1 --- 9.8.5-P2 released ---
3 3621. [security] Incorrect bounds checking on private type 'keydata'
4 can lead to a remotely triggerable REQUIRE failure
5 (CVE-2013-4854). [RT #34238]
7 --- 9.8.5-P1 released ---
9 3584. [security] Caching data from an incompletely signed zone could
10 trigger an assertion failure in resolver.c [RT #33690]
12 --- 9.8.5 released ---
14 3568. [cleanup] Add a product description line to the version file,
15 to be reported by named -v/-V. [RT #33366]
17 3567. [bug] Silence clang static analyzer warnings. [RT #33365]
19 3563. [contrib] zone2sqlite failed with some table names. [RT #33375]
21 3561. [bug] dig: issue a warning if an EDNS query returns FORMERR
22 or NOTIMP. Adjust usage message. [RT #33363]
24 --- 9.8.5rc1 released ---
26 3560. [bug] isc-config.sh did not honor includedir and libdir
27 when set via configure. [RT #33345]
29 3559. [func] Check that both forms of Sender Policy Framework
30 records exist or do not exist. [RT #33355]
32 3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331]
34 3556. [maint] Added AAAA for D.ROOT-SERVERS.NET.
36 3555. [bug] Address theoretical race conditions in acache.c
37 (change #3553 was incomplete). [RT #33252]
39 3553. [bug] Address suspected double free in acache. [RT #33252]
41 3552. [bug] Wrong getopt option string for 'nsupdate -r'.
44 3549. [doc] Documentation for "request-nsid" was missing.
47 3548. [bug] The NSID request code in resolver.c was broken
48 resulting in invalid EDNS options being sent.
51 3547. [bug] Some malformed unknown rdata records were not properly
52 detected and rejected. [RT #33129]
54 3056. [func] Added support for URI resource record. [RT #23386]
56 --- 9.8.5rc1 released ---
58 3546. [func] Add EUI48 and EUI64 types. [RT #33082]
60 3544. [contrib] check5011.pl: Script to report the status of
61 managed keys as recorded in managed-keys.bind.
62 Contributed by Tony Finch <dot@dotat.at>
64 3543. [bug] Update socket structure before attaching to socket
65 manager after accept. [RT #33084]
67 3542. [bug] masterformat system test was broken. [RT #33086]
69 3541. [bug] Parts of libdns were not properly initialized when
70 built in libexport mode. [RT #33028]
72 3540. [test] libt_api: t_info and t_assert were not thread safe.
74 3539. [port] win32: timestamp format didn't match other platforms.
76 3538. [test] Running "make test" now requires loopback interfaces
77 to be set up. [RT #32452]
79 3537. [tuning] Slave zones, when updated, now send NOTIFY messages
80 to peers before being dumped to disk rather than
83 3535. [bug] Minor win32 cleanups. [RT #32962]
85 3534. [bug] Extra text after an embedded NULL was ignored when
86 parsing zone files. [RT #32699]
88 3533. [contrib] query-loc-0.4.0: memory leaks. [RT #32960]
90 3532. [contrib] zkt: fixed buffer overrun, resource leaks. [RT #32960]
92 3531. [bug] win32: A uninitialized value could be returned on out
93 of memory. [RT #32960]
95 3530. [contrib] Better RTT tracking in queryperf. [RT #30128]
97 3526. [cleanup] Set up dependencies for unit tests correctly during
100 3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249]
102 3520. [bug] 'mctx' was not being referenced counted in some places
103 where it should have been. [RT #32794]
105 --- 9.8.5b2 released ---
107 3517. [bug] Reorder destruction to avoid shutdown race. [RT #32777]
109 3515. [port] '%T' is not portable in strftime(). [RT #32763]
111 3514. [bug] The ranges for valid key sizes in ddns-confgen and
112 rndc-confgen were too constrained. Keys up to 512
113 bits are now allowed for most algorithms, and up
114 to 1024 bits for hmac-sha384 and hmac-sha512.
117 3509. [cleanup] Added a product line to version file to allow for
118 easy naming of different products (BIND
119 vs BIND ESV, for example). [RT #32755]
121 3508. [contrib] queryperf was incorrectly rejecting the -T option.
124 3503. [doc] Clarify size_spec syntax. [RT #32449]
126 3500. [security] Support NAPTR regular expression validation on
127 all platforms without using libregex, which
128 can be vulnerable to memory exhaustion attack
129 (CVE-2013-2266). [RT #32688]
131 3499. [doc] Corrected ARM documentation of built-in zones.
134 3498. [bug] zone statistics for zones which matched a potential
135 empty zone could have their zone-statistics setting
138 3496. [func] Improvements to RPZ performance. The "response-policy"
139 syntax now includes a "min-ns-dots" clause, with
140 default 1, to exclude top-level domains from
141 NSIP and NSDNAME checking. --enable-rpz-nsip and
142 --enable-rpz-nsdname are now the default. [RT #32251]
144 3489. [bug] --enable-developer now turns on ISC_LIST_CHECKINIT.
145 When cloning a rdataset do not copy the link contents.
148 3488. [bug] Use after free error with DH generated keys. [RT #32649]
150 3487. [bug] Change 3444 was not complete. There was a additional
151 place where the NOQNAME proof needed to be saved.
154 3486. [bug] named could crash when using TKEY-negotiated keys
155 that had been deleted and then recreated. [RT #32506]
157 3485. [cleanup] Only compile openssl_gostlink.c if we support GOST.
159 3481. [cleanup] Removed use of const const in atf.
161 3479. [bug] Address potential memory leaks in gssapi support
164 3478. [port] Fix a build failure in strict C99 environments
167 3474. [bug] nsupdate could assert when the local and remote
168 address families didn't match. [RT #22897]
170 3470. [bug] Slave zones could fail to dump when successfully
171 refreshing after an initial failure. [RT #31276]
173 --- 9.8.5b1 released ---
175 3468. [security] RPZ rules to generate A records (but not AAAA records)
176 could trigger an assertion failure when used in
177 conjunction with DNS64 (CVE-2012-5689). [RT #32141]
179 3467. [bug] Added checks in dnssec-keygen and dnssec-settime
180 to check for delete date < inactive date. [RT #31719]
182 3465. [bug] Handle isolated reserved ports. [RT #31778]
184 3464. [maint] Updates to PKCS#11 openssl patches, supporting
185 versions 0.9.8x, 1.0.0j, 1.0.1c [RT #29749]
187 3463. [doc] Clarify managed-keys syntax in ARM. [RT #32232]
189 3462. [doc] Clarify server selection behavior of dig when using
190 -4 or -6 options. [RT #32181]
192 3461. [bug] Negative responses could incorrectly have AD=1
195 3458. [bug] Return FORMERR when presented with a overly long
196 domain named in a request. [RT #29682]
198 3457. [protocol] Add ILNP records (NID, LP, L32, L64). [RT #31836]
200 3456. [port] g++47: ATF failed to compile. [RT #32012]
202 3455. [contrib] queryperf: fix getopt option list. [RT #32338]
204 3454. [port] sparc64: improve atomic support. [RT #25182]
206 3452. [bug] Accept duplicate singleton records. [RT #32329]
208 3451. [port] Increase per thread stack size from 64K to 1M.
211 3450. [bug] Stop logfileconfig system test spam system logs.
214 3449. [bug] gen.c: use the pre-processor to construct format
215 strings so that compiler can perform sanity checks;
216 check the snprintf results. [RT #17576]
218 3448. [bug] The allow-query-on ACL was not processed correctly.
221 3447. [port] Add support for libxml2-2.9.x [RT #32231]
223 3446. [port] win32: Add source ID (see change #3400) to build.
226 3445. [bug] Warn about zone files with blank owner names
227 immediately after $ORIGIN directives. [RT #31848]
229 3444. [bug] The NOQNAME proof was not being returned from cached
230 insecure responses. [RT #21409]
232 3443. [bug] ddns-confgen: Some TSIG algorithms were incorrectly
233 rejected when generating keys. [RT #31927]
235 3442. [port] Net::DNS 0.69 introduced a non backwards compatible
238 3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13.
240 3440. [bug] Reorder get_key_struct to not trigger a assertion when
241 cleaning up due to out of memory error. [RT #32131]
243 3439. [bug] contrib/dlz error checking fixes. [RT #32102]
245 3438. [bug] Don't accept unknown data escape in quotes. [RT #32031]
247 3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialize
248 buffers with constant data. [RT #32064]
250 3436. [bug] Check malloc/calloc return values. [RT #32088]
252 3435. [bug] Cross compilation support in configure was broken.
255 3431. [bug] ddns-confgen: Some valid key algorithms were
256 not accepted. [RT #31927]
258 3430. [bug] win32: isc_time_formatISO8601 was missing the
259 'T' between the date and time. [RT #32044]
261 3429. [bug] dns_zone_getserial2 could a return success without
262 returning a valid serial. [RT #32007]
264 3428. [cleanup] dig: Add timezone to date output. [RT #2269]
266 3427. [bug] dig +trace incorrectly displayed name server
267 addresses instead of names. [RT #31641]
269 3425. [bug] "acacheentry" reference counting was broken resulting
270 in use after free. [RT #31908]
272 3422. [bug] Added a clear error message for when the SOA does not
273 match the referral. [RT #31281]
275 3421. [bug] Named loops when re-signing if all keys are offline.
278 3420. [bug] Address VPATH compilation issues. [RT #31879]
280 3419. [bug] Memory leak on validation cancel. [RT #31869]
282 3415. [bug] named could die with a REQUIRE failure if a validation
283 was canceled. [RT #31804]
285 3412. [bug] Copy timeval structure from control message data.
288 3411. [tuning] Use IPV6_USE_MIN_MTU or equivalent with TCP in addition
291 3410. [bug] Addressed Coverity warnings. [RT #31626]
293 3409. [contrib] contrib/dane/mkdane.sh: Tool to generate TLSA RR's
294 from X.509 certificates, for use with DANE
295 (DNS-based Authentication of Named Entities).
298 3406. [bug] mem.c: Fix compilation errors when building with
299 ISC_MEM_TRACKLINES or ISC_MEMPOOL_NAMES disabled.
300 Also, ISC_MEM_DEBUG is no longer optional. [RT #31559]
302 3405. [bug] Handle time going backwards in acache. [RT #31253]
304 3404. [bug] dnssec-signzone: When re-signing a zone, remove
305 RRSIG and NSEC records from nodes that used to be
306 in-zone but are now below a zone cut. [RT #31556]
308 3403. [bug] Silence noisy OpenSSL logging. [RT #31497]
310 3402. [test] The IPv6 interface numbers used for system
311 tests were incorrect on some platforms. [RT #25085]
313 3401. [bug] Addressed Coverity warnings. [RT #31484]
315 3400. [cleanup] "named -V" can now report a source ID string, defined
316 in the "srcid" file in the build tree and normally set
317 to the most recent git hash. [RT #31494]
319 3397. [bug] dig crashed when using +nssearch with +tcp. [RT #25298]
321 3396. [bug] OPT records were incorrectly removed from signed,
322 truncated responses. [RT #31439]
324 3395. [protocol] Add RFC 6598 reverse zones to built in empty zones
325 list, 64.100.IN-ADDR.ARPA ... 127.100.IN-ADDR.ARPA.
328 3394. [bug] Adjust 'successfully validated after lower casing
329 signer' log level and category. [RT #31414]
331 3393. [bug] 'host -C' could core dump if REFUSED was received.
334 3391. [bug] A DNSKEY lookup that encountered a CNAME failed.
337 3390. [bug] Silence clang compiler warnings. [RT #30417]
339 3389. [bug] Always return NOERROR (not 0) in TSIG. [RT #31275]
341 3388. [bug] Fixed several Coverity warnings.
342 Note: This change includes a fix for a bug that
343 was subsequently determined to be an exploitable
344 security vulnerability, CVE-2012-5688: named could
345 die on specific queries with dns64 enabled.
348 3386. [bug] Address locking violation when generating new NSEC /
349 NSEC3 chains. [RT #31224]
351 3384. [bug] Improved logging of crypto errors. [RT #30963]
353 3383. [security] A certain combination of records in the RBT could
354 cause named to hang while populating the additional
355 section of a response. [RT #31090]
357 3382. [bug] SOA query from slave used use-v6-udp-ports range,
358 if set, regardless of the address family in use.
361 3381. [contrib] Update queryperf to support more RR types.
364 3380. [bug] named could die if a nonexistent master list was
365 referenced in a also-notify. [RT #31004]
367 3379. [bug] isc_interval_zero and isc_time_epoch should be
368 "const (type)* const". [RT #31069]
370 3378. [bug] Handle missing 'managed-keys-directory' better.
373 3376. [bug] Lack of EDNS support was being recorded without a
374 successful response. [RT #30811]
376 3375. [func] Check that 'rndc dumpdb' works on a empty cache.
379 3374. [bug] isc_parse_uint32 failed to return a range error on
380 systems with 64 bit longs. [RT #30232]
382 3372. [bug] Silence spurious "deleted from unreachable cache"
383 messages. [RT #30501]
385 3371. [bug] AD=1 should behave like DO=1 when deciding whether to
386 add NS RRsets to the additional section or not.
389 --- 9.8.4 released ---
391 3373. [bug] win32: open raw files in binary mode. [RT #30944]
393 3364. [security] Named could die on specially crafted record.
396 --- 9.8.4rc1 released ---
398 3369. [bug] nsupdate terminated unexpectedly in interactive mode
399 if built with readline support. [RT #29550]
401 3368. [bug] <dns/iptable.h> and <dns/zone.h> were not C++ safe.
403 3367. [bug] dns_dnsseckey_create() result was not being checked.
406 3366. [bug] Fixed Read-After-Write dependency violation for IA64
407 atomic operations. [RT #25181]
409 3365. [bug] Removed spurious newlines from log messages in
412 3363. [bug] Need to allow "forward" and "fowarders" options
413 in static-stub zones; this had been overlooked.
416 3362. [bug] Setting some option values to 0 in named.conf
417 could trigger an assertion failure on startup.
420 3360. [bug] 'host -w' could die. [RT #18723]
422 3359. [bug] An improperly-formed TSIG secret could cause a
423 memory leak. [RT #30607]
425 3357. [port] Add support for libxml2-2.8.x [RT #30440]
427 3356. [bug] Cap the TTL of signed RRsets when RRSIGs are
428 approaching their expiry, so they don't remain
429 in caches after expiry. [RT #26429]
431 --- 9.8.4b1 released ---
433 3354. [func] Improve OpenSSL error logging. [RT #29932]
435 3353. [bug] Use a single task for task exclusive operations.
438 3352. [bug] Ensure that learned server attributes timeout of the
439 adb cache. [RT #29856]
441 3351. [bug] isc_mem_put and isc_mem_putanddetach didn't report
442 caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX
443 memory debugging flags are set. [RT #30243]
445 3350. [bug] Memory read overrun in isc___mem_reallocate if
446 ISC_MEM_DEBUGCTX memory debugging flag is set.
449 3348. [bug] Prevent RRSIG data from being cached if a negative
450 record matching the covering type exists at a higher
451 trust level. Such data already can't be retrieved from
452 the cache since change 3218 -- this prevents it
453 being inserted into the cache as well. [RT #26809]
455 3347. [bug] dnssec-settime: Issue a warning when writing a new
456 private key file would cause a change in the
457 permissions of the existing file. [RT #27724]
459 3346. [security] Bad-cache data could be used before it was
460 initialized, causing an assert. [RT #30025]
462 3342. [bug] Change #3314 broke saving of stub zones to disk
463 resulting in excessive cpu usage in some cases.
466 3337. [bug] Change #3294 broke support for the multiple keys
467 in controls. [RT #29694]
469 3335. [func] nslookup: return a nonzero exit code when unable
470 to get an answer. [RT #29492]
472 3333. [bug] Setting resolver-query-timeout too low can cause
473 named to not recover if it loses connectivity.
476 3332. [bug] Re-use cached DS rrsets if possible. [RT #29446]
478 3331. [security] dns_rdataslab_fromrdataset could produce bad
479 rdataslabs. [RT #29644]
481 3330. [func] Fix missing signatures on NOERROR results despite
483 - add optional "recursive-only yes|no" to the
484 response-policy statement
485 - add optional "max-policy-ttl" to the response-policy
486 statement to limit the false data that
487 "recursive-only no" can introduce into
489 - add a RPZ performance test to bin/tests/system/rpz
490 when queryperf is available.
491 - the encoding of PASSTHRU action to "rpz-passthru".
492 (The old encoding is still accepted.)
496 3329. [bug] Handle RRSIG signer-name case consistently: We
497 generate RRSIG records with the signer-name in
498 lower case. We accept them with any case, but if
499 they fail to validate, we try again in lower case.
502 3328. [bug] Fixed inconsistent data checking in dst_parse.c.
505 3317. [func] Add ECDSA support (RFC 6605). [RT #21918]
507 --- 9.8.3 released ---
509 3318. [tuning] Reduce the amount of work performed while holding a
510 bucket lock when finished with a fetch context.
513 3314. [bug] The masters list could be updated while stub_callback
514 or refresh_callback were using it. [RT #26732]
516 3313. [protocol] Add TLSA record type. [RT #28989]
518 3312. [bug] named-checkconf didn't detect a bad dns64 clients acl.
521 3311. [bug] Abort the zone dump if zone->db is NULL in
522 zone.c:zone_gotwritehandle. [RT #29028]
524 3310. [test] Increase table size for mutex profiling. [RT #28809]
526 3309. [bug] resolver.c:fctx_finddone() was not thread safe.
529 3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS.
532 3306. [bug] Improve DNS64 reverse zone performance. [RT #28563]
534 3305. [func] Add wire format lookup method to sdb. [RT #28563]
536 3304. [bug] Use hmctx, not mctx when freeing rbtdb->heaps.
539 3302. [bug] dns_dnssec_findmatchingkeys could fail to find
540 keys if the zone name contained character that
541 required special mappings. [RT #28600]
543 3301. [contrib] Update queryperf to build on darwin. Add -R flag
544 for non-recursive queries. [RT #28565]
546 3300. [bug] Named could die if gssapi was enabled in named.conf
547 but was not compiled in. [RT #28338]
549 3299. [bug] Make SDB handle errors from database drivers better.
552 3232. [bug] Zero zone->curmaster before return in
553 dns_zone_setmasterswithkeys(). [RT #26732]
555 3183. [bug] Added RTLD_GLOBAL flag to dlopen call. [RT #26301]
557 3197. [bug] Don't try to log the filename and line number when
558 the config parser can't open a file. [RT #22263]
560 --- 9.8.2 released ---
562 3298. [bug] Named could dereference a NULL pointer in
563 zmgr_start_xfrin_ifquota if the zone was being removed.
566 3297. [bug] Named could die on a malformed master file. [RT #28467]
568 3295. [bug] Adjust isc_time_secondsastimet range check to be more
569 portable. [RT # 26542]
571 3294. [bug] isccc/cc.c:table_fromwire failed to free alist on
574 3291. [port] Fixed a build error on systems without ENOTSUP.
577 3290. [bug] <isc/hmacsha.h> was not being installed. [RT #28169]
579 3288. [bug] dlz_destroy() function wasn't correctly registered
580 by the DLZ dlopen driver. [RT #28056]
582 3287. [port] Update ans.pl to work with Net::DNS 0.68. [RT #28028]
584 3286. [bug] Managed key maintenance timer could fail to start
585 after 'rndc reconfig'. [RT #26786]
587 --- 9.8.2rc2 released ---
589 3285. [bug] val-frdataset was incorrectly disassociated in
590 proveunsecure after calling startfinddlvsep.
593 3284. [bug] Address race conditions with the handling of
594 rbtnode.deadlink. [RT #27738]
596 3283. [bug] Raw zones with with more than 512 records in a RRset
597 failed to load. [RT #27863]
599 3282. [bug] Restrict the TTL of NS RRset to no more than that
600 of the old NS RRset when replacing it.
601 [RT #27792] [RT #27884]
603 3281. [bug] SOA refresh queries could be treated as cancelled
604 despite succeeding over the loopback interface.
607 3280. [bug] Potential double free of a rdataset on out of memory
608 with DNS64. [RT #27762]
610 3278. [bug] Make sure automatic key maintenance is started
611 when "auto-dnssec maintain" is turned on during
612 "rndc reconfig". [RT #26805]
614 3276. [bug] win32: ns_os_openfile failed to return NULL on
615 safe_open failure. [RT #27696]
617 3274. [bug] Log when a zone is not reusable. Only set loadtime
618 on successful loads. [RT #27650]
620 3273. [bug] AAAA responses could be returned in the additional
621 section even when filter-aaaa-on-v4 was in use.
624 3271. [port] darwin: mksymtbl is not always stable, loop several
625 times before giving up. mksymtbl was using non
626 portable perl to covert 64 bit hex strings. [RT #27653]
628 3268. [bug] Convert RRSIG expiry times to 64 timestamps to work
629 out the earliest expiry time. [RT #23311]
631 3267. [bug] Memory allocation failures could be mis-reported as
632 unexpected error. New ISC_R_UNSET result code.
635 3266. [bug] The maximum number of NSEC3 iterations for a
636 DNSKEY RRset was not being properly computed.
639 3262. [bug] Signed responses were handled incorrectly by RPZ.
642 --- 9.8.2rc1 released ---
644 3260. [bug] "rrset-order cyclic" could appear not to rotate
645 for some query patterns. [RT #27170/27185]
647 3259. [bug] named-compilezone: Suppress "dump zone to <file>"
648 message when writing to stdout. [RT #27109]
650 3258. [test] Add "forcing full sign with unreadable keys" test.
653 3257. [bug] Do not generate a error message when calling fsync()
654 in a pipe or socket. [RT #27109]
656 3256. [bug] Disable empty zones for lwresd -C. [RT #27139]
658 3254. [bug] Set isc_socket_ipv6only() on the IPv6 control channels.
661 3253. [bug] Return DNS_R_SYNTAX when the input to a text field is
662 too long. [RT #26956]
664 3251. [bug] Enforce a upper bound (65535 bytes) on the amount of
665 memory dns_sdlz_putrr() can allocate per record to
666 prevent run away memory consumption on ISC_R_NOSPACE.
669 3250. [func] 'configure --enable-developer'; turn on various
670 configure options, normally off by default, that
671 we want developers to build and test with. [RT #27103]
673 3249. [bug] Update log message when saving slave zones files for
674 analysis after load failures. [RT #27087]
676 3248. [bug] Configure options --enable-fixed-rrset and
677 --enable-exportlib were incompatible with each
680 3247. [bug] 'raw' format zones failed to preserve load order
681 breaking 'fixed' sort order. [RT #27087]
683 3243. [port] netbsd,bsdi: the thread defaults were not being
686 3241. [bug] Address race conditions in the resolver code.
689 3240. [bug] DNSKEY state change events could be missed. [RT #26874]
691 3239. [bug] dns_dnssec_findmatchingkeys needs to use a consistent
692 timestamp. [RT #26883]
694 3238. [bug] keyrdata was not being reinitialized in
695 lib/dns/rbtdb.c:iszonesecure. [RT#26913]
697 3237. [bug] dig -6 didn't work with +trace. [RT #26906]
699 --- 9.8.2b1 released ---
701 3234. [bug] 'make depend' produced invalid makefiles. [RT #26830]
703 3231. [bug] named could fail to send a incompressible zone.
706 3230. [bug] 'dig axfr' failed to properly handle a multi-message
707 axfr with a serial of 0. [RT #26796]
709 3229. [bug] Fix local variable to struct var assignment
710 found by CLANG warning.
712 3228. [tuning] Dynamically grow symbol table to improve zone
713 loading performance. [RT #26523]
715 3227. [bug] Interim fix to make WKS's use of getprotobyname()
716 and getservbyname() self thread safe. [RT #26232]
718 3226. [bug] Address minor resource leakages. [RT #26624]
720 3221. [bug] Fixed a potential core dump on shutdown due to
721 referencing fetch context after it's been freed.
724 3220. [bug] Change #3186 was incomplete; dns_db_rpz_findips()
725 could fail to set the database version correctly,
726 causing an assertion failure. [RT #26180]
728 3218. [security] Cache lookup could return RRSIG data associated with
729 nonexistent records, leading to an assertion
732 3217. [cleanup] Fix build problem with --disable-static. [RT #26476]
734 3216. [bug] resolver.c:validated() was not thread-safe. [RT #26478]
736 3213. [doc] Clarify ixfr-from-differences behavior. [RT #25188]
738 3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
739 list prior to adding a reference to it leading a
740 possible assertion failure. [RT #23219]
742 3209. [func] Add "dnssec-lookaside 'no'". [RT #24858]
744 3208. [bug] 'dig -y' handle unknown tsig algorithm better.
747 3207. [contrib] Fixed build error in Berkeley DB DLZ module. [RT #26444]
749 3206. [cleanup] Add ISC information to log at start time. [RT #25484]
751 3204. [bug] When a master server that has been marked as
752 unreachable sends a NOTIFY, mark it reachable
755 3203. [bug] Increase log level to 'info' for validation failures
756 from expired or not-yet-valid RRSIGs. [RT #21796]
758 3200. [doc] Some rndc functions were undocumented or were
759 missing from 'rndc -h' output. [RT #25555]
761 3198. [doc] Clarified that dnssec-settime can alter keyfile
762 permissions. [RT #24866]
764 3196. [bug] nsupdate: return nonzero exit code when target zone
765 doesn't exist. [RT #25783]
767 3195. [cleanup] Silence "file not found" warnings when loading
768 managed-keys zone. [RT #26340]
770 3194. [doc] Updated RFC references in the 'empty-zones-enable'
771 documentation. [RT #25203]
773 3193. [cleanup] Changed MAXZONEKEYS to DNS_MAXZONEKEYS, moved to
774 dnssec.h. [RT #26415]
776 3192. [bug] A query structure could be used after being freed.
779 3191. [bug] Print NULL records using "unknown" format. [RT #26392]
781 3190. [bug] Underflow in error handling in isc_mutexblock_init.
784 3189. [test] Added a summary report after system tests. [RT #25517]
786 3188. [bug] zone.c:zone_refreshkeys() could fail to detach
787 references correctly when errors occurred, causing
788 a hang on shutdown. [RT #26372]
790 3187. [port] win32: support for Visual Studio 2008. [RT #26356]
792 3186. [bug] Version/db mis-match in rpz code. [RT #26180]
794 3179. [port] kfreebsd: build issues. [RT #26273]
796 3175. [bug] Fix how DNSSEC positive wildcard responses from a
797 NSEC3 signed zone are validated. Stop sending a
798 unnecessary NSEC3 record when generating such
799 responses. [RT #26200]
801 3174. [bug] Always compute to revoked key tag from scratch.
804 3173. [port] Correctly validate root DS responses. [RT #25726]
806 3171. [bug] Exclusively lock the task when adding a zone using
807 'rndc addzone'. [RT #25600]
809 3170. [func] RPZ update:
810 - fix precedence among competing rules
811 - improve ARM text including documenting rule precedence
812 - try to rewrite CNAME chains until first hit
813 - new "rpz" logging channel
814 - RDATA for CNAME rules can include wildcards
815 - replace "NO-OP" named.conf policy override with
816 "PASSTHRU" and add "DISABLED" override ("NO-OP"
820 3169. [func] Catch db/version mis-matches when calling dns_db_*().
823 3167. [bug] Negative answers from forwarders were not being
824 correctly tagged making them appear to not be cached.
827 3162. [test] start.pl: modified to allow for "named.args" in
828 ns*/ subdirectory to override stock arguments to
829 named. Largely from RT#26044, but no separate ticket.
831 3161. [bug] zone.c:del_sigs failed to always reset rdata leading
832 assertion failures. [RT #25880]
834 3157. [tuning] Reduce the time spent in "rndc reconfig" by parsing
835 the config file before pausing the server. [RT #21373]
837 3155. [bug] Fixed a build failure when using contrib DLZ
838 drivers (e.g., mysql, postgresql, etc). [RT #25710]
840 3154. [bug] Attempting to print an empty rdataset could trigger
841 an assert. [RT #25452]
843 3152. [cleanup] Some versions of gcc and clang failed due to
844 incorrect use of __builtin_expect. [RT #25183]
846 3151. [bug] Queries for type RRSIG or SIG could be handled
847 incorrectly. [RT #21050]
849 3148. [bug] Processing of normal queries could be stalled when
850 forwarding a UPDATE message. [RT #24711]
852 3146. [test] Fixed gcc4.6.0 errors in ATF. [RT #25598]
854 3145. [test] Capture output of ATF unit tests in "./atf.out" if
855 there were any errors while running them. [RT #25527]
857 3144. [bug] dns_dbiterator_seek() could trigger an assert when
858 used with a nonexistent database node. [RT #25358]
860 3143. [bug] Silence clang compiler warnings. [RT #25174]
862 3139. [test] Added tests from RFC 6234, RFC 2202, and RFC 1321
863 for the hashing algorithms (md5, sha1 - sha512, and
864 their hmac counterparts). [RT #25067]
866 --- 9.8.1 released ---
868 --- 9.8.1rc1 released ---
870 3141. [bug] Silence spurious "zone serial (0) unchanged" messages
871 associated with empty zones. [RT #25079]
873 3138. [bug] Address memory leaks and out-of-order operations when
874 shutting named down. [RT #25210]
876 3136. [func] Add RFC 1918 reverse zones to the list of built-in
877 empty zones switched on by the 'empty-zones-enable'
880 Note: empty-zones-enable must be "yes;" or a empty
881 zone needs to be disabled in named.conf for RFC 1918
882 zones to be activated. This requirement may be
883 removed in future releases.
885 3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.
886 See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307
889 3134. [bug] Improve the accuracy of dnssec-signzone's signing
890 statistics. [RT #16030]
892 --- 9.8.1b3 released ---
894 3133. [bug] Change #3114 was incomplete. [RT #24577]
896 3131. [tuning] Improve scalability by allocating one zone task
897 per 100 zones at startup time, rather than using a
898 fixed-size task table. [RT #24406]
900 3129. [bug] Named could crash on 'rndc reconfig' when
901 allow-new-zones was set to yes and named ACLs
902 were used. [RT #22739]
904 --- 9.8.1b2 released ---
906 3126. [security] Using DNAME record to generate replacements caused
907 RPZ to exit with a assertion failure. [RT #24766]
909 3125. [security] Using wildcard CNAME records as a replacement with
910 RPZ caused named to exit with a assertion failure.
913 3124. [bug] Use an rdataset attribute flag to indicate
914 negative-cache records rather than using rrtype 0;
915 this will prevent problems when that rrtype is
916 used in actual DNS packets. [RT #24777]
918 3123. [security] Change #2912 exposed a latent flaw in
919 dns_rdataset_totext() that could cause named to
920 crash with an assertion failure. [RT #24777]
922 3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664]
924 3121. [security] An authoritative name server sending a negative
925 response containing a very large RRset could
926 trigger an off-by-one error in the ncache code
927 and crash named. [RT #24650]
929 3120. [bug] Named could fail to validate zones listed in a DLV
930 that validated insecure without using DLV and had
931 DS records in the parent zone. [RT #24631]
933 3119. [bug] When rolling to a new DNSSEC key, a private-type
934 record could be created and never marked complete.
937 3118. [bug] nsupdate could dump core on shutdown when using
938 SIG(0) keys. [RT #24604]
940 3117. [cleanup] Remove doc and parser references to the
941 never-implemented 'auto-dnssec create' option.
944 3115. [bug] Named could fail to return requested data when
945 following a CNAME that points into the same zone.
948 3114. [bug] Retain expired RRSIGs in dynamic zones if key is
949 inactive and there is no replacement key. [RT #23136]
951 3113. [doc] Document the relationship between serial-query-rate
954 --- 9.8.1b1 released ---
956 3112. [doc] Add missing descriptions of the update policy name
957 types "ms-self", "ms-subdomain", "krb5-self" and
958 "krb5-subdomain", which allow machines to update
959 their own records, to the BIND 9 ARM.
961 3111. [bug] Improved consistency checks for dnssec-enable and
962 dnssec-validation, added test cases to the
963 checkconf system test. [RT #24398]
965 3110. [bug] dnssec-signzone: Wrong error message could appear
966 when attempting to sign with no KSK. [RT #24369]
968 3107. [bug] dnssec-signzone: Report the correct number of ZSKs
969 when using -x. [RT #20852]
971 3105. [bug] GOST support can be suppressed by "configure
972 --without-gost" [RT #24367]
974 3104. [bug] Better support for cross-compiling. [RT #24367]
976 3103. [bug] Configuring 'dnssec-validation auto' in a view
977 instead of in the options statement could trigger
978 an assertion failure in named-checkconf. [RT #24382]
980 3101. [bug] Zones using automatic key maintenance could fail
981 to check the key repository for updates. [RT #23744]
983 3100. [security] Certain response policy zone configurations could
984 trigger an INSIST when receiving a query of type
987 3099. [test] "dlz" system test now runs but gives R:SKIPPED if
988 not compiled with --with-dlz-filesystem. [RT #24146]
990 3098. [bug] DLZ zones were answering without setting the AA bit.
993 3097. [test] Add a tool to test handling of malformed packets.
996 3096. [bug] Set KRB5_KTNAME before calling log_cred() in
997 dst_gssapi_acceptctx(). [RT #24004]
999 3095. [bug] Handle isolated reserved ports in the port range.
1002 3094. [doc] Expand dns64 documentation.
1004 3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
1006 3092. [bug] Signatures for records at the zone apex could go
1007 stale due to an incorrect timer setting. [RT #23769]
1009 3091. [bug] Fixed a bug in which zone keys that were published
1010 and then subsequently activated could fail to trigger
1011 automatic signing. [RT #22911]
1013 3090. [func] Make --with-gssapi default [RT #23738]
1015 3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
1016 and add setup.sh in order to resolve changing
1017 named.conf issue. [RT #23687]
1019 3087. [bug] DDNS updates using SIG(0) with update-policy match
1020 type "external" could cause a crash. [RT #23735]
1022 3086. [bug] Running dnssec-settime -f on an old-style key will
1023 now force an update to the new key format even if no
1024 other change has been specified, using "-P now -A now"
1025 as default values. [RT #22474]
1027 3083. [bug] NOTIFY messages were not being sent when generating
1028 a NSEC3 chain incrementally. [RT #23702]
1030 3082. [port] strtok_r is threads only. [RT #23747]
1032 3081. [bug] Failure of DNAME substitution did not return
1033 YXDOMAIN. [RT #23591]
1035 3080. [cleanup] Replaced compile time constant by STDTIME_ON_32BITS.
1038 3079. [bug] Handle isc_event_allocate failures in t_tasks.
1041 3078. [func] Added a new include file with function typedefs
1042 for the DLZ "dlopen" driver. [RT #23629]
1044 3077. [bug] zone.c:zone_refreshkeys() incorrectly called
1045 dns_zone_attach(), use zone->irefs instead. [RT #23303]
1047 3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistent
1048 timestamp when determining which keys are active.
1051 3074. [bug] Make the adb cache read through for zone data and
1052 glue learn for zone named is authoritative for.
1055 3073. [bug] managed-keys changes were not properly being recorded.
1058 3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference.
1061 3071. [bug] has_nsec could be used uninitialized in
1062 update.c:next_active. [RT #20256]
1064 3070. [bug] dnssec-signzone potential NULL pointer dereference.
1067 3069. [cleanup] Silence warnings messages from clang static analysis.
1070 3068. [bug] Named failed to build with a OpenSSL without engine
1071 support. [RT #23473]
1073 3067. [bug] ixfr-from-differences {master|slave}; failed to
1074 select the master/slave zones. [RT #23580]
1076 3066. [func] The DLZ "dlopen" driver is now built by default,
1077 no longer requiring a configure option. To
1078 disable it, use "configure --without-dlopen".
1079 (Note: driver not supported on win32.) [RT #23467]
1081 3065. [bug] RRSIG could have time stamps too far in the future.
1084 3064. [bug] powerpc: add sync instructions to the end of atomic
1085 operations. [RT #23469]
1087 3063. [contrib] More verbose error reporting from DLZ LDAP. [RT #23402]
1089 3059. [test] Added a regression test for change #3023.
1091 3058. [bug] Cause named to terminate at startup or rndc reconfig/
1092 reload to fail, if a log file specified in the conf
1093 file isn't a plain file. [RT #22771]
1095 3057. [bug] "rndc secroots" would abort after the first error
1096 and so could miss some views. [RT #23488]
1098 3054. [bug] Added elliptic curve support check in
1099 GOST OpenSSL engine detection. [RT #23485]
1101 3053. [bug] Under a sustained high query load with a finite
1102 max-cache-size, it was possible for cache memory
1103 to be exhausted and not recovered. [RT #23371]
1105 3052. [test] Fixed last autosign test report. [RT #23256]
1107 3051. [bug] NS records obscure DNAME records at the bottom of the
1108 zone if both are present. [RT #23035]
1110 3050. [bug] The autosign system test was timing dependent.
1111 Wait for the initial autosigning to complete
1112 before running the rest of the test. [RT #23035]
1114 3049. [bug] Save and restore the gid when creating creating
1115 named.pid at startup. [RT #23290]
1117 3048. [bug] Fully separate view key management. [RT #23419]
1119 3047. [bug] DNSKEY NODATA responses not cached fixed in
1120 validator.c. Tests added to dnssec system test.
1123 3046. [bug] Use RRSIG original TTL to compute validated RRset
1124 and RRSIG TTL. [RT #23332]
1126 3044. [bug] Hold the socket manager lock while freeing the socket.
1129 3043. [test] Merged in the NetBSD ATF test framework (currently
1130 version 0.12) for development of future unit tests.
1131 Use configure --with-atf to build ATF internally
1132 or configure --with-atf=prefix to use an external
1135 3042. [bug] dig +trace could fail attempting to use IPv6
1136 addresses on systems with only IPv4 connectivity.
1139 3041. [bug] dnssec-signzone failed to generate new signatures on
1140 ttl changes. [RT #23330]
1142 3040. [bug] Named failed to validate insecure zones where a node
1143 with a CNAME existed between the trust anchor and the
1144 top of the zone. [RT #23338]
1146 3038. [bug] Install <dns/rpz.h>. [RT #23342]
1148 3037. [doc] Update COPYRIGHT to contain all the individual
1149 copyright notices that cover various parts.
1151 3036. [bug] Check built-in zone arguments to see if the zone
1152 is re-usable or not. [RT #21914]
1154 3035. [cleanup] Simplify by using strlcpy. [RT #22521]
1156 3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521]
1158 3033. [cleanup] Add two INSIST(bucket != DNS_ADB_INVALIDBUCKET).
1161 3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
1163 3031. [bug] dns_rdataclass_format() handle a zero sized buffer.
1166 3030. [bug] dns_rdatatype_format() handle a zero sized buffer.
1169 3029. [bug] isc_netaddr_format() handle a zero sized buffer.
1172 3028. [bug] isc_sockaddr_format() handle a zero sized buffer.
1175 3027. [bug] Add documented REQUIREs to cfg_obj_asnetprefix() to
1176 catch NULL pointer dereferences before they happen.
1179 3026. [bug] lib/isc/httpd.c: check that we have enough space
1180 after calling grow_headerspace() and if not
1181 re-call grow_headerspace() until we do. [RT #22521]
1183 --- 9.8.0 released ---
1185 3025. [bug] Fixed a possible deadlock due to zone resigning.
1188 3024. [func] RTT Banding removed due to minor security increase
1189 but major impact on resolver latency. [RT #23310]
1191 3023. [bug] Named could be left in an inconsistent state when
1192 receiving multiple AXFR response messages that were
1193 not all TSIG-signed. [RT #23254]
1195 3022. [bug] Fixed rpz SERVFAILs after failed zone transfers
1198 3021. [bug] Change #3010 was incomplete. [RT #22296]
1200 3020. [bug] auto-dnssec failed to correctly update the zone when
1201 changing the DNSKEY RRset. [RT #23232]
1203 3019. [test] Test: check apex NSEC3 records after adding DNSKEY
1204 record via UPDATE. [RT #23229]
1206 --- 9.8.0rc1 released ---
1208 3018. [bug] Named failed to check for the "none;" acl when deciding
1209 if a zone may need to be re-signed. [RT #23120]
1211 3017. [doc] dnssec-keyfromlabel -I was not properly documented.
1214 3016. [bug] rndc usage missing '-b'. [RT #22937]
1216 3015. [port] win32: fix IN6_IS_ADDR_LINKLOCAL and
1217 IN6_IS_ADDR_SITELOCAL macros. [RT #22724]
1219 3013. [bug] The DNS64 ttl was not always being set as expected.
1222 3012. [bug] Remove DNSKEY TTL change pairs before generating
1223 signing records for any remaining DNSKEY changes.
1226 3011. [func] Allow setting this in named.conf using the new
1227 'resolver-query-timeout' option, which specifies a max
1228 time in seconds. 0 means 'default' and anything longer
1229 than 30 will be silently set to 30. [RT #22852]
1231 3010. [bug] Fixed a bug where "rndc reconfig" stopped the timer
1232 for refreshing managed-keys. [RT #22296]
1234 3009. [bug] clients-per-query code didn't work as expected with
1235 particular query patterns. [RT #22972]
1237 --- 9.8.0b1 released ---
1239 3008. [func] Response policy zones (RPZ) support. [RT #21726]
1241 3007. [bug] Named failed to preserve the case of domain names in
1242 rdata which is not compressible when writing master
1245 3006. [func] Allow dynamically generated TSIG keys to be preserved
1246 across restarts of named. Initially this is for
1247 TSIG keys generated using GSSAPI. [RT #22639]
1249 3005. [port] Solaris: Work around the lack of
1250 gsskrb5_register_acceptor_identity() by setting
1251 the KRB5_KTNAME environment variable to the
1252 contents of tkey-gssapi-keytab. Also fixed
1253 test errors on MacOSX. [RT #22853]
1255 3004. [func] DNS64 reverse support. [RT #22769]
1257 3003. [experimental] Added update-policy match type "external",
1258 enabling named to defer the decision of whether to
1259 allow a dynamic update to an external daemon.
1260 (Contributed by Andrew Tridgell.) [RT #22758]
1262 3002. [bug] isc_mutex_init_errcheck() failed to destroy attr.
1265 3001. [func] Added a default trust anchor for the root zone, which
1266 can be switched on by setting "dnssec-validation auto;"
1267 in the named.conf options. [RT #21727]
1269 3000. [bug] More TKEY/GSS fixes:
1270 - nsupdate can now get the default realm from
1271 the user's Kerberos principal
1272 - corrected gsstest compilation flags
1273 - improved documentation
1274 - fixed some NULL dereferences
1277 2999. [func] Add GOST support (RFC 5933). [RT #20639]
1279 2998. [func] Add isc_task_beginexclusive and isc_task_endexclusive
1280 to the task api. [RT #22776]
1282 2997. [func] named -V now reports the OpenSSL and libxml2 verions
1283 it was compiled against. [RT #22687]
1285 2996. [security] Temporarily disable SO_ACCEPTFILTER support.
1288 2995. [bug] The Kerberos realm was not being correctly extracted
1289 from the signer's identity. [RT #22770]
1291 2994. [port] NetBSD: use pthreads by default on NetBSD >= 5.0, and
1292 do not use threads on earlier versions. Also kill
1293 the unproven-pthreads, mit-pthreads, and ptl2 support.
1295 2993. [func] Dynamically grow adb hash tables. [RT #21186]
1297 2992. [contrib] contrib/check-secure-delegation.pl: A simple tool
1298 for looking at a secure delegation. [RT #22059]
1300 2991. [contrib] contrib/zone-edit.sh: A simple zone editing tool for
1301 dynamic zones. [RT #22365]
1303 2990. [bug] 'dnssec-settime -S' no longer tests prepublication
1304 interval validity when the interval is set to 0.
1307 2989. [func] Added support for writable DLZ zones. (Contributed
1308 by Andrew Tridgell of the Samba project.) [RT #22629]
1310 2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
1311 of external DLZ drivers that can be loaded as
1312 shared objects at runtime rather than linked with
1313 named. Currently this is switched on via a
1314 compile-time option, "configure --with-dlz-dlopen".
1315 Note: the syntax for configuring DLZ zones
1316 is likely to be refined in future releases.
1317 (Contributed by Andrew Tridgell of the Samba
1318 project.) [RT #22629]
1320 2987. [func] Improve ease of configuring TKEY/GSS updates by
1321 adding a "tkey-gssapi-keytab" option. If set,
1322 updates will be allowed with any key matching
1323 a principal in the specified keytab file.
1324 "tkey-gssapi-credential" is no longer required
1325 and is expected to be deprecated. (Contributed
1326 by Andrew Tridgell of the Samba project.)
1329 2986. [func] Add new zone type "static-stub". It's like a stub
1330 zone, but the nameserver names and/or their IP
1331 addresses are statically configured. [RT #21474]
1333 2985. [bug] Add a regression test for change #2896. [RT #21324]
1335 2984. [bug] Don't run MX checks when the target of the MX record
1338 2983. [bug] Include "loadkeys" in rndc help output. [RT #22493]
1340 --- 9.8.0a1 released ---
1342 2982. [bug] Reference count dst keys. dst_key_attach() can be used
1343 increment the reference count.
1345 Note: dns_tsigkey_createfromkey() callers should now
1346 always call dst_key_free() rather than setting it
1347 to NULL on success. [RT #22672]
1349 2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991]
1351 2980. [bug] named didn't properly handle UPDATES that changed the
1352 TTL of the NSEC3PARAM RRset. [RT #22363]
1354 2979. [bug] named could deadlock during shutdown if two
1355 "rndc stop" commands were issued at the same
1358 2978. [port] hpux: look for <devpoll.h> [RT #21919]
1360 2977. [bug] 'nsupdate -l' report if the session key is missing.
1363 2976. [bug] named could die on exit after negotiating a GSS-TSIG
1366 2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
1367 wrong lock which could lead to server deadlock.
1370 2974. [bug] Some valid UPDATE requests could fail due to a
1371 consistency check examining the existing version
1372 of the zone rather than the new version resulting
1373 from the UPDATE. [RT #22413]
1375 2973. [bug] bind.keys.h was being removed by the "make clean"
1376 at the end of configure resulting in build failures
1377 where there is very old version of perl installed.
1378 Move it to "make maintainer-clean". [RT #22230]
1380 2972. [bug] win32: address windows socket errors. [RT #21906]
1382 2971. [bug] Fixed a bug that caused journal files not to be
1383 compacted on Windows systems as a result of
1384 non-POSIX-compliant rename() semantics. [RT #22434]
1386 2970. [security] Adding a NO DATA negative cache entry failed to clear
1387 any matching RRSIG records. A subsequent lookup of
1388 of NO DATA cache entry could trigger a INSIST when the
1389 unexpected RRSIG was also returned with the NO DATA
1392 CVE-2010-3613, VU#706148. [RT #22288]
1394 2969. [security] Fix acl type processing so that allow-query works
1395 in options and view statements. Also add a new
1396 set of tests to verify proper functioning.
1398 CVE-2010-3615, VU#510208. [RT #22418]
1400 2968. [security] Named could fail to prove a data set was insecure
1401 before marking it as insecure. One set of conditions
1402 that can trigger this occurs naturally when rolling
1405 CVE-2010-3614, VU#837744. [RT #22309]
1407 2967. [bug] 'host -D' now turns on debugging messages earlier.
1410 2966. [bug] isc_print_vsnprintf() failed to check if there was
1411 space available in the buffer when adding a left
1412 justified character with a non zero width,
1413 (e.g. "%-1c"). [RT #22270]
1415 2965. [func] Test HMAC functions using test data from RFC 2104 and
1416 RFC 4634. [RT #21702]
1420 2963. [security] The allow-query acl was being applied instead of the
1421 allow-query-cache acl to cache lookups. [RT #22114]
1423 2962. [port] win32: add more dependencies to BINDBuild.dsw.
1426 2961. [bug] Be still more selective about the non-authoritative
1427 answers we apply change 2748 to. [RT #22074]
1429 2960. [func] Check that named accepts non-authoritative answers.
1432 2959. [func] Check that named starts with a missing masterfile.
1435 2958. [bug] named failed to start with a missing master file.
1438 2957. [bug] entropy_get() and entropy_getpseudo() failed to match
1439 the API for RAND_bytes() and RAND_pseudo_bytes()
1440 respectively. [RT #21962]
1442 2956. [port] Enable atomic operations on the PowerPC64. [RT #21899]
1444 2955. [func] Provide more detail in the recursing log. [RT #22043]
1446 2954. [bug] contrib: dlz_mysql_driver.c bad error handling on
1447 build_sqldbinstance failure. [RT #21623]
1449 2953. [bug] Silence spurious "expected covering NSEC3, got an
1450 exact match" message when returning a wildcard
1451 no data response. [RT #21744]
1453 2952. [port] win32: named-checkzone and named-checkconf failed
1454 to initialize winsock. [RT #21932]
1456 2951. [bug] named failed to generate a correct signed response
1457 in a optout, delegation only zone with no secure
1458 delegations. [RT #22007]
1460 2950. [bug] named failed to perform a SOA up to date check when
1461 falling back to TCP on UDP timeouts when
1462 ixfr-from-differences was set. [RT #21595]
1464 2949. [bug] dns_view_setnewzones() contained a memory leak if
1465 it was called multiple times. [RT #21942]
1467 2948. [port] MacOS: provide a mechanism to configure the test
1468 interfaces at reboot. See bin/tests/system/README
1473 2946. [doc] Document the default values for the minimum and maximum
1474 zone refresh and retry values in the ARM. [RT #21886]
1476 2945. [doc] Update empty-zones list in ARM. [RT #21772]
1478 2944. [maint] Remove ORCHID prefix from built in empty zones.
1481 2943. [func] Add support to load new keys into managed zones
1482 without signing immediately with "rndc loadkeys".
1483 Add support to link keys with "dnssec-keygen -S"
1484 and "dnssec-settime -S". [RT #21351]
1486 2942. [contrib] zone2sqlite failed to setup the entropy sources.
1489 2941. [bug] sdb and sdlz (dlz's zone database) failed to support
1490 DNAME at the zone apex. [RT #21610]
1492 2940. [port] Remove connection aborted error message on
1493 Windows. [RT #21549]
1495 2939. [func] Check that named successfully skips NSEC3 records
1496 that fail to match the NSEC3PARAM record currently
1499 2938. [bug] When generating signed responses, from a signed zone
1500 that uses NSEC3, named would use a uninitialized
1501 pointer if it needed to skip a NSEC3 record because
1502 it didn't match the selected NSEC3PARAM record for
1505 2937. [bug] Worked around an apparent race condition in over
1506 memory conditions. Without this fix a DNS cache DB or
1507 ADB could incorrectly stay in an over memory state,
1508 effectively refusing further caching, which
1509 subsequently made a BIND 9 caching server unworkable.
1510 This fix prevents this problem from happening by
1511 polling the state of the memory context, rather than
1512 making a copy of the state, which appeared to cause
1513 a race. This is a "workaround" in that it doesn't
1514 solve the possible race per se, but several experiments
1515 proved this change solves the symptom. Also, the
1516 polling overhead hasn't been reported to be an issue.
1517 This bug should only affect a caching server that
1518 specifies a finite max-cache-size. It's also quite
1519 likely that the bug happens only when enabling threads,
1520 but it's not confirmed yet. [RT #21818]
1522 2936. [func] Improved configuration syntax and multiple-view
1523 support for addzone/delzone feature (see change
1524 #2930). Removed "new-zone-file" option, replaced
1525 with "allow-new-zones (yes|no)". The new-zone-file
1526 for each view is now created automatically, with
1527 a filename generated from a hash of the view name.
1528 It is no longer necessary to "include" the
1529 new-zone-file in named.conf; this happens
1530 automatically. Zones that were not added via
1531 "rndc addzone" can no longer be removed with
1532 "rndc delzone". [RT #19447]
1534 2935. [bug] nsupdate: improve 'file not found' error message.
1537 2934. [bug] Use ANSI C compliant shift range in lib/isc/entropy.c.
1540 2933. [bug] 'dig +nsid' used stack memory after it went out of
1541 scope. This could potentially result in a unknown,
1542 potentially malformed, EDNS option being sent instead
1543 of the desired NSID option. [RT #21781]
1545 2932. [cleanup] Corrected a numbering error in the "dnssec" test.
1548 2931. [bug] Temporarily and partially disable change 2864
1549 because it would cause infinite attempts of RRSIG
1550 queries. This is an urgent care fix; we'll
1551 revisit the issue and complete the fix later.
1554 2930. [experimental] New "rndc addzone" and "rndc delzone" commands
1555 allow dynamic addition and deletion of zones.
1556 To enable this feature, specify a "new-zone-file"
1557 option at the view or options level in named.conf.
1558 Zone configuration information for the new zones
1559 will be written into that file. To make the new
1560 zones persist after a restart, "include" the file
1561 into named.conf in the appropriate view. (Note:
1562 This feature is not yet documented, and its syntax
1563 is expected to change.) [RT #19447]
1565 2929. [bug] Improved handling of GSS security contexts:
1566 - added LRU expiration for generated TSIGs
1567 - added the ability to use a non-default realm
1568 - added new "realm" keyword in nsupdate
1569 - limited lifetime of generated keys to 1 hour
1570 or the lifetime of the context (whichever is
1574 2928. [bug] Be more selective about the non-authoritative
1575 answer we apply change 2748 to. [RT #21594]
1581 2925. [bug] Named failed to accept uncachable negative responses
1582 from insecure zones. [RT# 21555]
1584 2924. [func] 'rndc secroots' dump a combined summary of the
1585 current managed keys combined with trusted keys.
1588 2923. [bug] 'dig +trace' could drop core after "connection
1589 timeout". [RT #21514]
1591 2922. [contrib] Update zkt to version 1.0.
1593 2921. [bug] The resolver could attempt to destroy a fetch context
1594 too soon. [RT #19878]
1596 2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
1597 to IPv4 clients. New acl 'filter-aaaa' (default any).
1599 2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
1602 2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
1604 2917. [func] Virtual time test framework. [RT #20801]
1606 2916. [func] Add framework to use IPv6 in tests.
1607 fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
1609 2915. [cleanup] Be smarter about which objects we attempt to compile
1610 based on configure options. [RT #21444]
1612 2914. [bug] Make the "autosign" system test more portable.
1615 2913. [func] Add pkcs#11 system tests. [RT #20784]
1617 2912. [func] Windows clients don't like UPDATE responses that clear
1618 the zone section. [RT #20986]
1620 2911. [bug] dnssec-signzone didn't handle out of zone records well.
1623 2910. [func] Sanity check Kerberos credentials. [RT #20986]
1625 2909. [bug] named-checkconf -p could die if "update-policy local;"
1626 was specified in named.conf. [RT #21416]
1628 2908. [bug] It was possible for re-signing to stop after removing
1629 a DNSKEY. [RT #21384]
1631 2907. [bug] The export version of libdns had undefined references.
1634 2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
1636 2905. [port] aix: set use_atomic=yes with native compiler.
1639 2904. [bug] When using DLV, sub-zones of the zones in the DLV,
1640 could be incorrectly marked as insecure instead of
1641 secure leading to negative proofs failing. This was
1642 a unintended outcome from change 2890. [RT# 21392]
1644 2903. [bug] managed-keys-directory missing from namedconf.c.
1647 2902. [func] Add regression test for change 2897. [RT #21040]
1649 2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
1651 2900. [bug] The placeholder negative caching element was not
1652 properly constructed triggering a INSIST in
1653 dns_ncache_towire(). [RT #21346]
1655 2899. [port] win32: Support linking against OpenSSL 1.0.0.
1657 2898. [bug] nslookup leaked memory when -domain=value was
1658 specified. [RT #21301]
1660 2897. [bug] NSEC3 chains could be left behind when transitioning
1661 to insecure. [RT #21040]
1663 2896. [bug] "rndc sign" failed to properly update the zone
1664 when adding a DNSKEY for publication only. [RT #21045]
1666 2895. [func] genrandom: add support for the generation of multiple
1669 2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
1671 2893. [bug] Improve managed keys support. New named.conf option
1672 managed-keys-directory. [RT #20924]
1674 2892. [bug] Handle REVOKED keys better. [RT #20961]
1676 2891. [maint] Update empty-zones list to match
1677 draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
1679 2890. [bug] Handle the introduction of new trusted-keys and
1680 DS, DLV RRsets better. [RT #21097]
1682 2889. [bug] Elements of the grammar where not properly reported.
1685 2888. [bug] Only the first EDNS option was displayed. [RT #21273]
1687 2887. [bug] Report the keytag times in UTC in the .key file,
1688 local time is presented as a comment within the
1689 comment. [RT #21223]
1691 2886. [bug] ctime() is not thread safe. [RT #21223]
1693 2885. [bug] Improve -fno-strict-aliasing support probing in
1694 configure. [RT #21080]
1696 2884. [bug] Insufficient validation in dns_name_getlabelsequence().
1699 2883. [bug] 'dig +short' failed to handle really large datasets.
1702 2882. [bug] Remove memory context from list of active contexts
1703 before clearing 'magic'. [RT #21274]
1705 2881. [bug] Reduce the amount of time the rbtdb write lock
1706 is held when closing a version. [RT #21198]
1708 2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
1709 consistent. [RT #21078]
1711 2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
1714 2878. [func] Incrementally write the master file after performing
1717 2877. [bug] The validator failed to skip obviously mismatching
1720 2876. [bug] Named could return SERVFAIL for negative responses
1721 from unsigned zones. [RT #21131]
1723 2875. [bug] dns_time64_fromtext() could accept non digits.
1726 2874. [bug] Cache lack of EDNS support only after the server
1727 successfully responds to the query using plain DNS.
1730 2873. [bug] Canceling a dynamic update via the dns/client module
1731 could trigger an assertion failure. [RT #21133]
1733 2872. [bug] Modify dns/client.c:dns_client_createx() to only
1734 require one of IPv4 or IPv6 rather than both.
1737 2871. [bug] Type mismatch in mem_api.c between the definition and
1738 the header file, causing build failure with
1739 --enable-exportlib. [RT #21138]
1741 2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
1743 2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
1746 2868. [cleanup] Run "make clean" at the end of configure to ensure
1747 any changes made by configure are integrated.
1748 Use --with-make-clean=no to disable. [RT #20994]
1750 2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
1751 don't like it. [RT #20986]
1753 2866. [bug] Windows does not like the TSIG name being compressed.
1756 2865. [bug] memset to zero event.data. [RT #20986]
1758 2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
1761 2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
1764 2862. [bug] nsupdate didn't default to the parent zone when
1765 updating DS records. [RT #20896]
1767 2861. [doc] dnssec-settime man pages didn't correctly document the
1768 inactivation time. [RT #21039]
1770 2860. [bug] named-checkconf's usage was out of date. [RT #21039]
1772 2859. [bug] When canceling validation it was possible to leak
1775 2858. [bug] RTT estimates were not being adjusted on ICMP errors.
1778 2857. [bug] named-checkconf did not fail on a bad trusted key.
1781 2856. [bug] The size of a memory allocation was not always properly
1782 recorded. [RT #20927]
1784 2855. [func] nsupdate will now preserve the entered case of domain
1785 names in update requests it sends. [RT #20928]
1787 2854. [func] dig: allow the final soa record in a axfr response to
1788 be suppressed, dig +onesoa. [RT #20929]
1790 2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
1792 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
1794 2851. [doc] nslookup.1, removed <informalexample> from the docbook
1795 source as it produced bad nroff. [RT #21007]
1797 2850. [bug] If isc_heap_insert() failed due to memory shortage
1798 the heap would have corrupted entries. [RT #20951]
1800 2849. [bug] Don't treat errors from the xml2 library as fatal.
1803 2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and
1804 README.rfc5011 into the ARM. [RT #20899]
1806 2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921]
1808 2846. [bug] EOF on unix domain sockets was not being handled
1809 correctly. [RT #20731]
1811 2845. [bug] RFC 5011 client could crash on shutdown. [RT #20903]
1813 2844. [doc] notify-delay default in ARM was wrong. It should have
1814 been five (5) seconds.
1816 2843. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from
1817 creating key files if there is a chance that the new
1818 key ID will collide with an existing one after
1819 either of the keys has been revoked. (To override
1820 this in the case of dnssec-keyfromlabel, use the -y
1821 option. dnssec-keygen will simply create a
1822 different, non-colliding key, so an override is
1823 not necessary.) [RT #20838]
1825 2842. [func] Added "smartsign" and improved "autosign" and
1826 "dnssec" regression tests. [RT #20865]
1828 2841. [bug] Change 2836 was not complete. [RT #20883]
1830 2840. [bug] Temporary fixed pkcs11-destroy usage check.
1833 2839. [bug] A KSK revoked by named could not be deleted.
1838 2837. [port] Prevent Linux spurious warnings about fwrite().
1841 2836. [bug] Keys that were scheduled to become active could
1842 be delayed. [RT #20874]
1844 2835. [bug] Key inactivity dates were inadvertently stored in
1845 the private key file with the outdated tag
1846 "Unpublish" rather than "Inactive". This has been
1847 fixed; however, any existing keys that had Inactive
1848 dates set will now need to have them reset, using
1849 'dnssec-settime -I'. [RT #20868]
1851 2834. [bug] HMAC-SHA* keys that were longer than the algorithm
1852 digest length were used incorrectly, leading to
1853 interoperability problems with other DNS
1854 implementations. This has been corrected.
1855 (Note: If an oversize key is in use, and
1856 compatibility is needed with an older release of
1857 BIND, the new tool "isc-hmac-fixup" can convert
1858 the key secret to a form that will work with all
1859 versions.) [RT #20751]
1861 2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime.
1864 2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
1865 to avoid redefinition in some OSs [RT 20831]
1867 2831. [security] Do not attempt to validate or cache
1868 out-of-bailiwick data returned with a secure
1869 answer; it must be re-fetched from its original
1870 source and validated in that context. [RT #20819]
1872 2830. [bug] Changing the OPTOUT setting could take multiple
1875 2829. [bug] Fixed potential node inconsistency in rbtdb.c.
1878 2828. [security] Cached CNAME or DNAME RR could be returned to clients
1879 without DNSSEC validation. [RT #20737]
1881 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
1883 2826. [bug] NSEC3->NSEC transitions could fail due to a lock not
1884 being released. [RT #20740]
1886 2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
1887 was in the process of being created was not properly
1888 recorded in the zone. [RT #20786]
1890 2824. [bug] "rndc sign" was not being run by the correct task.
1893 2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
1895 2822. [bug] rbtdb.c:loadnode() could return the wrong result.
1898 2821. [doc] Add note that named-checkconf doesn't automatically
1899 read rndc.key and bind.keys [RT #20758]
1901 2820. [func] Handle read access failure of OpenSSL configuration
1902 file more user friendly (PKCS#11 engine patch).
1905 2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
1908 2818. [cleanup] rndc could return an incorrect error code
1909 when a zone was not found. [RT #20767]
1911 2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
1914 2816. [bug] previous_closest_nsec() could fail to return
1915 data for NSEC3 nodes [RT #29730]
1917 2815. [bug] Exclusively lock the task when freezing a zone.
1920 2814. [func] Provide a definitive error message when a master
1921 zone is not loaded. [RT #20757]
1923 2813. [bug] Better handling of unreadable DNSSEC key files.
1926 2812. [bug] Make sure updates can't result in a zone with
1927 NSEC-only keys and NSEC3 records. [RT #20748]
1929 2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
1932 2810. [doc] Clarified the process of transitioning an NSEC3 zone
1933 to insecure. [RT #20746]
1935 2809. [cleanup] Restored accidentally-deleted text in usage output
1936 in dnssec-settime and dnssec-revoke [RT #20739]
1938 2808. [bug] Remove the attempt to install atomic.h from lib/isc.
1939 atomic.h is correctly installed by the architecture
1940 specific subdirectories. [RT #20722]
1942 2807. [bug] Fixed a possible ASSERT when reconfiguring zone
1945 --- 9.7.0rc1 released ---
1947 2806. [bug] "rdnc sign" could delay re-signing the DNSKEY
1948 when it had changed. [RT #20703]
1950 2805. [bug] Fixed namespace problems encountered when building
1951 external programs using non-exported BIND9 libraries
1952 (i.e., built without --enable-exportlib). [RT #20679]
1954 2804. [bug] Send notifies when a zone is signed with "rndc sign"
1955 or as a result of a scheduled key change. [RT #20700]
1957 2803. [port] win32: Install named-journalprint, nsec3hash, arpaname
1958 and genrandom under windows. [RT #20670]
1960 2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670]
1962 2801. [func] Detect and report records that are different according
1963 to DNSSEC but are semantically equal according to plain
1964 DNS. Apply plain DNS comparisons rather than DNSSEC
1965 comparisons when processing UPDATE requests.
1966 dnssec-signzone now removes such semantically duplicate
1967 records prior to signing the RRset.
1969 named-checkzone -r {ignore|warn|fail} (default warn)
1970 named-compilezone -r {ignore|warn|fail} (default warn)
1972 named.conf: check-dup-records {ignore|warn|fail};
1974 2800. [func] Reject zones which have NS records which refer to
1975 CNAMEs, DNAMEs or don't have address record (class IN
1976 only). Reject UPDATEs which would cause the zone
1977 to fail the above checks if committed. [RT #20678]
1979 2799. [cleanup] Changed the "secure-to-insecure" option to
1980 "dnssec-secure-to-insecure", and "dnskey-ksk-only"
1981 to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
1983 2798. [bug] Addressed bugs in managed-keys initialization
1984 and rollover. [RT #20683]
1986 2797. [bug] Don't decrement the dispatch manager's maxbuffers.
1989 2796. [bug] Missing dns_rdataset_disassociate() call in
1990 dns_nsec3_delnsec3sx(). [RT #20681]
1992 2795. [cleanup] Add text to differentiate "update with no effect"
1993 log messages. [RT #18889]
1995 2794. [bug] Install <isc/namespace.h>. [RT #20677]
1997 2793. [func] Add "autosign" and "metadata" tests to the
1998 automatic tests. [RT #19946]
2000 2792. [func] "filter-aaaa-on-v4" can now be set in view
2001 options (if compiled in). [RT #20635]
2003 2791. [bug] The installation of isc-config.sh was broken.
2006 2790. [bug] Handle DS queries to stub zones. [RT #20440]
2008 2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
2010 2788. [bug] dnssec-signzone could sign with keys that were
2011 not requested [RT #20625]
2013 2787. [bug] Spurious log message when zone keys were
2014 dynamically reconfigured. [RT #20659]
2016 2786. [bug] Additional could be promoted to answer. [RT #20663]
2018 --- 9.7.0b3 released ---
2020 2785. [bug] Revoked keys could fail to self-sign [RT #20652]
2022 2784. [bug] TC was not always being set when required glue was
2023 dropped. [RT #20655]
2025 2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
2026 buffer size of 512 or less. [RT #20654]
2028 2782. [port] win32: use getaddrinfo() for hostname lookups.
2031 2781. [bug] Inactive keys could be used for signing. [RT #20649]
2033 2780. [bug] dnssec-keygen -A none didn't properly unset the
2034 activation date in all cases. [RT #20648]
2036 2779. [bug] Dynamic key revocation could fail. [RT #20644]
2038 2778. [bug] dnssec-signzone could fail when a key was revoked
2039 without deleting the unrevoked version. [RT #20638]
2041 2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
2043 2776. [bug] Change #2762 was not correct. [RT #20647]
2045 2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible
2046 in dnssec-keyfromlabel. [RT #20643]
2048 2774. [bug] Existing cache DB wasn't being reused after
2049 reconfiguration. [RT #20629]
2051 2773. [bug] In autosigned zones, the SOA could be signed
2052 with the KSK. [RT #20628]
2054 2772. [security] When validating, track whether pending data was from
2055 the additional section or not and only return it if
2056 validates as secure. [RT #20438]
2058 2771. [bug] dnssec-signzone: DNSKEY records could be
2059 corrupted when importing from key files [RT #20624]
2061 2770. [cleanup] Add log messages to resolver.c to indicate events
2062 causing FORMERR responses. [RT #20526]
2064 2769. [cleanup] Change #2742 was incomplete. [RT #19589]
2066 2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568]
2068 2767. [bug] named could crash on startup if a zone was
2069 configured with auto-dnssec and there was no
2070 key-directory. [RT #20615]
2072 2766. [bug] isc_socket_fdwatchpoke() should only update the
2073 socketmgr state if the socket is not pending on a
2074 read or write. [RT #20603]
2076 2765. [bug] Skip masters for which the TSIG key cannot be found.
2079 2764. [bug] "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
2081 2763. [bug] "rndc sign" didn't create an NSEC chain. [RT #20591]
2083 2762. [bug] DLV validation failed with a local slave DLV zone.
2086 2761. [cleanup] Enable internal symbol table for backtrace only for
2087 systems that are known to work. Currently, BSD
2088 variants, Linux and Solaris are supported. [RT# 20202]
2090 2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
2092 2759. [doc] Add information about .jbk/.jnw files to
2093 the ARM. [RT #20303]
2095 2758. [bug] win32: Added a workaround for a windows 2008 bug
2096 that could cause the UDP client handler to shut
2099 2757. [bug] dig: assertion failure could occur in connect
2100 timeout. [RT #20599]
2102 2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]
2106 2754. [bug] Secure-to-insecure transitions failed when zone
2107 was signed with NSEC3. [RT #20587]
2109 2753. [bug] Removed an unnecessary warning that could appear when
2110 building an NSEC chain. [RT #20589]
2112 2752. [bug] Locking violation. [RT #20587]
2114 2751. [bug] Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
2116 2750. [bug] dig: assertion failure could occur when a server
2117 didn't have an address. [RT #20579]
2119 2749. [bug] ixfr-from-differences generated a non-minimal ixfr
2120 for NSEC3 signed zones. [RT #20452]
2122 2748. [func] Identify bad answers from GTLD servers and treat them
2123 as referrals. [RT #18884]
2125 2747. [bug] Journal roll forwards failed to set the re-signing
2126 time of RRSIGs correctly. [RT #20541]
2128 2746. [port] hpux: address signed/unsigned expansion mismatch of
2129 dns_rbtnode_t.nsec. [RT #20542]
2131 2745. [bug] configure script didn't probe the return type of
2132 gai_strerror(3) correctly. [RT #20573]
2134 2744. [func] Log if a query was over TCP. [RT #19961]
2136 2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
2137 for a insecure delegation.
2139 --- 9.7.0b2 released ---
2141 2742. [cleanup] Clarify some DNSSEC-related log messages in
2142 validator.c. [RT #19589]
2144 2741. [func] Allow the dnssec-keygen progress messages to be
2145 suppressed (dnssec-keygen -q). Automatically
2146 suppress the progress messages when stdin is not
2151 2739. [cleanup] Clean up API for initializing and clearing trust
2152 anchors for a view. [RT #20211]
2154 2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system
2157 2737. [func] UPDATE requests can leak existence information.
2160 2736. [func] Improve the performance of NSEC signed zones with
2161 more than a normal amount of glue below a delegation.
2164 2735. [bug] dnssec-signzone could fail to read keys
2165 that were specified on the command line with
2166 full paths, but weren't in the current
2167 directory. [RT #20421]
2169 2734. [port] cygwin: arpaname did not compile. [RT #20473]
2171 2733. [cleanup] Clean up coding style in pkcs11-* tools. [RT #20355]
2173 2732. [func] Add optional filter-aaaa-on-v4 option, available
2174 if built with './configure --enable-filter-aaaa'.
2175 Filters out AAAA answers to clients connecting
2176 via IPv4. (This is NOT recommended for general
2179 2731. [func] Additional work on change 2709. The key parser
2180 will now ignore unrecognized fields when the
2181 minor version number of the private key format
2182 has been increased. It will reject any key with
2183 the major version number increased. [RT #20310]
2185 2730. [func] Have dnssec-keygen display a progress indication
2186 a la 'openssl genrsa' on standard error. Note
2187 when the first '.' is followed by a long stop
2188 one has the choice between slow generation vs.
2189 poor random quality, i.e., '-r /dev/urandom'.
2192 2729. [func] When constructing a CNAME from a DNAME use the DNAME
2195 2728. [bug] dnssec-keygen, dnssec-keyfromlabel and
2196 dnssec-signzone now warn immediately if asked to
2197 write into a nonexistent directory. [RT #20278]
2199 2727. [func] The 'key-directory' option can now specify a relative
2202 2726. [func] Added support for SHA-2 DNSSEC algorithms,
2203 RSASHA256 and RSASHA512. [RT #20023]
2205 2725. [doc] Added information about the file "managed-keys.bind"
2206 to the ARM. [RT #20235]
2208 2724. [bug] Updates to a existing node in secure zone using NSEC
2209 were failing. [RT #20448]
2211 2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
2212 isc_base64_totext(), didn't always mark regions of
2213 memory as fully consumed after conversion. [RT #20445]
2215 2722. [bug] Ensure that the memory associated with the name of
2216 a node in a rbt tree is not altered during the life
2217 of the node. [RT #20431]
2219 2721. [port] Have dst__entropy_status() prime the random number
2220 generator. [RT #20369]
2222 2720. [bug] RFC 5011 trust anchor updates could trigger an
2223 assert if the DNSKEY record was unsigned. [RT #20406]
2225 2719. [func] Skip trusted/managed keys for unsupported algorithms.
2228 2718. [bug] The space calculations in opensslrsa_todns() were
2229 incorrect. [RT #20394]
2231 2717. [bug] named failed to update the NSEC/NSEC3 record when
2232 the last private type record was removed as a result
2233 of completing the signing the zone with a key.
2236 2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]
2238 --- 9.7.0b1 released ---
2240 2715. [bug] Require OpenSSL support to be explicitly disabled.
2243 2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
2246 2713. [bug] powerpc: atomic operations missing asm("ics") /
2249 2712. [func] New 'auto-dnssec' zone option allows zone signing
2250 to be fully automated in zones configured for
2251 dynamic DNS. 'auto-dnssec allow;' permits a zone
2252 to be signed by creating keys for it in the
2253 key-directory and using 'rndc sign <zone>'.
2254 'auto-dnssec maintain;' allows that too, plus it
2255 also keeps the zone's DNSSEC keys up to date
2256 according to their timing metadata. [RT #19943]
2258 2711. [port] win32: Add the bin/pkcs11 tools into the full
2261 2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only'
2262 zone option cause a zone to be signed with only KSKs
2263 signing the DNSKEY RRset, not ZSKs. This reduces
2264 the size of a DNSKEY answer. [RT #20340]
2266 2709. [func] Added some data fields, currently unused, to the
2267 private key file format, to allow implementation
2268 of explicit key rollover in a future release
2269 without impairing backward or forward compatibility.
2272 2708. [func] Insecure to secure and NSEC3 parameter changes via
2273 update are now fully supported and no longer require
2274 defines to enable. We now no longer overload the
2275 NSEC3PARAM flag field, nor the NSEC OPT bit at the
2276 apex. Secure to insecure changes are controlled by
2277 by the named.conf option 'secure-to-insecure'.
2279 Warning: If you had previously enabled support by
2280 adding defines at compile time to BIND 9.6 you should
2281 ensure that all changes that are in progress have
2282 completed prior to upgrading to BIND 9.7. BIND 9.7
2283 is not backwards compatible.
2285 2707. [func] dnssec-keyfromlabel no longer require engine name
2286 to be specified in the label if there is a default
2287 engine or the -E option has been used. Also, it
2288 now uses default algorithms as dnssec-keygen does
2289 (i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
2292 2706. [bug] Loading a zone with a very large NSEC3 salt could
2293 trigger an assert. [RT #20368]
2297 2704. [bug] Serial of dynamic and stub zones could be inconsistent
2298 with their SOA serial. [RT #19387]
2300 2703. [func] Introduce an OpenSSL "engine" argument with -E
2301 for all binaries which can take benefit of
2302 crypto hardware. [RT #20230]
2304 2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
2306 2701. [doc] Correction to ARM: hmac-md5 is no longer the only
2307 supported TSIG key algorithm. [RT #18046]
2309 2700. [doc] The match-mapped-addresses option is discouraged.
2312 2699. [bug] Missing lock in rbtdb.c. [RT #20037]
2316 2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
2317 S_IFREG are defined after including <isc/stat.h>.
2320 2696. [bug] named failed to successfully process some valid
2321 acl constructs. [RT #20308]
2323 2695. [func] DHCP/DDNS - update fdwatch code for use by
2324 DHCP. Modify the api to isc_sockfdwatch_t (the
2325 callback function for isc_socket_fdwatchcreate)
2326 to include information about the direction (read
2327 or write) and add isc_socket_fdwatchpoke.
2330 2694. [bug] Reduce default NSEC3 iterations from 100 to 10.
2333 2693. [port] Add some noreturn attributes. [RT #20257]
2335 2692. [port] win32: 32/64 bit cleanups. [RT #20335]
2337 2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3
2338 chain when re-signing a previously-signed zone.
2339 Use -u to modify NSEC3 parameters or switch
2340 between NSEC and NSEC3. [RT #20304]
2342 2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
2345 2689. [bug] Correctly handle snprintf result. [RT #20306]
2347 2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
2348 to decide to fetch the destination address. [RT #20305]
2350 2687. [bug] Fixed dnssec-signzone -S handling of revoked keys.
2351 Also, added warnings when revoking a ZSK, as this is
2352 not defined by protocol (but is legal). [RT #19943]
2354 2686. [bug] dnssec-signzone should clean the old NSEC chain when
2355 signing with NSEC3 and vice versa. [RT #20301]
2357 2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
2359 2684. [cleanup] dig: formalize +ad and +cd as synonyms for
2360 +adflag and +cdflag. [RT #19305]
2362 2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
2363 the NSEC3 parameters used to sign the zone change.
2366 2682. [bug] "configure --enable-symtable=all" failed to
2369 2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
2370 decoded. [RT #20269]
2372 2680. [func] Move contrib/pkcs11-keygen to bin/pkcs11. [RT #20067]
2374 2679. [func] dig -k can now accept TSIG keys in named.conf
2377 2678. [func] Treat DS queries as if "minimal-response yes;"
2378 was set. [RT #20258]
2380 2677. [func] Changes to key metadata behavior:
2381 - Keys without "publish" or "active" dates set will
2382 no longer be used for smart signing. However,
2383 those dates will be set to "now" by default when
2384 a key is created; to generate a key but not use
2385 it yet, use dnssec-keygen -G.
2386 - New "inactive" date (dnssec-keygen/settime -I)
2387 sets the time when a key is no longer used for
2388 signing but is still published.
2389 - The "unpublished" date (-U) is deprecated in
2390 favor of "deleted" (-D).
2393 2676. [bug] --with-export-installdir should have been
2394 --with-export-includedir. [RT #20252]
2396 2675. [bug] dnssec-signzone could crash if the key directory
2397 did not exist. [RT #20232]
2399 --- 9.7.0a3 released ---
2401 2674. [bug] "dnssec-lookaside auto;" crashed if named was built
2402 without openssl. [RT #20231]
2404 2673. [bug] The managed-keys.bind zone file could fail to
2405 load due to a spurious result from sync_keyzone()
2408 2672. [bug] Don't enable searching in 'host' when doing reverse
2409 lookups. [RT #20218]
2411 2671. [bug] Add support for PKCS#11 providers not returning
2412 the public exponent in RSA private keys
2413 (OpenCryptoki for instance) in
2414 dnssec-keyfromlabel. [RT #19294]
2416 2670. [bug] Unexpected connect failures failed to log enough
2417 information to be useful. [RT #20205]
2419 2669. [func] Update PKCS#11 support to support Keyper HSM.
2420 Update PKCS#11 patch to be against openssl-0.9.8i.
2422 2668. [func] Several improvements to dnssec-* tools, including:
2423 - dnssec-keygen and dnssec-settime can now set key
2424 metadata fields 0 (to unset a value, use "none")
2425 - dnssec-revoke sets the revocation date in
2426 addition to the revoke bit
2427 - dnssec-settime can now print individual metadata
2428 fields instead of always printing all of them,
2429 and can print them in unix epoch time format for
2433 2667. [func] Add support for logging stack backtrace on assertion
2434 failure (not available for all platforms). [RT #19780]
2436 2666. [func] Added an 'options' argument to dns_name_fromstring()
2437 (API change from 9.7.0a2). [RT #20196]
2439 2665. [func] Clarify syntax for managed-keys {} statement, add
2440 ARM documentation about RFC 5011 support. [RT #19874]
2442 2664. [bug] create_keydata() and minimal_update() in zone.c
2443 didn't properly check return values for some
2444 functions. [RT #19956]
2446 2663. [func] win32: allow named to run as a service using
2447 "NT AUTHORITY\LocalService" as the account. [RT #19977]
2449 2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
2450 returned a misleading error code when lwresd was
2453 2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
2454 creating lwres context. [RT #20029]
2456 2660. [func] Add a new set of DNS libraries for non-BIND9
2457 applications. See README.libdns. [RT #19369]
2459 2659. [doc] Clarify dnssec-keygen doc: key name must match zone
2460 name for DNSSEC keys. [RT #19938]
2462 2658. [bug] dnssec-settime and dnssec-revoke didn't process
2463 key file paths correctly. [RT #20078]
2465 2657. [cleanup] Lower "journal file <path> does not exist, creating it"
2466 log level to debug 1. [RT #20058]
2468 2656. [func] win32: add a "tools only" check box to the installer
2469 which causes it to only install dig, host, nslookup,
2470 nsupdate and relevant DLLs. [RT #19998]
2472 2655. [doc] Document that key-directory does not affect
2473 bind.keys, rndc.key or session.key. [RT #20155]
2475 2654. [bug] Improve error reporting on duplicated names for
2476 deny-answer-xxx. [RT #20164]
2478 2653. [bug] Treat ENGINE_load_private_key() failures as key
2479 not found rather than out of memory. [RT #18033]
2481 2652. [func] Provide more detail about what record is being
2482 deleted. [RT #20061]
2484 2651. [bug] Dates could print incorrectly in K*.key files on
2485 64-bit systems. [RT #20076]
2487 2650. [bug] Assertion failure in dnssec-signzone when trying
2488 to read keyset-* files. [RT #20075]
2490 2649. [bug] Set the domain for forward only zones. [RT #19944]
2492 2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
2494 2647. [bug] Remove unnecessary SOA updates when a new KSK is
2497 2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2499 2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
2500 which default to 64 bits. [RT #19927]
2502 --- 9.7.0a2 released ---
2504 2644. [bug] Change #2628 caused a regression on some systems;
2505 named was unable to write the PID file and would
2506 fail on startup. [RT #20001]
2508 2643. [bug] Stub zones interacted badly with NSEC3 support.
2511 2642. [bug] nsupdate could dump core on solaris when reading
2512 improperly formatted key files. [RT #20015]
2514 2641. [bug] Fixed an error in parsing update-policy syntax,
2515 added a regression test to check it. [RT #20007]
2517 2640. [security] A specially crafted update packet will cause named
2518 to exit. [RT #20000]
2520 2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
2522 2638. [bug] Install arpaname. [RT #19957]
2524 2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
2527 2636. [func] Simplify zone signing and key maintenance with the
2528 dnssec-* tools. Major changes:
2529 - all dnssec-* tools now take a -K option to
2530 specify a directory in which key files will be
2532 - DNSSEC can now store metadata indicating when
2533 they are scheduled to be published, activated,
2534 revoked or removed; these values can be set by
2535 dnssec-keygen or overwritten by the new
2536 dnssec-settime command
2537 - dnssec-signzone -S (for "smart") option reads key
2538 metadata and uses it to determine automatically
2539 which keys to publish to the zone, use for
2540 signing, revoke, or remove from the zone
2543 2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
2546 2634. [port] win32: Add support for libxml2, enable
2547 statschannel. [RT #19773]
2549 2633. [bug] Handle 15 bit rand() functions. [RT #19783]
2551 2632. [func] util/kit.sh: warn if documentation appears to be out of
2554 2631. [bug] Handle "//", "/./" and "/../" in mkdirpath().
2557 2630. [func] Improved syntax for DDNS autoconfiguration: use
2558 "update-policy local;" to switch on local DDNS in a
2559 zone. (The "ddns-autoconf" option has been removed.)
2562 2629. [port] Check for seteuid()/setegid(), use setresuid()/
2563 setresgid() if not present. [RT #19932]
2565 2628. [port] linux: Allow /var/run/named/named.pid to be opened
2566 at startup with reduced capabilities in operation.
2569 2627. [bug] Named aborted if the same key was included in
2570 trusted-keys more than once. [RT #19918]
2572 2626. [bug] Multiple trusted-keys could trigger an assertion
2573 failure. [RT #19914]
2575 2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
2577 2624. [func] 'named-checkconf -p' will print out the parsed
2578 configuration. [RT #18871]
2580 2623. [bug] Named started searches for DS non-optimally. [RT #19915]
2582 2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
2584 2621. [doc] Made copyright boilerplate consistent. [RT #19833]
2586 2620. [bug] Delay thawing the zone until the reload of it has
2587 completed successfully. [RT #19750]
2589 2619. [func] Add support for RFC 5011, automatic trust anchor
2590 maintenance. The new "managed-keys" statement can
2591 be used in place of "trusted-keys" for zones which
2592 support this protocol. (Note: this syntax is
2593 expected to change prior to 9.7.0 final.) [RT #19248]
2595 2618. [bug] The sdb and sdlz db_interator_seek() methods could
2596 loop infinitely. [RT #19847]
2598 2617. [bug] ifconfig.sh failed to emit an error message when
2599 run from the wrong location. [RT #19375]
2601 2616. [bug] 'host' used the nameservers from resolv.conf even
2602 when a explicit nameserver was specified. [RT #19852]
2604 2615. [bug] "__attribute__((unused))" was in the wrong place
2605 for ia64 gcc builds. [RT #19854]
2607 2614. [port] win32: 'named -v' should automatically be executed
2608 in the foreground. [RT #19844]
2612 --- 9.7.0a1 released ---
2614 2612. [func] Add default values for the arguments to
2615 dnssec-keygen. Without arguments, it will now
2616 generate a 1024-bit RSASHA1 zone-signing key,
2617 or with the -f KSK option, a 2048-bit RSASHA1
2618 key-signing key. [RT #19300]
2620 2611. [func] Add -l option to dnssec-dsfromkey to generate
2621 DLV records instead of DS records. [RT #19300]
2623 2610. [port] sunos: Change #2363 was not complete. [RT #19796]
2625 2609. [func] Simplify the configuration of dynamic zones:
2626 - add ddns-confgen command to generate
2627 configuration text for named.conf
2628 - add zone option "ddns-autoconf yes;", which
2629 causes named to generate a TSIG session key
2630 and allow updates to the zone using that key
2631 - add '-l' (localhost) option to nsupdate, which
2632 causes nsupdate to connect to a locally-running
2633 named process using the session key generated
2637 2608. [func] Perform post signing verification checks in
2638 dnssec-signzone. These can be disabled with -P.
2640 The post sign verification test ensures that for each
2641 algorithm in use there is at least one non revoked
2642 self signed KSK key. That all revoked KSK keys are
2643 self signed. That all records in the zone are signed
2644 by the algorithm. [RT #19653]
2646 2607. [bug] named could incorrectly delete NSEC3 records for
2647 empty nodes when processing a update request.
2650 2606. [bug] "delegation-only" was not being accepted in
2651 delegation-only type zones. [RT #19717]
2653 2605. [bug] Accept DS responses from delegation only zones.
2656 2604. [func] Add support for DNS rebinding attack prevention through
2657 new options, deny-answer-addresses and
2658 deny-answer-aliases. Based on contributed code from
2659 JD Nurmi, Google. [RT #18192]
2661 2603. [port] win32: handle .exe extension of named-checkzone and
2662 named-comilezone argv[0] names under windows.
2665 2602. [port] win32: fix debugging command line build of libisccfg.
2668 2601. [doc] Mention file creation mode mask in the
2671 2600. [doc] ARM: miscellaneous reformatting for different
2672 page widths. [RT #19574]
2674 2599. [bug] Address rapid memory growth when validation fails.
2677 2598. [func] Reserve the -F flag. [RT #19657]
2679 2597. [bug] Handle a validation failure with a insecure delegation
2680 from a NSEC3 signed master/slave zone. [RT #19464]
2682 2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
2683 long, leading to inefficient memory usage or rejecting
2684 newer cache entries in the worst case. [RT #19563]
2686 2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
2688 2594. [func] Have rndc warn if using its default configuration
2689 file when the key file also exists. [RT #19424]
2691 2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
2693 2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
2695 2591. [bug] named could die when processing a update in
2696 removed_orphaned_ds(). [RT #19507]
2698 2590. [func] Report zone/class of "update with no effect".
2701 2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
2704 2588. [bug] SO_REUSEADDR could be set unconditionally after failure
2705 of bind(2) call. This should be rare and mostly
2706 harmless, but may cause interference with other
2707 processes that happen to use the same port. [RT #19642]
2709 2587. [func] Improve logging by reporting serial numbers for
2710 when zone serial has gone backwards or unchanged.
2713 2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
2716 2585. [bug] Uninitialized socket name could be referenced via a
2717 statistics channel, triggering an assertion failure in
2718 XML rendering. [RT #19427]
2720 2584. [bug] alpha: gcc optimization could break atomic operations.
2723 2583. [port] netbsd: provide a control to not add the compile
2724 date to the version string, -DNO_VERSION_DATE.
2726 2582. [bug] Don't emit warning log message when we attempt to
2727 remove non-existent journal. [RT #19516]
2729 2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
2730 Requires MySQL 5.0.19 or later. [RT #19084]
2732 2580. [bug] UpdateRej statistics counter could be incremented twice
2733 for one rejection. [RT #19476]
2735 2579. [bug] DNSSEC lookaside validation failed to handle unknown
2736 algorithms. [RT #19479]
2738 2578. [bug] Changed default sig-signing-type to 65534, because
2739 65535 turns out to be reserved. [RT #19477]
2741 2577. [doc] Clarified some statistics counters. [RT #19454]
2743 2576. [bug] NSEC record were not being correctly signed when
2744 a zone transitions from insecure to secure.
2745 Handle such incorrectly signed zones. [RT #19114]
2747 2575. [func] New functions dns_name_fromstring() and
2748 dns_name_tostring(), to simplify conversion
2749 of a string to a dns_name structure and vice
2752 2574. [doc] Document nsupdate -g and -o. [RT #19351]
2754 2573. [bug] Replacing a non-CNAME record with a CNAME record in a
2755 single transaction in a signed zone failed. [RT #19397]
2757 2572. [func] Simplify DLV configuration, with a new option
2758 "dnssec-lookaside auto;" This is the equivalent
2759 of "dnssec-lookaside . trust-anchor dlv.isc.org;"
2760 plus setting a trusted-key for dlv.isc.org.
2762 Note: The trusted key is hard-coded into named,
2763 but is also stored in (and can be overridden
2764 by) $sysconfdir/bind.keys. As the ISC DLV key
2765 rolls over it can be kept up to date by replacing
2766 the bind.keys file with a key downloaded from
2767 https://www.isc.org/solutions/dlv. [RT #18685]
2769 2571. [func] Add a new tool "arpaname" which translates IP addresses
2770 to the corresponding IN-ADDR.ARPA or IP6.ARPA name.
2773 2570. [func] Log the destination address the query was sent to.
2776 2569. [func] Move journalprint, nsec3hash, and genrandom
2777 commands from bin/tests into bin/tools;
2778 "make install" will put them in $sbindir. [RT #19301]
2780 2568. [bug] Report when the write to indicate a otherwise
2781 successful start fails. [RT #19360]
2783 2567. [bug] dst__privstruct_writefile() could miss write errors.
2784 write_public_key() could miss write errors.
2785 dnssec-dsfromkey could miss write errors.
2788 2566. [cleanup] Clarify logged message when an insecure DNSSEC
2789 response arrives from a zone thought to be secure:
2790 "insecurity proof failed" instead of "not
2791 insecure". [RT #19400]
2793 2565. [func] Add support for HIP record. Includes new functions
2794 dns_rdata_hip_first(), dns_rdata_hip_next()
2795 and dns_rdata_hip_current(). [RT #19384]
2797 2564. [bug] Only take EDNS fallback steps when processing timeouts.
2800 2563. [bug] Dig could leak a socket causing it to wait forever
2801 to exit. [RT #19359]
2803 2562. [doc] ARM: miscellaneous improvements, reorganization,
2804 and some new content.
2806 2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2808 2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
2810 2559. [bug] dnssec-dsfromkey could compute bad DS records when
2811 reading from a K* files. [RT #19357]
2813 2558. [func] Set the ownership of missing directories created
2814 for pid-file if -u has been specified on the command
2817 2557. [cleanup] PCI compliance:
2818 * new libisc log module file
2819 * isc_dir_chroot() now also changes the working
2821 * additional INSISTs
2822 * additional logging when files can't be removed.
2824 2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
2825 error checks in the correct order resulting in the
2826 wrong error code sometimes being returned. [RT #19249]
2828 2555. [func] dig: when emitting a hex dump also display the
2829 corresponding characters. [RT #19258]
2831 2554. [bug] Validation of uppercase queries from NSEC3 zones could
2834 2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
2836 2552. [bug] zero-no-soa-ttl-cache was not being honored.
2839 2551. [bug] Potential Reference leak on return. [RT #19341]
2841 2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
2844 2549. [port] linux: define NR_OPEN if not currently defined.
2847 2548. [bug] Install iterated_hash.h. [RT #19335]
2849 2547. [bug] openssl_link.c:mem_realloc() could reference an
2850 out-of-range area of the source buffer. New public
2851 function isc_mem_reallocate() was introduced to address
2852 this bug. [RT #19313]
2854 2546. [func] Add --enable-openssl-hash configure flag to use
2855 OpenSSL (in place of internal routine) for hash
2856 functions (MD5, SHA[12] and HMAC). [RT #18815]
2858 2545. [doc] ARM: Legal hostname checking (check-names) is
2859 for SRV RDATA too. [RT #19304]
2861 2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2863 2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2865 2542. [doc] Update the description of dig +adflag. [RT #19290]
2867 2541. [bug] Conditionally update dispatch manager statistics.
2870 2540. [func] Add a nibble mode to $GENERATE. [RT #18872]
2872 2539. [security] Update the interaction between recursion, allow-query,
2873 allow-query-cache and allow-recursion. [RT #19198]
2875 2538. [bug] cache/ADB memory could grow over max-cache-size,
2876 especially with threads and smaller max-cache-size
2879 2537. [func] Added more statistics counters including those on socket
2880 I/O events and query RTT histograms. [RT #18802]
2882 2536. [cleanup] Silence some warnings when -Werror=format-security is
2883 specified. [RT #19083]
2885 2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
2887 2534. [func] Check NAPTR records regular expressions and
2888 replacement strings to ensure they are syntactically
2889 valid and consistent. [RT #18168]
2891 2533. [doc] ARM: document @ (at-sign). [RT #17144]
2893 2532. [bug] dig: check the question section of the response to
2894 see if it matches the asked question. [RT #18495]
2896 2531. [bug] Change #2207 was incomplete. [RT #19098]
2898 2530. [bug] named failed to reject insecure to secure transitions
2899 via UPDATE. [RT #19101]
2901 2529. [cleanup] Upgrade libtool to silence complaints from recent
2902 version of autoconf. [RT #18657]
2904 2528. [cleanup] Silence spurious configure warning about
2905 --datarootdir [RT #19096]
2909 2526. [func] New named option "attach-cache" that allows multiple
2910 views to share a single cache to save memory and
2911 improve lookup efficiency. Based on contributed code
2912 from Barclay Osborn, Google. [RT #18905]
2914 2525. [func] New logging category "query-errors" to provide detailed
2915 internal information about query failures, especially
2916 about server failures. [RT #19027]
2918 2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
2920 2523. [bug] Random type rdata freed by dns_nsec_typepresent().
2923 2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
2925 2521. [bug] Improve epoll cross compilation support. [RT #19047]
2927 2520. [bug] Update xml statistics version number to 2.0 as change
2928 #2388 made the schema incompatible to the previous
2929 version. [RT #19080]
2931 2519. [bug] dig/host with -4 or -6 didn't work if more than two
2932 nameserver addresses of the excluded address family
2933 preceded in resolv.conf. [RT #19081]
2935 2518. [func] Add support for the new CERT types from RFC 4398.
2938 2517. [bug] dig +trace with -4 or -6 failed when it chose a
2939 nameserver address of the excluded address type.
2942 2516. [bug] glue sort for responses was performed even when not
2945 2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
2948 2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
2949 a nameserver of the excluded address family.
2952 2513. [bug] Fix windows cli build. [RT #19062]
2954 2512. [func] Print a summary of the cached records which make up
2955 the negative response. [RT #18885]
2957 2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
2960 2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
2963 2509. [bug] Specifying a fixed query source port was broken.
2968 2507. [func] Log the recursion quota values when killing the
2969 oldest query or refusing to recurse due to quota.
2972 2506. [port] solaris: Check at configure time if
2973 hack_shutup_pthreadonceinit is needed. [RT #19037]
2975 2505. [port] Treat amd64 similarly to x86_64 when determining
2976 atomic operation support. [RT #19031]
2978 2504. [bug] Address race condition in the socket code. [RT #18899]
2980 2503. [port] linux: improve compatibility with Linux Standard
2983 2502. [cleanup] isc_radix: Improve compliance with coding style,
2984 document function in <isc/radix.h>. [RT #18534]
2986 2501. [func] $GENERATE now supports all rdata types. Multi-field
2987 rdata types need to be quoted. See the ARM for
2988 details. [RT #18368]
2990 2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
2991 function. [RT #18582]
2993 2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
2996 --- 9.6.0rc1 released ---
2998 2498. [bug] Removed a bogus function argument used with
2999 ISC_SOCKET_USE_POLLWATCH: it could cause compiler
3000 warning or crash named with the debug 1 level
3001 of logging. [RT #18917]
3003 2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
3006 2496. [bug] Add sanity length checks to NSID option. [RT #18813]
3008 2495. [bug] Tighten RRSIG checks. [RT #18795]
3010 2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
3011 installed. [RT #18826]
3013 2493. [bug] The linux capabilities code was not correctly cleaning
3014 up after itself. [RT #18767]
3016 2492. [func] Rndc status now reports the number of cpus discovered
3017 and the number of worker threads when running
3018 multi-threaded. [RT #18273]
3020 2491. [func] Attempt to re-use a local port if we are already using
3021 the port. [RT #18548]
3023 2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
3024 is cleared when IPV6_V6ONLY is set. [RT #18785]
3026 2489. [port] solaris: Workaround Solaris's kernel bug about
3028 http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
3029 Define ISC_SOCKET_USE_POLLWATCH at build time to enable
3030 this workaround. [RT #18870]
3032 2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
3033 from keyset and .key files. [RT #18694]
3035 2487. [bug] Give TCP connections longer to complete. [RT #18675]
3037 2486. [func] The default locations for named.pid and lwresd.pid
3038 are now /var/run/named/named.pid and
3039 /var/run/lwresd/lwresd.pid respectively.
3041 This allows the owner of the containing directory
3042 to be set, for "named -u" support, and allows there
3043 to be a permanent symbolic link in the path, for
3044 "named -t" support. [RT #18306]
3046 2485. [bug] Change update's the handling of obscured RRSIG
3047 records. Not all orphaned DS records were being
3048 removed. [RT #18828]
3050 2484. [bug] It was possible to trigger a REQUIRE failure when
3051 adding NSEC3 proofs to the response in
3052 query_addwildcardproof(). [RT #18828]
3054 2483. [port] win32: chroot() is not supported. [RT #18805]
3056 2482. [port] libxml2: support versions 2.7.* in addition
3057 to 2.6.*. [RT #18806]
3059 --- 9.6.0b1 released ---
3061 2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
3062 collisions. [RT #18812]
3064 2480. [bug] named could fail to emit all the required NSEC3
3065 records. [RT #18812]
3067 2479. [bug] xfrout:covers was not properly initialized. [RT #18801]
3069 2478. [bug] 'addresses' could be used uninitialized in
3070 configure_forward(). [RT #18800]
3072 2477. [bug] dig: the global option to print the command line is
3073 +cmd not print_cmd. Update the output to reflect
3076 2476. [doc] ARM: improve documentation for max-journal-size and
3077 ixfr-from-differences. [RT #15909] [RT #18541]
3079 2475. [bug] LRU cache cleanup under overmem condition could purge
3080 particular entries more aggressively. [RT #17628]
3082 2474. [bug] ACL structures could be allocated with insufficient
3083 space, causing an array overrun. [RT #18765]
3085 2473. [port] linux: raise the limit on open files to the possible
3086 maximum value before spawning threads; 'files'
3087 specified in named.conf doesn't seem to work with
3088 threads as expected. [RT #18784]
3090 2472. [port] linux: check the number of available cpu's before
3091 calling chroot as it depends on "/proc". [RT #16923]
3093 2471. [bug] named-checkzone was not reporting missing mandatory
3094 glue when sibling checks were disabled. [RT #18768]
3096 2470. [bug] Elements of the isc_radix_node_t could be incorrectly
3097 overwritten. [RT# 18719]
3099 2469. [port] solaris: Work around Solaris's select() limitations.
3102 2468. [bug] Resolver could try unreachable servers multiple times.
3105 2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
3107 2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
3110 2465. [bug] Adb's handling of lame addresses was different
3111 for IPv4 and IPv6. [RT #18738]
3113 2464. [port] linux: check that a capability is present before
3114 trying to set it. [RT #18135]
3116 2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
3117 API and glibc hides parts of the IPv6 Advanced Socket
3118 API as a result. This is stupid as it breaks how the
3119 two halves (Basic and Advanced) of the IPv6 Socket API
3120 were designed to be used but we have to live with it.
3121 Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
3124 2462. [doc] Document -m (enable memory usage debugging)
3125 option for dig. [RT #18757]
3127 2461. [port] sunos: Change #2363 was not complete. [RT #17513]
3129 --- 9.6.0a1 released ---
3131 2460. [bug] Don't call dns_db_getnsec3parameters() on the cache.
3134 2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
3136 2458. [doc] ARM: update and correction for max-cache-size.
3139 2457. [tuning] max-cache-size is reverted to 0, the previous
3140 default. It should be safe because expired cache
3141 entries are also purged. [RT #18684]
3143 2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
3144 address, regardless of family. They now correctly
3145 distinguish IPv4 from IPv6. [RT #18559]
3147 2455. [bug] Stop metadata being transferred via axfr/ixfr.
3150 2454. [func] nsupdate: you can now set a default ttl. [RT #18317]
3152 2453. [bug] Remove NULL pointer dereference in dns_journal_print().
3155 2452. [func] Improve bin/test/journalprint. [RT #18316]
3157 2451. [port] solaris: handle runtime linking better. [RT #18356]
3159 2450. [doc] Fix lwresd docbook problem for manual page.
3164 2448. [func] Add NSEC3 support. [RT #15452]
3166 2447. [cleanup] libbind has been split out as a separate product.
3168 2446. [func] Add a new log message about build options on startup.
3169 A new command-line option '-V' for named is also
3170 provided to show this information. [RT# 18645]
3172 2445. [doc] ARM out-of-date on empty reverse zones (list includes
3173 RFC1918 address, but these are not yet compiled in).
3176 2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
3177 (clear DF) for UDP responses and requests.
3179 2443. [bug] win32: UDP connect() would not generate an event,
3180 and so connected UDP sockets would never clean up.
3181 Fix this by doing an immediate WSAConnect() rather
3182 than an io completion port type for UDP.
3184 2442. [bug] A lock could be destroyed twice. [RT# 18626]
3186 2441. [bug] isc_radix_insert() could copy radix tree nodes
3187 incompletely. [RT #18573]
3189 2440. [bug] named-checkconf used an incorrect test to determine
3190 if an ACL was set to none.
3192 2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
3195 2438. [bug] Timeouts could be logged incorrectly under win32.
3197 2437. [bug] Sockets could be closed too early, leading to
3198 inconsistent states in the socket module. [RT #18298]
3200 2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
3202 2435. [bug] Fixed an ACL memory leak affecting win32.
3204 2434. [bug] Fixed a minor error-reporting bug in
3205 lib/isc/win32/socket.c.
3207 2433. [tuning] Set initial timeout to 800ms.
3209 2432. [bug] More Windows socket handling improvements. Stop
3210 using I/O events and use IO Completion Ports
3211 throughout. Rewrite the receive path logic to make
3212 it easier to support multiple simultaneous
3213 requesters in the future. Add stricter consistency
3214 checking as a compile-time option (define
3215 ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
3217 2431. [bug] Acl processing could leak memory. [RT #18323]
3219 2430. [bug] win32: isc_interval_set() could round down to
3220 zero if the input was less than NS_INTERVAL
3221 nanoseconds. Round up instead. [RT #18549]
3223 2429. [doc] nsupdate should be in section 1 of the man pages.
3226 2428. [bug] dns_iptable_merge() mishandled merges of negative
3229 2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
3230 was set. [RT #18528]
3232 2426. [bug] libbind: inet_net_pton() can sometimes return the
3233 wrong value if excessively large net masks are
3234 supplied. [RT #18512]
3236 2425. [bug] named didn't detect unavailable query source addresses
3237 at load time. [RT #18536]
3239 2424. [port] configure now probes for a working epoll
3240 implementation. Allow the use of kqueue,
3241 epoll and /dev/poll to be selected at compile
3244 2423. [security] Randomize server selection on queries, so as to
3245 make forgery a little more difficult. Instead of
3246 always preferring the server with the lowest RTT,
3247 pick a server with RTT within the same 128
3248 millisecond band. [RT #18441]
3250 2422. [bug] Handle the special return value of a empty node as
3251 if it was a NXRRSET in the validator. [RT #18447]
3253 2421. [func] Add new command line option '-S' for named to specify
3254 the max number of sockets. [RT #18493]
3255 Use caution: this option may not work for some
3256 operating systems without rebuilding named.
3258 2420. [bug] Windows socket handling cleanup. Let the io
3259 completion event send out canceled read/write
3260 done events, which keeps us from writing to memory
3261 we no longer have ownership of. Add debugging
3262 socket_log() function. Rework TCP socket handling
3263 to not leak sockets.
3265 2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
3266 should not be used for isc_sockettype_fdwatch sockets.
3269 2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
3272 2417. [bug] Connecting UDP sockets for outgoing queries could
3273 unexpectedly fail with an 'address already in use'
3276 2416. [func] Log file descriptors that cause exceeding the
3277 internal maximum. [RT #18460]
3279 2415. [bug] 'rndc dumpdb' could trigger various assertion failures
3280 in rbtdb.c. [RT #18455]
3282 2414. [bug] A masterdump context held the database lock too long,
3283 causing various troubles such as dead lock and
3284 recursive lock acquisition. [RT #18311, #18456]
3286 2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
3288 2412. [bug] win32: address a resource leak. [RT #18374]
3290 2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
3291 for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
3292 at compilation time. [RT #18433]
3294 Note: with changes #2469 and #2421 above, there is no
3295 need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
3298 2410. [bug] Correctly delete m_versionInfo. [RT #18432]
3300 2409. [bug] Only log that we disabled EDNS processing if we were
3301 subsequently successful. [RT #18029]
3303 2408. [bug] A duplicate TCP dispatch event could be sent, which
3304 could then trigger an assertion failure in
3305 resquery_response(). [RT #18275]
3307 2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
3311 2405. [cleanup] The default value for dnssec-validation was changed to
3312 "yes" in 9.5.0-P1 and all subsequent releases; this
3313 was inadvertently omitted from CHANGES at the time.
3315 2404. [port] hpux: files unlimited support.
3317 2403. [bug] TSIG context leak. [RT #18341]
3319 2402. [port] Support Solaris 2.11 and over. [RT #18362]
3321 2401. [bug] Expect to get E[MN]FILE errno internal_accept()
3322 (from accept() or fcntl() system calls). [RT #18358]
3324 2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
3329 2398. [bug] Improve file descriptor management. New,
3330 temporary, named.conf option reserved-sockets,
3331 default 512. [RT #18344]
3333 2397. [bug] gssapi_functions had too many elements. [RT #18355]
3335 2396. [bug] Don't set SO_REUSEADDR for randomized ports.
3338 2395. [port] Avoid warning and no effect from "files unlimited"
3339 on Linux when running as root. [RT #18335]
3341 2394. [bug] Default configuration options set the limit for
3342 open files to 'unlimited' as described in the
3343 documentation. [RT #18331]
3345 2393. [bug] nested acls containing keys could trigger an
3346 assertion in acl.c. [RT #18166]
3348 2392. [bug] remove 'grep -q' from acl test script, some platforms
3349 don't support it. [RT #18253]
3351 2391. [port] hpux: cover additional recvmsg() error codes.
3354 2390. [bug] dispatch.c could make a false warning on 'odd socket'.
3357 2389. [bug] Move the "working directory writable" check to after
3358 the ns_os_changeuser() call. [RT #18326]
3360 2388. [bug] Avoid using tables for layout purposes in
3361 statistics XSL [RT #18159].
3363 2387. [bug] Silence compiler warnings in lib/isc/radix.c.
3364 [RT #18147] [RT #18258]
3366 2386. [func] Add warning about too small 'open files' limit.
3369 2385. [bug] A condition variable in socket.c could leak in
3370 rare error handling [RT #17968].
3372 2384. [security] Fully randomize UDP query ports to improve
3373 forgery resilience. [RT #17949, #18098]
3375 2383. [bug] named could double queries when they resulted in
3376 SERVFAIL due to overkilling EDNS0 failure detection.
3379 2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
3382 2381. [port] dlz/mysql: support multiple install layouts for
3383 mysql. <prefix>/include/{,mysql/}mysql.h and
3384 <prefix>/lib/{,mysql/}. [RT #18152]
3386 2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
3387 proofs which, in turn, caused validation failures
3388 for insecure zones immediately below a secure zone
3389 the server was authoritative for. [RT #18112]
3391 2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
3392 TLDs and supported RRs with TTLs [RT #17972]
3394 2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
3397 2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
3399 2376. [bug] Change #2144 was not complete.
3403 2374. [bug] "blackhole" ACLs could cause named to segfault due
3404 to some uninitialized memory. [RT #18095]
3406 2373. [bug] Default values of zone ACLs were re-parsed each time a
3407 new zone was configured, causing an overconsumption
3408 of memory. [RT #18092]
3410 2372. [bug] Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
3412 2371. [doc] Add +nsid option to dig man page. [RT #18039]
3414 2370. [bug] "rndc freeze" could trigger an assertion in named
3415 when called on a nonexistent zone. [RT #18050]
3417 2369. [bug] libbind: Array bounds overrun on read in bitncmp().
3420 2368. [port] Linux: use libcap for capability management if
3421 possible. [RT# 18026]
3423 2367. [bug] Improve counting of dns_resstatscounter_retry
3426 2366. [bug] Adb shutdown race. [RT #18021]
3428 2365. [bug] Fix a bug that caused dns_acl_isany() to return
3429 spurious results. [RT #18000]
3431 2364. [bug] named could trigger a assertion when serving a
3432 malformed signed zone. [RT #17828]
3434 2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
3437 2362. [cleanup] Make "rrset-order fixed" a compile-time option.
3438 settable by "./configure --enable-fixed-rrset".
3439 Disabled by default. [RT #17977]
3441 2361. [bug] "recursion" statistics counter could be counted
3442 multiple times for a single query. [RT #17990]
3444 2360. [bug] Fix a condition where we release a database version
3445 (which may acquire a lock) while holding the lock.
3447 2359. [bug] Fix NSID bug. [RT #17942]
3449 2358. [doc] Update host's default query description. [RT #17934]
3451 2357. [port] Don't use OpenSSL's engine support in versions before
3452 OpenSSL 0.9.7f. [RT #17922]
3454 2356. [bug] Built in mutex profiler was not scalable enough.
3457 2355. [func] Extend the number statistics counters available.
3460 2354. [bug] Failed to initialize some rdatasetheader_t elements.
3463 2353. [func] Add support for Name Server ID (RFC 5001).
3464 'dig +nsid' requests NSID from server.
3465 'request-nsid yes;' causes recursive server to send
3466 NSID requests to upstream servers. Server responds
3467 to NSID requests with the string configured by
3468 'server-id' option. [RT #17091]
3470 2352. [bug] Various GSS_API fixups. [RT #17729]
3472 2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
3474 2350. [port] win32: IPv6 support. [RT #17797]
3476 2349. [func] Provide incremental re-signing support for secure
3477 dynamic zones. [RT #1091]
3479 2348. [func] Use the EVP interface to OpenSSL. Add PKCS#11 support.
3480 Documentation is in the new README.pkcs11 file.
3481 New tool, dnssec-keyfromlabel, which takes the
3482 label of a key pair in a HSM and constructs a DNS
3483 key pair for use by named and dnssec-signzone.
3486 2347. [bug] Delete now traverses the RB tree in the canonical
3489 2346. [func] Memory statistics now cover all active memory contexts
3490 in increased detail. [RT #17580]
3492 2345. [bug] named-checkconf failed to detect when forwarders
3493 were set at both the options/view level and in
3494 a root zone. [RT #17671]
3496 2344. [bug] Improve "logging{ file ...; };" documentation.
3499 2343. [bug] (Seemingly) duplicate IPv6 entries could be
3500 created in ADB. [RT #17837]
3502 2342. [func] Use getifaddrs() if available under Linux. [RT #17224]
3504 2341. [bug] libbind: add missing -I../include for off source
3505 tree builds. [RT #17606]
3507 2340. [port] openbsd: interface configuration. [RT #17700]
3509 2339. [port] tru64: support for libbind. [RT #17589]
3511 2338. [bug] check_ds() could be called with a non DS rdataset.
3514 2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
3516 2336. [func] If "named -6" is specified then listen on all IPv6
3517 interfaces if there are not listen-on-v6 clauses in
3518 named.conf. [RT #17581]
3520 2335. [port] sunos: libbind and *printf() support for long long.
3523 2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
3524 bug in fromstruct_txt(). [RT #17609]
3526 2333. [bug] Fix off by one error in isc_time_nowplusinterval().
3529 2332. [contrib] query-loc-0.4.0. [RT #17602]
3531 2331. [bug] Failure to regenerate any signatures was not being
3532 reported nor being past back to the UPDATE client.
3535 2330. [bug] Remove potential race condition when handling
3536 over memory events. [RT #17572]
3538 WARNING: API CHANGE: over memory callback
3539 function now needs to call isc_mem_waterack().
3540 See <isc/mem.h> for details.
3542 2329. [bug] Clearer help text for dig's '-x' and '-i' options.
3544 2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
3545 F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
3546 J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
3549 2327. [bug] It was possible to dereference a NULL pointer in
3550 rbtdb.c. Implement dead node processing in zones as
3551 we do for caches. [RT #17312]
3553 2326. [bug] It was possible to trigger a INSIST in the acache
3556 2325. [port] Linux: use capset() function if available. [RT #17557]
3558 2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
3560 2323. [port] tru64: namespace clash. [RT #17547]
3562 2322. [port] MacOS: work around the limitation of setrlimit()
3563 for RLIMIT_NOFILE. [RT #17526]
3567 2320. [func] Make statistics counters thread-safe for platforms
3568 that support certain atomic operations. [RT #17466]
3570 2319. [bug] Silence Coverity warnings in
3571 lib/dns/rdata/in_1/apl_42.c. [RT #17469]
3573 2318. [port] sunos fixes for libbind. [RT #17514]
3575 2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
3577 2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
3580 2315. [bug] Used incorrect address family for mapped IPv4
3581 addresses in acl.c. [RT #17519]
3583 2314. [bug] Uninitialized memory use on error path in
3584 bin/named/lwdnoop.c. [RT #17476]
3586 2313. [cleanup] Silence Coverity warnings. Handle private stacks.
3587 [RT #17447] [RT #17478]
3589 2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
3592 2311. [bug] IPv6 addresses could match IPv4 ACL entries and
3593 vice versa. [RT #17462]
3595 2310. [bug] dig, host, nslookup: flush stdout before emitting
3596 debug/fatal messages. [RT #17501]
3598 2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
3601 2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
3604 2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
3606 2306. [bug] Remove potential race from lib/dns/resolver.c.
3609 2305. [security] inet_network() buffer overflow. CVE-2008-0122.
3611 2304. [bug] Check returns from all dns_rdata_tostruct() calls.
3614 2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
3617 2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
3619 2301. [bug] Remove resource leak and fix error messages in
3620 bin/tests/system/lwresd/lwtest.c. [RT #17474]
3622 2300. [bug] Fixed failure to close open file in
3623 bin/tests/names/t_names.c. [RT #17473]
3625 2299. [bug] Remove unnecessary NULL check in
3626 bin/nsupdate/nsupdate.c. [RT #17475]
3628 2298. [bug] isc_mutex_lock() failure not caught in
3629 bin/tests/timers/t_timers.c. [RT #17468]
3631 2297. [bug] isc_entropy_createfilesource() failure not caught in
3632 bin/tests/dst/t_dst.c. [RT #17467]
3634 2296. [port] Allow docbook stylesheet location to be specified to
3635 configure. [RT #17457]
3637 2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
3640 2294. [func] Allow the experimental statistics channels to have
3641 multiple connections and ACL.
3642 Note: the stats-server and stats-server-v6 options
3643 available in the previous beta releases are replaced
3644 with the generic statistics-channels statement.
3646 2293. [func] Add ACL regression test. [RT #17375]
3648 2292. [bug] Log if the working directory is not writable.
3651 2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
3652 failure to set PR_SET_DUMPABLE. [RT #17312]
3654 2290. [bug] Let AD in the query signal that the client wants AD
3655 set in the response. [RT #17301]
3657 2289. [func] named-checkzone now reports the out-of-zone CNAME
3660 2288. [port] win32: mark service as running when we have finished
3661 loading. [RT #17441]
3663 2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
3665 2286. [func] Allow a TCP connection to be used as a weak
3666 authentication method for reverse zones.
3667 New update-policy methods tcp-self and 6to4-self.
3670 2285. [func] Test framework for client memory context management.
3673 2284. [bug] Memory leak in UPDATE prerequisite processing.
3676 2283. [bug] TSIG keys were not attaching to the memory
3677 context. TSIG keys should use the rings
3678 memory context rather than the clients memory
3679 context. [RT #17377]
3681 2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
3683 2281. [bug] Attempts to use undefined acls were not being logged.
3686 2280. [func] Allow the experimental http server to be reached
3687 over IPv6 as well as IPv4. [RT #17332]
3689 2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
3690 to protect applications from receiving spurious
3691 SIGPIPE signals when using the resolver.
3693 2278. [bug] win32: handle the case where Windows returns no
3694 search list or DNS suffix. [RT #17354]
3696 2277. [bug] Empty zone names were not correctly being caught at
3697 in the post parse checks. [RT #17357]
3699 2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
3701 2275. [func] Add support to dig to perform IXFR queries over UDP.
3704 2274. [func] Log zone transfer statistics. [RT #17336]
3706 2273. [bug] Adjust log level to WARNING when saving inconsistent
3707 stub/slave master and journal files. [RT# 17279]
3709 2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
3712 2271. [bug] Fix a memory leak in http server code [RT #17100]
3714 2270. [bug] dns_db_closeversion() version->writer could be reset
3715 before it is tested. [RT #17290]
3717 2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
3719 2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
3722 --- 9.5.0b1 released ---
3724 2267. [bug] Radix tree node_num value could be set incorrectly,
3725 causing positive ACL matches to look like negative
3728 2266. [bug] client.c:get_clientmctx() returned the same mctx
3729 once the pool of mctx's was filled. [RT #17218]
3731 2265. [bug] Test that the memory context's basic_table is non NULL
3732 before freeing. [RT #17265]
3734 2264. [bug] Server prefix length was being ignored. [RT #17308]
3736 2263. [bug] "named-checkconf -z" failed to set default value
3737 for "check-integrity". [RT #17306]
3739 2262. [bug] Error status from all but the last view could be
3742 2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
3744 2260. [bug] Reported wrong clients-per-query when increasing the
3749 --- 9.5.0a7 released ---
3751 2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
3754 2257. [bug] win32: Use the full path to vcredist_x86.exe when
3755 calling it. [RT #17222]
3757 2256. [bug] win32: Correctly register the installation location of
3758 bindevt.dll. [RT #17159]
3760 2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
3762 2254. [bug] timer.c:dispatch() failed to lock timer->lock
3763 when reading timer->idle allowing it to see
3764 intermediate values as timer->idle was reset by
3765 isc_timer_touch(). [RT #17243]
3767 2253. [func] "max-cache-size" defaults to 32M.
3768 "max-acache-size" defaults to 16M.
3770 2252. [bug] Fixed errors in sortlist code [RT #17216]
3774 2250. [func] New flag 'memstatistics' to state whether the
3775 memory statistics file should be written or not.
3776 Additionally named's -m option will cause the
3777 statistics file to be written. [RT #17113]
3779 2249. [bug] Only set Authentic Data bit if client requested
3780 DNSSEC, per RFC 3655 [RT #17175]
3782 2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
3784 2247. [doc] Sort doc/misc/options. [RT #17067]
3786 2246. [bug] Make the startup of test servers (ans.pl) more
3789 2245. [bug] Validating lack of DS records at trust anchors wasn't
3790 working. [RT #17151]
3792 2244. [func] Allow the check of nameserver names against the
3793 SOA MNAME field to be disabled by specifying
3794 'notify-to-soa yes;'. [RT #17073]
3796 2243. [func] Configuration files without a newline at the end now
3797 parse without error. [RT #17120]
3799 2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
3800 library could require a source of random data.
3803 2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
3805 2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
3806 a number of INSIST()s into plain fatal() errors
3807 which report the triggering result code.
3808 The 'key' command wasn't disabling GSS-TSIG.
3811 2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
3813 2238. [bug] It was possible to trigger a REQUIRE when a
3814 validation was canceled. [RT #17106]
3816 2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
3818 2236. [bug] dnssec-signzone failed to preserve the case of
3819 of wildcard owner names. [RT #17085]
3821 2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
3823 2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
3825 2233. [func] Add support for O(1) ACL processing, based on
3826 radix tree code originally written by Kevin
3827 Brintnall. [RT #16288]
3829 2232. [bug] dns_adb_findaddrinfo() could fail and return
3830 ISC_R_SUCCESS. [RT #17137]
3832 2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
3835 2230. [bug] We could INSIST reading a corrupted journal.
3838 2229. [bug] Null pointer dereference on query pool creation
3839 failure. [RT #17133]
3841 2228. [contrib] contrib: Change 2188 was incomplete.
3843 2227. [cleanup] Tidied up the FAQ. [RT #17121]
3847 2225. [bug] More support for systems with no IPv4 addresses.
3850 2224. [bug] Defer journal compaction if a xfrin is in progress.
3853 2223. [bug] Make a new journal when compacting. [RT #17119]
3855 2222. [func] named-checkconf now checks server key references.
3858 2221. [bug] Set the event result code to reflect the actual
3859 record turned to caller when a cache update is
3860 rejected due to a more credible answer existing.
3863 2220. [bug] win32: Address a race condition in final shutdown of
3864 the Windows socket code. [RT #17028]
3866 2219. [bug] Apply zone consistency checks to additions, not
3867 removals, when updating. [RT #17049]
3869 2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
3872 2217. [func] Adjust update log levels. [RT #17092]
3874 2216. [cleanup] Fix a number of errors reported by Coverity.
3877 2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
3879 2214. [bug] Deregister OpenSSL lock callback when cleaning
3880 up. Reorder OpenSSL cleanup so that RAND_cleanup()
3881 is called before the locks are destroyed. [RT #17098]
3883 2213. [bug] SIG0 diagnostic failure messages were looking at the
3884 wrong status code. [RT #17101]
3886 2212. [func] 'host -m' now causes memory statistics and active
3887 memory to be printed at exit. [RT 17028]
3889 2211. [func] Update "dynamic update temporarily disabled" message.
3892 2210. [bug] Deleting class specific records via UPDATE could
3895 2209. [port] osx: linking against user supplied static OpenSSL
3896 libraries failed as the system ones were still being
3899 2208. [port] win32: make sure both build methods produce the
3900 same output. [RT #17058]
3902 2207. [port] Some implementations of getaddrinfo() fail to set
3903 ai_canonname correctly. [RT #17061]
3905 --- 9.5.0a6 released ---
3907 2206. [security] "allow-query-cache" and "allow-recursion" now
3908 cross inherit from each other.
3910 If allow-query-cache is not set in named.conf then
3911 allow-recursion is used if set, otherwise allow-query
3912 is used if set, otherwise the default (localnets;
3913 localhost;) is used.
3915 If allow-recursion is not set in named.conf then
3916 allow-query-cache is used if set, otherwise allow-query
3917 is used if set, otherwise the default (localnets;
3918 localhost;) is used.
3922 2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
3924 2204. [bug] "rndc flushanme name unknown-view" caused named
3925 to crash. [RT #16984]
3927 2203. [security] Query id generation was cryptographically weak.
3930 2202. [security] The default acls for allow-query-cache and
3931 allow-recursion were not being applied. [RT #16960]
3933 2201. [bug] The build failed in a separate object directory.
3936 2200. [bug] The search for cached NSEC records was stopping to
3937 early leading to excessive DLV queries. [RT #16930]
3939 2199. [bug] win32: don't call WSAStartup() while loading dlls.
3942 2198. [bug] win32: RegCloseKey() could be called when
3943 RegOpenKeyEx() failed. [RT #16911]
3945 2197. [bug] Add INSIST to catch negative responses which are
3946 not setting the event result code appropriately.
3949 2196. [port] win32: yield processor while waiting for once to
3950 to complete. [RT #16958]
3952 2195. [func] dnssec-keygen now defaults to nametype "ZONE"
3953 when generating DNSKEYs. [RT #16954]
3955 2194. [bug] Close journal before calling 'done' in xfrin.c.
3957 --- 9.5.0a5 released ---
3959 2193. [port] win32: BINDInstall.exe is now linked statically.
3962 2192. [port] win32: use vcredist_x86.exe to install Visual
3963 Studio's redistributable dlls if building with
3964 Visual Stdio 2005 or later.
3966 2191. [func] named-checkzone now allows dumping to stdout (-).
3967 named-checkconf now has -h for help.
3968 named-checkzone now has -h for help.
3969 rndc now has -h for help.
3970 Better handling of '-?' for usage summaries.
3973 2190. [func] Make fallback to plain DNS from EDNS due to timeouts
3974 more visible. New logging category "edns-disabled".
3977 2189. [bug] Handle socket() returning EINTR. [RT #15949]
3979 2188. [contrib] queryperf: autoconf changes to make the search for
3980 libresolv or libbind more robust. [RT #16299]
3982 2187. [bug] query_addds(), query_addwildcardproof() and
3983 query_addnxrrsetnsec() should take a version
3984 argument. [RT #16368]
3986 2186. [port] cygwin: libbind: check for struct sockaddr_storage
3987 independently of IPv6. [RT #16482]
3989 2185. [port] sunos: libbind: check for ssize_t, memmove() and
3990 memchr(). [RT #16463]
3992 2184. [bug] bind9.xsl.h didn't build out of the source tree.
3995 2183. [bug] dnssec-signzone didn't handle offline private keys
3998 2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
3999 could return ISC_R_SUCCESS when they ran out of
4002 2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
4004 2180. [cleanup] Remove bit test from 'compress_test' as they
4005 are no longer needed. [RT #16497]
4007 2179. [func] 'rndc command zone' will now find 'zone' if it is
4008 unique to all the views. [RT #16821]
4010 2178. [bug] 'rndc reload' of a slave or stub zone resulted in
4011 a reference leak. [RT #16867]
4013 2177. [bug] Array bounds overrun on read (rcodetext) at
4014 debug level 10+. [RT #16798]
4016 2176. [contrib] dbus update to handle race condition during
4017 initialization (Bugzilla 235809). [RT #16842]
4019 2175. [bug] win32: windows broadcast condition variable support
4020 was broken. [RT #16592]
4022 2174. [bug] I/O errors should always be fatal when reading
4023 master files. [RT #16825]
4025 2173. [port] win32: When compiling with MSVS 2005 SP1 we also
4026 need to ship Microsoft.VC80.MFCLOC.
4028 --- 9.5.0a4 released ---
4030 2172. [bug] query_addsoa() was being called with a non zone db.
4033 2171. [bug] Handle breaks in DNSSEC trust chains where the parent
4034 servers are not DS aware (DS queries to the parent
4035 return a referral to the child).
4037 2170. [func] Add acache processing to test suite. [RT #16711]
4039 2169. [bug] host, nslookup: when reporting NXDOMAIN report the
4040 given name and not the last name searched for.
4043 2168. [bug] nsupdate: in non-interactive mode treat syntax errors
4044 as fatal errors. [RT #16785]
4046 2167. [bug] When re-using a automatic zone named failed to
4047 attach it to the new view. [RT #16786]
4049 --- 9.5.0a3 released ---
4051 2166. [bug] When running in batch mode, dig could misinterpret
4052 a server address as a name to be looked up, causing
4053 unexpected output. [RT #16743]
4055 2165. [func] Allow the destination address of a query to determine
4056 if we will answer the query or recurse.
4057 allow-query-on, allow-recursion-on and
4058 allow-query-cache-on. [RT #16291]
4060 2164. [bug] The code to determine how named-checkzone /
4061 named-compilezone was called failed under windows.
4064 2163. [bug] If only one of query-source and query-source-v6
4065 specified a port the query pools code broke (change
4068 2162. [func] Allow "rrset-order fixed" to be disabled at compile
4071 2161. [bug] Fix which log messages are emitted for 'rndc flush'.
4074 2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
4075 from getifaddrs(). [RT #16708]
4077 --- 9.5.0a2 released ---
4079 2159. [bug] Array bounds overrun in acache processing. [RT #16710]
4081 2158. [bug] ns_client_isself() failed to initialize key
4082 leading to a REQUIRE failure. [RT #16688]
4084 2157. [func] dns_db_transfernode() created. [RT #16685]
4086 2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
4087 resolver.c:validated() and resolver.c:cache_name().
4088 Fix a memory leak in rbtdb.c:free_noqname().
4089 Make lookup.c:lookup_find() robust against
4090 event leaks. [RT #16685]
4092 2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
4095 2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
4096 matched in acls by omitting the scope. [RT #16599]
4098 2153. [bug] nsupdate could leak memory. [RT #16691]
4100 2152. [cleanup] Use sizeof(buf) instead of fixed number in
4101 dighost.c:get_trusted_key(). [RT #16678]
4103 2151. [bug] Missing newline in usage message for journalprint.
4106 2150. [bug] 'rrset-order cyclic' uniformly distribute the
4107 starting point for the first response for a given
4110 2149. [bug] isc_mem_checkdestroyed() failed to abort on
4111 if there were still active memory contexts.
4114 2148. [func] Add positive logging for rndc commands. [RT #14623]
4116 2147. [bug] libbind: remove potential buffer overflow from
4117 hmac_link.c. [RT #16437]
4119 2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
4120 SO_BSDCOMPAT" message. [RT #16641]
4122 2145. [bug] Check DS/DLV digest lengths for known digests.
4125 2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
4128 2143. [bug] We failed to restart the IPv6 client when the
4129 kernel failed to return the destination the
4130 packet was sent to. [RT #16613]
4132 2142. [bug] Handle master files with a modification time that
4133 matches the epoch. [RT# 16612]
4135 2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
4136 equivalent of LDH checks). [RT #16609]
4138 2140. [bug] libbind: missing unlock on pthread_key_create()
4139 failures. [RT #16654]
4141 2139. [bug] dns_view_find() was being called with wrong type
4142 in adb.c. [RT #16670]
4144 2138. [bug] Lock order reversal in resolver.c. [RT #16653]
4146 2137. [port] Mips little endian and/or mips 64 bit are now
4147 supported for atomic operations. [RT#16648]
4149 2136. [bug] nslookup/host looped if there was no search list
4150 and the host didn't exist. [RT #16657]
4152 2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
4154 2134. [func] Additional statistics support. [RT #16666]
4156 2133. [port] powerpc: Support both IBM and MacOS Power PC
4157 assembler syntaxes. [RT #16647]
4159 2132. [bug] Missing unlock on out of memory in
4160 dns_dispatchmgr_setudp().
4162 2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
4164 2130. [func] Log if CD or DO were set. [RT #16640]
4166 2129. [func] Provide a pool of UDP sockets for queries to be
4167 made over. See use-queryport-pool, queryport-pool-ports
4168 and queryport-pool-updateinterval. [RT #16415]
4170 2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
4172 2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
4174 2126. [security] Serialize validation of type ANY responses. [RT #16555]
4176 2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
4177 was defined. [RT #16574]
4179 2124. [security] It was possible to dereference a freed fetch
4180 context. [RT #16584]
4182 --- 9.5.0a1 released ---
4184 2123. [func] Use Doxygen to generate internal documentation.
4187 2122. [func] Experimental http server and statistics support
4190 2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
4191 second timeout. [RT #16553]
4193 2120. [doc] Fix markup on nsupdate man page. [RT #16556]
4195 2119. [compat] libbind: allow res_init() to succeed enough to
4196 return the default domain even if it was unable
4199 2118. [bug] Handle response with long chains of domain name
4200 compression pointers which point to other compression
4201 pointers. [RT #16427]
4203 2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
4204 which could lead to validation failures. named didn't
4205 handle negative DS responses that were in the process
4206 of being validated. Check CNAME bit before accepting
4207 NODATA proof. To be able to ignore a child NSEC there
4208 must be SOA (and NS) set in the bitmap. [RT #16399]
4210 2116. [bug] 'rndc reload' could cause the cache to continually
4211 be cleaned. [RT #16401]
4213 2115. [bug] 'rndc reconfig' could trigger a INSIST if the
4214 number of masters for a zone was reduced. [RT #16444]
4216 2114. [bug] dig/host/nslookup: searches for names with multiple
4217 labels were failing. [RT #16447]
4219 2113. [bug] nsupdate: if a zone is specified it should be used
4220 for server discover. [RT# 16455]
4222 2112. [security] Warn if weak RSA exponent is used. [RT #16460]
4224 2111. [bug] Fix a number of errors reported by Coverity.
4227 2110. [bug] "minimal-responses yes;" interacted badly with BIND 8
4228 priming queries. [RT #16491]
4230 2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
4232 2108. [func] DHCID support. [RT #16456]
4234 2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
4236 2106. [func] 'rndc status' now reports named's version. [RT #16426]
4238 2105. [func] GSS-TSIG support (RFC 3645).
4240 2104. [port] Fix Solaris SMF error message.
4242 2103. [port] Add /usr/sfw to list of locations for OpenSSL
4245 2102. [port] Silence Solaris 10 warnings.
4247 2101. [bug] OpenSSL version checks were not quite right.
4250 2100. [port] win32: copy libeay32.dll to Build\Debug.
4251 Copy Debug\named-checkzone to Debug\named-compilezone.
4253 2099. [port] win32: more manifest issues.
4255 2098. [bug] Race in rbtdb.c:no_references(), which occasionally
4256 triggered an INSIST failure about the node lock
4257 reference. [RT #16411]
4259 2097. [bug] named could reference a destroyed memory context
4260 after being reloaded / reconfigured. [RT #16428]
4262 2096. [bug] libbind: handle applications that fail to detect
4263 res_init() failures better.
4265 2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
4266 net_cidr_ntop_ipv6(). [RT #16388]
4268 2094. [contrib] Update named-bootconf. [RT# 16404]
4270 2093. [bug] named-checkzone -s was broken.
4272 2092. [bug] win32: dig, host, nslookup. Use registry config
4273 if resolv.conf does not exist or no nameservers
4276 2091. [port] dighost.c: race condition on cleanup. [RT #16417]
4278 2090. [port] win32: Visual C++ 2005 command line manifest support.
4281 2089. [security] Raise the minimum safe OpenSSL versions to
4282 OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
4283 prior to these have known security flaws which
4284 are (potentially) exploitable in named. [RT #16391]
4286 2088. [security] Change the default RSA exponent from 3 to 65537.
4289 2087. [port] libisc failed to compile on OS's w/o a vsnprintf.
4292 2086. [port] libbind: FreeBSD now has get*by*_r() functions.
4295 2085. [doc] win32: added index.html and README to zip. [RT #16201]
4297 2084. [contrib] dbus update for 9.3.3rc2.
4299 2083. [port] win32: Visual C++ 2005 support.
4301 2082. [doc] Document 'cache-file' as a test only option.
4303 2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
4306 2080. [port] libbind: res_init.c did not compile on older versions
4307 of Solaris. [RT #16363]
4309 2079. [bug] The lame cache was not handling multiple types
4310 correctly. [RT #16361]
4312 2078. [bug] dnssec-checkzone output style "default" was badly
4313 named. It is now called "relative". [RT #16326]
4315 2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the
4316 complete signed zone. [RT #16326]
4318 2076. [bug] Several files were missing #include <config.h>
4319 causing build failures on OSF. [RT #16341]
4321 2075. [bug] The spillat timer event hander could leak memory.
4324 2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
4325 dns_request_createraw2() and dns_request_createraw3()
4326 failed to send multiple UDP requests. [RT #16349]
4328 2073. [bug] Incorrect semantics check for update policy "wildcard".
4331 2072. [bug] We were not generating valid HMAC SHA digests.
4334 2071. [port] Test whether gcc accepts -fno-strict-aliasing.
4337 2070. [bug] The remote address was not always displayed when
4338 reporting dispatch failures. [RT #16315]
4340 2069. [bug] Cross compiling was not working. [RT #16330]
4342 2068. [cleanup] Lower incremental tuning message to debug 1.
4345 2067. [bug] 'rndc' could close the socket too early triggering
4346 a INSIST under Windows. [RT #16317]
4348 2066. [security] Handle SIG queries gracefully. [RT #16300]
4350 2065. [bug] libbind: probe for HPUX prototypes for
4351 endprotoent_r() and endservent_r(). [RT 16313]
4353 2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
4355 2063. [bug] Change #1955 introduced a bug which caused the first
4356 'rndc flush' call to not free memory. [RT #16244]
4358 2062. [bug] 'dig +nssearch' was reusing a buffer before it had
4359 been returned by the socket code. [RT #16307]
4361 2061. [bug] Accept expired wildcard message reversed. [RT #16296]
4363 2060. [bug] Enabling DLZ support could leave views partially
4364 configured. [RT #16295]
4366 2059. [bug] Search into cache rbtdb could trigger an INSIST
4367 failure while cleaning up a stale rdataset.
4370 2058. [bug] Adjust how we calculate rtt estimates in the presence
4371 of authoritative servers that drop EDNS and/or CD
4372 requests. Also fallback to EDNS/512 and plain DNS
4373 faster for zones with less than 3 servers. [RT #16187]
4375 2057. [bug] Make setting "ra" dependent on both allow-query-cache
4376 and allow-recursion. [RT #16290]
4378 2056. [bug] dig: ixfr= was not being treated case insensitively
4379 at all times. [RT #15955]
4381 2055. [bug] Missing goto after dropping multicast query.
4384 2054. [port] freebsd: do not explicitly link against -lpthread.
4387 2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
4389 2052. [bug] 'rndc' improve connect failed message to report
4390 the failing address. [RT #15978]
4392 2051. [port] More strtol() fixes. [RT #16249]
4394 2050. [bug] Parsing of NSAP records was not case insensitive.
4397 2049. [bug] Restore SOA before AXFR when falling back from
4398 a attempted IXFR when transferring in a zone.
4399 Allow a initial SOA query before attempting
4400 a AXFR to be requested. [RT #16156]
4402 2048. [bug] It was possible to loop forever when using
4403 avoid-v4-udp-ports / avoid-v6-udp-ports when
4404 the OS always returned the same local port.
4407 2047. [bug] Failed to initialize the interface flags to zero.
4410 2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
4411 cleanup [RT #16247].
4413 2045. [func] Use lock buckets for acache entries to limit memory
4414 consumption. [RT #16183]
4416 2044. [port] Add support for atomic operations for Itanium.
4419 2043. [port] nsupdate/nslookup: Force the flushing of the prompt
4420 for interactive sessions. [RT#16148]
4422 2042. [bug] named-checkconf was incorrectly rejecting the
4423 logging category "config". [RT #16117]
4425 2041. [bug] "configure --with-dlz-bdb=yes" produced a bad
4426 set of libraries to be linked. [RT #16129]
4428 2040. [bug] rbtdb no_references() could trigger an INSIST
4429 failure with --enable-atomic. [RT #16022]
4431 2039. [func] Check that all buffers passed to the socket code
4432 have been retrieved when the socket event is freed.
4435 2038. [bug] dig/nslookup/host was unlinking from wrong list
4436 when handling errors. [RT #16122]
4438 2037. [func] When unlinking the first or last element in a list
4439 check that the list head points to the element to
4440 be unlinked. [RT #15959]
4442 2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
4445 2035. [func] Make falling back to TCP on UDP refresh failure
4446 optional. Default "try-tcp-refresh yes;" for BIND 8
4447 compatibility. [RT #16123]
4449 2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
4451 2033. [bug] We weren't creating multiple client memory contexts
4452 on demand as expected. [RT #16095]
4454 2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
4456 2031. [bug] Emit a error message when "rndc refresh" is called on
4457 a non slave/stub zone. [RT # 16073]
4459 2030. [bug] We were being overly conservative when disabling
4460 openssl engine support. [RT #16030]
4462 2029. [bug] host printed out the server multiple times when
4463 specified on the command line. [RT #15992]
4465 2028. [port] linux: socket.c compatibility for old systems.
4468 2027. [port] libbind: Solaris x86 support. [RT #16020]
4470 2026. [bug] Rate limit the two recursive client exceeded messages.
4473 2025. [func] Update "zone serial unchanged" message. [RT #16026]
4475 2024. [bug] named emitted spurious "zone serial unchanged"
4476 messages on reload. [RT #16027]
4478 2023. [bug] "make install" should create ${localstatedir}/run and
4479 ${sysconfdir} if they do not exist. [RT #16033]
4481 2022. [bug] If dnssec validation is disabled only assert CD if
4482 CD was requested. [RT #16037]
4484 2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037]
4486 2020. [bug] rdataset_setadditional() could leak memory. [RT #16034]
4488 2019. [tuning] Reduce the amount of work performed per quantum
4489 when cleaning the cache. [RT #15986]
4491 2018. [bug] Checking if the HMAC MD5 private file was broken.
4494 2017. [bug] allow-query default was not correct. [RT #15946]
4496 2016. [bug] Return a partial answer if recursion is not
4497 allowed but requested and we had the answer
4498 to the original qname. [RT #15945]
4500 2015. [cleanup] use-additional-cache is now acache-enable for
4501 consistency. Default acache-enable off in BIND 9.4
4502 as it requires memory usage to be configured.
4503 It may be enabled by default in BIND 9.5 once we
4504 have more experience with it.
4506 2014. [func] Statistics about acache now recorded and sent
4509 2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
4510 responses more gracefully. [RT #15941]
4512 2012. [func] Don't insert new acache entries if acache is full.
4515 2011. [func] dnssec-signzone can now update the SOA record of
4516 the signed zone, either as an increment or as the
4517 system time(). [RT #15633]
4519 2010. [placeholder] rt15958
4521 2009. [bug] libbind: Coverity fixes. [RT #15808]
4523 2008. [func] It is now possible to enable/disable DNSSEC
4524 validation from rndc. This is useful for the
4525 mobile hosts where the current connection point
4526 breaks DNSSEC (firewall/proxy). [RT #15592]
4528 rndc validation newstate [view]
4530 2007. [func] It is now possible to explicitly enable DNSSEC
4531 validation. default dnssec-validation no; to
4532 be changed to yes in 9.5.0. [RT #15674]
4534 2006. [security] Allow-query-cache and allow-recursion now default
4535 to the built in acls "localnets" and "localhost".
4537 This is being done to make caching servers less
4538 attractive as reflective amplifying targets for
4539 spoofed traffic. This still leave authoritative
4542 The best fix is for full BCP 38 deployment to
4543 remove spoofed traffic.
4545 2005. [bug] libbind: Retransmission timeouts should be
4546 based on which attempt it is to the nameserver
4547 and not the nameserver itself. [RT #13548]
4549 2004. [bug] dns_tsig_sign() could pass a NULL pointer to
4550 dst_context_destroy() when cleaning up after a
4553 2003. [bug] libbind: The DNS name/address lookup functions could
4554 occasionally follow a random pointer due to
4555 structures not being completely zeroed. [RT #15806]
4557 2002. [bug] libbind: tighten the constraints on when
4558 struct addrinfo._ai_pad exists. [RT #15783]
4560 2001. [func] Check the KSK flag when updating a secure dynamic zone.
4561 New zone option "update-check-ksk yes;". [RT #15817]
4563 2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812]
4565 1999. [func] Implement "rrset-order fixed". [RT #13662]
4567 1998. [bug] Restrict handling of fifos as sockets to just SunOS.
4568 This allows named to connect to entropy gathering
4569 daemons that use fifos instead of sockets. [RT #15840]
4571 1997. [bug] Named was failing to replace negative cache entries
4572 when a positive one for the type was learnt.
4575 1996. [bug] nsupdate: if a zone has been specified it should
4576 appear in the output of 'show'. [RT #15797]
4578 1995. [bug] 'host' was reporting multiple "is an alias" messages.
4581 1994. [port] OpenSSL 0.9.8 support. [RT #15694]
4583 1993. [bug] Log messages, via syslog, were missing the space
4584 after the timestamp if "print-time yes" was specified.
4587 1992. [bug] Not all incoming zone transfer messages included the
4590 1991. [cleanup] The configuration data, once read, should be treated
4591 as read only. Expand the use of const to enforce this
4592 at compile time. [RT #15813]
4594 1990. [bug] libbind: isc's override of broken gettimeofday()
4595 implementations was not always effective.
4598 1989. [bug] win32: don't check the service password when
4599 re-installing. [RT #15882]
4601 1988. [bug] Remove a bus error from the SHA256/SHA512 support.
4604 1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
4606 1986. [func] Report when a zone is removed. [RT #15849]
4608 1985. [protocol] DLV has now been assigned a official type code of
4611 Note: care should be taken to ensure you upgrade
4612 both named and dnssec-signzone at the same time for
4613 zones with DLV records where named is the master
4614 server for the zone. Also any zones that contain
4615 DLV records should be removed when upgrading a slave
4616 zone. You do not however have to upgrade all
4617 servers for a zone with DLV records simultaneously.
4619 1984. [func] dig, nslookup and host now advertise a 4096 byte
4620 EDNS UDP buffer size by default. [RT #15855]
4622 1983. [func] Two new update policies. "selfsub" and "selfwild".
4625 1982. [bug] DNSKEY was being accepted on the parent side of
4626 a delegation. KEY is still accepted there for
4627 RFC 3007 validated updates. [RT #15620]
4629 1981. [bug] win32: condition.c:wait() could fail to reattain
4632 1980. [func] dnssec-signzone: output the SOA record as the
4633 first record in the signed zone. [RT #15758]
4635 1979. [port] linux: allow named to drop core after changing
4636 user ids. [RT #15753]
4638 1978. [port] Handle systems which have a broken recvmsg().
4641 1977. [bug] Silence noisy log message. [RT #15704]
4643 1976. [bug] Handle systems with no IPv4 addresses. [RT #15695]
4645 1975. [bug] libbind: isc_gethexstring() could misparse multi-line
4646 hex strings with comments. [RT #15814]
4648 1974. [doc] List each of the zone types and associated zone
4649 options separately in the ARM.
4651 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
4652 HMACSHA512 support. [RT #13606]
4654 1972. [contrib] DBUS dynamic forwarders integration from
4655 Jason Vas Dias <jvdias@redhat.com>.
4657 1971. [port] linux: make detection of missing IF_NAMESIZE more
4660 1970. [bug] nsupdate: adjust UDP timeout when falling back to
4661 unsigned SOA query. [RT #15775]
4663 1969. [bug] win32: the socket code was freeing the socket
4664 structure too early. [RT #15776]
4666 1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
4668 1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
4670 1966. [bug] Don't set CD when we have fallen back to plain DNS.
4673 1965. [func] Suppress spurious "recursion requested but not
4674 available" warning with 'dig +qr'. [RT #15780].
4676 1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
4678 1963. [port] Tru64 4.0E doesn't support send() and recv().
4681 1962. [bug] Named failed to clear old update-policy when it
4682 was removed. [RT #15491]
4684 1961. [bug] Check the port and address of responses forwarded
4685 to dispatch. [RT #15474]
4687 1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
4690 1959. [func] Control the zeroing of the negative response TTL to
4691 a soa query. Defaults "zero-no-soa-ttl yes;" and
4692 "zero-no-soa-ttl-cache no;". [RT #15460]
4694 1958. [bug] Named failed to update the zone's secure state
4695 until the zone was reloaded. [RT #15412]
4697 1957. [bug] Dig mishandled responses to class ANY queries.
4700 1956. [bug] Improve cross compile support, 'gen' is now built
4701 by native compiler. See README for additional
4702 cross compile support information. [RT #15148]
4704 1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998]
4706 1954. [func] Named now falls back to advertising EDNS with a
4707 512 byte receive buffer if the initial EDNS queries
4710 1953. [func] The maximum EDNS UDP response named will send can
4711 now be set in named.conf (max-udp-size). This is
4712 independent of the advertised receive buffer
4713 (edns-udp-size). [RT #14852]
4715 1952. [port] hpux: tell the linker to build a runtime link
4716 path "-Wl,+b:". [RT #14816].
4718 1951. [security] Drop queries from particular well known ports.
4719 Don't return FORMERR to queries from particular
4720 well known ports. [RT #15636]
4722 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
4723 a TCP socket. This prevents the source address being
4724 set for TCP connections. [RT #15628]
4726 1949. [func] Addition memory leakage checks. [RT #15544]
4728 1948. [bug] If was possible to trigger a REQUIRE failure in
4729 xfrin.c:maybe_free() if named ran out of memory.
4732 1947. [func] It is now possible to configure named to accept
4733 expired RRSIGs. Default "dnssec-accept-expired no;".
4734 Setting "dnssec-accept-expired yes;" leaves named
4735 vulnerable to replay attacks. [RT #14685]
4737 1946. [bug] resume_dslookup() could trigger a REQUIRE failure
4738 when using forwarders. [RT #15549]
4740 1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
4741 To generate a RSAMD5 key you must explicitly request
4744 1944. [cleanup] isc_hash_create() does not need a read/write lock.
4747 1943. [bug] Set the loadtime after rolling forward the journal.
4750 1942. [bug] If the name of a DNSKEY match that of one in
4751 trusted-keys do not attempt to validate the DNSKEY
4752 using the parents DS RRset. [RT #15649]
4754 1941. [bug] ncache_adderesult() should set eresult even if no
4755 rdataset is passed to it. [RT #15642]
4757 1940. [bug] Fixed a number of error conditions reported by
4760 1939. [bug] The resolver could dereference a null pointer after
4761 validation if all the queries have timed out.
4764 1938. [bug] The validator was not correctly handling unsecure
4765 negative responses at or below a SEP. [RT #15528]
4767 1937. [bug] sdlz doesn't handle RRSIG records. [RT #15564]
4769 1936. [bug] The validator could leak memory. [RT #15544]
4771 1935. [bug] 'acache' was DO sensitive. [RT #15430]
4773 1934. [func] Validate pending NS RRsets, in the authority section,
4774 prior to returning them if it can be done without
4775 requiring DNSKEYs to be fetched. [RT #15430]
4777 1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
4779 1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
4781 1931. [bug] Per-client mctx could require a huge amount of memory,
4782 particularly for a busy caching server. [RT #15519]
4784 1930. [port] HPUX: ia64 support. [RT #15473]
4786 1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
4788 1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
4790 1927. [bug] Access to soanode or nsnode in rbtdb violated the
4791 lock order rule and could cause a dead lock.
4794 1926. [bug] The Windows installer did not check for empty
4795 passwords. BINDinstall was being installed in
4796 the wrong place. [RT #15483]
4798 1925. [port] All outer level AC_TRY_RUNs need cross compiling
4799 defaults. [RT #15469]
4801 1924. [port] libbind: hpux ia64 support. [RT #15473]
4803 1923. [bug] ns_client_detach() called too early. [RT #15499]
4805 1922. [bug] check-tool.c:setup_logging() missing call to
4806 dns_log_setcontext().
4808 1921. [bug] Client memory contexts were not using internal
4811 1920. [bug] The cache rbtdb lock array was too small to
4812 have the desired performance characteristics.
4815 1919. [contrib] queryperf: a set of new features: collecting/printing
4816 response delays, printing intermediate results, and
4817 adjusting query rate for the "target" qps.
4819 1918. [bug] Memory leak when checking acls. [RT #15391]
4821 1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
4822 when generating man pages. [RT #15385]
4824 1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383]
4826 1915. [bug] dig +ndots was broken. [RT #15215]
4828 1914. [protocol] DS is required to accept mnemonic algorithms
4829 (RFC 4034). Still emit numeric algorithms for
4830 compatibility with RFC 3658. [RT #15354]
4832 1913. [func] Integrate contributed DLZ code into named. [RT #11382]
4834 1912. [port] aix: atomic locking for powerpc. [RT #15020]
4836 1911. [bug] Update windows socket code. [RT #14965]
4838 1910. [bug] dig's +sigchase code overhauled. [RT #14933]
4840 1909. [bug] The DLV code has been re-worked to make no longer
4841 query order sensitive. [RT #14933]
4843 1908. [func] dig now warns if 'RA' is not set in the answer when
4844 'RD' was set in the query. host/nslookup skip servers
4845 that fail to set 'RA' when 'RD' is set unless a server
4846 is explicitly set. [RT #15005]
4848 1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
4851 1906. [func] dig now has a '-q queryname' and '+showsearch' options.
4854 1905. [bug] Strings returned from cfg_obj_asstring() should be
4855 treated as read-only. The prototype for
4856 cfg_obj_asstring() has been updated to reflect this.
4859 1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
4860 friends. Note: RFC 1918 zones are not yet covered by
4861 this but are likely to be in a future release.
4863 New options: empty-server, empty-contact,
4864 empty-zones-enable and disable-empty-zone.
4866 1903. [func] ISC string copy API.
4868 1902. [func] Attempt to make the amount of work performed in a
4869 iteration self tuning. The covers nodes clean from
4870 the cache per iteration, nodes written to disk when
4871 rewriting a master file and nodes destroyed per
4872 iteration when destroying a zone or a cache.
4875 1901. [cleanup] Don't add DNSKEY records to the additional section.
4877 1900. [bug] ixfr-from-differences failed to ensure that the
4878 serial number increased. [RT #15036]
4880 1899. [func] named-checkconf now validates update-policy entries.
4883 1898. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
4884 ISC_NETADDR_FORMATSIZE to allow for scope details.
4886 1897. [func] x86 and x86_64 now have separate atomic locking
4889 1896. [bug] Recursive clients soft quota support wasn't working
4890 as expected. [RT #15103]
4892 1895. [bug] A escaped character is, potentially, converted to
4893 the output character set too early. [RT #14666]
4895 1894. [doc] Review ARM for BIND 9.4.
4897 1893. [port] Use uintptr_t if available. [RT #14606]
4899 1892. [func] Support for SPF rdata type. [RT #15033]
4901 1891. [port] freebsd: pthread_mutex_init can fail if it runs out
4902 of memory. [RT #14995]
4904 1890. [func] Raise the UDP receive buffer size to 32k if it is
4905 less than 32k. [RT #14953]
4907 1889. [port] sunos: non blocking i/o support. [RT #14951]
4909 1888. [func] Support for IPSECKEY rdata type. [RT #14967]
4911 1887. [bug] The cache could delete expired records too fast for
4912 clients with a virtual time in the past. [RT #14991]
4914 1886. [bug] fctx_create() could return success even though it
4917 1885. [func] dig: report the number of extra bytes still left in
4918 the packet after processing all the records.
4920 1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
4922 1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
4925 1882. [func] Limit the number of recursive clients that can be
4926 waiting for a single query (<qname,qtype,qclass>) to
4927 resolve. New options clients-per-query and
4928 max-clients-per-query.
4930 1881. [func] Add a system test for named-checkconf. [RT #14931]
4932 1880. [func] The lame cache is now done on a <qname,qclass,qtype>
4933 basis as some servers only appear to be lame for
4934 certain query types. [RT #14916]
4936 1879. [func] "USE INTERNAL MALLOC" is now runtime selectable.
4939 1878. [func] Detect duplicates of UDP queries we are recursing on
4940 and drop them. New stats category "duplicate".
4943 1877. [bug] Fix unreasonably low quantum on call to
4944 dns_rbt_destroy2(). Remove unnecessary unhash_node()
4947 1876. [func] Additional memory debugging support to track size
4948 and mctx arguments. [RT #14814]
4950 1875. [bug] process_dhtkey() was using the wrong memory context
4951 to free some memory. [RT #14890]
4953 1874. [port] sunos: portability fixes. [RT #14814]
4955 1873. [port] win32: isc__errno2result() now reports its caller.
4958 1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
4962 1870. [func] Added framework for handling multiple EDNS versions.
4965 1869. [func] dig can now specify the EDNS version when making
4966 a query. [RT #14873]
4968 1868. [func] edns-udp-size can now be overridden on a per
4969 server basis. [RT #14851]
4971 1867. [bug] It was possible to trigger a INSIST in
4972 dlv_validatezonekey(). [RT #14846]
4974 1866. [bug] resolv.conf parse errors were being ignored by
4975 dig/host/nslookup. [RT #14841]
4977 1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
4978 bad addresses. [RT #14841]
4980 1864. [bug] Don't try the alternative transfer source if you
4981 got a answer / transfer with the main source
4982 address. [RT #14802]
4984 1863. [bug] rrset-order "fixed" error messages not complete.
4986 1862. [func] Add additional zone data constancy checks.
4987 named-checkzone has extended checking of NS, MX and
4988 SRV record and the hosts they reference.
4989 named has extended post zone load checks.
4990 New zone options: check-mx and integrity-check.
4993 1861. [bug] dig could trigger a INSIST on certain malformed
4994 responses. [RT #14801]
4996 1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
4997 incorrectly set. [RT #14775]
4999 1859. [func] Add support for CH A record. [RT #14695]
5001 1858. [bug] The flush-zones-on-shutdown option wasn't being
5004 1857. [bug] named could trigger a INSIST() if reconfigured /
5005 reloaded too fast. [RT #14673]
5007 1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
5010 1855. [bug] ixfr-from-differences was failing to detect changes
5011 of ttl due to dns_diff_subtract() was ignoring the ttl
5012 of records. [RT #14616]
5014 1854. [bug] lwres also needs to know the print format for
5015 (long long). [RT #13754]
5017 1853. [bug] Rework how DLV interacts with proveunsecure().
5020 1852. [cleanup] Remove last vestiges of dnssec-signkey and
5021 dnssec-makekeyset (removed from Makefile years ago).
5023 1851. [doc] Doxygen comment markup. [RT #11398]
5025 1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
5027 1849. [doc] All forms of the man pages (docbook, man, html) should
5028 have consistent copyright dates.
5030 1848. [bug] Improve SMF integration. [RT #13238]
5032 1847. [bug] isc_ondestroy_init() is called too late in
5033 dns_rbtdb_create()/dns_rbtdb64_create().
5036 1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
5037 <bortzmeyer@nic.fr>.
5039 1845. [bug] Improve error reporting to distinguish between
5040 accept()/fcntl() and socket()/fcntl() errors.
5043 1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
5044 for each 16 bit piece of the IPv6 address. The text
5045 representation of a IPv6 address has been tightened
5046 to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
5049 1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
5050 when CFLAGS contains "-I /usr/local/include"
5051 resulting in old header files being used.
5053 1842. [port] cmsg_len() could produce incorrect results on
5054 some platform. [RT #13744]
5056 1841. [bug] "dig +nssearch" now makes a recursive query to
5057 find the list of nameservers to query. [RT #13694]
5059 1840. [func] dnssec-signzone can now randomize signature end times
5060 (dnssec-signzone -j jitter). [RT #13609]
5062 1839. [bug] <isc/hash.h> was not being installed.
5064 1838. [cleanup] Don't allow Linux capabilities to be inherited.
5067 1837. [bug] Compile time option ISC_FACILITY was not effective
5068 for 'named -u <user>'. [RT #13714]
5070 1836. [cleanup] Silence compiler warnings in hash_test.c.
5072 1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
5074 1834. [bug] Bad memset in rdata_test.c. [RT #13658]
5076 1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
5078 1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
5081 1831. [doc] Update named-checkzone documentation. [RT#13604]
5083 1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
5085 1829. [bug] win32: "pid-file none;" broken. [RT #13563]
5087 1828. [bug] isc_rwlock_init() failed to properly cleanup if it
5088 encountered a error. [RT #13549]
5090 1827. [bug] host: update usage message for '-a'. [RT #37116]
5092 1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
5093 of memory error. [RT #13537]
5095 1825. [bug] Missing UNLOCK() on out of memory error from in
5096 rbtdb.c:subtractrdataset(). [RT #13519]
5098 1824. [bug] Memory leak on dns_zone_setdbtype() failure.
5101 1823. [bug] Wrong macro used to check for point to point interface.
5104 1822. [bug] check-names test for RT was reversed. [RT #13382]
5108 1820. [bug] Gracefully handle acl loops. [RT #13659]
5110 1819. [bug] The validator needed to check both the algorithm and
5111 digest types of the DS to determine if it could be
5112 used to introduce a secure zone. [RT #13593]
5114 1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
5116 1817. [func] Add support for additional zone file formats for
5117 improving loading performance. The masterfile-format
5118 option in named.conf can be used to specify a
5119 non-default format. A separate command
5120 named-compilezone was provided to generate zone files
5121 in the new format. Additionally, the -I and -O options
5122 for dnssec-signzone specify the input and output
5125 1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
5128 1815. [bug] nsupdate triggered a REQUIRE if the server was set
5129 without also setting the zone and it encountered
5130 a CNAME and was using TSIG. [RT #13086]
5132 1814. [func] UNIX domain controls are now supported.
5134 1813. [func] Restructured the data locking framework using
5135 architecture dependent atomic operations (when
5136 available), improving response performance on
5137 multi-processor machines significantly.
5138 x86, x86_64, alpha, powerpc, and mips are currently
5141 1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
5144 1811. [func] Preserve the case of domain names in rdata during
5145 zone transfers. [RT #13547]
5147 1810. [bug] configure, lib/bind/configure make different default
5148 decisions about whether to do a threaded build.
5151 1809. [bug] "make distclean" failed for libbind if the platform
5154 1808. [bug] zone.c:notify_zone() contained a race condition,
5155 zone->db could change underneath it. [RT #13511]
5157 1807. [bug] When forwarding (forward only) set the active domain
5158 from the forward zone name. [RT #13526]
5160 1806. [bug] The resolver returned the wrong result when a CNAME /
5161 DNAME was encountered when fetching glue from a
5162 secure namespace. [RT #13501]
5164 1805. [bug] Pending status was not being cleared when DLV was
5167 1804. [bug] Ensure that if we are queried for glue that it fits
5168 in the additional section or TC is set to tell the
5169 client to retry using TCP. [RT #10114]
5171 1803. [bug] dnssec-signzone sometimes failed to remove old
5174 1802. [bug] Handle connection resets better. [RT #11280]
5176 1801. [func] Report differences between hints and real NS rrset
5177 and associated address records.
5179 1800. [bug] Changes #1719 allowed a INSIST to be triggered.
5182 1799. [bug] 'rndc flushname' failed to flush negative cache
5183 entries. [RT #13438]
5185 1798. [func] The server syntax has been extended to support a
5186 range of servers. [RT #11132]
5188 1797. [func] named-checkconf now check acls to verify that they
5189 only refer to existing acls. [RT #13101]
5191 1796. [func] "rndc freeze/thaw" now freezes/thaws all zones.
5193 1795. [bug] "rndc dumpdb" was not fully documented. Minor
5194 formating issues with "rndc dumpdb -all". [RT #13396]
5196 1794. [func] Named and named-checkzone can now both check for
5197 non-terminal wildcard records.
5199 1793. [func] Extend adjusting TTL warning messages. [RT #13378]
5201 1792. [func] New zone option "notify-delay". Specify a minimum
5202 delay between sets of NOTIFY messages.
5204 1791. [bug] 'host -t a' still printed out AAAA and MX records.
5207 1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
5208 allow parallel make to succeed.
5210 1789. [bug] Prerequisite test for tkey and dnssec could fail
5211 with "configure --with-libtool".
5213 1788. [bug] libbind9.la/libbind9.so needs to link against
5214 libisccfg.la/libisccfg.so.
5216 1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
5218 1786. [port] AIX: libt_api needs to be taught to look for
5219 T_testlist in the main executable (--with-libtool).
5222 1785. [bug] libbind9.la/libbind9.so needs to link against
5223 libisc.la/libisc.so.
5225 1784. [cleanup] "libtool -allow-undefined" is the default.
5226 Leave hooks in configure to allow it to be set
5227 if needed in the future.
5229 1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the
5232 1782. [port] OSX: --with-libtool + --enable-libbind broke on
5233 __evOptMonoTime. [RT #13219]
5235 1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
5237 1780. [bug] Update libtool to 1.5.10.
5239 1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
5241 1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
5242 IN6ADDR_LOOPBACK_INIT macros.
5244 1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
5245 IN6ADDR_LOOPBACK_INIT macros.
5247 1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
5248 IN6ADDR_LOOPBACK_INIT macros.
5250 1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
5252 1774. [port] Aix: Silence compiler warnings / build failures.
5255 1773. [bug] Fast retry on host / net unreachable. [RT #13153]
5261 1770. [bug] named-checkconf failed to report missing a missing
5262 file clause for rbt{64} master/hint zones. [RT#13009]
5264 1769. [port] win32: change compiler flags /MTd ==> /MDd,
5267 1768. [bug] nsecnoexistnodata() could be called with a non-NSEC
5268 rdataset. [RT #12907]
5270 1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
5271 support for (struct in6_pktinfo) failed. [RT #13077]
5273 1766. [bug] Update the master file timestamp on successful refresh
5274 as well as the journal's timestamp. [RT# 13062]
5276 1765. [bug] configure --with-openssl=auto failed. [RT #12937]
5278 1764. [bug] dns_zone_replacedb failed to emit a error message
5279 if there was no SOA record in the replacement db.
5282 1763. [func] Perform sanity checks on NS records which refer to
5283 'in zone' names. [RT #13002]
5285 1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS
5286 even when it failed. [RT #12995]
5288 1761. [bug] 'rndc dumpdb' didn't report unassociated entries.
5291 1760. [bug] Host / net unreachable was not penalising rtt
5292 estimates. [RT #12970]
5294 1759. [bug] Named failed to startup if the OS supported IPv6
5295 but had no IPv6 interfaces configured. [RT #12942]
5297 1758. [func] Don't send notify messages to self. [RT #12933]
5299 1757. [func] host now can turn on memory debugging flags with '-m'.
5301 1756. [func] named-checkconf now checks the logging configuration.
5304 1755. [func] allow-update is now settable at the options / view
5307 1754. [bug] We weren't always attempting to query the parent
5308 server for the DS records at the zone cut.
5311 1753. [bug] Don't serve a slave zone which has no NS records.
5314 1752. [port] Move isc_app_start() to after ns_os_daemonise()
5315 as some fork() implementations unblock the signals
5316 that are blocked by isc_app_start(). [RT #12810]
5318 1751. [bug] --enable-getifaddrs failed under linux. [RT #12867]
5320 1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
5323 1749. [bug] 'check-names response ignore;' failed to ignore.
5326 1748. [func] dig now returns the byte count for axfr/ixfr.
5328 1747. [bug] BIND 8 compatibility: named/named-checkconf failed
5329 to parse "host-statistics-max" in named.conf.
5331 1746. [func] Make public the function to read a key file,
5332 dst_key_read_public(). [RT #12450]
5334 1745. [bug] Dig/host/nslookup accept replies from link locals
5335 regardless of scope if no scope was specified when
5336 query was sent. [RT #12745]
5338 1744. [bug] If tuple2msgname() failed to convert a tuple to
5339 a name a REQUIRE could be triggered. [RT #12796]
5341 1743. [bug] If isc_taskmgr_create() was not able to create the
5342 requested number of worker threads then destruction
5343 of the manager would trigger an INSIST() failure.
5346 1742. [bug] Deleting all records at a node then adding a
5347 previously existing record, in a single UPDATE
5348 transaction, failed to leave / regenerate the
5349 associated RRSIG records. [RT #12788]
5351 1741. [bug] Deleting all records at a node in a secure zone
5352 using a update-policy grant failed. [RT #12787]
5354 1740. [bug] Replace rbt's hash algorithm as it performed badly
5355 with certain zones. [RT #12729]
5357 NOTE: a hash context now needs to be established
5358 via isc_hash_create() if the application was not
5361 1739. [bug] dns_rbt_deletetree() could incorrectly return
5362 ISC_R_QUOTA. [RT #12695]
5364 1738. [bug] Enable overrun checking by default. [RT #12695]
5366 1737. [bug] named failed if more than 16 masters were specified.
5369 1736. [bug] dst_key_fromnamedfile() could fail to read a
5370 public key. [RT #12687]
5372 1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
5375 1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
5378 1733. [bug] Return non-zero exit status on initial load failure.
5381 1732. [bug] 'rrset-order name "*"' wasn't being applied to ".".
5384 1731. [port] darwin: relax version test in ifconfig.sh.
5387 1730. [port] Determine the length type used by the socket API.
5390 1729. [func] Improve check-names error messages.
5392 1728. [doc] Update check-names documentation.
5394 1727. [bug] named-checkzone: check-names support didn't match
5397 1726. [port] aix5: add support for aix5.
5399 1725. [port] linux: update error message on interaction of threads,
5400 capabilities and setuid support (named -u). [RT #12541]
5402 1724. [bug] Look for DNSKEY records with "dig +sigtrace".
5405 1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
5407 1722. [bug] Don't commit the journal on malformed ixfr streams.
5410 1721. [bug] Error message from the journal processing were not
5411 always identifying the relevant journal. [RT #12519]
5413 1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
5414 negative response. [RT #12506]
5416 1719. [bug] named was not correctly caching a RFC 2308 Type 1
5417 negative response. [RT #12506]
5419 1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
5420 responses when looking for the zone / master server.
5423 1717. [port] solaris: ifconfig.sh did not support Solaris 10.
5424 "ifconfig.sh down" didn't work for Solaris 9.
5426 1716. [doc] named.conf(5) was being installed in the wrong
5427 location. [RT# 12441]
5429 1715. [func] 'dig +trace' now randomly selects the next servers
5430 to try. Report if there is a bad delegation.
5432 1714. [bug] dig/host/nslookup were only trying the first
5433 address when a nameserver was specified by name.
5436 1713. [port] linux: extend capset failure message to say:
5437 please ensure that the capset kernel module is
5438 loaded. see insmod(8)
5440 1712. [bug] Missing FULLCHECK for "trusted-key" in dig.
5442 1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'.
5444 1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY
5445 messages for the specified zone. [RT #9479]
5447 1709. [port] solaris: add SMF support from Sun.
5449 1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
5450 for conformance to the name space convention. Binary
5451 backward compatibility to the old function name is
5452 provided. [RT #12376]
5454 1707. [contrib] sdb/ldap updated to version 1.0-beta.
5456 1706. [bug] 'rndc stop' failed to cause zones to be flushed
5457 sometimes. [RT #12328]
5459 1705. [func] Allow the journal's name to be changed via named.conf.
5461 1704. [port] lwres needed a snprintf() implementation for
5462 platforms without snprintf(). Add missing
5463 "#include <isc/print.h>". [RT #12321]
5465 1703. [bug] named would loop sending NOTIFY messages when it
5466 failed to receive a response. [RT #12322]
5468 1702. [bug] also-notify should not be applied to built in zones.
5471 1701. [doc] A minimal named.conf man page.
5473 1700. [func] nslookup is no longer to be treated as deprecated.
5474 Remove "deprecated" warning message. Add man page.
5476 1699. [bug] dnssec-signzone can generate "not exact" errors
5477 when resigning. [RT #12281]
5479 1698. [doc] Use reserved IPv6 documentation prefix.
5481 1697. [bug] xxx-source{,-v6} was not effective when it
5482 specified one of listening addresses and a
5483 different port than the listening port. [RT #12257]
5485 1696. [bug] dnssec-signzone failed to clean out nodes that
5486 consisted of only NSEC and RRSIG records.
5489 1695. [bug] DS records when forwarding require special handling.
5492 1694. [bug] Report if the builtin views of "_default" / "_bind"
5493 are defined in named.conf. [RT #12023]
5495 1693. [bug] max-journal-size was not effective for master zones
5496 with ixfr-from-differences set. [RT# 12024]
5498 1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
5499 /usr/lib. [RT #11971]
5501 1691. [bug] sdb's attachversion was not complete. [RT #11990]
5503 1690. [bug] Delay detaching view from the client until UPDATE
5504 processing completes when shutting down. [RT #11714]
5506 1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
5507 contained gratuitous semicolons. [RT #11707]
5509 1688. [bug] LDFLAGS was not supported.
5511 1687. [bug] Race condition in dispatch. [RT #10272]
5513 1686. [bug] Named sent a extraneous NOTIFY when it received a
5514 redundant UPDATE request. [RT #11943]
5516 1685. [bug] Change #1679 loop tests weren't quite right.
5518 1684. [func] ixfr-from-differences now takes master and slave in
5519 addition to yes and no at the options and view levels.
5521 1683. [bug] dig +sigchase could leak memory. [RT #11445]
5523 1682. [port] Update configure test for (long long) printf format.
5526 1681. [bug] Only set SO_REUSEADDR when a port is specified in
5527 isc_socket_bind(). [RT #11742]
5529 1680. [func] rndc: the source address can now be specified.
5531 1679. [bug] When there was a single nameserver with multiple
5532 addresses for a zone not all addresses were tried.
5535 1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
5537 1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
5539 1676. [func] New option "allow-query-cache". This lets
5540 allow-query be used to specify the default zone
5541 access level rather than having to have every
5542 zone override the global value. allow-query-cache
5543 can be set at both the options and view levels.
5544 If allow-query-cache is not set allow-query applies.
5546 1675. [bug] named would sometimes add extra NSEC records to
5547 the authority section.
5549 1674. [port] linux: increase buffer size used to scan
5552 1673. [port] linux: issue a error messages if IPv6 interface
5555 1672. [cleanup] Tests which only function in a threaded build
5556 now return R:THREADONLY (rather than R:UNTESTED)
5557 in a non-threaded build.
5559 1671. [contrib] queryperf: add NAPTR to the list of known types.
5561 1670. [func] Log UPDATE requests to slave zones without an acl as
5562 "disabled" at debug level 3. [RT# 11657]
5566 1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
5568 1667. [port] linux: not all versions have IF_NAMESIZE.
5570 1666. [bug] The optional port on hostnames in dual-stack-servers
5573 1665. [func] rndc now allows addresses to be set in the
5576 1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
5578 1663. [func] Look for OpenSSL by default.
5580 1662. [bug] Change #1658 failed to change one use of 'type'
5583 1661. [bug] Restore dns_name_concatenate() call in
5584 adb.c:set_target(). [RT #11582]
5586 1660. [bug] win32: connection_reset_fix() was being called
5587 unconditionally. [RT #11595]
5589 1659. [cleanup] Cleanup some messages that were referring to KEY vs
5590 DNSKEY, NXT vs NSEC and SIG vs RRSIG.
5592 1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
5593 and DH. Tighten which options apply to KEY and
5596 1657. [doc] ARM: document query log output.
5598 1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
5599 DNSKEY and RRSIG. [RT #11542]
5601 1655. [bug] Logging multiple versions w/o a size was broken.
5604 1654. [bug] isc_result_totext() contained array bounds read
5607 1653. [func] Add key type checking to dst_key_fromfilename(),
5608 DST_TYPE_KEY should be used to read TSIG, TKEY and
5611 1652. [bug] TKEY still uses KEY.
5613 1651. [bug] dig: process multiple dash options.
5615 1650. [bug] dig, nslookup: flush standard out after each command.
5617 1649. [bug] Silence "unexpected non-minimal diff" message.
5620 1648. [func] Update dnssec-lookaside named.conf syntax to support
5621 multiple dnssec-lookaside namespaces (not yet
5624 1647. [bug] It was possible trigger a INSIST when chasing a DS
5625 record that required walking back over a empty node.
5628 1646. [bug] win32: logging file versions didn't work with
5629 non-UNC filenames. [RT#11486]
5631 1645. [bug] named could trigger a REQUIRE failure if multiple
5632 masters with keys are specified.
5634 1644. [bug] Update the journal modification time after a
5635 successful refresh query. [RT #11436]
5637 1643. [bug] dns_db_closeversion() could leak memory / node
5638 references. [RT #11163]
5640 1642. [port] Support OpenSSL implementations which don't have
5641 DSA support. [RT #11360]
5643 1641. [bug] Update the check-names description in ARM. [RT #11389]
5645 1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
5646 incorrectly closing the socket. [RT #11291]
5648 1639. [func] Initial dlv system test.
5650 1638. [bug] "ixfr-from-differences" could generate a REQUIRE
5651 failure if the journal open failed. [RT #11347]
5653 1637. [bug] Node reference leak on error in addnoqname().
5655 1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
5656 a error had occurred. The database version no longer
5657 matched the version of the database that was dumped.
5659 1635. [bug] Memory leak on error in query_addds().
5661 1634. [bug] named didn't supply a useful error message when it
5662 detected duplicate views. [RT #11208]
5664 1633. [bug] named should return NOTIMP to update requests to a
5665 slaves without a allow-update-forwarding acl specified.
5668 1632. [bug] nsupdate failed to send prerequisite only UPDATE
5669 messages. [RT #11288]
5671 1631. [bug] dns_journal_compact() could sometimes corrupt the
5672 journal. [RT #11124]
5674 1630. [contrib] queryperf: add support for IPv6 transport.
5676 1629. [func] dig now supports IPv6 scoped addresses with the
5677 extended format in the local-server part. [RT #8753]
5679 1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
5681 1627. [bug] win32: sockets were not being closed when the
5682 last external reference was removed. [RT# 11179]
5684 1626. [bug] --enable-getifaddrs was broken. [RT#11259]
5686 1625. [bug] named failed to load/transfer RFC2535 signed zones
5687 which contained CNAMES. [RT# 11237]
5689 1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
5691 1623. [bug] A serial number of zero was being displayed in the
5692 "sending notifies" log message when also-notify was
5695 1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
5696 available, and suppress wildcard binding if not.
5698 1621. [bug] match-destinations did not work for IPv6 TCP queries.
5701 1620. [func] When loading a zone report if it is signed. [RT #11149]
5703 1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
5706 1618. [bug] Fencepost errors in dns_name_ishostname() and
5707 dns_name_ismailbox() could trigger a INSIST().
5709 1617. [port] win32: VC++ 6.0 support.
5711 1616. [compat] Ensure that named's version is visible in the core
5714 1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
5717 1614. [port] win32: silence resource limit messages. [RT# 11101]
5719 1613. [bug] Builds would fail on machines w/o a if_nametoindex().
5720 Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
5723 1612. [bug] check-names at the option/view level could trigger
5724 an INSIST. [RT# 11116]
5726 1611. [bug] solaris: IPv6 interface scanning failed to cope with
5727 no active IPv6 interfaces.
5729 1610. [bug] On dual stack machines "dig -b" failed to set the
5730 address type to be looked up with "@server".
5733 1609. [func] dig now has support to chase DNSSEC signature chains.
5734 Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
5736 DNSSEC validation code in dig coded by Olivier Courtay
5737 (olivier.courtay@irisa.fr) for the IDsA project
5738 (http://idsa.irisa.fr).
5740 1608. [func] dig and host now accept -4/-6 to select IP transport
5741 to use when making queries.
5743 1607. [bug] dig, host and nslookup were still using random()
5744 to generate query ids. [RT# 11013]
5746 1606. [bug] DLV insecurity proof was failing.
5748 1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
5750 1604. [bug] A xfrout_ctx_create() failure would result in
5751 xfrout_ctx_destroy() being called with a
5752 partially initialized structure.
5754 1603. [bug] nsupdate: set interactive based on isatty().
5757 1602. [bug] Logging to a file failed unless a size was specified.
5760 1601. [bug] Silence spurious warning 'both "recursion no;" and
5761 "allow-recursion" active' warning from view "_bind".
5764 1600. [bug] Duplicate zone pre-load checks were not case
5767 1599. [bug] Fix memory leak on error path when checking named.conf.
5769 1598. [func] Specify that certain parts of the namespace must
5770 be secure (dnssec-must-be-secure).
5772 1597. [func] Allow notify-source and query-source to be specified
5773 on a per server basis similar to transfer-source.
5776 1596. [func] Accept 'notify-source' style syntax for query-source.
5778 1595. [func] New notify type 'master-only'. Enable notify for
5781 1594. [bug] 'rndc dumpdb' could prevent named from answering
5782 queries while the dump was in progress. [RT #10565]
5784 1593. [bug] rndc should return "unknown command" to unknown
5785 commands. [RT# 10642]
5787 1592. [bug] configure_view() could leak a dispatch. [RT# 10675]
5789 1591. [bug] libbind: updated to BIND 8.4.5.
5791 1590. [port] netbsd: update thread support.
5793 1589. [func] DNSSEC lookaside validation.
5795 1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
5797 1587. [bug] dns_message_settsigkey() failed to clear existing key.
5800 1586. [func] "check-names" is now implemented.
5804 1584. [bug] "make test" failed with a read only source tree.
5807 1583. [bug] Records add via UPDATE failed to get the correct trust
5810 1582. [bug] rrset-order failed to work on RRsets with more
5811 than 32 elements. [RT #10381]
5813 1581. [func] Disable DNSSEC support by default. To enable
5814 DNSSEC specify "dnssec-enable yes;" in named.conf.
5816 1580. [bug] Zone destruction on final detach takes a long time.
5819 1579. [bug] Multiple task managers could not be created.
5821 1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
5824 1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
5825 workaround code. [RT #10331]
5827 1576. [bug] Race condition in dns_dispatch_addresponse().
5830 1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
5832 1574. [bug] Don't attempt to open the controls socket(s) when
5833 running tests. [RT #9091]
5835 1573. [port] linux: update to libtool 1.5.2 so that
5836 "make install DESTDIR=/xx" works with
5837 "configure --with-libtool". [RT #9941]
5839 1572. [bug] nsupdate: sign the soa query to find the enclosing
5840 zone if the server is specified. [RT #10148]
5842 1571. [bug] rbt:hash_node() could fail leaving the hash table
5843 in an inconsistent state. [RT #10208]
5845 1570. [bug] nsupdate failed to handle classes other than IN.
5846 New keyword 'class' which sets the default class.
5849 1569. [func] nsupdate new command 'answer' which displays the
5850 complete answer message to the last update.
5852 1568. [bug] nsupdate now reports that the update failed in
5853 interactive mode. [RT# 10236]
5855 1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
5857 1566. [port] Support for the cmsg framework on Solaris and HP/UX.
5858 This also solved the problem that match-destinations
5859 for IPv6 addresses did not work on these systems.
5862 1565. [bug] CD flag should be copied to outgoing queries unless
5863 the query is under a secure entry point in which case
5866 1564. [func] Attempt to provide a fallback entropy source to be
5867 used if named is running chrooted and named is unable
5868 to open entropy source within the chroot area.
5871 1563. [bug] Gracefully fail when unable to obtain neither an IPv4
5872 nor an IPv6 dispatch. [RT #10230]
5874 1562. [bug] isc_socket_create() and isc_socket_accept() could
5875 leak memory under error conditions. [RT #10230]
5877 1561. [bug] It was possible to release the same name twice if
5878 named ran out of memory. [RT #10197]
5880 1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
5881 and EAI_NONAME to the same value.
5883 1559. [port] named should ignore SIGFSZ.
5885 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
5886 child zones for which we don't have a supported
5887 algorithm. Such child zones are treated as unsigned.
5889 1557. [func] Implement missing DNSSEC tests for
5890 * NOQNAME proof with wildcard answers.
5891 * NOWILDARD proof with NXDOMAIN.
5892 Cache and return NOQNAME with wildcard answers.
5894 1556. [bug] nsupdate now treats all names as fully qualified.
5897 1555. [func] 'rrset-order cyclic' no longer has a random starting
5898 point per query. [RT #7572]
5900 1554. [bug] dig, host, nslookup failed when no nameservers
5901 were specified in /etc/resolv.conf. [RT #8232]
5903 1553. [bug] The windows socket code could stop accepting
5904 connections. [RT#10115]
5906 1552. [bug] Accept NOTIFY requests from mapped masters if
5907 matched-mapped is set. [RT #10049]
5909 1551. [port] Open "/dev/null" before calling chroot().
5911 1550. [port] Call tzset(), if available, before calling chroot().
5913 1549. [func] named-checkzone can now write out the zone contents
5914 in a easily parsable format (-D and -o).
5916 1548. [bug] When parsing APL records it was possible to silently
5917 accept out of range ADDRESSFAMILY values. [RT# 9979]
5919 1547. [bug] Named wasted memory recording duplicate lame zone
5922 1546. [bug] We were rejecting valid secure CNAME to negative
5925 1545. [bug] It was possible to leak memory if named was unable to
5926 bind to the specified transfer source and TSIG was
5927 being used. [RT #10120]
5929 1544. [bug] Named would logged a single entry to a file despite it
5930 being over the specified size limit.
5932 1543. [bug] Logging using "versions unlimited" did not work.
5936 1541. [func] NSEC now uses new bitmap format.
5938 1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
5941 1539. [bug] Open UDP sockets for notify-source and transfer-source
5942 that use reserved ports at startup. [RT #9475]
5944 1538. [placeholder] rt9997
5946 1537. [func] New option "querylog". If set specify whether query
5947 logging is to be enabled or disabled at startup.
5949 1536. [bug] Windows socket code failed to log a error description
5950 when returning ISC_R_UNEXPECTED. [RT #9998]
5954 1534. [bug] Race condition when priming cache. [RT# 9940]
5956 1533. [func] Warn if both "recursion no;" and "allow-recursion"
5957 are active. [RT# 4389]
5959 1532. [port] netbsd: the configure test for <sys/sysctl.h>
5960 requires <sys/param.h>.
5962 1531. [port] AIX more libtool fixes.
5964 1530. [bug] It was possible to trigger a INSIST() failure if a
5965 slave master file was removed at just the correct
5968 1529. [bug] "notify explicit;" failed to log that NOTIFY messages
5969 were being sent for the zone. [RT# 9442]
5971 1528. [cleanup] Simplify some dns_name_ functions based on the
5972 deprecation of bitstring labels.
5974 1527. [cleanup] Reduce the number of gettimeofday() calls without
5975 losing necessary timer granularity.
5977 1526. [func] Implemented "additional section caching (or acache)",
5978 an internal cache framework for additional section
5979 content to improve response performance. Several
5980 configuration options were provided to control the
5983 1525. [bug] dns_cache_create() could trigger a REQUIRE
5984 failure in isc_mem_put() during error cleanup.
5987 1524. [port] AIX needs to be able to resolve all symbols when
5988 creating shared libraries (--with-libtool).
5990 1523. [bug] Fix race condition in rbtdb. [RT# 9189]
5992 1522. [bug] dns_db_findnode() relax the requirements on 'name'.
5995 1521. [bug] dns_view_createresolver() failed to check the
5996 result from isc_mem_create(). [RT# 9294]
5998 1520. [protocol] Add SSHFP (SSH Finger Print) type.
6000 1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
6001 length of the new bitmap.
6003 1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
6004 contained a off-by-one error when working out the
6005 number of octets in the bitmap.
6007 1517. [port] Support for IPv6 interface scanning on HP/UX and
6010 1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
6012 1515. [func] Allow transfer source to be set in a server statement.
6015 1514. [bug] named: isc_hash_destroy() was being called too early.
6018 1513. [doc] Add "US" to root-delegation-only exclude list.
6020 1512. [bug] Extend the delegation-only logging to return query
6021 type, class and responding nameserver.
6023 1511. [bug] delegation-only was generating false positives
6024 on negative answers from sub-zones.
6026 1510. [func] New view option "root-delegation-only". Apply
6027 delegation-only check to all TLDs and root.
6028 Note there are some TLDs that are NOT delegation
6029 only (e.g. DE, LV, US and MUSEUM) these can be excluded
6030 from the checks by using exclude.
6032 root-delegation-only exclude {
6033 "DE"; "LV"; "US"; "MUSEUM";
6036 1509. [bug] Hint zones should accept delegation-only. Forward
6037 zone should not accept delegation-only.
6039 1508. [bug] Don't apply delegation-only checks to answers from
6042 1507. [bug] Handle BIND 8 style returns to NS queries to parents
6043 when making delegation-only checks.
6045 1506. [bug] Wrong return type for dns_view_isdelegationonly().
6047 1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
6049 1504. [func] New zone type "delegation-only".
6051 1503. [port] win32: install libeay32.dll outside of system32.
6053 1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
6055 1501. [func] Allow TCP queue length to be specified via
6056 named.conf, tcp-listen-queue.
6058 1500. [bug] host failed to lookup MX records. Also look up
6061 1499. [bug] isc_random need to be seeded better if arc4random()
6064 1498. [port] bsdos: 5.x support.
6068 1496. [port] test for pthread_attr_setstacksize().
6070 1495. [cleanup] Replace hash functions with universal hash.
6072 1494. [security] Turn on RSA BLINDING as a precaution.
6076 1492. [cleanup] Preserve rwlock quota context when upgrading /
6077 downgrading. [RT #5599]
6079 1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
6082 1490. [bug] Accept reading state as well as working state in
6083 ns_client_next(). [RT #6813]
6085 1489. [compat] Treat 'allow-update' on slave zones as a warning.
6088 1488. [bug] Don't override trust levels for glue addresses.
6091 1487. [bug] A REQUIRE() failure could be triggered if a zone was
6092 queued for transfer and the zone was then removed.
6095 1486. [bug] isc_print_snprintf() '%%' consumed one too many format
6096 characters. [RT# 8230]
6098 1485. [bug] gen failed to handle high type values. [RT #6225]
6100 1484. [bug] The number of records reported after a AXFR was wrong.
6103 1483. [bug] dig axfr failed if the message id in the answer failed
6104 to match that in the request. Only the id in the first
6105 message is required to match. [RT #8138]
6107 1482. [bug] named could fail to start if the kernel supports
6108 IPv6 but no interfaces are configured. Similarly
6109 for IPv4. [RT #6229]
6111 1481. [bug] Refresh and stub queries failed to use masters keys
6112 if specified. [RT #7391]
6114 1480. [bug] Provide replay protection for rndc commands. Full
6115 replay protection requires both rndc and named to
6116 be updated. Partial replay protection (limited
6117 exposure after restart) is provided if just named
6120 1479. [bug] cfg_create_tuple() failed to handle out of
6121 memory cleanup. parse_list() would leak memory
6124 1478. [port] ifconfig.sh didn't account for other virtual
6125 interfaces. It now takes a optional argument
6126 to specify the first interface number. [RT #3907]
6128 1477. [bug] memory leak using stub zones and TSIG.
6132 1475. [port] Probe for old sprintf().
6134 1474. [port] Provide strtoul() and memmove() for platforms
6137 1473. [bug] create_map() and create_string() failed to handle out
6138 of memory cleanup. [RT #6813]
6140 1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
6142 1471. [bug] libbind: updated to BIND 8.4.0.
6144 1470. [bug] Incorrect length passed to snprintf. [RT #5966]
6146 1469. [func] Log end of outgoing zone transfer at same level
6147 as the start of transfer is logged. [RT #4441]
6149 1468. [func] Internal zones are no longer counted for
6150 'rndc status'. [RT #4706]
6152 1467. [func] $GENERATES now supports optional class and ttl.
6154 1466. [bug] lwresd configuration errors resulted in memory
6155 and lock leaks. [RT #5228]
6157 1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
6158 failed to check that trailing bits were zero allowing
6159 some invalid base64 strings to be accepted. [RT #5397]
6161 1464. [bug] Preserve "out of zone" data for outgoing zone
6162 transfers. [RT #5192]
6164 1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
6165 NXT bit maps. [RT #5577]
6167 1462. [bug] parse_sizeval() failed to check the token type.
6170 1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
6172 1460. [bug] inet_pton() failed to reject certain malformed
6177 1458. [cleanup] sprintf() -> snprintf().
6179 1457. [port] Provide strlcat() and strlcpy() for platforms without
6182 1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
6184 1455. [bug] <netaddr> missing from server grammar in
6185 doc/misc/options. [RT #5616]
6187 1454. [port] Use getifaddrs() if available for interface scanning.
6188 --disable-getifaddrs to override. Glibc currently
6189 has a getifaddrs() that does not support IPv6.
6190 Use --enable-getifaddrs=glibc to force the use of
6191 this version under linux machines.
6193 1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
6197 1451. [bug] rndc-confgen didn't exit with a error code for all
6198 failures. [RT #5209]
6200 1450. [bug] Fetching expired glue failed under certain
6201 circumstances. [RT #5124]
6203 1449. [bug] query_addbestns() didn't handle running out of memory
6206 1448. [bug] Handle empty wildcards labels.
6208 1447. [bug] We were casting (unsigned int) to and from (void *).
6209 rdataset->private4 is now rdataset->privateuint4
6210 to reflect a type change.
6212 1446. [func] Implemented undocumented alternate transfer sources
6213 from BIND 8. See use-alt-transfer-source,
6214 alt-transfer-source and alt-transfer-source-v6.
6216 SECURITY: use-alt-transfer-source is ENABLED unless
6217 you are using views. This may cause a security risk
6218 resulting in accidental disclosure of wrong zone
6219 content if the master supplying different source
6220 content based on IP address. If you are not certain
6221 ISC recommends setting use-alt-transfer-source no;
6223 1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
6224 been replaced with DNS_ADBFIND_STARTATZONE which
6225 causes the search to start using the closest zone.
6227 1444. [func] dns_view_findzonecut2() allows you to specify if the
6228 cache should be searched for zone cuts.
6230 1443. [func] Masters lists can now be specified and referenced
6231 in zone masters clauses and other masters lists.
6233 1442. [func] New functions for manipulating port lists:
6234 dns_portlist_create(), dns_portlist_add(),
6235 dns_portlist_remove(), dns_portlist_match(),
6236 dns_portlist_attach() and dns_portlist_detach().
6238 1441. [func] It is now possible to tell dig to bind to a specific
6241 1440. [func] It is now possible to tell named to avoid using
6242 certain source ports (avoid-v4-udp-ports,
6243 avoid-v6-udp-ports).
6245 1439. [bug] Named could return NOERROR with certain NOTIFY
6246 failures. Return NOTAUTH if the NOTIFY zone is
6249 1438. [func] Log TSIG (if any) when logging NOTIFY requests.
6251 1437. [bug] Leave space for stdio to work in. [RT #5033]
6253 1436. [func] dns_zonemgr_resumexfrs() can be used to restart
6256 1435. [bug] zmgr_resume_xfrs() was being called read locked
6257 rather than write locked. zmgr_resume_xfrs()
6258 was not being called if the zone was being
6261 1434. [bug] "rndc reconfig" failed to initiate the initial
6262 zone transfer of new slave zones.
6264 1433. [bug] named could trigger a REQUIRE failure if it could
6265 not get a file descriptor when attempting to write
6266 a master file. [RT #4347]
6268 1432. [func] The advertised EDNS UDP buffer size can now be set
6269 via named.conf (edns-udp-size).
6271 1431. [bug] isc_print_snprintf() "%s" with precision could walk off
6272 end of argument. [RT #5191]
6274 1430. [port] linux: IPv6 interface scanning support.
6276 1429. [bug] Prevent the cache getting locked to old servers.
6280 1427. [bug] Race condition in adb with threaded build.
6284 1425. [port] linux/libbind: define __USE_MISC when testing *_r()
6285 function prototypes in netdb.h. [RT #4921]
6287 1424. [bug] EDNS version not being correctly printed.
6289 1423. [contrib] queryperf: added A6 and SRV.
6291 1422. [func] Log name/type/class when denying a query. [RT #4663]
6293 1421. [func] Differentiate updates that don't succeed due to
6294 prerequisites (unsuccessful) vs other reasons
6297 1420. [port] solaris: work around gcc optimizer bug.
6299 1419. [port] openbsd: use /dev/arandom. [RT #4950]
6301 1418. [bug] 'rndc reconfig' did not cause new slaves to load.
6303 1417. [func] ID.SERVER/CHAOS is now a built in zone.
6304 See "server-id" for how to configure.
6306 1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
6309 1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
6312 1414. [func] Support for KSK flag.
6314 1413. [func] Explicitly request the (re-)generation of DS records
6315 from keysets (dnssec-signzone -g).
6317 1412. [func] You can now specify servers to be tried if a nameserver
6318 has IPv6 address and you only support IPv4 or the
6319 reverse. See dual-stack-servers.
6321 1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
6323 1410. [func] Handle records that live in the parent zone, e.g. DS.
6325 1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
6327 1408. [bug] "make distclean" was not complete. [RT #4700]
6329 1407. [bug] lfsr incorrectly implements the shift register.
6332 1406. [bug] dispatch initializes one of the LFSR's with a incorrect
6333 polynomial. [RT #4617]
6335 1405. [func] Use arc4random() if available.
6337 1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
6340 1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
6341 dnssec-signkey now report their version in the
6344 1402. [cleanup] A6 has been moved to experimental and is no longer
6347 1401. [bug] adb wasn't clearing state when the timer expired.
6349 1400. [bug] Block the addition of wildcard NS records by IXFR
6350 or UPDATE. [RT #3502]
6352 1399. [bug] Use serial number arithmetic when testing SIG
6353 timestamps. [RT #4268]
6355 1398. [doc] ARM: notify-also should have been also-notify.
6358 1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
6360 1396. [func] dnssec-signzone: adjust the default signing time by
6361 1 hour to allow for clock skew.
6363 1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
6364 have a working implementation. [RT #4079]
6366 1394. [func] It is now possible to check if a particular element is
6367 in a acl. Remove duplicate entries from the localnets
6370 1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
6371 is not available in the kernel to prevent accidently
6372 listening on IPv4 interfaces.
6374 1392. [bug] named-checkzone: update usage.
6376 1391. [func] Add support for IPv6 scoped addresses in named.
6378 1390. [func] host now supports ixfr.
6380 1389. [bug] named could fail to rotate long log files. [RT #3666]
6382 1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
6383 defining HAVE_IFLIST_SYSCTL. [RT #3770]
6385 1387. [bug] named could crash due to an access to invalid memory
6386 space (which caused an assertion failure) in
6387 incremental cleaning. [RT #3588]
6389 1386. [bug] named-checkzone -z stopped on errors in a zone.
6392 1385. [bug] Setting serial-query-rate to 10 would trigger a
6395 1384. [bug] host was incompatible with BIND 8 in its exit code and
6396 in the output with the -l option. [RT #3536]
6398 1383. [func] Track the serial number in a IXFR response and log if
6399 a mismatch occurs. This is a more specific error than
6400 "not exact". [RT #3445]
6402 1382. [bug] make install failed with --enable-libbind. [RT #3656]
6404 1381. [bug] named failed to correctly process answers that
6405 contained DNAME records where the resulting CNAME
6406 resulted in a negative answer.
6408 1380. [func] 'rndc recursing' dump recursing queries to
6409 'recursing-file = "named.recursing";'.
6411 1379. [func] 'rndc status' now reports tcp and recursion quota
6414 1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
6416 1377. [func] dns_zone_load{new}() now reports if the zone was
6417 loaded, queued for loading to up to date.
6419 1376. [func] New function dns_zone_logc() to log to specified
6422 1375. [func] 'rndc dumpdb' now dumps the adb cache along with the
6425 1374. [func] dns_adb_dump() now logs the lame zones associated
6428 1373. [bug] Recovery from expired glue failed under certain
6431 1372. [bug] named crashes with an assertion failure on exit when
6432 sharing the same port for listening and querying, and
6433 changing listening addresses several times. [RT# 3509]
6435 1371. [bug] notify-source-v6, transfer-source-v6 and
6436 query-source-v6 with explicit addresses and using the
6437 same ports as named was listening on could interfere
6438 with named's ability to answer queries sent to those
6441 1370. [bug] dig '+[no]recurse' was incorrectly documented.
6443 1369. [bug] Adding an NS record as the lexicographically last
6444 record in a secure zone didn't work.
6446 1368. [func] remove support for bitstring labels.
6448 1367. [func] Use response times to select forwarders.
6450 1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
6452 1365. [func] "localhost" and "localnets" acls now include IPv6
6453 addresses / prefixes.
6455 1364. [func] Log file name when unable to open memory statistics
6456 and dump database files. [RT# 3437]
6458 1363. [func] Listen-on-v6 now supports specific addresses.
6460 1362. [bug] remove IFF_RUNNING test when scanning interfaces.
6462 1361. [func] log the reason for rejecting a server when resolving
6465 1360. [bug] --enable-libbind would fail when not built in the
6466 source tree for certain OS's.
6468 1359. [security] Support patches OpenSSL libraries.
6469 http://www.cert.org/advisories/CA-2002-23.html
6471 1358. [bug] It was possible to trigger a INSIST when debugging
6472 large dynamic updates. [RT #3390]
6474 1357. [bug] nsupdate was extremely wasteful of memory.
6476 1356. [tuning] Reduce the number of events / quantum for zone tasks.
6478 1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
6480 1354. [doc] lwres man pages had illegal nroff.
6482 1353. [contrib] sdb/ldap to version 0.9.
6484 1352. [bug] dig, host, nslookup when falling back to TCP use the
6485 current search entry (if any). [RT #3374]
6487 1351. [bug] lwres_getipnodebyname() returned the wrong name
6488 when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
6491 1350. [bug] dns_name_fromtext() failed to handle too many labels
6494 1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
6495 http://www.cert.org/advisories/CA-2002-23.html
6497 1348. [port] win32: Rewrote code to use I/O Completion Ports
6498 in socket.c and eliminating a host of socket
6499 errors. Performance is enhanced.
6505 1345. [port] Use a explicit -Wformat with gcc. Not all versions
6506 include it in -Wall.
6508 1344. [func] Log if the serial number on the master has gone
6510 If you have multiple machines specified in the masters
6511 clause you may want to set 'multi-master yes;' to
6512 suppress this warning.
6514 1343. [func] Log successful notifies received (info). Adjust log
6515 level for failed notifies to notice.
6517 1342. [func] Log remote address with TCP dispatch failures.
6519 1341. [func] Allow a rate limiter to be stalled.
6521 1340. [bug] Delay and spread out the startup refresh load.
6523 1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
6524 lookups. Bit string lookups are no longer attempted.
6530 1336. [func] Nibble lookups under IP6.ARPA are now supported by
6531 dns_byaddr_create(). dns_byaddr_createptrname() is
6532 deprecated, use dns_byaddr_createptrname2() instead.
6534 1335. [bug] When performing a nonexistence proof, the validator
6535 should discard parent NXTs from higher in the DNS.
6537 1334. [bug] When signing/verifying rdatasets, duplicate rdatas
6538 need to be suppressed.
6540 1333. [contrib] queryperf now reports a summary of returned
6541 rcodes (-c), rcodes are printed in mnemonic form (-v).
6543 1332. [func] Report the current serial with periodic commits when
6544 rolling forward the journal.
6546 1331. [func] Generate DNSSEC wildcard proofs.
6548 1330. [bug] When processing events (non-threaded) only allow
6549 the task one chance to use to use its quantum.
6551 1329. [func] named-checkzone will now check if nameservers that
6552 appear to be IP addresses. Available modes "fail",
6553 "warn" (default) and "ignore" the results of the
6556 1328. [bug] The validator could incorrectly verify an invalid
6559 1327. [bug] The validator would incorrectly mark data as insecure
6560 when seeing a bogus signature before a correct
6563 1326. [bug] DNAME/CNAME signatures were not being cached when
6564 validation was not being performed. [RT #3284]
6566 1325. [bug] If the tcpquota was exhausted it was possible to
6567 to trigger a INSIST() failure.
6569 1324. [port] darwin: ifconfig.sh now supports darwin.
6571 1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
6573 1322. [bug] dnssec-signzone usage message was misleading.
6575 1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
6576 would incorrectly duplicate its output and sign it.
6578 1320. [doc] query-source-v6 was missing from options section.
6581 1319. [func] libbind: log attempts to exploit #1318.
6583 1318. [bug] libbind: Remote buffer overrun.
6585 1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
6588 1316. [bug] libbind: gethostans() could get out of sync parsing
6589 the response if there was a very long CNAME chain.
6591 1315. [bug] Options should apply to the internal _bind view.
6593 1314. [port] Handle ECONNRESET from sendmsg() [unix].
6595 1313. [func] Query log now says if the query was signed (S) or
6596 if EDNS was used (E).
6598 1312. [func] Log TSIG key used w/ outgoing zone transfers.
6600 1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
6602 1310. [bug] 'rndc stop' failed to cause zones to be flushed
6603 sometimes. [RT #3157]
6605 1309. [func] Log that a zone transfer was covered by a TSIG.
6607 1308. [func] DS (delegation signer) support.
6609 1307. [bug] nsupdate: allow white space base64 key data.
6611 1306. [bug] Badly encoded LOC record when the size, horizontal
6612 precision or vertical precision was 0.1m.
6614 1305. [bug] Document that internal zones are included in the
6615 rndc status results.
6617 1304. [func] New function: dns_zone_name().
6619 1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
6621 1302. [func] Extended rndc dumpdb to support dumping of zones and
6622 view selection: 'dumpdb [-all|-zones|-cache] [view]'.
6624 1301. [func] New category 'update-security'.
6626 1300. [port] Compaq Trucluster support.
6628 1299. [bug] Set AI_ADDRCONFIG when looking up addresses
6629 via getaddrinfo() (affects dig, host, nslookup, rndc
6632 1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
6633 could be left with a trailing "\" after configure
6636 1297. [port] linux: make handling EINVAL from socket() no longer
6637 conditional on #ifdef LINUX.
6639 1296. [bug] isc_log_closefilelogs() needed to lock the log
6642 1295. [bug] isc_log_setdebuglevel() needed to lock the log
6645 1294. [func] libbind: no longer attempts bit string labels for
6646 IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
6647 for nibble style resolution.
6649 1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
6651 1292. [func] Enable IPv6 support when using ioctl style interface
6652 scanning and OS supports SIOCGLIFADDR using struct
6655 1291. [func] Enable IPv6 support when using sysctl style interface
6658 1290. [func] "dig axfr" now reports the number of messages
6659 as well as the number of records.
6661 1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
6663 1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
6664 reflect written requirements.
6666 1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
6667 a rdataset to a zone db in the rbtdb implementation of
6670 1286. [bug] dns_name_downcase() enforce requirement that
6671 target != NULL or name->buffer != NULL.
6673 1285. [func] lwres: probe the system to see what address families
6674 are currently in use.
6676 1284. [bug] The RTT estimate on unused servers was not aged.
6679 1283. [func] Use "dataready" accept filter if available.
6681 1282. [port] libbind: hpux 11.11 interface scanning.
6683 1281. [func] Log zone when unable to get private keys to update
6684 zone. Log zone when NXT records are missing from
6687 1280. [bug] libbind: escape '(' and ')' when converting to
6690 1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
6692 1278. [func] dig: now supports +[no]cl +[no]ttlid.
6694 1277. [func] You can now create your own customized printing
6695 styles: dns_master_stylecreate() and
6696 dns_master_styledestroy().
6698 1276. [bug] libbind: const pointer conflicts in res_debug.c.
6700 1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
6702 1274. [bug] Memory leak in lwres_gnbarequest_parse().
6704 1273. [port] libbind: solaris: 64 bit binary compatibility.
6706 1272. [contrib] Berkeley DB 4.0 sdb implementation from
6707 Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
6709 1271. [bug] "recursion available: {denied,approved}" was too
6712 1270. [bug] Check that system inet_pton() and inet_ntop() support
6715 1269. [port] Openserver: ifconfig.sh support.
6717 1268. [port] Openserver: the value FD_SETSIZE depends on whether
6718 <sys/param.h> is included or not. Be consistent.
6720 1267. [func] isc_file_openunique() now creates file using mode
6721 0666 rather than 0600.
6723 1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
6724 __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
6725 are not C++ compatible, use *_TYPE versions instead.
6727 1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
6728 C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
6732 1263. [bug] Reference after free error if dns_dispatchmgr_create()
6735 1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
6737 1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
6738 support for compressed TSIG owner names.
6740 1260. [func] libbind: res_update can now update IPv6 servers,
6741 new function res_findzonecut2().
6743 1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
6746 1258. [bug] libbind: res_nametotype() and res_nametoclass() were
6749 1257. [bug] Failure to write pid-file should not be fatal on
6752 1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
6754 1255. [bug] When verifying that an NXT proves nonexistence, check
6755 the rcode of the message and only do the matching NXT
6756 check. That is, for NXDOMAIN responses, check that
6757 the name is in the range between the NXT owner and
6758 next name, and for NOERROR NODATA responses, check
6759 that the type is not present in the NXT bitmap.
6761 1254. [func] preferred-glue option from BIND 8.3.
6763 1253. [bug] The dnssec system test failed to remove the correct
6766 1252. [bug] Dig, host and nslookup were not checking the address
6767 the answer was coming from against the address it was
6770 1251. [port] win32: a make file contained absolute version specific
6773 1250. [func] Nsupdate will report the address the update was
6776 1249. [bug] Missing masters clause was not handled gracefully.
6779 1248. [bug] DESTDIR was not being propagated between makes.
6781 1247. [bug] Don't reset the interface index for link/site local
6782 addresses. [RT #2576]
6784 1246. [func] New functions isc_sockaddr_issitelocal(),
6785 isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
6786 and isc_netaddr_islinklocal().
6788 1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
6791 1244. [bug] Receiving a TCP message from a blackhole address would
6792 prevent further messages being received over that
6795 1243. [bug] It was possible to trigger a REQUIRE() in
6796 dns_message_findtype(). [RT #2659]
6798 1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
6800 1241. [bug] Drop received UDP messages with a zero source port
6801 as these are invariably forged. [RT #2621]
6803 1240. [bug] It was possible to leak zone references by
6804 specifying an incorrect zone to rndc.
6806 1239. [bug] Under certain circumstances named could continue to
6807 use a name after it had been freed triggering
6808 INSIST() failures. [RT #2614]
6810 1238. [bug] It is possible to lockup the server when shutting down
6811 if notifies were being processed. [RT #2591]
6813 1237. [bug] nslookup: "set q=type" failed.
6815 1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
6816 NULL terminated text regions. [RT #2588]
6818 1235. [func] Report 'out of memory' errors from openssl.
6820 1234. [bug] contrib/sdb: 'zonetodb' failed to call
6821 dns_result_register(). DNS_R_SEENINCLUDE should not
6824 1233. [bug] The flags field of a KEY record can be expressed in
6825 hex as well as decimal.
6827 1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
6829 1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
6831 1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
6833 1229. [bug] named would crash if it received a TSIG signed
6834 query as part of an AXFR response. [RT #2570]
6836 1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
6838 1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
6839 if a number was expected and some other token was
6842 1226. [func] Use EDNS for zone refresh queries. [RT #2551]
6844 1225. [func] dns_message_setopt() no longer requires that
6845 dns_message_renderbegin() to have been called.
6847 1224. [bug] 'rrset-order' and 'sortlist' should be additive
6850 1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
6853 1222. [bug] Specifying 'port *' did not always result in a system
6854 selected (non-reserved) port being used. [RT #2537]
6856 1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
6857 compared case insensitively. [RT #2542]
6859 1220. [func] Support for APL rdata type.
6861 1219. [func] Named now reports the TSIG extended error code when
6862 signature verification fails. [RT #1651]
6864 1218. [bug] Named incorrectly returned SERVFAIL rather than
6865 NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
6867 1217. [func] Report locations of previous key definition when a
6868 duplicate is detected.
6870 1216. [bug] Multiple server clauses for the same server were not
6871 reported. [RT #2514]
6873 1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
6875 1214. [bug] Win32: isc_file_renameunique() could leave zero length
6878 1213. [func] Report view associated with client if it is not a
6879 standard view (_default or _bind).
6881 1212. [port] libbind: 64k answer buffers were causing stack space
6882 to be exceeded for certain OS. Use heap space instead.
6884 1211. [bug] dns_name_fromtext() incorrectly handled certain
6885 valid octal bitlabels. [RT #2483]
6887 1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
6888 compatible addresses. [RT #2461]
6890 1209. [bug] Dig, host, nslookup were not checking the message ids
6891 on the responses. [RT #2454]
6893 1208. [bug] dns_master_load*() failed to log a error message if
6894 an error was detected when parsing the ownername of
6895 a record. [RT #2448]
6897 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
6900 1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
6901 trigger a non-EDNS retry.
6903 1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
6904 of the message. [RT #2449]
6906 1204. [bug] libbind: res_nupdate() failed to update the name
6907 server addresses before sending the update.
6909 1203. [func] Report locations of previous acl and zone definitions
6910 when a duplicate is detected.
6912 1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
6914 1201. [bug] Require that if 'callbacks' is passed to
6915 dns_rdata_fromtext(), callbacks->error and
6916 callbacks->warn are initialized.
6918 1200. [bug] Log 'errno' that we are unable to convert to
6919 isc_result_t. [RT #2404]
6921 1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
6924 1198. [bug] OPT printing style was not consistent with the way the
6925 header fields are printed. The DO bit was not reported
6926 if set. Report if any of the MBZ bits are set.
6928 1197. [bug] Attempts to define the same acl multiple times were not
6931 1196. [contrib] update mdnkit to 2.2.3.
6933 1195. [bug] Attempts to redefine builtin acls should be caught.
6936 1194. [bug] Not all duplicate zone definitions were being detected
6937 at the named.conf checking stage. [RT #2431]
6939 1193. [bug] dig +besteffort parsing didn't handle packet
6940 truncation. dns_message_parse() has new flag
6941 DNS_MESSAGE_IGNORETRUNCATION.
6943 1192. [bug] The seconds fields in LOC records were restricted
6944 to three decimal places. More decimal places should
6945 be allowed but warned about.
6947 1191. [bug] A dynamic update removing the last non-apex name in
6948 a secure zone would fail. [RT #2399]
6950 1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
6953 1189. [bug] On some systems, malloc(0) returns NULL, which
6954 could cause the caller to report an out of memory
6957 1188. [bug] Dynamic updates of a signed zone would fail if
6958 some of the zone private keys were unavailable.
6960 1187. [bug] named was incorrectly returning DNSSEC records
6961 in negative responses when the DO bit was not set.
6963 1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
6964 EOL token when reading to end of line.
6966 1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
6967 unless RES_INIT is set when calling res_*init().
6969 1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
6970 when res_*init() is called.
6972 1183. [bug] Handle ENOSR error when writing to the internal
6973 control pipe. [RT #2395]
6975 1182. [bug] The server could throw an assertion failure when
6976 constructing a negative response packet.
6978 1181. [func] Add the "key-directory" configuration statement,
6979 which allows the server to look for online signing
6980 keys in alternate directories.
6982 1180. [func] dnssec-keygen should always generate keys with
6983 protocol 3 (DNSSEC), since it's less confusing
6986 1179. [func] Add SIG(0) support to nsupdate.
6988 1178. [bug] Follow and cache (if appropriate) A6 and other
6989 data chains to completion in the additional section.
6991 1177. [func] Report view when loading zones if it is not a
6992 standard view (_default or _bind). [RT #2270]
6994 1176. [doc] Document that allow-v6-synthesis is only performed
6995 for clients that are supplied recursive service.
6998 1175. [bug] named-checkzone and named-checkconf failed to call
6999 dns_result_register() at startup which could
7000 result in runtime exceptions when printing
7001 "out of memory" errors. [RT #2335]
7003 1174. [bug] Win32: add WSAECONNRESET to the expected errors
7004 from connect(). [RT #2308]
7006 1173. [bug] Potential memory leaks in isc_log_create() and
7007 isc_log_settag(). [RT #2336]
7009 1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
7010 table of RR types in ARM.
7012 1171. [func] Added function isc_region_compare(), updated files in
7013 lib/dns to use this function instead of local one.
7015 1170. [bug] Don't attempt to print the token when a I/O error
7016 occurs when parsing named.conf. [RT #2275]
7018 1169. [func] Identify recursive queries in the query log.
7020 1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
7022 1167. [contrib] nslint-2.1a3 (from author).
7024 1166. [bug] "Not Implemented" should be reported as NOTIMP,
7025 not NOTIMPL. [RT #2281]
7027 1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
7029 1164. [bug] Empty masters clauses in slave / stub zones were not
7030 handled gracefully. [RT #2262]
7032 1163. [func] isc_time_formattimestamp() now includes the year.
7034 1162. [bug] The allow-notify option was not accepted in slave
7037 1161. [bug] named-checkzone looped on unbalanced brackets.
7040 1160. [bug] Generating Diffie-Hellman keys longer than 1024
7041 bits could fail. [RT #2241]
7043 1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
7045 1158. [func] Report the client's address when logging notify
7048 1157. [func] match-clients and match-destinations now accept
7051 1156. [port] The configure test for strsep() incorrectly
7052 succeeded on certain patched versions of
7053 AIX 4.3.3. [RT #2190]
7055 1155. [func] Recover from master files being removed from under
7058 1154. [bug] Don't attempt to obtain the netmask of a interface
7059 if there is no address configured. [RT #2176]
7061 1153. [func] 'rndc {stop|halt} -p' now reports the process id
7062 of the instance of named being shutdown.
7064 1152. [bug] libbind: read buffer overflows.
7066 1151. [bug] nslookup failed to check that the arguments to
7067 the port, timeout, and retry options were
7068 valid integers and in range. [RT #2099]
7070 1150. [bug] named incorrectly accepted TTL values
7071 containing plus or minus signs, such as
7074 1149. [func] New function isc_parse_uint32().
7076 1148. [func] 'rndc-confgen -a' now provides positive feedback.
7078 1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
7079 the OS. listen-on-v6 { any; }; should no longer
7080 result in IPv4 queries be accepted. Similarly
7081 control { inet :: ... }; should no longer result
7082 in IPv4 connections being accepted. This can be
7083 overridden at compile time by defining
7086 1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
7087 supported by the OS by a new function
7088 isc_socket_ipv6only().
7090 1145. [func] "host" no longer reports a NOERROR/NODATA response
7091 by printing nothing. [RT #2065]
7093 1144. [bug] rndc-confgen would crash if both the -a and -t
7094 options were specified. [RT #2159]
7096 1143. [bug] When a trusted-keys statement was present and named
7097 was built without crypto support, it would leak memory.
7099 1142. [bug] dnssec-signzone would fail to delete temporary files
7100 in some failure cases. [RT #2144]
7102 1141. [bug] When named rejected a control message, it would
7103 leak a file descriptor and memory. It would also
7104 fail to respond, causing rndc to hang.
7107 1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
7108 to the -s option. [RT #2138]
7110 1139. [func] It is now possible to flush a given name from the
7111 cache(s) via 'rndc flushname name [view]'. [RT #2051]
7113 1138. [func] It is now possible to flush a given name from the
7114 cache by calling the new function
7115 dns_cache_flushname().
7117 1137. [func] It is now possible to flush a given name from the
7118 ADB by calling the new function dns_adb_flushname().
7120 1136. [bug] CNAME records synthesized from DNAMEs did not
7121 have a TTL of zero as required by RFC2672.
7124 1135. [func] You can now override the default syslog() facility for
7125 named/lwresd at compile time. [RT #1982]
7127 1134. [bug] Multi-threaded servers could deadlock in ferror()
7128 when reloading zone files. [RT #1951, #1998]
7130 1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
7131 platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
7133 1132. [func] Improve UPDATE prerequisite failure diagnostic messages.
7135 1131. [bug] The match-destinations view option did not work with
7136 IPv6 destinations. [RT #2073, #2074]
7138 1130. [bug] Log messages reporting an out-of-range serial number
7139 did not include the out-of-range number but the
7140 following token. [RT #2076]
7142 1129. [bug] Multi-threaded servers could crash under heavy
7143 resolution load due to a race condition. [RT #2018]
7145 1128. [func] sdb drivers can now provide RR data in either text
7146 or wire format, the latter using the new functions
7147 dns_sdb_putrdata() and dns_sdb_putnamedrdata().
7149 1127. [func] rndc: If the server to contact has multiple addresses,
7152 1126. [bug] The server could access a freed event if shut
7153 down while a client start event was pending
7154 delivery. [RT #2061]
7156 1125. [bug] rndc: -k option was missing from usage message.
7159 1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
7160 are now documented. [RT #2052]
7162 1123. [bug] dig +[no]fail did not match description. [RT #2052]
7164 1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
7167 1121. [bug] The server could attempt to access a NULL zone
7168 table if shut down while resolving.
7171 1120. [bug] Errors in options were not fatal. [RT #2002]
7173 1119. [func] Added support in Win32 for NTFS file/directory ACL's
7176 1118. [bug] On multi-threaded servers, a race condition
7177 could cause an assertion failure in resolver.c
7178 during resolver shutdown. [RT #2029]
7180 1117. [port] The configure check for in6addr_loopback incorrectly
7181 succeeded on AIX 4.3 when compiling with -O2
7182 because the test code was optimized away.
7185 1116. [bug] Setting transfers in a server clause, transfers-in,
7186 or transfers-per-ns to a value greater than
7187 2147483647 disabled transfers. [RT #2002]
7189 1115. [func] Set maximum values for cleaning-interval,
7190 heartbeat-interval, interface-interval,
7191 max-transfer-idle-in, max-transfer-idle-out,
7192 max-transfer-time-in, max-transfer-time-out,
7193 statistics-interval of 28 days and
7194 sig-validity-interval of 3660 days. [RT #2002]
7196 1114. [port] Ignore more accept() errors. [RT #2021]
7198 1113. [bug] The allow-update-forwarding option was ignored
7199 when specified in a view. [RT #2014]
7203 1111. [bug] Multi-threaded servers could deadlock processing
7204 recursive queries due to a locking hierarchy
7205 violation in adb.c. [RT #2017]
7207 1110. [bug] dig should only accept valid abbreviations of +options.
7210 1109. [bug] nsupdate accepted illegal ttl values.
7212 1108. [bug] On Win32, rndc was hanging when named was not running
7213 due to failure to select for exceptional conditions
7214 in select(). [RT #1870]
7216 1107. [bug] nsupdate could catch an assertion failure if an
7217 invalid domain name was given as the argument to
7220 1106. [bug] After seeing an out of range TTL, nsupdate would
7221 treat all TTLs as out of range. [RT #2001]
7223 1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
7225 1104. [bug] Invalid arguments to the transfer-format option
7226 could cause an assertion failure. [RT #1995]
7228 1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
7230 1102. [doc] Note that query logging is enabled by directing the
7231 queries category to a channel.
7233 1101. [bug] Array bounds read error in lwres_gai_strerror.
7235 1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
7237 1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
7238 compile time errors.
7240 1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
7242 1097. [func] libbind: RES_PRF_TRUNC for dig.
7244 1096. [func] libbind: "DNSSEC OK" (DO) support.
7246 1095. [func] libbind: resolver option: no-tld-query. disables
7247 trying unqualified as a tld. no_tld_query is also
7248 supported for FreeBSD compatibility.
7250 1094. [func] libbind: add support gcc's format string checking.
7252 1093. [doc] libbind: miscellaneous nroff fixes.
7254 1092. [bug] libbind: get*by*() failed to check if res_init() had
7257 1091. [bug] libbind: misplaced va_end().
7259 1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
7260 the amount of memory consumed resulting in garbage
7261 address being returned. Alignment calculations were
7262 wasting space. We weren't suppressing duplicate
7265 1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
7268 1088. [port] libbind: MPE/iX C.70 (incomplete)
7270 1087. [bug] libbind: struct __res_state too large on 64 bit arch.
7272 1086. [port] libbind: sunos: old sprintf.
7274 1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
7275 exist when compiling in 64 bit mode.
7277 1084. [cleanup] libbind: gai_strerror() rewritten.
7279 1083. [bug] The default control channel listened on the
7280 wildcard address, not the loopback as documented.
7283 1082. [bug] The -g option to named incorrectly caused logging
7284 to be sent to syslog in addition to stderr.
7287 1081. [bug] Multicast queries were incorrectly identified
7288 based on the source address, not the destination
7291 1080. [bug] BIND 8 compatibility: accept bare IP prefixes
7292 as the second element of a two-element top level
7293 sort list statement. [RT #1964]
7295 1079. [bug] BIND 8 compatibility: accept bare elements at top
7296 level of sort list treating them as if they were
7297 a single element list. [RT #1963]
7299 1078. [bug] We failed to correct bad tv_usec values in one case.
7302 1077. [func] Do not accept further recursive clients when
7303 the total number of recursive lookups being
7304 processed exceeds max-recursive-clients, even
7305 if some of the lookups are internally generated.
7308 1076. [bug] A badly defined global key could trigger an assertion
7309 on load/reload if views were used. [RT #1947]
7311 1075. [bug] Out-of-range network prefix lengths were not
7312 reported. [RT #1954]
7314 1074. [bug] Running out of memory in dump_rdataset() could
7315 cause an assertion failure. [RT #1946]
7317 1073. [bug] The ADB cache cleaning should also be space driven.
7320 1072. [bug] The TCP client quota could be exceeded when
7321 recursion occurred. [RT #1937]
7323 1071. [bug] Sockets listening for TCP DNS connections
7324 specified an excessive listen backlog. [RT #1937]
7326 1070. [bug] Copy DNSSEC OK (DO) to response as specified by
7327 draft-ietf-dnsext-dnssec-okbit-03.txt.
7331 1068. [bug] errno could be overwritten by catgets(). [RT #1921]
7333 1067. [func] Allow quotas to be soft, isc_quota_soft().
7335 1066. [bug] Provide a thread safe wrapper for strerror().
7338 1065. [func] Runtime support to select new / old style interface
7339 scanning using ioctls.
7341 1064. [bug] Do not shut down active network interfaces if we
7342 are unable to scan the interface list. [RT #1921]
7344 1063. [bug] libbind: "make install" was failing on IRIX.
7347 1062. [bug] If the control channel listener socket was shut
7348 down before server exit, the listener object could
7349 be freed twice. [RT #1916]
7351 1061. [bug] If periodic cache cleaning happened to start
7352 while cleaning due to reaching the configured
7353 maximum cache size was in progress, the server
7354 could catch an assertion failure. [RT #1912]
7356 1060. [func] Move refresh, stub and notify UDP retry processing
7359 1059. [func] dns_request now support will now retry UDP queries,
7360 dns_request_createvia2() and dns_request_createraw2().
7362 1058. [func] Limited lifetime ticker timers are now available,
7363 isc_timertype_limited.
7365 1057. [bug] Reloading the server after adding a "file" clause
7366 to a zone statement could cause the server to
7367 crash due to a typo in change 1016.
7369 1056. [bug] Rndc could catch an assertion failure on SIGINT due
7370 to an uninitialized variable. [RT #1908]
7372 1055. [func] Version and hostname queries can now be disabled
7373 using "version none;" and "hostname none;",
7376 1054. [bug] On Win32, cfg_categories and cfg_modules need to be
7377 exported from the libisccfg DLL.
7379 1053. [bug] Dig did not increase its timeout when receiving
7380 AXFRs unless the +time option was used. [RT #1904]
7382 1052. [bug] Journals were not being created in binary mode
7383 resulting in "journal format not recognized" error
7384 under Win32. [RT #1889]
7386 1051. [bug] Do not ignore a network interface completely just
7387 because it has a noncontiguous netmask. Instead,
7388 omit it from the localnets ACL and issue a warning.
7391 1050. [bug] Log messages reporting malformed IP addresses in
7392 address lists such as that of the forwarders option
7393 failed to include the correct error code, file
7394 name, and line number. [RT #1890]
7396 1049. [func] "pid-file none;" will disable writing a pid file.
7399 1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
7402 1047. [bug] named was incorrectly refusing all requests signed
7403 with a TSIG key derived from an unsigned TKEY
7404 negotiation with a NOERROR response. [RT #1886]
7406 1046. [bug] The help message for the --with-openssl configure
7407 option was inaccurate. [RT #1880]
7409 1045. [bug] It was possible to skip saving glue for a nameserver
7412 1044. [bug] Specifying allow-transfer, notify-source, or
7413 notify-source-v6 in a stub zone was not treated
7416 1043. [bug] Specifying a transfer-source or transfer-source-v6
7417 option in the zone statement for a master zone was
7418 not treated as an error. [RT #1876]
7420 1042. [bug] The "config" logging category did not work properly.
7423 1041. [bug] Dig/host/nslookup could catch an assertion failure
7424 on SIGINT due to an uninitialized variable. [RT #1867]
7426 1040. [bug] Multiple listen-on-v6 options with different ports
7427 were not accepted. [RT #1875]
7429 1039. [bug] Negative responses with CNAMEs in the answer section
7430 were cached incorrectly. [RT #1862]
7432 1038. [bug] In servers configured with a tkey-domain option,
7433 TKEY queries with an owner name other than the root
7434 could cause an assertion failure. [RT #1866, #1869]
7436 1037. [bug] Negative responses whose authority section contain
7437 SOA or NS records whose owner names are not equal
7438 equal to or parents of the query name should be
7439 rejected. [RT #1862]
7441 1036. [func] Silently drop requests received via multicast as
7442 long as there is no final multicast DNS standard.
7444 1035. [bug] If we respond to multicast queries (which we
7445 currently do not), respond from a unicast address
7446 as specified in RFC 1123. [RT #137]
7448 1034. [bug] Ignore the RD bit on multicast queries as specified
7449 in RFC 1123. [RT #137]
7451 1033. [bug] Always respond to requests with an unsupported opcode
7452 with NOTIMP, even if we don't have a matching view
7453 or cannot determine the class.
7455 1032. [func] hostname.bind/txt/chaos now returns the name of
7456 the machine hosting the nameserver. This is useful
7457 in diagnosing problems with anycast servers.
7459 1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
7462 1030. [bug] On systems with no resolv.conf file, nsupdate
7463 exited with an error rather than defaulting
7464 to using the loopback address. [RT #1836]
7466 1029. [bug] Some named.conf errors did not cause the loading
7467 of the configuration file to return a failure
7468 status even though they were logged. [RT #1847]
7470 1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
7471 in the wrong directory. [RT #1833]
7473 1027. [bug] RRs having the reserved type 0 should be rejected.
7478 1025. [bug] Don't use multicast addresses to resolve iterative
7481 1024. [port] Compilation failed on HP-UX 11.11 due to
7482 incompatible use of the SIOCGLIFCONF macro
7485 1023. [func] Accept hints without TTLs.
7487 1022. [bug] Don't report empty root hints as "extra data".
7490 1021. [bug] On Win32, log message timestamps were one month
7491 later than they should have been, and the server
7492 would exhibit unspecified behavior in December.
7494 1020. [bug] IXFR log messages did not distinguish between
7495 true IXFRs, AXFR-style IXFRs, and mere version
7498 1019. [bug] The value of the lame-ttl option was limited to 18000
7499 seconds, not 1800 seconds as documented. [RT #1803]
7501 1018. [bug] The default log channel was not always initialized
7502 correctly. [RT #1813]
7504 1017. [bug] When specifying TSIG keys to dig and nsupdate using
7505 the -k option, they must be HMAC-MD5 keys. [RT #1810]
7507 1016. [bug] Slave zones with no backup file were re-transferred
7508 on every server reload.
7510 1015. [bug] Log channels that had a "versions" option but no
7511 "size" option failed to create numbered log
7514 1014. [bug] Some queries would cause statistics counters to
7515 increment more than once or not at all. [RT #1321]
7517 1013. [bug] It was possible to cancel a query twice when marking
7518 a server as bogus or by having a blackhole acl.
7521 1012. [bug] The -p option to named did not behave as documented.
7523 1011. [cleanup] Removed isc_dir_current().
7525 1010. [bug] The server could attempt to execute a command channel
7526 command after initiating server shutdown, causing
7527 an assertion failure. [RT #1766]
7529 1009. [port] OpenUNIX 8 support. [RT #1728]
7531 1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
7533 1007. [port] config.guess, config.sub from autoconf-2.52.
7535 1006. [bug] If a KEY RR was found missing during DNSSEC validation,
7536 an assertion failure could subsequently be triggered
7537 in the resolver. [RT #1763]
7539 1005. [bug] Don't copy nonzero RCODEs from request to response.
7542 1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
7544 1003. [func] Add the +retry option to dig.
7546 1002. [bug] When reporting an unknown class name in named.conf,
7547 including the file name and line number. [RT #1759]
7549 1001. [bug] win32 socket code doio_recv was not catching a
7550 WSACONNRESET error when a client was timing out
7551 the request and closing its socket. [RT #1745]
7553 1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
7554 for class "HS". [RT #1759]
7556 999. [func] "rndc retransfer zone [class [view]]" added.
7559 998. [func] named-checkzone now has arguments to specify the
7560 chroot directory (-t) and working directory (-w).
7563 997. [func] Add support for RSA-SHA1 keys (RFC3110).
7565 996. [func] Issue warning if the configuration filename contains
7568 995. [bug] dig, host, nslookup: using a raw IPv6 address as a
7569 target address should be fatal on a IPv4 only system.
7571 994. [func] Treat non-authoritative responses to queries for type
7572 NS as referrals even if the NS records are in the
7573 answer section, because BIND 8 servers incorrectly
7574 send them that way. This is necessary for DNSSEC
7575 validation of the NS records of a secure zone to
7576 succeed when the parent is a BIND 8 server. [RT #1706]
7578 993. [func] dig: -v now reports the version.
7580 992. [doc] dig: ~/.digrc is now documented.
7582 991. [func] Lower UDP refresh timeout messages to level
7585 990. [bug] The rndc-confgen man page was not installed.
7587 989. [bug] Report filename if $INCLUDE fails for file related
7590 988. [bug] 'additional-from-auth no;' did not work reliably
7591 in the case of queries answered from the cache.
7594 987. [bug] "dig -help" didn't show "+[no]stats".
7596 986. [bug] "dig +noall" failed to clear stats and command
7599 985. [func] Consider network interfaces to be up iff they have
7600 a nonzero IP address rather than based on the
7601 IFF_UP flag. [RT #1160]
7603 984. [bug] Multi-threading should be enabled by default on
7604 Solaris 2.7 and newer, but it wasn't.
7606 983. [func] The server now supports generating IXFR difference
7607 sequences for non-dynamic zones by comparing zone
7608 versions, when enabled using the new config
7609 option "ixfr-from-differences". [RT #1727]
7611 982. [func] If "memstatistics-file" is set in options the memory
7612 statistics will be written to it.
7614 981. [func] The dnssec tools can now take multiple '-r randomfile'
7617 980. [bug] Incoming zone transfers restarting after an error
7618 could trigger an assertion failure. [RT #1692]
7620 979. [func] Incremental master file dumping. dns_master_dumpinc(),
7621 dns_master_dumptostreaminc(), dns_dumpctx_attach(),
7622 dns_dumpctx_detach(), dns_dumpctx_cancel(),
7623 dns_dumpctx_db() and dns_dumpctx_version().
7625 978. [bug] dns_db_attachversion() had an invalid REQUIRE()
7628 977. [bug] Improve "not at top of zone" error message.
7630 976. [func] named-checkconf can now test load master zones
7631 (named-checkconf -z). [RT #1468]
7633 975. [bug] "max-cache-size default;" as a view option
7634 caused an assertion failure.
7636 974. [bug] "max-cache-size unlimited;" as a global option
7639 973. [bug] Failed to log the question name when logging:
7640 "bad zone transfer request: non-authoritative zone
7643 972. [bug] The file modification time code in zone.c was using the
7644 wrong epoch. [RT #1667]
7648 970. [func] 'max-journal-size' can now be used to set a target
7651 969. [func] dig now supports the undocumented dig 8 feature
7652 of allowing arbitrary labels, not just dotted
7653 decimal quads, with the -x option. This can be
7654 used to conveniently look up RFC2317 names as in
7655 "dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
7657 968. [bug] On win32, the isc_time_now() function was unnecessarily
7658 calling strtime(). [RT #1671]
7660 967. [bug] On win32, the link for bindevt was not including the
7661 required resource file to enable the event viewer
7662 to interpret the error messages in the event log,
7667 965. [bug] Including data other than root server NS and A
7668 records in the root hint file could cause a rbtdb
7669 node reference leak. [RT #1581, #1618]
7671 964. [func] Warn if data other than root server NS and A records
7672 are found in the root hint file. [RT #1581, #1618]
7674 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
7676 962. [bug] libbind: bad "#undef", don't attempt to install
7677 non-existent nlist.h. [RT #1640]
7679 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
7680 was not defined. [RT #1482]
7682 960. [port] liblwres failed to build on systems with support for
7683 getrrsetbyname() in the OS. [RT #1592]
7685 959. [port] On FreeBSD, determine the number of CPUs by calling
7686 sysctlbyname(). [RT #1584]
7688 958. [port] ssize_t is not available on all platforms. [RT #1607]
7690 957. [bug] sys/select.h inclusion was broken on older platforms.
7693 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
7694 in named/win32/os.c due to code changes in
7695 change #953. win32 .make file for rndc-confgen
7696 updated to add include path for os.h header.
7698 --- 9.2.0rc1 released ---
7700 955. [bug] When using views, the zone's class was not being
7701 inherited from the view's class. [RT #1583]
7703 954. [bug] When requesting AXFRs or IXFRs using dig, host, or
7704 nslookup, the RD bit should not be set as zone
7705 transfers are inherently non-recursive. [RT #1575]
7707 953. [func] The /var/run/named.key file from change #843
7708 has been replaced by /etc/rndc.key. Both
7709 named and rndc will look for this file and use
7710 it to configure a default control channel key
7711 if not already configured using a different
7712 method (rndc.conf / controls). Unlike
7713 named.key, rndc.key is not created automatically;
7714 it must be created by manually running
7717 952. [bug] The server required manual intervention to serve the
7718 affected zones if it died between creating a journal
7719 and committing the first change to it.
7721 951. [bug] CFLAGS was not passed to the linker when
7722 linking some of the test programs under
7723 bin/tests. [RT #1555].
7725 950. [bug] Explicit TTLs did not properly override $TTL
7726 due to a bug in change 834. [RT #1558]
7728 949. [bug] host was unable to print records larger than 512
7731 --- 9.2.0b2 released ---
7733 948. [port] Integrated support for building on Windows NT /
7736 947. [bug] dns_rdata_soa_t had a badly named element "mname" which
7737 was really the RNAME field from RFC1035. To avoid
7738 confusion and silent errors that would occur it the
7739 "origin" and "mname" elements were given their correct
7740 names "mname" and "rname" respectively, the "mname"
7741 element is renamed to "contact".
7743 946. [cleanup] doc/misc/options is now machine-generated from the
7744 configuration parser syntax tables, and therefore
7745 more likely to be correct.
7747 945. [func] Add the new view-specific options
7748 "match-destinations" and "match-recursive-only".
7750 944. [func] Check for expired signatures on load.
7752 943. [bug] The server could crash when receiving a command
7753 via rndc if the configuration file listed only
7754 nonexistent keys in the controls statement. [RT #1530]
7756 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly
7757 defined on some platforms.
7759 941. [bug] The configuration checker crashed if a slave
7760 zone didn't contain a masters statement. [RT #1514]
7762 940. [bug] Double zone locking failure on error path. [RT #1510]
7764 --- 9.2.0b1 released ---
7766 939. [port] Add the --disable-linux-caps option to configure for
7767 systems that manage capabilities outside of named.
7772 937. [bug] A race when shutting down a zone could trigger a
7773 INSIST() failure. [RT #1034]
7775 936. [func] Warn about IPv4 addresses that are not complete
7776 dotted quads. [RT #1084]
7778 935. [bug] inet_pton failed to reject leading zeros.
7780 934. [port] Deal with systems where accept() spuriously returns
7783 933. [bug] configure failed doing libbind on platforms not
7784 supported by BIND 8. [RT #1496]
7786 --- 9.2.0a3 released ---
7788 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
7789 when installing isc-config.sh.
7792 931. [bug] The controls statement only attempted to verify
7793 messages using the first key in the key list.
7796 930. [func] Query performance testing tool added as
7801 928. [bug] nsupdate would send empty update packets if the
7802 send (or empty line) command was run after
7803 another send but before any new updates or
7804 prerequisites were specified. It should simply
7805 ignore this command.
7807 927. [bug] Don't hold the zone lock for the entire dump to disk.
7810 926. [bug] The resolver could deadlock with the ADB when
7811 shutting down (multi-threaded builds only).
7814 925. [cleanup] Remove openssl from the distribution; require that
7815 --with-openssl be specified if DNSSEC is needed.
7817 924. [port] Extend support for pre-RFC2133 IPv6 implementation.
7820 923. [bug] Multiline TSIG secrets (and other multiline strings)
7821 were not accepted in named.conf. [RT #1469]
7823 922. [func] Added two new lwres_getrrsetbyname() result codes,
7824 ERR_NONAME and ERR_NODATA.
7826 921. [bug] lwres returned an incorrect error code if it received
7827 a truncated message.
7829 920. [func] Increase the lwres receive buffer size to 16K.
7834 918. [func] In nsupdate, TSIG errors are no longer treated as
7837 917. [func] New nsupdate command 'key', allowing TSIG keys to
7838 be specified in the nsupdate command stream rather
7839 than the command line.
7841 916. [bug] Specifying type ixfr to dig without specifying
7842 a serial number failed in unexpected ways.
7844 915. [func] The named-checkconf and named-checkzone programs
7845 now have a '-v' option for printing their version.
7848 914. [bug] Global 'server' statements were rejected when
7849 using views, even though they were accepted
7852 913. [bug] Cache cleaning was not sufficiently aggressive.
7855 912. [bug] Attempts to set the 'additional-from-cache' or
7856 'additional-from-auth' option to 'no' in a
7857 server with recursion enabled will now
7858 be ignored and cause a warning message.
7863 910. [port] Some pre-RFC2133 IPv6 implementations do not define
7864 IN6ADDR_ANY_INIT. [RT #1416]
7868 908. [func] New program, rndc-confgen, to simplify setting up rndc.
7870 907. [func] The ability to get entropy from either the
7871 random device, a user-provided file or from
7872 the keyboard was migrated from the DNSSEC tools
7873 to libisc as isc_entropy_usebestsource().
7875 906. [port] Separated the system independent portion of
7876 lib/isc/unix/entropy.c into lib/isc/entropy.c
7877 and added lib/isc/win32/entropy.c.
7879 905. [bug] Configuring a forward "zone" for the root domain
7880 did not work. [RT #1418]
7882 904. [bug] The server would leak memory if attempting to use
7883 an expired TSIG key. [RT #1406]
7885 903. [bug] dig should not crash when receiving a TCP packet
7888 902. [bug] The -d option was ignored if both -t and -g were also
7893 900. [bug] A config.guess update changed the system identification
7894 string of FreeBSD systems; configure and
7895 bin/tests/system/ifconfig.sh now recognize the new
7898 --- 9.2.0a2 released ---
7900 899. [bug] lib/dns/soa.c failed to compile on many platforms
7901 due to inappropriate use of a void value.
7902 [RT #1372, #1373, #1386, #1387, #1395]
7904 898. [bug] "dig" failed to set a nonzero exit status
7905 on UDP query timeout. [RT #1323]
7907 897. [bug] A config.guess update changed the system identification
7908 string of UnixWare systems; configure now recognizes
7911 896. [bug] If a configuration file is set on named's command line
7912 and it has a relative pathname, the current directory
7913 (after any possible jailing resulting from named -t)
7914 will be prepended to it so that reloading works
7915 properly even when a directory option is present.
7917 895. [func] New function, isc_dir_current(), akin to POSIX's
7920 894. [bug] When using the DNSSEC tools, a message intended to warn
7921 when the keyboard was being used because of the lack
7922 of a suitable random device was not being printed.
7924 893. [func] Removed isc_file_test() and added isc_file_exists()
7925 for the basic functionality that was being added
7926 with isc_file_test().
7930 891. [bug] Return an error when a SIG(0) signed response to
7931 an unsigned query is seen. This should actually
7932 do the verification, but it's not currently
7933 possible. [RT #1391]
7935 890. [cleanup] The man pages no longer require the mandoc macros
7936 and should now format cleanly using most versions of
7937 nroff, and HTML versions of the man pages have been
7938 added. Both are generated from DocBook source.
7940 889. [port] Eliminated blank lines before .TH in nroff man
7941 pages since they cause problems with some versions
7942 of nroff. [RT #1390]
7944 888. [bug] Don't die when using TKEY to delete a nonexistent
7945 TSIG key. [RT #1392]
7947 887. [port] Detect broken compilers that can't call static
7948 functions from inline functions. [RT #1212]
7990 866. [func] Close debug only file channels when debug is set to
7993 865. [bug] The new configuration parser did not allow
7994 the optional debug level in a "severity debug"
7995 clause of a logging channel to be omitted.
7996 This is now allowed and treated as "severity
7997 debug 1;" like it does in BIND 8.2.4, not as
7998 "severity debug 0;" like it did in BIND 9.1.
8001 864. [cleanup] Multi-threading is now enabled by default on
8002 OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
8004 863. [bug] If an error occurred while an outgoing zone transfer
8005 was starting up, the server could access a domain
8006 name that had already been freed when logging a
8007 message saying that the transfer was starting.
8010 862. [bug] Use after realloc(), non portable pointer arithmetic in
8013 861. [port] Add support for Mac OS X, by making it equivalent
8014 to Darwin. This was derived from the config.guess
8015 file shipped with Mac OS X. [RT #1355]
8017 860. [func] Drop cross class glue in zone transfers.
8019 859. [bug] Cache cleaning now won't swamp the CPU if there
8020 is a persistent over limit condition.
8022 858. [func] isc_mem_setwater() no longer requires that when the
8023 callback function is non-NULL then its hi_water
8024 argument must be greater than its lo_water argument
8025 (they can now be equal) or that they be non-zero.
8027 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
8028 structs, for our friends in EBCDIC-land.
8030 856. [func] Allow partial rdatasets to be returned in answer and
8031 authority sections to help non-TCP capable clients
8032 recover from truncation. [RT #1301]
8034 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
8036 854. [bug] The config parser didn't properly handle config
8037 options that were specified in units of time other
8038 than seconds. [RT #1372]
8040 853. [bug] configure_view_acl() failed to detach existing acls.
8043 852. [bug] Handle responses from servers which do not know
8046 851. [cleanup] The obsolete support-ixfr option was not properly
8049 --- 9.2.0a1 released ---
8051 850. [bug] dns_rbt_findnode() would not find nodes that were
8052 split on a bitstring label somewhere other than in
8053 the last label of the node. [RT #1351]
8055 849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
8057 848. [func] A minimum max-cache-size of two megabytes is enforced
8058 by the cache cleaner.
8060 847. [func] Added isc_file_test(), which currently only has
8061 some very basic functionality to test for the
8062 existence of a file, whether a pathname is absolute,
8063 or whether a pathname is the fundamental representation
8064 of the current directory. It is intended that this
8065 function can be expanded to test other things a
8066 programmer might want to know about a file.
8068 846. [func] A non-zero 'param' to dst_key_generate() when making an
8069 hmac-md5 key means that good entropy is not required.
8071 845. [bug] The access rights on the public file of a symmetric
8072 key are now restricted as soon as the file is opened,
8073 rather than after it has been written and closed.
8075 844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
8076 just as <lwres/net.h> does.
8078 843. [func] If no controls statement is present in named.conf,
8079 or if any inet phrase of a controls statement is
8080 lacking a keys clause, then a key will be automatically
8081 generated by named and an rndc.conf-style file
8082 named named.key will be written that uses it. rndc
8083 will use this file only if its normal configuration
8084 file, or one provided on the command line, does not
8087 842. [func] 'rndc flush' now takes an optional view.
8089 841. [bug] When sdb modules were not declared threadsafe, their
8090 create and destroy functions were not serialized.
8092 840. [bug] The config file parser could print the wrong file
8093 name if an error was detected after an included file
8094 was parsed. [RT #1353]
8096 839. [func] Dump packets for which there was no view or that the
8097 class could not be determined to category "unmatched".
8099 838. [port] UnixWare 7.x.x is now suported by
8100 bin/tests/system/ifconfig.sh.
8102 837. [cleanup] Multi-threading is now enabled by default only on
8103 OSF1, Solaris 2.7 and newer, and AIX.
8105 836. [func] Upgraded libtool to 1.4.
8107 835. [bug] The dispatcher could enter a busy loop if
8108 it got an I/O error receiving on a UDP socket.
8111 834. [func] Accept (but warn about) master files beginning with
8112 an SOA record without an explicit TTL field and
8113 lacking a $TTL directive, by using the SOA MINTTL
8114 as a default TTL. This is for backwards compatibility
8115 with old versions of BIND 8, which accepted such
8116 files without warning although they are illegal
8117 according to RFC1035.
8119 833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
8120 <dns/soa.h>, and extended them to support
8121 all the integer-valued fields of the SOA RR.
8123 832. [bug] The default location for named.conf in named-checkconf
8124 should depend on --sysconfdir like it does in named.
8129 830. [func] Implement 'rndc status'.
8131 829. [bug] The DNS_R_ZONECUT result code should only be returned
8132 when an ANY query is made with DNS_DBFIND_GLUEOK set.
8133 In all other ANY query cases, returning the delegation
8136 828. [bug] The errno value from recvfrom() could be overwritten
8137 by logging code. [RT #1293]
8139 827. [bug] When an IXFR protocol error occurs, the slave
8140 should retry with AXFR.
8142 826. [bug] Some IXFR protocol errors were not detected.
8144 825. [bug] zone.c:ns_query() detached from the wrong zone
8145 reference. [RT #1264]
8147 824. [bug] Correct line numbers reported by dns_master_load().
8150 823. [func] The output of "dig -h" now goes to stdout so that it
8151 can easily be piped through "more". [RT #1254]
8153 822. [bug] Sending nxrrset prerequisites would crash nsupdate.
8156 821. [bug] The program name used when logging to syslog should
8157 be stripped of leading path components.
8160 820. [bug] Name server address lookups failed to follow
8161 A6 chains into the glue of local authoritative
8164 819. [bug] In certain cases, the resolver's attempts to
8165 restart an address lookup at the root could cause
8166 the fetch to deadlock (with itself) instead of
8167 restarting. [RT #1225]
8169 818. [bug] Certain pathological responses to ANY queries could
8170 cause an assertion failure. [RT #1218]
8172 817. [func] Adjust timeouts for dialup zone queries.
8174 816. [bug] Report potential problems with log file accessibility
8175 at configuration time, since such problems can't
8176 reliably be reported at the time they actually occur.
8178 815. [bug] If a log file was specified with a path separator
8179 character (i.e. "/") in its name and the directory
8180 did not exist, the log file's name was treated as
8181 though it were the directory name. [RT #1189]
8183 814. [bug] Socket objects left over from accept() failures
8184 were incorrectly destroyed, causing corruption
8185 of socket manager data structures.
8187 813. [bug] File descriptors exceeding FD_SETSIZE were handled
8190 812. [bug] dig sometimes printed incomplete IXFR responses
8191 due to an uninitialized variable. [RT #1188]
8193 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
8195 810. [bug] The signer name in SIG records was not properly
8196 down-cased when signing/verifying records. [RT #1186]
8198 809. [bug] Configuring a non-local address as a transfer-source
8199 could cause an assertion failure during load.
8201 808. [func] Add 'rndc flush' to flush the server's cache.
8203 807. [bug] When setting up TCP connections for incoming zone
8204 transfers, the transfer-source port was not
8205 ignored like it should be.
8207 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
8208 the calling stack to the zone maintenance level,
8209 causing zones to not reload when an included file was
8210 touched but the top-level zone file was not.
8212 805. [bug] When using "forward only", missing root hints should
8213 not cause queries to fail. [RT #1143]
8215 804. [bug] Attempting to obtain entropy could fail in some
8216 situations. This would be most common on systems
8217 with user-space threads. [RT #1131]
8219 803. [bug] Treat all SIG queries as if they have the CD bit set,
8220 otherwise no data will be returned [RT #749]
8222 802. [bug] DNSSEC key tags were computed incorrectly in almost
8223 all cases. [RT #1146]
8225 801. [bug] nsupdate should treat lines beginning with ';' as
8226 comments. [RT #1139]
8228 800. [bug] dnssec-signzone produced incorrect statistics for
8229 large zones. [RT #1133]
8231 799. [bug] The ADB didn't find AAAA glue in a zone unless A6
8232 glue was also present.
8234 798. [bug] nsupdate should be able to reject bad input lines
8235 and continue. [RT #1130]
8237 797. [func] Issue a warning if the 'directory' option contains
8238 a relative path. [RT #269]
8240 796. [func] When a size limit is associated with a log file,
8241 only roll it when the size is reached, not every
8242 time the log file is opened. [RT #1096]
8244 795. [func] Add the +multiline option to dig. [RT #1095]
8246 794. [func] Implement the "port" and "default-port" statements
8249 793. [cleanup] The DNSSEC tools could create filenames that were
8250 illegal or contained shell meta-characters. They
8251 now use a different text encoding of names that
8252 doesn't have these problems. [RT #1101]
8254 792. [cleanup] Replace the OMAPI command channel protocol with a
8257 791. [bug] The command channel now works over IPv6.
8259 790. [bug] Wildcards created using dynamic update or IXFR
8260 could fail to match. [RT #1111]
8262 789. [bug] The "localhost" and "localnets" ACLs did not match
8263 when used as the second element of a two-element
8266 788. [func] Add the "match-mapped-addresses" option, which
8267 causes IPv6 v4mapped addresses to be treated as
8268 IPv4 addresses for the purpose of acl matching.
8270 787. [bug] The DNSSEC tools failed to downcase domain
8271 names when mapping them into file names.
8273 786. [bug] When DNSSEC signing/verifying data, owner names were
8274 not properly down-cased.
8276 785. [bug] A race condition in the resolver could cause
8277 an assertion failure. [RT #673, #872, #1048]
8279 784. [bug] nsupdate and other programs would not quit properly
8280 if some signals were blocked by the caller. [RT #1081]
8282 783. [bug] Following CNAMEs could cause an assertion failure
8283 when either using an sdb database or under very
8286 782. [func] Implement the "serial-query-rate" option.
8288 781. [func] Avoid error packet loops by dropping duplicate FORMERR
8289 responses. [RT #1006]
8291 780. [bug] Error handling code dealing with out of memory or
8292 other rare errors could lead to assertion failures
8293 by calling functions on uninitialized names. [RT #1065]
8295 779. [func] Added the "minimal-responses" option.
8297 778. [bug] When starting cache cleaning, cleaning_timer_action()
8298 returned without first pausing the iterator, which
8299 could cause deadlock. [RT #998]
8301 777. [bug] An empty forwarders list in a zone failed to override
8302 global forwarders. [RT #995]
8304 776. [func] Improved error reporting in denied messages. [RT #252]
8308 774. [func] max-cache-size is implemented.
8310 773. [func] Added isc_rwlock_trylock() to attempt to lock without
8313 772. [bug] Owner names could be incorrectly omitted from cache
8314 dumps in the presence of negative caching entries.
8317 771. [cleanup] TSIG errors related to unsynchronized clocks
8318 are logged better. [RT #919]
8320 770. [func] Add the "edns yes_or_no" statement to the server
8323 769. [func] Improved error reporting when parsing rdata. [RT #740]
8325 768. [bug] The server did not emit an SOA when a CNAME
8326 or DNAME chain ended in NXDOMAIN in an
8331 766. [bug] A few cases in query_find() could leak fname.
8332 This would trigger the mpctx->allocated == 0
8333 assertion when the server exited.
8334 [RT #739, #776, #798, #812, #818, #821, #845,
8337 765. [func] ACL names are once again case insensitive, like
8338 in BIND 8. [RT #252]
8340 764. [func] Configuration files now allow "include" directives
8341 in more places, such as inside the "view" statement.
8342 [RT #377, #728, #860]
8344 763. [func] Configuration files no longer have reserved words.
8347 762. [cleanup] The named.conf and rndc.conf file parsers have
8348 been completely rewritten.
8350 761. [bug] _REENTRANT was still defined when building with
8353 760. [contrib] Significant enhancements to the pgsql sdb driver.
8355 759. [bug] The resolver didn't turn off "avoid fetches" mode
8356 when restarting, possibly causing resolution
8357 to fail when it should not. This bug only affected
8358 platforms which support both IPv4 and IPv6. [RT #927]
8360 758. [bug] The "avoid fetches" code did not treat negative
8361 cache entries correctly, causing fetches that would
8362 be useful to be avoided. This bug only affected
8363 platforms which support both IPv4 and IPv6. [RT #927]
8365 757. [func] Log zone transfers.
8367 756. [bug] dns_zone_load() could "return" success when no master
8368 file was configured.
8370 755. [bug] Fix incorrectly formatted log messages in zone.c.
8372 754. [bug] Certain failure conditions sending UDP packets
8373 could cause the server to retry the transmission
8374 indefinitely. [RT #902]
8376 753. [bug] dig, host, and nslookup would fail to contact a
8377 remote server if getaddrinfo() returned an IPv6
8378 address on a system that doesn't support IPv6.
8381 752. [func] Correct bad tv_usec elements returned by
8384 751. [func] Log successful zone loads / transfers. [RT #898]
8386 750. [bug] A query should not match a DNAME whose trust level
8387 is pending. [RT #916]
8389 749. [bug] When a query matched a DNAME in a secure zone, the
8390 server did not return the signature of the DNAME.
8393 748. [doc] List supported RFCs in doc/misc/rfc-compliance.
8396 747. [bug] The code to determine whether an IXFR was possible
8397 did not properly check for a database that could
8398 not have a journal. [RT #865, #908]
8400 746. [bug] The sdb didn't clone rdatasets properly, causing
8401 a crash when the server followed delegations. [RT #905]
8403 745. [func] Report the owner name of records that fail
8404 semantic checks while loading.
8406 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
8407 result of an ANY or SIG query, the resolver failed
8408 to setup the return event's rdatasets, causing an
8409 assertion failure in the query code. [RT #881]
8411 743. [bug] Receiving a large number of certain malformed
8412 answers could cause named to stop responding.
8417 741. [port] Support openssl-engine. [RT #709]
8419 740. [port] Handle openssl library mismatches slightly better.
8421 739. [port] Look for /dev/random in configure, rather than
8422 assuming it will be there for only a predefined
8425 738. [bug] If a non-threadsafe sdb driver supported AXFR and
8426 received an AXFR request, it would deadlock or die
8427 with an assertion failure. [RT #852]
8429 737. [port] stdtime.c failed to compile on certain platforms.
8431 736. [func] New functions isc_task_{begin,end}exclusive().
8433 735. [doc] Add BIND 4 migration notes.
8435 734. [bug] An attempt to re-lock the zone lock could occur if
8436 the server was shutdown during a zone transfer.
8439 733. [bug] Reference counts of dns_acl_t objects need to be
8440 locked but were not. [RT #801, #821]
8442 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
8444 731. [bug] Certain zone errors could cause named-checkzone to
8445 fail ungracefully. [RT #819]
8447 730. [bug] lwres_getaddrinfo() returns the correct result when
8448 it fails to contact a server. [RT #768]
8450 729. [port] pthread_setconcurrency() needs to be called on Solaris.
8452 728. [bug] Fix comment processing on master file directives.
8455 727. [port] Work around OS bug where accept() succeeds but
8456 fails to fill in the peer address of the accepted
8457 connection, by treating it as an error rather than
8458 an assertion failure. [RT #809]
8460 726. [func] Implement the "trace" and "notrace" commands in rndc.
8462 725. [bug] Installing man pages could fail.
8464 724. [func] New libisc functions isc_netaddr_any(),
8467 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
8468 to return DNS_R_SERVFAIL. [RT #783]
8470 722. [func] Allow incremental loads to be canceled.
8472 721. [cleanup] Load manager and dns_master_loadfilequota() are no
8475 720. [bug] Server could enter infinite loop in
8476 dispatch.c:do_cancel(). [RT #733]
8478 719. [bug] Rapid reloads could trigger an assertion failure.
8481 718. [cleanup] "internal" is no longer a reserved word in named.conf.
8484 717. [bug] Certain TKEY processing failure modes could
8485 reference an uninitialized variable, causing the
8486 server to crash. [RT #750]
8488 716. [bug] The first line of a $INCLUDE master file was lost if
8489 an origin was specified. [RT #744]
8491 715. [bug] Resolving some A6 chains could cause an assertion
8492 failure in adb.c. [RT #738]
8494 714. [bug] Preserve interval timers across reloads unless changed.
8497 713. [func] named-checkconf takes '-t directory' similar to named.
8500 712. [bug] Sending a large signed update message caused an
8501 assertion failure. [RT #718]
8503 711. [bug] The libisc and liblwres implementations of
8504 inet_ntop contained an off by one error.
8506 710. [func] The forwarders statement now takes an optional
8509 709. [bug] ANY or SIG queries for data with a TTL of 0
8510 would return SERVFAIL. [RT #620]
8512 708. [bug] When building with --with-openssl, the openssl headers
8513 included with BIND 9 should not be used. [RT #702]
8515 707. [func] The "filename" argument to named-checkzone is no
8516 longer optional, to reduce confusion. [RT #612]
8518 706. [bug] Zones with an explicit "allow-update { none; };"
8519 were considered dynamic and therefore not reloaded
8520 on SIGHUP or "rndc reload".
8522 705. [port] Work out resource limit type for use where rlim_t is
8523 not available. [RT #695]
8525 704. [port] RLIMIT_NOFILE is not available on all platforms.
8528 703. [port] sys/select.h is needed on older platforms. [RT #695]
8530 702. [func] If the address 0.0.0.0 is seen in resolv.conf,
8531 use 127.0.0.1 instead. [RT #693]
8533 701. [func] Root hints are now fully optional. Class IN
8534 views use compiled-in hints by default, as
8535 before. Non-IN views with no root hints now
8536 provide authoritative service but not recursion.
8537 A warning is logged if a view has neither root
8538 hints nor authoritative data for the root. [RT #696]
8540 700. [bug] $GENERATE range check was wrong. [RT #688]
8542 699. [bug] The lexer mishandled empty quoted strings. [RT #694]
8544 698. [bug] Aborting nsupdate with ^C would lead to several
8547 697. [bug] nsupdate was not compatible with the undocumented
8548 BIND 8 behavior of ignoring TTLs in "update delete"
8551 696. [bug] lwresd would die with an assertion failure when passed
8552 a zero-length name. [RT #692]
8554 695. [bug] If the resolver attempted to query a blackholed or
8555 bogus server, the resolution would fail immediately.
8557 694. [bug] $GENERATE did not produce the last entry.
8560 693. [bug] An empty lwres statement in named.conf caused
8561 the server to crash while loading.
8563 692. [bug] Deal with systems that have getaddrinfo() but not
8564 gai_strerror(). [RT #679]
8566 691. [bug] Configuring per-view forwarders caused an assertion
8567 failure. [RT #675, #734]
8569 690. [func] $GENERATE now supports DNAME. [RT #654]
8571 689. [doc] man pages are now installed. [RT #210]
8573 688. [func] "make tags" now works on systems with the
8574 "Exuberant Ctags" etags.
8576 687. [bug] Only say we have IPv6, with sufficient functionality,
8577 if it has actually been tested. [RT #586]
8579 686. [bug] dig and nslookup can now be properly aborted during
8580 blocking operations. [RT #568]
8582 685. [bug] nslookup should use the search list/domain options
8583 from resolv.conf by default. [RT #405, #630]
8585 684. [bug] Memory leak with view forwarders. [RT #656]
8587 683. [bug] File descriptor leak in isc_lex_openfile().
8589 682. [bug] nslookup displayed SOA records incorrectly. [RT #665]
8591 681. [bug] $GENERATE specifying output format was broken. [RT #653]
8593 680. [bug] dns_rdata_fromstruct() mishandled options bigger
8596 679. [bug] $INCLUDE could leak memory and file descriptors on
8599 678. [bug] "transfer-format one-answer;" could trigger an assertion
8602 677. [bug] dnssec-signzone would occasionally use the wrong ttl
8603 for database operations and fail. [RT #643]
8605 676. [bug] Log messages about lame servers to category
8606 'lame-servers' rather than 'resolver', so as not
8607 to be gratuitously incompatible with BIND 8.
8609 675. [bug] TKEY queries could cause the server to leak
8612 674. [func] Allow messages to be TSIG signed / verified using
8613 a offset from the current time.
8615 673. [func] The server can now convert RFC1886-style recursive
8616 lookup requests into RFC2874-style lookups, when
8617 enabled using the new option "allow-v6-synthesis".
8619 672. [bug] The wrong time was in the "time signed" field when
8620 replying with BADTIME error.
8622 671. [bug] The message code was failing to parse a message with
8623 no question section and a TSIG record. [RT #628]
8625 670. [bug] The lwres replacements for getaddrinfo and
8626 getipnodebyname didn't properly check for the
8627 existence of the sockaddr sa_len field.
8629 669. [bug] dnssec-keygen now makes the public key file
8630 non-world-readable for symmetric keys. [RT #403]
8632 668. [func] named-checkzone now reports multiple errors in master
8635 667. [bug] On Linux, running named with the -u option and a
8636 non-world-readable configuration file didn't work.
8639 666. [bug] If a request sent by dig is longer than 512 bytes,
8642 665. [bug] Signed responses were not sent when the size of the
8643 TSIG + question exceeded the maximum message size.
8646 664. [bug] The t_tasks and t_timers module tests are now skipped
8647 when building without threads, since they require
8650 663. [func] Accept a size_spec, not just an integer, in the
8651 (unimplemented and ignored) max-ixfr-log-size option
8652 for compatibility with recent versions of BIND 8.
8655 662. [bug] dns_rdata_fromtext() failed to log certain errors.
8657 661. [bug] Certain UDP IXFR requests caused an assertion failure
8658 (mpctx->allocated == 0). [RT #355, #394, #623]
8660 660. [port] Detect multiple CPUs on HP-UX and IRIX.
8662 659. [performance] Rewrite the name compression code to be much faster.
8664 658. [cleanup] Remove all vestiges of 16 bit global compression.
8666 657. [bug] When a listen-on statement in an lwres block does not
8667 specify a port, use 921, not 53. Also update the
8668 listen-on documentation. [RT #616]
8670 656. [func] Treat an unescaped newline in a quoted string as
8671 an error. This means that TXT records with missing
8672 close quotes should have meaningful errors printed.
8674 655. [bug] Improve error reporting on unexpected eof when loading
8677 654. [bug] Origin was being forgotten in TCP retries in dig.
8680 653. [bug] +defname option in dig was reversed in sense.
8683 652. [bug] zone_saveunique() did not report the new name.
8685 651. [func] The AD bit in responses now has the meaning
8686 specified in <draft-ietf-dnsext-ad-is-secure>.
8688 650. [bug] SIG(0) records were being generated and verified
8689 incorrectly. [RT #606]
8691 649. [bug] It was possible to join to an already running fctx
8692 after it had "cloned" its events, but before it sent
8693 them. In this case, the event of the newly joined
8694 fetch would not contain the answer, and would
8695 trigger the INSIST() in fctx_sendevents(). In
8696 BIND 9.0, this bug did not trigger an INSIST(), but
8697 caused the fetch to fail with a SERVFAIL result.
8698 [RT #588, #597, #605, #607]
8700 648. [port] Add support for pre-RFC2133 IPv6 implementations.
8702 647. [bug] Resolver queries sent after following multiple
8703 referrals had excessively long retransmission
8704 timeouts due to incorrectly counting the referrals
8707 646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
8708 didn't _cleanly_ fix the problem it was trying to fix.
8710 645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
8712 644. [bug] #622 needed more work. [RT #562]
8714 643. [bug] xfrin error messages made more verbose, added class
8715 of the zone. [RT# 599]
8717 642. [bug] Break the exit_check() race in the zone module.
8720 --- 9.1.0b2 released ---
8722 641. [bug] $GENERATE caused a uninitialized link to be used.
8725 640. [bug] Memory leak in error path could cause
8726 "mpctx->allocated == 0" failure. [RT #584]
8728 639. [bug] Reading entropy from the keyboard would sometimes fail.
8731 638. [port] lib/isc/random.c needed to explicitly include time.h
8732 to get a prototype for time() when pthreads was not
8733 being used. [RT #592]
8735 637. [port] Use isc_u?int64_t instead of (unsigned) long long in
8736 lib/isc/print.c. Also allow lib/isc/print.c to
8737 be compiled even if the platform does not need it.
8740 636. [port] Shut up MSVC++ about a possible loss of precision
8741 in the ISC__BUFFER_PUTUINT*() macros. [RT #592]
8743 635. [bug] Reloading a server with a configured blackhole list
8744 would cause an assertion. [RT #590]
8746 634. [bug] A log file will completely stop being written when
8747 it reaches the maximum size in all cases, not just
8748 when versioning is also enabled. [RT #570]
8750 633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
8752 632. [bug] The index array of the journal file was
8753 corrupted as it was written to disk.
8755 631. [port] Build without thread support on systems without
8758 630. [bug] Locking failure in zone code. [RT #582]
8760 629. [bug] 9.1.0b1 dereferenced a null pointer and crashed
8761 when responding to a UDP IXFR request.
8763 628. [bug] If the root hints contained only AAAA addresses,
8764 named would be unable to perform resolution.
8766 627. [bug] The EDNS0 blackhole detection code of change 324
8767 waited for three retransmissions to each server,
8768 which takes much too long when a domain has many
8769 name servers and all of them drop EDNS0 queries.
8770 Now we retry without EDNS0 after three consecutive
8771 timeouts, even if they are all from different
8774 626. [bug] The lightweight resolver daemon no longer crashes
8775 when asked for a SIG rrset. [RT #558]
8777 625. [func] Zones now inherit their class from the enclosing view.
8779 624. [bug] The zone object could get timer events after it had
8780 been destroyed, causing a server crash. [RT #571]
8782 623. [func] Added "named-checkconf" and "named-checkzone" program
8783 for syntax checking named.conf files and zone files,
8786 622. [bug] A canceled request could be destroyed before
8787 dns_request_destroy() was called. [RT #562]
8789 621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable.
8790 This mostly affects Red Hat Linux 7.0, which has
8791 conflicts between libc and the kernel.
8793 620. [bug] dns_master_load*inc() now require 'task' and 'load'
8794 to be non-null. Also 'done' will not be called if
8795 dns_master_load*inc() fails immediately. [RT #565]
8799 618. [bug] Queries to a signed zone could sometimes cause
8800 an assertion failure.
8802 617. [bug] When using dynamic update to add a new RR to an
8803 existing RRset with a different TTL, the journal
8804 entries generated from the update did not include
8805 explicit deletions and re-additions of the existing
8806 RRs to update their TTL to the new value.
8808 616. [func] dnssec-signzone -t output now includes performance
8811 615. [bug] dnssec-signzone did not like child keysets signed
8814 614. [bug] Checks for uninitialized link fields were prone
8815 to false positives, causing assertion failures.
8816 The checks are now disabled by default and may
8817 be re-enabled by defining ISC_LIST_CHECKINIT.
8819 613. [bug] "rndc reload zone" now reloads primary zones.
8820 It previously only updated slave and stub zones,
8821 if an SOA query indicated an out of date serial.
8823 612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that
8824 complains relentlessly about how its treatment
8825 of 'const' has changed as well as how casting
8826 sometimes tightens alignment constraints.
8828 611. [func] allow-notify can be used to permit processing of
8829 notify messages from hosts other than a slave's
8832 610. [func] rndc dumpdb is now supported.
8834 609. [bug] getrrsetbyname() would crash lwresd if the server
8835 found more SIGs than answers. [RT #554]
8837 608. [func] dnssec-signzone now adds a comment to the zone
8838 with the time the file was signed.
8840 607. [bug] nsupdate would fail if it encountered a CNAME or
8841 DNAME in a response to an SOA query. [RT #515]
8843 606. [bug] Compiling with --disable-threads failed due
8844 to isc_thread_self() being incorrectly defined
8845 as an integer rather than a function.
8847 605. [func] New function isc_lex_getlasttokentext().
8849 604. [bug] The named.conf parser could print incorrect line
8850 numbers when long comments were present.
8852 603. [bug] Make dig handle multiple types or classes on the same
8853 query more correctly.
8855 602. [func] Cope automatically with UnixWare's broken
8856 IN6_IS_ADDR_* macros. [RT #539]
8858 601. [func] Return a non-zero exit code if an update fails
8861 600. [bug] Reverse lookups sometimes failed in dig, etc...
8863 599. [func] Added four new functions to the libisc log API to
8864 support i18n messages. isc_log_iwrite(),
8865 isc_log_ivwrite(), isc_log_iwrite1() and
8866 isc_log_ivwrite1() were added.
8868 598. [bug] An update-policy statement would cause the server
8869 to assert while loading. [RT #536]
8871 597. [func] dnssec-signzone is now multi-threaded.
8873 596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
8874 not mutually exclusive.
8876 595. [port] On Linux 2.2, socket() returns EINVAL when it
8877 should return EAFNOSUPPORT. Work around this.
8880 594. [func] sdb drivers are now assumed to not be thread-safe
8881 unless the DNS_SDBFLAG_THREADSAFE flag is supplied.
8883 593. [bug] If a secure zone was missing all its NXTs and
8884 a dynamic update was attempted, the server entered
8887 592. [bug] The sig-validity-interval option now specifies a
8888 number of days, not seconds. This matches the
8889 documentation. [RT #529]
8891 --- 9.1.0b1 released ---
8893 591. [bug] Work around non-reentrancy in openssl by disabling
8894 pre-computation in keys.
8896 590. [doc] There are now man pages for the lwres library in
8899 589. [bug] The server could deadlock if a zone was updated
8900 while being transferred out.
8902 588. [bug] ctx->in_use was not being correctly initialized when
8903 when pushing a file for $INCLUDE. [RT #523]
8905 587. [func] A warning is now printed if the "allow-update"
8906 option allows updates based on the source IP
8907 address, to alert users to the fact that this
8908 is insecure and becoming increasingly so as
8909 servers capable of update forwarding are being
8912 586. [bug] multiple views with the same name were fatal. [RT #516]
8914 585. [func] dns_db_addrdataset() and and dns_rdataslab_merge()
8915 now support 'exact' additions in a similar manner to
8916 dns_db_subtractrdataset() and dns_rdataslab_subtract().
8918 584. [func] You can now say 'notify explicit'; to suppress
8919 notification of the servers listed in NS records
8920 and notify only those servers listed in the
8921 'also-notify' option.
8923 583. [func] "rndc querylog" will now toggle logging of
8924 queries, like "ndc querylog" in BIND 8.
8926 582. [bug] dns_zone_idetach() failed to lock the zone.
8929 581. [bug] log severity was not being correctly processed.
8932 580. [func] Ignore trailing garbage on incoming DNS packets,
8933 for interoperability with broken server
8934 implementations. [RT #491]
8936 579. [bug] nsupdate did not take a filename to read update from.
8939 578. [func] New config option "notify-source", to specify the
8940 source address for notify messages.
8942 577. [func] Log illegal RDATA combinations. e.g. multiple
8943 singleton types, cname and other data.
8945 576. [doc] isc_log_create() description did not match reality.
8947 575. [bug] isc_log_create() was not setting internal state
8948 correctly to reflect the default channels created.
8950 574. [bug] TSIG signed queries sent by the resolver would fail to
8951 have their responses validated and would leak memory.
8953 573. [bug] The journal files of IXFRed slave zones were
8954 inadvertently discarded on server reload, causing
8955 "journal out of sync with zone" errors on subsequent
8958 572. [bug] Quoted strings were not accepted as key names in
8959 address match lists.
8961 571. [bug] It was possible to create an rdataset of singleton
8962 type which had more than one rdata. [RT #154]
8965 570. [bug] rbtdb.c allowed zones containing nodes which had
8966 both a CNAME and "other data". [RT #154]
8968 569. [func] The DNSSEC AD bit will not be set on queries which
8969 have not requested a DNSSEC response.
8971 568. [func] Add sample simple database drivers in contrib/sdb.
8973 567. [bug] Setting the zone transfer timeout to zero caused an
8974 assertion failure. [RT #302]
8976 566. [func] New public function dns_timer_setidle().
8978 565. [func] Log queries more like BIND 8: query logging is now
8979 done to category "queries", level "info". [RT #169]
8981 564. [func] Add sortlist support to lwresd.
8983 563. [func] New public functions dns_rdatatype_format() and
8984 dns_rdataclass_format(), for convenient formatting
8985 of rdata type/class mnemonics in log messages.
8987 562. [cleanup] Moved lib/dns/*conf.c to bin/named where they belong.
8989 561. [func] The 'datasize', 'stacksize', 'coresize' and 'files'
8990 clauses of the options{} statement are now implemented.
8992 560. [bug] dns_name_split did not properly the resulting prefix
8993 when a maximal length bitstring label was split which
8994 was preceded by another bitstring label. [RT #429]
8996 559. [bug] dns_name_split did not properly create the suffix
8997 when splitting within a maximal length bitstring label.
8999 558. [func] New functions, isc_resource_getlimit and
9000 isc_resource_setlimit.
9002 557. [func] Symbolic constants for libisc integral types.
9004 556. [func] The DNSSEC OK bit in the EDNS extended flags
9005 is now implemented. Responses to queries without
9006 this bit set will not contain any DNSSEC records.
9008 555. [bug] A slave server attempting a zone transfer could
9009 crash with an assertion failure on certain
9010 malformed responses from the master. [RT #457]
9012 554. [bug] In some cases, not all of the dnssec tools were
9015 553. [bug] Incoming zone transfers deferred due to quota
9016 were not started when quota was increased but
9017 only when a transfer in progress finished. [RT #456]
9019 552. [bug] We were not correctly detecting the end of all c-style
9022 551. [func] Implemented the 'sortlist' option.
9024 550. [func] Support unknown rdata types and classes.
9026 549. [bug] "make" did not immediately abort the build when a
9027 subdirectory make failed [RT #450].
9029 548. [func] The lexer now ungets tokens more correctly.
9033 546. [func] Option 'lame-ttl' is now implemented.
9035 545. [func] Name limit and counting options removed from dig;
9036 they didn't work properly, and cannot be correctly
9037 implemented without significant changes.
9039 544. [func] Add statistics option, enable statistics-file option,
9040 add RNDC option "dump-statistics" to write out a
9041 query statistics file.
9043 543. [doc] The 'port' option is now documented.
9045 542. [func] Add support for update forwarding as required for
9046 full compliance with RFC2136. It is turned off
9047 by default and can be enabled using the
9048 'allow-update-forwarding' option.
9050 541. [func] Add bogus server support.
9052 540. [func] Add dialup support.
9054 539. [func] Support the blackhole option.
9056 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo().
9060 536. [func] Use transfer-source{-v6} when sending refresh queries.
9061 Transfer-source{-v6} now take a optional port
9062 parameter for setting the UDP source port. The port
9063 parameter is ignored for TCP.
9065 535. [func] Use transfer-source{-v6} when forwarding update
9068 534. [func] Ancestors have been removed from RBT chains. Ancestor
9069 information can be discerned via node parent pointers.
9071 533. [func] Incorporated name hashing into the RBT database to
9072 improve search speed.
9074 532. [func] Implement DNS UPDATE pseudo records using
9075 DNS_RDATA_UPDATE flag.
9077 531. [func] Rdata really should be initialized before being assigned
9078 to (dns_rdata_fromwire(), dns_rdata_fromtext(),
9079 dns_rdata_clone(), dns_rdata_fromregion()),
9082 530. [func] New function dns_rdata_invalidate().
9084 529. [bug] 521 contained a bug which caused zones to always
9087 528. [func] The ISC_LIST_XXXX macros now perform sanity checks
9088 on their arguments. ISC_LIST_XXXXUNSAFE can be use
9089 to skip the checks however use with caution.
9091 527. [func] New function dns_rdata_clone().
9093 526. [bug] nsupdate incorrectly refused to add RRs with a TTL
9096 525. [func] New arguments 'options' for dns_db_subtractrdataset(),
9097 and 'flags' for dns_rdataslab_subtract() allowing you
9098 to request that the RR's must exist prior to deletion.
9099 DNS_R_NOTEXACT is returned if the condition is not met.
9101 524. [func] The 'forward' and 'forwarders' statement in
9102 non-forward zones should work now.
9104 523. [doc] The source to the Administrator Reference Manual is
9105 now an XML file using the DocBook DTD, and is included
9106 in the distribution. The plain text version of the
9107 ARM is temporarily unavailable while we figure out
9108 how to generate readable plain text from the XML.
9110 522. [func] The lightweight resolver daemon can now use
9111 a real configuration file, and its functionality
9112 can be provided by a name server. Also, the -p and -P
9113 options to lwresd have been reversed.
9115 521. [bug] Detect master files which contain $INCLUDE and always
9118 520. [bug] Upgraded libtool to 1.3.5, which makes shared
9119 library builds almost work on AIX (and possibly
9122 519. [bug] dns_name_split() would improperly split some bitstring
9123 labels, zeroing a few of the least significant bits in
9124 the prefix part. When such an improperly created
9125 prefix was returned to the RBT database, the bogus
9126 label was dutifully stored, corrupting the tree.
9129 518. [bug] The resolver did not realize that a DNAME which was
9130 "the answer" to the client's query was "the answer",
9131 and such queries would fail. [RT #399]
9133 517. [bug] The resolver's DNAME code would trigger an assertion
9134 if there was more than one DNAME in the chain.
9137 516. [bug] Cache lookups which had a NULL node pointer, e.g.
9138 those by dns_view_find(), and which would match a
9139 DNAME, would trigger an INSIST(!search.need_cleanup)
9140 assertion. [RT #399]
9142 515. [bug] The ssu table was not being attached / detached
9143 by dns_zone_[sg]etssutable. [RT#397]
9145 514. [func] Retry refresh and notify queries if they timeout.
9148 513. [func] New functionality added to rdnc and server to allow
9149 individual zones to be refreshed or reloaded.
9151 512. [bug] The zone transfer code could throw an exception with
9152 an invalid IXFR stream.
9154 511. [bug] The message code could throw an assertion on an
9155 out of memory failure. [RT #392]
9157 510. [bug] Remove spurious view notify warning. [RT #376]
9159 509. [func] Add support for write of zone files on shutdown.
9161 508. [func] dns_message_parse() can now do a best-effort
9162 attempt, which should allow dig to print more invalid
9165 507. [func] New functions dns_zone_flush(), dns_zt_flushanddetach()
9166 and dns_view_flushanddetach().
9168 506. [func] Do not fail to start on errors in zone files.
9170 505. [bug] nsupdate was printing "unknown result code". [RT #373]
9172 504. [bug] The zone was not being marked as dirty when updated via
9175 503. [bug] dumptime was not being set along with
9176 DNS_ZONEFLG_NEEDDUMP.
9178 502. [func] On a SERVFAIL reply, DiG will now try the next server
9179 in the list, unless the +fail option is specified.
9181 501. [bug] Incorrect port numbers were being displayed by
9184 500. [func] Nearly useless +details option removed from DiG.
9186 499. [func] In DiG, specifying a class with -c or type with -t
9187 changes command-line parsing so that classes and
9188 types are only recognized if following -c or -t.
9189 This allows hosts with the same name as a class or
9190 type to be looked up.
9192 498. [doc] There is now a man page for "dig"
9193 in doc/man/bin/dig.1.
9195 497. [bug] The error messages printed when an IP match list
9196 contained a network address with a nonzero host
9197 part where not sufficiently detailed. [RT #365]
9199 496. [bug] named didn't sanity check numeric parameters. [RT #361]
9201 495. [bug] nsupdate was unable to handle large records. [RT #368]
9203 494. [func] Do not cache NXDOMAIN responses for SOA queries.
9205 493. [func] Return non-cachable (ttl = 0) NXDOMAIN responses
9206 for SOA queries. This makes it easier to locate
9207 the containing zone without polluting intermediate
9210 492. [bug] attempting to reload a zone caused the server fail
9211 to shutdown cleanly. [RT #360]
9213 491. [bug] nsupdate would segfault when sending certain
9214 prerequisites with empty RDATA. [RT #356]
9216 490. [func] When a slave/stub zone has not yet successfully
9217 obtained an SOA containing the zone's configured
9218 retry time, perform the SOA query retries using
9219 exponential backoff. [RT #337]
9221 489. [func] The zone manager now has a "i/o" queue.
9223 488. [bug] Locks weren't properly destroyed in some cases.
9225 487. [port] flockfile() is not defined on all systems.
9227 486. [bug] nslookup: "set all" and "server" commands showed
9228 the incorrect port number if a port other than 53
9229 was specified. [RT #352]
9231 485. [func] When dig had more than one server to query, it would
9232 send all of the messages at the same time. Add
9233 rate limiting of the transmitted messages.
9235 484. [bug] When the server was reloaded after removing addresses
9236 from the named.conf "listen-on" statement, sockets
9237 were still listening on the removed addresses due
9238 to reference count loops. [RT #325]
9240 483. [bug] nslookup: "set all" showed a "search" option but it
9243 482. [bug] nslookup: a plain "server" or "lserver" should be
9244 treated as a lookup.
9246 481. [bug] nslookup:get_next_command() stack size could exceed
9249 480. [bug] strtok() is not thread safe. [RT #349]
9251 479. [func] The test suite can now be run by typing "make check"
9252 or "make test" at the top level.
9254 478. [bug] "make install" failed if the directory specified with
9255 --prefix did not already exist.
9257 477. [bug] The the isc-config.sh script could be installed before
9258 its directory was created. [RT #324]
9260 476. [bug] A zone could expire while a zone transfer was in
9261 progress triggering a INSIST failure. [RT #329]
9263 475. [bug] query_getzonedb() sometimes returned a non-null version
9264 on failure. This caused assertion failures when
9265 generating query responses where names subject to
9266 additional section processing pointed to a zone
9267 to which access had been denied by means of the
9268 allow-query option. [RT #336]
9270 474. [bug] The mnemonic of the CHAOS class is CH according to
9271 RFC1035, but it was printed and read only as CHAOS.
9272 We now accept both forms as input, and print it
9275 473. [bug] nsupdate overran the end of the list of name servers
9276 when no servers could be reached, typically causing
9277 it to print the error message "dns_request_create:
9280 472. [bug] Off-by-one error caused isc_time_add() to sometimes
9281 produce invalid time values.
9283 471. [bug] nsupdate didn't compile on HP/UX 10.20
9285 470. [func] $GENERATE is now supported. See also
9288 469. [bug] "query-source address * port 53;" now works.
9290 468. [bug] dns_master_load*() failed to report file and line
9291 number in certain error conditions.
9293 467. [bug] dns_master_load*() failed to log an error if
9296 466. [bug] dns_master_load*() could return success when it failed.
9298 465. [cleanup] Allow 0 to be set as an omapi_value_t value by
9299 omapi_value_storeint().
9301 464. [cleanup] Build with openssl's RSA code instead of dnssafe.
9303 463. [bug] nsupdate sent malformed SOA queries to the second
9304 and subsequent name servers in resolv.conf if the
9305 query sent to the first one failed.
9307 462. [bug] --disable-ipv6 should work now.
9309 461. [bug] Specifying an unknown key in the "keys" clause of the
9310 "controls" statement caused a NULL pointer dereference.
9313 460. [bug] Much of the DNSSEC code only worked with class IN.
9315 459. [bug] Nslookup processed the "set" command incorrectly.
9317 458. [bug] Nslookup didn't properly check class and type values.
9320 457. [bug] Dig/host/hslookup didn't properly handle connect
9321 timeouts in certain situations, causing an
9322 unnecessary warning message to be printed.
9324 456. [bug] Stub zones were not resetting the refresh and expire
9325 counters, loadtime or clearing the DNS_ZONE_REFRESH
9326 (refresh in progress) flag upon successful update.
9327 This disabled further refreshing of the stub zone,
9328 causing it to eventually expire. [RT #300]
9330 455. [doc] Document IPv4 prefix notation does not require a
9331 dotted decimal quad but may be just dotted decimal.
9333 454. [bug] Enforce dotted decimal and dotted decimal quad where
9334 documented as such in named.conf. [RT #304, RT #311]
9336 453. [bug] Warn if the obsolete option "maintain-ixfr-base"
9337 is specified in named.conf. [RT #306]
9339 452. [bug] Warn if the unimplemented option "statistics-file"
9340 is specified in named.conf. [RT #301]
9342 451. [func] Update forwarding implemented.
9344 450. [func] New function ns_client_sendraw().
9346 449. [bug] isc_bitstring_copy() only works correctly if the
9347 two bitstrings have the same lsb0 value, but this
9348 requirement was not documented, nor was there a
9351 448. [bug] Host output formatting change, to match v8. [RT #255]
9353 447. [bug] Dig didn't properly retry in TCP mode after
9354 a truncated reply. [RT #277]
9356 446. [bug] Confusing notify log message. [RT #298]
9358 445. [bug] Doing a 0 bit isc_bitstring_copy() of an lsb0
9359 bitstring triggered a REQUIRE statement. The REQUIRE
9360 statement was incorrect. [RT #297]
9362 444. [func] "recursion denied" messages are always logged at
9363 debug level 1, now, rather than sometimes at ERROR.
9364 This silences these warnings in the usual case, where
9365 some clients set the RD bit in all queries.
9367 443. [bug] When loading a master file failed because of an
9368 unrecognized RR type name, the error message
9369 did not include the file name and line number.
9372 442. [bug] TSIG signed messages that did not match any view
9373 crashed the server. [RT #290]
9375 441. [bug] Nodes obscured by a DNAME were inaccessible even
9376 when DNS_DBFIND_GLUEOK was set.
9378 440. [func] New function dns_zone_forwardupdate().
9380 439. [func] New function dns_request_createraw().
9382 438. [func] New function dns_message_getrawmessage().
9384 437. [func] Log NOTIFY activity to the notify channel.
9386 436. [bug] If recvmsg() returned EHOSTUNREACH or ENETUNREACH,
9387 which sometimes happens on Linux, named would enter
9388 a busy loop. Also, unexpected socket errors were
9389 not logged at a high enough logging level to be
9390 useful in diagnosing this situation. [RT #275]
9392 435. [bug] dns_zone_dump() overwrote existing zone files
9393 rather than writing to a temporary file and
9394 renaming. This could lead to empty or partial
9395 zone files being left around in certain error
9396 conditions involving the initial transfer of a
9397 slave zone, interfering with subsequent server
9400 434. [func] New function isc_file_isabsolute().
9402 433. [func] isc_base64_decodestring() now accepts newlines
9403 within the base64 data. This makes it possible
9404 to break up the key data in a "trusted-keys"
9405 statement into multiple lines. [RT #284]
9407 432. [func] Added refresh/retry jitter. The actual refresh/
9408 retry time is now a random value between 75% and
9409 100% of the configured value.
9411 431. [func] Log at ISC_LOG_INFO when a zone is successfully
9414 430. [bug] Rewrote the lightweight resolver client management
9415 code to handle shutdown correctly and general
9418 429. [bug] The space reserved for a TSIG record in a response
9419 was 2 bytes too short, leading to message
9420 generation failures.
9422 428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
9423 DNS_R_BADDB for nodes which had neither NXT nor SIG NXT
9424 (e.g. glue). This could cause SERVFAILs when
9425 generating negative responses in a secure zone.
9427 427. [bug] Avoid going into an infinite loop when the validator
9428 gets a negative response to a key query where the
9429 records are signed by the missing key.
9431 426. [bug] Attempting to generate an oversized RSA key could
9432 cause dnssec-keygen to dump core.
9434 425. [bug] Warn about the auth-nxdomain default value change
9435 if there is no auth-nxdomain statement in the
9436 config file. [RT #287]
9438 424. [bug] notify_createmessage() could trigger an assertion
9439 failure when creating the notify message failed,
9440 e.g. due to corrupt zones with multiple SOA records.
9443 423. [bug] When responding to a recursive query, errors that occur
9444 after following a CNAME should cause the query to fail.
9447 422. [func] get rid of isc_random_t, and make isc_random_get()
9448 and isc_random_jitter() use rand() internally
9449 instead of local state. Note that isc_random_*()
9450 functions are only for weak, non-critical "randomness"
9451 such as timing jitter and such.
9453 421. [bug] nslookup would exit when given a blank line as input.
9455 420. [bug] nslookup failed to implement the "exit" command.
9457 419. [bug] The certificate type PKIX was misspelled as SKIX.
9459 418. [bug] At debug levels >= 10, getting an unexpected
9460 socket receive error would crash the server
9461 while trying to log the error message.
9463 417. [func] Add isc_app_block() and isc_app_unblock(), which
9464 allow an application to handle signals while
9467 416. [bug] Slave zones with no master file tried to use a
9468 NULL pointer for a journal file name when they
9469 received an IXFR. [RT #273]
9471 415. [bug] The logging code leaked file descriptors.
9473 414. [bug] Server did not shut down until all incoming zone
9474 transfers were finished.
9476 413. [bug] Notify could attempt to use the zone database after
9477 it had been unloaded. [RT#267]
9479 412. [bug] named -v didn't print the version.
9481 411. [bug] A typo in the HS A code caused an assertion failure.
9483 410. [bug] lwres_gethostbyname() and company set lwres_h_errno
9484 to a random value on success.
9486 409. [bug] If named was shut down early in the startup
9487 process, ns_omapi_shutdown() would attempt to lock
9488 an uninitialized mutex. [RT #262]
9490 408. [bug] stub zones could leak memory and reference counts if
9491 all the masters were unreachable.
9493 407. [bug] isc_rwlock_lock() would needlessly block
9494 readers when it reached the read quota even
9495 if no writers were waiting.
9497 406. [bug] Log messages were occasionally lost or corrupted
9498 due to a race condition in isc_log_doit().
9500 405. [func] Add support for selective forwarding (forward zones)
9502 404. [bug] The request library didn't completely work with IPv6.
9504 403. [bug] "host" did not use the search list.
9506 402. [bug] Treat undefined acls as errors, rather than
9507 warning and then later throwing an assertion.
9510 401. [func] Added simple database API.
9512 400. [bug] SIG(0) signing and verifying was done incorrectly.
9515 399. [bug] When reloading the server with a config file
9516 containing a syntax error, it could catch an
9517 assertion failure trying to perform zone
9518 maintenance on, or sending notifies from,
9519 tentatively created zones whose views were
9520 never fully configured and lacked an address
9521 database and request manager.
9523 398. [bug] "dig" sometimes caught an assertion failure when
9524 using TSIG, depending on the key length.
9526 397. [func] Added utility functions dns_view_gettsig() and
9527 dns_view_getpeertsig().
9529 396. [doc] There is now a man page for "nsupdate"
9530 in doc/man/bin/nsupdate.8.
9532 395. [bug] nslookup printed incorrect RR type mnemonics
9533 for RRs of type >= 21 [RT #237].
9535 394. [bug] Current name was not propagated via $INCLUDE.
9537 393. [func] Initial answer while loading (awl) support.
9538 Entry points: dns_master_loadfileinc(),
9539 dns_master_loadstreaminc(), dns_master_loadbufferinc().
9540 Note: calls to dns_master_load*inc() should be rate
9541 be rate limited so as to not use up all file
9544 392. [func] Add ISC_R_FAMILYNOSUPPORT. Returned when OS does
9545 not support the given address family requested.
9547 391. [clarity] ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH.
9549 390. [func] The function dns_zone_setdbtype() now takes
9550 an argc/argv style vector of words and sets
9551 both the zone database type and its arguments,
9552 making the functions dns_zone_adddbarg()
9553 and dns_zone_cleardbargs() unnecessary.
9555 389. [bug] Attempting to send a request over IPv6 using
9556 dns_request_create() on a system without IPv6
9557 support caused an assertion failure [RT #235].
9559 388. [func] dig and host can now do reverse ipv6 lookups.
9561 387. [func] Add dns_byaddr_createptrname(), which converts
9562 an address into the name used by a PTR query.
9564 386. [bug] Missing strdup() of ACL name caused random
9565 ACL matching failures [RT #228].
9567 385. [cleanup] Removed functions dns_zone_equal(), dns_zone_print(),
9570 384. [bug] nsupdate was incorrectly limiting TTLs to 65535 instead
9573 383. [func] When writing a master file, print the SOA and NS
9574 records (and their SIGs) before other records.
9576 382. [bug] named -u failed on many Linux systems where the
9577 libc provided kernel headers do not match
9580 381. [bug] Check for IPV6_RECVPKTINFO and use it instead of
9581 IPV6_PKTINFO if found. [RT #229]
9583 380. [bug] nsupdate didn't work with IPv6.
9585 379. [func] New library function isc_sockaddr_anyofpf().
9587 378. [func] named and lwresd will log the command line arguments
9588 they were started with in the "starting ..." message.
9590 377. [bug] When additional data lookups were refused due to
9591 "allow-query", the databases were still being
9592 attached causing reference leaks.
9594 376. [bug] The server should always use good entropy when
9595 performing cryptographic functions needing entropy.
9597 375. [bug] Per-zone "allow-query" did not properly override the
9598 view/global one for CNAME targets and additional
9601 374. [bug] SOA in authoritative negative responses had wrong TTL.
9603 373. [func] nslookup is now installed by "make install".
9605 372. [bug] Deal with Microsoft DNS servers appending two bytes of
9606 garbage to zone transfer requests.
9608 371. [bug] At high debug levels, doing an outgoing zone transfer
9609 of a very large RRset could cause an assertion failure
9612 370. [bug] The error messages for roll-forward failures were
9615 369. [func] Support new named.conf options, view and zone
9618 max-retry-time, min-retry-time,
9619 max-refresh-time, min-refresh-time.
9621 368. [func] Restructure the internal ".bind" view so that more
9622 zones can be added to it.
9624 367. [bug] Allow proper selection of server on nslookup command
9627 366. [func] Allow use of '-' batch file in dig for stdin.
9629 365. [bug] nsupdate -k leaked memory.
9631 364. [func] Added additional-from-{cache,auth}
9635 362. [bug] rndc no longer aborts if the configuration file is
9636 missing an options statement. [RT #209]
9638 361. [func] When the RBT find or chain functions set the name and
9639 origin for a node that stores the root label
9640 the name is now set to an empty name, instead of ".",
9641 to simplify later use of the name and origin by
9642 dns_name_concatenate(), dns_name_totext() or
9645 360. [func] dns_name_totext() and dns_name_format() now allow
9646 an empty name to be passed, which is formatted as "@".
9648 359. [bug] dnssec-signzone occasionally signed glue records.
9650 358. [cleanup] Rename the intermediate files used by the dnssec
9653 357. [bug] The zone file parser crashed if the argument
9654 to $INCLUDE was a quoted string.
9656 356. [cleanup] isc_task_send no longer requires event->sender to
9659 355. [func] Added isc_dir_createunique(), similar to mkdtemp().
9661 354. [doc] Man pages for the dnssec tools are now included in
9662 the distribution, in doc/man/dnssec.
9664 353. [bug] double increment in lwres/gethost.c:copytobuf().
9667 352. [bug] Race condition in dns_client_t startup could cause
9668 an assertion failure.
9670 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG
9671 signed query could crash the server.
9673 350. [bug] Also-notify lists specified in the global options
9674 block were not correctly reference counted, causing
9677 349. [bug] Processing a query with the CD bit set now works
9680 348. [func] New boolean named.conf options 'additional-from-auth'
9681 and 'additional-from-cache' now supported in view and
9682 global options statement.
9684 347. [bug] Don't crash if an argument is left off options in dig.
9688 345. [bug] Large-scale changes/cleanups to dig:
9689 * Significantly improve structure handling
9690 * Don't pre-load entire batch files
9691 * Add name/rr counting/limiting
9692 * Fix SIGINT handling
9693 * Shorten timeouts to match v8's behavior
9695 344. [bug] When shutting down, lwresd sometimes tried
9696 to shut down its client tasks twice,
9697 triggering an assertion.
9699 343. [bug] Although zone maintenance SOA queries and
9700 notify requests were signed with TSIG keys
9701 when configured for the server in case,
9702 the TSIG was not verified on the response.
9704 342. [bug] The wrong name was being passed to
9705 dns_name_dup() when generating a TSIG
9708 341. [func] Support 'key' clause in named.conf zone masters
9709 statement to allow authentication via TSIG keys:
9712 10.0.0.1 port 5353 key "foo";
9716 340. [bug] The top-level COPYRIGHT file was missing from
9719 339. [bug] DNSSEC validation of the response to an ANY
9720 query at a name with a CNAME RR in a secure
9721 zone triggered an assertion failure.
9723 338. [bug] lwresd logged to syslog as named, not lwresd.
9725 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type
9726 on the command line.
9728 336. [bug] "dig -f" used 64 k of memory for each line in
9729 the file. It now uses much less, though still
9730 proportionally to the file size.
9732 335. [bug] named would occasionally attempt recursion when
9733 it was disallowed or undesired.
9735 334. [func] Added hmac-md5 to libisc.
9737 333. [bug] The resolver incorrectly accepted referrals to
9738 domains that were not parents of the query name,
9739 causing assertion failures.
9741 332. [func] New function dns_name_reset().
9743 331. [bug] Only log "recursion denied" if RD is set. [RT #178]
9745 330. [bug] Many debugging messages were partially formatted
9746 even when debugging was turned off, causing a
9747 significant decrease in query performance.
9749 329. [func] omapi_auth_register() now takes a size_t argument for
9750 the length of a key's secret data. Previously
9751 OMAPI only stored secrets up to the first NUL byte.
9753 328. [func] Added isc_base64_decodestring().
9755 327. [bug] rndc.conf parser wasn't correctly recognizing an IP
9756 address where a host specification was required.
9758 326. [func] 'keys' in an 'inet' control statement is now
9759 required and must have at least one item in it.
9760 A "not supported" warning is now issued if a 'unix'
9761 control channel is defined.
9763 325. [bug] isc_lex_gettoken was processing octal strings when
9764 ISC_LEXOPT_CNUMBER was not set.
9766 324. [func] In the resolver, turn EDNS0 off if there is no
9767 response after a number of retransmissions.
9768 This is to allow queries some chance of succeeding
9769 even if all the authoritative servers of a zone
9770 silently discard EDNS0 requests instead of
9771 sending an error response like they ought to.
9773 323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
9774 Because of this, servers authoritative for a parent
9775 and grandchild zone but not authoritative for the
9776 intervening child zone did not correctly issue
9777 referrals to the servers of the child zone.
9779 322. [bug] Queries for KEY RRs are now sent to the parent
9780 server before the authoritative one, making
9781 DNSSEC insecurity proofs work in many cases
9782 where they previously didn't.
9784 321. [bug] When synthesizing a CNAME RR for a DNAME
9785 response, query_addcname() failed to initialize
9786 the type and class of the CNAME dns_rdata_t,
9787 causing random failures.
9789 320. [func] Multiple rndc changes: parses an rndc.conf file,
9790 uses authentication to talk to named, command
9791 line syntax changed. This will all be described
9794 319. [func] The named.conf "controls" statement is now used
9795 to configure the OMAPI command channel.
9797 318. [func] dns_c_ndcctx_destroy() could never return anything
9798 except ISC_R_SUCCESS; made it have void return instead.
9800 317. [func] Use callbacks from libomapi to determine if a
9801 new connection is valid, and if a key requested
9802 to be used with that connection is valid.
9804 316. [bug] Generate a warning if we detect an unexpected <eof>
9805 but treat as <eol><eof>.
9807 315. [bug] Handle non-empty blanks lines. [RT #163]
9809 314. [func] The named.conf controls statement can now have
9810 more than one key specified for the inet clause.
9812 313. [bug] When parsing resolv.conf, don't terminate on an
9813 error. Instead, parse as much as possible, but
9814 still return an error if one was found.
9816 312. [bug] Increase the number of allowed elements in the
9817 resolv.conf search path from 6 to 8. If there
9818 are more than this, ignore the remainder rather
9819 than returning a failure in lwres_conf_parse.
9821 311. [bug] lwres_conf_parse failed when the first line of
9822 resolv.conf was empty or a comment.
9824 310. [func] Changes to named.conf "controls" statement (inet
9827 - support "keys" clause
9831 allow { any; } keys { "foo"; }
9834 - allow "port xxx" to be left out of statement,
9835 in which case it defaults to omapi's default port
9838 309. [bug] When sending a referral, the server did not look
9839 for name server addresses as glue in the zone
9840 holding the NS RRset in the case where this zone
9841 was not the same as the one where it looked for
9842 name server addresses as authoritative data.
9844 308. [bug] Treat a SOA record not at top of zone as an error
9845 when loading a zone. [RT #154]
9847 307. [bug] When canceling a query, the resolver didn't check for
9848 isc_socket_sendto() calls that did not yet have their
9849 completion events posted, so it could (rarely) end up
9850 destroying the query context and then want to use
9851 it again when the send event posted, triggering an
9852 assertion as it tried to cancel an already-canceled
9855 306. [bug] Reading HMAC-MD5 private key files didn't work.
9857 305. [bug] When reloading the server with a config file
9858 containing a syntax error, it could catch an
9859 assertion failure trying to perform zone
9860 maintenance on tentatively created zones whose
9861 views were never fully configured and lacked
9862 an address database.
9864 304. [bug] If more than LWRES_CONFMAXNAMESERVERS servers
9865 are listed in resolv.conf, silently ignore them
9866 instead of returning failure.
9868 303. [bug] Add additional sanity checks to differentiate a AXFR
9869 response vs a IXFR response. [RT #157]
9871 302. [bug] In dig, host, and nslookup, MXNAME should be large
9872 enough to hold any legal domain name in presentation
9873 format + terminating NULL.
9875 301. [bug] Uninitialized pointer in host:printmessage(). [RT #159]
9877 300. [bug] Using both <isc/net.h> and <lwres/net.h> didn't work
9878 on platforms lacking IPv6 because each included their
9879 own ipv6 header file for the missing definitions. Now
9880 each library's ipv6.h defines the wrapper symbol of
9881 the other (ISC_IPV6_H and LWRES_IPV6_H).
9883 299. [cleanup] Get the user and group information before changing the
9884 root directory, so the administrator does not need to
9885 keep a copy of the user and group databases in the
9886 chroot'ed environment. Suggested by Hakan Olsson.
9888 298. [bug] A mutex deadlock occurred during shutdown of the
9889 interface manager under certain conditions.
9890 Digital Unix systems were the most affected.
9892 297. [bug] Specifying a key name that wasn't fully qualified
9893 in certain parts of the config file could cause
9894 an assertion failure.
9896 296. [bug] "make install" from a separate build directory
9897 failed unless configure had been run in the source
9900 295. [bug] When invoked with type==CNAME and a message
9901 not constructed by dns_message_parse(),
9902 dns_message_findname() failed to find anything
9903 due to checking for attribute bits that are set
9904 only in dns_message_parse(). This caused an
9905 infinite loop when constructing the response to
9906 an ANY query at a CNAME in a secure zone.
9908 294. [bug] If we run out of space in while processing glue
9909 when reading a master file and commit "current name"
9910 reverts to "name_current" instead of staying as
9913 293. [port] Add support for FreeBSD 4.0 system tests.
9915 292. [bug] Due to problems with the way some operating systems
9916 handle simultaneous listening on IPv4 and IPv6
9917 addresses, the server no longer listens on IPv6
9918 addresses by default. To revert to the previous
9919 behavior, specify "listen-on-v6 { any; };" in
9922 291. [func] Caching servers no longer send outgoing queries
9923 over TCP just because the incoming recursive query
9926 290. [cleanup] +twiddle option to dig (for testing only) removed.
9928 289. [cleanup] dig is now installed in $bindir instead of $sbindir.
9929 host is now installed in $bindir. (Be sure to remove
9930 any $sbindir/dig from a previous release.)
9932 288. [func] rndc is now installed by "make install" into $sbindir.
9934 287. [bug] rndc now works again as "rndc 127.1 reload" (for
9935 only that task). Parsing its configuration file and
9936 using digital signatures for authentication has been
9937 disabled until named supports the "controls" statement,
9940 286. [bug] On Solaris 2, when named inherited a signal state
9941 where SIGHUP had the SIG_IGN action, SIGHUP would
9942 be ignored rather than causing the server to reload
9945 285. [bug] A change made to the dst API for beta4 inadvertently
9946 broke OMAPI's creation of a dst key from an incoming
9947 message, causing an assertion to be triggered. Fixed.
9949 284. [func] The DNSSEC key generation and signing tools now
9950 generate randomness from keyboard input on systems
9951 that lack /dev/random.
9953 283. [cleanup] The 'lwresd' program is now a link to 'named'.
9955 282. [bug] The lexer now returns ISC_R_RANGE if parsed integer is
9956 too big for an unsigned long.
9958 281. [bug] Fixed list of recognized config file category names.
9960 280. [func] Add isc-config.sh, which can be used to more
9961 easily build applications that link with
9964 279. [bug] Private omapi function symbols shared between
9965 two or more files in libomapi.a were not namespace
9966 protected using the ISC convention of starting with
9967 the library name and two underscores ("omapi__"...)
9969 278. [bug] bin/named/logconf.c:category_fromconf() didn't take
9970 note of when isc_log_categorybyname() wasn't able
9971 to find the category name and would then apply the
9972 channel list of the unknown category to all categories.
9974 277. [bug] isc_log_categorybyname() and isc_log_modulebyname()
9975 would fail to find the first member of any category
9976 or module array apart from the internal defaults.
9977 Thus, for example, the "notify" category was improperly
9978 configured by named.
9980 276. [bug] dig now supports maximum sized TCP messages.
9982 275. [bug] The definition of lwres_gai_strerror() was missing
9985 274. [bug] TSIG AXFR verify failed when talking to a BIND 8
9988 273. [func] The default for the 'transfer-format' option is
9989 now 'many-answers'. This will break zone transfers
9990 to BIND 4.9.5 and older unless there is an explicit
9991 'one-answer' configuration.
9993 272. [bug] The sending of large TCP responses was canceled
9994 in mid-transmission due to a race condition
9995 caused by the failure to set the client object's
9996 "newstate" variable correctly when transitioning
9997 to the "working" state.
9999 271. [func] Attempt to probe the number of cpus in named
10000 if unspecified rather than defaulting to 1.
10002 270. [func] Allow maximum sized TCP answers.
10004 269. [bug] Failed DNSSEC validations could cause an assertion
10005 failure by causing clone_results() to be called with
10006 with hevent->node == NULL.
10008 268. [doc] A plain text version of the Administrator
10009 Reference Manual is now included in the distribution,
10010 as doc/arm/Bv9ARM.txt.
10012 267. [func] Nsupdate is now provided in the distribution.
10014 266. [bug] zone.c:save_nsrrset() node was not initialized.
10016 265. [bug] dns_request_create() now works for TCP.
10018 264. [func] Dispatch can not take TCP sockets in connecting
10019 state. Set DNS_DISPATCHATTR_CONNECTED when calling
10020 dns_dispatch_createtcp() for connected TCP sockets
10021 or call dns_dispatch_starttcp() when the socket is
10024 263. [func] New logging channel type 'stderr'
10026 channel some-name {
10031 262. [bug] 'master' was not initialized in zone.c:stub_callback().
10033 261. [func] Add dns_zone_markdirty().
10035 260. [bug] Running named as a non-root user failed on Linux
10036 kernels new enough to support retaining capabilities
10039 259. [func] New random-device and random-seed-file statements
10040 for global options block of named.conf. Both accept
10041 a single string argument.
10043 258. [bug] Fixed printing of lwres_addr_t.address field.
10045 257. [bug] The server detached the last zone manager reference
10046 too early, while it could still be in use by queries.
10047 This manifested itself as assertion failures during the
10048 shutdown process for busy name servers. [RT #133]
10050 256. [func] isc_ratelimiter_t now has attach/detach semantics, and
10051 isc_ratelimiter_shutdown guarantees that the rate
10052 limiter is detached from its task.
10054 255. [func] New function dns_zonemgr_attach().
10056 254. [bug] Suppress "query denied" messages on additional data
10059 --- 9.0.0b4 released ---
10061 253. [func] resolv.conf parser now recognizes ';' and '#' as
10062 comments (anywhere in line, not just as the beginning).
10064 252. [bug] resolv.conf parser mishandled masks on sortlists.
10065 It also aborted when an unrecognized keyword was seen,
10066 now it silently ignores the entire line.
10068 251. [bug] lwresd caught an assertion failure on startup.
10070 250. [bug] fixed handling of size+unit when value would be too
10071 large for internal representation.
10073 249. [cleanup] max-cache-size config option now takes a size-spec
10074 like 'datasize', except 'default' is not allowed.
10076 248. [bug] global lame-ttl option was not being printed when
10077 config structures were written out.
10079 247. [cleanup] Rename cache-size config option to max-cache-size.
10081 246. [func] Rename global option cachesize to cache-size and
10082 add corresponding option to view statement.
10084 245. [bug] If an uncompressed name will take more than 255
10085 bytes and the buffer is sufficiently long,
10086 dns_name_fromwire should return DNS_R_FORMERR,
10087 not ISC_R_NOSPACE. This bug caused cause the
10088 server to catch an assertion failure when it
10089 received a query for a name longer than 255
10092 244. [bug] empty named.conf file and empty options statement are
10093 now parsed properly.
10095 243. [func] new cachesize option for named.conf
10097 242. [cleanup] fixed incorrect warning about auth-nxdomain usage.
10099 241. [cleanup] nscount and soacount have been removed from the
10100 dns_master_*() argument lists.
10102 240. [func] databases now come in three flavours: zone, cache
10105 239. [func] If ISC_MEM_DEBUG is enabled, the variable
10106 isc_mem_debugging controls whether messages
10107 are printed or not.
10109 238. [cleanup] A few more compilation warnings have been quieted:
10110 + missing sigwait prototype on BSD/OS 4.0/4.0.1.
10111 + PTHREAD_ONCE_INIT unbraced initializer warnings on
10113 + IN6ADDR_ANY_INIT unbraced initializer warnings on
10114 BSD/OS 4.*, Linux and Solaris 2.8.
10116 237. [bug] If connect() returned ENOBUFS when the resolver was
10117 initiating a TCP query, the socket didn't get
10118 destroyed, and the server did not shut down cleanly.
10120 236. [func] Added new listen-on-v6 config file statement.
10122 235. [func] Consider it a config file error if a listen-on
10123 statement has an IPv6 address in it, or a
10124 listen-on-v6 statement has an IPv4 address in it.
10126 234. [bug] Allow a trusted-key's first field (domain-name) be
10127 either a quoted or an unquoted string, instead of
10128 requiring a quoted string.
10130 233. [cleanup] Convert all config structure integer values to unsigned
10131 integer (isc_uint32_t) to match grammar.
10133 232. [bug] Allow slave zones to not have a file.
10135 231. [func] Support new 'port' clause in config file options
10136 section. Causes 'listen-on', 'masters' and
10137 'also-notify' statements to use its value instead of
10140 230. [func] Replace the dst sign/verify API with a cleaner one.
10142 229. [func] Support config file sig-validity-interval statement
10143 in options, views and zone statements (master
10146 228. [cleanup] Logging messages in config module stripped of
10149 227. [cleanup] The enumerated identifiers dns_rdataclass_*,
10150 dns_rcode_*, dns_opcode_*, and dns_trust_* are
10151 also now cast to their appropriate types, as with
10152 dns_rdatatype_* in item number 225 below.
10154 226. [func] dns_name_totext() now always prints the root name as
10155 '.', even when omit_final_dot is true.
10157 225. [cleanup] The enumerated dns_rdatatype_* identifiers are now
10158 cast to dns_rdatatype_t via macros of their same name
10159 so that they are of the proper integral type wherever
10160 a dns_rdatatype_t is needed.
10162 224. [cleanup] The entire project builds cleanly with gcc's
10163 -Wcast-qual and -Wwrite-strings warnings enabled,
10164 which is now the default when using gcc. (Warnings
10165 from confparser.c, because of yacc's code, are
10166 unfortunately to be expected.)
10168 223. [func] Several functions were re-prototyped to qualify one
10169 or more of their arguments with "const". Similarly,
10170 several functions that return pointers now have
10171 those pointers qualified with const.
10173 222. [bug] The global 'also-notify' option was ignored.
10175 221. [bug] An uninitialized variable was sometimes passed to
10176 dns_rdata_freestruct() when loading a zone, causing
10177 an assertion failure.
10179 220. [cleanup] Set the default outgoing port in the view, and
10180 set it in sockaddrs returned from the ADB.
10181 [31-May-2000 explorer]
10183 219. [bug] Signed truncated messages more correctly follow
10184 the respective specs.
10186 218. [func] When an rdataset is signed, its ttl is normalized
10187 based on the signature validity period.
10189 217. [func] Also-notify and trusted-keys can now be used in
10190 the 'view' statement.
10192 216. [func] The 'max-cache-ttl' and 'max-ncache-ttl' options
10195 215. [bug] Failures at certain points in request processing
10196 could cause the assertion INSIST(client->lockview
10197 == NULL) to be triggered.
10199 214. [func] New public function isc_netaddr_format(), for
10200 formatting network addresses in log messages.
10202 213. [bug] Don't leak memory when reloading the zone if
10203 an update-policy clause was present in the old zone.
10205 212. [func] Added dns_message_get/settsigkey, to make TSIG
10206 key management reasonable.
10208 211. [func] The 'key' and 'server' statements can now occur
10209 inside 'view' statements.
10211 210. [bug] The 'allow-transfer' option was ignored for slave
10212 zones, and the 'transfers-per-ns' option was
10213 was ignored for all zones.
10215 209. [cleanup] Upgraded openssl files to new version 0.9.5a
10217 208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value
10218 of an isc_offset_t.
10220 207. [func] The dnssec tools properly use the logging subsystem.
10222 206. [cleanup] dst now stores the key name as a dns_name_t, not
10225 205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692
10226 ("prototyped function redeclared without prototype")
10227 and 1552 ("variable ... set but not used") when
10228 compiling in the lib/dns/sec/{dnssafe,openssl}
10229 directories, which contain code imported from outside
10232 204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
10233 to quiet the warnings that "The linked output may not
10234 run on a PA 1.x system."
10236 203. [func] notify and zone soa queries are now tsig signed when
10239 202. [func] isc_lex_getsourceline() changed from returning int
10240 to returning unsigned long, the type of its underlying
10243 201. [cleanup] Removed the test/sdig program, it has been
10244 replaced by bin/dig/dig.
10246 --- 9.0.0b3 released ---
10248 200. [bug] Failures in sending query responses to clients
10249 (e.g., running out of network buffers) were
10252 199. [bug] isc_heap_delete() sometimes violated the heap
10253 invariant, causing timer events not to be posted
10256 198. [func] Dispatch managers hold memory pools which
10257 any managed dispatcher may use. This allows
10258 us to avoid dipping into the memory context for
10259 most allocations. [19-May-2000 explorer]
10261 197. [bug] When an incoming AXFR or IXFR completes, the
10262 zone's internal state is refreshed from the
10263 SOA data. [19-May-2000 explorer]
10265 196. [func] Dispatchers can be shared easily between views
10266 and/or interfaces. [19-May-2000 explorer]
10268 195. [bug] Including the NXT record of the root domain
10269 in a negative response caused an assertion
10272 194. [doc] The PDF version of the Administrator's Reference
10273 Manual is no longer included in the ISC BIND9
10276 193. [func] changed dst_key_free() prototype.
10278 192. [bug] Zone configuration validation is now done at end
10279 of config file parsing, and before loading
10282 191. [func] Patched to compile on UnixWare 7.x. This platform
10283 is not directly supported by the ISC.
10285 190. [cleanup] The DNSSEC tools have been moved to a separate
10286 directory dnssec/ and given the following new,
10287 more descriptive names:
10294 Their command line arguments have also been changed to
10295 be more consistent. dnssec-keygen now prints the
10296 name of the generated key files (sans extension)
10297 on standard output to simplify its use in automated
10300 189. [func] isc_time_secondsastimet(), a new function, will ensure
10301 that the number of seconds in an isc_time_t does not
10302 exceed the range of a time_t, or return ISC_R_RANGE.
10303 Similarly, isc_time_now(), isc_time_nowplusinterval(),
10304 isc_time_add() and isc_time_subtract() now check the
10305 range for overflow/underflow. In the case of
10306 isc_time_subtract, this changed a calling requirement
10307 (ie, something that could generate an assertion)
10308 into merely a condition that returns an error result.
10309 isc_time_add() and isc_time_subtract() were void-
10310 valued before but now return isc_result_t.
10312 188. [func] Log a warning message when an incoming zone transfer
10313 contains out-of-zone data.
10315 187. [func] isc_ratelimiter_enqueue() has an additional argument
10318 186. [func] dns_request_getresponse() has an additional argument
10321 185. [bug] Fixed up handling of ISC_MEMCLUSTER_LEGACY. Several
10322 public functions did not have an isc__ prefix, and
10323 referred to functions that had previously been
10326 184. [cleanup] Variables/functions which began with two leading
10327 underscores were made to conform to the ANSI/ISO
10328 standard, which says that such names are reserved.
10330 183. [func] ISC_LOG_PRINTTAG option for log channels. Useful
10331 for logging the program name or other identifier.
10333 182. [cleanup] New command-line parameters for dnssec tools
10335 181. [func] Added dst_key_buildfilename and dst_key_parsefilename
10337 180. [func] New isc_result_t ISC_R_RANGE. Supersedes DNS_R_RANGE.
10339 179. [func] options named.conf statement *must* now come
10340 before any zone or view statements.
10342 178. [func] Post-load of named.conf check verifies a slave zone
10343 has non-empty list of masters defined.
10345 177. [func] New per-zone boolean:
10347 enable-zone yes | no ;
10349 intended to let a zone be disabled without having
10350 to comment out the entire zone statement.
10352 176. [func] New global and per-view option:
10354 max-cache-ttl number
10356 175. [func] New global and per-view option:
10358 additional-data internal | minimal | maximal;
10360 174. [func] New public function isc_sockaddr_format(), for
10361 formatting socket addresses in log messages.
10363 173. [func] Keep a queue of zones waiting for zone transfer
10364 quota so that a new transfer can be dispatched
10365 immediately whenever quota becomes available.
10367 172. [bug] $TTL directive was sometimes missing from dumped
10368 master files because totext_ctx_init() failed to
10369 initialize ctx->current_ttl_valid.
10371 171. [cleanup] On NetBSD systems, the mit-pthreads or
10372 unproven-pthreads library is now always used
10373 unless --with-ptl2 is explicitly specified on
10374 the configure command line. The
10375 --with-mit-pthreads option is no longer needed
10376 and has been removed.
10378 170. [cleanup] Remove inter server consistency checks from zone,
10379 these should return as a separate module in 9.1.
10380 dns_zone_checkservers(), dns_zone_checkparents(),
10381 dns_zone_checkchildren(), dns_zone_checkglue().
10383 Remove dns_zone_setadb(), dns_zone_setresolver(),
10384 dns_zone_setrequestmgr() these should now be found
10387 169. [func] ratelimiter can now process N events per interval.
10389 168. [bug] include statements in named.conf caused syntax errors
10390 due to not consuming the semicolon ending the include
10391 statement before switching input streams.
10393 167. [bug] Make lack of masters for a slave zone a soft error.
10395 166. [bug] Keygen was overwriting existing keys if key_id
10396 conflicted, now it will retry, and non-null keys
10397 with key_id == 0 are not generated anymore. Key
10398 was not able to generate NOAUTHCONF DSA key,
10399 increased RSA key size to 2048 bits.
10401 165. [cleanup] Silence "end-of-loop condition not reached" warnings
10402 from Solaris compiler.
10404 164. [func] Added functions isc_stdio_open(), isc_stdio_close(),
10405 isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(),
10406 isc_stdio_flush(), isc_stdio_sync(), isc_file_remove()
10407 to encapsulate nonportable usage of errno and sync.
10409 163. [func] Added result codes ISC_R_FILENOTFOUND and
10412 162. [bug] Ensure proper range for arguments to ctype.h functions.
10414 161. [cleanup] error in yyparse prototype that only HPUX caught.
10416 160. [cleanup] getnet*() are not going to be implemented at this
10419 159. [func] Redefinition of config file elements is now an
10420 error (instead of a warning).
10422 158. [bug] Log channel and category list copy routines
10423 weren't assigning properly to output parameter.
10425 157. [port] Fix missing prototype for getopt().
10427 156. [func] Support new 'database' statement in zone.
10429 database "quoted-string";
10431 155. [bug] ns_notify_start() was not detaching the found zone.
10433 154. [func] The signer now logs libdns warnings to stderr even when
10434 not verbose, and in a nicer format.
10436 153. [func] dns_rdata_tostruct() 'mctx' is now optional. If 'mctx'
10437 is NULL then you need to preserve the 'rdata' until
10438 you have finished using the structure as there may be
10439 references to the associated memory. If 'mctx' is
10440 non-NULL it is guaranteed that there are no references
10441 to memory associated with 'rdata'.
10443 dns_rdata_freestruct() must be called if 'mctx' was
10444 non-NULL and may safely be called if 'mctx' was NULL.
10446 152. [bug] keygen dumped core if domain name argument was omitted
10449 151. [func] Support 'disabled' statement in zone config (causes
10450 zone to be parsed and then ignored). Currently must
10451 come after the 'type' clause.
10453 150. [func] Support optional ports in masters and also-notify
10456 masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
10458 149. [cleanup] Removed unused argument 'olist' from
10459 dns_c_view_unsetordering().
10461 148. [cleanup] Stop issuing some warnings about some configuration
10462 file statements that were not implemented, but now are.
10464 147. [bug] Changed yacc union size to be smaller for yaccs that
10465 put yacc-stack on the real stack.
10467 146. [cleanup] More general redundant header file cleanup. Rather
10468 than continuing to itemize every header which changed,
10469 this changelog entry just notes that if a header file
10470 did not need another header file that it was including
10471 in order to provide its advertised functionality, the
10472 inclusion of the other header file was removed. See
10473 util/check-includes for how this was tested.
10475 145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
10476 ISC_LANG_ENDDECLS to header files that had function
10477 prototypes, and removed it from those that did not.
10479 144. [cleanup] libdns header files too numerous to name were made
10480 to conform to the same style for multiple inclusion
10483 143. [func] Added function dns_rdatatype_isknown().
10485 142. [cleanup] <isc/stdtime.h> does not need <time.h> or
10488 141. [bug] Corrupt requests with multiple questions could
10489 cause an assertion failure.
10491 140. [cleanup] <isc/time.h> does not need <time.h> or <isc/result.h>.
10493 139. [cleanup] <isc/net.h> now includes <isc/types.h> instead of
10494 <isc/int.h> and <isc/result.h>.
10496 138. [cleanup] isc_strtouq moved from str.[ch] to string.[ch] and
10497 renamed isc_string_touint64. isc_strsep moved from
10498 strsep.c to string.c and renamed isc_string_separate.
10500 137. [cleanup] <isc/commandline.h>, <isc/mem.h>, <isc/print.h>
10501 <isc/serial.h>, <isc/string.h> and <isc/offset.h>
10502 made to conform to the same style for multiple
10503 inclusion protection.
10505 136. [cleanup] <isc/commandline.h>, <isc/interfaceiter.h>,
10506 <isc/net.h> and Win32's <isc/thread.h> needed
10507 ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS.
10509 135. [cleanup] Win32's <isc/condition.h> did not need <isc/result.h>
10510 or <isc/boolean.h>, now uses <isc/types.h> in place
10511 of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
10512 and ISC_LANG_ENDDECLS.
10514 134. [cleanup] <isc/dir.h> does not need <limits.h>.
10516 133. [cleanup] <isc/ipv6.h> needs <isc/platform.h>.
10518 132. [cleanup] <isc/app.h> does not need <isc/task.h>, but does
10519 need <isc/eventclass.h>.
10521 131. [cleanup] <isc/mutex.h> and <isc/util.h> need <isc/result.h>
10522 for ISC_R_* codes used in macros.
10524 130. [cleanup] <isc/condition.h> does not need <pthread.h> or
10525 <isc/boolean.h>, and now includes <isc/types.h>
10526 instead of <isc/time.h>.
10528 129. [bug] The 'default_debug' log channel was not set up when
10529 'category default' was present in the config file
10531 128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
10532 ISC_LANG_ENDDECLS at end of header.
10534 127. [cleanup] The contracts for the comparison routines
10535 dns_name_fullcompare(), dns_name_compare(),
10536 dns_name_rdatacompare(), and dns_rdata_compare() now
10537 specify that the order value returned is < 0, 0, or > 0
10538 instead of -1, 0, or 1.
10540 126. [cleanup] <isc/quota.h> and <isc/taskpool.h> need <isc/lang.h>.
10542 125. [cleanup] <isc/eventclass.h>, <isc/ipv6.h>, <isc/magic.h>,
10543 <isc/mutex.h>, <isc/once.h>, <isc/region.h>, and
10544 <isc/resultclass.h> do not need <isc/lang.h>.
10546 124. [func] signer now imports parent's zone key signature
10547 and creates null keys/sets zone status bit for
10548 children when necessary
10550 123. [cleanup] <isc/event.h> does not need <stddef.h>.
10552 122. [cleanup] <isc/task.h> does not need <isc/mem.h> or
10555 121. [cleanup] <isc/symtab.h> does not need <isc/mem.h> or
10556 <isc/result.h>. Multiple inclusion protection
10557 symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H.
10558 isc_symtab_t moved to <isc/types.h>.
10560 120. [cleanup] <isc/socket.h> does not need <isc/boolean.h>,
10561 <isc/bufferlist.h>, <isc/task.h>, <isc/mem.h> or
10564 119. [cleanup] structure definitions for generic rdata structures do
10565 not have _generic_ in their names.
10567 118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
10568 YACC crust (yyparse, etc) [2000-apr-27 explorer]
10570 117. [cleanup] libdns.a changes:
10571 dns_zone_clearnotify() and dns_zone_addnotify()
10572 are replaced by dns_zone_setnotifyalso().
10573 dns_zone_clearmasters() and dns_zone_addmaster()
10574 are replaced by dns_zone_setmasters().
10576 116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
10579 115. [port] Shut up the -Wmissing-declarations warning about
10580 <stdio.h>'s __sputaux on BSD/OS pre-4.1.
10582 114. [cleanup] <isc/sockaddr.h> does not need <isc/buffer.h> or
10585 113. [func] Utility programs dig and host added.
10587 112. [cleanup] <isc/serial.h> does not need <isc/boolean.h>.
10589 111. [cleanup] <isc/rwlock.h> does not need <isc/result.h> or
10592 110. [cleanup] <isc/result.h> does not need <isc/boolean.h> or
10595 109. [bug] "make depend" did nothing for
10596 bin/tests/{db,mem,sockaddr,tasks,timers}/.
10598 108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
10599 <dns/types.h> to <dns/bit.h> and renamed to
10600 DNS_BIT_SET/DNS_BIT_GET/DNS_BIT_CLEAR.
10602 107. [func] Add keysigner and keysettool.
10604 106. [func] Allow dnssec verifications to ignore the validity
10605 period. Used by several of the dnssec tools.
10607 105. [doc] doc/dev/coding.html expanded with other
10608 implicit conventions the developers have used.
10610 104. [bug] Made compress_add and compress_find static to
10611 lib/dns/compress.c.
10613 103. [func] libisc buffer API changes for <isc/buffer.h>:
10615 isc_buffer_base(b) (pointer)
10616 isc_buffer_current(b) (pointer)
10617 isc_buffer_active(b) (pointer)
10618 isc_buffer_used(b) (pointer)
10619 isc_buffer_length(b) (int)
10620 isc_buffer_usedlength(b) (int)
10621 isc_buffer_consumedlength(b) (int)
10622 isc_buffer_remaininglength(b) (int)
10623 isc_buffer_activelength(b) (int)
10624 isc_buffer_availablelength(b) (int)
10626 ISC_BUFFER_USEDCOUNT(b)
10627 ISC_BUFFER_AVAILABLECOUNT(b)
10630 isc_buffer_used(b, r) ->
10631 isc_buffer_usedregion(b, r)
10632 isc_buffer_available(b, r) ->
10633 isc_buffer_available_region(b, r)
10634 isc_buffer_consumed(b, r) ->
10635 isc_buffer_consumedregion(b, r)
10636 isc_buffer_active(b, r) ->
10637 isc_buffer_activeregion(b, r)
10638 isc_buffer_remaining(b, r) ->
10639 isc_buffer_remainingregion(b, r)
10641 Buffer types were removed, so the ISC_BUFFERTYPE_*
10642 macros are no more, and the type argument to
10643 isc_buffer_init and isc_buffer_allocate were removed.
10644 isc_buffer_putstr is now void (instead of isc_result_t)
10645 and requires that the caller ensure that there
10646 is enough available buffer space for the string.
10648 102. [port] Correctly detect inet_aton, inet_pton and inet_ptop
10651 101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
10653 100. [cleanup] <isc/random.h> does not need <isc/int.h> or
10654 <isc/mutex.h>. isc_random_t moved to <isc/types.h>.
10656 99. [cleanup] Rate limiter now has separate shutdown() and
10657 destroy() functions, and it guarantees that all
10658 queued events are delivered even in the shutdown case.
10660 98. [cleanup] <isc/print.h> does not need <stdarg.h> or <stddef.h>
10661 unless ISC_PLATFORM_NEEDVSNPRINTF is defined.
10663 97. [cleanup] <isc/ondestroy.h> does not need <stddef.h> or
10666 96. [cleanup] <isc/mutex.h> does not need <isc/result.h>.
10668 95. [cleanup] <isc/mutexblock.h> does not need <isc/result.h>.
10670 94. [cleanup] Some installed header files did not compile as C++.
10672 93. [cleanup] <isc/msgcat.h> does not need <isc/result.h>.
10674 92. [cleanup] <isc/mem.h> does not need <stddef.h>, <isc/boolean.h>,
10677 91. [cleanup] <isc/log.h> does not need <sys/types.h> or
10680 90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
10681 from <named/listenlist.h>.
10683 89. [cleanup] <isc/lex.h> does not need <stddef.h>.
10685 88. [cleanup] <isc/interfaceiter.h> does not need <isc/result.h> or
10686 <isc/mem.h>. isc_interface_t and isc_interfaceiter_t
10687 moved to <isc/types.h>.
10689 87. [cleanup] <isc/heap.h> does not need <isc/boolean.h>,
10690 <isc/mem.h> or <isc/result.h>.
10692 86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
10695 85. [cleanup] <isc/bufferlist.h> does not need <isc/buffer.h>,
10696 <isc/list.h>, <isc/mem.h>, <isc/region.h> or
10699 84. [func] allow-query ACL checks now apply to all data
10700 added to a response.
10702 83. [func] If the server is authoritative for both a
10703 delegating zone and its (nonsecure) delegatee, and
10704 a query is made for a KEY RR at the top of the
10705 delegatee, then the server will look for a KEY
10706 in the delegator if it is not found in the delegatee.
10708 82. [cleanup] <isc/buffer.h> does not need <isc/list.h>.
10710 81. [cleanup] <isc/int.h> and <isc/boolean.h> do not need
10713 80. [cleanup] <isc/print.h> does not need <stdio.h> or <stdlib.h>.
10715 79. [cleanup] <dns/callbacks.h> does not need <stdio.h>.
10717 78. [cleanup] lwres_conftest renamed to lwresconf_test for
10718 consistency with other *_test programs.
10720 77. [cleanup] typedef of isc_time_t and isc_interval_t moved from
10721 <isc/time.h> to <isc/types.h>.
10723 76. [cleanup] Rewrote keygen.
10725 75. [func] Don't load a zone if its database file is older
10726 than the last time the zone was loaded.
10728 74. [cleanup] Removed mktemplate.o and ufile.o from libisc.a,
10729 subsumed by file.o.
10731 73. [func] New "file" API in libisc, including new function
10732 isc_file_getmodtime, isc_mktemplate renamed to
10733 isc_file_mktemplate and isc_ufile renamed to
10734 isc_file_openunique. By no means an exhaustive API,
10735 it is just what's needed for now.
10737 72. [func] DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS
10738 added for dns_rbt_findnode, the former to disable the
10739 setting of the chain to the predecessor, and the
10740 latter to make clear when no options are set.
10742 71. [cleanup] Made explicit the implicit REQUIREs of
10743 isc_time_seconds, isc_time_nanoseconds, and
10746 70. [func] isc_time_set() added.
10748 69. [bug] The zone object's master and also-notify lists grew
10749 longer with each server reload.
10751 68. [func] Partial support for SIG(0) on incoming messages.
10753 67. [performance] Allow use of alternate (compile-time supplied)
10754 OpenSSL libraries/headers.
10756 66. [func] Data in authoritative zones should have a trust level
10759 65. [cleanup] Removed obsolete typedef of dns_zone_callbackarg_t
10760 from <dns/types.h>.
10762 64. [func] The RBT, DB, and zone table APIs now allow the
10763 caller find the most-enclosing superdomain of
10766 63. [func] Generate NOTIFY messages.
10768 62. [func] Add UDP refresh support.
10770 61. [cleanup] Use single quotes consistently in log messages.
10772 60. [func] Catch and disallow singleton types on message
10775 59. [bug] Cause net/host unreachable to be a hard error
10776 when sending and receiving.
10778 58. [bug] bin/named/query.c could sometimes trigger the
10779 (client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
10780 == 0 assertion in query_newname().
10782 57. [func] Added dns_nxt_typepresent()
10784 56. [bug] SIG records were not properly returned in cached
10787 55. [bug] Responses containing multiple names in the authority
10788 section were not negatively cached.
10790 54. [bug] If a fetch with sigrdataset==NULL joined one with
10791 sigrdataset!=NULL or vice versa, the resolver
10792 could catch an assertion or lose signature data,
10795 53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
10798 52. [bug] rndc: taskmgr and socketmgr were not initialized
10801 51. [cleanup] dns/compress.h and dns/zt.h did not need to include
10802 dns/rbt.h; it was needed only by compress.c and zt.c.
10804 50. [func] RBT deletion no longer requires a valid chain to work,
10805 and dns_rbt_deletenode was added.
10807 49. [func] Each cache now has its own mctx.
10809 48. [func] isc_task_create() no longer takes an mctx.
10810 isc_task_mem() has been eliminated.
10812 47. [func] A number of modules now use memory context reference
10815 46. [func] Memory contexts are now reference counted.
10816 Added isc_mem_inuse() and isc_mem_preallocate().
10817 Renamed isc_mem_destroy_check() to
10818 isc_mem_setdestroycheck().
10820 45. [bug] The trusted-key statement incorrectly loaded keys.
10822 44. [bug] Don't include authority data if it would force us
10823 to unset the AD bit in the message.
10825 43. [bug] DNSSEC verification of cached rdatasets was failing.
10827 42. [cleanup] Simplified logging of messages with embedded domain
10828 names by introducing a new convenience function
10831 41. [func] Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later
10832 to allow 'named' to run as a non-root user while
10833 retaining the ability to bind() to privileged
10836 40. [func] Introduced new logging category "dnssec" and
10837 logging module "dns/validator".
10839 39. [cleanup] Moved the typedefs for isc_region_t, isc_textregion_t,
10840 and isc_lex_t to <isc/types.h>.
10842 38. [bug] TSIG signed incoming zone transfers work now.
10844 37. [bug] If the first RR in an incoming zone transfer was
10845 not an SOA, the server died with an assertion failure
10846 instead of just reporting an error.
10848 36. [cleanup] Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS
10850 35. [performance] Log messages which are of a level too high to be
10851 logged by any channel in the logging configuration
10852 will not cause the log mutex to be locked.
10854 34. [bug] Recursion was allowed even with 'recursion no'.
10856 33. [func] The RBT now maintains a parent pointer at each node.
10858 32. [cleanup] bin/lwresd/client.c needs <string.h> for memset()
10861 31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
10863 30. [func] config file grammar change to support optional
10864 class type for a view.
10866 29. [func] support new config file view options:
10868 auth-nxdomain recursion query-source
10869 query-source-v6 transfer-source
10870 transfer-source-v6 max-transfer-time-out
10871 max-transfer-idle-out transfer-format
10872 request-ixfr provide-ixfr cleaning-interval
10873 fetch-glue notify rfc2308-type1 lame-ttl
10874 max-ncache-ttl min-roots
10876 28. [func] support lame-ttl, min-roots and serial-queries
10877 config global options.
10879 27. [bug] Only include <netinet6/in6.h> on BSD/OS 4.[01]*.
10880 Including it on other platforms (eg, NetBSD) can
10881 cause a forced #error from the C preprocessor.
10883 26. [func] new match-clients statement in config file view.
10885 25. [bug] make install failed to install <isc/log.h> and
10888 24. [cleanup] Eliminate some unnecessary #includes of header
10889 files from header files.
10891 23. [cleanup] Provide more context in log messages about client
10892 requests, using a new function ns_client_log().
10894 22. [bug] SIGs weren't returned in the answer section when
10895 the query resulted in a fetch.
10897 21. [port] Look at STD_CINCLUDES after CINCLUDES during
10898 compilation, so additional system include directories
10899 can be searched but header files in the bind9 source
10900 tree with conflicting names take precedence. This
10901 avoids issues with installed versions of dnssafe and
10904 20. [func] Configuration file post-load validation of zones
10905 failed if there were no zones.
10907 19. [bug] dns_zone_notifyreceive() failed to unlock the zone
10908 lock in certain error cases.
10910 18. [bug] Use AC_TRY_LINK rather than AC_TRY_COMPILE in
10911 configure.in to check for presence of in6addr_any.
10913 17. [func] Do configuration file post-load validation of zones.
10915 16. [bug] put quotes around key names on config file
10916 output to avoid possible keyword clashes.
10918 15. [func] Add dns_name_dupwithoffsets(). This function is
10919 improves comparison performance for duped names.
10921 14. [bug] free_rbtdb() could have 'put' unallocated memory in
10922 an unlikely error path.
10924 13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore
10927 12. [bug] Fixed possible uninitialized variable error.
10929 11. [bug] axfr_rrstream_first() didn't check the result code of
10930 db_rr_iterator_first(), possibly causing an assertion
10931 to be triggered later.
10933 10. [bug] A bug in the code which makes EDNS0 OPT records in
10934 bin/named/client.c and lib/dns/resolver.c could
10935 trigger an assertion.
10937 9. [cleanup] replaced bit-setting code in confctx.c and replaced
10938 repeated code with macro calls.
10940 8. [bug] Shutdown of incoming zone transfer accessed
10943 7. [cleanup] removed 'listen-on' from view statement.
10945 6. [bug] quote RR names when generating config file to
10946 prevent possible clash with config file keywords
10949 5. [func] syntax change to named.conf file: new ssu grant/deny
10950 statements must now be enclosed by an 'update-policy'
10953 4. [port] bin/named/unix/os.c didn't compile on systems with
10954 linux 2.3 kernel includes due to conflicts between
10955 C library includes and the kernel includes. We now
10956 get only what we need from <linux/capability.h>, and
10957 avoid pulling in other linux kernel .h files.
10959 3. [bug] TKEYs go in the answer section of responses, not
10960 the additional section.
10962 2. [bug] Generating cryptographic randomness failed on
10963 systems without /dev/random.
10965 1. [bug] The installdirs rule in
10966 lib/isc/unix/include/isc/Makefile.in had a typo which
10967 prevented the isc directory from being created if it
10970 --- 9.0.0b2 released ---
10972 # This tells Emacs to use hard tabs in this file.
10974 # indent-tabs-mode: t