The server should always use good entropy when
9114 performing cryptographic functions needing entropy.
9116 375. [bug] Per-zone "allow-query" did not properly override the
9117 view/global one for CNAME targets and additional
9120 374. [bug] SOA in authoritative negative responses had wrong TTL.
9122 373. [func] nslookup is now installed by "make install".
9124 372. [bug] Deal with Microsoft DNS servers appending two bytes of
9125 garbage to zone transfer requests.
9127 371. [bug] At high debug levels, doing an outgoing zone transfer
9128 of a very large RRset could cause an assertion failure
9131 370. [bug] The error messages for roll-forward failures were
9134 369. [func] Support new named.conf options, view and zone
9137 max-retry-time, min-retry-time,
9138 max-refresh-time, min-refresh-time.
9140 368. [func] Restructure the internal ".bind" view so that more
9141 zones can be added to it.
9143 367. [bug] Allow proper selection of server on nslookup command
9146 366. [func] Allow use of '-' batch file in dig for stdin.
9148 365. [bug] nsupdate -k leaked memory.
9150 364. [func] Added additional-from-{cache,auth}
9154 362. [bug] rndc no longer aborts if the configuration file is
9155 missing an options statement. [RT #209]
9157 361. [func] When the RBT find or chain functions set the name and
9158 origin for a node that stores the root label
9159 the name is now set to an empty name, instead of ".",
9160 to simplify later use of the name and origin by
9161 dns_name_concatenate(), dns_name_totext() or
9164 360. [func] dns_name_totext() and dns_name_format() now allow
9165 an empty name to be passed, which is formatted as "@".
9167 359. [bug] dnssec-signzone occasionally signed glue records.
9169 358. [cleanup] Rename the intermediate files used by the dnssec
9172 357. [bug] The zone file parser crashed if the argument
9173 to $INCLUDE was a quoted string.
9175 356. [cleanup] isc_task_send no longer requires event->sender to
9178 355. [func] Added isc_dir_createunique(), similar to mkdtemp().
9180 354. [doc] Man pages for the dnssec tools are now included in
9181 the distribution, in doc/man/dnssec.
9183 353. [bug] double increment in lwres/gethost.c:copytobuf().
9186 352. [bug] Race condition in dns_client_t startup could cause
9187 an assertion failure.
9189 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG
9190 signed query could crash the server.
9192 350. [bug] Also-notify lists specified in the global options
9193 block were not correctly reference counted, causing
9196 349. [bug] Processing a query with the CD bit set now works
9199 348. [func] New boolean named.conf options 'additional-from-auth'
9200 and 'additional-from-cache' now supported in view and
9201 global options statement.
9203 347. [bug] Don't crash if an argument is left off options in dig.
9207 345. [bug] Large-scale changes/cleanups to dig:
9208 * Significantly improve structure handling
9209 * Don't pre-load entire batch files
9210 * Add name/rr counting/limiting
9211 * Fix SIGINT handling
9212 * Shorten timeouts to match v8's behavior
9214 344. [bug] When shutting down, lwresd sometimes tried
9215 to shut down its client tasks twice,
9216 triggering an assertion.
9218 343. [bug] Although zone maintenance SOA queries and
9219 notify requests were signed with TSIG keys
9220 when configured for the server in case,
9221 the TSIG was not verified on the response.
9223 342. [bug] The wrong name was being passed to
9224 dns_name_dup() when generating a TSIG
9227 341. [func] Support 'key' clause in named.conf zone masters
9228 statement to allow authentication via TSIG keys:
9231 10.0.0.1 port 5353 key "foo";
9235 340. [bug] The top-level COPYRIGHT file was missing from
9238 339. [bug] DNSSEC validation of the response to an ANY
9239 query at a name with a CNAME RR in a secure
9240 zone triggered an assertion failure.
9242 338. [bug] lwresd logged to syslog as named, not lwresd.
9244 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type
9245 on the command line.
9247 336. [bug] "dig -f" used 64 k of memory for each line in
9248 the file. It now uses much less, though still
9249 proportionally to the file size.
9251 335. [bug] named would occasionally attempt recursion when
9252 it was disallowed or undesired.
9254 334. [func] Added hmac-md5 to libisc.
9256 333. [bug] The resolver incorrectly accepted referrals to
9257 domains that were not parents of the query name,
9258 causing assertion failures.
9260 332. [func] New function dns_name_reset().
9262 331. [bug] Only log "recursion denied" if RD is set. [RT #178]
9264 330. [bug] Many debugging messages were partially formatted
9265 even when debugging was turned off, causing a
9266 significant decrease in query performance.
9268 329. [func] omapi_auth_register() now takes a size_t argument for
9269 the length of a key's secret data. Previously
9270 OMAPI only stored secrets up to the first NUL byte.
9272 328. [func] Added isc_base64_decodestring().
9274 327. [bug] rndc.conf parser wasn't correctly recognizing an IP
9275 address where a host specification was required.
9277 326. [func] 'keys' in an 'inet' control statement is now
9278 required and must have at least one item in it.
9279 A "not supported" warning is now issued if a 'unix'
9280 control channel is defined.
9282 325. [bug] isc_lex_gettoken was processing octal strings when
9283 ISC_LEXOPT_CNUMBER was not set.
9285 324. [func] In the resolver, turn EDNS0 off if there is no
9286 response after a number of retransmissions.
9287 This is to allow queries some chance of succeeding
9288 even if all the authoritative servers of a zone
9289 silently discard EDNS0 requests instead of
9290 sending an error response like they ought to.
9292 323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
9293 Because of this, servers authoritative for a parent
9294 and grandchild zone but not authoritative for the
9295 intervening child zone did not correctly issue
9296 referrals to the servers of the child zone.
9298 322. [bug] Queries for KEY RRs are now sent to the parent
9299 server before the authoritative one, making
9300 DNSSEC insecurity proofs work in many cases
9301 where they previously didn't.
9303 321. [bug] When synthesizing a CNAME RR for a DNAME
9304 response, query_addcname() failed to initialize
9305 the type and class of the CNAME dns_rdata_t,
9306 causing random failures.
9308 320. [func] Multiple rndc changes: parses an rndc.conf file,
9309 uses authentication to talk to named, command
9310 line syntax changed. This will all be described
9313 319. [func] The named.conf "controls" statement is now used
9314 to configure the OMAPI command channel.
9316 318. [func] dns_c_ndcctx_destroy() could never return anything
9317 except ISC_R_SUCCESS; made it have void return instead.
9319 317. [func] Use callbacks from libomapi to determine if a
9320 new connection is valid, and if a key requested
9321 to be used with that connection is valid.
9323 316. [bug] Generate a warning if we detect an unexpected <eof>
9324 but treat as <eol><eof>.
9326 315. [bug] Handle non-empty blanks lines. [RT #163]
9328 314. [func] The named.conf controls statement can now have
9329 more than one key specified for the inet clause.
9331 313. [bug] When parsing resolv.conf, don't terminate on an
9332 error. Instead, parse as much as possible, but
9333 still return an error if one was found.
9335 312. [bug] Increase the number of allowed elements in the
9336 resolv.conf search path from 6 to 8. If there
9337 are more than this, ignore the remainder rather
9338 than returning a failure in lwres_conf_parse.
9340 311. [bug] lwres_conf_parse failed when the first line of
9341 resolv.conf was empty or a comment.
9343 310. [func] Changes to named.conf "controls" statement (inet
9346 - support "keys" clause
9350 allow { any; } keys { "foo"; }
9353 - allow "port xxx" to be left out of statement,
9354 in which case it defaults to omapi's default port
9357 309. [bug] When sending a referral, the server did not look
9358 for name server addresses as glue in the zone
9359 holding the NS RRset in the case where this zone
9360 was not the same as the one where it looked for
9361 name server addresses as authoritative data.
9363 308. [bug] Treat a SOA record not at top of zone as an error
9364 when loading a zone. [RT #154]
9366 307. [bug] When canceling a query, the resolver didn't check for
9367 isc_socket_sendto() calls that did not yet have their
9368 completion events posted, so it could (rarely) end up
9369 destroying the query context and then want to use
9370 it again when the send event posted, triggering an
9371 assertion as it tried to cancel an already-canceled
9374 306. [bug] Reading HMAC-MD5 private key files didn't work.
9376 305. [bug] When reloading the server with a config file
9377 containing a syntax error, it could catch an
9378 assertion failure trying to perform zone
9379 maintenance on tentatively created zones whose
9380 views were never fully configured and lacked
9381 an address database.
9383 304. [bug] If more than LWRES_CONFMAXNAMESERVERS servers
9384 are listed in resolv.conf, silently ignore them
9385 instead of returning failure.
9387 303. [bug] Add additional sanity checks to differentiate a AXFR
9388 response vs a IXFR response. [RT #157]
9390 302. [bug] In dig, host, and nslookup, MXNAME should be large
9391 enough to hold any legal domain name in presentation
9392 format + terminating NULL.
9394 301. [bug] Uninitialized pointer in host:printmessage(). [RT #159]
9396 300. [bug] Using both <isc/net.h> and <lwres/net.h> didn't work
9397 on platforms lacking IPv6 because each included their
9398 own ipv6 header file for the missing definitions. Now
9399 each library's ipv6.h defines the wrapper symbol of
9400 the other (ISC_IPV6_H and LWRES_IPV6_H).
9402 299. [cleanup] Get the user and group information before changing the
9403 root directory, so the administrator does not need to
9404 keep a copy of the user and group databases in the
9405 chroot'ed environment. Suggested by Hakan Olsson.
9407 298. [bug] A mutex deadlock occurred during shutdown of the
9408 interface manager under certain conditions.
9409 Digital Unix systems were the most affected.
9411 297. [bug] Specifying a key name that wasn't fully qualified
9412 in certain parts of the config file could cause
9413 an assertion failure.
9415 296. [bug] "make install" from a separate build directory
9416 failed unless configure had been run in the source
9419 295. [bug] When invoked with type==CNAME and a message
9420 not constructed by dns_message_parse(),
9421 dns_message_findname() failed to find anything
9422 due to checking for attribute bits that are set
9423 only in dns_message_parse(). This caused an
9424 infinite loop when constructing the response to
9425 an ANY query at a CNAME in a secure zone.
9427 294. [bug] If we run out of space in while processing glue
9428 when reading a master file and commit "current name"
9429 reverts to "name_current" instead of staying as
9432 293. [port] Add support for FreeBSD 4.0 system tests.
9434 292. [bug] Due to problems with the way some operating systems
9435 handle simultaneous listening on IPv4 and IPv6
9436 addresses, the server no longer listens on IPv6
9437 addresses by default. To revert to the previous
9438 behavior, specify "listen-on-v6 { any; };" in
9441 291. [func] Caching servers no longer send outgoing queries
9442 over TCP just because the incoming recursive query
9445 290. [cleanup] +twiddle option to dig (for testing only) removed.
9447 289. [cleanup] dig is now installed in $bindir instead of $sbindir.
9448 host is now installed in $bindir. (Be sure to remove
9449 any $sbindir/dig from a previous release.)
9451 288. [func] rndc is now installed by "make install" into $sbindir.
9453 287. [bug] rndc now works again as "rndc 127.1 reload" (for
9454 only that task). Parsing its configuration file and
9455 using digital signatures for authentication has been
9456 disabled until named supports the "controls" statement,
9459 286. [bug] On Solaris 2, when named inherited a signal state
9460 where SIGHUP had the SIG_IGN action, SIGHUP would
9461 be ignored rather than causing the server to reload
9464 285. [bug] A change made to the dst API for beta4 inadvertently
9465 broke OMAPI's creation of a dst key from an incoming
9466 message, causing an assertion to be triggered. Fixed.
9468 284. [func] The DNSSEC key generation and signing tools now
9469 generate randomness from keyboard input on systems
9470 that lack /dev/random.
9472 283. [cleanup] The 'lwresd' program is now a link to 'named'.
9474 282. [bug] The lexer now returns ISC_R_RANGE if parsed integer is
9475 too big for an unsigned long.
9477 281. [bug] Fixed list of recognized config file category names.
9479 280. [func] Add isc-config.sh, which can be used to more
9480 easily build applications that link with
9483 279. [bug] Private omapi function symbols shared between
9484 two or more files in libomapi.a were not namespace
9485 protected using the ISC convention of starting with
9486 the library name and two underscores ("omapi__"...)
9488 278. [bug] bin/named/logconf.c:category_fromconf() didn't take
9489 note of when isc_log_categorybyname() wasn't able
9490 to find the category name and would then apply the
9491 channel list of the unknown category to all categories.
9493 277. [bug] isc_log_categorybyname() and isc_log_modulebyname()
9494 would fail to find the first member of any category
9495 or module array apart from the internal defaults.
9496 Thus, for example, the "notify" category was improperly
9497 configured by named.
9499 276. [bug] dig now supports maximum sized TCP messages.
9501 275. [bug] The definition of lwres_gai_strerror() was missing
9504 274. [bug] TSIG AXFR verify failed when talking to a BIND 8
9507 273. [func] The default for the 'transfer-format' option is
9508 now 'many-answers'. This will break zone transfers
9509 to BIND 4.9.5 and older unless there is an explicit
9510 'one-answer' configuration.
9512 272. [bug] The sending of large TCP responses was canceled
9513 in mid-transmission due to a race condition
9514 caused by the failure to set the client object's
9515 "newstate" variable correctly when transitioning
9516 to the "working" state.
9518 271. [func] Attempt to probe the number of cpus in named
9519 if unspecified rather than defaulting to 1.
9521 270. [func] Allow maximum sized TCP answers.
9523 269. [bug] Failed DNSSEC validations could cause an assertion
9524 failure by causing clone_results() to be called with
9525 with hevent->node == NULL.
9527 268. [doc] A plain text version of the Administrator
9528 Reference Manual is now included in the distribution,
9529 as doc/arm/Bv9ARM.txt.
9531 267. [func] Nsupdate is now provided in the distribution.
9533 266. [bug] zone.c:save_nsrrset() node was not initialized.
9535 265. [bug] dns_request_create() now works for TCP.
9537 264. [func] Dispatch can not take TCP sockets in connecting
9538 state. Set DNS_DISPATCHATTR_CONNECTED when calling
9539 dns_dispatch_createtcp() for connected TCP sockets
9540 or call dns_dispatch_starttcp() when the socket is
9543 263. [func] New logging channel type 'stderr'
9550 262. [bug] 'master' was not initialized in zone.c:stub_callback().
9552 261. [func] Add dns_zone_markdirty().
9554 260. [bug] Running named as a non-root user failed on Linux
9555 kernels new enough to support retaining capabilities
9558 259. [func] New random-device and random-seed-file statements
9559 for global options block of named.conf. Both accept
9560 a single string argument.
9562 258. [bug] Fixed printing of lwres_addr_t.address field.
9564 257. [bug] The server detached the last zone manager reference
9565 too early, while it could still be in use by queries.
9566 This manifested itself as assertion failures during the
9567 shutdown process for busy name servers. [RT #133]
9569 256. [func] isc_ratelimiter_t now has attach/detach semantics, and
9570 isc_ratelimiter_shutdown guarantees that the rate
9571 limiter is detached from its task.
9573 255. [func] New function dns_zonemgr_attach().
9575 254. [bug] Suppress "query denied" messages on additional data
9578 --- 9.0.0b4 released ---
9580 253. [func] resolv.conf parser now recognizes ';' and '#' as
9581 comments (anywhere in line, not just as the beginning).
9583 252. [bug] resolv.conf parser mishandled masks on sortlists.
9584 It also aborted when an unrecognized keyword was seen,
9585 now it silently ignores the entire line.
9587 251. [bug] lwresd caught an assertion failure on startup.
9589 250. [bug] fixed handling of size+unit when value would be too
9590 large for internal representation.
9592 249. [cleanup] max-cache-size config option now takes a size-spec
9593 like 'datasize', except 'default' is not allowed.
9595 248. [bug] global lame-ttl option was not being printed when
9596 config structures were written out.
9598 247. [cleanup] Rename cache-size config option to max-cache-size.
9600 246. [func] Rename global option cachesize to cache-size and
9601 add corresponding option to view statement.
9603 245. [bug] If an uncompressed name will take more than 255
9604 bytes and the buffer is sufficiently long,
9605 dns_name_fromwire should return DNS_R_FORMERR,
9606 not ISC_R_NOSPACE. This bug caused cause the
9607 server to catch an assertion failure when it
9608 received a query for a name longer than 255
9611 244. [bug] empty named.conf file and empty options statement are
9612 now parsed properly.
9614 243. [func] new cachesize option for named.conf
9616 242. [cleanup] fixed incorrect warning about auth-nxdomain usage.
9618 241. [cleanup] nscount and soacount have been removed from the
9619 dns_master_*() argument lists.
9621 240. [func] databases now come in three flavours: zone, cache
9624 239. [func] If ISC_MEM_DEBUG is enabled, the variable
9625 isc_mem_debugging controls whether messages
9628 238. [cleanup] A few more compilation warnings have been quieted:
9629 + missing sigwait prototype on BSD/OS 4.0/4.0.1.
9630 + PTHREAD_ONCE_INIT unbraced initializer warnings on
9632 + IN6ADDR_ANY_INIT unbraced initializer warnings on
9633 BSD/OS 4.*, Linux and Solaris 2.8.
9635 237. [bug] If connect() returned ENOBUFS when the resolver was
9636 initiating a TCP query, the socket didn't get
9637 destroyed, and the server did not shut down cleanly.
9639 236. [func] Added new listen-on-v6 config file statement.
9641 235. [func] Consider it a config file error if a listen-on
9642 statement has an IPv6 address in it, or a
9643 listen-on-v6 statement has an IPv4 address in it.
9645 234. [bug] Allow a trusted-key's first field (domain-name) be
9646 either a quoted or an unquoted string, instead of
9647 requiring a quoted string.
9649 233. [cleanup] Convert all config structure integer values to unsigned
9650 integer (isc_uint32_t) to match grammar.
9652 232. [bug] Allow slave zones to not have a file.
9654 231. [func] Support new 'port' clause in config file options
9655 section. Causes 'listen-on', 'masters' and
9656 'also-notify' statements to use its value instead of
9659 230. [func] Replace the dst sign/verify API with a cleaner one.
9661 229. [func] Support config file sig-validity-interval statement
9662 in options, views and zone statements (master
9665 228. [cleanup] Logging messages in config module stripped of
9668 227. [cleanup] The enumerated identifiers dns_rdataclass_*,
9669 dns_rcode_*, dns_opcode_*, and dns_trust_* are
9670 also now cast to their appropriate types, as with
9671 dns_rdatatype_* in item number 225 below.
9673 226. [func] dns_name_totext() now always prints the root name as
9674 '.', even when omit_final_dot is true.
9676 225. [cleanup] The enumerated dns_rdatatype_* identifiers are now
9677 cast to dns_rdatatype_t via macros of their same name
9678 so that they are of the proper integral type wherever
9679 a dns_rdatatype_t is needed.
9681 224. [cleanup] The entire project builds cleanly with gcc's
9682 -Wcast-qual and -Wwrite-strings warnings enabled,
9683 which is now the default when using gcc. (Warnings
9684 from confparser.c, because of yacc's code, are
9685 unfortunately to be expected.)
9687 223. [func] Several functions were re-prototyped to qualify one
9688 or more of their arguments with "const". Similarly,
9689 several functions that return pointers now have
9690 those pointers qualified with const.
9692 222. [bug] The global 'also-notify' option was ignored.
9694 221. [bug] An uninitialized variable was sometimes passed to
9695 dns_rdata_freestruct() when loading a zone, causing
9696 an assertion failure.
9698 220. [cleanup] Set the default outgoing port in the view, and
9699 set it in sockaddrs returned from the ADB.
9700 [31-May-2000 explorer]
9702 219. [bug] Signed truncated messages more correctly follow
9703 the respective specs.
9705 218. [func] When an rdataset is signed, its ttl is normalized
9706 based on the signature validity period.
9708 217. [func] Also-notify and trusted-keys can now be used in
9709 the 'view' statement.
9711 216. [func] The 'max-cache-ttl' and 'max-ncache-ttl' options
9714 215. [bug] Failures at certain points in request processing
9715 could cause the assertion INSIST(client->lockview
9716 == NULL) to be triggered.
9718 214. [func] New public function isc_netaddr_format(), for
9719 formatting network addresses in log messages.
9721 213. [bug] Don't leak memory when reloading the zone if
9722 an update-policy clause was present in the old zone.
9724 212. [func] Added dns_message_get/settsigkey, to make TSIG
9725 key management reasonable.
9727 211. [func] The 'key' and 'server' statements can now occur
9728 inside 'view' statements.
9730 210. [bug] The 'allow-transfer' option was ignored for slave
9731 zones, and the 'transfers-per-ns' option was
9732 was ignored for all zones.
9734 209. [cleanup] Upgraded openssl files to new version 0.9.5a
9736 208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value
9739 207. [func] The dnssec tools properly use the logging subsystem.
9741 206. [cleanup] dst now stores the key name as a dns_name_t, not
9744 205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692
9745 ("prototyped function redeclared without prototype")
9746 and 1552 ("variable ... set but not used") when
9747 compiling in the lib/dns/sec/{dnssafe,openssl}
9748 directories, which contain code imported from outside
9751 204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
9752 to quiet the warnings that "The linked output may not
9753 run on a PA 1.x system."
9755 203. [func] notify and zone soa queries are now tsig signed when
9758 202. [func] isc_lex_getsourceline() changed from returning int
9759 to returning unsigned long, the type of its underlying
9762 201. [cleanup] Removed the test/sdig program, it has been
9763 replaced by bin/dig/dig.
9765 --- 9.0.0b3 released ---
9767 200. [bug] Failures in sending query responses to clients
9768 (e.g., running out of network buffers) were
9771 199. [bug] isc_heap_delete() sometimes violated the heap
9772 invariant, causing timer events not to be posted
9775 198. [func] Dispatch managers hold memory pools which
9776 any managed dispatcher may use. This allows
9777 us to avoid dipping into the memory context for
9778 most allocations. [19-May-2000 explorer]
9780 197. [bug] When an incoming AXFR or IXFR completes, the
9781 zone's internal state is refreshed from the
9782 SOA data. [19-May-2000 explorer]
9784 196. [func] Dispatchers can be shared easily between views
9785 and/or interfaces. [19-May-2000 explorer]
9787 195. [bug] Including the NXT record of the root domain
9788 in a negative response caused an assertion
9791 194. [doc] The PDF version of the Administrator's Reference
9792 Manual is no longer included in the ISC BIND9
9795 193. [func] changed dst_key_free() prototype.
9797 192. [bug] Zone configuration validation is now done at end
9798 of config file parsing, and before loading
9801 191. [func] Patched to compile on UnixWare 7.x. This platform
9802 is not directly supported by the ISC.
9804 190. [cleanup] The DNSSEC tools have been moved to a separate
9805 directory dnssec/ and given the following new,
9806 more descriptive names:
9813 Their command line arguments have also been changed to
9814 be more consistent. dnssec-keygen now prints the
9815 name of the generated key files (sans extension)
9816 on standard output to simplify its use in automated
9819 189. [func] isc_time_secondsastimet(), a new function, will ensure
9820 that the number of seconds in an isc_time_t does not
9821 exceed the range of a time_t, or return ISC_R_RANGE.
9822 Similarly, isc_time_now(), isc_time_nowplusinterval(),
9823 isc_time_add() and isc_time_subtract() now check the
9824 range for overflow/underflow. In the case of
9825 isc_time_subtract, this changed a calling requirement
9826 (ie, something that could generate an assertion)
9827 into merely a condition that returns an error result.
9828 isc_time_add() and isc_time_subtract() were void-
9829 valued before but now return isc_result_t.
9831 188. [func] Log a warning message when an incoming zone transfer
9832 contains out-of-zone data.
9834 187. [func] isc_ratelimiter_enqueue() has an additional argument
9837 186. [func] dns_request_getresponse() has an additional argument
9840 185. [bug] Fixed up handling of ISC_MEMCLUSTER_LEGACY. Several
9841 public functions did not have an isc__ prefix, and
9842 referred to functions that had previously been
9845 184. [cleanup] Variables/functions which began with two leading
9846 underscores were made to conform to the ANSI/ISO
9847 standard, which says that such names are reserved.
9849 183. [func] ISC_LOG_PRINTTAG option for log channels. Useful
9850 for logging the program name or other identifier.
9852 182. [cleanup] New command-line parameters for dnssec tools
9854 181. [func] Added dst_key_buildfilename and dst_key_parsefilename
9856 180. [func] New isc_result_t ISC_R_RANGE. Supersedes DNS_R_RANGE.
9858 179. [func] options named.conf statement *must* now come
9859 before any zone or view statements.
9861 178. [func] Post-load of named.conf check verifies a slave zone
9862 has non-empty list of masters defined.
9864 177. [func] New per-zone boolean:
9866 enable-zone yes | no ;
9868 intended to let a zone be disabled without having
9869 to comment out the entire zone statement.
9871 176. [func] New global and per-view option:
9873 max-cache-ttl number
9875 175. [func] New global and per-view option:
9877 additional-data internal | minimal | maximal;
9879 174. [func] New public function isc_sockaddr_format(), for
9880 formatting socket addresses in log messages.
9882 173. [func] Keep a queue of zones waiting for zone transfer
9883 quota so that a new transfer can be dispatched
9884 immediately whenever quota becomes available.
9886 172. [bug] $TTL directive was sometimes missing from dumped
9887 master files because totext_ctx_init() failed to
9888 initialize ctx->current_ttl_valid.
9890 171. [cleanup] On NetBSD systems, the mit-pthreads or
9891 unproven-pthreads library is now always used
9892 unless --with-ptl2 is explicitly specified on
9893 the configure command line. The
9894 --with-mit-pthreads option is no longer needed
9895 and has been removed.
9897 170. [cleanup] Remove inter server consistency checks from zone,
9898 these should return as a separate module in 9.1.
9899 dns_zone_checkservers(), dns_zone_checkparents(),
9900 dns_zone_checkchildren(), dns_zone_checkglue().
9902 Remove dns_zone_setadb(), dns_zone_setresolver(),
9903 dns_zone_setrequestmgr() these should now be found
9906 169. [func] ratelimiter can now process N events per interval.
9908 168. [bug] include statements in named.conf caused syntax errors
9909 due to not consuming the semicolon ending the include
9910 statement before switching input streams.
9912 167. [bug] Make lack of masters for a slave zone a soft error.
9914 166. [bug] Keygen was overwriting existing keys if key_id
9915 conflicted, now it will retry, and non-null keys
9916 with key_id == 0 are not generated anymore. Key
9917 was not able to generate NOAUTHCONF DSA key,
9918 increased RSA key size to 2048 bits.
9920 165. [cleanup] Silence "end-of-loop condition not reached" warnings
9921 from Solaris compiler.
9923 164. [func] Added functions isc_stdio_open(), isc_stdio_close(),
9924 isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(),
9925 isc_stdio_flush(), isc_stdio_sync(), isc_file_remove()
9926 to encapsulate nonportable usage of errno and sync.
9928 163. [func] Added result codes ISC_R_FILENOTFOUND and
9931 162. [bug] Ensure proper range for arguments to ctype.h functions.
9933 161. [cleanup] error in yyparse prototype that only HPUX caught.
9935 160. [cleanup] getnet*() are not going to be implemented at this
9938 159. [func] Redefinition of config file elements is now an
9939 error (instead of a warning).
9941 158. [bug] Log channel and category list copy routines
9942 weren't assigning properly to output parameter.
9944 157. [port] Fix missing prototype for getopt().
9946 156. [func] Support new 'database' statement in zone.
9948 database "quoted-string";
9950 155. [bug] ns_notify_start() was not detaching the found zone.
9952 154. [func] The signer now logs libdns warnings to stderr even when
9953 not verbose, and in a nicer format.
9955 153. [func] dns_rdata_tostruct() 'mctx' is now optional. If 'mctx'
9956 is NULL then you need to preserve the 'rdata' until
9957 you have finished using the structure as there may be
9958 references to the associated memory. If 'mctx' is
9959 non-NULL it is guaranteed that there are no references
9960 to memory associated with 'rdata'.
9962 dns_rdata_freestruct() must be called if 'mctx' was
9963 non-NULL and may safely be called if 'mctx' was NULL.
9965 152. [bug] keygen dumped core if domain name argument was omitted
9968 151. [func] Support 'disabled' statement in zone config (causes
9969 zone to be parsed and then ignored). Currently must
9970 come after the 'type' clause.
9972 150. [func] Support optional ports in masters and also-notify
9975 masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
9977 149. [cleanup] Removed unused argument 'olist' from
9978 dns_c_view_unsetordering().
9980 148. [cleanup] Stop issuing some warnings about some configuration
9981 file statements that were not implemented, but now are.
9983 147. [bug] Changed yacc union size to be smaller for yaccs that
9984 put yacc-stack on the real stack.
9986 146. [cleanup] More general redundant header file cleanup. Rather
9987 than continuing to itemize every header which changed,
9988 this changelog entry just notes that if a header file
9989 did not need another header file that it was including
9990 in order to provide its advertised functionality, the
9991 inclusion of the other header file was removed. See
9992 util/check-includes for how this was tested.
9994 145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
9995 ISC_LANG_ENDDECLS to header files that had function
9996 prototypes, and removed it from those that did not.
9998 144. [cleanup] libdns header files too numerous to name were made
9999 to conform to the same style for multiple inclusion
10002 143. [func] Added function dns_rdatatype_isknown().
10004 142. [cleanup] <isc/stdtime.h> does not need <time.h> or
10007 141. [bug] Corrupt requests with multiple questions could
10008 cause an assertion failure.
10010 140. [cleanup] <isc/time.h> does not need <time.h> or <isc/result.h>.
10012 139. [cleanup] <isc/net.h> now includes <isc/types.h> instead of
10013 <isc/int.h> and <isc/result.h>.
10015 138. [cleanup] isc_strtouq moved from str.[ch] to string.[ch] and
10016 renamed isc_string_touint64. isc_strsep moved from
10017 strsep.c to string.c and renamed isc_string_separate.
10019 137. [cleanup] <isc/commandline.h>, <isc/mem.h>, <isc/print.h>
10020 <isc/serial.h>, <isc/string.h> and <isc/offset.h>
10021 made to conform to the same style for multiple
10022 inclusion protection.
10024 136. [cleanup] <isc/commandline.h>, <isc/interfaceiter.h>,
10025 <isc/net.h> and Win32's <isc/thread.h> needed
10026 ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS.
10028 135. [cleanup] Win32's <isc/condition.h> did not need <isc/result.h>
10029 or <isc/boolean.h>, now uses <isc/types.h> in place
10030 of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
10031 and ISC_LANG_ENDDECLS.
10033 134. [cleanup] <isc/dir.h> does not need <limits.h>.
10035 133. [cleanup] <isc/ipv6.h> needs <isc/platform.h>.
10037 132. [cleanup] <isc/app.h> does not need <isc/task.h>, but does
10038 need <isc/eventclass.h>.
10040 131. [cleanup] <isc/mutex.h> and <isc/util.h> need <isc/result.h>
10041 for ISC_R_* codes used in macros.
10043 130. [cleanup] <isc/condition.h> does not need <pthread.h> or
10044 <isc/boolean.h>, and now includes <isc/types.h>
10045 instead of <isc/time.h>.
10047 129. [bug] The 'default_debug' log channel was not set up when
10048 'category default' was present in the config file
10050 128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
10051 ISC_LANG_ENDDECLS at end of header.
10053 127. [cleanup] The contracts for the comparison routines
10054 dns_name_fullcompare(), dns_name_compare(),
10055 dns_name_rdatacompare(), and dns_rdata_compare() now
10056 specify that the order value returned is < 0, 0, or > 0
10057 instead of -1, 0, or 1.
10059 126. [cleanup] <isc/quota.h> and <isc/taskpool.h> need <isc/lang.h>.
10061 125. [cleanup] <isc/eventclass.h>, <isc/ipv6.h>, <isc/magic.h>,
10062 <isc/mutex.h>, <isc/once.h>, <isc/region.h>, and
10063 <isc/resultclass.h> do not need <isc/lang.h>.
10065 124. [func] signer now imports parent's zone key signature
10066 and creates null keys/sets zone status bit for
10067 children when necessary
10069 123. [cleanup] <isc/event.h> does not need <stddef.h>.
10071 122. [cleanup] <isc/task.h> does not need <isc/mem.h> or
10074 121. [cleanup] <isc/symtab.h> does not need <isc/mem.h> or
10075 <isc/result.h>. Multiple inclusion protection
10076 symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H.
10077 isc_symtab_t moved to <isc/types.h>.
10079 120. [cleanup] <isc/socket.h> does not need <isc/boolean.h>,
10080 <isc/bufferlist.h>, <isc/task.h>, <isc/mem.h> or
10083 119. [cleanup] structure definitions for generic rdata structures do
10084 not have _generic_ in their names.
10086 118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
10087 YACC crust (yyparse, etc) [2000-apr-27 explorer]
10089 117. [cleanup] libdns.a changes:
10090 dns_zone_clearnotify() and dns_zone_addnotify()
10091 are replaced by dns_zone_setnotifyalso().
10092 dns_zone_clearmasters() and dns_zone_addmaster()
10093 are replaced by dns_zone_setmasters().
10095 116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
10098 115. [port] Shut up the -Wmissing-declarations warning about
10099 <stdio.h>'s __sputaux on BSD/OS pre-4.1.
10101 114. [cleanup] <isc/sockaddr.h> does not need <isc/buffer.h> or
10104 113. [func] Utility programs dig and host added.
10106 112. [cleanup] <isc/serial.h> does not need <isc/boolean.h>.
10108 111. [cleanup] <isc/rwlock.h> does not need <isc/result.h> or
10111 110. [cleanup] <isc/result.h> does not need <isc/boolean.h> or
10114 109. [bug] "make depend" did nothing for
10115 bin/tests/{db,mem,sockaddr,tasks,timers}/.
10117 108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
10118 <dns/types.h> to <dns/bit.h> and renamed to
10119 DNS_BIT_SET/DNS_BIT_GET/DNS_BIT_CLEAR.
10121 107. [func] Add keysigner and keysettool.
10123 106. [func] Allow dnssec verifications to ignore the validity
10124 period. Used by several of the dnssec tools.
10126 105. [doc] doc/dev/coding.html expanded with other
10127 implicit conventions the developers have used.
10129 104. [bug] Made compress_add and compress_find static to
10130 lib/dns/compress.c.
10132 103. [func] libisc buffer API changes for <isc/buffer.h>:
10134 isc_buffer_base(b) (pointer)
10135 isc_buffer_current(b) (pointer)
10136 isc_buffer_active(b) (pointer)
10137 isc_buffer_used(b) (pointer)
10138 isc_buffer_length(b) (int)
10139 isc_buffer_usedlength(b) (int)
10140 isc_buffer_consumedlength(b) (int)
10141 isc_buffer_remaininglength(b) (int)
10142 isc_buffer_activelength(b) (int)
10143 isc_buffer_availablelength(b) (int)
10145 ISC_BUFFER_USEDCOUNT(b)
10146 ISC_BUFFER_AVAILABLECOUNT(b)
10149 isc_buffer_used(b, r) ->
10150 isc_buffer_usedregion(b, r)
10151 isc_buffer_available(b, r) ->
10152 isc_buffer_available_region(b, r)
10153 isc_buffer_consumed(b, r) ->
10154 isc_buffer_consumedregion(b, r)
10155 isc_buffer_active(b, r) ->
10156 isc_buffer_activeregion(b, r)
10157 isc_buffer_remaining(b, r) ->
10158 isc_buffer_remainingregion(b, r)
10160 Buffer types were removed, so the ISC_BUFFERTYPE_*
10161 macros are no more, and the type argument to
10162 isc_buffer_init and isc_buffer_allocate were removed.
10163 isc_buffer_putstr is now void (instead of isc_result_t)
10164 and requires that the caller ensure that there
10165 is enough available buffer space for the string.
10167 102. [port] Correctly detect inet_aton, inet_pton and inet_ptop
10170 101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
10172 100. [cleanup] <isc/random.h> does not need <isc/int.h> or
10173 <isc/mutex.h>. isc_random_t moved to <isc/types.h>.
10175 99. [cleanup] Rate limiter now has separate shutdown() and
10176 destroy() functions, and it guarantees that all
10177 queued events are delivered even in the shutdown case.
10179 98. [cleanup] <isc/print.h> does not need <stdarg.h> or <stddef.h>
10180 unless ISC_PLATFORM_NEEDVSNPRINTF is defined.
10182 97. [cleanup] <isc/ondestroy.h> does not need <stddef.h> or
10185 96. [cleanup] <isc/mutex.h> does not need <isc/result.h>.
10187 95. [cleanup] <isc/mutexblock.h> does not need <isc/result.h>.
10189 94. [cleanup] Some installed header files did not compile as C++.
10191 93. [cleanup] <isc/msgcat.h> does not need <isc/result.h>.
10193 92. [cleanup] <isc/mem.h> does not need <stddef.h>, <isc/boolean.h>,
10196 91. [cleanup] <isc/log.h> does not need <sys/types.h> or
10199 90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
10200 from <named/listenlist.h>.
10202 89. [cleanup] <isc/lex.h> does not need <stddef.h>.
10204 88. [cleanup] <isc/interfaceiter.h> does not need <isc/result.h> or
10205 <isc/mem.h>. isc_interface_t and isc_interfaceiter_t
10206 moved to <isc/types.h>.
10208 87. [cleanup] <isc/heap.h> does not need <isc/boolean.h>,
10209 <isc/mem.h> or <isc/result.h>.
10211 86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
10214 85. [cleanup] <isc/bufferlist.h> does not need <isc/buffer.h>,
10215 <isc/list.h>, <isc/mem.h>, <isc/region.h> or
10218 84. [func] allow-query ACL checks now apply to all data
10219 added to a response.
10221 83. [func] If the server is authoritative for both a
10222 delegating zone and its (nonsecure) delegatee, and
10223 a query is made for a KEY RR at the top of the
10224 delegatee, then the server will look for a KEY
10225 in the delegator if it is not found in the delegatee.
10227 82. [cleanup] <isc/buffer.h> does not need <isc/list.h>.
10229 81. [cleanup] <isc/int.h> and <isc/boolean.h> do not need
10232 80. [cleanup] <isc/print.h> does not need <stdio.h> or <stdlib.h>.
10234 79. [cleanup] <dns/callbacks.h> does not need <stdio.h>.
10236 78. [cleanup] lwres_conftest renamed to lwresconf_test for
10237 consistency with other *_test programs.
10239 77. [cleanup] typedef of isc_time_t and isc_interval_t moved from
10240 <isc/time.h> to <isc/types.h>.
10242 76. [cleanup] Rewrote keygen.
10244 75. [func] Don't load a zone if its database file is older
10245 than the last time the zone was loaded.
10247 74. [cleanup] Removed mktemplate.o and ufile.o from libisc.a,
10248 subsumed by file.o.
10250 73. [func] New "file" API in libisc, including new function
10251 isc_file_getmodtime, isc_mktemplate renamed to
10252 isc_file_mktemplate and isc_ufile renamed to
10253 isc_file_openunique. By no means an exhaustive API,
10254 it is just what's needed for now.
10256 72. [func] DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS
10257 added for dns_rbt_findnode, the former to disable the
10258 setting of the chain to the predecessor, and the
10259 latter to make clear when no options are set.
10261 71. [cleanup] Made explicit the implicit REQUIREs of
10262 isc_time_seconds, isc_time_nanoseconds, and
10265 70. [func] isc_time_set() added.
10267 69. [bug] The zone object's master and also-notify lists grew
10268 longer with each server reload.
10270 68. [func] Partial support for SIG(0) on incoming messages.
10272 67. [performance] Allow use of alternate (compile-time supplied)
10273 OpenSSL libraries/headers.
10275 66. [func] Data in authoritative zones should have a trust level
10278 65. [cleanup] Removed obsolete typedef of dns_zone_callbackarg_t
10279 from <dns/types.h>.
10281 64. [func] The RBT, DB, and zone table APIs now allow the
10282 caller find the most-enclosing superdomain of
10285 63. [func] Generate NOTIFY messages.
10287 62. [func] Add UDP refresh support.
10289 61. [cleanup] Use single quotes consistently in log messages.
10291 60. [func] Catch and disallow singleton types on message
10294 59. [bug] Cause net/host unreachable to be a hard error
10295 when sending and receiving.
10297 58. [bug] bin/named/query.c could sometimes trigger the
10298 (client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
10299 == 0 assertion in query_newname().
10301 57. [func] Added dns_nxt_typepresent()
10303 56. [bug] SIG records were not properly returned in cached
10306 55. [bug] Responses containing multiple names in the authority
10307 section were not negatively cached.
10309 54. [bug] If a fetch with sigrdataset==NULL joined one with
10310 sigrdataset!=NULL or vice versa, the resolver
10311 could catch an assertion or lose signature data,
10314 53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
10317 52. [bug] rndc: taskmgr and socketmgr were not initialized
10320 51. [cleanup] dns/compress.h and dns/zt.h did not need to include
10321 dns/rbt.h; it was needed only by compress.c and zt.c.
10323 50. [func] RBT deletion no longer requires a valid chain to work,
10324 and dns_rbt_deletenode was added.
10326 49. [func] Each cache now has its own mctx.
10328 48. [func] isc_task_create() no longer takes an mctx.
10329 isc_task_mem() has been eliminated.
10331 47. [func] A number of modules now use memory context reference
10334 46. [func] Memory contexts are now reference counted.
10335 Added isc_mem_inuse() and isc_mem_preallocate().
10336 Renamed isc_mem_destroy_check() to
10337 isc_mem_setdestroycheck().
10339 45. [bug] The trusted-key statement incorrectly loaded keys.
10341 44. [bug] Don't include authority data if it would force us
10342 to unset the AD bit in the message.
10344 43. [bug] DNSSEC verification of cached rdatasets was failing.
10346 42. [cleanup] Simplified logging of messages with embedded domain
10347 names by introducing a new convenience function
10350 41. [func] Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later
10351 to allow 'named' to run as a non-root user while
10352 retaining the ability to bind() to privileged
10355 40. [func] Introduced new logging category "dnssec" and
10356 logging module "dns/validator".
10358 39. [cleanup] Moved the typedefs for isc_region_t, isc_textregion_t,
10359 and isc_lex_t to <isc/types.h>.
10361 38. [bug] TSIG signed incoming zone transfers work now.
10363 37. [bug] If the first RR in an incoming zone transfer was
10364 not an SOA, the server died with an assertion failure
10365 instead of just reporting an error.
10367 36. [cleanup] Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS
10369 35. [performance] Log messages which are of a level too high to be
10370 logged by any channel in the logging configuration
10371 will not cause the log mutex to be locked.
10373 34. [bug] Recursion was allowed even with 'recursion no'.
10375 33. [func] The RBT now maintains a parent pointer at each node.
10377 32. [cleanup] bin/lwresd/client.c needs <string.h> for memset()
10380 31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
10382 30. [func] config file grammar change to support optional
10383 class type for a view.
10385 29. [func] support new config file view options:
10387 auth-nxdomain recursion query-source
10388 query-source-v6 transfer-source
10389 transfer-source-v6 max-transfer-time-out
10390 max-transfer-idle-out transfer-format
10391 request-ixfr provide-ixfr cleaning-interval
10392 fetch-glue notify rfc2308-type1 lame-ttl
10393 max-ncache-ttl min-roots
10395 28. [func] support lame-ttl, min-roots and serial-queries
10396 config global options.
10398 27. [bug] Only include <netinet6/in6.h> on BSD/OS 4.[01]*.
10399 Including it on other platforms (eg, NetBSD) can
10400 cause a forced #error from the C preprocessor.
10402 26. [func] new match-clients statement in config file view.
10404 25. [bug] make install failed to install <isc/log.h> and
10407 24. [cleanup] Eliminate some unnecessary #includes of header
10408 files from header files.
10410 23. [cleanup] Provide more context in log messages about client
10411 requests, using a new function ns_client_log().
10413 22. [bug] SIGs weren't returned in the answer section when
10414 the query resulted in a fetch.
10416 21. [port] Look at STD_CINCLUDES after CINCLUDES during
10417 compilation, so additional system include directories
10418 can be searched but header files in the bind9 source
10419 tree with conflicting names take precedence. This
10420 avoids issues with installed versions of dnssafe and
10423 20. [func] Configuration file post-load validation of zones
10424 failed if there were no zones.
10426 19. [bug] dns_zone_notifyreceive() failed to unlock the zone
10427 lock in certain error cases.
10429 18. [bug] Use AC_TRY_LINK rather than AC_TRY_COMPILE in
10430 configure.in to check for presence of in6addr_any.
10432 17. [func] Do configuration file post-load validation of zones.
10434 16. [bug] put quotes around key names on config file
10435 output to avoid possible keyword clashes.
10437 15. [func] Add dns_name_dupwithoffsets(). This function is
10438 improves comparison performance for duped names.
10440 14. [bug] free_rbtdb() could have 'put' unallocated memory in
10441 an unlikely error path.
10443 13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore
10446 12. [bug] Fixed possible uninitialized variable error.
10448 11. [bug] axfr_rrstream_first() didn't check the result code of
10449 db_rr_iterator_first(), possibly causing an assertion
10450 to be triggered later.
10452 10. [bug] A bug in the code which makes EDNS0 OPT records in
10453 bin/named/client.c and lib/dns/resolver.c could
10454 trigger an assertion.
10456 9. [cleanup] replaced bit-setting code in confctx.c and replaced
10457 repeated code with macro calls.
10459 8. [bug] Shutdown of incoming zone transfer accessed
10462 7. [cleanup] removed 'listen-on' from view statement.
10464 6. [bug] quote RR names when generating config file to
10465 prevent possible clash with config file keywords
10468 5. [func] syntax change to named.conf file: new ssu grant/deny
10469 statements must now be enclosed by an 'update-policy'
10472 4. [port] bin/named/unix/os.c didn't compile on systems with
10473 linux 2.3 kernel includes due to conflicts between
10474 C library includes and the kernel includes. We now
10475 get only what we need from <linux/capability.h>, and
10476 avoid pulling in other linux kernel .h files.
10478 3. [bug] TKEYs go in the answer section of responses, not
10479 the additional section.
10481 2. [bug] Generating cryptographic randomness failed on
10482 systems without /dev/random.
10484 1. [bug] The installdirs rule in
10485 lib/isc/unix/include/isc/Makefile.in had a typo which
10486 prevented the isc directory from being created if it
10489 --- 9.0.0b2 released ---
10491 # This tells Emacs to use hard tabs in this file.
10493 # indent-tabs-mode: t