1 --- 9.6.1-P3 released ---
3 2831. [security] Do not attempt to validate or cache
4 out-of-bailiwick data returned with a secure
5 answer; it must be re-fetched from its original
6 source and validated in that context. [RT #20819]
8 2828. [security] Cached CNAME or DNAME RR could be returned to clients
9 without DNSSEC validation. [RT #20737]
11 2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
13 --- 9.6.1-P2 released ---
15 2772. [security] When validating, track whether pending data was from
16 the additional section or not and only return it if
17 validates as secure. [RT #20438]
19 --- 9.6.1-P1 released ---
21 2640. [security] A specially crafted update packet will cause named
24 --- 9.6.1 released ---
26 2607. [bug] named could incorrectly delete NSEC3 records for
27 empty nodes when processing a update request.
30 2606. [bug] "delegation-only" was not being accepted in
31 delegation-only type zones. [RT #19717]
33 2605. [bug] Accept DS responses from delegation only zones.
36 2603. [port] win32: handle .exe extension of named-checkzone and
37 named-comilezone argv[0] names under windows.
40 2602. [port] win32: fix debugging command line build of libisccfg.
43 --- 9.6.1rc1 released ---
45 2599. [bug] Address rapid memory growth when validation fails.
48 2597. [bug] Handle a validation failure with a insecure delegation
49 from a NSEC3 signed master/slave zone. [RT #19464]
51 2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
52 long, leading to inefficient memory usage or rejecting
53 newer cache entries in the worst case. [RT #19563]
55 2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
57 2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
59 2591. [bug] named could die when processing a update in
60 removed_orphaned_ds(). [RT #19507]
62 2588. [bug] SO_REUSEADDR could be set unconditionally after failure
63 of bind(2) call. This should be rare and mostly
64 harmless, but may cause interference with other
65 processes that happen to use the same port. [RT #19642]
67 2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
70 2585. [bug] Uninitialized socket name could be referenced via a
71 statistics channel, triggering an assertion failure in
72 XML rendering. [RT #19427]
74 2584. [bug] alpha: gcc optimization could break atomic operations.
77 2583. [port] netbsd: provide a control to not add the compile
78 date to the version string, -DNO_VERSION_DATE.
80 2582. [bug] Don't emit warning log message when we attempt to
81 remove non-existant journal. [RT #19516]
83 2579. [bug] DNSSEC lookaside validation failed to handle unknown
84 algorithms. [RT #19479]
86 2578. [bug] Changed default sig-signing-type to 65534, because
87 65535 turns out to be reserved. [RT #19477]
89 2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
92 --- 9.6.1b1 released ---
94 2577. [doc] Clarified some statistics counters. [RT #19454]
96 2576. [bug] NSEC record were not being correctly signed when
97 a zone transitions from insecure to secure.
98 Handle such incorrectly signed zones. [RT #19114]
100 2574. [doc] Document nsupdate -g and -o. [RT #19351]
102 2573. [bug] Replacing a non-CNAME record with a CNAME record in a
103 single transaction in a signed zone failed. [RT #19397]
105 2568. [bug] Report when the write to indicate a otherwise
106 successful start fails. [RT #19360]
108 2567. [bug] dst__privstruct_writefile() could miss write errors.
109 write_public_key() could miss write errors.
110 dnssec-dsfromkey could miss write errors.
113 2564. [bug] Only take EDNS fallback steps when processing timeouts.
116 2563. [bug] Dig could leak a socket causing it to wait forever
119 2562. [doc] ARM: miscellaneous improvements, reorganization,
120 and some new content.
122 2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
124 2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
126 2559. [bug] dnssec-dsfromkey could compute bad DS records when
127 reading from a K* files. [RT #19357]
129 2557. [cleanup] PCI compliance:
130 * new libisc log module file
131 * isc_dir_chroot() now also changes the working
134 * additional logging when files can't be removed.
136 2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
137 error checks in the correct order resulting in the
138 wrong error code sometimes being returned. [RT #19249]
140 2554. [bug] Validation of uppercase queries from NSEC3 zones could
143 2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
145 2552. [bug] zero-no-soa-ttl-cache was not being honoured.
148 2551. [bug] Potential Reference leak on return. [RT #19341]
150 2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
153 2549. [port] linux: define NR_OPEN if not currently defined.
156 2548. [bug] Install iterated_hash.h. [RT #19335]
158 2547. [bug] openssl_link.c:mem_realloc() could reference an
159 out-of-range area of the source buffer. New public
160 function isc_mem_reallocate() was introduced to address
161 this bug. [RT #19313]
163 2545. [doc] ARM: Legal hostname checking (check-names) is
164 for SRV RDATA too. [RT #19304]
166 2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
168 2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
170 2542. [doc] Update the description of dig +adflag. [RT #19290]
172 2541. [bug] Conditionally update dispatch manager statistics.
175 2539. [security] Update the interaction between recursion, allow-query,
176 allow-query-cache and allow-recursion. [RT #19198]
178 2538. [bug] cache/ADB memory could grow over max-cache-size,
179 especially with threads and smaller max-cache-size
182 2537. [experimental] Added more statistics counters including those on socket
183 I/O events and query RTT histograms. [RT #18802]
185 2536. [cleanup] Silence some warnings when -Werror=format-security is
186 specified. [RT #19083]
188 2535. [bug] dig +showsearh and +trace interacted badly. [RT #19091]
190 2532. [bug] dig: check the question section of the response to
191 see if it matches the asked question. [RT #18495]
193 2531. [bug] Change #2207 was incomplete. [RT #19098]
195 2530. [bug] named failed to reject insecure to secure transitions
196 via UPDATE. [RT #19101]
198 2529. [cleanup] Upgrade libtool to silence complaints from recent
199 version of autoconf. [RT #18657]
201 2528. [cleanup] Silence spurious configure warning about
202 --datarootdir [RT #19096]
204 2527. [bug] named could reuse cache on reload with
205 enabling/disabling validation. [RT #19119]
207 2525. [experimental] New logging category "query-errors" to provide detailed
208 internal information about query failures, especially
209 about server failures. [RT #19027]
211 2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
213 2523. [bug] Random type rdata freed by dns_nsec_typepresent().
216 2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
218 2521. [bug] Improve epoll cross compilation support. [RT #19047]
220 2519. [bug] dig/host with -4 or -6 didn't work if more than two
221 nameserver addresses of the excluded address family
222 preceded in resolv.conf. [RT #19081]
224 2517. [bug] dig +trace with -4 or -6 failed when it chose a
225 nameserver address of the excluded address.
228 2516. [bug] glue sort for responses was performed even when not
231 2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
232 a nameserver of the excluded address family.
235 2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
238 2506. [port] solaris: Check at configure time if
239 hack_shutup_pthreadonceinit is needed. [RT #19037]
241 2505. [port] Treat amd64 similarly to x86_64 when determining
242 atomic operation support. [RT #19031]
244 2503. [port] linux: improve compatibility with Linux Standard
247 2502. [cleanup] isc_radix: Improve compliance with coding style,
248 document function in <isc/radix.h>. [RT #18534]
250 --- 9.6.0 released ---
252 2520. [bug] Update xml statistics version number to 2.0 as change
253 #2388 made the schema incompatible to the previous
256 --- 9.6.0rc2 released ---
258 2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
261 2513 [bug] Fix windows cli build. [RT #19062]
263 2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
266 2509. [bug] Specifying a fixed query source port was broken.
269 2504. [bug] Address race condition in the socket code. [RT #18899]
271 --- 9.6.0rc1 released ---
273 2498. [bug] Removed a bogus function argument used with
274 ISC_SOCKET_USE_POLLWATCH: it could cause compiler
275 warning or crash named with the debug 1 level
276 of logging. [RT #18917]
278 2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
281 2496. [bug] Add sanity length checks to NSID option. [RT #18813]
283 2495. [bug] Tighten RRSIG checks. [RT #18795]
285 2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
286 installed. [RT #18826]
288 2493. [bug] The linux capabilities code was not correctly cleaning
289 up after itself. [RT #18767]
291 2492. [func] Rndc status now reports the number of cpus discovered
292 and the number of worker threads when running
293 multi-threaded. [RT #18273]
295 2491. [func] Attempt to re-use a local port if we are already using
296 the port. [RT #18548]
298 2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
299 is cleared when IPV6_V6ONLY is set. [RT #18785]
301 2489. [port] solaris: Workaround Solaris's kernel bug about
303 http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
304 Define ISC_SOCKET_USE_POLLWATCH at build time to enable
305 this workaround. [RT #18870]
307 2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
308 from keyset and .key files. [RT #18694]
310 2487. [bug] Give TCP connections longer to complete. [RT #18675]
312 2486. [func] The default locations for named.pid and lwresd.pid
313 are now /var/run/named/named.pid and
314 /var/run/lwresd/lwresd.pid respectively.
316 This allows the owner of the containing directory
317 to be set, for "named -u" support, and allows there
318 to be a permanent symbolic link in the path, for
319 "named -t" support. [RT #18306]
321 2485. [bug] Change update's the handling of obscured RRSIG
322 records. Not all orphaned DS records were being
325 2484. [bug] It was possible to trigger a REQUIRE failure when
326 adding NSEC3 proofs to the response in
327 query_addwildcardproof(). [RT #18828]
329 2483. [port] win32: chroot() is not supported. [RT #18805]
331 2482. [port] libxml2: support versions 2.7.* in addition
332 to 2.6.*. [RT #18806]
334 --- 9.6.0b1 released ---
336 2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
337 collisions. [RT #18812]
339 2480. [bug] named could fail to emit all the required NSEC3
342 2479. [bug] xfrout:covers was not properly initialized. [RT #18801]
344 2478. [bug] 'addresses' could be used uninitialized in
345 configure_forward(). [RT #18800]
347 2477. [bug] dig: the global option to print the command line is
348 +cmd not print_cmd. Update the output to reflect
351 2476. [doc] ARM: improve documentation for max-journal-size and
352 ixfr-from-differences. [RT #15909] [RT #18541]
354 2475. [bug] LRU cache cleanup under overmem condition could purge
355 particular entries more aggressively. [RT #17628]
357 2474. [bug] ACL structures could be allocated with insufficient
358 space, causing an array overrun. [RT #18765]
360 2473. [port] linux: raise the limit on open files to the possible
361 maximum value before spawning threads; 'files'
362 specified in named.conf doesn't seem to work with
363 threads as expected. [RT #18784]
365 2472. [port] linux: check the number of available cpu's before
366 calling chroot as it depends on "/proc". [RT #16923]
368 2471. [bug] named-checkzone was not reporting missing mandatory
369 glue when sibling checks were disabled. [RT #18768]
371 2470. [bug] Elements of the isc_radix_node_t could be incorrectly
372 overwritten. [RT# 18719]
374 2469. [port] solaris: Work around Solaris's select() limitations.
377 2468. [bug] Resolver could try unreachable servers multiple times.
380 2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
382 2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
385 2465. [bug] Adb's handling of lame addresses was different
386 for IPv4 and IPv6. [RT #18738]
388 2464. [port] linux: check that a capability is present before
389 trying to set it. [RT #18135]
391 2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
392 API and glibc hides parts of the IPv6 Advanced Socket
393 API as a result. This is stupid as it breaks how the
394 two halves (Basic and Advanced) of the IPv6 Socket API
395 were designed to be used but we have to live with it.
396 Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
399 2462. [doc] Document -m (enable memory usage debugging)
400 option for dig. [RT #18757]
402 2461. [port] sunos: Change #2363 was not complete. [RT #17513]
404 --- 9.6.0a1 released ---
406 2460. [bug] Don't call dns_db_getnsec3parameters() on the cache.
409 2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
411 2458. [doc] ARM: update and correction for max-cache-size.
414 2457. [tuning] max-cache-size is reverted to 0, the previous
415 default. It should be safe because expired cache
416 entries are also purged. [RT #18684]
418 2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
419 address, regardless of family. They now correctly
420 distinguish IPv4 from IPv6. [RT #18559]
422 2455. [bug] Stop metadata being transferred via axfr/ixfr.
425 2454. [func] nsupdate: you can now set a default ttl. [RT #18317]
427 2453. [bug] Remove NULL pointer dereference in dns_journal_print().
430 2452. [func] Improve bin/test/journalprint. [RT #18316]
432 2451. [port] solaris: handle runtime linking better. [RT #18356]
434 2450. [doc] Fix lwresd docbook problem for manual page.
439 2448. [func] Add NSEC3 support. [RT #15452]
441 2447. [cleanup] libbind has been split out as a separate product.
443 2446. [func] Add a new log message about build options on startup.
444 A new command-line option '-V' for named is also
445 provided to show this information. [RT# 18645]
447 2445. [doc] ARM out-of-date on empty reverse zones (list includes
448 RFC1918 address, but these are not yet compiled in).
451 2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
452 (clear DF) for UDP responses and requests.
454 2443. [bug] win32: UDP connect() would not generate an event,
455 and so connected UDP sockets would never clean up.
456 Fix this by doing an immediate WSAConnect() rather
457 than an io completion port type for UDP.
459 2442. [bug] A lock could be destroyed twice. [RT# 18626]
461 2441. [bug] isc_radix_insert() could copy radix tree nodes
462 incompletely. [RT #18573]
464 2440. [bug] named-checkconf used an incorrect test to determine
465 if an ACL was set to none.
467 2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
470 2438. [bug] Timeouts could be logged incorrectly under win32.
472 2437. [bug] Sockets could be closed too early, leading to
473 inconsistent states in the socket module. [RT #18298]
475 2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
477 2435. [bug] Fixed an ACL memory leak affecting win32.
479 2434. [bug] Fixed a minor error-reporting bug in
480 lib/isc/win32/socket.c.
482 2433. [tuning] Set initial timeout to 800ms.
484 2432. [bug] More Windows socket handling improvements. Stop
485 using I/O events and use IO Completion Ports
486 throughout. Rewrite the receive path logic to make
487 it easier to support multiple simultaneous
488 requesters in the future. Add stricter consistency
489 checking as a compile-time option (define
490 ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
492 2431. [bug] Acl processing could leak memory. [RT #18323]
494 2430. [bug] win32: isc_interval_set() could round down to
495 zero if the input was less than NS_INTERVAL
496 nanoseconds. Round up instead. [RT #18549]
498 2429. [doc] nsupdate should be in section 1 of the man pages.
501 2428. [bug] dns_iptable_merge() mishandled merges of negative
504 2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
507 2426. [bug] libbind: inet_net_pton() can sometimes return the
508 wrong value if excessively large net masks are
509 supplied. [RT #18512]
511 2425. [bug] named didn't detect unavailable query source addresses
512 at load time. [RT #18536]
514 2424. [port] configure now probes for a working epoll
515 implementation. Allow the use of kqueue,
516 epoll and /dev/poll to be selected at compile
519 2423. [security] Randomize server selection on queries, so as to
520 make forgery a little more difficult. Instead of
521 always preferring the server with the lowest RTT,
522 pick a server with RTT within the same 128
523 millisecond band. [RT #18441]
525 2422. [bug] Handle the special return value of a empty node as
526 if it was a NXRRSET in the validator. [RT #18447]
528 2421. [func] Add new command line option '-S' for named to specify
529 the max number of sockets. [RT #18493]
530 Use caution: this option may not work for some
531 operating systems without rebuilding named.
533 2420. [bug] Windows socket handling cleanup. Let the io
534 completion event send out canceled read/write
535 done events, which keeps us from writing to memory
536 we no longer have ownership of. Add debugging
537 socket_log() function. Rework TCP socket handling
540 2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
541 should not be used for isc_sockettype_fdwatch sockets.
544 2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
547 2417. [bug] Connecting UDP sockets for outgoing queries could
548 unexpectedly fail with an 'address already in use'
551 2416. [func] Log file descriptors that cause exceeding the
552 internal maximum. [RT #18460]
554 2415. [bug] 'rndc dumpdb' could trigger various assertion failures
555 in rbtdb.c. [RT #18455]
557 2414. [bug] A masterdump context held the database lock too long,
558 causing various troubles such as dead lock and
559 recursive lock acquisition. [RT #18311, #18456]
561 2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
563 2412. [bug] win32: address a resource leak. [RT #18374]
565 2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
566 for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
567 at compilation time. [RT #18433]
569 Note: with changes #2469 and #2421 above, there is no
570 need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
573 2410. [bug] Correctly delete m_versionInfo. [RT #18432]
575 2409. [bug] Only log that we disabled EDNS processing if we were
576 subsequently successful. [RT #18029]
578 2408. [bug] A duplicate TCP dispatch event could be sent, which
579 could then trigger an assertion failure in
580 resquery_response(). [RT #18275]
582 2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
586 2405. [cleanup] The default value for dnssec-validation was changed to
587 "yes" in 9.5.0-P1 and all subsequent releases; this
588 was inadvertently omitted from CHANGES at the time.
590 2404. [port] hpux: files unlimited support.
592 2403. [bug] TSIG context leak. [RT #18341]
594 2402. [port] Support Solaris 2.11 and over. [RT #18362]
596 2401. [bug] Expect to get E[MN]FILE errno internal_accept()
597 (from accept() or fcntl() system calls). [RT #18358]
599 2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
604 2398. [bug] Improve file descriptor management. New,
605 temporary, named.conf option reserved-sockets,
606 default 512. [RT #18344]
608 2397. [bug] gssapi_functions had too many elements. [RT #18355]
610 2396. [bug] Don't set SO_REUSEADDR for randomized ports.
613 2395. [port] Avoid warning and no effect from "files unlimited"
614 on Linux when running as root. [RT #18335]
616 2394. [bug] Default configuration options set the limit for
617 open files to 'unlimited' as described in the
618 documentation. [RT #18331]
620 2393. [bug] nested acls containing keys could trigger an
621 assertion in acl.c. [RT #18166]
623 2392. [bug] remove 'grep -q' from acl test script, some platforms
624 don't support it. [RT #18253]
626 2391. [port] hpux: cover additional recvmsg() error codes.
629 2390. [bug] dispatch.c could make a false warning on 'odd socket'.
632 2389. [bug] Move the "working directory writable" check to after
633 the ns_os_changeuser() call. [RT #18326]
635 2388. [bug] Avoid using tables for layout purposes in
636 statistics XSL [RT #18159].
638 2387. [bug] Silence compiler warnings in lib/isc/radix.c.
639 [RT #18147] [RT #18258]
641 2386. [func] Add warning about too small 'open files' limit.
644 2385. [bug] A condition variable in socket.c could leak in
645 rare error handling [RT #17968].
647 2384. [security] Fully randomize UDP query ports to improve
648 forgery resilience. [RT #17949, #18098]
650 2383. [bug] named could double queries when they resulted in
651 SERVFAIL due to overkilling EDNS0 failure detection.
654 2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
657 2381. [port] dlz/mysql: support multiple install layouts for
658 mysql. <prefix>/include/{,mysql/}mysql.h and
659 <prefix>/lib/{,mysql/}. [RT #18152]
661 2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
662 proofs which, in turn, caused validation failures
663 for insecure zones immediately below a secure zone
664 the server was authoritative for. [RT #18112]
666 2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
667 TLDs and supported RRs with TTLs [RT #17972]
669 2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
672 2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
674 2376. [bug] Change #2144 was not complete.
678 2374. [bug] "blackhole" ACLs could cause named to segfault due
679 to some uninitialized memory. [RT #18095]
681 2373. [bug] Default values of zone ACLs were re-parsed each time a
682 new zone was configured, causing an overconsumption
683 of memory. [RT #18092]
685 2372. [bug] Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
687 2371. [doc] Add +nsid option to dig man page. [RT #18039]
689 2370. [bug] "rndc freeze" could trigger an assertion in named
690 when called on a nonexistent zone. [RT #18050]
692 2369. [bug] libbind: Array bounds overrun on read in bitncmp().
695 2368. [port] Linux: use libcap for capability management if
696 possible. [RT# 18026]
698 2367. [bug] Improve counting of dns_resstatscounter_retry
701 2366. [bug] Adb shutdown race. [RT #18021]
703 2365. [bug] Fix a bug that caused dns_acl_isany() to return
704 spurious results. [RT #18000]
706 2364. [bug] named could trigger a assertion when serving a
707 malformed signed zone. [RT #17828]
709 2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
712 2362. [cleanup] Make "rrset-order fixed" a compile-time option.
713 settable by "./configure --enable-fixed-rrset".
714 Disabled by default. [RT #17977]
716 2361. [bug] "recursion" statistics counter could be counted
717 multiple times for a single query. [RT #17990]
719 2360. [bug] Fix a condition where we release a database version
720 (which may acquire a lock) while holding the lock.
722 2359. [bug] Fix NSID bug. [RT #17942]
724 2358. [doc] Update host's default query description. [RT #17934]
726 2357. [port] Don't use OpenSSL's engine support in versions before
727 OpenSSL 0.9.7f. [RT #17922]
729 2356. [bug] Built in mutex profiler was not scalable enough.
732 2355. [func] Extend the number statistics counters available.
735 2354. [bug] Failed to initialize some rdatasetheader_t elements.
738 2353. [func] Add support for Name Server ID (RFC 5001).
739 'dig +nsid' requests NSID from server.
740 'request-nsid yes;' causes recursive server to send
741 NSID requests to upstream servers. Server responds
742 to NSID requests with the string configured by
743 'server-id' option. [RT #17091]
745 2352. [bug] Various GSS_API fixups. [RT #17729]
747 2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
749 2350. [port] win32: IPv6 support. [RT #17797]
751 2349. [func] Provide incremental re-signing support for secure
752 dynamic zones. [RT #1091]
754 2348. [func] Use the EVP interface to OpenSSL. Add PKCS#11 support.
755 Documentation is in the new README.pkcs11 file.
756 New tool, dnssec-keyfromlabel, which takes the
757 label of a key pair in a HSM and constructs a DNS
758 key pair for use by named and dnssec-signzone.
761 2347. [bug] Delete now traverses the RB tree in the canonical
764 2346. [func] Memory statistics now cover all active memory contexts
765 in increased detail. [RT #17580]
767 2345. [bug] named-checkconf failed to detect when forwarders
768 were set at both the options/view level and in
769 a root zone. [RT #17671]
771 2344. [bug] Improve "logging{ file ...; };" documentation.
774 2343. [bug] (Seemingly) duplicate IPv6 entries could be
775 created in ADB. [RT #17837]
777 2342. [func] Use getifaddrs() if available under Linux. [RT #17224]
779 2341. [bug] libbind: add missing -I../include for off source
780 tree builds. [RT #17606]
782 2340. [port] openbsd: interface configuration. [RT #17700]
784 2339. [port] tru64: support for libbind. [RT #17589]
786 2338. [bug] check_ds() could be called with a non DS rdataset.
789 2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
791 2336. [func] If "named -6" is specified then listen on all IPv6
792 interfaces if there are not listen-on-v6 clauses in
793 named.conf. [RT #17581]
795 2335. [port] sunos: libbind and *printf() support for long long.
798 2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
799 bug in fromstruct_txt(). [RT #17609]
801 2333. [bug] Fix off by one error in isc_time_nowplusinterval().
804 2332. [contrib] query-loc-0.4.0. [RT #17602]
806 2331. [bug] Failure to regenerate any signatures was not being
807 reported nor being past back to the UPDATE client.
810 2330. [bug] Remove potential race condition when handling
811 over memory events. [RT #17572]
813 WARNING: API CHANGE: over memory callback
814 function now needs to call isc_mem_waterack().
815 See <isc/mem.h> for details.
817 2329. [bug] Clearer help text for dig's '-x' and '-i' options.
819 2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
820 F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
821 J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
824 2327. [bug] It was possible to dereference a NULL pointer in
825 rbtdb.c. Implement dead node processing in zones as
826 we do for caches. [RT #17312]
828 2326. [bug] It was possible to trigger a INSIST in the acache
831 2325. [port] Linux: use capset() function if available. [RT #17557]
833 2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
835 2323. [port] tru64: namespace clash. [RT #17547]
837 2322. [port] MacOS: work around the limitation of setrlimit()
838 for RLIMIT_NOFILE. [RT #17526]
842 2320. [func] Make statistics counters thread-safe for platforms
843 that support certain atomic operations. [RT #17466]
845 2319. [bug] Silence Coverity warnings in
846 lib/dns/rdata/in_1/apl_42.c. [RT #17469]
848 2318. [port] sunos fixes for libbind. [RT #17514]
850 2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
852 2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
855 2315. [bug] Used incorrect address family for mapped IPv4
856 addresses in acl.c. [RT #17519]
858 2314. [bug] Uninitialized memory use on error path in
859 bin/named/lwdnoop.c. [RT #17476]
861 2313. [cleanup] Silence Coverity warnings. Handle private stacks.
862 [RT #17447] [RT #17478]
864 2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
867 2311. [bug] IPv6 addresses could match IPv4 ACL entries and
868 vice versa. [RT #17462]
870 2310. [bug] dig, host, nslookup: flush stdout before emitting
871 debug/fatal messages. [RT #17501]
873 2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
876 2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
879 2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
881 2306. [bug] Remove potential race from lib/dns/resolver.c.
884 2305. [security] inet_network() buffer overflow. CVE-2008-0122.
886 2304. [bug] Check returns from all dns_rdata_tostruct() calls.
889 2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
892 2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
894 2301. [bug] Remove resource leak and fix error messages in
895 bin/tests/system/lwresd/lwtest.c. [RT #17474]
897 2300. [bug] Fixed failure to close open file in
898 bin/tests/names/t_names.c. [RT #17473]
900 2299. [bug] Remove unnecessary NULL check in
901 bin/nsupdate/nsupdate.c. [RT #17475]
903 2298. [bug] isc_mutex_lock() failure not caught in
904 bin/tests/timers/t_timers.c. [RT #17468]
906 2297. [bug] isc_entropy_createfilesource() failure not caught in
907 bin/tests/dst/t_dst.c. [RT #17467]
909 2296. [port] Allow docbook stylesheet location to be specified to
910 configure. [RT #17457]
912 2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
915 2294. [func] Allow the experimental statistics channels to have
916 multiple connections and ACL.
917 Note: the stats-server and stats-server-v6 options
918 available in the previous beta releases are replaced
919 with the generic statistics-channels statement.
921 2293. [func] Add ACL regression test. [RT #17375]
923 2292. [bug] Log if the working directory is not writable.
926 2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
927 failure to set PR_SET_DUMPABLE. [RT #17312]
929 2290. [bug] Let AD in the query signal that the client wants AD
930 set in the response. [RT #17301]
932 2289. [func] named-checkzone now reports the out-of-zone CNAME
935 2288. [port] win32: mark service as running when we have finished
938 2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
940 2286. [func] Allow a TCP connection to be used as a weak
941 authentication method for reverse zones.
942 New update-policy methods tcp-self and 6to4-self.
945 2285. [func] Test framework for client memory context management.
948 2284. [bug] Memory leak in UPDATE prerequisite processing.
951 2283. [bug] TSIG keys were not attaching to the memory
952 context. TSIG keys should use the rings
953 memory context rather than the clients memory
956 2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
958 2281. [bug] Attempts to use undefined acls were not being logged.
961 2280. [func] Allow the experimental http server to be reached
962 over IPv6 as well as IPv4. [RT #17332]
964 2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
965 to protect applications from receiving spurious
966 SIGPIPE signals when using the resolver.
968 2278. [bug] win32: handle the case where Windows returns no
969 search list or DNS suffix. [RT #17354]
971 2277. [bug] Empty zone names were not correctly being caught at
972 in the post parse checks. [RT #17357]
974 2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
976 2275. [func] Add support to dig to perform IXFR queries over UDP.
979 2274. [func] Log zone transfer statistics. [RT #17336]
981 2273. [bug] Adjust log level to WARNING when saving inconsistent
982 stub/slave master and journal files. [RT# 17279]
984 2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
987 2271. [bug] Fix a memory leak in http server code [RT #17100]
989 2270. [bug] dns_db_closeversion() version->writer could be reset
990 before it is tested. [RT #17290]
992 2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
994 2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
997 --- 9.5.0b1 released ---
999 2267. [bug] Radix tree node_num value could be set incorrectly,
1000 causing positive ACL matches to look like negative
1003 2266. [bug] client.c:get_clientmctx() returned the same mctx
1004 once the pool of mctx's was filled. [RT #17218]
1006 2265. [bug] Test that the memory context's basic_table is non NULL
1007 before freeing. [RT #17265]
1009 2264. [bug] Server prefix length was being ignored. [RT #17308]
1011 2263. [bug] "named-checkconf -z" failed to set default value
1012 for "check-integrity". [RT #17306]
1014 2262. [bug] Error status from all but the last view could be
1017 2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
1019 2260. [bug] Reported wrong clients-per-query when increasing the
1024 --- 9.5.0a7 released ---
1026 2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
1029 2257. [bug] win32: Use the full path to vcredist_x86.exe when
1030 calling it. [RT #17222]
1032 2256. [bug] win32: Correctly register the installation location of
1033 bindevt.dll. [RT #17159]
1035 2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
1037 2254. [bug] timer.c:dispatch() failed to lock timer->lock
1038 when reading timer->idle allowing it to see
1039 intermediate values as timer->idle was reset by
1040 isc_timer_touch(). [RT #17243]
1042 2253. [func] "max-cache-size" defaults to 32M.
1043 "max-acache-size" defaults to 16M.
1045 2252. [bug] Fixed errors in sortlist code [RT #17216]
1049 2250. [func] New flag 'memstatistics' to state whether the
1050 memory statistics file should be written or not.
1051 Additionally named's -m option will cause the
1052 statistics file to be written. [RT #17113]
1054 2249. [bug] Only set Authentic Data bit if client requested
1055 DNSSEC, per RFC 3655 [RT #17175]
1057 2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
1059 2247. [doc] Sort doc/misc/options. [RT #17067]
1061 2246. [bug] Make the startup of test servers (ans.pl) more
1064 2245. [bug] Validating lack of DS records at trust anchors wasn't
1065 working. [RT #17151]
1067 2244. [func] Allow the check of nameserver names against the
1068 SOA MNAME field to be disabled by specifying
1069 'notify-to-soa yes;'. [RT #17073]
1071 2243. [func] Configuration files without a newline at the end now
1072 parse without error. [RT #17120]
1074 2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
1075 library could require a source of random data.
1078 2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
1080 2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
1081 a number of INSIST()s into plain fatal() errors
1082 which report the triggering result code.
1083 The 'key' command wasn't disabling GSS-TSIG.
1086 2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
1088 2238. [bug] It was possible to trigger a REQUIRE when a
1089 validation was canceled. [RT #17106]
1091 2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
1093 2236. [bug] dnssec-signzone failed to preserve the case of
1094 of wildcard owner names. [RT #17085]
1096 2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
1098 2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
1100 2233. [func] Add support for O(1) ACL processing, based on
1101 radix tree code originally written by Kevin
1102 Brintnall. [RT #16288]
1104 2232. [bug] dns_adb_findaddrinfo() could fail and return
1105 ISC_R_SUCCESS. [RT #17137]
1107 2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
1110 2230. [bug] We could INSIST reading a corrupted journal.
1113 2229. [bug] Null pointer dereference on query pool creation
1114 failure. [RT #17133]
1116 2228. [contrib] contrib: Change 2188 was incomplete.
1118 2227. [cleanup] Tidied up the FAQ. [RT #17121]
1122 2225. [bug] More support for systems with no IPv4 addresses.
1125 2224. [bug] Defer journal compaction if a xfrin is in progress.
1128 2223. [bug] Make a new journal when compacting. [RT #17119]
1130 2222. [func] named-checkconf now checks server key references.
1133 2221. [bug] Set the event result code to reflect the actual
1134 record turned to caller when a cache update is
1135 rejected due to a more credible answer existing.
1138 2220. [bug] win32: Address a race condition in final shutdown of
1139 the Windows socket code. [RT #17028]
1141 2219. [bug] Apply zone consistency checks to additions, not
1142 removals, when updating. [RT #17049]
1144 2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
1147 2217. [func] Adjust update log levels. [RT #17092]
1149 2216. [cleanup] Fix a number of errors reported by Coverity.
1152 2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
1154 2214. [bug] Deregister OpenSSL lock callback when cleaning
1155 up. Reorder OpenSSL cleanup so that RAND_cleanup()
1156 is called before the locks are destroyed. [RT #17098]
1158 2213. [bug] SIG0 diagnostic failure messages were looking at the
1159 wrong status code. [RT #17101]
1161 2212. [func] 'host -m' now causes memory statistics and active
1162 memory to be printed at exit. [RT 17028]
1164 2211. [func] Update "dynamic update temporarily disabled" message.
1167 2210. [bug] Deleting class specific records via UPDATE could
1170 2209. [port] osx: linking against user supplied static OpenSSL
1171 libraries failed as the system ones were still being
1174 2208. [port] win32: make sure both build methods produce the
1175 same output. [RT #17058]
1177 2207. [port] Some implementations of getaddrinfo() fail to set
1178 ai_canonname correctly. [RT #17061]
1180 --- 9.5.0a6 released ---
1182 2206. [security] "allow-query-cache" and "allow-recursion" now
1183 cross inherit from each other.
1185 If allow-query-cache is not set in named.conf then
1186 allow-recursion is used if set, otherwise allow-query
1187 is used if set, otherwise the default (localnets;
1188 localhost;) is used.
1190 If allow-recursion is not set in named.conf then
1191 allow-query-cache is used if set, otherwise allow-query
1192 is used if set, otherwise the default (localnets;
1193 localhost;) is used.
1197 2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
1199 2204. [bug] "rndc flushanme name unknown-view" caused named
1200 to crash. [RT #16984]
1202 2203. [security] Query id generation was cryptographically weak.
1205 2202. [security] The default acls for allow-query-cache and
1206 allow-recursion were not being applied. [RT #16960]
1208 2201. [bug] The build failed in a separate object directory.
1211 2200. [bug] The search for cached NSEC records was stopping to
1212 early leading to excessive DLV queries. [RT #16930]
1214 2199. [bug] win32: don't call WSAStartup() while loading dlls.
1217 2198. [bug] win32: RegCloseKey() could be called when
1218 RegOpenKeyEx() failed. [RT #16911]
1220 2197. [bug] Add INSIST to catch negative responses which are
1221 not setting the event result code appropriately.
1224 2196. [port] win32: yield processor while waiting for once to
1225 to complete. [RT #16958]
1227 2195. [func] dnssec-keygen now defaults to nametype "ZONE"
1228 when generating DNSKEYs. [RT #16954]
1230 2194. [bug] Close journal before calling 'done' in xfrin.c.
1232 --- 9.5.0a5 released ---
1234 2193. [port] win32: BINDInstall.exe is now linked statically.
1237 2192. [port] win32: use vcredist_x86.exe to install Visual
1238 Studio's redistributable dlls if building with
1239 Visual Stdio 2005 or later.
1241 2191. [func] named-checkzone now allows dumping to stdout (-).
1242 named-checkconf now has -h for help.
1243 named-checkzone now has -h for help.
1244 rndc now has -h for help.
1245 Better handling of '-?' for usage summaries.
1248 2190. [func] Make fallback to plain DNS from EDNS due to timeouts
1249 more visible. New logging category "edns-disabled".
1252 2189. [bug] Handle socket() returning EINTR. [RT #15949]
1254 2188. [contrib] queryperf: autoconf changes to make the search for
1255 libresolv or libbind more robust. [RT #16299]
1257 2187. [bug] query_addds(), query_addwildcardproof() and
1258 query_addnxrrsetnsec() should take a version
1259 argument. [RT #16368]
1261 2186. [port] cygwin: libbind: check for struct sockaddr_storage
1262 independently of IPv6. [RT #16482]
1264 2185. [port] sunos: libbind: check for ssize_t, memmove() and
1265 memchr(). [RT #16463]
1267 2184. [bug] bind9.xsl.h didn't build out of the source tree.
1270 2183. [bug] dnssec-signzone didn't handle offline private keys
1273 2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
1274 could return ISC_R_SUCCESS when they ran out of
1277 2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
1279 2180. [cleanup] Remove bit test from 'compress_test' as they
1280 are no longer needed. [RT #16497]
1282 2179. [func] 'rndc command zone' will now find 'zone' if it is
1283 unique to all the views. [RT #16821]
1285 2178. [bug] 'rndc reload' of a slave or stub zone resulted in
1286 a reference leak. [RT #16867]
1288 2177. [bug] Array bounds overrun on read (rcodetext) at
1289 debug level 10+. [RT #16798]
1291 2176. [contrib] dbus update to handle race condition during
1292 initialization (Bugzilla 235809). [RT #16842]
1294 2175. [bug] win32: windows broadcast condition variable support
1295 was broken. [RT #16592]
1297 2174. [bug] I/O errors should always be fatal when reading
1298 master files. [RT #16825]
1300 2173. [port] win32: When compiling with MSVS 2005 SP1 we also
1301 need to ship Microsoft.VC80.MFCLOC.
1303 --- 9.5.0a4 released ---
1305 2172. [bug] query_addsoa() was being called with a non zone db.
1308 2171. [bug] Handle breaks in DNSSEC trust chains where the parent
1309 servers are not DS aware (DS queries to the parent
1310 return a referral to the child).
1312 2170. [func] Add acache processing to test suite. [RT #16711]
1314 2169. [bug] host, nslookup: when reporting NXDOMAIN report the
1315 given name and not the last name searched for.
1318 2168. [bug] nsupdate: in non-interactive mode treat syntax errors
1319 as fatal errors. [RT #16785]
1321 2167. [bug] When re-using a automatic zone named failed to
1322 attach it to the new view. [RT #16786]
1324 --- 9.5.0a3 released ---
1326 2166. [bug] When running in batch mode, dig could misinterpret
1327 a server address as a name to be looked up, causing
1328 unexpected output. [RT #16743]
1330 2165. [func] Allow the destination address of a query to determine
1331 if we will answer the query or recurse.
1332 allow-query-on, allow-recursion-on and
1333 allow-query-cache-on. [RT #16291]
1335 2164. [bug] The code to determine how named-checkzone /
1336 named-compilezone was called failed under windows.
1339 2163. [bug] If only one of query-source and query-source-v6
1340 specified a port the query pools code broke (change
1343 2162. [func] Allow "rrset-order fixed" to be disabled at compile
1346 2161. [bug] Fix which log messages are emitted for 'rndc flush'.
1349 2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
1350 from getifaddrs(). [RT #16708]
1352 --- 9.5.0a2 released ---
1354 2159. [bug] Array bounds overrun in acache processing. [RT #16710]
1356 2158. [bug] ns_client_isself() failed to initialize key
1357 leading to a REQUIRE failure. [RT #16688]
1359 2157. [func] dns_db_transfernode() created. [RT #16685]
1361 2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
1362 resolver.c:validated() and resolver.c:cache_name().
1363 Fix a memory leak in rbtdb.c:free_noqname().
1364 Make lookup.c:lookup_find() robust against
1365 event leaks. [RT #16685]
1367 2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
1370 2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
1371 matched in acls by omitting the scope. [RT #16599]
1373 2153. [bug] nsupdate could leak memory. [RT #16691]
1375 2152. [cleanup] Use sizeof(buf) instead of fixed number in
1376 dighost.c:get_trusted_key(). [RT #16678]
1378 2151. [bug] Missing newline in usage message for journalprint.
1381 2150. [bug] 'rrset-order cyclic' uniformly distribute the
1382 starting point for the first response for a given
1385 2149. [bug] isc_mem_checkdestroyed() failed to abort on
1386 if there were still active memory contexts.
1389 2148. [func] Add positive logging for rndc commands. [RT #14623]
1391 2147. [bug] libbind: remove potential buffer overflow from
1392 hmac_link.c. [RT #16437]
1394 2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
1395 SO_BSDCOMPAT" message. [RT #16641]
1397 2145. [bug] Check DS/DLV digest lengths for known digests.
1400 2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
1403 2143. [bug] We failed to restart the IPv6 client when the
1404 kernel failed to return the destination the
1405 packet was sent to. [RT #16613]
1407 2142. [bug] Handle master files with a modification time that
1408 matches the epoch. [RT# 16612]
1410 2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
1411 equivalent of LDH checks). [RT #16609]
1413 2140. [bug] libbind: missing unlock on pthread_key_create()
1414 failures. [RT #16654]
1416 2139. [bug] dns_view_find() was being called with wrong type
1417 in adb.c. [RT #16670]
1419 2138. [bug] Lock order reversal in resolver.c. [RT #16653]
1421 2137. [port] Mips little endian and/or mips 64 bit are now
1422 supported for atomic operations. [RT#16648]
1424 2136. [bug] nslookup/host looped if there was no search list
1425 and the host didn't exist. [RT #16657]
1427 2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
1429 2134. [func] Additional statistics support. [RT #16666]
1431 2133. [port] powerpc: Support both IBM and MacOS Power PC
1432 assembler syntaxes. [RT #16647]
1434 2132. [bug] Missing unlock on out of memory in
1435 dns_dispatchmgr_setudp().
1437 2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
1439 2130. [func] Log if CD or DO were set. [RT #16640]
1441 2129. [func] Provide a pool of UDP sockets for queries to be
1442 made over. See use-queryport-pool, queryport-pool-ports
1443 and queryport-pool-updateinterval. [RT #16415]
1445 2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
1447 2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
1449 2126. [security] Serialize validation of type ANY responses. [RT #16555]
1451 2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
1452 was defined. [RT #16574]
1454 2124. [security] It was possible to dereference a freed fetch
1455 context. [RT #16584]
1457 --- 9.5.0a1 released ---
1459 2123. [func] Use Doxygen to generate internal documentation.
1462 2122. [func] Experimental http server and statistics support
1465 2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
1466 second timeout. [RT #16553]
1468 2120. [doc] Fix markup on nsupdate man page. [RT #16556]
1470 2119. [compat] libbind: allow res_init() to succeed enough to
1471 return the default domain even if it was unable
1474 2118. [bug] Handle response with long chains of domain name
1475 compression pointers which point to other compression
1476 pointers. [RT #16427]
1478 2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
1479 which could lead to validation failures. named didn't
1480 handle negative DS responses that were in the process
1481 of being validated. Check CNAME bit before accepting
1482 NODATA proof. To be able to ignore a child NSEC there
1483 must be SOA (and NS) set in the bitmap. [RT #16399]
1485 2116. [bug] 'rndc reload' could cause the cache to continually
1486 be cleaned. [RT #16401]
1488 2115. [bug] 'rndc reconfig' could trigger a INSIST if the
1489 number of masters for a zone was reduced. [RT #16444]
1491 2114. [bug] dig/host/nslookup: searches for names with multiple
1492 labels were failing. [RT #16447]
1494 2113. [bug] nsupdate: if a zone is specified it should be used
1495 for server discover. [RT# 16455]
1497 2112. [security] Warn if weak RSA exponent is used. [RT #16460]
1499 2111. [bug] Fix a number of errors reported by Coverity.
1502 2110. [bug] "minimal-responses yes;" interacted badly with BIND 8
1503 priming queries. [RT #16491]
1505 2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
1507 2108. [func] DHCID support. [RT #16456]
1509 2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
1511 2106. [func] 'rndc status' now reports named's version. [RT #16426]
1513 2105. [func] GSS-TSIG support (RFC 3645).
1515 2104. [port] Fix Solaris SMF error message.
1517 2103. [port] Add /usr/sfw to list of locations for OpenSSL
1520 2102. [port] Silence Solaris 10 warnings.
1522 2101. [bug] OpenSSL version checks were not quite right.
1525 2100. [port] win32: copy libeay32.dll to Build\Debug.
1526 Copy Debug\named-checkzone to Debug\named-compilezone.
1528 2099. [port] win32: more manifest issues.
1530 2098. [bug] Race in rbtdb.c:no_references(), which occasionally
1531 triggered an INSIST failure about the node lock
1532 reference. [RT #16411]
1534 2097. [bug] named could reference a destroyed memory context
1535 after being reloaded / reconfigured. [RT #16428]
1537 2096. [bug] libbind: handle applications that fail to detect
1538 res_init() failures better.
1540 2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
1541 net_cidr_ntop_ipv6(). [RT #16388]
1543 2094. [contrib] Update named-bootconf. [RT# 16404]
1545 2093. [bug] named-checkzone -s was broken.
1547 2092. [bug] win32: dig, host, nslookup. Use registry config
1548 if resolv.conf does not exist or no nameservers
1551 2091. [port] dighost.c: race condition on cleanup. [RT #16417]
1553 2090. [port] win32: Visual C++ 2005 command line manifest support.
1556 2089. [security] Raise the minimum safe OpenSSL versions to
1557 OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
1558 prior to these have known security flaws which
1559 are (potentially) exploitable in named. [RT #16391]
1561 2088. [security] Change the default RSA exponent from 3 to 65537.
1564 2087. [port] libisc failed to compile on OS's w/o a vsnprintf.
1567 2086. [port] libbind: FreeBSD now has get*by*_r() functions.
1570 2085. [doc] win32: added index.html and README to zip. [RT #16201]
1572 2084. [contrib] dbus update for 9.3.3rc2.
1574 2083. [port] win32: Visual C++ 2005 support.
1576 2082. [doc] Document 'cache-file' as a test only option.
1578 2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
1581 2080. [port] libbind: res_init.c did not compile on older versions
1582 of Solaris. [RT #16363]
1584 2079. [bug] The lame cache was not handling multiple types
1585 correctly. [RT #16361]
1587 2078. [bug] dnssec-checkzone output style "default" was badly
1588 named. It is now called "relative". [RT #16326]
1590 2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the
1591 complete signed zone. [RT #16326]
1593 2076. [bug] Several files were missing #include <config.h>
1594 causing build failures on OSF. [RT #16341]
1596 2075. [bug] The spillat timer event hander could leak memory.
1599 2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
1600 dns_request_createraw2() and dns_request_createraw3()
1601 failed to send multiple UDP requests. [RT #16349]
1603 2073. [bug] Incorrect semantics check for update policy "wildcard".
1606 2072. [bug] We were not generating valid HMAC SHA digests.
1609 2071. [port] Test whether gcc accepts -fno-strict-aliasing.
1612 2070. [bug] The remote address was not always displayed when
1613 reporting dispatch failures. [RT #16315]
1615 2069. [bug] Cross compiling was not working. [RT #16330]
1617 2068. [cleanup] Lower incremental tuning message to debug 1.
1620 2067. [bug] 'rndc' could close the socket too early triggering
1621 a INSIST under Windows. [RT #16317]
1623 2066. [security] Handle SIG queries gracefully. [RT #16300]
1625 2065. [bug] libbind: probe for HPUX prototypes for
1626 endprotoent_r() and endservent_r(). [RT 16313]
1628 2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
1630 2063. [bug] Change #1955 introduced a bug which caused the first
1631 'rndc flush' call to not free memory. [RT #16244]
1633 2062. [bug] 'dig +nssearch' was reusing a buffer before it had
1634 been returned by the socket code. [RT #16307]
1636 2061. [bug] Accept expired wildcard message reversed. [RT #16296]
1638 2060. [bug] Enabling DLZ support could leave views partially
1639 configured. [RT #16295]
1641 2059. [bug] Search into cache rbtdb could trigger an INSIST
1642 failure while cleaning up a stale rdataset.
1645 2058. [bug] Adjust how we calculate rtt estimates in the presence
1646 of authoritative servers that drop EDNS and/or CD
1647 requests. Also fallback to EDNS/512 and plain DNS
1648 faster for zones with less than 3 servers. [RT #16187]
1650 2057. [bug] Make setting "ra" dependent on both allow-query-cache
1651 and allow-recursion. [RT #16290]
1653 2056. [bug] dig: ixfr= was not being treated case insensitively
1654 at all times. [RT #15955]
1656 2055. [bug] Missing goto after dropping multicast query.
1659 2054. [port] freebsd: do not explicitly link against -lpthread.
1662 2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
1664 2052. [bug] 'rndc' improve connect failed message to report
1665 the failing address. [RT #15978]
1667 2051. [port] More strtol() fixes. [RT #16249]
1669 2050. [bug] Parsing of NSAP records was not case insensitive.
1672 2049. [bug] Restore SOA before AXFR when falling back from
1673 a attempted IXFR when transferring in a zone.
1674 Allow a initial SOA query before attempting
1675 a AXFR to be requested. [RT #16156]
1677 2048. [bug] It was possible to loop forever when using
1678 avoid-v4-udp-ports / avoid-v6-udp-ports when
1679 the OS always returned the same local port.
1682 2047. [bug] Failed to initialize the interface flags to zero.
1685 2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
1686 cleanup [RT #16247].
1688 2045. [func] Use lock buckets for acache entries to limit memory
1689 consumption. [RT #16183]
1691 2044. [port] Add support for atomic operations for Itanium.
1694 2043. [port] nsupdate/nslookup: Force the flushing of the prompt
1695 for interactive sessions. [RT#16148]
1697 2042. [bug] named-checkconf was incorrectly rejecting the
1698 logging category "config". [RT #16117]
1700 2041. [bug] "configure --with-dlz-bdb=yes" produced a bad
1701 set of libraries to be linked. [RT #16129]
1703 2040. [bug] rbtdb no_references() could trigger an INSIST
1704 failure with --enable-atomic. [RT #16022]
1706 2039. [func] Check that all buffers passed to the socket code
1707 have been retrieved when the socket event is freed.
1710 2038. [bug] dig/nslookup/host was unlinking from wrong list
1711 when handling errors. [RT #16122]
1713 2037. [func] When unlinking the first or last element in a list
1714 check that the list head points to the element to
1715 be unlinked. [RT #15959]
1717 2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
1720 2035. [func] Make falling back to TCP on UDP refresh failure
1721 optional. Default "try-tcp-refresh yes;" for BIND 8
1722 compatibility. [RT #16123]
1724 2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
1726 2033. [bug] We weren't creating multiple client memory contexts
1727 on demand as expected. [RT #16095]
1729 2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
1731 2031. [bug] Emit a error message when "rndc refresh" is called on
1732 a non slave/stub zone. [RT # 16073]
1734 2030. [bug] We were being overly conservative when disabling
1735 openssl engine support. [RT #16030]
1737 2029. [bug] host printed out the server multiple times when
1738 specified on the command line. [RT #15992]
1740 2028. [port] linux: socket.c compatibility for old systems.
1743 2027. [port] libbind: Solaris x86 support. [RT #16020]
1745 2026. [bug] Rate limit the two recursive client exceeded messages.
1748 2025. [func] Update "zone serial unchanged" message. [RT #16026]
1750 2024. [bug] named emitted spurious "zone serial unchanged"
1751 messages on reload. [RT #16027]
1753 2023. [bug] "make install" should create ${localstatedir}/run and
1754 ${sysconfdir} if they do not exist. [RT #16033]
1756 2022. [bug] If dnssec validation is disabled only assert CD if
1757 CD was requested. [RT #16037]
1759 2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037]
1761 2020. [bug] rdataset_setadditional() could leak memory. [RT #16034]
1763 2019. [tuning] Reduce the amount of work performed per quantum
1764 when cleaning the cache. [RT #15986]
1766 2018. [bug] Checking if the HMAC MD5 private file was broken.
1769 2017. [bug] allow-query default was not correct. [RT #15946]
1771 2016. [bug] Return a partial answer if recursion is not
1772 allowed but requested and we had the answer
1773 to the original qname. [RT #15945]
1775 2015. [cleanup] use-additional-cache is now acache-enable for
1776 consistency. Default acache-enable off in BIND 9.4
1777 as it requires memory usage to be configured.
1778 It may be enabled by default in BIND 9.5 once we
1779 have more experience with it.
1781 2014. [func] Statistics about acache now recorded and sent
1784 2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
1785 responses more gracefully. [RT #15941]
1787 2012. [func] Don't insert new acache entries if acache is full.
1790 2011. [func] dnssec-signzone can now update the SOA record of
1791 the signed zone, either as an increment or as the
1792 system time(). [RT #15633]
1794 2010. [placeholder] rt15958
1796 2009. [bug] libbind: Coverity fixes. [RT #15808]
1798 2008. [func] It is now possible to enable/disable DNSSEC
1799 validation from rndc. This is useful for the
1800 mobile hosts where the current connection point
1801 breaks DNSSEC (firewall/proxy). [RT #15592]
1803 rndc validation newstate [view]
1805 2007. [func] It is now possible to explicitly enable DNSSEC
1806 validation. default dnssec-validation no; to
1807 be changed to yes in 9.5.0. [RT #15674]
1809 2006. [security] Allow-query-cache and allow-recursion now default
1810 to the built in acls "localnets" and "localhost".
1812 This is being done to make caching servers less
1813 attractive as reflective amplifying targets for
1814 spoofed traffic. This still leave authoritative
1817 The best fix is for full BCP 38 deployment to
1818 remove spoofed traffic.
1820 2005. [bug] libbind: Retransmission timeouts should be
1821 based on which attempt it is to the nameserver
1822 and not the nameserver itself. [RT #13548]
1824 2004. [bug] dns_tsig_sign() could pass a NULL pointer to
1825 dst_context_destroy() when cleaning up after a
1828 2003. [bug] libbind: The DNS name/address lookup functions could
1829 occasionally follow a random pointer due to
1830 structures not being completely zeroed. [RT #15806]
1832 2002. [bug] libbind: tighten the constraints on when
1833 struct addrinfo._ai_pad exists. [RT #15783]
1835 2001. [func] Check the KSK flag when updating a secure dynamic zone.
1836 New zone option "update-check-ksk yes;". [RT #15817]
1838 2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812]
1840 1999. [func] Implement "rrset-order fixed". [RT #13662]
1842 1998. [bug] Restrict handling of fifos as sockets to just SunOS.
1843 This allows named to connect to entropy gathering
1844 daemons that use fifos instead of sockets. [RT #15840]
1846 1997. [bug] Named was failing to replace negative cache entries
1847 when a positive one for the type was learnt.
1850 1996. [bug] nsupdate: if a zone has been specified it should
1851 appear in the output of 'show'. [RT #15797]
1853 1995. [bug] 'host' was reporting multiple "is an alias" messages.
1856 1994. [port] OpenSSL 0.9.8 support. [RT #15694]
1858 1993. [bug] Log messages, via syslog, were missing the space
1859 after the timestamp if "print-time yes" was specified.
1862 1992. [bug] Not all incoming zone transfer messages included the
1865 1991. [cleanup] The configuration data, once read, should be treated
1866 as read only. Expand the use of const to enforce this
1867 at compile time. [RT #15813]
1869 1990. [bug] libbind: isc's override of broken gettimeofday()
1870 implementations was not always effective.
1873 1989. [bug] win32: don't check the service password when
1874 re-installing. [RT #15882]
1876 1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1879 1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1881 1986. [func] Report when a zone is removed. [RT #15849]
1883 1985. [protocol] DLV has now been assigned a official type code of
1886 Note: care should be taken to ensure you upgrade
1887 both named and dnssec-signzone at the same time for
1888 zones with DLV records where named is the master
1889 server for the zone. Also any zones that contain
1890 DLV records should be removed when upgrading a slave
1891 zone. You do not however have to upgrade all
1892 servers for a zone with DLV records simultaneously.
1894 1984. [func] dig, nslookup and host now advertise a 4096 byte
1895 EDNS UDP buffer size by default. [RT #15855]
1897 1983. [func] Two new update policies. "selfsub" and "selfwild".
1900 1982. [bug] DNSKEY was being accepted on the parent side of
1901 a delegation. KEY is still accepted there for
1902 RFC 3007 validated updates. [RT #15620]
1904 1981. [bug] win32: condition.c:wait() could fail to reattain
1907 1980. [func] dnssec-signzone: output the SOA record as the
1908 first record in the signed zone. [RT #15758]
1910 1979. [port] linux: allow named to drop core after changing
1911 user ids. [RT #15753]
1913 1978. [port] Handle systems which have a broken recvmsg().
1916 1977. [bug] Silence noisy log message. [RT #15704]
1918 1976. [bug] Handle systems with no IPv4 addresses. [RT #15695]
1920 1975. [bug] libbind: isc_gethexstring() could misparse multi-line
1921 hex strings with comments. [RT #15814]
1923 1974. [doc] List each of the zone types and associated zone
1924 options separately in the ARM.
1926 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
1927 HMACSHA512 support. [RT #13606]
1929 1972. [contrib] DBUS dynamic forwarders integration from
1930 Jason Vas Dias <jvdias@redhat.com>.
1932 1971. [port] linux: make detection of missing IF_NAMESIZE more
1935 1970. [bug] nsupdate: adjust UDP timeout when falling back to
1936 unsigned SOA query. [RT #15775]
1938 1969. [bug] win32: the socket code was freeing the socket
1939 structure too early. [RT #15776]
1941 1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1943 1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
1945 1966. [bug] Don't set CD when we have fallen back to plain DNS.
1948 1965. [func] Suppress spurious "recursion requested but not
1949 available" warning with 'dig +qr'. [RT #15780].
1951 1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
1953 1963. [port] Tru64 4.0E doesn't support send() and recv().
1956 1962. [bug] Named failed to clear old update-policy when it
1957 was removed. [RT #15491]
1959 1961. [bug] Check the port and address of responses forwarded
1960 to dispatch. [RT #15474]
1962 1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
1965 1959. [func] Control the zeroing of the negative response TTL to
1966 a soa query. Defaults "zero-no-soa-ttl yes;" and
1967 "zero-no-soa-ttl-cache no;". [RT #15460]
1969 1958. [bug] Named failed to update the zone's secure state
1970 until the zone was reloaded. [RT #15412]
1972 1957. [bug] Dig mishandled responses to class ANY queries.
1975 1956. [bug] Improve cross compile support, 'gen' is now built
1976 by native compiler. See README for additional
1977 cross compile support information. [RT #15148]
1979 1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998]
1981 1954. [func] Named now falls back to advertising EDNS with a
1982 512 byte receive buffer if the initial EDNS queries
1985 1953. [func] The maximum EDNS UDP response named will send can
1986 now be set in named.conf (max-udp-size). This is
1987 independent of the advertised receive buffer
1988 (edns-udp-size). [RT #14852]
1990 1952. [port] hpux: tell the linker to build a runtime link
1991 path "-Wl,+b:". [RT #14816].
1993 1951. [security] Drop queries from particular well known ports.
1994 Don't return FORMERR to queries from particular
1995 well known ports. [RT #15636]
1997 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
1998 a TCP socket. This prevents the source address being
1999 set for TCP connections. [RT #15628]
2001 1949. [func] Addition memory leakage checks. [RT #15544]
2003 1948. [bug] If was possible to trigger a REQUIRE failure in
2004 xfrin.c:maybe_free() if named ran out of memory.
2007 1947. [func] It is now possible to configure named to accept
2008 expired RRSIGs. Default "dnssec-accept-expired no;".
2009 Setting "dnssec-accept-expired yes;" leaves named
2010 vulnerable to replay attacks. [RT #14685]
2012 1946. [bug] resume_dslookup() could trigger a REQUIRE failure
2013 when using forwarders. [RT #15549]
2015 1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
2016 To generate a RSAMD5 key you must explicitly request
2019 1944. [cleanup] isc_hash_create() does not need a read/write lock.
2022 1943. [bug] Set the loadtime after rolling forward the journal.
2025 1942. [bug] If the name of a DNSKEY match that of one in
2026 trusted-keys do not attempt to validate the DNSKEY
2027 using the parents DS RRset. [RT #15649]
2029 1941. [bug] ncache_adderesult() should set eresult even if no
2030 rdataset is passed to it. [RT #15642]
2032 1940. [bug] Fixed a number of error conditions reported by
2035 1939. [bug] The resolver could dereference a null pointer after
2036 validation if all the queries have timed out.
2039 1938. [bug] The validator was not correctly handling unsecure
2040 negative responses at or below a SEP. [RT #15528]
2042 1937. [bug] sdlz doesn't handle RRSIG records. [RT #15564]
2044 1936. [bug] The validator could leak memory. [RT #15544]
2046 1935. [bug] 'acache' was DO sensitive. [RT #15430]
2048 1934. [func] Validate pending NS RRsets, in the authority section,
2049 prior to returning them if it can be done without
2050 requiring DNSKEYs to be fetched. [RT #15430]
2052 1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
2054 1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
2056 1931. [bug] Per-client mctx could require a huge amount of memory,
2057 particularly for a busy caching server. [RT #15519]
2059 1930. [port] HPUX: ia64 support. [RT #15473]
2061 1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
2063 1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
2065 1927. [bug] Access to soanode or nsnode in rbtdb violated the
2066 lock order rule and could cause a dead lock.
2069 1926. [bug] The Windows installer did not check for empty
2070 passwords. BINDinstall was being installed in
2071 the wrong place. [RT #15483]
2073 1925. [port] All outer level AC_TRY_RUNs need cross compiling
2074 defaults. [RT #15469]
2076 1924. [port] libbind: hpux ia64 support. [RT #15473]
2078 1923. [bug] ns_client_detach() called too early. [RT #15499]
2080 1922. [bug] check-tool.c:setup_logging() missing call to
2081 dns_log_setcontext().
2083 1921. [bug] Client memory contexts were not using internal
2086 1920. [bug] The cache rbtdb lock array was too small to
2087 have the desired performance characteristics.
2090 1919. [contrib] queryperf: a set of new features: collecting/printing
2091 response delays, printing intermediate results, and
2092 adjusting query rate for the "target" qps.
2094 1918. [bug] Memory leak when checking acls. [RT #15391]
2096 1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
2097 when generating man pages. [RT #15385]
2099 1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383]
2101 1915. [bug] dig +ndots was broken. [RT #15215]
2103 1914. [protocol] DS is required to accept mnemonic algorithms
2104 (RFC 4034). Still emit numeric algorithms for
2105 compatibility with RFC 3658. [RT #15354]
2107 1913. [func] Integrate contributed DLZ code into named. [RT #11382]
2109 1912. [port] aix: atomic locking for powerpc. [RT #15020]
2111 1911. [bug] Update windows socket code. [RT #14965]
2113 1910. [bug] dig's +sigchase code overhauled. [RT #14933]
2115 1909. [bug] The DLV code has been re-worked to make no longer
2116 query order sensitive. [RT #14933]
2118 1908. [func] dig now warns if 'RA' is not set in the answer when
2119 'RD' was set in the query. host/nslookup skip servers
2120 that fail to set 'RA' when 'RD' is set unless a server
2121 is explicitly set. [RT #15005]
2123 1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
2126 1906. [func] dig now has a '-q queryname' and '+showsearch' options.
2129 1905. [bug] Strings returned from cfg_obj_asstring() should be
2130 treated as read-only. The prototype for
2131 cfg_obj_asstring() has been updated to reflect this.
2134 1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
2135 friends. Note: RFC 1918 zones are not yet covered by
2136 this but are likely to be in a future release.
2138 New options: empty-server, empty-contact,
2139 empty-zones-enable and disable-empty-zone.
2141 1903. [func] ISC string copy API.
2143 1902. [func] Attempt to make the amount of work performed in a
2144 iteration self tuning. The covers nodes clean from
2145 the cache per iteration, nodes written to disk when
2146 rewriting a master file and nodes destroyed per
2147 iteration when destroying a zone or a cache.
2150 1901. [cleanup] Don't add DNSKEY records to the additional section.
2152 1900. [bug] ixfr-from-differences failed to ensure that the
2153 serial number increased. [RT #15036]
2155 1899. [func] named-checkconf now validates update-policy entries.
2158 1898. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
2159 ISC_NETADDR_FORMATSIZE to allow for scope details.
2161 1897. [func] x86 and x86_64 now have separate atomic locking
2164 1896. [bug] Recursive clients soft quota support wasn't working
2165 as expected. [RT #15103]
2167 1895. [bug] A escaped character is, potentially, converted to
2168 the output character set too early. [RT #14666]
2170 1894. [doc] Review ARM for BIND 9.4.
2172 1893. [port] Use uintptr_t if available. [RT #14606]
2174 1892. [func] Support for SPF rdata type. [RT #15033]
2176 1891. [port] freebsd: pthread_mutex_init can fail if it runs out
2177 of memory. [RT #14995]
2179 1890. [func] Raise the UDP receive buffer size to 32k if it is
2180 less than 32k. [RT #14953]
2182 1889. [port] sunos: non blocking i/o support. [RT #14951]
2184 1888. [func] Support for IPSECKEY rdata type. [RT #14967]
2186 1887. [bug] The cache could delete expired records too fast for
2187 clients with a virtual time in the past. [RT #14991]
2189 1886. [bug] fctx_create() could return success even though it
2192 1885. [func] dig: report the number of extra bytes still left in
2193 the packet after processing all the records.
2195 1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
2197 1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
2200 1882. [func] Limit the number of recursive clients that can be
2201 waiting for a single query (<qname,qtype,qclass>) to
2202 resolve. New options clients-per-query and
2203 max-clients-per-query.
2205 1881. [func] Add a system test for named-checkconf. [RT #14931]
2207 1880. [func] The lame cache is now done on a <qname,qclass,qtype>
2208 basis as some servers only appear to be lame for
2209 certain query types. [RT #14916]
2211 1879. [func] "USE INTERNAL MALLOC" is now runtime selectable.
2214 1878. [func] Detect duplicates of UDP queries we are recursing on
2215 and drop them. New stats category "duplicate".
2218 1877. [bug] Fix unreasonably low quantum on call to
2219 dns_rbt_destroy2(). Remove unnecessary unhash_node()
2222 1876. [func] Additional memory debugging support to track size
2223 and mctx arguments. [RT #14814]
2225 1875. [bug] process_dhtkey() was using the wrong memory context
2226 to free some memory. [RT #14890]
2228 1874. [port] sunos: portability fixes. [RT #14814]
2230 1873. [port] win32: isc__errno2result() now reports its caller.
2233 1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
2237 1870. [func] Added framework for handling multiple EDNS versions.
2240 1869. [func] dig can now specify the EDNS version when making
2241 a query. [RT #14873]
2243 1868. [func] edns-udp-size can now be overridden on a per
2244 server basis. [RT #14851]
2246 1867. [bug] It was possible to trigger a INSIST in
2247 dlv_validatezonekey(). [RT #14846]
2249 1866. [bug] resolv.conf parse errors were being ignored by
2250 dig/host/nslookup. [RT #14841]
2252 1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
2253 bad addresses. [RT #14841]
2255 1864. [bug] Don't try the alternative transfer source if you
2256 got a answer / transfer with the main source
2257 address. [RT #14802]
2259 1863. [bug] rrset-order "fixed" error messages not complete.
2261 1862. [func] Add additional zone data constancy checks.
2262 named-checkzone has extended checking of NS, MX and
2263 SRV record and the hosts they reference.
2264 named has extended post zone load checks.
2265 New zone options: check-mx and integrity-check.
2268 1861. [bug] dig could trigger a INSIST on certain malformed
2269 responses. [RT #14801]
2271 1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
2272 incorrectly set. [RT #14775]
2274 1859. [func] Add support for CH A record. [RT #14695]
2276 1858. [bug] The flush-zones-on-shutdown option wasn't being
2279 1857. [bug] named could trigger a INSIST() if reconfigured /
2280 reloaded too fast. [RT #14673]
2282 1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
2285 1855. [bug] ixfr-from-differences was failing to detect changes
2286 of ttl due to dns_diff_subtract() was ignoring the ttl
2287 of records. [RT #14616]
2289 1854. [bug] lwres also needs to know the print format for
2290 (long long). [RT #13754]
2292 1853. [bug] Rework how DLV interacts with proveunsecure().
2295 1852. [cleanup] Remove last vestiges of dnssec-signkey and
2296 dnssec-makekeyset (removed from Makefile years ago).
2298 1851. [doc] Doxygen comment markup. [RT #11398]
2300 1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
2302 1849. [doc] All forms of the man pages (docbook, man, html) should
2303 have consistent copyright dates.
2305 1848. [bug] Improve SMF integration. [RT #13238]
2307 1847. [bug] isc_ondestroy_init() is called too late in
2308 dns_rbtdb_create()/dns_rbtdb64_create().
2311 1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
2312 <bortzmeyer@nic.fr>.
2314 1845. [bug] Improve error reporting to distinguish between
2315 accept()/fcntl() and socket()/fcntl() errors.
2318 1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
2319 for each 16 bit piece of the IPv6 address. The text
2320 representation of a IPv6 address has been tightened
2321 to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
2324 1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
2325 when CFLAGS contains "-I /usr/local/include"
2326 resulting in old header files being used.
2328 1842. [port] cmsg_len() could produce incorrect results on
2329 some platform. [RT #13744]
2331 1841. [bug] "dig +nssearch" now makes a recursive query to
2332 find the list of nameservers to query. [RT #13694]
2334 1840. [func] dnssec-signzone can now randomize signature end times
2335 (dnssec-signzone -j jitter). [RT #13609]
2337 1839. [bug] <isc/hash.h> was not being installed.
2339 1838. [cleanup] Don't allow Linux capabilities to be inherited.
2342 1837. [bug] Compile time option ISC_FACILITY was not effective
2343 for 'named -u <user>'. [RT #13714]
2345 1836. [cleanup] Silence compiler warnings in hash_test.c.
2347 1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
2349 1834. [bug] Bad memset in rdata_test.c. [RT #13658]
2351 1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
2353 1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
2356 1831. [doc] Update named-checkzone documentation. [RT#13604]
2358 1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
2360 1829. [bug] win32: "pid-file none;" broken. [RT #13563]
2362 1828. [bug] isc_rwlock_init() failed to properly cleanup if it
2363 encountered a error. [RT #13549]
2365 1827. [bug] host: update usage message for '-a'. [RT #37116]
2367 1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
2368 of memory error. [RT #13537]
2370 1825. [bug] Missing UNLOCK() on out of memory error from in
2371 rbtdb.c:subtractrdataset(). [RT #13519]
2373 1824. [bug] Memory leak on dns_zone_setdbtype() failure.
2376 1823. [bug] Wrong macro used to check for point to point interface.
2379 1822. [bug] check-names test for RT was reversed. [RT #13382]
2383 1820. [bug] Gracefully handle acl loops. [RT #13659]
2385 1819. [bug] The validator needed to check both the algorithm and
2386 digest types of the DS to determine if it could be
2387 used to introduce a secure zone. [RT #13593]
2389 1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
2391 1817. [func] Add support for additional zone file formats for
2392 improving loading performance. The masterfile-format
2393 option in named.conf can be used to specify a
2394 non-default format. A separate command
2395 named-compilezone was provided to generate zone files
2396 in the new format. Additionally, the -I and -O options
2397 for dnssec-signzone specify the input and output
2400 1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
2403 1815. [bug] nsupdate triggered a REQUIRE if the server was set
2404 without also setting the zone and it encountered
2405 a CNAME and was using TSIG. [RT #13086]
2407 1814. [func] UNIX domain controls are now supported.
2409 1813. [func] Restructured the data locking framework using
2410 architecture dependent atomic operations (when
2411 available), improving response performance on
2412 multi-processor machines significantly.
2413 x86, x86_64, alpha, powerpc, and mips are currently
2416 1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
2419 1811. [func] Preserve the case of domain names in rdata during
2420 zone transfers. [RT #13547]
2422 1810. [bug] configure, lib/bind/configure make different default
2423 decisions about whether to do a threaded build.
2426 1809. [bug] "make distclean" failed for libbind if the platform
2429 1808. [bug] zone.c:notify_zone() contained a race condition,
2430 zone->db could change underneath it. [RT #13511]
2432 1807. [bug] When forwarding (forward only) set the active domain
2433 from the forward zone name. [RT #13526]
2435 1806. [bug] The resolver returned the wrong result when a CNAME /
2436 DNAME was encountered when fetching glue from a
2437 secure namespace. [RT #13501]
2439 1805. [bug] Pending status was not being cleared when DLV was
2442 1804. [bug] Ensure that if we are queried for glue that it fits
2443 in the additional section or TC is set to tell the
2444 client to retry using TCP. [RT #10114]
2446 1803. [bug] dnssec-signzone sometimes failed to remove old
2449 1802. [bug] Handle connection resets better. [RT #11280]
2451 1801. [func] Report differences between hints and real NS rrset
2452 and associated address records.
2454 1800. [bug] Changes #1719 allowed a INSIST to be triggered.
2457 1799. [bug] 'rndc flushname' failed to flush negative cache
2458 entries. [RT #13438]
2460 1798. [func] The server syntax has been extended to support a
2461 range of servers. [RT #11132]
2463 1797. [func] named-checkconf now check acls to verify that they
2464 only refer to existing acls. [RT #13101]
2466 1796. [func] "rndc freeze/thaw" now freezes/thaws all zones.
2468 1795. [bug] "rndc dumpdb" was not fully documented. Minor
2469 formating issues with "rndc dumpdb -all". [RT #13396]
2471 1794. [func] Named and named-checkzone can now both check for
2472 non-terminal wildcard records.
2474 1793. [func] Extend adjusting TTL warning messages. [RT #13378]
2476 1792. [func] New zone option "notify-delay". Specify a minimum
2477 delay between sets of NOTIFY messages.
2479 1791. [bug] 'host -t a' still printed out AAAA and MX records.
2482 1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
2483 allow parallel make to succeed.
2485 1789. [bug] Prerequisite test for tkey and dnssec could fail
2486 with "configure --with-libtool".
2488 1788. [bug] libbind9.la/libbind9.so needs to link against
2489 libisccfg.la/libisccfg.so.
2491 1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
2493 1786. [port] AIX: libt_api needs to be taught to look for
2494 T_testlist in the main executable (--with-libtool).
2497 1785. [bug] libbind9.la/libbind9.so needs to link against
2498 libisc.la/libisc.so.
2500 1784. [cleanup] "libtool -allow-undefined" is the default.
2501 Leave hooks in configure to allow it to be set
2502 if needed in the future.
2504 1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the
2507 1782. [port] OSX: --with-libtool + --enable-libbind broke on
2508 __evOptMonoTime. [RT #13219]
2510 1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
2512 1780. [bug] Update libtool to 1.5.10.
2514 1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
2516 1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
2517 IN6ADDR_LOOPBACK_INIT macros.
2519 1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
2520 IN6ADDR_LOOPBACK_INIT macros.
2522 1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
2523 IN6ADDR_LOOPBACK_INIT macros.
2525 1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
2527 1774. [port] Aix: Silence compiler warnings / build failures.
2530 1773. [bug] Fast retry on host / net unreachable. [RT #13153]
2536 1770. [bug] named-checkconf failed to report missing a missing
2537 file clause for rbt{64} master/hint zones. [RT#13009]
2539 1769. [port] win32: change compiler flags /MTd ==> /MDd,
2542 1768. [bug] nsecnoexistnodata() could be called with a non-NSEC
2543 rdataset. [RT #12907]
2545 1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
2546 support for (struct in6_pktinfo) failed. [RT #13077]
2548 1766. [bug] Update the master file timestamp on successful refresh
2549 as well as the journal's timestamp. [RT# 13062]
2551 1765. [bug] configure --with-openssl=auto failed. [RT #12937]
2553 1764. [bug] dns_zone_replacedb failed to emit a error message
2554 if there was no SOA record in the replacement db.
2557 1763. [func] Perform sanity checks on NS records which refer to
2558 'in zone' names. [RT #13002]
2560 1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS
2561 even when it failed. [RT #12995]
2563 1761. [bug] 'rndc dumpdb' didn't report unassociated entries.
2566 1760. [bug] Host / net unreachable was not penalising rtt
2567 estimates. [RT #12970]
2569 1759. [bug] Named failed to startup if the OS supported IPv6
2570 but had no IPv6 interfaces configured. [RT #12942]
2572 1758. [func] Don't send notify messages to self. [RT #12933]
2574 1757. [func] host now can turn on memory debugging flags with '-m'.
2576 1756. [func] named-checkconf now checks the logging configuration.
2579 1755. [func] allow-update is now settable at the options / view
2582 1754. [bug] We weren't always attempting to query the parent
2583 server for the DS records at the zone cut.
2586 1753. [bug] Don't serve a slave zone which has no NS records.
2589 1752. [port] Move isc_app_start() to after ns_os_daemonise()
2590 as some fork() implementations unblock the signals
2591 that are blocked by isc_app_start(). [RT #12810]
2593 1751. [bug] --enable-getifaddrs failed under linux. [RT #12867]
2595 1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
2598 1749. [bug] 'check-names response ignore;' failed to ignore.
2601 1748. [func] dig now returns the byte count for axfr/ixfr.
2603 1747. [bug] BIND 8 compatibility: named/named-checkconf failed
2604 to parse "host-statistics-max" in named.conf.
2606 1746. [func] Make public the function to read a key file,
2607 dst_key_read_public(). [RT #12450]
2609 1745. [bug] Dig/host/nslookup accept replies from link locals
2610 regardless of scope if no scope was specified when
2611 query was sent. [RT #12745]
2613 1744. [bug] If tuple2msgname() failed to convert a tuple to
2614 a name a REQUIRE could be triggered. [RT #12796]
2616 1743. [bug] If isc_taskmgr_create() was not able to create the
2617 requested number of worker threads then destruction
2618 of the manager would trigger an INSIST() failure.
2621 1742. [bug] Deleting all records at a node then adding a
2622 previously existing record, in a single UPDATE
2623 transaction, failed to leave / regenerate the
2624 associated RRSIG records. [RT #12788]
2626 1741. [bug] Deleting all records at a node in a secure zone
2627 using a update-policy grant failed. [RT #12787]
2629 1740. [bug] Replace rbt's hash algorithm as it performed badly
2630 with certain zones. [RT #12729]
2632 NOTE: a hash context now needs to be established
2633 via isc_hash_create() if the application was not
2636 1739. [bug] dns_rbt_deletetree() could incorrectly return
2637 ISC_R_QUOTA. [RT #12695]
2639 1738. [bug] Enable overrun checking by default. [RT #12695]
2641 1737. [bug] named failed if more than 16 masters were specified.
2644 1736. [bug] dst_key_fromnamedfile() could fail to read a
2645 public key. [RT #12687]
2647 1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
2650 1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
2653 1733. [bug] Return non-zero exit status on initial load failure.
2656 1732. [bug] 'rrset-order name "*"' wasn't being applied to ".".
2659 1731. [port] darwin: relax version test in ifconfig.sh.
2662 1730. [port] Determine the length type used by the socket API.
2665 1729. [func] Improve check-names error messages.
2667 1728. [doc] Update check-names documentation.
2669 1727. [bug] named-checkzone: check-names support didn't match
2672 1726. [port] aix5: add support for aix5.
2674 1725. [port] linux: update error message on interaction of threads,
2675 capabilities and setuid support (named -u). [RT #12541]
2677 1724. [bug] Look for DNSKEY records with "dig +sigtrace".
2680 1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
2682 1722. [bug] Don't commit the journal on malformed ixfr streams.
2685 1721. [bug] Error message from the journal processing were not
2686 always identifying the relevant journal. [RT #12519]
2688 1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
2689 negative response. [RT #12506]
2691 1719. [bug] named was not correctly caching a RFC 2308 Type 1
2692 negative response. [RT #12506]
2694 1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
2695 responses when looking for the zone / master server.
2698 1717. [port] solaris: ifconfig.sh did not support Solaris 10.
2699 "ifconfig.sh down" didn't work for Solaris 9.
2701 1716. [doc] named.conf(5) was being installed in the wrong
2702 location. [RT# 12441]
2704 1715. [func] 'dig +trace' now randomly selects the next servers
2705 to try. Report if there is a bad delegation.
2707 1714. [bug] dig/host/nslookup were only trying the first
2708 address when a nameserver was specified by name.
2711 1713. [port] linux: extend capset failure message to say:
2712 please ensure that the capset kernel module is
2713 loaded. see insmod(8)
2715 1712. [bug] Missing FULLCHECK for "trusted-key" in dig.
2717 1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'.
2719 1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY
2720 messages for the specified zone. [RT #9479]
2722 1709. [port] solaris: add SMF support from Sun.
2724 1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
2725 for conformance to the name space convention. Binary
2726 backward compatibility to the old function name is
2727 provided. [RT #12376]
2729 1707. [contrib] sdb/ldap updated to version 1.0-beta.
2731 1706. [bug] 'rndc stop' failed to cause zones to be flushed
2732 sometimes. [RT #12328]
2734 1705. [func] Allow the journal's name to be changed via named.conf.
2736 1704. [port] lwres needed a snprintf() implementation for
2737 platforms without snprintf(). Add missing
2738 "#include <isc/print.h>". [RT #12321]
2740 1703. [bug] named would loop sending NOTIFY messages when it
2741 failed to receive a response. [RT #12322]
2743 1702. [bug] also-notify should not be applied to built in zones.
2746 1701. [doc] A minimal named.conf man page.
2748 1700. [func] nslookup is no longer to be treated as deprecated.
2749 Remove "deprecated" warning message. Add man page.
2751 1699. [bug] dnssec-signzone can generate "not exact" errors
2752 when resigning. [RT #12281]
2754 1698. [doc] Use reserved IPv6 documentation prefix.
2756 1697. [bug] xxx-source{,-v6} was not effective when it
2757 specified one of listening addresses and a
2758 different port than the listening port. [RT #12257]
2760 1696. [bug] dnssec-signzone failed to clean out nodes that
2761 consisted of only NSEC and RRSIG records.
2764 1695. [bug] DS records when forwarding require special handling.
2767 1694. [bug] Report if the builtin views of "_default" / "_bind"
2768 are defined in named.conf. [RT #12023]
2770 1693. [bug] max-journal-size was not effective for master zones
2771 with ixfr-from-differences set. [RT# 12024]
2773 1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
2774 /usr/lib. [RT #11971]
2776 1691. [bug] sdb's attachversion was not complete. [RT #11990]
2778 1690. [bug] Delay detaching view from the client until UPDATE
2779 processing completes when shutting down. [RT #11714]
2781 1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
2782 contained gratuitous semicolons. [RT #11707]
2784 1688. [bug] LDFLAGS was not supported.
2786 1687. [bug] Race condition in dispatch. [RT #10272]
2788 1686. [bug] Named sent a extraneous NOTIFY when it received a
2789 redundant UPDATE request. [RT #11943]
2791 1685. [bug] Change #1679 loop tests weren't quite right.
2793 1684. [func] ixfr-from-differences now takes master and slave in
2794 addition to yes and no at the options and view levels.
2796 1683. [bug] dig +sigchase could leak memory. [RT #11445]
2798 1682. [port] Update configure test for (long long) printf format.
2801 1681. [bug] Only set SO_REUSEADDR when a port is specified in
2802 isc_socket_bind(). [RT #11742]
2804 1680. [func] rndc: the source address can now be specified.
2806 1679. [bug] When there was a single nameserver with multiple
2807 addresses for a zone not all addresses were tried.
2810 1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
2812 1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
2814 1676. [func] New option "allow-query-cache". This lets
2815 allow-query be used to specify the default zone
2816 access level rather than having to have every
2817 zone override the global value. allow-query-cache
2818 can be set at both the options and view levels.
2819 If allow-query-cache is not set allow-query applies.
2821 1675. [bug] named would sometimes add extra NSEC records to
2822 the authority section.
2824 1674. [port] linux: increase buffer size used to scan
2827 1673. [port] linux: issue a error messages if IPv6 interface
2830 1672. [cleanup] Tests which only function in a threaded build
2831 now return R:THREADONLY (rather than R:UNTESTED)
2832 in a non-threaded build.
2834 1671. [contrib] queryperf: add NAPTR to the list of known types.
2836 1670. [func] Log UPDATE requests to slave zones without an acl as
2837 "disabled" at debug level 3. [RT# 11657]
2841 1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
2843 1667. [port] linux: not all versions have IF_NAMESIZE.
2845 1666. [bug] The optional port on hostnames in dual-stack-servers
2848 1665. [func] rndc now allows addresses to be set in the
2851 1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
2853 1663. [func] Look for OpenSSL by default.
2855 1662. [bug] Change #1658 failed to change one use of 'type'
2858 1661. [bug] Restore dns_name_concatenate() call in
2859 adb.c:set_target(). [RT #11582]
2861 1660. [bug] win32: connection_reset_fix() was being called
2862 unconditionally. [RT #11595]
2864 1659. [cleanup] Cleanup some messages that were referring to KEY vs
2865 DNSKEY, NXT vs NSEC and SIG vs RRSIG.
2867 1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
2868 and DH. Tighten which options apply to KEY and
2871 1657. [doc] ARM: document query log output.
2873 1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
2874 DNSKEY and RRSIG. [RT #11542]
2876 1655. [bug] Logging multiple versions w/o a size was broken.
2879 1654. [bug] isc_result_totext() contained array bounds read
2882 1653. [func] Add key type checking to dst_key_fromfilename(),
2883 DST_TYPE_KEY should be used to read TSIG, TKEY and
2886 1652. [bug] TKEY still uses KEY.
2888 1651. [bug] dig: process multiple dash options.
2890 1650. [bug] dig, nslookup: flush standard out after each command.
2892 1649. [bug] Silence "unexpected non-minimal diff" message.
2895 1648. [func] Update dnssec-lookaside named.conf syntax to support
2896 multiple dnssec-lookaside namespaces (not yet
2899 1647. [bug] It was possible trigger a INSIST when chasing a DS
2900 record that required walking back over a empty node.
2903 1646. [bug] win32: logging file versions didn't work with
2904 non-UNC filenames. [RT#11486]
2906 1645. [bug] named could trigger a REQUIRE failure if multiple
2907 masters with keys are specified.
2909 1644. [bug] Update the journal modification time after a
2910 successful refresh query. [RT #11436]
2912 1643. [bug] dns_db_closeversion() could leak memory / node
2913 references. [RT #11163]
2915 1642. [port] Support OpenSSL implementations which don't have
2916 DSA support. [RT #11360]
2918 1641. [bug] Update the check-names description in ARM. [RT #11389]
2920 1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
2921 incorrectly closing the socket. [RT #11291]
2923 1639. [func] Initial dlv system test.
2925 1638. [bug] "ixfr-from-differences" could generate a REQUIRE
2926 failure if the journal open failed. [RT #11347]
2928 1637. [bug] Node reference leak on error in addnoqname().
2930 1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
2931 a error had occurred. The database version no longer
2932 matched the version of the database that was dumped.
2934 1635. [bug] Memory leak on error in query_addds().
2936 1634. [bug] named didn't supply a useful error message when it
2937 detected duplicate views. [RT #11208]
2939 1633. [bug] named should return NOTIMP to update requests to a
2940 slaves without a allow-update-forwarding acl specified.
2943 1632. [bug] nsupdate failed to send prerequisite only UPDATE
2944 messages. [RT #11288]
2946 1631. [bug] dns_journal_compact() could sometimes corrupt the
2947 journal. [RT #11124]
2949 1630. [contrib] queryperf: add support for IPv6 transport.
2951 1629. [func] dig now supports IPv6 scoped addresses with the
2952 extended format in the local-server part. [RT #8753]
2954 1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
2956 1627. [bug] win32: sockets were not being closed when the
2957 last external reference was removed. [RT# 11179]
2959 1626. [bug] --enable-getifaddrs was broken. [RT#11259]
2961 1625. [bug] named failed to load/transfer RFC2535 signed zones
2962 which contained CNAMES. [RT# 11237]
2964 1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
2966 1623. [bug] A serial number of zero was being displayed in the
2967 "sending notifies" log message when also-notify was
2970 1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
2971 available, and suppress wildcard binding if not.
2973 1621. [bug] match-destinations did not work for IPv6 TCP queries.
2976 1620. [func] When loading a zone report if it is signed. [RT #11149]
2978 1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
2981 1618. [bug] Fencepost errors in dns_name_ishostname() and
2982 dns_name_ismailbox() could trigger a INSIST().
2984 1617. [port] win32: VC++ 6.0 support.
2986 1616. [compat] Ensure that named's version is visible in the core
2989 1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
2992 1614. [port] win32: silence resource limit messages. [RT# 11101]
2994 1613. [bug] Builds would fail on machines w/o a if_nametoindex().
2995 Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
2998 1612. [bug] check-names at the option/view level could trigger
2999 an INSIST. [RT# 11116]
3001 1611. [bug] solaris: IPv6 interface scanning failed to cope with
3002 no active IPv6 interfaces.
3004 1610. [bug] On dual stack machines "dig -b" failed to set the
3005 address type to be looked up with "@server".
3008 1609. [func] dig now has support to chase DNSSEC signature chains.
3009 Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
3011 DNSSEC validation code in dig coded by Olivier Courtay
3012 (olivier.courtay@irisa.fr) for the IDsA project
3013 (http://idsa.irisa.fr).
3015 1608. [func] dig and host now accept -4/-6 to select IP transport
3016 to use when making queries.
3018 1607. [bug] dig, host and nslookup were still using random()
3019 to generate query ids. [RT# 11013]
3021 1606. [bug] DLV insecurity proof was failing.
3023 1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
3025 1604. [bug] A xfrout_ctx_create() failure would result in
3026 xfrout_ctx_destroy() being called with a
3027 partially initialized structure.
3029 1603. [bug] nsupdate: set interactive based on isatty().
3032 1602. [bug] Logging to a file failed unless a size was specified.
3035 1601. [bug] Silence spurious warning 'both "recursion no;" and
3036 "allow-recursion" active' warning from view "_bind".
3039 1600. [bug] Duplicate zone pre-load checks were not case
3042 1599. [bug] Fix memory leak on error path when checking named.conf.
3044 1598. [func] Specify that certain parts of the namespace must
3045 be secure (dnssec-must-be-secure).
3047 1597. [func] Allow notify-source and query-source to be specified
3048 on a per server basis similar to transfer-source.
3051 1596. [func] Accept 'notify-source' style syntax for query-source.
3053 1595. [func] New notify type 'master-only'. Enable notify for
3056 1594. [bug] 'rndc dumpdb' could prevent named from answering
3057 queries while the dump was in progress. [RT #10565]
3059 1593. [bug] rndc should return "unknown command" to unknown
3060 commands. [RT# 10642]
3062 1592. [bug] configure_view() could leak a dispatch. [RT# 10675]
3064 1591. [bug] libbind: updated to BIND 8.4.5.
3066 1590. [port] netbsd: update thread support.
3068 1589. [func] DNSSEC lookaside validation.
3070 1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
3072 1587. [bug] dns_message_settsigkey() failed to clear existing key.
3075 1586. [func] "check-names" is now implemented.
3079 1584. [bug] "make test" failed with a read only source tree.
3082 1583. [bug] Records add via UPDATE failed to get the correct trust
3085 1582. [bug] rrset-order failed to work on RRsets with more
3086 than 32 elements. [RT #10381]
3088 1581. [func] Disable DNSSEC support by default. To enable
3089 DNSSEC specify "dnssec-enable yes;" in named.conf.
3091 1580. [bug] Zone destruction on final detach takes a long time.
3094 1579. [bug] Multiple task managers could not be created.
3096 1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
3099 1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
3100 workaround code. [RT #10331]
3102 1576. [bug] Race condition in dns_dispatch_addresponse().
3105 1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
3107 1574. [bug] Don't attempt to open the controls socket(s) when
3108 running tests. [RT #9091]
3110 1573. [port] linux: update to libtool 1.5.2 so that
3111 "make install DESTDIR=/xx" works with
3112 "configure --with-libtool". [RT #9941]
3114 1572. [bug] nsupdate: sign the soa query to find the enclosing
3115 zone if the server is specified. [RT #10148]
3117 1571. [bug] rbt:hash_node() could fail leaving the hash table
3118 in an inconsistent state. [RT #10208]
3120 1570. [bug] nsupdate failed to handle classes other than IN.
3121 New keyword 'class' which sets the default class.
3124 1569. [func] nsupdate new command 'answer' which displays the
3125 complete answer message to the last update.
3127 1568. [bug] nsupdate now reports that the update failed in
3128 interactive mode. [RT# 10236]
3130 1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
3132 1566. [port] Support for the cmsg framework on Solaris and HP/UX.
3133 This also solved the problem that match-destinations
3134 for IPv6 addresses did not work on these systems.
3137 1565. [bug] CD flag should be copied to outgoing queries unless
3138 the query is under a secure entry point in which case
3141 1564. [func] Attempt to provide a fallback entropy source to be
3142 used if named is running chrooted and named is unable
3143 to open entropy source within the chroot area.
3146 1563. [bug] Gracefully fail when unable to obtain neither an IPv4
3147 nor an IPv6 dispatch. [RT #10230]
3149 1562. [bug] isc_socket_create() and isc_socket_accept() could
3150 leak memory under error conditions. [RT #10230]
3152 1561. [bug] It was possible to release the same name twice if
3153 named ran out of memory. [RT #10197]
3155 1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
3156 and EAI_NONAME to the same value.
3158 1559. [port] named should ignore SIGFSZ.
3160 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
3161 child zones for which we don't have a supported
3162 algorithm. Such child zones are treated as unsigned.
3164 1557. [func] Implement missing DNSSEC tests for
3165 * NOQNAME proof with wildcard answers.
3166 * NOWILDARD proof with NXDOMAIN.
3167 Cache and return NOQNAME with wildcard answers.
3169 1556. [bug] nsupdate now treats all names as fully qualified.
3172 1555. [func] 'rrset-order cyclic' no longer has a random starting
3173 point per query. [RT #7572]
3175 1554. [bug] dig, host, nslookup failed when no nameservers
3176 were specified in /etc/resolv.conf. [RT #8232]
3178 1553. [bug] The windows socket code could stop accepting
3179 connections. [RT#10115]
3181 1552. [bug] Accept NOTIFY requests from mapped masters if
3182 matched-mapped is set. [RT #10049]
3184 1551. [port] Open "/dev/null" before calling chroot().
3186 1550. [port] Call tzset(), if available, before calling chroot().
3188 1549. [func] named-checkzone can now write out the zone contents
3189 in a easily parsable format (-D and -o).
3191 1548. [bug] When parsing APL records it was possible to silently
3192 accept out of range ADDRESSFAMILY values. [RT# 9979]
3194 1547. [bug] Named wasted memory recording duplicate lame zone
3197 1546. [bug] We were rejecting valid secure CNAME to negative
3200 1545. [bug] It was possible to leak memory if named was unable to
3201 bind to the specified transfer source and TSIG was
3202 being used. [RT #10120]
3204 1544. [bug] Named would logged a single entry to a file despite it
3205 being over the specified size limit.
3207 1543. [bug] Logging using "versions unlimited" did not work.
3211 1541. [func] NSEC now uses new bitmap format.
3213 1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
3216 1539. [bug] Open UDP sockets for notify-source and transfer-source
3217 that use reserved ports at startup. [RT #9475]
3219 1538. [placeholder] rt9997
3221 1537. [func] New option "querylog". If set specify whether query
3222 logging is to be enabled or disabled at startup.
3224 1536. [bug] Windows socket code failed to log a error description
3225 when returning ISC_R_UNEXPECTED. [RT #9998]
3229 1534. [bug] Race condition when priming cache. [RT# 9940]
3231 1533. [func] Warn if both "recursion no;" and "allow-recursion"
3232 are active. [RT# 4389]
3234 1532. [port] netbsd: the configure test for <sys/sysctl.h>
3235 requires <sys/param.h>.
3237 1531. [port] AIX more libtool fixes.
3239 1530. [bug] It was possible to trigger a INSIST() failure if a
3240 slave master file was removed at just the correct
3243 1529. [bug] "notify explicit;" failed to log that NOTIFY messages
3244 were being sent for the zone. [RT# 9442]
3246 1528. [cleanup] Simplify some dns_name_ functions based on the
3247 deprecation of bitstring labels.
3249 1527. [cleanup] Reduce the number of gettimeofday() calls without
3250 losing necessary timer granularity.
3252 1526. [func] Implemented "additional section caching (or acache)",
3253 an internal cache framework for additional section
3254 content to improve response performance. Several
3255 configuration options were provided to control the
3258 1525. [bug] dns_cache_create() could trigger a REQUIRE
3259 failure in isc_mem_put() during error cleanup.
3262 1524. [port] AIX needs to be able to resolve all symbols when
3263 creating shared libraries (--with-libtool).
3265 1523. [bug] Fix race condition in rbtdb. [RT# 9189]
3267 1522. [bug] dns_db_findnode() relax the requirements on 'name'.
3270 1521. [bug] dns_view_createresolver() failed to check the
3271 result from isc_mem_create(). [RT# 9294]
3273 1520. [protocol] Add SSHFP (SSH Finger Print) type.
3275 1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
3276 length of the new bitmap.
3278 1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
3279 contained a off-by-one error when working out the
3280 number of octets in the bitmap.
3282 1517. [port] Support for IPv6 interface scanning on HP/UX and
3285 1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
3287 1515. [func] Allow transfer source to be set in a server statement.
3290 1514. [bug] named: isc_hash_destroy() was being called too early.
3293 1513. [doc] Add "US" to root-delegation-only exclude list.
3295 1512. [bug] Extend the delegation-only logging to return query
3296 type, class and responding nameserver.
3298 1511. [bug] delegation-only was generating false positives
3299 on negative answers from sub-zones.
3301 1510. [func] New view option "root-delegation-only". Apply
3302 delegation-only check to all TLDs and root.
3303 Note there are some TLDs that are NOT delegation
3304 only (e.g. DE, LV, US and MUSEUM) these can be excluded
3305 from the checks by using exclude.
3307 root-delegation-only exclude {
3308 "DE"; "LV"; "US"; "MUSEUM";
3311 1509. [bug] Hint zones should accept delegation-only. Forward
3312 zone should not accept delegation-only.
3314 1508. [bug] Don't apply delegation-only checks to answers from
3317 1507. [bug] Handle BIND 8 style returns to NS queries to parents
3318 when making delegation-only checks.
3320 1506. [bug] Wrong return type for dns_view_isdelegationonly().
3322 1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
3324 1504. [func] New zone type "delegation-only".
3326 1503. [port] win32: install libeay32.dll outside of system32.
3328 1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
3330 1501. [func] Allow TCP queue length to be specified via
3331 named.conf, tcp-listen-queue.
3333 1500. [bug] host failed to lookup MX records. Also look up
3336 1499. [bug] isc_random need to be seeded better if arc4random()
3339 1498. [port] bsdos: 5.x support.
3343 1496. [port] test for pthread_attr_setstacksize().
3345 1495. [cleanup] Replace hash functions with universal hash.
3347 1494. [security] Turn on RSA BLINDING as a precaution.
3351 1492. [cleanup] Preserve rwlock quota context when upgrading /
3352 downgrading. [RT #5599]
3354 1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
3357 1490. [bug] Accept reading state as well as working state in
3358 ns_client_next(). [RT #6813]
3360 1489. [compat] Treat 'allow-update' on slave zones as a warning.
3363 1488. [bug] Don't override trust levels for glue addresses.
3366 1487. [bug] A REQUIRE() failure could be triggered if a zone was
3367 queued for transfer and the zone was then removed.
3370 1486. [bug] isc_print_snprintf() '%%' consumed one too many format
3371 characters. [RT# 8230]
3373 1485. [bug] gen failed to handle high type values. [RT #6225]
3375 1484. [bug] The number of records reported after a AXFR was wrong.
3378 1483. [bug] dig axfr failed if the message id in the answer failed
3379 to match that in the request. Only the id in the first
3380 message is required to match. [RT #8138]
3382 1482. [bug] named could fail to start if the kernel supports
3383 IPv6 but no interfaces are configured. Similarly
3384 for IPv4. [RT #6229]
3386 1481. [bug] Refresh and stub queries failed to use masters keys
3387 if specified. [RT #7391]
3389 1480. [bug] Provide replay protection for rndc commands. Full
3390 replay protection requires both rndc and named to
3391 be updated. Partial replay protection (limited
3392 exposure after restart) is provided if just named
3395 1479. [bug] cfg_create_tuple() failed to handle out of
3396 memory cleanup. parse_list() would leak memory
3399 1478. [port] ifconfig.sh didn't account for other virtual
3400 interfaces. It now takes a optional argument
3401 to specify the first interface number. [RT #3907]
3403 1477. [bug] memory leak using stub zones and TSIG.
3407 1475. [port] Probe for old sprintf().
3409 1474. [port] Provide strtoul() and memmove() for platforms
3412 1473. [bug] create_map() and create_string() failed to handle out
3413 of memory cleanup. [RT #6813]
3415 1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
3417 1471. [bug] libbind: updated to BIND 8.4.0.
3419 1470. [bug] Incorrect length passed to snprintf. [RT #5966]
3421 1469. [func] Log end of outgoing zone transfer at same level
3422 as the start of transfer is logged. [RT #4441]
3424 1468. [func] Internal zones are no longer counted for
3425 'rndc status'. [RT #4706]
3427 1467. [func] $GENERATES now supports optional class and ttl.
3429 1466. [bug] lwresd configuration errors resulted in memory
3430 and lock leaks. [RT #5228]
3432 1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
3433 failed to check that trailing bits were zero allowing
3434 some invalid base64 strings to be accepted. [RT #5397]
3436 1464. [bug] Preserve "out of zone" data for outgoing zone
3437 transfers. [RT #5192]
3439 1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
3440 NXT bit maps. [RT #5577]
3442 1462. [bug] parse_sizeval() failed to check the token type.
3445 1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
3447 1460. [bug] inet_pton() failed to reject certain malformed
3452 1458. [cleanup] sprintf() -> snprintf().
3454 1457. [port] Provide strlcat() and strlcpy() for platforms without
3457 1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
3459 1455. [bug] <netaddr> missing from server grammar in
3460 doc/misc/options. [RT #5616]
3462 1454. [port] Use getifaddrs() if available for interface scanning.
3463 --disable-getifaddrs to override. Glibc currently
3464 has a getifaddrs() that does not support IPv6.
3465 Use --enable-getifaddrs=glibc to force the use of
3466 this version under linux machines.
3468 1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
3472 1451. [bug] rndc-confgen didn't exit with a error code for all
3473 failures. [RT #5209]
3475 1450. [bug] Fetching expired glue failed under certain
3476 circumstances. [RT #5124]
3478 1449. [bug] query_addbestns() didn't handle running out of memory
3481 1448. [bug] Handle empty wildcards labels.
3483 1447. [bug] We were casting (unsigned int) to and from (void *).
3484 rdataset->private4 is now rdataset->privateuint4
3485 to reflect a type change.
3487 1446. [func] Implemented undocumented alternate transfer sources
3488 from BIND 8. See use-alt-transfer-source,
3489 alt-transfer-source and alt-transfer-source-v6.
3491 SECURITY: use-alt-transfer-source is ENABLED unless
3492 you are using views. This may cause a security risk
3493 resulting in accidental disclosure of wrong zone
3494 content if the master supplying different source
3495 content based on IP address. If you are not certain
3496 ISC recommends setting use-alt-transfer-source no;
3498 1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
3499 been replaced with DNS_ADBFIND_STARTATZONE which
3500 causes the search to start using the closest zone.
3502 1444. [func] dns_view_findzonecut2() allows you to specify if the
3503 cache should be searched for zone cuts.
3505 1443. [func] Masters lists can now be specified and referenced
3506 in zone masters clauses and other masters lists.
3508 1442. [func] New functions for manipulating port lists:
3509 dns_portlist_create(), dns_portlist_add(),
3510 dns_portlist_remove(), dns_portlist_match(),
3511 dns_portlist_attach() and dns_portlist_detach().
3513 1441. [func] It is now possible to tell dig to bind to a specific
3516 1440. [func] It is now possible to tell named to avoid using
3517 certain source ports (avoid-v4-udp-ports,
3518 avoid-v6-udp-ports).
3520 1439. [bug] Named could return NOERROR with certain NOTIFY
3521 failures. Return NOTAUTH if the NOTIFY zone is
3524 1438. [func] Log TSIG (if any) when logging NOTIFY requests.
3526 1437. [bug] Leave space for stdio to work in. [RT #5033]
3528 1436. [func] dns_zonemgr_resumexfrs() can be used to restart
3531 1435. [bug] zmgr_resume_xfrs() was being called read locked
3532 rather than write locked. zmgr_resume_xfrs()
3533 was not being called if the zone was being
3536 1434. [bug] "rndc reconfig" failed to initiate the initial
3537 zone transfer of new slave zones.
3539 1433. [bug] named could trigger a REQUIRE failure if it could
3540 not get a file descriptor when attempting to write
3541 a master file. [RT #4347]
3543 1432. [func] The advertised EDNS UDP buffer size can now be set
3544 via named.conf (edns-udp-size).
3546 1431. [bug] isc_print_snprintf() "%s" with precision could walk off
3547 end of argument. [RT #5191]
3549 1430. [port] linux: IPv6 interface scanning support.
3551 1429. [bug] Prevent the cache getting locked to old servers.
3555 1427. [bug] Race condition in adb with threaded build.
3559 1425. [port] linux/libbind: define __USE_MISC when testing *_r()
3560 function prototypes in netdb.h. [RT #4921]
3562 1424. [bug] EDNS version not being correctly printed.
3564 1423. [contrib] queryperf: added A6 and SRV.
3566 1422. [func] Log name/type/class when denying a query. [RT #4663]
3568 1421. [func] Differentiate updates that don't succeed due to
3569 prerequisites (unsuccessful) vs other reasons
3572 1420. [port] solaris: work around gcc optimizer bug.
3574 1419. [port] openbsd: use /dev/arandom. [RT #4950]
3576 1418. [bug] 'rndc reconfig' did not cause new slaves to load.
3578 1417. [func] ID.SERVER/CHAOS is now a built in zone.
3579 See "server-id" for how to configure.
3581 1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
3584 1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
3587 1414. [func] Support for KSK flag.
3589 1413. [func] Explicitly request the (re-)generation of DS records
3590 from keysets (dnssec-signzone -g).
3592 1412. [func] You can now specify servers to be tried if a nameserver
3593 has IPv6 address and you only support IPv4 or the
3594 reverse. See dual-stack-servers.
3596 1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
3598 1410. [func] Handle records that live in the parent zone, e.g. DS.
3600 1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
3602 1408. [bug] "make distclean" was not complete. [RT #4700]
3604 1407. [bug] lfsr incorrectly implements the shift register.
3607 1406. [bug] dispatch initializes one of the LFSR's with a incorrect
3608 polynomial. [RT #4617]
3610 1405. [func] Use arc4random() if available.
3612 1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
3615 1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
3616 dnssec-signkey now report their version in the
3619 1402. [cleanup] A6 has been moved to experimental and is no longer
3622 1401. [bug] adb wasn't clearing state when the timer expired.
3624 1400. [bug] Block the addition of wildcard NS records by IXFR
3625 or UPDATE. [RT #3502]
3627 1399. [bug] Use serial number arithmetic when testing SIG
3628 timestamps. [RT #4268]
3630 1398. [doc] ARM: notify-also should have been also-notify.
3633 1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
3635 1396. [func] dnssec-signzone: adjust the default signing time by
3636 1 hour to allow for clock skew.
3638 1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
3639 have a working implementation. [RT #4079]
3641 1394. [func] It is now possible to check if a particular element is
3642 in a acl. Remove duplicate entries from the localnets
3645 1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
3646 is not available in the kernel to prevent accidently
3647 listening on IPv4 interfaces.
3649 1392. [bug] named-checkzone: update usage.
3651 1391. [func] Add support for IPv6 scoped addresses in named.
3653 1390. [func] host now supports ixfr.
3655 1389. [bug] named could fail to rotate long log files. [RT #3666]
3657 1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
3658 defining HAVE_IFLIST_SYSCTL. [RT #3770]
3660 1387. [bug] named could crash due to an access to invalid memory
3661 space (which caused an assertion failure) in
3662 incremental cleaning. [RT #3588]
3664 1386. [bug] named-checkzone -z stopped on errors in a zone.
3667 1385. [bug] Setting serial-query-rate to 10 would trigger a
3670 1384. [bug] host was incompatible with BIND 8 in its exit code and
3671 in the output with the -l option. [RT #3536]
3673 1383. [func] Track the serial number in a IXFR response and log if
3674 a mismatch occurs. This is a more specific error than
3675 "not exact". [RT #3445]
3677 1382. [bug] make install failed with --enable-libbind. [RT #3656]
3679 1381. [bug] named failed to correctly process answers that
3680 contained DNAME records where the resulting CNAME
3681 resulted in a negative answer.
3683 1380. [func] 'rndc recursing' dump recursing queries to
3684 'recursing-file = "named.recursing";'.
3686 1379. [func] 'rndc status' now reports tcp and recursion quota
3689 1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
3691 1377. [func] dns_zone_load{new}() now reports if the zone was
3692 loaded, queued for loading to up to date.
3694 1376. [func] New function dns_zone_logc() to log to specified
3697 1375. [func] 'rndc dumpdb' now dumps the adb cache along with the
3700 1374. [func] dns_adb_dump() now logs the lame zones associated
3703 1373. [bug] Recovery from expired glue failed under certain
3706 1372. [bug] named crashes with an assertion failure on exit when
3707 sharing the same port for listening and querying, and
3708 changing listening addresses several times. [RT# 3509]
3710 1371. [bug] notify-source-v6, transfer-source-v6 and
3711 query-source-v6 with explicit addresses and using the
3712 same ports as named was listening on could interfere
3713 with named's ability to answer queries sent to those
3716 1370. [bug] dig '+[no]recurse' was incorrectly documented.
3718 1369. [bug] Adding an NS record as the lexicographically last
3719 record in a secure zone didn't work.
3721 1368. [func] remove support for bitstring labels.
3723 1367. [func] Use response times to select forwarders.
3725 1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
3727 1365. [func] "localhost" and "localnets" acls now include IPv6
3728 addresses / prefixes.
3730 1364. [func] Log file name when unable to open memory statistics
3731 and dump database files. [RT# 3437]
3733 1363. [func] Listen-on-v6 now supports specific addresses.
3735 1362. [bug] remove IFF_RUNNING test when scanning interfaces.
3737 1361. [func] log the reason for rejecting a server when resolving
3740 1360. [bug] --enable-libbind would fail when not built in the
3741 source tree for certain OS's.
3743 1359. [security] Support patches OpenSSL libraries.
3744 http://www.cert.org/advisories/CA-2002-23.html
3746 1358. [bug] It was possible to trigger a INSIST when debugging
3747 large dynamic updates. [RT #3390]
3749 1357. [bug] nsupdate was extremely wasteful of memory.
3751 1356. [tuning] Reduce the number of events / quantum for zone tasks.
3753 1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
3755 1354. [doc] lwres man pages had illegal nroff.
3757 1353. [contrib] sdb/ldap to version 0.9.
3759 1352. [bug] dig, host, nslookup when falling back to TCP use the
3760 current search entry (if any). [RT #3374]
3762 1351. [bug] lwres_getipnodebyname() returned the wrong name
3763 when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
3766 1350. [bug] dns_name_fromtext() failed to handle too many labels
3769 1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
3770 http://www.cert.org/advisories/CA-2002-23.html
3772 1348. [port] win32: Rewrote code to use I/O Completion Ports
3773 in socket.c and eliminating a host of socket
3774 errors. Performance is enhanced.
3780 1345. [port] Use a explicit -Wformat with gcc. Not all versions
3781 include it in -Wall.
3783 1344. [func] Log if the serial number on the master has gone
3785 If you have multiple machines specified in the masters
3786 clause you may want to set 'multi-master yes;' to
3787 suppress this warning.
3789 1343. [func] Log successful notifies received (info). Adjust log
3790 level for failed notifies to notice.
3792 1342. [func] Log remote address with TCP dispatch failures.
3794 1341. [func] Allow a rate limiter to be stalled.
3796 1340. [bug] Delay and spread out the startup refresh load.
3798 1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
3799 lookups. Bit string lookups are no longer attempted.
3805 1336. [func] Nibble lookups under IP6.ARPA are now supported by
3806 dns_byaddr_create(). dns_byaddr_createptrname() is
3807 deprecated, use dns_byaddr_createptrname2() instead.
3809 1335. [bug] When performing a nonexistence proof, the validator
3810 should discard parent NXTs from higher in the DNS.
3812 1334. [bug] When signing/verifying rdatasets, duplicate rdatas
3813 need to be suppressed.
3815 1333. [contrib] queryperf now reports a summary of returned
3816 rcodes (-c), rcodes are printed in mnemonic form (-v).
3818 1332. [func] Report the current serial with periodic commits when
3819 rolling forward the journal.
3821 1331. [func] Generate DNSSEC wildcard proofs.
3823 1330. [bug] When processing events (non-threaded) only allow
3824 the task one chance to use to use its quantum.
3826 1329. [func] named-checkzone will now check if nameservers that
3827 appear to be IP addresses. Available modes "fail",
3828 "warn" (default) and "ignore" the results of the
3831 1328. [bug] The validator could incorrectly verify an invalid
3834 1327. [bug] The validator would incorrectly mark data as insecure
3835 when seeing a bogus signature before a correct
3838 1326. [bug] DNAME/CNAME signatures were not being cached when
3839 validation was not being performed. [RT #3284]
3841 1325. [bug] If the tcpquota was exhausted it was possible to
3842 to trigger a INSIST() failure.
3844 1324. [port] darwin: ifconfig.sh now supports darwin.
3846 1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
3848 1322. [bug] dnssec-signzone usage message was misleading.
3850 1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
3851 would incorrectly duplicate its output and sign it.
3853 1320. [doc] query-source-v6 was missing from options section.
3856 1319. [func] libbind: log attempts to exploit #1318.
3858 1318. [bug] libbind: Remote buffer overrun.
3860 1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
3863 1316. [bug] libbind: gethostans() could get out of sync parsing
3864 the response if there was a very long CNAME chain.
3866 1315. [bug] Options should apply to the internal _bind view.
3868 1314. [port] Handle ECONNRESET from sendmsg() [unix].
3870 1313. [func] Query log now says if the query was signed (S) or
3871 if EDNS was used (E).
3873 1312. [func] Log TSIG key used w/ outgoing zone transfers.
3875 1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
3877 1310. [bug] 'rndc stop' failed to cause zones to be flushed
3878 sometimes. [RT #3157]
3880 1309. [func] Log that a zone transfer was covered by a TSIG.
3882 1308. [func] DS (delegation signer) support.
3884 1307. [bug] nsupdate: allow white space base64 key data.
3886 1306. [bug] Badly encoded LOC record when the size, horizontal
3887 precision or vertical precision was 0.1m.
3889 1305. [bug] Document that internal zones are included in the
3890 rndc status results.
3892 1304. [func] New function: dns_zone_name().
3894 1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
3896 1302. [func] Extended rndc dumpdb to support dumping of zones and
3897 view selection: 'dumpdb [-all|-zones|-cache] [view]'.
3899 1301. [func] New category 'update-security'.
3901 1300. [port] Compaq Trucluster support.
3903 1299. [bug] Set AI_ADDRCONFIG when looking up addresses
3904 via getaddrinfo() (affects dig, host, nslookup, rndc
3907 1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
3908 could be left with a trailing "\" after configure
3911 1297. [port] linux: make handling EINVAL from socket() no longer
3912 conditional on #ifdef LINUX.
3914 1296. [bug] isc_log_closefilelogs() needed to lock the log
3917 1295. [bug] isc_log_setdebuglevel() needed to lock the log
3920 1294. [func] libbind: no longer attempts bit string labels for
3921 IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
3922 for nibble style resolution.
3924 1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
3926 1292. [func] Enable IPv6 support when using ioctl style interface
3927 scanning and OS supports SIOCGLIFADDR using struct
3930 1291. [func] Enable IPv6 support when using sysctl style interface
3933 1290. [func] "dig axfr" now reports the number of messages
3934 as well as the number of records.
3936 1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
3938 1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
3939 reflect written requirements.
3941 1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
3942 a rdataset to a zone db in the rbtdb implementation of
3945 1286. [bug] dns_name_downcase() enforce requirement that
3946 target != NULL or name->buffer != NULL.
3948 1285. [func] lwres: probe the system to see what address families
3949 are currently in use.
3951 1284. [bug] The RTT estimate on unused servers was not aged.
3954 1283. [func] Use "dataready" accept filter if available.
3956 1282. [port] libbind: hpux 11.11 interface scanning.
3958 1281. [func] Log zone when unable to get private keys to update
3959 zone. Log zone when NXT records are missing from
3962 1280. [bug] libbind: escape '(' and ')' when converting to
3965 1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
3967 1278. [func] dig: now supports +[no]cl +[no]ttlid.
3969 1277. [func] You can now create your own customized printing
3970 styles: dns_master_stylecreate() and
3971 dns_master_styledestroy().
3973 1276. [bug] libbind: const pointer conflicts in res_debug.c.
3975 1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
3977 1274. [bug] Memory leak in lwres_gnbarequest_parse().
3979 1273. [port] libbind: solaris: 64 bit binary compatibility.
3981 1272. [contrib] Berkeley DB 4.0 sdb implementation from
3982 Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
3984 1271. [bug] "recursion available: {denied,approved}" was too
3987 1270. [bug] Check that system inet_pton() and inet_ntop() support
3990 1269. [port] Openserver: ifconfig.sh support.
3992 1268. [port] Openserver: the value FD_SETSIZE depends on whether
3993 <sys/param.h> is included or not. Be consistent.
3995 1267. [func] isc_file_openunique() now creates file using mode
3996 0666 rather than 0600.
3998 1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
3999 __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
4000 are not C++ compatible, use *_TYPE versions instead.
4002 1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
4003 C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
4007 1263. [bug] Reference after free error if dns_dispatchmgr_create()
4010 1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
4012 1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
4013 support for compressed TSIG owner names.
4015 1260. [func] libbind: res_update can now update IPv6 servers,
4016 new function res_findzonecut2().
4018 1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
4021 1258. [bug] libbind: res_nametotype() and res_nametoclass() were
4024 1257. [bug] Failure to write pid-file should not be fatal on
4027 1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
4029 1255. [bug] When verifying that an NXT proves nonexistence, check
4030 the rcode of the message and only do the matching NXT
4031 check. That is, for NXDOMAIN responses, check that
4032 the name is in the range between the NXT owner and
4033 next name, and for NOERROR NODATA responses, check
4034 that the type is not present in the NXT bitmap.
4036 1254. [func] preferred-glue option from BIND 8.3.
4038 1253. [bug] The dnssec system test failed to remove the correct
4041 1252. [bug] Dig, host and nslookup were not checking the address
4042 the answer was coming from against the address it was
4045 1251. [port] win32: a make file contained absolute version specific
4048 1250. [func] Nsupdate will report the address the update was
4051 1249. [bug] Missing masters clause was not handled gracefully.
4054 1248. [bug] DESTDIR was not being propagated between makes.
4056 1247. [bug] Don't reset the interface index for link/site local
4057 addresses. [RT #2576]
4059 1246. [func] New functions isc_sockaddr_issitelocal(),
4060 isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
4061 and isc_netaddr_islinklocal().
4063 1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
4066 1244. [bug] Receiving a TCP message from a blackhole address would
4067 prevent further messages being received over that
4070 1243. [bug] It was possible to trigger a REQUIRE() in
4071 dns_message_findtype(). [RT #2659]
4073 1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
4075 1241. [bug] Drop received UDP messages with a zero source port
4076 as these are invariably forged. [RT #2621]
4078 1240. [bug] It was possible to leak zone references by
4079 specifying an incorrect zone to rndc.
4081 1239. [bug] Under certain circumstances named could continue to
4082 use a name after it had been freed triggering
4083 INSIST() failures. [RT #2614]
4085 1238. [bug] It is possible to lockup the server when shutting down
4086 if notifies were being processed. [RT #2591]
4088 1237. [bug] nslookup: "set q=type" failed.
4090 1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
4091 NULL terminated text regions. [RT #2588]
4093 1235. [func] Report 'out of memory' errors from openssl.
4095 1234. [bug] contrib/sdb: 'zonetodb' failed to call
4096 dns_result_register(). DNS_R_SEENINCLUDE should not
4099 1233. [bug] The flags field of a KEY record can be expressed in
4100 hex as well as decimal.
4102 1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
4104 1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
4106 1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
4108 1229. [bug] named would crash if it received a TSIG signed
4109 query as part of an AXFR response. [RT #2570]
4111 1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
4113 1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
4114 if a number was expected and some other token was
4117 1226. [func] Use EDNS for zone refresh queries. [RT #2551]
4119 1225. [func] dns_message_setopt() no longer requires that
4120 dns_message_renderbegin() to have been called.
4122 1224. [bug] 'rrset-order' and 'sortlist' should be additive
4125 1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
4128 1222. [bug] Specifying 'port *' did not always result in a system
4129 selected (non-reserved) port being used. [RT #2537]
4131 1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
4132 compared case insensitively. [RT #2542]
4134 1220. [func] Support for APL rdata type.
4136 1219. [func] Named now reports the TSIG extended error code when
4137 signature verification fails. [RT #1651]
4139 1218. [bug] Named incorrectly returned SERVFAIL rather than
4140 NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
4142 1217. [func] Report locations of previous key definition when a
4143 duplicate is detected.
4145 1216. [bug] Multiple server clauses for the same server were not
4146 reported. [RT #2514]
4148 1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
4150 1214. [bug] Win32: isc_file_renameunique() could leave zero length
4153 1213. [func] Report view associated with client if it is not a
4154 standard view (_default or _bind).
4156 1212. [port] libbind: 64k answer buffers were causing stack space
4157 to be exceeded for certain OS. Use heap space instead.
4159 1211. [bug] dns_name_fromtext() incorrectly handled certain
4160 valid octal bitlabels. [RT #2483]
4162 1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
4163 compatible addresses. [RT #2461]
4165 1209. [bug] Dig, host, nslookup were not checking the message ids
4166 on the responses. [RT #2454]
4168 1208. [bug] dns_master_load*() failed to log a error message if
4169 an error was detected when parsing the ownername of
4170 a record. [RT #2448]
4172 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
4175 1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
4176 trigger a non-EDNS retry.
4178 1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
4179 of the message. [RT #2449]
4181 1204. [bug] libbind: res_nupdate() failed to update the name
4182 server addresses before sending the update.
4184 1203. [func] Report locations of previous acl and zone definitions
4185 when a duplicate is detected.
4187 1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
4189 1201. [bug] Require that if 'callbacks' is passed to
4190 dns_rdata_fromtext(), callbacks->error and
4191 callbacks->warn are initialized.
4193 1200. [bug] Log 'errno' that we are unable to convert to
4194 isc_result_t. [RT #2404]
4196 1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
4199 1198. [bug] OPT printing style was not consistent with the way the
4200 header fields are printed. The DO bit was not reported
4201 if set. Report if any of the MBZ bits are set.
4203 1197. [bug] Attempts to define the same acl multiple times were not
4206 1196. [contrib] update mdnkit to 2.2.3.
4208 1195. [bug] Attempts to redefine builtin acls should be caught.
4211 1194. [bug] Not all duplicate zone definitions were being detected
4212 at the named.conf checking stage. [RT #2431]
4214 1193. [bug] dig +besteffort parsing didn't handle packet
4215 truncation. dns_message_parse() has new flag
4216 DNS_MESSAGE_IGNORETRUNCATION.
4218 1192. [bug] The seconds fields in LOC records were restricted
4219 to three decimal places. More decimal places should
4220 be allowed but warned about.
4222 1191. [bug] A dynamic update removing the last non-apex name in
4223 a secure zone would fail. [RT #2399]
4225 1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
4228 1189. [bug] On some systems, malloc(0) returns NULL, which
4229 could cause the caller to report an out of memory
4232 1188. [bug] Dynamic updates of a signed zone would fail if
4233 some of the zone private keys were unavailable.
4235 1187. [bug] named was incorrectly returning DNSSEC records
4236 in negative responses when the DO bit was not set.
4238 1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
4239 EOL token when reading to end of line.
4241 1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
4242 unless RES_INIT is set when calling res_*init().
4244 1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
4245 when res_*init() is called.
4247 1183. [bug] Handle ENOSR error when writing to the internal
4248 control pipe. [RT #2395]
4250 1182. [bug] The server could throw an assertion failure when
4251 constructing a negative response packet.
4253 1181. [func] Add the "key-directory" configuration statement,
4254 which allows the server to look for online signing
4255 keys in alternate directories.
4257 1180. [func] dnssec-keygen should always generate keys with
4258 protocol 3 (DNSSEC), since it's less confusing
4261 1179. [func] Add SIG(0) support to nsupdate.
4263 1178. [bug] Follow and cache (if appropriate) A6 and other
4264 data chains to completion in the additional section.
4266 1177. [func] Report view when loading zones if it is not a
4267 standard view (_default or _bind). [RT #2270]
4269 1176. [doc] Document that allow-v6-synthesis is only performed
4270 for clients that are supplied recursive service.
4273 1175. [bug] named-checkzone and named-checkconf failed to call
4274 dns_result_register() at startup which could
4275 result in runtime exceptions when printing
4276 "out of memory" errors. [RT #2335]
4278 1174. [bug] Win32: add WSAECONNRESET to the expected errors
4279 from connect(). [RT #2308]
4281 1173. [bug] Potential memory leaks in isc_log_create() and
4282 isc_log_settag(). [RT #2336]
4284 1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
4285 table of RR types in ARM.
4287 1171. [func] Added function isc_region_compare(), updated files in
4288 lib/dns to use this function instead of local one.
4290 1170. [bug] Don't attempt to print the token when a I/O error
4291 occurs when parsing named.conf. [RT #2275]
4293 1169. [func] Identify recursive queries in the query log.
4295 1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
4297 1167. [contrib] nslint-2.1a3 (from author).
4299 1166. [bug] "Not Implemented" should be reported as NOTIMP,
4300 not NOTIMPL. [RT #2281]
4302 1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
4304 1164. [bug] Empty masters clauses in slave / stub zones were not
4305 handled gracefully. [RT #2262]
4307 1163. [func] isc_time_formattimestamp() now includes the year.
4309 1162. [bug] The allow-notify option was not accepted in slave
4312 1161. [bug] named-checkzone looped on unbalanced brackets.
4315 1160. [bug] Generating Diffie-Hellman keys longer than 1024
4316 bits could fail. [RT #2241]
4318 1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
4320 1158. [func] Report the client's address when logging notify
4323 1157. [func] match-clients and match-destinations now accept
4326 1156. [port] The configure test for strsep() incorrectly
4327 succeeded on certain patched versions of
4328 AIX 4.3.3. [RT #2190]
4330 1155. [func] Recover from master files being removed from under
4333 1154. [bug] Don't attempt to obtain the netmask of a interface
4334 if there is no address configured. [RT #2176]
4336 1153. [func] 'rndc {stop|halt} -p' now reports the process id
4337 of the instance of named being shutdown.
4339 1152. [bug] libbind: read buffer overflows.
4341 1151. [bug] nslookup failed to check that the arguments to
4342 the port, timeout, and retry options were
4343 valid integers and in range. [RT #2099]
4345 1150. [bug] named incorrectly accepted TTL values
4346 containing plus or minus signs, such as
4349 1149. [func] New function isc_parse_uint32().
4351 1148. [func] 'rndc-confgen -a' now provides positive feedback.
4353 1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
4354 the OS. listen-on-v6 { any; }; should no longer
4355 result in IPv4 queries be accepted. Similarly
4356 control { inet :: ... }; should no longer result
4357 in IPv4 connections being accepted. This can be
4358 overridden at compile time by defining
4361 1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
4362 supported by the OS by a new function
4363 isc_socket_ipv6only().
4365 1145. [func] "host" no longer reports a NOERROR/NODATA response
4366 by printing nothing. [RT #2065]
4368 1144. [bug] rndc-confgen would crash if both the -a and -t
4369 options were specified. [RT #2159]
4371 1143. [bug] When a trusted-keys statement was present and named
4372 was built without crypto support, it would leak memory.
4374 1142. [bug] dnssec-signzone would fail to delete temporary files
4375 in some failure cases. [RT #2144]
4377 1141. [bug] When named rejected a control message, it would
4378 leak a file descriptor and memory. It would also
4379 fail to respond, causing rndc to hang.
4382 1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
4383 to the -s option. [RT #2138]
4385 1139. [func] It is now possible to flush a given name from the
4386 cache(s) via 'rndc flushname name [view]'. [RT #2051]
4388 1138. [func] It is now possible to flush a given name from the
4389 cache by calling the new function
4390 dns_cache_flushname().
4392 1137. [func] It is now possible to flush a given name from the
4393 ADB by calling the new function dns_adb_flushname().
4395 1136. [bug] CNAME records synthesized from DNAMEs did not
4396 have a TTL of zero as required by RFC2672.
4399 1135. [func] You can now override the default syslog() facility for
4400 named/lwresd at compile time. [RT #1982]
4402 1134. [bug] Multi-threaded servers could deadlock in ferror()
4403 when reloading zone files. [RT #1951, #1998]
4405 1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
4406 platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
4408 1132. [func] Improve UPDATE prerequisite failure diagnostic messages.
4410 1131. [bug] The match-destinations view option did not work with
4411 IPv6 destinations. [RT #2073, #2074]
4413 1130. [bug] Log messages reporting an out-of-range serial number
4414 did not include the out-of-range number but the
4415 following token. [RT #2076]
4417 1129. [bug] Multi-threaded servers could crash under heavy
4418 resolution load due to a race condition. [RT #2018]
4420 1128. [func] sdb drivers can now provide RR data in either text
4421 or wire format, the latter using the new functions
4422 dns_sdb_putrdata() and dns_sdb_putnamedrdata().
4424 1127. [func] rndc: If the server to contact has multiple addresses,
4427 1126. [bug] The server could access a freed event if shut
4428 down while a client start event was pending
4429 delivery. [RT #2061]
4431 1125. [bug] rndc: -k option was missing from usage message.
4434 1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
4435 are now documented. [RT #2052]
4437 1123. [bug] dig +[no]fail did not match description. [RT #2052]
4439 1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
4442 1121. [bug] The server could attempt to access a NULL zone
4443 table if shut down while resolving.
4446 1120. [bug] Errors in options were not fatal. [RT #2002]
4448 1119. [func] Added support in Win32 for NTFS file/directory ACL's
4451 1118. [bug] On multi-threaded servers, a race condition
4452 could cause an assertion failure in resolver.c
4453 during resolver shutdown. [RT #2029]
4455 1117. [port] The configure check for in6addr_loopback incorrectly
4456 succeeded on AIX 4.3 when compiling with -O2
4457 because the test code was optimized away.
4460 1116. [bug] Setting transfers in a server clause, transfers-in,
4461 or transfers-per-ns to a value greater than
4462 2147483647 disabled transfers. [RT #2002]
4464 1115. [func] Set maximum values for cleaning-interval,
4465 heartbeat-interval, interface-interval,
4466 max-transfer-idle-in, max-transfer-idle-out,
4467 max-transfer-time-in, max-transfer-time-out,
4468 statistics-interval of 28 days and
4469 sig-validity-interval of 3660 days. [RT #2002]
4471 1114. [port] Ignore more accept() errors. [RT #2021]
4473 1113. [bug] The allow-update-forwarding option was ignored
4474 when specified in a view. [RT #2014]
4478 1111. [bug] Multi-threaded servers could deadlock processing
4479 recursive queries due to a locking hierarchy
4480 violation in adb.c. [RT #2017]
4482 1110. [bug] dig should only accept valid abbreviations of +options.
4485 1109. [bug] nsupdate accepted illegal ttl values.
4487 1108. [bug] On Win32, rndc was hanging when named was not running
4488 due to failure to select for exceptional conditions
4489 in select(). [RT #1870]
4491 1107. [bug] nsupdate could catch an assertion failure if an
4492 invalid domain name was given as the argument to
4495 1106. [bug] After seeing an out of range TTL, nsupdate would
4496 treat all TTLs as out of range. [RT #2001]
4498 1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
4500 1104. [bug] Invalid arguments to the transfer-format option
4501 could cause an assertion failure. [RT #1995]
4503 1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
4505 1102. [doc] Note that query logging is enabled by directing the
4506 queries category to a channel.
4508 1101. [bug] Array bounds read error in lwres_gai_strerror.
4510 1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
4512 1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
4513 compile time errors.
4515 1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
4517 1097. [func] libbind: RES_PRF_TRUNC for dig.
4519 1096. [func] libbind: "DNSSEC OK" (DO) support.
4521 1095. [func] libbind: resolver option: no-tld-query. disables
4522 trying unqualified as a tld. no_tld_query is also
4523 supported for FreeBSD compatibility.
4525 1094. [func] libbind: add support gcc's format string checking.
4527 1093. [doc] libbind: miscellaneous nroff fixes.
4529 1092. [bug] libbind: get*by*() failed to check if res_init() had
4532 1091. [bug] libbind: misplaced va_end().
4534 1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
4535 the amount of memory consumed resulting in garbage
4536 address being returned. Alignment calculations were
4537 wasting space. We weren't suppressing duplicate
4540 1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
4543 1088. [port] libbind: MPE/iX C.70 (incomplete)
4545 1087. [bug] libbind: struct __res_state too large on 64 bit arch.
4547 1086. [port] libbind: sunos: old sprintf.
4549 1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
4550 exist when compiling in 64 bit mode.
4552 1084. [cleanup] libbind: gai_strerror() rewritten.
4554 1083. [bug] The default control channel listened on the
4555 wildcard address, not the loopback as documented.
4558 1082. [bug] The -g option to named incorrectly caused logging
4559 to be sent to syslog in addition to stderr.
4562 1081. [bug] Multicast queries were incorrectly identified
4563 based on the source address, not the destination
4566 1080. [bug] BIND 8 compatibility: accept bare IP prefixes
4567 as the second element of a two-element top level
4568 sort list statement. [RT #1964]
4570 1079. [bug] BIND 8 compatibility: accept bare elements at top
4571 level of sort list treating them as if they were
4572 a single element list. [RT #1963]
4574 1078. [bug] We failed to correct bad tv_usec values in one case.
4577 1077. [func] Do not accept further recursive clients when
4578 the total number of recursive lookups being
4579 processed exceeds max-recursive-clients, even
4580 if some of the lookups are internally generated.
4583 1076. [bug] A badly defined global key could trigger an assertion
4584 on load/reload if views were used. [RT #1947]
4586 1075. [bug] Out-of-range network prefix lengths were not
4587 reported. [RT #1954]
4589 1074. [bug] Running out of memory in dump_rdataset() could
4590 cause an assertion failure. [RT #1946]
4592 1073. [bug] The ADB cache cleaning should also be space driven.
4595 1072. [bug] The TCP client quota could be exceeded when
4596 recursion occurred. [RT #1937]
4598 1071. [bug] Sockets listening for TCP DNS connections
4599 specified an excessive listen backlog. [RT #1937]
4601 1070. [bug] Copy DNSSEC OK (DO) to response as specified by
4602 draft-ietf-dnsext-dnssec-okbit-03.txt.
4606 1068. [bug] errno could be overwritten by catgets(). [RT #1921]
4608 1067. [func] Allow quotas to be soft, isc_quota_soft().
4610 1066. [bug] Provide a thread safe wrapper for strerror().
4613 1065. [func] Runtime support to select new / old style interface
4614 scanning using ioctls.
4616 1064. [bug] Do not shut down active network interfaces if we
4617 are unable to scan the interface list. [RT #1921]
4619 1063. [bug] libbind: "make install" was failing on IRIX.
4622 1062. [bug] If the control channel listener socket was shut
4623 down before server exit, the listener object could
4624 be freed twice. [RT #1916]
4626 1061. [bug] If periodic cache cleaning happened to start
4627 while cleaning due to reaching the configured
4628 maximum cache size was in progress, the server
4629 could catch an assertion failure. [RT #1912]
4631 1060. [func] Move refresh, stub and notify UDP retry processing
4634 1059. [func] dns_request now support will now retry UDP queries,
4635 dns_request_createvia2() and dns_request_createraw2().
4637 1058. [func] Limited lifetime ticker timers are now available,
4638 isc_timertype_limited.
4640 1057. [bug] Reloading the server after adding a "file" clause
4641 to a zone statement could cause the server to
4642 crash due to a typo in change 1016.
4644 1056. [bug] Rndc could catch an assertion failure on SIGINT due
4645 to an uninitialized variable. [RT #1908]
4647 1055. [func] Version and hostname queries can now be disabled
4648 using "version none;" and "hostname none;",
4651 1054. [bug] On Win32, cfg_categories and cfg_modules need to be
4652 exported from the libisccfg DLL.
4654 1053. [bug] Dig did not increase its timeout when receiving
4655 AXFRs unless the +time option was used. [RT #1904]
4657 1052. [bug] Journals were not being created in binary mode
4658 resulting in "journal format not recognized" error
4659 under Win32. [RT #1889]
4661 1051. [bug] Do not ignore a network interface completely just
4662 because it has a noncontiguous netmask. Instead,
4663 omit it from the localnets ACL and issue a warning.
4666 1050. [bug] Log messages reporting malformed IP addresses in
4667 address lists such as that of the forwarders option
4668 failed to include the correct error code, file
4669 name, and line number. [RT #1890]
4671 1049. [func] "pid-file none;" will disable writing a pid file.
4674 1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
4677 1047. [bug] named was incorrectly refusing all requests signed
4678 with a TSIG key derived from an unsigned TKEY
4679 negotiation with a NOERROR response. [RT #1886]
4681 1046. [bug] The help message for the --with-openssl configure
4682 option was inaccurate. [RT #1880]
4684 1045. [bug] It was possible to skip saving glue for a nameserver
4687 1044. [bug] Specifying allow-transfer, notify-source, or
4688 notify-source-v6 in a stub zone was not treated
4691 1043. [bug] Specifying a transfer-source or transfer-source-v6
4692 option in the zone statement for a master zone was
4693 not treated as an error. [RT #1876]
4695 1042. [bug] The "config" logging category did not work properly.
4698 1041. [bug] Dig/host/nslookup could catch an assertion failure
4699 on SIGINT due to an uninitialized variable. [RT #1867]
4701 1040. [bug] Multiple listen-on-v6 options with different ports
4702 were not accepted. [RT #1875]
4704 1039. [bug] Negative responses with CNAMEs in the answer section
4705 were cached incorrectly. [RT #1862]
4707 1038. [bug] In servers configured with a tkey-domain option,
4708 TKEY queries with an owner name other than the root
4709 could cause an assertion failure. [RT #1866, #1869]
4711 1037. [bug] Negative responses whose authority section contain
4712 SOA or NS records whose owner names are not equal
4713 equal to or parents of the query name should be
4714 rejected. [RT #1862]
4716 1036. [func] Silently drop requests received via multicast as
4717 long as there is no final multicast DNS standard.
4719 1035. [bug] If we respond to multicast queries (which we
4720 currently do not), respond from a unicast address
4721 as specified in RFC 1123. [RT #137]
4723 1034. [bug] Ignore the RD bit on multicast queries as specified
4724 in RFC 1123. [RT #137]
4726 1033. [bug] Always respond to requests with an unsupported opcode
4727 with NOTIMP, even if we don't have a matching view
4728 or cannot determine the class.
4730 1032. [func] hostname.bind/txt/chaos now returns the name of
4731 the machine hosting the nameserver. This is useful
4732 in diagnosing problems with anycast servers.
4734 1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
4737 1030. [bug] On systems with no resolv.conf file, nsupdate
4738 exited with an error rather than defaulting
4739 to using the loopback address. [RT #1836]
4741 1029. [bug] Some named.conf errors did not cause the loading
4742 of the configuration file to return a failure
4743 status even though they were logged. [RT #1847]
4745 1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
4746 in the wrong directory. [RT #1833]
4748 1027. [bug] RRs having the reserved type 0 should be rejected.
4753 1025. [bug] Don't use multicast addresses to resolve iterative
4756 1024. [port] Compilation failed on HP-UX 11.11 due to
4757 incompatible use of the SIOCGLIFCONF macro
4760 1023. [func] Accept hints without TTLs.
4762 1022. [bug] Don't report empty root hints as "extra data".
4765 1021. [bug] On Win32, log message timestamps were one month
4766 later than they should have been, and the server
4767 would exhibit unspecified behavior in December.
4769 1020. [bug] IXFR log messages did not distinguish between
4770 true IXFRs, AXFR-style IXFRs, and mere version
4773 1019. [bug] The value of the lame-ttl option was limited to 18000
4774 seconds, not 1800 seconds as documented. [RT #1803]
4776 1018. [bug] The default log channel was not always initialized
4777 correctly. [RT #1813]
4779 1017. [bug] When specifying TSIG keys to dig and nsupdate using
4780 the -k option, they must be HMAC-MD5 keys. [RT #1810]
4782 1016. [bug] Slave zones with no backup file were re-transferred
4783 on every server reload.
4785 1015. [bug] Log channels that had a "versions" option but no
4786 "size" option failed to create numbered log
4789 1014. [bug] Some queries would cause statistics counters to
4790 increment more than once or not at all. [RT #1321]
4792 1013. [bug] It was possible to cancel a query twice when marking
4793 a server as bogus or by having a blackhole acl.
4796 1012. [bug] The -p option to named did not behave as documented.
4798 1011. [cleanup] Removed isc_dir_current().
4800 1010. [bug] The server could attempt to execute a command channel
4801 command after initiating server shutdown, causing
4802 an assertion failure. [RT #1766]
4804 1009. [port] OpenUNIX 8 support. [RT #1728]
4806 1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
4808 1007. [port] config.guess, config.sub from autoconf-2.52.
4810 1006. [bug] If a KEY RR was found missing during DNSSEC validation,
4811 an assertion failure could subsequently be triggered
4812 in the resolver. [RT #1763]
4814 1005. [bug] Don't copy nonzero RCODEs from request to response.
4817 1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
4819 1003. [func] Add the +retry option to dig.
4821 1002. [bug] When reporting an unknown class name in named.conf,
4822 including the file name and line number. [RT #1759]
4824 1001. [bug] win32 socket code doio_recv was not catching a
4825 WSACONNRESET error when a client was timing out
4826 the request and closing its socket. [RT #1745]
4828 1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
4829 for class "HS". [RT #1759]
4831 999. [func] "rndc retransfer zone [class [view]]" added.
4834 998. [func] named-checkzone now has arguments to specify the
4835 chroot directory (-t) and working directory (-w).
4838 997. [func] Add support for RSA-SHA1 keys (RFC3110).
4840 996. [func] Issue warning if the configuration filename contains
4843 995. [bug] dig, host, nslookup: using a raw IPv6 address as a
4844 target address should be fatal on a IPv4 only system.
4846 994. [func] Treat non-authoritative responses to queries for type
4847 NS as referrals even if the NS records are in the
4848 answer section, because BIND 8 servers incorrectly
4849 send them that way. This is necessary for DNSSEC
4850 validation of the NS records of a secure zone to
4851 succeed when the parent is a BIND 8 server. [RT #1706]
4853 993. [func] dig: -v now reports the version.
4855 992. [doc] dig: ~/.digrc is now documented.
4857 991. [func] Lower UDP refresh timeout messages to level
4860 990. [bug] The rndc-confgen man page was not installed.
4862 989. [bug] Report filename if $INCLUDE fails for file related
4865 988. [bug] 'additional-from-auth no;' did not work reliably
4866 in the case of queries answered from the cache.
4869 987. [bug] "dig -help" didn't show "+[no]stats".
4871 986. [bug] "dig +noall" failed to clear stats and command
4874 985. [func] Consider network interfaces to be up iff they have
4875 a nonzero IP address rather than based on the
4876 IFF_UP flag. [RT #1160]
4878 984. [bug] Multi-threading should be enabled by default on
4879 Solaris 2.7 and newer, but it wasn't.
4881 983. [func] The server now supports generating IXFR difference
4882 sequences for non-dynamic zones by comparing zone
4883 versions, when enabled using the new config
4884 option "ixfr-from-differences". [RT #1727]
4886 982. [func] If "memstatistics-file" is set in options the memory
4887 statistics will be written to it.
4889 981. [func] The dnssec tools can now take multiple '-r randomfile'
4892 980. [bug] Incoming zone transfers restarting after an error
4893 could trigger an assertion failure. [RT #1692]
4895 979. [func] Incremental master file dumping. dns_master_dumpinc(),
4896 dns_master_dumptostreaminc(), dns_dumpctx_attach(),
4897 dns_dumpctx_detach(), dns_dumpctx_cancel(),
4898 dns_dumpctx_db() and dns_dumpctx_version().
4900 978. [bug] dns_db_attachversion() had an invalid REQUIRE()
4903 977. [bug] Improve "not at top of zone" error message.
4905 976. [func] named-checkconf can now test load master zones
4906 (named-checkconf -z). [RT #1468]
4908 975. [bug] "max-cache-size default;" as a view option
4909 caused an assertion failure.
4911 974. [bug] "max-cache-size unlimited;" as a global option
4914 973. [bug] Failed to log the question name when logging:
4915 "bad zone transfer request: non-authoritative zone
4918 972. [bug] The file modification time code in zone.c was using the
4919 wrong epoch. [RT #1667]
4923 970. [func] 'max-journal-size' can now be used to set a target
4926 969. [func] dig now supports the undocumented dig 8 feature
4927 of allowing arbitrary labels, not just dotted
4928 decimal quads, with the -x option. This can be
4929 used to conveniently look up RFC2317 names as in
4930 "dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
4932 968. [bug] On win32, the isc_time_now() function was unnecessarily
4933 calling strtime(). [RT #1671]
4935 967. [bug] On win32, the link for bindevt was not including the
4936 required resource file to enable the event viewer
4937 to interpret the error messages in the event log,
4942 965. [bug] Including data other than root server NS and A
4943 records in the root hint file could cause a rbtdb
4944 node reference leak. [RT #1581, #1618]
4946 964. [func] Warn if data other than root server NS and A records
4947 are found in the root hint file. [RT #1581, #1618]
4949 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
4951 962. [bug] libbind: bad "#undef", don't attempt to install
4952 non-existent nlist.h. [RT #1640]
4954 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
4955 was not defined. [RT #1482]
4957 960. [port] liblwres failed to build on systems with support for
4958 getrrsetbyname() in the OS. [RT #1592]
4960 959. [port] On FreeBSD, determine the number of CPUs by calling
4961 sysctlbyname(). [RT #1584]
4963 958. [port] ssize_t is not available on all platforms. [RT #1607]
4965 957. [bug] sys/select.h inclusion was broken on older platforms.
4968 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
4969 in named/win32/os.c due to code changes in
4970 change #953. win32 .make file for rndc-confgen
4971 updated to add include path for os.h header.
4973 --- 9.2.0rc1 released ---
4975 955. [bug] When using views, the zone's class was not being
4976 inherited from the view's class. [RT #1583]
4978 954. [bug] When requesting AXFRs or IXFRs using dig, host, or
4979 nslookup, the RD bit should not be set as zone
4980 transfers are inherently non-recursive. [RT #1575]
4982 953. [func] The /var/run/named.key file from change #843
4983 has been replaced by /etc/rndc.key. Both
4984 named and rndc will look for this file and use
4985 it to configure a default control channel key
4986 if not already configured using a different
4987 method (rndc.conf / controls). Unlike
4988 named.key, rndc.key is not created automatically;
4989 it must be created by manually running
4992 952. [bug] The server required manual intervention to serve the
4993 affected zones if it died between creating a journal
4994 and committing the first change to it.
4996 951. [bug] CFLAGS was not passed to the linker when
4997 linking some of the test programs under
4998 bin/tests. [RT #1555].
5000 950. [bug] Explicit TTLs did not properly override $TTL
5001 due to a bug in change 834. [RT #1558]
5003 949. [bug] host was unable to print records larger than 512
5006 --- 9.2.0b2 released ---
5008 948. [port] Integrated support for building on Windows NT /
5011 947. [bug] dns_rdata_soa_t had a badly named element "mname" which
5012 was really the RNAME field from RFC1035. To avoid
5013 confusion and silent errors that would occur it the
5014 "origin" and "mname" elements were given their correct
5015 names "mname" and "rname" respectively, the "mname"
5016 element is renamed to "contact".
5018 946. [cleanup] doc/misc/options is now machine-generated from the
5019 configuration parser syntax tables, and therefore
5020 more likely to be correct.
5022 945. [func] Add the new view-specific options
5023 "match-destinations" and "match-recursive-only".
5025 944. [func] Check for expired signatures on load.
5027 943. [bug] The server could crash when receiving a command
5028 via rndc if the configuration file listed only
5029 nonexistent keys in the controls statement. [RT #1530]
5031 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly
5032 defined on some platforms.
5034 941. [bug] The configuration checker crashed if a slave
5035 zone didn't contain a masters statement. [RT #1514]
5037 940. [bug] Double zone locking failure on error path. [RT #1510]
5039 --- 9.2.0b1 released ---
5041 939. [port] Add the --disable-linux-caps option to configure for
5042 systems that manage capabilities outside of named.
5047 937. [bug] A race when shutting down a zone could trigger a
5048 INSIST() failure. [RT #1034]
5050 936. [func] Warn about IPv4 addresses that are not complete
5051 dotted quads. [RT #1084]
5053 935. [bug] inet_pton failed to reject leading zeros.
5055 934. [port] Deal with systems where accept() spuriously returns
5058 933. [bug] configure failed doing libbind on platforms not
5059 supported by BIND 8. [RT #1496]
5061 --- 9.2.0a3 released ---
5063 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
5064 when installing isc-config.sh.
5067 931. [bug] The controls statement only attempted to verify
5068 messages using the first key in the key list.
5071 930. [func] Query performance testing tool added as
5076 928. [bug] nsupdate would send empty update packets if the
5077 send (or empty line) command was run after
5078 another send but before any new updates or
5079 prerequisites were specified. It should simply
5080 ignore this command.
5082 927. [bug] Don't hold the zone lock for the entire dump to disk.
5085 926. [bug] The resolver could deadlock with the ADB when
5086 shutting down (multi-threaded builds only).
5089 925. [cleanup] Remove openssl from the distribution; require that
5090 --with-openssl be specified if DNSSEC is needed.
5092 924. [port] Extend support for pre-RFC2133 IPv6 implementation.
5095 923. [bug] Multiline TSIG secrets (and other multiline strings)
5096 were not accepted in named.conf. [RT #1469]
5098 922. [func] Added two new lwres_getrrsetbyname() result codes,
5099 ERR_NONAME and ERR_NODATA.
5101 921. [bug] lwres returned an incorrect error code if it received
5102 a truncated message.
5104 920. [func] Increase the lwres receive buffer size to 16K.
5109 918. [func] In nsupdate, TSIG errors are no longer treated as
5112 917. [func] New nsupdate command 'key', allowing TSIG keys to
5113 be specified in the nsupdate command stream rather
5114 than the command line.
5116 916. [bug] Specifying type ixfr to dig without specifying
5117 a serial number failed in unexpected ways.
5119 915. [func] The named-checkconf and named-checkzone programs
5120 now have a '-v' option for printing their version.
5123 914. [bug] Global 'server' statements were rejected when
5124 using views, even though they were accepted
5127 913. [bug] Cache cleaning was not sufficiently aggressive.
5130 912. [bug] Attempts to set the 'additional-from-cache' or
5131 'additional-from-auth' option to 'no' in a
5132 server with recursion enabled will now
5133 be ignored and cause a warning message.
5138 910. [port] Some pre-RFC2133 IPv6 implementations do not define
5139 IN6ADDR_ANY_INIT. [RT #1416]
5143 908. [func] New program, rndc-confgen, to simplify setting up rndc.
5145 907. [func] The ability to get entropy from either the
5146 random device, a user-provided file or from
5147 the keyboard was migrated from the DNSSEC tools
5148 to libisc as isc_entropy_usebestsource().
5150 906. [port] Separated the system independent portion of
5151 lib/isc/unix/entropy.c into lib/isc/entropy.c
5152 and added lib/isc/win32/entropy.c.
5154 905. [bug] Configuring a forward "zone" for the root domain
5155 did not work. [RT #1418]
5157 904. [bug] The server would leak memory if attempting to use
5158 an expired TSIG key. [RT #1406]
5160 903. [bug] dig should not crash when receiving a TCP packet
5163 902. [bug] The -d option was ignored if both -t and -g were also
5168 900. [bug] A config.guess update changed the system identification
5169 string of FreeBSD systems; configure and
5170 bin/tests/system/ifconfig.sh now recognize the new
5173 --- 9.2.0a2 released ---
5175 899. [bug] lib/dns/soa.c failed to compile on many platforms
5176 due to inappropriate use of a void value.
5177 [RT #1372, #1373, #1386, #1387, #1395]
5179 898. [bug] "dig" failed to set a nonzero exit status
5180 on UDP query timeout. [RT #1323]
5182 897. [bug] A config.guess update changed the system identification
5183 string of UnixWare systems; configure now recognizes
5186 896. [bug] If a configuration file is set on named's command line
5187 and it has a relative pathname, the current directory
5188 (after any possible jailing resulting from named -t)
5189 will be prepended to it so that reloading works
5190 properly even when a directory option is present.
5192 895. [func] New function, isc_dir_current(), akin to POSIX's
5195 894. [bug] When using the DNSSEC tools, a message intended to warn
5196 when the keyboard was being used because of the lack
5197 of a suitable random device was not being printed.
5199 893. [func] Removed isc_file_test() and added isc_file_exists()
5200 for the basic functionality that was being added
5201 with isc_file_test().
5205 891. [bug] Return an error when a SIG(0) signed response to
5206 an unsigned query is seen. This should actually
5207 do the verification, but it's not currently
5208 possible. [RT #1391]
5210 890. [cleanup] The man pages no longer require the mandoc macros
5211 and should now format cleanly using most versions of
5212 nroff, and HTML versions of the man pages have been
5213 added. Both are generated from DocBook source.
5215 889. [port] Eliminated blank lines before .TH in nroff man
5216 pages since they cause problems with some versions
5217 of nroff. [RT #1390]
5219 888. [bug] Don't die when using TKEY to delete a nonexistent
5220 TSIG key. [RT #1392]
5222 887. [port] Detect broken compilers that can't call static
5223 functions from inline functions. [RT #1212]
5265 866. [func] Close debug only file channels when debug is set to
5268 865. [bug] The new configuration parser did not allow
5269 the optional debug level in a "severity debug"
5270 clause of a logging channel to be omitted.
5271 This is now allowed and treated as "severity
5272 debug 1;" like it does in BIND 8.2.4, not as
5273 "severity debug 0;" like it did in BIND 9.1.
5276 864. [cleanup] Multi-threading is now enabled by default on
5277 OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
5279 863. [bug] If an error occurred while an outgoing zone transfer
5280 was starting up, the server could access a domain
5281 name that had already been freed when logging a
5282 message saying that the transfer was starting.
5285 862. [bug] Use after realloc(), non portable pointer arithmetic in
5288 861. [port] Add support for Mac OS X, by making it equivalent
5289 to Darwin. This was derived from the config.guess
5290 file shipped with Mac OS X. [RT #1355]
5292 860. [func] Drop cross class glue in zone transfers.
5294 859. [bug] Cache cleaning now won't swamp the CPU if there
5295 is a persistent over limit condition.
5297 858. [func] isc_mem_setwater() no longer requires that when the
5298 callback function is non-NULL then its hi_water
5299 argument must be greater than its lo_water argument
5300 (they can now be equal) or that they be non-zero.
5302 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
5303 structs, for our friends in EBCDIC-land.
5305 856. [func] Allow partial rdatasets to be returned in answer and
5306 authority sections to help non-TCP capable clients
5307 recover from truncation. [RT #1301]
5309 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
5311 854. [bug] The config parser didn't properly handle config
5312 options that were specified in units of time other
5313 than seconds. [RT #1372]
5315 853. [bug] configure_view_acl() failed to detach existing acls.
5318 852. [bug] Handle responses from servers which do not know
5321 851. [cleanup] The obsolete support-ixfr option was not properly
5324 --- 9.2.0a1 released ---
5326 850. [bug] dns_rbt_findnode() would not find nodes that were
5327 split on a bitstring label somewhere other than in
5328 the last label of the node. [RT #1351]
5330 849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
5332 848. [func] A minimum max-cache-size of two megabytes is enforced
5333 by the cache cleaner.
5335 847. [func] Added isc_file_test(), which currently only has
5336 some very basic functionality to test for the
5337 existence of a file, whether a pathname is absolute,
5338 or whether a pathname is the fundamental representation
5339 of the current directory. It is intended that this
5340 function can be expanded to test other things a
5341 programmer might want to know about a file.
5343 846. [func] A non-zero 'param' to dst_key_generate() when making an
5344 hmac-md5 key means that good entropy is not required.
5346 845. [bug] The access rights on the public file of a symmetric
5347 key are now restricted as soon as the file is opened,
5348 rather than after it has been written and closed.
5350 844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
5351 just as <lwres/net.h> does.
5353 843. [func] If no controls statement is present in named.conf,
5354 or if any inet phrase of a controls statement is
5355 lacking a keys clause, then a key will be automatically
5356 generated by named and an rndc.conf-style file
5357 named named.key will be written that uses it. rndc
5358 will use this file only if its normal configuration
5359 file, or one provided on the command line, does not
5362 842. [func] 'rndc flush' now takes an optional view.
5364 841. [bug] When sdb modules were not declared threadsafe, their
5365 create and destroy functions were not serialized.
5367 840. [bug] The config file parser could print the wrong file
5368 name if an error was detected after an included file
5369 was parsed. [RT #1353]
5371 839. [func] Dump packets for which there was no view or that the
5372 class could not be determined to category "unmatched".
5374 838. [port] UnixWare 7.x.x is now suported by
5375 bin/tests/system/ifconfig.sh.
5377 837. [cleanup] Multi-threading is now enabled by default only on
5378 OSF1, Solaris 2.7 and newer, and AIX.
5380 836. [func] Upgraded libtool to 1.4.
5382 835. [bug] The dispatcher could enter a busy loop if
5383 it got an I/O error receiving on a UDP socket.
5386 834. [func] Accept (but warn about) master files beginning with
5387 an SOA record without an explicit TTL field and
5388 lacking a $TTL directive, by using the SOA MINTTL
5389 as a default TTL. This is for backwards compatibility
5390 with old versions of BIND 8, which accepted such
5391 files without warning although they are illegal
5392 according to RFC1035.
5394 833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
5395 <dns/soa.h>, and extended them to support
5396 all the integer-valued fields of the SOA RR.
5398 832. [bug] The default location for named.conf in named-checkconf
5399 should depend on --sysconfdir like it does in named.
5404 830. [func] Implement 'rndc status'.
5406 829. [bug] The DNS_R_ZONECUT result code should only be returned
5407 when an ANY query is made with DNS_DBFIND_GLUEOK set.
5408 In all other ANY query cases, returning the delegation
5411 828. [bug] The errno value from recvfrom() could be overwritten
5412 by logging code. [RT #1293]
5414 827. [bug] When an IXFR protocol error occurs, the slave
5415 should retry with AXFR.
5417 826. [bug] Some IXFR protocol errors were not detected.
5419 825. [bug] zone.c:ns_query() detached from the wrong zone
5420 reference. [RT #1264]
5422 824. [bug] Correct line numbers reported by dns_master_load().
5425 823. [func] The output of "dig -h" now goes to stdout so that it
5426 can easily be piped through "more". [RT #1254]
5428 822. [bug] Sending nxrrset prerequisites would crash nsupdate.
5431 821. [bug] The program name used when logging to syslog should
5432 be stripped of leading path components.
5435 820. [bug] Name server address lookups failed to follow
5436 A6 chains into the glue of local authoritative
5439 819. [bug] In certain cases, the resolver's attempts to
5440 restart an address lookup at the root could cause
5441 the fetch to deadlock (with itself) instead of
5442 restarting. [RT #1225]
5444 818. [bug] Certain pathological responses to ANY queries could
5445 cause an assertion failure. [RT #1218]
5447 817. [func] Adjust timeouts for dialup zone queries.
5449 816. [bug] Report potential problems with log file accessibility
5450 at configuration time, since such problems can't
5451 reliably be reported at the time they actually occur.
5453 815. [bug] If a log file was specified with a path separator
5454 character (i.e. "/") in its name and the directory
5455 did not exist, the log file's name was treated as
5456 though it were the directory name. [RT #1189]
5458 814. [bug] Socket objects left over from accept() failures
5459 were incorrectly destroyed, causing corruption
5460 of socket manager data structures.
5462 813. [bug] File descriptors exceeding FD_SETSIZE were handled
5465 812. [bug] dig sometimes printed incomplete IXFR responses
5466 due to an uninitialized variable. [RT #1188]
5468 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
5470 810. [bug] The signer name in SIG records was not properly
5471 down-cased when signing/verifying records. [RT #1186]
5473 809. [bug] Configuring a non-local address as a transfer-source
5474 could cause an assertion failure during load.
5476 808. [func] Add 'rndc flush' to flush the server's cache.
5478 807. [bug] When setting up TCP connections for incoming zone
5479 transfers, the transfer-source port was not
5480 ignored like it should be.
5482 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
5483 the calling stack to the zone maintenance level,
5484 causing zones to not reload when an included file was
5485 touched but the top-level zone file was not.
5487 805. [bug] When using "forward only", missing root hints should
5488 not cause queries to fail. [RT #1143]
5490 804. [bug] Attempting to obtain entropy could fail in some
5491 situations. This would be most common on systems
5492 with user-space threads. [RT #1131]
5494 803. [bug] Treat all SIG queries as if they have the CD bit set,
5495 otherwise no data will be returned [RT #749]
5497 802. [bug] DNSSEC key tags were computed incorrectly in almost
5498 all cases. [RT #1146]
5500 801. [bug] nsupdate should treat lines beginning with ';' as
5501 comments. [RT #1139]
5503 800. [bug] dnssec-signzone produced incorrect statistics for
5504 large zones. [RT #1133]
5506 799. [bug] The ADB didn't find AAAA glue in a zone unless A6
5507 glue was also present.
5509 798. [bug] nsupdate should be able to reject bad input lines
5510 and continue. [RT #1130]
5512 797. [func] Issue a warning if the 'directory' option contains
5513 a relative path. [RT #269]
5515 796. [func] When a size limit is associated with a log file,
5516 only roll it when the size is reached, not every
5517 time the log file is opened. [RT #1096]
5519 795. [func] Add the +multiline option to dig. [RT #1095]
5521 794. [func] Implement the "port" and "default-port" statements
5524 793. [cleanup] The DNSSEC tools could create filenames that were
5525 illegal or contained shell meta-characters. They
5526 now use a different text encoding of names that
5527 doesn't have these problems. [RT #1101]
5529 792. [cleanup] Replace the OMAPI command channel protocol with a
5532 791. [bug] The command channel now works over IPv6.
5534 790. [bug] Wildcards created using dynamic update or IXFR
5535 could fail to match. [RT #1111]
5537 789. [bug] The "localhost" and "localnets" ACLs did not match
5538 when used as the second element of a two-element
5541 788. [func] Add the "match-mapped-addresses" option, which
5542 causes IPv6 v4mapped addresses to be treated as
5543 IPv4 addresses for the purpose of acl matching.
5545 787. [bug] The DNSSEC tools failed to downcase domain
5546 names when mapping them into file names.
5548 786. [bug] When DNSSEC signing/verifying data, owner names were
5549 not properly down-cased.
5551 785. [bug] A race condition in the resolver could cause
5552 an assertion failure. [RT #673, #872, #1048]
5554 784. [bug] nsupdate and other programs would not quit properly
5555 if some signals were blocked by the caller. [RT #1081]
5557 783. [bug] Following CNAMEs could cause an assertion failure
5558 when either using an sdb database or under very
5561 782. [func] Implement the "serial-query-rate" option.
5563 781. [func] Avoid error packet loops by dropping duplicate FORMERR
5564 responses. [RT #1006]
5566 780. [bug] Error handling code dealing with out of memory or
5567 other rare errors could lead to assertion failures
5568 by calling functions on uninitialized names. [RT #1065]
5570 779. [func] Added the "minimal-responses" option.
5572 778. [bug] When starting cache cleaning, cleaning_timer_action()
5573 returned without first pausing the iterator, which
5574 could cause deadlock. [RT #998]
5576 777. [bug] An empty forwarders list in a zone failed to override
5577 global forwarders. [RT #995]
5579 776. [func] Improved error reporting in denied messages. [RT #252]
5583 774. [func] max-cache-size is implemented.
5585 773. [func] Added isc_rwlock_trylock() to attempt to lock without
5588 772. [bug] Owner names could be incorrectly omitted from cache
5589 dumps in the presence of negative caching entries.
5592 771. [cleanup] TSIG errors related to unsynchronized clocks
5593 are logged better. [RT #919]
5595 770. [func] Add the "edns yes_or_no" statement to the server
5598 769. [func] Improved error reporting when parsing rdata. [RT #740]
5600 768. [bug] The server did not emit an SOA when a CNAME
5601 or DNAME chain ended in NXDOMAIN in an
5606 766. [bug] A few cases in query_find() could leak fname.
5607 This would trigger the mpctx->allocated == 0
5608 assertion when the server exited.
5609 [RT #739, #776, #798, #812, #818, #821, #845,
5612 765. [func] ACL names are once again case insensitive, like
5613 in BIND 8. [RT #252]
5615 764. [func] Configuration files now allow "include" directives
5616 in more places, such as inside the "view" statement.
5617 [RT #377, #728, #860]
5619 763. [func] Configuration files no longer have reserved words.
5622 762. [cleanup] The named.conf and rndc.conf file parsers have
5623 been completely rewritten.
5625 761. [bug] _REENTRANT was still defined when building with
5628 760. [contrib] Significant enhancements to the pgsql sdb driver.
5630 759. [bug] The resolver didn't turn off "avoid fetches" mode
5631 when restarting, possibly causing resolution
5632 to fail when it should not. This bug only affected
5633 platforms which support both IPv4 and IPv6. [RT #927]
5635 758. [bug] The "avoid fetches" code did not treat negative
5636 cache entries correctly, causing fetches that would
5637 be useful to be avoided. This bug only affected
5638 platforms which support both IPv4 and IPv6. [RT #927]
5640 757. [func] Log zone transfers.
5642 756. [bug] dns_zone_load() could "return" success when no master
5643 file was configured.
5645 755. [bug] Fix incorrectly formatted log messages in zone.c.
5647 754. [bug] Certain failure conditions sending UDP packets
5648 could cause the server to retry the transmission
5649 indefinitely. [RT #902]
5651 753. [bug] dig, host, and nslookup would fail to contact a
5652 remote server if getaddrinfo() returned an IPv6
5653 address on a system that doesn't support IPv6.
5656 752. [func] Correct bad tv_usec elements returned by
5659 751. [func] Log successful zone loads / transfers. [RT #898]
5661 750. [bug] A query should not match a DNAME whose trust level
5662 is pending. [RT #916]
5664 749. [bug] When a query matched a DNAME in a secure zone, the
5665 server did not return the signature of the DNAME.
5668 748. [doc] List supported RFCs in doc/misc/rfc-compliance.
5671 747. [bug] The code to determine whether an IXFR was possible
5672 did not properly check for a database that could
5673 not have a journal. [RT #865, #908]
5675 746. [bug] The sdb didn't clone rdatasets properly, causing
5676 a crash when the server followed delegations. [RT #905]
5678 745. [func] Report the owner name of records that fail
5679 semantic checks while loading.
5681 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
5682 result of an ANY or SIG query, the resolver failed
5683 to setup the return event's rdatasets, causing an
5684 assertion failure in the query code. [RT #881]
5686 743. [bug] Receiving a large number of certain malformed
5687 answers could cause named to stop responding.
5692 741. [port] Support openssl-engine. [RT #709]
5694 740. [port] Handle openssl library mismatches slightly better.
5696 739. [port] Look for /dev/random in configure, rather than
5697 assuming it will be there for only a predefined
5700 738. [bug] If a non-threadsafe sdb driver supported AXFR and
5701 received an AXFR request, it would deadlock or die
5702 with an assertion failure. [RT #852]
5704 737. [port] stdtime.c failed to compile on certain platforms.
5706 736. [func] New functions isc_task_{begin,end}exclusive().
5708 735. [doc] Add BIND 4 migration notes.
5710 734. [bug] An attempt to re-lock the zone lock could occur if
5711 the server was shutdown during a zone transfer.
5714 733. [bug] Reference counts of dns_acl_t objects need to be
5715 locked but were not. [RT #801, #821]
5717 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
5719 731. [bug] Certain zone errors could cause named-checkzone to
5720 fail ungracefully. [RT #819]
5722 730. [bug] lwres_getaddrinfo() returns the correct result when
5723 it fails to contact a server. [RT #768]
5725 729. [port] pthread_setconcurrency() needs to be called on Solaris.
5727 728. [bug] Fix comment processing on master file directives.
5730 727. [port] Work around OS bug where accept() succeeds but
5731 fails to fill in the peer address of the accepted
5732 connection, by treating it as an error rather than
5733 an assertion failure. [RT #809]
5735 726. [func] Implement the "trace" and "notrace" commands in rndc.
5737 725. [bug] Installing man pages could fail.
5739 724. [func] New libisc functions isc_netaddr_any(),
5742 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
5743 to return DNS_R_SERVFAIL. [RT #783]
5745 722. [func] Allow incremental loads to be canceled.
5747 721. [cleanup] Load manager and dns_master_loadfilequota() are no
5750 720. [bug] Server could enter infinite loop in
5751 dispatch.c:do_cancel(). [RT #733]
5753 719. [bug] Rapid reloads could trigger an assertion failure.
5756 718. [cleanup] "internal" is no longer a reserved word in named.conf.
5759 717. [bug] Certain TKEY processing failure modes could
5760 reference an uninitialized variable, causing the
5761 server to crash. [RT #750]
5763 716. [bug] The first line of a $INCLUDE master file was lost if
5764 an origin was specified. [RT #744]
5766 715. [bug] Resolving some A6 chains could cause an assertion
5767 failure in adb.c. [RT #738]
5769 714. [bug] Preserve interval timers across reloads unless changed.
5772 713. [func] named-checkconf takes '-t directory' similar to named.
5775 712. [bug] Sending a large signed update message caused an
5776 assertion failure. [RT #718]
5778 711. [bug] The libisc and liblwres implementations of
5779 inet_ntop contained an off by one error.
5781 710. [func] The forwarders statement now takes an optional
5784 709. [bug] ANY or SIG queries for data with a TTL of 0
5785 would return SERVFAIL. [RT #620]
5787 708. [bug] When building with --with-openssl, the openssl headers
5788 included with BIND 9 should not be used. [RT #702]
5790 707. [func] The "filename" argument to named-checkzone is no
5791 longer optional, to reduce confusion. [RT #612]
5793 706. [bug] Zones with an explicit "allow-update { none; };"
5794 were considered dynamic and therefore not reloaded
5795 on SIGHUP or "rndc reload".
5797 705. [port] Work out resource limit type for use where rlim_t is
5798 not available. [RT #695]
5800 704. [port] RLIMIT_NOFILE is not available on all platforms.
5803 703. [port] sys/select.h is needed on older platforms. [RT #695]
5805 702. [func] If the address 0.0.0.0 is seen in resolv.conf,
5806 use 127.0.0.1 instead. [RT #693]
5808 701. [func] Root hints are now fully optional. Class IN
5809 views use compiled-in hints by default, as
5810 before. Non-IN views with no root hints now
5811 provide authoritative service but not recursion.
5812 A warning is logged if a view has neither root
5813 hints nor authoritative data for the root. [RT #696]
5815 700. [bug] $GENERATE range check was wrong. [RT #688]
5817 699. [bug] The lexer mishandled empty quoted strings. [RT #694]
5819 698. [bug] Aborting nsupdate with ^C would lead to several
5822 697. [bug] nsupdate was not compatible with the undocumented
5823 BIND 8 behavior of ignoring TTLs in "update delete"
5826 696. [bug] lwresd would die with an assertion failure when passed
5827 a zero-length name. [RT #692]
5829 695. [bug] If the resolver attempted to query a blackholed or
5830 bogus server, the resolution would fail immediately.
5832 694. [bug] $GENERATE did not produce the last entry.
5835 693. [bug] An empty lwres statement in named.conf caused
5836 the server to crash while loading.
5838 692. [bug] Deal with systems that have getaddrinfo() but not
5839 gai_strerror(). [RT #679]
5841 691. [bug] Configuring per-view forwarders caused an assertion
5842 failure. [RT #675, #734]
5844 690. [func] $GENERATE now supports DNAME. [RT #654]
5846 689. [doc] man pages are now installed. [RT #210]
5848 688. [func] "make tags" now works on systems with the
5849 "Exuberant Ctags" etags.
5851 687. [bug] Only say we have IPv6, with sufficient functionality,
5852 if it has actually been tested. [RT #586]
5854 686. [bug] dig and nslookup can now be properly aborted during
5855 blocking operations. [RT #568]
5857 685. [bug] nslookup should use the search list/domain options
5858 from resolv.conf by default. [RT #405, #630]
5860 684. [bug] Memory leak with view forwarders. [RT #656]
5862 683. [bug] File descriptor leak in isc_lex_openfile().
5864 682. [bug] nslookup displayed SOA records incorrectly. [RT #665]
5866 681. [bug] $GENERATE specifying output format was broken. [RT #653]
5868 680. [bug] dns_rdata_fromstruct() mishandled options bigger
5871 679. [bug] $INCLUDE could leak memory and file descriptors on
5874 678. [bug] "transfer-format one-answer;" could trigger an assertion
5877 677. [bug] dnssec-signzone would occasionally use the wrong ttl
5878 for database operations and fail. [RT #643]
5880 676. [bug] Log messages about lame servers to category
5881 'lame-servers' rather than 'resolver', so as not
5882 to be gratuitously incompatible with BIND 8.
5884 675. [bug] TKEY queries could cause the server to leak
5887 674. [func] Allow messages to be TSIG signed / verified using
5888 a offset from the current time.
5890 673. [func] The server can now convert RFC1886-style recursive
5891 lookup requests into RFC2874-style lookups, when
5892 enabled using the new option "allow-v6-synthesis".
5894 672. [bug] The wrong time was in the "time signed" field when
5895 replying with BADTIME error.
5897 671. [bug] The message code was failing to parse a message with
5898 no question section and a TSIG record. [RT #628]
5900 670. [bug] The lwres replacements for getaddrinfo and
5901 getipnodebyname didn't properly check for the
5902 existence of the sockaddr sa_len field.
5904 669. [bug] dnssec-keygen now makes the public key file
5905 non-world-readable for symmetric keys. [RT #403]
5907 668. [func] named-checkzone now reports multiple errors in master
5910 667. [bug] On Linux, running named with the -u option and a
5911 non-world-readable configuration file didn't work.
5914 666. [bug] If a request sent by dig is longer than 512 bytes,
5917 665. [bug] Signed responses were not sent when the size of the
5918 TSIG + question exceeded the maximum message size.
5921 664. [bug] The t_tasks and t_timers module tests are now skipped
5922 when building without threads, since they require
5925 663. [func] Accept a size_spec, not just an integer, in the
5926 (unimplemented and ignored) max-ixfr-log-size option
5927 for compatibility with recent versions of BIND 8.
5930 662. [bug] dns_rdata_fromtext() failed to log certain errors.
5932 661. [bug] Certain UDP IXFR requests caused an assertion failure
5933 (mpctx->allocated == 0). [RT #355, #394, #623]
5935 660. [port] Detect multiple CPUs on HP-UX and IRIX.
5937 659. [performance] Rewrite the name compression code to be much faster.
5939 658. [cleanup] Remove all vestiges of 16 bit global compression.
5941 657. [bug] When a listen-on statement in an lwres block does not
5942 specify a port, use 921, not 53. Also update the
5943 listen-on documentation. [RT #616]
5945 656. [func] Treat an unescaped newline in a quoted string as
5946 an error. This means that TXT records with missing
5947 close quotes should have meaningful errors printed.
5949 655. [bug] Improve error reporting on unexpected eof when loading
5952 654. [bug] Origin was being forgotten in TCP retries in dig.
5955 653. [bug] +defname option in dig was reversed in sense.
5958 652. [bug] zone_saveunique() did not report the new name.
5960 651. [func] The AD bit in responses now has the meaning
5961 specified in <draft-ietf-dnsext-ad-is-secure>.
5963 650. [bug] SIG(0) records were being generated and verified
5964 incorrectly. [RT #606]
5966 649. [bug] It was possible to join to an already running fctx
5967 after it had "cloned" its events, but before it sent
5968 them. In this case, the event of the newly joined
5969 fetch would not contain the answer, and would
5970 trigger the INSIST() in fctx_sendevents(). In
5971 BIND 9.0, this bug did not trigger an INSIST(), but
5972 caused the fetch to fail with a SERVFAIL result.
5973 [RT #588, #597, #605, #607]
5975 648. [port] Add support for pre-RFC2133 IPv6 implementations.
5977 647. [bug] Resolver queries sent after following multiple
5978 referrals had excessively long retransmission
5979 timeouts due to incorrectly counting the referrals
5982 646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
5983 didn't _cleanly_ fix the problem it was trying to fix.
5985 645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
5987 644. [bug] #622 needed more work. [RT #562]
5989 643. [bug] xfrin error messages made more verbose, added class
5990 of the zone. [RT# 599]
5992 642. [bug] Break the exit_check() race in the zone module.
5995 --- 9.1.0b2 released ---
5997 641. [bug] $GENERATE caused a uninitialized link to be used.
6000 640. [bug] Memory leak in error path could cause
6001 "mpctx->allocated == 0" failure. [RT #584]
6003 639. [bug] Reading entropy from the keyboard would sometimes fail.
6006 638. [port] lib/isc/random.c needed to explicitly include time.h
6007 to get a prototype for time() when pthreads was not
6008 being used. [RT #592]
6010 637. [port] Use isc_u?int64_t instead of (unsigned) long long in
6011 lib/isc/print.c. Also allow lib/isc/print.c to
6012 be compiled even if the platform does not need it.
6015 636. [port] Shut up MSVC++ about a possible loss of precision
6016 in the ISC__BUFFER_PUTUINT*() macros. [RT #592]
6018 635. [bug] Reloading a server with a configured blackhole list
6019 would cause an assertion. [RT #590]
6021 634. [bug] A log file will completely stop being written when
6022 it reaches the maximum size in all cases, not just
6023 when versioning is also enabled. [RT #570]
6025 633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
6027 632. [bug] The index array of the journal file was
6028 corrupted as it was written to disk.
6030 631. [port] Build without thread support on systems without
6033 630. [bug] Locking failure in zone code. [RT #582]
6035 629. [bug] 9.1.0b1 dereferenced a null pointer and crashed
6036 when responding to a UDP IXFR request.
6038 628. [bug] If the root hints contained only AAAA addresses,
6039 named would be unable to perform resolution.
6041 627. [bug] The EDNS0 blackhole detection code of change 324
6042 waited for three retransmissions to each server,
6043 which takes much too long when a domain has many
6044 name servers and all of them drop EDNS0 queries.
6045 Now we retry without EDNS0 after three consecutive
6046 timeouts, even if they are all from different
6049 626. [bug] The lightweight resolver daemon no longer crashes
6050 when asked for a SIG rrset. [RT #558]
6052 625. [func] Zones now inherit their class from the enclosing view.
6054 624. [bug] The zone object could get timer events after it had
6055 been destroyed, causing a server crash. [RT #571]
6057 623. [func] Added "named-checkconf" and "named-checkzone" program
6058 for syntax checking named.conf files and zone files,
6061 622. [bug] A canceled request could be destroyed before
6062 dns_request_destroy() was called. [RT #562]
6064 621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable.
6065 This mostly affects Red Hat Linux 7.0, which has
6066 conflicts between libc and the kernel.
6068 620. [bug] dns_master_load*inc() now require 'task' and 'load'
6069 to be non-null. Also 'done' will not be called if
6070 dns_master_load*inc() fails immediately. [RT #565]
6074 618. [bug] Queries to a signed zone could sometimes cause
6075 an assertion failure.
6077 617. [bug] When using dynamic update to add a new RR to an
6078 existing RRset with a different TTL, the journal
6079 entries generated from the update did not include
6080 explicit deletions and re-additions of the existing
6081 RRs to update their TTL to the new value.
6083 616. [func] dnssec-signzone -t output now includes performance
6086 615. [bug] dnssec-signzone did not like child keysets signed
6089 614. [bug] Checks for uninitialized link fields were prone
6090 to false positives, causing assertion failures.
6091 The checks are now disabled by default and may
6092 be re-enabled by defining ISC_LIST_CHECKINIT.
6094 613. [bug] "rndc reload zone" now reloads primary zones.
6095 It previously only updated slave and stub zones,
6096 if an SOA query indicated an out of date serial.
6098 612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that
6099 complains relentlessly about how its treatment
6100 of 'const' has changed as well as how casting
6101 sometimes tightens alignment constraints.
6103 611. [func] allow-notify can be used to permit processing of
6104 notify messages from hosts other than a slave's
6107 610. [func] rndc dumpdb is now supported.
6109 609. [bug] getrrsetbyname() would crash lwresd if the server
6110 found more SIGs than answers. [RT #554]
6112 608. [func] dnssec-signzone now adds a comment to the zone
6113 with the time the file was signed.
6115 607. [bug] nsupdate would fail if it encountered a CNAME or
6116 DNAME in a response to an SOA query. [RT #515]
6118 606. [bug] Compiling with --disable-threads failed due
6119 to isc_thread_self() being incorrectly defined
6120 as an integer rather than a function.
6122 605. [func] New function isc_lex_getlasttokentext().
6124 604. [bug] The named.conf parser could print incorrect line
6125 numbers when long comments were present.
6127 603. [bug] Make dig handle multiple types or classes on the same
6128 query more correctly.
6130 602. [func] Cope automatically with UnixWare's broken
6131 IN6_IS_ADDR_* macros. [RT #539]
6133 601. [func] Return a non-zero exit code if an update fails
6136 600. [bug] Reverse lookups sometimes failed in dig, etc...
6138 599. [func] Added four new functions to the libisc log API to
6139 support i18n messages. isc_log_iwrite(),
6140 isc_log_ivwrite(), isc_log_iwrite1() and
6141 isc_log_ivwrite1() were added.
6143 598. [bug] An update-policy statement would cause the server
6144 to assert while loading. [RT #536]
6146 597. [func] dnssec-signzone is now multi-threaded.
6148 596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
6149 not mutually exclusive.
6151 595. [port] On Linux 2.2, socket() returns EINVAL when it
6152 should return EAFNOSUPPORT. Work around this.
6155 594. [func] sdb drivers are now assumed to not be thread-safe
6156 unless the DNS_SDBFLAG_THREADSAFE flag is supplied.
6158 593. [bug] If a secure zone was missing all its NXTs and
6159 a dynamic update was attempted, the server entered
6162 592. [bug] The sig-validity-interval option now specifies a
6163 number of days, not seconds. This matches the
6164 documentation. [RT #529]
6166 --- 9.1.0b1 released ---
6168 591. [bug] Work around non-reentrancy in openssl by disabling
6169 pre-computation in keys.
6171 590. [doc] There are now man pages for the lwres library in
6174 589. [bug] The server could deadlock if a zone was updated
6175 while being transferred out.
6177 588. [bug] ctx->in_use was not being correctly initialized when
6178 when pushing a file for $INCLUDE. [RT #523]
6180 587. [func] A warning is now printed if the "allow-update"
6181 option allows updates based on the source IP
6182 address, to alert users to the fact that this
6183 is insecure and becoming increasingly so as
6184 servers capable of update forwarding are being
6187 586. [bug] multiple views with the same name were fatal. [RT #516]
6189 585. [func] dns_db_addrdataset() and and dns_rdataslab_merge()
6190 now support 'exact' additions in a similar manner to
6191 dns_db_subtractrdataset() and dns_rdataslab_subtract().
6193 584. [func] You can now say 'notify explicit'; to suppress
6194 notification of the servers listed in NS records
6195 and notify only those servers listed in the
6196 'also-notify' option.
6198 583. [func] "rndc querylog" will now toggle logging of
6199 queries, like "ndc querylog" in BIND 8.
6201 582. [bug] dns_zone_idetach() failed to lock the zone.
6204 581. [bug] log severity was not being correctly processed.
6207 580. [func] Ignore trailing garbage on incoming DNS packets,
6208 for interoperability with broken server
6209 implementations. [RT #491]
6211 579. [bug] nsupdate did not take a filename to read update from.
6214 578. [func] New config option "notify-source", to specify the
6215 source address for notify messages.
6217 577. [func] Log illegal RDATA combinations. e.g. multiple
6218 singleton types, cname and other data.
6220 576. [doc] isc_log_create() description did not match reality.
6222 575. [bug] isc_log_create() was not setting internal state
6223 correctly to reflect the default channels created.
6225 574. [bug] TSIG signed queries sent by the resolver would fail to
6226 have their responses validated and would leak memory.
6228 573. [bug] The journal files of IXFRed slave zones were
6229 inadvertently discarded on server reload, causing
6230 "journal out of sync with zone" errors on subsequent
6233 572. [bug] Quoted strings were not accepted as key names in
6234 address match lists.
6236 571. [bug] It was possible to create an rdataset of singleton
6237 type which had more than one rdata. [RT #154]
6240 570. [bug] rbtdb.c allowed zones containing nodes which had
6241 both a CNAME and "other data". [RT #154]
6243 569. [func] The DNSSEC AD bit will not be set on queries which
6244 have not requested a DNSSEC response.
6246 568. [func] Add sample simple database drivers in contrib/sdb.
6248 567. [bug] Setting the zone transfer timeout to zero caused an
6249 assertion failure. [RT #302]
6251 566. [func] New public function dns_timer_setidle().
6253 565. [func] Log queries more like BIND 8: query logging is now
6254 done to category "queries", level "info". [RT #169]
6256 564. [func] Add sortlist support to lwresd.
6258 563. [func] New public functions dns_rdatatype_format() and
6259 dns_rdataclass_format(), for convenient formatting
6260 of rdata type/class mnemonics in log messages.
6262 562. [cleanup] Moved lib/dns/*conf.c to bin/named where they belong.
6264 561. [func] The 'datasize', 'stacksize', 'coresize' and 'files'
6265 clauses of the options{} statement are now implemented.
6267 560. [bug] dns_name_split did not properly the resulting prefix
6268 when a maximal length bitstring label was split which
6269 was preceded by another bitstring label. [RT #429]
6271 559. [bug] dns_name_split did not properly create the suffix
6272 when splitting within a maximal length bitstring label.
6274 558. [func] New functions, isc_resource_getlimit and
6275 isc_resource_setlimit.
6277 557. [func] Symbolic constants for libisc integral types.
6279 556. [func] The DNSSEC OK bit in the EDNS extended flags
6280 is now implemented. Responses to queries without
6281 this bit set will not contain any DNSSEC records.
6283 555. [bug] A slave server attempting a zone transfer could
6284 crash with an assertion failure on certain
6285 malformed responses from the master. [RT #457]
6287 554. [bug] In some cases, not all of the dnssec tools were
6290 553. [bug] Incoming zone transfers deferred due to quota
6291 were not started when quota was increased but
6292 only when a transfer in progress finished. [RT #456]
6294 552. [bug] We were not correctly detecting the end of all c-style
6297 551. [func] Implemented the 'sortlist' option.
6299 550. [func] Support unknown rdata types and classes.
6301 549. [bug] "make" did not immediately abort the build when a
6302 subdirectory make failed [RT #450].
6304 548. [func] The lexer now ungets tokens more correctly.
6308 546. [func] Option 'lame-ttl' is now implemented.
6310 545. [func] Name limit and counting options removed from dig;
6311 they didn't work properly, and cannot be correctly
6312 implemented without significant changes.
6314 544. [func] Add statistics option, enable statistics-file option,
6315 add RNDC option "dump-statistics" to write out a
6316 query statistics file.
6318 543. [doc] The 'port' option is now documented.
6320 542. [func] Add support for update forwarding as required for
6321 full compliance with RFC2136. It is turned off
6322 by default and can be enabled using the
6323 'allow-update-forwarding' option.
6325 541. [func] Add bogus server support.
6327 540. [func] Add dialup support.
6329 539. [func] Support the blackhole option.
6331 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo().
6335 536. [func] Use transfer-source{-v6} when sending refresh queries.
6336 Transfer-source{-v6} now take a optional port
6337 parameter for setting the UDP source port. The port
6338 parameter is ignored for TCP.
6340 535. [func] Use transfer-source{-v6} when forwarding update
6343 534. [func] Ancestors have been removed from RBT chains. Ancestor
6344 information can be discerned via node parent pointers.
6346 533. [func] Incorporated name hashing into the RBT database to
6347 improve search speed.
6349 532. [func] Implement DNS UPDATE pseudo records using
6350 DNS_RDATA_UPDATE flag.
6352 531. [func] Rdata really should be initialized before being assigned
6353 to (dns_rdata_fromwire(), dns_rdata_fromtext(),
6354 dns_rdata_clone(), dns_rdata_fromregion()),
6357 530. [func] New function dns_rdata_invalidate().
6359 529. [bug] 521 contained a bug which caused zones to always
6362 528. [func] The ISC_LIST_XXXX macros now perform sanity checks
6363 on their arguments. ISC_LIST_XXXXUNSAFE can be use
6364 to skip the checks however use with caution.
6366 527. [func] New function dns_rdata_clone().
6368 526. [bug] nsupdate incorrectly refused to add RRs with a TTL
6371 525. [func] New arguments 'options' for dns_db_subtractrdataset(),
6372 and 'flags' for dns_rdataslab_subtract() allowing you
6373 to request that the RR's must exist prior to deletion.
6374 DNS_R_NOTEXACT is returned if the condition is not met.
6376 524. [func] The 'forward' and 'forwarders' statement in
6377 non-forward zones should work now.
6379 523. [doc] The source to the Administrator Reference Manual is
6380 now an XML file using the DocBook DTD, and is included
6381 in the distribution. The plain text version of the
6382 ARM is temporarily unavailable while we figure out
6383 how to generate readable plain text from the XML.
6385 522. [func] The lightweight resolver daemon can now use
6386 a real configuration file, and its functionality
6387 can be provided by a name server. Also, the -p and -P
6388 options to lwresd have been reversed.
6390 521. [bug] Detect master files which contain $INCLUDE and always
6393 520. [bug] Upgraded libtool to 1.3.5, which makes shared
6394 library builds almost work on AIX (and possibly
6397 519. [bug] dns_name_split() would improperly split some bitstring
6398 labels, zeroing a few of the least significant bits in
6399 the prefix part. When such an improperly created
6400 prefix was returned to the RBT database, the bogus
6401 label was dutifully stored, corrupting the tree.
6404 518. [bug] The resolver did not realize that a DNAME which was
6405 "the answer" to the client's query was "the answer",
6406 and such queries would fail. [RT #399]
6408 517. [bug] The resolver's DNAME code would trigger an assertion
6409 if there was more than one DNAME in the chain.
6412 516. [bug] Cache lookups which had a NULL node pointer, e.g.
6413 those by dns_view_find(), and which would match a
6414 DNAME, would trigger an INSIST(!search.need_cleanup)
6415 assertion. [RT #399]
6417 515. [bug] The ssu table was not being attached / detached
6418 by dns_zone_[sg]etssutable. [RT#397]
6420 514. [func] Retry refresh and notify queries if they timeout.
6423 513. [func] New functionality added to rdnc and server to allow
6424 individual zones to be refreshed or reloaded.
6426 512. [bug] The zone transfer code could throw an exception with
6427 an invalid IXFR stream.
6429 511. [bug] The message code could throw an assertion on an
6430 out of memory failure. [RT #392]
6432 510. [bug] Remove spurious view notify warning. [RT #376]
6434 509. [func] Add support for write of zone files on shutdown.
6436 508. [func] dns_message_parse() can now do a best-effort
6437 attempt, which should allow dig to print more invalid
6440 507. [func] New functions dns_zone_flush(), dns_zt_flushanddetach()
6441 and dns_view_flushanddetach().
6443 506. [func] Do not fail to start on errors in zone files.
6445 505. [bug] nsupdate was printing "unknown result code". [RT #373]
6447 504. [bug] The zone was not being marked as dirty when updated via
6450 503. [bug] dumptime was not being set along with
6451 DNS_ZONEFLG_NEEDDUMP.
6453 502. [func] On a SERVFAIL reply, DiG will now try the next server
6454 in the list, unless the +fail option is specified.
6456 501. [bug] Incorrect port numbers were being displayed by
6459 500. [func] Nearly useless +details option removed from DiG.
6461 499. [func] In DiG, specifying a class with -c or type with -t
6462 changes command-line parsing so that classes and
6463 types are only recognized if following -c or -t.
6464 This allows hosts with the same name as a class or
6465 type to be looked up.
6467 498. [doc] There is now a man page for "dig"
6468 in doc/man/bin/dig.1.
6470 497. [bug] The error messages printed when an IP match list
6471 contained a network address with a nonzero host
6472 part where not sufficiently detailed. [RT #365]
6474 496. [bug] named didn't sanity check numeric parameters. [RT #361]
6476 495. [bug] nsupdate was unable to handle large records. [RT #368]
6478 494. [func] Do not cache NXDOMAIN responses for SOA queries.
6480 493. [func] Return non-cachable (ttl = 0) NXDOMAIN responses
6481 for SOA queries. This makes it easier to locate
6482 the containing zone without polluting intermediate
6485 492. [bug] attempting to reload a zone caused the server fail
6486 to shutdown cleanly. [RT #360]
6488 491. [bug] nsupdate would segfault when sending certain
6489 prerequisites with empty RDATA. [RT #356]
6491 490. [func] When a slave/stub zone has not yet successfully
6492 obtained an SOA containing the zone's configured
6493 retry time, perform the SOA query retries using
6494 exponential backoff. [RT #337]
6496 489. [func] The zone manager now has a "i/o" queue.
6498 488. [bug] Locks weren't properly destroyed in some cases.
6500 487. [port] flockfile() is not defined on all systems.
6502 486. [bug] nslookup: "set all" and "server" commands showed
6503 the incorrect port number if a port other than 53
6504 was specified. [RT #352]
6506 485. [func] When dig had more than one server to query, it would
6507 send all of the messages at the same time. Add
6508 rate limiting of the transmitted messages.
6510 484. [bug] When the server was reloaded after removing addresses
6511 from the named.conf "listen-on" statement, sockets
6512 were still listening on the removed addresses due
6513 to reference count loops. [RT #325]
6515 483. [bug] nslookup: "set all" showed a "search" option but it
6518 482. [bug] nslookup: a plain "server" or "lserver" should be
6519 treated as a lookup.
6521 481. [bug] nslookup:get_next_command() stack size could exceed
6524 480. [bug] strtok() is not thread safe. [RT #349]
6526 479. [func] The test suite can now be run by typing "make check"
6527 or "make test" at the top level.
6529 478. [bug] "make install" failed if the directory specified with
6530 --prefix did not already exist.
6532 477. [bug] The the isc-config.sh script could be installed before
6533 its directory was created. [RT #324]
6535 476. [bug] A zone could expire while a zone transfer was in
6536 progress triggering a INSIST failure. [RT #329]
6538 475. [bug] query_getzonedb() sometimes returned a non-null version
6539 on failure. This caused assertion failures when
6540 generating query responses where names subject to
6541 additional section processing pointed to a zone
6542 to which access had been denied by means of the
6543 allow-query option. [RT #336]
6545 474. [bug] The mnemonic of the CHAOS class is CH according to
6546 RFC1035, but it was printed and read only as CHAOS.
6547 We now accept both forms as input, and print it
6550 473. [bug] nsupdate overran the end of the list of name servers
6551 when no servers could be reached, typically causing
6552 it to print the error message "dns_request_create:
6555 472. [bug] Off-by-one error caused isc_time_add() to sometimes
6556 produce invalid time values.
6558 471. [bug] nsupdate didn't compile on HP/UX 10.20
6560 470. [func] $GENERATE is now supported. See also
6563 469. [bug] "query-source address * port 53;" now works.
6565 468. [bug] dns_master_load*() failed to report file and line
6566 number in certain error conditions.
6568 467. [bug] dns_master_load*() failed to log an error if
6571 466. [bug] dns_master_load*() could return success when it failed.
6573 465. [cleanup] Allow 0 to be set as an omapi_value_t value by
6574 omapi_value_storeint().
6576 464. [cleanup] Build with openssl's RSA code instead of dnssafe.
6578 463. [bug] nsupdate sent malformed SOA queries to the second
6579 and subsequent name servers in resolv.conf if the
6580 query sent to the first one failed.
6582 462. [bug] --disable-ipv6 should work now.
6584 461. [bug] Specifying an unknown key in the "keys" clause of the
6585 "controls" statement caused a NULL pointer dereference.
6588 460. [bug] Much of the DNSSEC code only worked with class IN.
6590 459. [bug] Nslookup processed the "set" command incorrectly.
6592 458. [bug] Nslookup didn't properly check class and type values.
6595 457. [bug] Dig/host/hslookup didn't properly handle connect
6596 timeouts in certain situations, causing an
6597 unnecessary warning message to be printed.
6599 456. [bug] Stub zones were not resetting the refresh and expire
6600 counters, loadtime or clearing the DNS_ZONE_REFRESH
6601 (refresh in progress) flag upon successful update.
6602 This disabled further refreshing of the stub zone,
6603 causing it to eventually expire. [RT #300]
6605 455. [doc] Document IPv4 prefix notation does not require a
6606 dotted decimal quad but may be just dotted decimal.
6608 454. [bug] Enforce dotted decimal and dotted decimal quad where
6609 documented as such in named.conf. [RT #304, RT #311]
6611 453. [bug] Warn if the obsolete option "maintain-ixfr-base"
6612 is specified in named.conf. [RT #306]
6614 452. [bug] Warn if the unimplemented option "statistics-file"
6615 is specified in named.conf. [RT #301]
6617 451. [func] Update forwarding implemented.
6619 450. [func] New function ns_client_sendraw().
6621 449. [bug] isc_bitstring_copy() only works correctly if the
6622 two bitstrings have the same lsb0 value, but this
6623 requirement was not documented, nor was there a
6626 448. [bug] Host output formatting change, to match v8. [RT #255]
6628 447. [bug] Dig didn't properly retry in TCP mode after
6629 a truncated reply. [RT #277]
6631 446. [bug] Confusing notify log message. [RT #298]
6633 445. [bug] Doing a 0 bit isc_bitstring_copy() of an lsb0
6634 bitstring triggered a REQUIRE statement. The REQUIRE
6635 statement was incorrect. [RT #297]
6637 444. [func] "recursion denied" messages are always logged at
6638 debug level 1, now, rather than sometimes at ERROR.
6639 This silences these warnings in the usual case, where
6640 some clients set the RD bit in all queries.
6642 443. [bug] When loading a master file failed because of an
6643 unrecognized RR type name, the error message
6644 did not include the file name and line number.
6647 442. [bug] TSIG signed messages that did not match any view
6648 crashed the server. [RT #290]
6650 441. [bug] Nodes obscured by a DNAME were inaccessible even
6651 when DNS_DBFIND_GLUEOK was set.
6653 440. [func] New function dns_zone_forwardupdate().
6655 439. [func] New function dns_request_createraw().
6657 438. [func] New function dns_message_getrawmessage().
6659 437. [func] Log NOTIFY activity to the notify channel.
6661 436. [bug] If recvmsg() returned EHOSTUNREACH or ENETUNREACH,
6662 which sometimes happens on Linux, named would enter
6663 a busy loop. Also, unexpected socket errors were
6664 not logged at a high enough logging level to be
6665 useful in diagnosing this situation. [RT #275]
6667 435. [bug] dns_zone_dump() overwrote existing zone files
6668 rather than writing to a temporary file and
6669 renaming. This could lead to empty or partial
6670 zone files being left around in certain error
6671 conditions involving the initial transfer of a
6672 slave zone, interfering with subsequent server
6675 434. [func] New function isc_file_isabsolute().
6677 433. [func] isc_base64_decodestring() now accepts newlines
6678 within the base64 data. This makes it possible
6679 to break up the key data in a "trusted-keys"
6680 statement into multiple lines. [RT #284]
6682 432. [func] Added refresh/retry jitter. The actual refresh/
6683 retry time is now a random value between 75% and
6684 100% of the configured value.
6686 431. [func] Log at ISC_LOG_INFO when a zone is successfully
6689 430. [bug] Rewrote the lightweight resolver client management
6690 code to handle shutdown correctly and general
6693 429. [bug] The space reserved for a TSIG record in a response
6694 was 2 bytes too short, leading to message
6695 generation failures.
6697 428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
6698 DNS_R_BADDB for nodes which had neither NXT nor SIG NXT
6699 (e.g. glue). This could cause SERVFAILs when
6700 generating negative responses in a secure zone.
6702 427. [bug] Avoid going into an infinite loop when the validator
6703 gets a negative response to a key query where the
6704 records are signed by the missing key.
6706 426. [bug] Attempting to generate an oversized RSA key could
6707 cause dnssec-keygen to dump core.
6709 425. [bug] Warn about the auth-nxdomain default value change
6710 if there is no auth-nxdomain statement in the
6711 config file. [RT #287]
6713 424. [bug] notify_createmessage() could trigger an assertion
6714 failure when creating the notify message failed,
6715 e.g. due to corrupt zones with multiple SOA records.
6718 423. [bug] When responding to a recursive query, errors that occur
6719 after following a CNAME should cause the query to fail.
6722 422. [func] get rid of isc_random_t, and make isc_random_get()
6723 and isc_random_jitter() use rand() internally
6724 instead of local state. Note that isc_random_*()
6725 functions are only for weak, non-critical "randomness"
6726 such as timing jitter and such.
6728 421. [bug] nslookup would exit when given a blank line as input.
6730 420. [bug] nslookup failed to implement the "exit" command.
6732 419. [bug] The certificate type PKIX was misspelled as SKIX.
6734 418. [bug] At debug levels >= 10, getting an unexpected
6735 socket receive error would crash the server
6736 while trying to log the error message.
6738 417. [func] Add isc_app_block() and isc_app_unblock(), which
6739 allow an application to handle signals while
6742 416. [bug] Slave zones with no master file tried to use a
6743 NULL pointer for a journal file name when they
6744 received an IXFR. [RT #273]
6746 415. [bug] The logging code leaked file descriptors.
6748 414. [bug] Server did not shut down until all incoming zone
6749 transfers were finished.
6751 413. [bug] Notify could attempt to use the zone database after
6752 it had been unloaded. [RT#267]
6754 412. [bug] named -v didn't print the version.
6756 411. [bug] A typo in the HS A code caused an assertion failure.
6758 410. [bug] lwres_gethostbyname() and company set lwres_h_errno
6759 to a random value on success.
6761 409. [bug] If named was shut down early in the startup
6762 process, ns_omapi_shutdown() would attempt to lock
6763 an uninitialized mutex. [RT #262]
6765 408. [bug] stub zones could leak memory and reference counts if
6766 all the masters were unreachable.
6768 407. [bug] isc_rwlock_lock() would needlessly block
6769 readers when it reached the read quota even
6770 if no writers were waiting.
6772 406. [bug] Log messages were occasionally lost or corrupted
6773 due to a race condition in isc_log_doit().
6775 405. [func] Add support for selective forwarding (forward zones)
6777 404. [bug] The request library didn't completely work with IPv6.
6779 403. [bug] "host" did not use the search list.
6781 402. [bug] Treat undefined acls as errors, rather than
6782 warning and then later throwing an assertion.
6785 401. [func] Added simple database API.
6787 400. [bug] SIG(0) signing and verifying was done incorrectly.
6790 399. [bug] When reloading the server with a config file
6791 containing a syntax error, it could catch an
6792 assertion failure trying to perform zone
6793 maintenance on, or sending notifies from,
6794 tentatively created zones whose views were
6795 never fully configured and lacked an address
6796 database and request manager.
6798 398. [bug] "dig" sometimes caught an assertion failure when
6799 using TSIG, depending on the key length.
6801 397. [func] Added utility functions dns_view_gettsig() and
6802 dns_view_getpeertsig().
6804 396. [doc] There is now a man page for "nsupdate"
6805 in doc/man/bin/nsupdate.8.
6807 395. [bug] nslookup printed incorrect RR type mnemonics
6808 for RRs of type >= 21 [RT #237].
6810 394. [bug] Current name was not propagated via $INCLUDE.
6812 393. [func] Initial answer while loading (awl) support.
6813 Entry points: dns_master_loadfileinc(),
6814 dns_master_loadstreaminc(), dns_master_loadbufferinc().
6815 Note: calls to dns_master_load*inc() should be rate
6816 be rate limited so as to not use up all file
6819 392. [func] Add ISC_R_FAMILYNOSUPPORT. Returned when OS does
6820 not support the given address family requested.
6822 391. [clarity] ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH.
6824 390. [func] The function dns_zone_setdbtype() now takes
6825 an argc/argv style vector of words and sets
6826 both the zone database type and its arguments,
6827 making the functions dns_zone_adddbarg()
6828 and dns_zone_cleardbargs() unnecessary.
6830 389. [bug] Attempting to send a request over IPv6 using
6831 dns_request_create() on a system without IPv6
6832 support caused an assertion failure [RT #235].
6834 388. [func] dig and host can now do reverse ipv6 lookups.
6836 387. [func] Add dns_byaddr_createptrname(), which converts
6837 an address into the name used by a PTR query.
6839 386. [bug] Missing strdup() of ACL name caused random
6840 ACL matching failures [RT #228].
6842 385. [cleanup] Removed functions dns_zone_equal(), dns_zone_print(),
6845 384. [bug] nsupdate was incorrectly limiting TTLs to 65535 instead
6848 383. [func] When writing a master file, print the SOA and NS
6849 records (and their SIGs) before other records.
6851 382. [bug] named -u failed on many Linux systems where the
6852 libc provided kernel headers do not match
6855 381. [bug] Check for IPV6_RECVPKTINFO and use it instead of
6856 IPV6_PKTINFO if found. [RT #229]
6858 380. [bug] nsupdate didn't work with IPv6.
6860 379. [func] New library function isc_sockaddr_anyofpf().
6862 378. [func] named and lwresd will log the command line arguments
6863 they were started with in the "starting ..." message.
6865 377. [bug] When additional data lookups were refused due to
6866 "allow-query", the databases were still being
6867 attached causing reference leaks.
6869 376. [bug] The server should always use good entropy when
6870 performing cryptographic functions needing entropy.
6872 375. [bug] Per-zone "allow-query" did not properly override the
6873 view/global one for CNAME targets and additional
6876 374. [bug] SOA in authoritative negative responses had wrong TTL.
6878 373. [func] nslookup is now installed by "make install".
6880 372. [bug] Deal with Microsoft DNS servers appending two bytes of
6881 garbage to zone transfer requests.
6883 371. [bug] At high debug levels, doing an outgoing zone transfer
6884 of a very large RRset could cause an assertion failure
6887 370. [bug] The error messages for roll-forward failures were
6890 369. [func] Support new named.conf options, view and zone
6893 max-retry-time, min-retry-time,
6894 max-refresh-time, min-refresh-time.
6896 368. [func] Restructure the internal ".bind" view so that more
6897 zones can be added to it.
6899 367. [bug] Allow proper selection of server on nslookup command
6902 366. [func] Allow use of '-' batch file in dig for stdin.
6904 365. [bug] nsupdate -k leaked memory.
6906 364. [func] Added additional-from-{cache,auth}
6910 362. [bug] rndc no longer aborts if the configuration file is
6911 missing an options statement. [RT #209]
6913 361. [func] When the RBT find or chain functions set the name and
6914 origin for a node that stores the root label
6915 the name is now set to an empty name, instead of ".",
6916 to simplify later use of the name and origin by
6917 dns_name_concatenate(), dns_name_totext() or
6920 360. [func] dns_name_totext() and dns_name_format() now allow
6921 an empty name to be passed, which is formatted as "@".
6923 359. [bug] dnssec-signzone occasionally signed glue records.
6925 358. [cleanup] Rename the intermediate files used by the dnssec
6928 357. [bug] The zone file parser crashed if the argument
6929 to $INCLUDE was a quoted string.
6931 356. [cleanup] isc_task_send no longer requires event->sender to
6934 355. [func] Added isc_dir_createunique(), similar to mkdtemp().
6936 354. [doc] Man pages for the dnssec tools are now included in
6937 the distribution, in doc/man/dnssec.
6939 353. [bug] double increment in lwres/gethost.c:copytobuf().
6942 352. [bug] Race condition in dns_client_t startup could cause
6943 an assertion failure.
6945 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG
6946 signed query could crash the server.
6948 350. [bug] Also-notify lists specified in the global options
6949 block were not correctly reference counted, causing
6952 349. [bug] Processing a query with the CD bit set now works
6955 348. [func] New boolean named.conf options 'additional-from-auth'
6956 and 'additional-from-cache' now supported in view and
6957 global options statement.
6959 347. [bug] Don't crash if an argument is left off options in dig.
6963 345. [bug] Large-scale changes/cleanups to dig:
6964 * Significantly improve structure handling
6965 * Don't pre-load entire batch files
6966 * Add name/rr counting/limiting
6967 * Fix SIGINT handling
6968 * Shorten timeouts to match v8's behavior
6970 344. [bug] When shutting down, lwresd sometimes tried
6971 to shut down its client tasks twice,
6972 triggering an assertion.
6974 343. [bug] Although zone maintenance SOA queries and
6975 notify requests were signed with TSIG keys
6976 when configured for the server in case,
6977 the TSIG was not verified on the response.
6979 342. [bug] The wrong name was being passed to
6980 dns_name_dup() when generating a TSIG
6983 341. [func] Support 'key' clause in named.conf zone masters
6984 statement to allow authentication via TSIG keys:
6987 10.0.0.1 port 5353 key "foo";
6991 340. [bug] The top-level COPYRIGHT file was missing from
6994 339. [bug] DNSSEC validation of the response to an ANY
6995 query at a name with a CNAME RR in a secure
6996 zone triggered an assertion failure.
6998 338. [bug] lwresd logged to syslog as named, not lwresd.
7000 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type
7001 on the command line.
7003 336. [bug] "dig -f" used 64 k of memory for each line in
7004 the file. It now uses much less, though still
7005 proportionally to the file size.
7007 335. [bug] named would occasionally attempt recursion when
7008 it was disallowed or undesired.
7010 334. [func] Added hmac-md5 to libisc.
7012 333. [bug] The resolver incorrectly accepted referrals to
7013 domains that were not parents of the query name,
7014 causing assertion failures.
7016 332. [func] New function dns_name_reset().
7018 331. [bug] Only log "recursion denied" if RD is set. [RT #178]
7020 330. [bug] Many debugging messages were partially formatted
7021 even when debugging was turned off, causing a
7022 significant decrease in query performance.
7024 329. [func] omapi_auth_register() now takes a size_t argument for
7025 the length of a key's secret data. Previously
7026 OMAPI only stored secrets up to the first NUL byte.
7028 328. [func] Added isc_base64_decodestring().
7030 327. [bug] rndc.conf parser wasn't correctly recognizing an IP
7031 address where a host specification was required.
7033 326. [func] 'keys' in an 'inet' control statement is now
7034 required and must have at least one item in it.
7035 A "not supported" warning is now issued if a 'unix'
7036 control channel is defined.
7038 325. [bug] isc_lex_gettoken was processing octal strings when
7039 ISC_LEXOPT_CNUMBER was not set.
7041 324. [func] In the resolver, turn EDNS0 off if there is no
7042 response after a number of retransmissions.
7043 This is to allow queries some chance of succeeding
7044 even if all the authoritative servers of a zone
7045 silently discard EDNS0 requests instead of
7046 sending an error response like they ought to.
7048 323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
7049 Because of this, servers authoritative for a parent
7050 and grandchild zone but not authoritative for the
7051 intervening child zone did not correctly issue
7052 referrals to the servers of the child zone.
7054 322. [bug] Queries for KEY RRs are now sent to the parent
7055 server before the authoritative one, making
7056 DNSSEC insecurity proofs work in many cases
7057 where they previously didn't.
7059 321. [bug] When synthesizing a CNAME RR for a DNAME
7060 response, query_addcname() failed to initialize
7061 the type and class of the CNAME dns_rdata_t,
7062 causing random failures.
7064 320. [func] Multiple rndc changes: parses an rndc.conf file,
7065 uses authentication to talk to named, command
7066 line syntax changed. This will all be described
7069 319. [func] The named.conf "controls" statement is now used
7070 to configure the OMAPI command channel.
7072 318. [func] dns_c_ndcctx_destroy() could never return anything
7073 except ISC_R_SUCCESS; made it have void return instead.
7075 317. [func] Use callbacks from libomapi to determine if a
7076 new connection is valid, and if a key requested
7077 to be used with that connection is valid.
7079 316. [bug] Generate a warning if we detect an unexpected <eof>
7080 but treat as <eol><eof>.
7082 315. [bug] Handle non-empty blanks lines. [RT #163]
7084 314. [func] The named.conf controls statement can now have
7085 more than one key specified for the inet clause.
7087 313. [bug] When parsing resolv.conf, don't terminate on an
7088 error. Instead, parse as much as possible, but
7089 still return an error if one was found.
7091 312. [bug] Increase the number of allowed elements in the
7092 resolv.conf search path from 6 to 8. If there
7093 are more than this, ignore the remainder rather
7094 than returning a failure in lwres_conf_parse.
7096 311. [bug] lwres_conf_parse failed when the first line of
7097 resolv.conf was empty or a comment.
7099 310. [func] Changes to named.conf "controls" statement (inet
7102 - support "keys" clause
7106 allow { any; } keys { "foo"; }
7109 - allow "port xxx" to be left out of statement,
7110 in which case it defaults to omapi's default port
7113 309. [bug] When sending a referral, the server did not look
7114 for name server addresses as glue in the zone
7115 holding the NS RRset in the case where this zone
7116 was not the same as the one where it looked for
7117 name server addresses as authoritative data.
7119 308. [bug] Treat a SOA record not at top of zone as an error
7120 when loading a zone. [RT #154]
7122 307. [bug] When canceling a query, the resolver didn't check for
7123 isc_socket_sendto() calls that did not yet have their
7124 completion events posted, so it could (rarely) end up
7125 destroying the query context and then want to use
7126 it again when the send event posted, triggering an
7127 assertion as it tried to cancel an already-canceled
7130 306. [bug] Reading HMAC-MD5 private key files didn't work.
7132 305. [bug] When reloading the server with a config file
7133 containing a syntax error, it could catch an
7134 assertion failure trying to perform zone
7135 maintenance on tentatively created zones whose
7136 views were never fully configured and lacked
7137 an address database.
7139 304. [bug] If more than LWRES_CONFMAXNAMESERVERS servers
7140 are listed in resolv.conf, silently ignore them
7141 instead of returning failure.
7143 303. [bug] Add additional sanity checks to differentiate a AXFR
7144 response vs a IXFR response. [RT #157]
7146 302. [bug] In dig, host, and nslookup, MXNAME should be large
7147 enough to hold any legal domain name in presentation
7148 format + terminating NULL.
7150 301. [bug] Uninitialized pointer in host:printmessage(). [RT #159]
7152 300. [bug] Using both <isc/net.h> and <lwres/net.h> didn't work
7153 on platforms lacking IPv6 because each included their
7154 own ipv6 header file for the missing definitions. Now
7155 each library's ipv6.h defines the wrapper symbol of
7156 the other (ISC_IPV6_H and LWRES_IPV6_H).
7158 299. [cleanup] Get the user and group information before changing the
7159 root directory, so the administrator does not need to
7160 keep a copy of the user and group databases in the
7161 chroot'ed environment. Suggested by Hakan Olsson.
7163 298. [bug] A mutex deadlock occurred during shutdown of the
7164 interface manager under certain conditions.
7165 Digital Unix systems were the most affected.
7167 297. [bug] Specifying a key name that wasn't fully qualified
7168 in certain parts of the config file could cause
7169 an assertion failure.
7171 296. [bug] "make install" from a separate build directory
7172 failed unless configure had been run in the source
7175 295. [bug] When invoked with type==CNAME and a message
7176 not constructed by dns_message_parse(),
7177 dns_message_findname() failed to find anything
7178 due to checking for attribute bits that are set
7179 only in dns_message_parse(). This caused an
7180 infinite loop when constructing the response to
7181 an ANY query at a CNAME in a secure zone.
7183 294. [bug] If we run out of space in while processing glue
7184 when reading a master file and commit "current name"
7185 reverts to "name_current" instead of staying as
7188 293. [port] Add support for FreeBSD 4.0 system tests.
7190 292. [bug] Due to problems with the way some operating systems
7191 handle simultaneous listening on IPv4 and IPv6
7192 addresses, the server no longer listens on IPv6
7193 addresses by default. To revert to the previous
7194 behavior, specify "listen-on-v6 { any; };" in
7197 291. [func] Caching servers no longer send outgoing queries
7198 over TCP just because the incoming recursive query
7201 290. [cleanup] +twiddle option to dig (for testing only) removed.
7203 289. [cleanup] dig is now installed in $bindir instead of $sbindir.
7204 host is now installed in $bindir. (Be sure to remove
7205 any $sbindir/dig from a previous release.)
7207 288. [func] rndc is now installed by "make install" into $sbindir.
7209 287. [bug] rndc now works again as "rndc 127.1 reload" (for
7210 only that task). Parsing its configuration file and
7211 using digital signatures for authentication has been
7212 disabled until named supports the "controls" statement,
7215 286. [bug] On Solaris 2, when named inherited a signal state
7216 where SIGHUP had the SIG_IGN action, SIGHUP would
7217 be ignored rather than causing the server to reload
7220 285. [bug] A change made to the dst API for beta4 inadvertently
7221 broke OMAPI's creation of a dst key from an incoming
7222 message, causing an assertion to be triggered. Fixed.
7224 284. [func] The DNSSEC key generation and signing tools now
7225 generate randomness from keyboard input on systems
7226 that lack /dev/random.
7228 283. [cleanup] The 'lwresd' program is now a link to 'named'.
7230 282. [bug] The lexer now returns ISC_R_RANGE if parsed integer is
7231 too big for an unsigned long.
7233 281. [bug] Fixed list of recognized config file category names.
7235 280. [func] Add isc-config.sh, which can be used to more
7236 easily build applications that link with
7239 279. [bug] Private omapi function symbols shared between
7240 two or more files in libomapi.a were not namespace
7241 protected using the ISC convention of starting with
7242 the library name and two underscores ("omapi__"...)
7244 278. [bug] bin/named/logconf.c:category_fromconf() didn't take
7245 note of when isc_log_categorybyname() wasn't able
7246 to find the category name and would then apply the
7247 channel list of the unknown category to all categories.
7249 277. [bug] isc_log_categorybyname() and isc_log_modulebyname()
7250 would fail to find the first member of any category
7251 or module array apart from the internal defaults.
7252 Thus, for example, the "notify" category was improperly
7253 configured by named.
7255 276. [bug] dig now supports maximum sized TCP messages.
7257 275. [bug] The definition of lwres_gai_strerror() was missing
7260 274. [bug] TSIG AXFR verify failed when talking to a BIND 8
7263 273. [func] The default for the 'transfer-format' option is
7264 now 'many-answers'. This will break zone transfers
7265 to BIND 4.9.5 and older unless there is an explicit
7266 'one-answer' configuration.
7268 272. [bug] The sending of large TCP responses was canceled
7269 in mid-transmission due to a race condition
7270 caused by the failure to set the client object's
7271 "newstate" variable correctly when transitioning
7272 to the "working" state.
7274 271. [func] Attempt to probe the number of cpus in named
7275 if unspecified rather than defaulting to 1.
7277 270. [func] Allow maximum sized TCP answers.
7279 269. [bug] Failed DNSSEC validations could cause an assertion
7280 failure by causing clone_results() to be called with
7281 with hevent->node == NULL.
7283 268. [doc] A plain text version of the Administrator
7284 Reference Manual is now included in the distribution,
7285 as doc/arm/Bv9ARM.txt.
7287 267. [func] Nsupdate is now provided in the distribution.
7289 266. [bug] zone.c:save_nsrrset() node was not initialized.
7291 265. [bug] dns_request_create() now works for TCP.
7293 264. [func] Dispatch can not take TCP sockets in connecting
7294 state. Set DNS_DISPATCHATTR_CONNECTED when calling
7295 dns_dispatch_createtcp() for connected TCP sockets
7296 or call dns_dispatch_starttcp() when the socket is
7299 263. [func] New logging channel type 'stderr'
7306 262. [bug] 'master' was not initialized in zone.c:stub_callback().
7308 261. [func] Add dns_zone_markdirty().
7310 260. [bug] Running named as a non-root user failed on Linux
7311 kernels new enough to support retaining capabilities
7314 259. [func] New random-device and random-seed-file statements
7315 for global options block of named.conf. Both accept
7316 a single string argument.
7318 258. [bug] Fixed printing of lwres_addr_t.address field.
7320 257. [bug] The server detached the last zone manager reference
7321 too early, while it could still be in use by queries.
7322 This manifested itself as assertion failures during the
7323 shutdown process for busy name servers. [RT #133]
7325 256. [func] isc_ratelimiter_t now has attach/detach semantics, and
7326 isc_ratelimiter_shutdown guarantees that the rate
7327 limiter is detached from its task.
7329 255. [func] New function dns_zonemgr_attach().
7331 254. [bug] Suppress "query denied" messages on additional data
7334 --- 9.0.0b4 released ---
7336 253. [func] resolv.conf parser now recognizes ';' and '#' as
7337 comments (anywhere in line, not just as the beginning).
7339 252. [bug] resolv.conf parser mishandled masks on sortlists.
7340 It also aborted when an unrecognized keyword was seen,
7341 now it silently ignores the entire line.
7343 251. [bug] lwresd caught an assertion failure on startup.
7345 250. [bug] fixed handling of size+unit when value would be too
7346 large for internal representation.
7348 249. [cleanup] max-cache-size config option now takes a size-spec
7349 like 'datasize', except 'default' is not allowed.
7351 248. [bug] global lame-ttl option was not being printed when
7352 config structures were written out.
7354 247. [cleanup] Rename cache-size config option to max-cache-size.
7356 246. [func] Rename global option cachesize to cache-size and
7357 add corresponding option to view statement.
7359 245. [bug] If an uncompressed name will take more than 255
7360 bytes and the buffer is sufficiently long,
7361 dns_name_fromwire should return DNS_R_FORMERR,
7362 not ISC_R_NOSPACE. This bug caused cause the
7363 server to catch an assertion failure when it
7364 received a query for a name longer than 255
7367 244. [bug] empty named.conf file and empty options statement are
7368 now parsed properly.
7370 243. [func] new cachesize option for named.conf
7372 242. [cleanup] fixed incorrect warning about auth-nxdomain usage.
7374 241. [cleanup] nscount and soacount have been removed from the
7375 dns_master_*() argument lists.
7377 240. [func] databases now come in three flavours: zone, cache
7380 239. [func] If ISC_MEM_DEBUG is enabled, the variable
7381 isc_mem_debugging controls whether messages
7384 238. [cleanup] A few more compilation warnings have been quieted:
7385 + missing sigwait prototype on BSD/OS 4.0/4.0.1.
7386 + PTHREAD_ONCE_INIT unbraced initializer warnings on
7388 + IN6ADDR_ANY_INIT unbraced initializer warnings on
7389 BSD/OS 4.*, Linux and Solaris 2.8.
7391 237. [bug] If connect() returned ENOBUFS when the resolver was
7392 initiating a TCP query, the socket didn't get
7393 destroyed, and the server did not shut down cleanly.
7395 236. [func] Added new listen-on-v6 config file statement.
7397 235. [func] Consider it a config file error if a listen-on
7398 statement has an IPv6 address in it, or a
7399 listen-on-v6 statement has an IPv4 address in it.
7401 234. [bug] Allow a trusted-key's first field (domain-name) be
7402 either a quoted or an unquoted string, instead of
7403 requiring a quoted string.
7405 233. [cleanup] Convert all config structure integer values to unsigned
7406 integer (isc_uint32_t) to match grammar.
7408 232. [bug] Allow slave zones to not have a file.
7410 231. [func] Support new 'port' clause in config file options
7411 section. Causes 'listen-on', 'masters' and
7412 'also-notify' statements to use its value instead of
7415 230. [func] Replace the dst sign/verify API with a cleaner one.
7417 229. [func] Support config file sig-validity-interval statement
7418 in options, views and zone statements (master
7421 228. [cleanup] Logging messages in config module stripped of
7424 227. [cleanup] The enumerated identifiers dns_rdataclass_*,
7425 dns_rcode_*, dns_opcode_*, and dns_trust_* are
7426 also now cast to their appropriate types, as with
7427 dns_rdatatype_* in item number 225 below.
7429 226. [func] dns_name_totext() now always prints the root name as
7430 '.', even when omit_final_dot is true.
7432 225. [cleanup] The enumerated dns_rdatatype_* identifiers are now
7433 cast to dns_rdatatype_t via macros of their same name
7434 so that they are of the proper integral type wherever
7435 a dns_rdatatype_t is needed.
7437 224. [cleanup] The entire project builds cleanly with gcc's
7438 -Wcast-qual and -Wwrite-strings warnings enabled,
7439 which is now the default when using gcc. (Warnings
7440 from confparser.c, because of yacc's code, are
7441 unfortunately to be expected.)
7443 223. [func] Several functions were re-prototyped to qualify one
7444 or more of their arguments with "const". Similarly,
7445 several functions that return pointers now have
7446 those pointers qualified with const.
7448 222. [bug] The global 'also-notify' option was ignored.
7450 221. [bug] An uninitialized variable was sometimes passed to
7451 dns_rdata_freestruct() when loading a zone, causing
7452 an assertion failure.
7454 220. [cleanup] Set the default outgoing port in the view, and
7455 set it in sockaddrs returned from the ADB.
7456 [31-May-2000 explorer]
7458 219. [bug] Signed truncated messages more correctly follow
7459 the respective specs.
7461 218. [func] When an rdataset is signed, its ttl is normalized
7462 based on the signature validity period.
7464 217. [func] Also-notify and trusted-keys can now be used in
7465 the 'view' statement.
7467 216. [func] The 'max-cache-ttl' and 'max-ncache-ttl' options
7470 215. [bug] Failures at certain points in request processing
7471 could cause the assertion INSIST(client->lockview
7472 == NULL) to be triggered.
7474 214. [func] New public function isc_netaddr_format(), for
7475 formatting network addresses in log messages.
7477 213. [bug] Don't leak memory when reloading the zone if
7478 an update-policy clause was present in the old zone.
7480 212. [func] Added dns_message_get/settsigkey, to make TSIG
7481 key management reasonable.
7483 211. [func] The 'key' and 'server' statements can now occur
7484 inside 'view' statements.
7486 210. [bug] The 'allow-transfer' option was ignored for slave
7487 zones, and the 'transfers-per-ns' option was
7488 was ignored for all zones.
7490 209. [cleanup] Upgraded openssl files to new version 0.9.5a
7492 208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value
7495 207. [func] The dnssec tools properly use the logging subsystem.
7497 206. [cleanup] dst now stores the key name as a dns_name_t, not
7500 205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692
7501 ("prototyped function redeclared without prototype")
7502 and 1552 ("variable ... set but not used") when
7503 compiling in the lib/dns/sec/{dnssafe,openssl}
7504 directories, which contain code imported from outside
7507 204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
7508 to quiet the warnings that "The linked output may not
7509 run on a PA 1.x system."
7511 203. [func] notify and zone soa queries are now tsig signed when
7514 202. [func] isc_lex_getsourceline() changed from returning int
7515 to returning unsigned long, the type of its underlying
7518 201. [cleanup] Removed the test/sdig program, it has been
7519 replaced by bin/dig/dig.
7521 --- 9.0.0b3 released ---
7523 200. [bug] Failures in sending query responses to clients
7524 (e.g., running out of network buffers) were
7527 199. [bug] isc_heap_delete() sometimes violated the heap
7528 invariant, causing timer events not to be posted
7531 198. [func] Dispatch managers hold memory pools which
7532 any managed dispatcher may use. This allows
7533 us to avoid dipping into the memory context for
7534 most allocations. [19-May-2000 explorer]
7536 197. [bug] When an incoming AXFR or IXFR completes, the
7537 zone's internal state is refreshed from the
7538 SOA data. [19-May-2000 explorer]
7540 196. [func] Dispatchers can be shared easily between views
7541 and/or interfaces. [19-May-2000 explorer]
7543 195. [bug] Including the NXT record of the root domain
7544 in a negative response caused an assertion
7547 194. [doc] The PDF version of the Administrator's Reference
7548 Manual is no longer included in the ISC BIND9
7551 193. [func] changed dst_key_free() prototype.
7553 192. [bug] Zone configuration validation is now done at end
7554 of config file parsing, and before loading
7557 191. [func] Patched to compile on UnixWare 7.x. This platform
7558 is not directly supported by the ISC.
7560 190. [cleanup] The DNSSEC tools have been moved to a separate
7561 directory dnssec/ and given the following new,
7562 more descriptive names:
7569 Their command line arguments have also been changed to
7570 be more consistent. dnssec-keygen now prints the
7571 name of the generated key files (sans extension)
7572 on standard output to simplify its use in automated
7575 189. [func] isc_time_secondsastimet(), a new function, will ensure
7576 that the number of seconds in an isc_time_t does not
7577 exceed the range of a time_t, or return ISC_R_RANGE.
7578 Similarly, isc_time_now(), isc_time_nowplusinterval(),
7579 isc_time_add() and isc_time_subtract() now check the
7580 range for overflow/underflow. In the case of
7581 isc_time_subtract, this changed a calling requirement
7582 (ie, something that could generate an assertion)
7583 into merely a condition that returns an error result.
7584 isc_time_add() and isc_time_subtract() were void-
7585 valued before but now return isc_result_t.
7587 188. [func] Log a warning message when an incoming zone transfer
7588 contains out-of-zone data.
7590 187. [func] isc_ratelimiter_enqueue() has an additional argument
7593 186. [func] dns_request_getresponse() has an additional argument
7596 185. [bug] Fixed up handling of ISC_MEMCLUSTER_LEGACY. Several
7597 public functions did not have an isc__ prefix, and
7598 referred to functions that had previously been
7601 184. [cleanup] Variables/functions which began with two leading
7602 underscores were made to conform to the ANSI/ISO
7603 standard, which says that such names are reserved.
7605 183. [func] ISC_LOG_PRINTTAG option for log channels. Useful
7606 for logging the program name or other identifier.
7608 182. [cleanup] New command-line parameters for dnssec tools
7610 181. [func] Added dst_key_buildfilename and dst_key_parsefilename
7612 180. [func] New isc_result_t ISC_R_RANGE. Supersedes DNS_R_RANGE.
7614 179. [func] options named.conf statement *must* now come
7615 before any zone or view statements.
7617 178. [func] Post-load of named.conf check verifies a slave zone
7618 has non-empty list of masters defined.
7620 177. [func] New per-zone boolean:
7622 enable-zone yes | no ;
7624 intended to let a zone be disabled without having
7625 to comment out the entire zone statement.
7627 176. [func] New global and per-view option:
7629 max-cache-ttl number
7631 175. [func] New global and per-view option:
7633 additional-data internal | minimal | maximal;
7635 174. [func] New public function isc_sockaddr_format(), for
7636 formatting socket addresses in log messages.
7638 173. [func] Keep a queue of zones waiting for zone transfer
7639 quota so that a new transfer can be dispatched
7640 immediately whenever quota becomes available.
7642 172. [bug] $TTL directive was sometimes missing from dumped
7643 master files because totext_ctx_init() failed to
7644 initialize ctx->current_ttl_valid.
7646 171. [cleanup] On NetBSD systems, the mit-pthreads or
7647 unproven-pthreads library is now always used
7648 unless --with-ptl2 is explicitly specified on
7649 the configure command line. The
7650 --with-mit-pthreads option is no longer needed
7651 and has been removed.
7653 170. [cleanup] Remove inter server consistency checks from zone,
7654 these should return as a separate module in 9.1.
7655 dns_zone_checkservers(), dns_zone_checkparents(),
7656 dns_zone_checkchildren(), dns_zone_checkglue().
7658 Remove dns_zone_setadb(), dns_zone_setresolver(),
7659 dns_zone_setrequestmgr() these should now be found
7662 169. [func] ratelimiter can now process N events per interval.
7664 168. [bug] include statements in named.conf caused syntax errors
7665 due to not consuming the semicolon ending the include
7666 statement before switching input streams.
7668 167. [bug] Make lack of masters for a slave zone a soft error.
7670 166. [bug] Keygen was overwriting existing keys if key_id
7671 conflicted, now it will retry, and non-null keys
7672 with key_id == 0 are not generated anymore. Key
7673 was not able to generate NOAUTHCONF DSA key,
7674 increased RSA key size to 2048 bits.
7676 165. [cleanup] Silence "end-of-loop condition not reached" warnings
7677 from Solaris compiler.
7679 164. [func] Added functions isc_stdio_open(), isc_stdio_close(),
7680 isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(),
7681 isc_stdio_flush(), isc_stdio_sync(), isc_file_remove()
7682 to encapsulate nonportable usage of errno and sync.
7684 163. [func] Added result codes ISC_R_FILENOTFOUND and
7687 162. [bug] Ensure proper range for arguments to ctype.h functions.
7689 161. [cleanup] error in yyparse prototype that only HPUX caught.
7691 160. [cleanup] getnet*() are not going to be implemented at this
7694 159. [func] Redefinition of config file elements is now an
7695 error (instead of a warning).
7697 158. [bug] Log channel and category list copy routines
7698 weren't assigning properly to output parameter.
7700 157. [port] Fix missing prototype for getopt().
7702 156. [func] Support new 'database' statement in zone.
7704 database "quoted-string";
7706 155. [bug] ns_notify_start() was not detaching the found zone.
7708 154. [func] The signer now logs libdns warnings to stderr even when
7709 not verbose, and in a nicer format.
7711 153. [func] dns_rdata_tostruct() 'mctx' is now optional. If 'mctx'
7712 is NULL then you need to preserve the 'rdata' until
7713 you have finished using the structure as there may be
7714 references to the associated memory. If 'mctx' is
7715 non-NULL it is guaranteed that there are no references
7716 to memory associated with 'rdata'.
7718 dns_rdata_freestruct() must be called if 'mctx' was
7719 non-NULL and may safely be called if 'mctx' was NULL.
7721 152. [bug] keygen dumped core if domain name argument was omitted
7724 151. [func] Support 'disabled' statement in zone config (causes
7725 zone to be parsed and then ignored). Currently must
7726 come after the 'type' clause.
7728 150. [func] Support optional ports in masters and also-notify
7731 masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
7733 149. [cleanup] Removed unused argument 'olist' from
7734 dns_c_view_unsetordering().
7736 148. [cleanup] Stop issuing some warnings about some configuration
7737 file statements that were not implemented, but now are.
7739 147. [bug] Changed yacc union size to be smaller for yaccs that
7740 put yacc-stack on the real stack.
7742 146. [cleanup] More general redundant header file cleanup. Rather
7743 than continuing to itemize every header which changed,
7744 this changelog entry just notes that if a header file
7745 did not need another header file that it was including
7746 in order to provide its advertised functionality, the
7747 inclusion of the other header file was removed. See
7748 util/check-includes for how this was tested.
7750 145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
7751 ISC_LANG_ENDDECLS to header files that had function
7752 prototypes, and removed it from those that did not.
7754 144. [cleanup] libdns header files too numerous to name were made
7755 to conform to the same style for multiple inclusion
7758 143. [func] Added function dns_rdatatype_isknown().
7760 142. [cleanup] <isc/stdtime.h> does not need <time.h> or
7763 141. [bug] Corrupt requests with multiple questions could
7764 cause an assertion failure.
7766 140. [cleanup] <isc/time.h> does not need <time.h> or <isc/result.h>.
7768 139. [cleanup] <isc/net.h> now includes <isc/types.h> instead of
7769 <isc/int.h> and <isc/result.h>.
7771 138. [cleanup] isc_strtouq moved from str.[ch] to string.[ch] and
7772 renamed isc_string_touint64. isc_strsep moved from
7773 strsep.c to string.c and renamed isc_string_separate.
7775 137. [cleanup] <isc/commandline.h>, <isc/mem.h>, <isc/print.h>
7776 <isc/serial.h>, <isc/string.h> and <isc/offset.h>
7777 made to conform to the same style for multiple
7778 inclusion protection.
7780 136. [cleanup] <isc/commandline.h>, <isc/interfaceiter.h>,
7781 <isc/net.h> and Win32's <isc/thread.h> needed
7782 ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS.
7784 135. [cleanup] Win32's <isc/condition.h> did not need <isc/result.h>
7785 or <isc/boolean.h>, now uses <isc/types.h> in place
7786 of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
7787 and ISC_LANG_ENDDECLS.
7789 134. [cleanup] <isc/dir.h> does not need <limits.h>.
7791 133. [cleanup] <isc/ipv6.h> needs <isc/platform.h>.
7793 132. [cleanup] <isc/app.h> does not need <isc/task.h>, but does
7794 need <isc/eventclass.h>.
7796 131. [cleanup] <isc/mutex.h> and <isc/util.h> need <isc/result.h>
7797 for ISC_R_* codes used in macros.
7799 130. [cleanup] <isc/condition.h> does not need <pthread.h> or
7800 <isc/boolean.h>, and now includes <isc/types.h>
7801 instead of <isc/time.h>.
7803 129. [bug] The 'default_debug' log channel was not set up when
7804 'category default' was present in the config file
7806 128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
7807 ISC_LANG_ENDDECLS at end of header.
7809 127. [cleanup] The contracts for the comparison routines
7810 dns_name_fullcompare(), dns_name_compare(),
7811 dns_name_rdatacompare(), and dns_rdata_compare() now
7812 specify that the order value returned is < 0, 0, or > 0
7813 instead of -1, 0, or 1.
7815 126. [cleanup] <isc/quota.h> and <isc/taskpool.h> need <isc/lang.h>.
7817 125. [cleanup] <isc/eventclass.h>, <isc/ipv6.h>, <isc/magic.h>,
7818 <isc/mutex.h>, <isc/once.h>, <isc/region.h>, and
7819 <isc/resultclass.h> do not need <isc/lang.h>.
7821 124. [func] signer now imports parent's zone key signature
7822 and creates null keys/sets zone status bit for
7823 children when necessary
7825 123. [cleanup] <isc/event.h> does not need <stddef.h>.
7827 122. [cleanup] <isc/task.h> does not need <isc/mem.h> or
7830 121. [cleanup] <isc/symtab.h> does not need <isc/mem.h> or
7831 <isc/result.h>. Multiple inclusion protection
7832 symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H.
7833 isc_symtab_t moved to <isc/types.h>.
7835 120. [cleanup] <isc/socket.h> does not need <isc/boolean.h>,
7836 <isc/bufferlist.h>, <isc/task.h>, <isc/mem.h> or
7839 119. [cleanup] structure definitions for generic rdata structures do
7840 not have _generic_ in their names.
7842 118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
7843 YACC crust (yyparse, etc) [2000-apr-27 explorer]
7845 117. [cleanup] libdns.a changes:
7846 dns_zone_clearnotify() and dns_zone_addnotify()
7847 are replaced by dns_zone_setnotifyalso().
7848 dns_zone_clearmasters() and dns_zone_addmaster()
7849 are replaced by dns_zone_setmasters().
7851 116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
7854 115. [port] Shut up the -Wmissing-declarations warning about
7855 <stdio.h>'s __sputaux on BSD/OS pre-4.1.
7857 114. [cleanup] <isc/sockaddr.h> does not need <isc/buffer.h> or
7860 113. [func] Utility programs dig and host added.
7862 112. [cleanup] <isc/serial.h> does not need <isc/boolean.h>.
7864 111. [cleanup] <isc/rwlock.h> does not need <isc/result.h> or
7867 110. [cleanup] <isc/result.h> does not need <isc/boolean.h> or
7870 109. [bug] "make depend" did nothing for
7871 bin/tests/{db,mem,sockaddr,tasks,timers}/.
7873 108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
7874 <dns/types.h> to <dns/bit.h> and renamed to
7875 DNS_BIT_SET/DNS_BIT_GET/DNS_BIT_CLEAR.
7877 107. [func] Add keysigner and keysettool.
7879 106. [func] Allow dnssec verifications to ignore the validity
7880 period. Used by several of the dnssec tools.
7882 105. [doc] doc/dev/coding.html expanded with other
7883 implicit conventions the developers have used.
7885 104. [bug] Made compress_add and compress_find static to
7888 103. [func] libisc buffer API changes for <isc/buffer.h>:
7890 isc_buffer_base(b) (pointer)
7891 isc_buffer_current(b) (pointer)
7892 isc_buffer_active(b) (pointer)
7893 isc_buffer_used(b) (pointer)
7894 isc_buffer_length(b) (int)
7895 isc_buffer_usedlength(b) (int)
7896 isc_buffer_consumedlength(b) (int)
7897 isc_buffer_remaininglength(b) (int)
7898 isc_buffer_activelength(b) (int)
7899 isc_buffer_availablelength(b) (int)
7901 ISC_BUFFER_USEDCOUNT(b)
7902 ISC_BUFFER_AVAILABLECOUNT(b)
7905 isc_buffer_used(b, r) ->
7906 isc_buffer_usedregion(b, r)
7907 isc_buffer_available(b, r) ->
7908 isc_buffer_available_region(b, r)
7909 isc_buffer_consumed(b, r) ->
7910 isc_buffer_consumedregion(b, r)
7911 isc_buffer_active(b, r) ->
7912 isc_buffer_activeregion(b, r)
7913 isc_buffer_remaining(b, r) ->
7914 isc_buffer_remainingregion(b, r)
7916 Buffer types were removed, so the ISC_BUFFERTYPE_*
7917 macros are no more, and the type argument to
7918 isc_buffer_init and isc_buffer_allocate were removed.
7919 isc_buffer_putstr is now void (instead of isc_result_t)
7920 and requires that the caller ensure that there
7921 is enough available buffer space for the string.
7923 102. [port] Correctly detect inet_aton, inet_pton and inet_ptop
7926 101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
7928 100. [cleanup] <isc/random.h> does not need <isc/int.h> or
7929 <isc/mutex.h>. isc_random_t moved to <isc/types.h>.
7931 99. [cleanup] Rate limiter now has separate shutdown() and
7932 destroy() functions, and it guarantees that all
7933 queued events are delivered even in the shutdown case.
7935 98. [cleanup] <isc/print.h> does not need <stdarg.h> or <stddef.h>
7936 unless ISC_PLATFORM_NEEDVSNPRINTF is defined.
7938 97. [cleanup] <isc/ondestroy.h> does not need <stddef.h> or
7941 96. [cleanup] <isc/mutex.h> does not need <isc/result.h>.
7943 95. [cleanup] <isc/mutexblock.h> does not need <isc/result.h>.
7945 94. [cleanup] Some installed header files did not compile as C++.
7947 93. [cleanup] <isc/msgcat.h> does not need <isc/result.h>.
7949 92. [cleanup] <isc/mem.h> does not need <stddef.h>, <isc/boolean.h>,
7952 91. [cleanup] <isc/log.h> does not need <sys/types.h> or
7955 90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
7956 from <named/listenlist.h>.
7958 89. [cleanup] <isc/lex.h> does not need <stddef.h>.
7960 88. [cleanup] <isc/interfaceiter.h> does not need <isc/result.h> or
7961 <isc/mem.h>. isc_interface_t and isc_interfaceiter_t
7962 moved to <isc/types.h>.
7964 87. [cleanup] <isc/heap.h> does not need <isc/boolean.h>,
7965 <isc/mem.h> or <isc/result.h>.
7967 86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
7970 85. [cleanup] <isc/bufferlist.h> does not need <isc/buffer.h>,
7971 <isc/list.h>, <isc/mem.h>, <isc/region.h> or
7974 84. [func] allow-query ACL checks now apply to all data
7975 added to a response.
7977 83. [func] If the server is authoritative for both a
7978 delegating zone and its (nonsecure) delegatee, and
7979 a query is made for a KEY RR at the top of the
7980 delegatee, then the server will look for a KEY
7981 in the delegator if it is not found in the delegatee.
7983 82. [cleanup] <isc/buffer.h> does not need <isc/list.h>.
7985 81. [cleanup] <isc/int.h> and <isc/boolean.h> do not need
7988 80. [cleanup] <isc/print.h> does not need <stdio.h> or <stdlib.h>.
7990 79. [cleanup] <dns/callbacks.h> does not need <stdio.h>.
7992 78. [cleanup] lwres_conftest renamed to lwresconf_test for
7993 consistency with other *_test programs.
7995 77. [cleanup] typedef of isc_time_t and isc_interval_t moved from
7996 <isc/time.h> to <isc/types.h>.
7998 76. [cleanup] Rewrote keygen.
8000 75. [func] Don't load a zone if its database file is older
8001 than the last time the zone was loaded.
8003 74. [cleanup] Removed mktemplate.o and ufile.o from libisc.a,
8006 73. [func] New "file" API in libisc, including new function
8007 isc_file_getmodtime, isc_mktemplate renamed to
8008 isc_file_mktemplate and isc_ufile renamed to
8009 isc_file_openunique. By no means an exhaustive API,
8010 it is just what's needed for now.
8012 72. [func] DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS
8013 added for dns_rbt_findnode, the former to disable the
8014 setting of the chain to the predecessor, and the
8015 latter to make clear when no options are set.
8017 71. [cleanup] Made explicit the implicit REQUIREs of
8018 isc_time_seconds, isc_time_nanoseconds, and
8021 70. [func] isc_time_set() added.
8023 69. [bug] The zone object's master and also-notify lists grew
8024 longer with each server reload.
8026 68. [func] Partial support for SIG(0) on incoming messages.
8028 67. [performance] Allow use of alternate (compile-time supplied)
8029 OpenSSL libraries/headers.
8031 66. [func] Data in authoritative zones should have a trust level
8034 65. [cleanup] Removed obsolete typedef of dns_zone_callbackarg_t
8037 64. [func] The RBT, DB, and zone table APIs now allow the
8038 caller find the most-enclosing superdomain of
8041 63. [func] Generate NOTIFY messages.
8043 62. [func] Add UDP refresh support.
8045 61. [cleanup] Use single quotes consistently in log messages.
8047 60. [func] Catch and disallow singleton types on message
8050 59. [bug] Cause net/host unreachable to be a hard error
8051 when sending and receiving.
8053 58. [bug] bin/named/query.c could sometimes trigger the
8054 (client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
8055 == 0 assertion in query_newname().
8057 57. [func] Added dns_nxt_typepresent()
8059 56. [bug] SIG records were not properly returned in cached
8062 55. [bug] Responses containing multiple names in the authority
8063 section were not negatively cached.
8065 54. [bug] If a fetch with sigrdataset==NULL joined one with
8066 sigrdataset!=NULL or vice versa, the resolver
8067 could catch an assertion or lose signature data,
8070 53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
8073 52. [bug] rndc: taskmgr and socketmgr were not initialized
8076 51. [cleanup] dns/compress.h and dns/zt.h did not need to include
8077 dns/rbt.h; it was needed only by compress.c and zt.c.
8079 50. [func] RBT deletion no longer requires a valid chain to work,
8080 and dns_rbt_deletenode was added.
8082 49. [func] Each cache now has its own mctx.
8084 48. [func] isc_task_create() no longer takes an mctx.
8085 isc_task_mem() has been eliminated.
8087 47. [func] A number of modules now use memory context reference
8090 46. [func] Memory contexts are now reference counted.
8091 Added isc_mem_inuse() and isc_mem_preallocate().
8092 Renamed isc_mem_destroy_check() to
8093 isc_mem_setdestroycheck().
8095 45. [bug] The trusted-key statement incorrectly loaded keys.
8097 44. [bug] Don't include authority data if it would force us
8098 to unset the AD bit in the message.
8100 43. [bug] DNSSEC verification of cached rdatasets was failing.
8102 42. [cleanup] Simplified logging of messages with embedded domain
8103 names by introducing a new convenience function
8106 41. [func] Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later
8107 to allow 'named' to run as a non-root user while
8108 retaining the ability to bind() to privileged
8111 40. [func] Introduced new logging category "dnssec" and
8112 logging module "dns/validator".
8114 39. [cleanup] Moved the typedefs for isc_region_t, isc_textregion_t,
8115 and isc_lex_t to <isc/types.h>.
8117 38. [bug] TSIG signed incoming zone transfers work now.
8119 37. [bug] If the first RR in an incoming zone transfer was
8120 not an SOA, the server died with an assertion failure
8121 instead of just reporting an error.
8123 36. [cleanup] Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS
8125 35. [performance] Log messages which are of a level too high to be
8126 logged by any channel in the logging configuration
8127 will not cause the log mutex to be locked.
8129 34. [bug] Recursion was allowed even with 'recursion no'.
8131 33. [func] The RBT now maintains a parent pointer at each node.
8133 32. [cleanup] bin/lwresd/client.c needs <string.h> for memset()
8136 31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
8138 30. [func] config file grammar change to support optional
8139 class type for a view.
8141 29. [func] support new config file view options:
8143 auth-nxdomain recursion query-source
8144 query-source-v6 transfer-source
8145 transfer-source-v6 max-transfer-time-out
8146 max-transfer-idle-out transfer-format
8147 request-ixfr provide-ixfr cleaning-interval
8148 fetch-glue notify rfc2308-type1 lame-ttl
8149 max-ncache-ttl min-roots
8151 28. [func] support lame-ttl, min-roots and serial-queries
8152 config global options.
8154 27. [bug] Only include <netinet6/in6.h> on BSD/OS 4.[01]*.
8155 Including it on other platforms (eg, NetBSD) can
8156 cause a forced #error from the C preprocessor.
8158 26. [func] new match-clients statement in config file view.
8160 25. [bug] make install failed to install <isc/log.h> and
8163 24. [cleanup] Eliminate some unnecessary #includes of header
8164 files from header files.
8166 23. [cleanup] Provide more context in log messages about client
8167 requests, using a new function ns_client_log().
8169 22. [bug] SIGs weren't returned in the answer section when
8170 the query resulted in a fetch.
8172 21. [port] Look at STD_CINCLUDES after CINCLUDES during
8173 compilation, so additional system include directories
8174 can be searched but header files in the bind9 source
8175 tree with conflicting names take precedence. This
8176 avoids issues with installed versions of dnssafe and
8179 20. [func] Configuration file post-load validation of zones
8180 failed if there were no zones.
8182 19. [bug] dns_zone_notifyreceive() failed to unlock the zone
8183 lock in certain error cases.
8185 18. [bug] Use AC_TRY_LINK rather than AC_TRY_COMPILE in
8186 configure.in to check for presence of in6addr_any.
8188 17. [func] Do configuration file post-load validation of zones.
8190 16. [bug] put quotes around key names on config file
8191 output to avoid possible keyword clashes.
8193 15. [func] Add dns_name_dupwithoffsets(). This function is
8194 improves comparison performance for duped names.
8196 14. [bug] free_rbtdb() could have 'put' unallocated memory in
8197 an unlikely error path.
8199 13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore
8202 12. [bug] Fixed possible uninitialized variable error.
8204 11. [bug] axfr_rrstream_first() didn't check the result code of
8205 db_rr_iterator_first(), possibly causing an assertion
8206 to be triggered later.
8208 10. [bug] A bug in the code which makes EDNS0 OPT records in
8209 bin/named/client.c and lib/dns/resolver.c could
8210 trigger an assertion.
8212 9. [cleanup] replaced bit-setting code in confctx.c and replaced
8213 repeated code with macro calls.
8215 8. [bug] Shutdown of incoming zone transfer accessed
8218 7. [cleanup] removed 'listen-on' from view statement.
8220 6. [bug] quote RR names when generating config file to
8221 prevent possible clash with config file keywords
8224 5. [func] syntax change to named.conf file: new ssu grant/deny
8225 statements must now be enclosed by an 'update-policy'
8228 4. [port] bin/named/unix/os.c didn't compile on systems with
8229 linux 2.3 kernel includes due to conflicts between
8230 C library includes and the kernel includes. We now
8231 get only what we need from <linux/capability.h>, and
8232 avoid pulling in other linux kernel .h files.
8234 3. [bug] TKEYs go in the answer section of responses, not
8235 the additional section.
8237 2. [bug] Generating cryptographic randomness failed on
8238 systems without /dev/random.
8240 1. [bug] The installdirs rule in
8241 lib/isc/unix/include/isc/Makefile.in had a typo which
8242 prevented the isc directory from being created if it
8245 --- 9.0.0b2 released ---
8247 # This tells Emacs to use hard tabs in this file.
8249 # indent-tabs-mode: t